--- version: '3.7' services: traefik: image: "traefik:v3.1.0" container_name: "traefik" command: # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/traefikconfig" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" # HTTP-to-HTTPS Redirect - "--entryPoints.web.http.redirections.entryPoint.to=websecure" - "--entryPoints.web.http.redirections.entryPoint.scheme=https" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.email=${EMAIL}" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--metrics.prometheus=true" - "--log.format=json" ports: - "80:80" - "443:443" - "8080:8080" extra_hosts: - host.docker.internal:172.17.0.1 volumes: - "${CONFIG}/traefik/letsencrypt:/letsencrypt" - "${CONFIG}/traefik/configs:/traefikconfig" - "/var/run/docker.sock:/var/run/docker.sock:ro" labels: - "traefik.enable=true" # google oauth - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" #rate limiting - "traefik.http.middlewares.home-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50" #http - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" #chain the middlewares to create a "secured" one - "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,forward-auth" - "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit" # traefik dashboard rules - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls=true" - "traefik.http.services.traefik.loadbalancer.server.port=8080" - "traefik.http.routers.traefik.tls.certresolver=myresolver" # dont autoupdate traefik container - "com.centurylinklabs.watchtower.enable=false" # flame dashboard - "flame.type=application" - "flame.name=traefik" - "flame.icon=arrow-decision-outline" - "flame.url=https://traefik.${DOMAIN}" - "kuma.traefik.http.name=Traefik" - "kuma.traefik.http.url=http://${LOCAL_IP}:8080" oauth: image: thomseddon/traefik-forward-auth:latest container_name: oauth environment: - CLIENT_ID=$GOOGLE_CLIENT_ID - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET - SECRET=$OAUTH_SECRET - COOKIE_DOMAIN=$DOMAIN - INSECURE_COOKIE=false - AUTH_HOST=oauth.$DOMAIN - URL_PATH=/_oauth - WHITELIST=$EMAIL - LOG_LEVEL=info - LOG_FORMAT=text - LIFETIME=2592000 # 30 days labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.oauth-rtr.entrypoints=websecure" - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)" - "traefik.http.routers.oauth-rtr.tls=true" ## HTTP Services - "traefik.http.routers.oauth-rtr.service=oauth-svc" - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" - "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver" ## Middlewares - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" - "traefik.http.routers.oauth-rtr.middlewares=forward-auth" restart: unless-stopped watchtower: image: containrrr/watchtower container_name: watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - PGID - PUID - TZ - WATCHTOWER_CLEANUP=true command: --schedule "9 0 6 * * *" --cleanup restart: unless-stopped ddclient: image: linuxserver/ddclient container_name: ddclient volumes: - ${CONFIG}/ddclient:/config environment: - PGID - PUID - TZ restart: unless-stopped sabnzbd: image: linuxserver/sabnzbd:latest container_name: sabnzbd #network_mode: service:transmission-vpn ports: - "8081:8080" volumes: - ${CONFIG}/sabnzbd:/config - ${DOWNLOAD}:/downloads environment: - PUID - PGID - TZ - UMASK_SET=002 labels: - "traefik.enable=true" - "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)" - "traefik.http.routers.sab.entrypoints=websecure" - "traefik.http.routers.sab.tls=true" - "traefik.http.routers.sab.tls.certresolver=myresolver" - "traefik.http.routers.sab.middlewares=secured" #- "traefik.http.services.sab-svc.loadbalancer.server.port=8080" - "flame.type=application" - "flame.name=sabnzbd" - "flame.url=https://sab.${DOMAIN}" - "flame.icon=download-outline" - "kuma.sab.http.name=Sabnzb" - "kuma.sab.http.url=http://${LOCAL_IP}:8081" restart: unless-stopped sonarr: image: linuxserver/sonarr:latest container_name: sonarr ports: - "8989:8989" volumes: - ${CONFIG}/sonarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)" - "traefik.http.routers.sonarr.entrypoints=websecure" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.tls.certresolver=myresolver" - "traefik.http.routers.sonarr.middlewares=secured" - "flame.type=application" - "flame.name=sonarr" - "flame.url=https://sonarr.${DOMAIN}" - "flame.icon=television-classic" - "kuma.sonarr.http.name=Sonarr" - "kuma.sonarr.http.url=http://${LOCAL_IP}:8989" restart: unless-stopped radarr: image: linuxserver/radarr:latest container_name: radarr ports: - "7878:7878" volumes: - ${CONFIG}/radarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)" - "traefik.http.routers.radarr.entrypoints=websecure" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.tls.certresolver=myresolver" - "traefik.http.routers.radarr.middlewares=secured" - "flame.type=application" - "flame.name=radarr" - "flame.url=https://radarr.${DOMAIN}" - "flame.icon=movie-open-settings" - "kuma.radarr.http.name=Radarr" - "kuma.radarr.http.url=http://${LOCAL_IP}:7878" restart: unless-stopped prowlarr: image: linuxserver/prowlarr:latest container_name: prowlarr #network_mode: service:transmission-vpn ports: - "9696:9696" volumes: - ${CONFIG}/prowlarr:/config environment: - PUID - PGID - TZ - UMASK_SET=002 labels: - "traefik.enable=true" - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)" - "traefik.http.routers.prowlarr.entrypoints=websecure" - "traefik.http.routers.prowlarr.tls=true" - "traefik.http.routers.prowlarr.tls.certresolver=myresolver" - "traefik.http.routers.prowlarr.middlewares=secured" - "flame.type=application" - "flame.name=prowlarr" - "flame.url=https://prowlarr.${DOMAIN}" - "flame.icon=download-outline" - "kuma.prowlarr.http.name=Prowlarr" - "kuma.prowlarr.http.url=http://${LOCAL_IP}:9696" restart: unless-stopped nzbhydra: image: linuxserver/nzbhydra2:latest container_name: nzbhydra ports: - "5076:5076" volumes: - ${CONFIG}/nzbhydra2:/config - ${DOWNLOAD}:/downloads environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.hydra.rule=Host(`hydra.${DOMAIN}`)" - "traefik.http.routers.hydra.entrypoints=websecure" - "traefik.http.routers.hydra.tls=true" - "traefik.http.routers.hydra.tls.certresolver=myresolver" - "traefik.http.routers.hydra.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=hydra" - "flame.url=https://hydra.${DOMAIN}" - "flame.icon=spider" - "kuma.hydra.http.name=Nzbhydra" - "kuma.hydra.http.url=http://${LOCAL_IP}:5076" restart: unless-stopped jellyfin: image: jellyfin/jellyfin container_name: jellyfin restart: unless-stopped ports: - "8096:8096" - "8921:8920" environment: - PGID - PUID - TZ volumes: - ${CONFIG}/jellyfin:/config - ./cache/jellyfin:/cache - ${DATA}:/media labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" - "traefik.http.routers.jellyfin.entrypoints=websecure" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls.certresolver=myresolver" - "traefik.http.routers.jellyfin.middlewares=secured-no-oauth" - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" - "flame.type=application" - "flame.name=jellyfin" - "flame.url=https://jellyfin.${DOMAIN}" - "flame.icon=jellyfish-outline" - "kuma.jellyfin.http.name=Jellyfin" - "kuma.jellyfin.http.url=http://${LOCAL_IP}:8096" flame: image: pawelmalak/flame container_name: flame volumes: - ${CONFIG}/flame:/app/data - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration ports: - 5005:5005 environment: - PASSWORD=$ADMINPWD restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.flame.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.flame.entrypoints=websecure" - "traefik.http.routers.flame.tls=true" - "traefik.http.routers.flame.tls.certresolver=myresolver" - "traefik.http.routers.flame.middlewares=secured" - "kuma.flame.http.name=Flame" - "kuma.flame.http.url=http://${LOCAL_IP}:5005" pyload: image: lscr.io/linuxserver/pyload-ng container_name: pyload environment: - PGID - PUID - TZ volumes: - ${CONFIG}/pyload/config:/config - ${DOWNLOAD}:/downloads ports: - 8005:8000 - 9666:9666 labels: - "traefik.enable=true" - "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)" - "traefik.http.routers.pyload.entrypoints=websecure" - "traefik.http.routers.pyload.tls=true" - "traefik.http.routers.pyload.tls.certresolver=myresolver" - "traefik.http.routers.pyload.middlewares=secured" - "flame.type=application" - "flame.name=pyload" - "flame.url=https://pyload.${DOMAIN}" - "flame.icon=file-download-outline" - "kuma.pyload.http.name=Pyload" - "kuma.pyload.http.url=http://${LOCAL_IP}:8005" restart: unless-stopped # duplicati: # image: linuxserver/duplicati # container_name: duplicati # environment: # - PGID # - PUID # - TZ # #- CLI_ARGS= #optional # volumes: # - ${CONFIG}/duplicati:/config # - /:/nas # ports: # - 8200:8200 # labels: # - "traefik.enable=true" # - "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)" # - "traefik.http.routers.duplicati.entrypoints=websecure" # - "traefik.http.routers.duplicati.tls=true" # - "traefik.http.routers.duplicati.tls.certresolver=myresolver" # - "traefik.http.routers.duplicati.middlewares=secured" # restart: unless-stopped # metube: # image: alexta69/metube # container_name: metube # restart: unless-stopped # user: "1001:1001" # ports: # - "8084:8081" # volumes: # - ${DOWNLOAD}:/downloads # labels: # - "traefik.enable=true" # - "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)" # - "traefik.http.routers.metube.entrypoints=websecure" # - "traefik.http.routers.metube.tls=true" # - "traefik.http.routers.metube.tls.certresolver=myresolver" # - "traefik.http.routers.metube.middlewares=secured" # - "flame.type=application" # - "flame.name=metube" # - "flame.url=https://metube.${DOMAIN}" # - "flame.icon=youtube-subscription" # - "kuma.metube.http.name=Metube" # - "kuma.metube.http.url=http://${LOCAL_IP}:8084" qbittorrent: image: lscr.io/linuxserver/qbittorrent container_name: qbittorrent environment: - PUID - PGID - TZ - WEBUI_PORT=8085 volumes: - ${CONFIG}/qbitorrent:/config - ${DOWNLOAD}/Torrents:/downloads ports: - 8085:8085 - 6881:6881 - 6881:6881/udp restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)" - "traefik.http.routers.qbittorrent.entrypoints=websecure" - "traefik.http.routers.qbittorrent.tls=true" - "traefik.http.routers.qbittorrent.tls.certresolver=myresolver" - "traefik.http.routers.qbittorrent.middlewares=secured" - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085" - "flame.type=application" - "flame.name=qbittorrent" - "flame.url=https://qbittorrent.${DOMAIN}" - "flame.icon=folder-download" - "kuma.qbitorrent.http.name=Qbitorrent" - "kuma.qbitorrent.http.url=http://${LOCAL_IP}:8085" code-server: image: lscr.io/linuxserver/code-server:latest container_name: code-server environment: - PUID - PGID - TZ - DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional volumes: - ${CONFIG}/codeServer:/config - /:/nas ports: - 10543:8443 labels: - "traefik.enable=true" - "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)" - "traefik.http.routers.code-server.entrypoints=websecure" - "traefik.http.routers.code-server.tls=true" - "traefik.http.routers.code-server.tls.certresolver=myresolver" - "traefik.http.routers.code-server.middlewares=secured" - "flame.type=application" - "flame.name=code-server" - "flame.icon=code-braces" - "flame.url=https://code-server.${DOMAIN}" - "kuma.code-server.http.name=VSCode" - "kuma.code-server.http.url=http://${LOCAL_IP}:10543" restart: unless-stopped freshrss: image: linuxserver/freshrss:latest container_name: freshrss environment: - PUID - PGID - TZ volumes: - ${CONFIG}/freshrss:/config ports: - 10180:80 labels: - "traefik.enable=true" - "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)" - "traefik.http.routers.freshrss.entrypoints=websecure" - "traefik.http.routers.freshrss.tls=true" - "traefik.http.routers.freshrss.tls.certresolver=myresolver" - "traefik.http.routers.freshrss.middlewares=secured" - "flame.type=application" - "flame.name=freshrss" - "flame.url=https://freshrss.${DOMAIN}" - "flame.icon=rss-box" - "kuma.freshrss.http.name=Prowlarr" - "kuma.freshrss.http.url=http://${LOCAL_IP}:10180" restart: unless-stopped prometheus: image: prom/prometheus:v2.42.0 container_name: prometheus hostname: prometheus user: root restart: unless-stopped depends_on: - cadvisor command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--storage.tsdb.retention.time=7d' - '--web.enable-lifecycle' volumes: - ${DATA}/prometheus_data:/prometheus - ${CONFIG}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml expose: - "9090" labels: - "traefik.enable=true" - "traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)" - "traefik.http.routers.prometheus.entrypoints=websecure" - "traefik.http.routers.prometheus.tls=true" - "traefik.http.routers.prometheus.tls.certresolver=myresolver" - "traefik.http.routers.prometheus.middlewares=secured" - "org.label-schema.group=monitoring" - "flame.type=application" - "flame.name=prometheus" - "flame.url=https://prometheus.${DOMAIN}" - "flame.icon=state-machine" # WEB BASED UI VISUALISATION OF METRICS grafana: image: grafana/grafana:9.4.3 container_name: grafana hostname: grafana user: root restart: unless-stopped env_file: .env volumes: - ${CONFIG}/grafana_data:/var/lib/grafana expose: - "3000" labels: - "traefik.enable=true" - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)" - "traefik.http.routers.grafana.entrypoints=websecure" - "traefik.http.routers.grafana.tls=true" - "traefik.http.routers.grafana.tls.certresolver=myresolver" - "traefik.http.routers.grafana.middlewares=secured" - "org.label-schema.group=monitoring" - "flame.type=application" - "flame.name=grafana" - "flame.url=https://grafana.${DOMAIN}" - "flame.icon=chart-multiple" - "kuma.grafana.http.name=Grafana" - "kuma.grafana.http.url=http://${LOCAL_IP}:3000" # HOST LINUX MACHINE METRICS EXPORTER nodeexporter: image: prom/node-exporter:v1.5.0 container_name: nodeexporter hostname: nodeexporter restart: unless-stopped command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro expose: - "9100" labels: org.label-schema.group: "monitoring" # DOCKER CONTAINERS METRICS EXPORTER cadvisor: image: gcr.io/cadvisor/cadvisor:latest container_name: cadvisor hostname: cadvisor restart: unless-stopped privileged: true devices: - /dev/kmsg:/dev/kmsg volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker:/var/lib/docker:ro - /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux - /dev/disk/:/dev/disk:ro ports: - 8088:8080 labels: org.label-schema.group: "monitoring" uptimekuma: image: louislam/uptime-kuma:latest container_name: uptimekuma environment: - PUID - PGID - TZ volumes: - ${DATA}/uptimekuma:/app/data ports: - 3001:3001 restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.${DOMAIN}`)" - "traefik.http.routers.uptimekuma.entrypoints=websecure" - "traefik.http.routers.uptimekuma.tls=true" - "traefik.http.routers.uptimekuma.tls.certresolver=myresolver" - "traefik.http.routers.uptimekuma.middlewares=secured" - "flame.type=application" - "flame.name=uptimekuma" - "flame.url=https://uptimekuma.${DOMAIN}" - "flame.icon=bottle-tonic-plus-outline" autokuma: image: ghcr.io/bigboot/autokuma:latest container_name: autokuma restart: unless-stopped environment: AUTOKUMA__KUMA__URL: http://$LOCAL_IP:3001 AUTOKUMA__KUMA__USERNAME: $UPTIME_KUMA_LOGIN AUTOKUMA__KUMA__PASSWORD: $UPTIME_KUMA_PASSWORD volumes: - /var/run/docker.sock:/var/run/docker.sock:ro syncthing: image: lscr.io/linuxserver/syncthing:latest container_name: syncthing hostname: syncthing #optional environment: - PUID - PGID - TZ volumes: - ${CONFIG}/syncthing:/config - ${DATA}:/nas ports: - 8384:8384 - 22000:22000/tcp - 22000:22000/udp - 21027:21027/udp restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)" - "traefik.http.routers.syncthing.entrypoints=websecure" - "traefik.http.routers.syncthing.tls=true" - "traefik.http.routers.syncthing.tls.certresolver=myresolver" - "traefik.http.routers.syncthing.middlewares=secured" - "flame.type=application" - "flame.name=syncthing" - "flame.url=https://syncthing.${DOMAIN}" - "flame.icon=sync" - "kuma.syncthing.http.name=Synthings" - "kuma.syncthing.http.url=http://${LOCAL_IP}:8384" snapdrop: image: lscr.io/linuxserver/snapdrop:latest container_name: snapdrop environment: - PUID - PGID - TZ volumes: - ${CONFIG}/snapdrop:/config ports: - 8087:80 restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.snapdrop.rule=Host(`snapdrop.${DOMAIN}`)" - "traefik.http.routers.snapdrop.entrypoints=web" - "traefik.http.routers.snapdrop.tls=true" - "traefik.http.routers.snapdrop.tls.certresolver=myresolver" - "traefik.http.routers.snapdrop.middlewares=secured" - "flame.type=application" - "flame.name=snapdrop" - "flame.url=https://snapdrop.${DOMAIN}" - "flame.icon=share-variant-outline" - "kuma.snapdrop.http.name=Snapdrop" - "kuma.snapdrop.http.url=http://${LOCAL_IP}:8087" # vrising: # image: trueosiris/vrising # container_name: vrising # environment: # - TZ=Europe/Paris # - SERVERNAME=vrisingAthaliar # volumes: # - '${CONFIG}/vrising/server:/mnt/vrising/server:rw' # - '${DATA}/vrising/data:/mnt/vrising/persistentdata:rw' # ports: # - 9876:9876/udp # - 9877:9877/udp # restart: unless-stopped # labels: # - "traefik.enable=true" # - "traefik.http.routers.vrising.rule=Host(`vrising.${DOMAIN}`)" # - "traefik.http.routers.vrising.entrypoints=web" # - "traefik.http.routers.vrising.tls=true" # - "traefik.http.routers.vrising.tls.certresolver=myresolver" # - "traefik.http.routers.vrising.middlewares=secured" mealie: image: ghcr.io/mealie-recipes/mealie:nightly container_name: mealie ports: - 9925:3000 - 9000:9000 volumes: - ${CONFIG}/mealie:/app/data/ environment: - ALLOW_SIGNUP=true - PUID - PGID - TZ - BASE_URL=https://mealie.${DOMAIN} restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)" - "traefik.http.routers.mealie.entrypoints=websecure" - "traefik.http.routers.mealie.tls=true" - "traefik.http.routers.mealie.tls.certresolver=myresolver" - "traefik.http.routers.mealie.middlewares=secured" - "traefik.http.services.mealie.loadbalancer.server.port=9000" - "flame.type=application" - "flame.name=mealie" - "flame.url=https://mealie.${DOMAIN}" - "flame.icon=noodles" - BASE_URL=https://mealie.${DOMAIN} - "kuma.mealie.http.name=Mealie" - "kuma.mealie.http.url=http://${LOCAL_IP}:9000" # for icons: https://mdi.bessarabov.com/ apprise: image: caronc/apprise container_name: apprise ports: - 8006:8000 volumes: - ${CONFIG}/apprise:/app/data/ environment: - PUID - PGID - TZ restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.apprise.rule=Host(`apprise.${DOMAIN}`)" - "traefik.http.routers.apprise.entrypoints=websecure" - "traefik.http.routers.apprise.tls=true" - "traefik.http.routers.apprise.tls.certresolver=myresolver" - "traefik.http.routers.apprise.middlewares=secured" - "flame.type=application" - "flame.name=apprise" - "flame.url=https://apprise.${DOMAIN}" - "flame.icon=bell" - BASE_URL=https://apprise.${DOMAIN} - "kuma.apprise.http.name=Apprise" - "kuma.apprise.http.url=http://${LOCAL_IP}:8006" gluetun: image: qmcgaw/gluetun # container_name: gluetun # line above must be uncommented to allow external containers to connect. # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun restart: unless-stopped cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp # HTTP proxy - 8388:8388/tcp # Shadowsocks - 8388:8388/udp # Shadowsocks volumes: - ${CONFIG}/gluetun:/gluetun environment: # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup - VPN_SERVICE_PROVIDER=protonvpn - VPN_TYPE=openvpn # OpenVPN: - OPENVPN_USER=$PROTON_OVPN_USERNAME - OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD # Wireguard: # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # - WIREGUARD_ADDRESSES=10.64.222.21/32 # Timezone for accurate log times - TZ # Server list updater # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list - HTTPPROXY=on - SERVER_COUNTRIES=Bulgaria dockerproxy: image: ghcr.io/tecnativa/docker-socket-proxy:latest container_name: dockerproxy environment: - CONTAINERS=1 # Allow access to viewing containers # - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm) # - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm) - POST=0 # Disallow any POST operations (effectively read-only) ports: - 127.0.0.1:2375:2375 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only restart: unless-stopped wg-easy: image: weejewel/wg-easy container_name: wg-easy volumes: - ${CONFIG}/wg-easy:/etc/wireguard ports: - "51820:51820/udp" - "51821:51821/tcp" restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 environment: - TZ - PUID - PGID - WG_HOST=wg.${DOMAIN} labels: - "traefik.enable=true" - "traefik.http.routers.wg.rule=Host(`wg.${DOMAIN}`)" - "traefik.http.routers.wg.entrypoints=web" - "traefik.http.routers.wg.tls=true" - "traefik.http.routers.wg.tls.certresolver=myresolver" - "traefik.http.routers.wg.middlewares=secured" - "traefik.http.services.wireguard-ui.loadbalancer.server.port=51821" - "flame.type=application" - "flame.name=wg-easy" - "flame.url=https://wg.${DOMAIN}" - "flame.icon=vpn" - "kuma.wg.http.name=Prowlarr" - "kuma.wg.http.url=http://${LOCAL_IP}:51821" joal: image: anthonyraymond/joal container_name: joal restart: unless-stopped environment: - TZ - PUID - PGID volumes: - ${CONFIG}/joal:/data ports: - 9485:9485 command: - "--joal-conf=/data" - "--spring.main.web-environment=true" - "--server.port=9485" - "--joal.ui.path.prefix=joal" - "--joal.ui.secret-token=joal" audiobookshelf: image: ghcr.io/advplyr/audiobookshelf:latest container_name: audiobookshelf restart: unless-stopped ports: - 13378:80 environment: - PGID - PUID - TZ volumes: - ${DATA}/audiobookshelf/audiobooks:/audiobooks - ${DATA}/audiobookshelf/podcasts:/podcasts - ${CONFIG}/audiobookshelf/audiobooks:/config - ${DATA}/audiobookshelf/metadata:/metadata labels: - "traefik.enable=true" - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN}`)" - "traefik.http.routers.audiobookshelf.entrypoints=websecure" - "traefik.http.routers.audiobookshelf.tls=true" - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver" - "traefik.http.routers.audiobookshelf.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=audiobookshelf" - "flame.url=https://audiobookshelf.${DOMAIN}" - "flame.icon=book-open-outline" - "kuma.audiobookshelf.http.name=Prowlarr" - "kuma.audiobookshelf.http.url=http://${LOCAL_IP}:13378" calibre-web: image: lscr.io/linuxserver/calibre-web:latest container_name: calibre-web restart: unless-stopped environment: - PGID - PUID - TZ - DOCKER_MODS=linuxserver/mods:universal-calibre #optional volumes: - ${CONFIG}/calibre:/config - ${DATA}/calibre/library:/books ports: - 8083:8083 labels: - "traefik.enable=true" - "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)" - "traefik.http.routers.calibre.entrypoints=websecure" - "traefik.http.routers.calibre.tls=true" - "traefik.http.routers.calibre.tls.certresolver=myresolver" - "traefik.http.routers.calibre.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=calibre" - "flame.url=https://calibre.${DOMAIN}" - "flame.icon=book-open-outline" - "kuma.calibre.http.name=Calibre" - "kuma.calibre.http.url=http://${LOCAL_IP}:8083" dozzle: container_name: dozzle image: amir20/dozzle:latest volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - PGID - PUID - TZ ports: - 9999:8080 labels: - "traefik.enable=true" - "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)" - "traefik.http.routers.dozzle.entrypoints=websecure" - "traefik.http.routers.dozzle.tls=true" - "traefik.http.routers.dozzle.tls.certresolver=myresolver" - "traefik.http.routers.dozzle.middlewares=secured" - "flame.type=application" - "flame.name=dozzle" - "flame.url=https://dozzle.${DOMAIN}" - "flame.icon=text-long" - "kuma.dozzle.http.name=Dozzle" - "kuma.dozzle.http.url=http://${LOCAL_IP}:9999" stirling-pdf: container_name: stirling-pdf image: frooodle/s-pdf:latest ports: - 8093:8080 volumes: # - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages - ${CONFIG}/stirlingpdf:/configs # - /location/of/customFiles:/customFiles/ # - /location/of/logs:/logs/ environment: - PGID - PUID - TZ - DOCKER_ENABLE_SECURITY=false # tell docker to download security jar (required as true for auth login) - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false labels: - "traefik.enable=true" - "traefik.http.routers.stirlingpdf.rule=Host(`stirlingpdf.${DOMAIN}`)" - "traefik.http.routers.stirlingpdf.entrypoints=websecure" - "traefik.http.routers.stirlingpdf.tls=true" - "traefik.http.routers.stirlingpdf.tls.certresolver=myresolver" - "traefik.http.routers.stirlingpdf.middlewares=secured" - "flame.type=application" - "flame.name=stirlingpdf" - "flame.url=https://stirlingpdf.${DOMAIN}" - "flame.icon=file-pdf-box" - "kuma.stirlingpdf.http.name=Prowlarr" - "kuma.stirlingpdf.http.url=http://${LOCAL_IP}:8093" # satisfactory-server: # container_name: 'satisfactory-server' # hostname: 'satisfactory-server' # image: 'wolveix/satisfactory-server:latest' # ports: # - '7777:7777/udp' # - '7777:7777/tcp' # volumes: # - '${DATA}/satisfactory-server:/config' # environment: # - MAXPLAYERS=4 # - PGID # - PUID # - TZ # - ROOTLESS=false # - STEAMBETA=false # restart: unless-stopped # healthcheck: # test: [ "CMD", "bash", "/healthcheck.sh" ] # interval: 30s # timeout: 10s # retries: 3 # start_period: 120s diyhue: container_name: diyhue image: diyhue/core:latest ports: - '8089:80' - '9243:443' - '1900:1900/udp' - '2100:2100/udp' - '1982:1982/udp' volumes: - '${CONFIG}/diyhue:/opt/hue-emulator/export' environment: - PGID - PUID - TZ - IP=$LOCAL_IP - MAC=d0:50:99:85:2a:01 labels: - "traefik.enable=true" - "traefik.http.routers.diyhue.rule=Host(`diyhue.${DOMAIN}`)" - "traefik.http.routers.diyhue.entrypoints=websecure" - "traefik.http.routers.diyhue.tls=true" - "traefik.http.routers.diyhue.tls.certresolver=myresolver" - "traefik.http.routers.diyhue.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=diyhue" - "flame.url=https://diyhue.${DOMAIN}" - "flame.icon=light" - "kuma.diyhue.http.name=diyhue" - "kuma.diyhue.http.url=http://${LOCAL_IP}:8089" homarr: container_name: homarr image: ghcr.io/ajnart/homarr:latest restart: unless-stopped environment: - PGID - PUID - TZ volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${CONFIG}/homarr/configs:/app/data/configs - ${CONFIG}/homarr/icons:/app/public/icons - ${CONFIG}/homarr/data:/data ports: - '7575:7575' labels: - "traefik.enable=true" - "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)" - "traefik.http.routers.homarr.entrypoints=websecure" - "traefik.http.routers.homarr.tls=true" - "traefik.http.routers.homarr.tls.certresolver=myresolver" - "traefik.http.routers.homarr.middlewares=authentik@docker" dash: container_name: dash image: mauricenino/dashdot:latest restart: unless-stopped environment: - PGID - PUID - TZ privileged: true ports: - '3002:3001' volumes: - /etc/os-release:/mnt/host/etc/os-release:ro - /proc/1/ns/net:/mnt/host/proc/1/ns/net:ro - /mnt:/mnt/host/mnt:ro - /media:/mnt/host/media:ro - /dev:/mnt/host/dev:ro labels: - "traefik.enable=true" - "traefik.http.routers.dash.rule=Host(`dash.${DOMAIN}`)" - "traefik.http.routers.dash.entrypoints=websecure" - "traefik.http.routers.dash.tls=true" - "traefik.http.routers.dash.tls.certresolver=myresolver" - "traefik.http.routers.dash.middlewares=authentik@docker" terraforming-mars: container_name: terraforming-mars build: ./terraformingMarsRepo/terraforming-mars/ restart: unless-stopped depends_on: - mars-postgres environment: - PGID - PUID - TZ - POSTGRES_HOST=postgresql://terra:terrapw@mars-postgres:5432/terraforming-mars?sslmode=disable - NODE_ENV=production ports: - "8082:8765" security_opt: - no-new-privileges:true labels: - "traefik.enable=true" - "traefik.http.routers.terraforming-mars.rule=Host(`terraforming-mars.${DOMAIN}`)" - "traefik.http.routers.terraforming-mars.entrypoints=websecure" - "traefik.http.routers.terraforming-mars.tls=true" - "traefik.http.routers.terraforming-mars.tls.certresolver=myresolver" - "traefik.http.routers.terraforming-mars.middlewares=authentik@docker" mars-postgres: container_name: mars-postgres image: postgres:14.5 restart: unless-stopped environment: PGID: 1000 PUID: 1000 POSTGRES_USER: terra POSTGRES_PASSWORD: terrapw POSTGRES_DB: terraforming-mars volumes: - terra-db:/var/lib/postgresql/data scrutiny: container_name: scrutiny image: ghcr.io/analogj/scrutiny:master-omnibus cap_add: - SYS_RAWIO ports: - "8090:8080" # webapp - "8086:8086" # influxDB admin environment: - PGID - PUID - TZ volumes: - /run/udev:/run/udev:ro - $CONFIG/scrutiny/config:/opt/scrutiny/config - $DATA/scrutiny/influxdb:/opt/scrutiny/influxdb devices: - "/dev/sda" - "/dev/sdb" - "/dev/sdc" labels: - "traefik.enable=true" - "traefik.http.routers.scrutiny.rule=Host(`scrutiny.${DOMAIN}`)" - "traefik.http.routers.scrutiny.entrypoints=websecure" - "traefik.http.routers.scrutiny.tls=true" - "traefik.http.routers.scrutiny.tls.certresolver=myresolver" - "traefik.http.routers.scrutiny.middlewares=authentik@docker" - "traefik.http.services.scrutiny.loadbalancer.server.port=8080" ############################ Paperless START ###################### paperless-broker: container_name: paperless-broker image: docker.io/library/redis:7 restart: unless-stopped environment: - PGID - PUID - TZ volumes: - paperless_redisdata:/data paperless-db: container_name: paperless-db image: docker.io/library/postgres:16 restart: unless-stopped volumes: - paperless_pgdata:/var/lib/postgresql/data environment: PGID: 1000 PUID: 1000 TZ: Europe/Paris POSTGRES_DB: paperless POSTGRES_USER: paperless POSTGRES_PASSWORD: paperless paperless-server: container_name: paperless-server image: ghcr.io/paperless-ngx/paperless-ngx:latest restart: unless-stopped depends_on: - paperless-db - paperless-broker ports: - "8045:8000" volumes: - $DATA/paperless/data:/usr/src/paperless/data - $DATA/paperless/media:/usr/src/paperless/media - $DATA/paperless/export:/usr/src/paperless/export - $DATA/paperless/consume:/usr/src/paperless/consume environment: PAPERLESS_REDIS: redis://paperless-broker:6379 PAPERLESS_DBHOST: paperless-db PAPERLESS_URL: https://paperless.$DOMAIN PAPERLESS_OCR_LANGUAGE: fra labels: - "traefik.enable=true" - "traefik.http.routers.paperless.rule=Host(`paperless.${DOMAIN}`)" - "traefik.http.routers.paperless.entrypoints=websecure" - "traefik.http.routers.paperless.tls=true" - "traefik.http.routers.paperless.tls.certresolver=myresolver" - "traefik.http.routers.paperless.middlewares=authentik@docker" ############################ Paperless END ###################### ############################ Docmost START ###################### docmost: container_name: docmost image: docmost/docmost:latest depends_on: - docmost-db - docmost-redis environment: - PGID - PUID - TZ - APP_URL=https://docmost.${DOMAIN} - APP_SECRET=${DOCMOST_APP_SECRET} - DATABASE_URL=postgresql://docmost:123465@docmost-db:5432/docmost?schema=public - REDIS_URL=redis://docmost-redis:6379 ports: - "3003:3000" restart: unless-stopped volumes: - ${DATA}/docmost:/app/data/storage labels: - "traefik.enable=true" - "traefik.http.routers.docmost.rule=Host(`docmost.${DOMAIN}`)" - "traefik.http.routers.docmost.entrypoints=websecure" - "traefik.http.routers.docmost.tls=true" - "traefik.http.routers.docmost.tls.certresolver=myresolver" - "traefik.http.routers.docmost.middlewares=authentik@docker" docmost-db: container_name: docmost-db image: postgres:16-alpine environment: - PGID - PUID - TZ - "POSTGRES_DB=docmost" - "POSTGRES_USER=docmost" - "POSTGRES_PASSWORD=123465" restart: unless-stopped volumes: - docmost_db_data:/var/lib/postgresql/data docmost-redis: container_name: docmost-redis image: redis:7.2-alpine environment: - PGID - PUID - TZ restart: unless-stopped volumes: - docmost_redis_data:/data ############################ Docmost END ###################### ############################ Authentik START ###################### authentik-postgresql: container_name: authentik-postgresql image: docker.io/library/postgres:16-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ${CONFIG}/authentik_postgres:/var/lib/postgresql/data environment: PGID: 1000 PUID: 1000 POSTGRES_PASSWORD: ${PG_PASS} POSTGRES_USER: authentik POSTGRES_DB: authentik env_file: - .env authentik-redis: container_name: authentik-redis image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - redis:/data authentik-server: container_name: authentik-server image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: server environment: PGID: 1000 PUID: 1000 AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_TOKEN: WqhKA1cypieGrJbegta2kJxvq6AqdpJ1RKhqMFIm volumes: - ./media:/media - ./custom-templates:/templates env_file: - .env ports: - "9001:9000" - "9443:9443" labels: - "traefik.enable=true" - "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)" - "traefik.http.routers.authentik.entrypoints=websecure" - "traefik.http.routers.authentik.tls.certresolver=myresolver" - "traefik.http.services.authentik.loadbalancer.server.port=9000" - "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.authentik-http.rule=Host(`authentik.${DOMAIN}com`)" - "traefik.http.routers.authentik-http.entrypoints=web" - "traefik.http.routers.authentik-http.middlewares=authentik-https-redirect" - "traefik.http.routers.authentik-proxy.rule=Host(`$DOMAIN`) && PathPrefix(`/outpost.goauthentik.io/`)" # `authentik-server` refers to the service name in the compose file. - "traefik.http.middlewares.authentik.forwardauth.address=http://authentik-server:9000/outpost.goauthentik.io/auth/traefik" - "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version" depends_on: - authentik-postgresql - authentik-redis authentik-worker: container_name: authentik-worker image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates env_file: - .env depends_on: - authentik-postgresql - authentik-redis whoami: container_name: whoami image: containous/whoami labels: - "traefik.http.routers.whoami.middlewares=authentik@docker" - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls=true" - "traefik.http.routers.whoami.tls.certresolver=myresolver" # - "traefik.http.routers.whoami.middlewares=secured" restart: unless-stopped ############################ Authentik END ###################### volumes: paperless_redisdata: paperless_pgdata: terra-db: docmost_redis_data: docmost_db_data: database: driver: local redis: driver: local data-volume: # networks: # default: # name: $DOCKER_MY_NETWORK # external: true