--- services: traefik: image: "traefik:v3.1.0" container_name: "traefik" restart: unless-stopped command: # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/traefikconfig" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" # HTTP-to-HTTPS Redirect - "--entryPoints.web.http.redirections.entryPoint.to=websecure" - "--entryPoints.web.http.redirections.entryPoint.scheme=https" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.email=${EMAIL}" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--metrics.prometheus=true" - "--log.format=json" ports: - "80:80" - "443:443" - "8080:8080" extra_hosts: - host.docker.internal:172.17.0.1 volumes: - "${CONFIG}/traefik/letsencrypt:/letsencrypt" - "${CONFIG}/traefik/configs:/traefikconfig" - "/var/run/docker.sock:/var/run/docker.sock:ro" labels: - "traefik.enable=true" # google oauth - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" #rate limiting - "traefik.http.middlewares.home-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50" #http - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" #chain the middlewares to create a "secured" one - "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,authentik" - "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit" # traefik dashboard rules - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls=true" - "traefik.http.services.traefik.loadbalancer.server.port=8080" - "traefik.http.routers.traefik.tls.certresolver=myresolver" # dont autoupdate traefik container - "com.centurylinklabs.watchtower.enable=false" - "kuma.traefik.http.name=Traefik" - "kuma.traefik.http.url=http://${LOCAL_IP}:8080" oauth: image: thomseddon/traefik-forward-auth:latest container_name: oauth restart: unless-stopped environment: - CLIENT_ID=$GOOGLE_CLIENT_ID - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET - SECRET=$OAUTH_SECRET - COOKIE_DOMAIN=$DOMAIN - INSECURE_COOKIE=false - AUTH_HOST=oauth.$DOMAIN - URL_PATH=/_oauth - WHITELIST=$EMAIL - LOG_LEVEL=info - LOG_FORMAT=text - LIFETIME=2592000 # 30 days labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.oauth-rtr.entrypoints=websecure" - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)" - "traefik.http.routers.oauth-rtr.tls=true" ## HTTP Services - "traefik.http.routers.oauth-rtr.service=oauth-svc" - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" - "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver" ## Middlewares - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" - "traefik.http.routers.oauth-rtr.middlewares=forward-auth" watchtower: image: containrrr/watchtower container_name: watchtower restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - PGID - PUID - TZ - WATCHTOWER_CLEANUP=true command: --schedule "9 0 6 * * *" --cleanup ddclient: image: linuxserver/ddclient container_name: ddclient restart: unless-stopped volumes: - ${CONFIG}/ddclient:/config environment: - PGID - PUID - TZ sabnzbd: image: linuxserver/sabnzbd:latest container_name: sabnzbd restart: unless-stopped #network_mode: service:transmission-vpn ports: - "8081:8080" volumes: - ${CONFIG}/sabnzbd:/config - ${DOWNLOAD}:/downloads environment: - PUID - PGID - TZ - UMASK_SET=002 labels: - "traefik.enable=true" - "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)" - "traefik.http.routers.sab.entrypoints=websecure" - "traefik.http.routers.sab.tls=true" - "traefik.http.routers.sab.tls.certresolver=myresolver" - "traefik.http.routers.sab.middlewares=secured" #- "traefik.http.services.sab-svc.loadbalancer.server.port=8080" - "kuma.sab.http.name=Sabnzb" - "kuma.sab.http.url=http://${LOCAL_IP}:8081" sonarr: image: linuxserver/sonarr:latest container_name: sonarr restart: unless-stopped ports: - "8989:8989" volumes: - ${CONFIG}/sonarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)" - "traefik.http.routers.sonarr.entrypoints=websecure" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.tls.certresolver=myresolver" - "traefik.http.routers.sonarr.middlewares=secured" - "kuma.sonarr.http.name=Sonarr" - "kuma.sonarr.http.url=http://${LOCAL_IP}:8989" radarr: image: linuxserver/radarr:latest container_name: radarr restart: unless-stopped ports: - "7878:7878" volumes: - ${CONFIG}/radarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)" - "traefik.http.routers.radarr.entrypoints=websecure" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.tls.certresolver=myresolver" - "traefik.http.routers.radarr.middlewares=secured" - "kuma.radarr.http.name=Radarr" - "kuma.radarr.http.url=http://${LOCAL_IP}:7878" prowlarr: image: linuxserver/prowlarr:latest container_name: prowlarr restart: unless-stopped #network_mode: service:transmission-vpn ports: - "9696:9696" volumes: - ${CONFIG}/prowlarr:/config environment: - PUID - PGID - TZ - UMASK_SET=002 labels: - "traefik.enable=true" - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)" - "traefik.http.routers.prowlarr.entrypoints=websecure" - "traefik.http.routers.prowlarr.tls=true" - "traefik.http.routers.prowlarr.tls.certresolver=myresolver" - "traefik.http.routers.prowlarr.middlewares=authentik@docker" - "kuma.prowlarr.http.name=Prowlarr" - "kuma.prowlarr.http.url=http://${LOCAL_IP}:9696" bazarr: image: lscr.io/linuxserver/bazarr:latest container_name: bazarr restart: unless-stopped ports: - 6767:6767 environment: - PGID - PUID - TZ volumes: - ${CONFIG}/bazarr:/config - ${DATA}:/nasMerged labels: - "traefik.enable=true" - "traefik.http.routers.bazarr.rule=Host(`bazarr.${DOMAIN}`)" - "traefik.http.routers.bazarr.entrypoints=websecure" - "traefik.http.routers.bazarr.tls=true" - "traefik.http.routers.bazarr.tls.certresolver=myresolver" - "traefik.http.routers.bazarr.middlewares=authentik@docker" - "kuma.bazarr.http.name=Bazarr" - "kuma.bazarr.http.url=http://${LOCAL_IP}:6767" jellyfin: image: jellyfin/jellyfin container_name: jellyfin restart: unless-stopped ports: - "8096:8096" - "8921:8920" environment: - PGID - PUID - TZ group_add: - '105' volumes: - ${CONFIG}/jellyfin:/config - ${CONFIG}/jellyfin/./cache:/cache - ${DATA}:/media devices: - /dev/dri/renderD128:/dev/dri/renderD128 labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" - "traefik.http.routers.jellyfin.entrypoints=websecure" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls.certresolver=myresolver" - "traefik.http.routers.jellyfin.middlewares=secured-no-oauth" - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" - "kuma.jellyfin.http.name=Jellyfin" - "kuma.jellyfin.http.url=http://${LOCAL_IP}:8096" jellyseerr: image: fallenbagel/jellyseerr:latest container_name: jellyseerr restart: unless-stopped ports: - 5055:5055 environment: - LOG_LEVEL=debug - PGID - PUID - TZ volumes: - ${CONFIG}/jellyseer:/app/config labels: - "traefik.enable=true" - "traefik.http.routers.jellyseer.rule=Host(`jellyseer.${DOMAIN}`)" - "traefik.http.routers.jellyseer.entrypoints=websecure" - "traefik.http.routers.jellyseer.tls=true" - "traefik.http.routers.jellyseer.tls.certresolver=myresolver" - "traefik.http.routers.jellyseer.middlewares=authentik@docker" - "kuma.jellyseer.http.name=jellyseer" - "kuma.jellyseer.http.url=http://${LOCAL_IP}:5055" pyload: image: lscr.io/linuxserver/pyload-ng container_name: pyload restart: unless-stopped environment: - PGID - PUID - TZ volumes: - ${CONFIG}/pyload/config:/config - ${DOWNLOAD}:/downloads ports: - 8005:8000 - 9666:9666 labels: - "traefik.enable=true" - "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)" - "traefik.http.routers.pyload.entrypoints=websecure" - "traefik.http.routers.pyload.tls=true" - "traefik.http.routers.pyload.tls.certresolver=myresolver" - "traefik.http.routers.pyload.middlewares=secured" - "traefik.http.services.pyload.loadbalancer.server.port=9666" - "kuma.pyload.http.name=Pyload" - "kuma.pyload.http.url=http://${LOCAL_IP}:9666" metube: image: alexta69/metube container_name: metube restart: unless-stopped environment: - PUID - PGID - TZ ports: - "8084:8081" volumes: - ${DOWNLOAD}:/downloads labels: - "traefik.enable=true" - "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)" - "traefik.http.routers.metube.entrypoints=websecure" - "traefik.http.routers.metube.tls=true" - "traefik.http.routers.metube.tls.certresolver=myresolver" - "traefik.http.routers.metube.middlewares=secured" - "kuma.metube.http.name=Metube" - "kuma.metube.http.url=http://${LOCAL_IP}:8084" qbittorrent: image: lscr.io/linuxserver/qbittorrent container_name: qbittorrent restart: unless-stopped environment: - PUID - PGID - TZ - WEBUI_PORT=8085 volumes: - ${CONFIG}/qbitorrent:/config - ${DOWNLOAD}/Torrents:/downloads ports: - 8085:8085 - 6881:6881 - 6881:6881/udp labels: - "traefik.enable=true" - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)" - "traefik.http.routers.qbittorrent.entrypoints=websecure" - "traefik.http.routers.qbittorrent.tls=true" - "traefik.http.routers.qbittorrent.tls.certresolver=myresolver" - "traefik.http.routers.qbittorrent.middlewares=secured" - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085" - "kuma.qbitorrent.http.name=Qbitorrent" - "kuma.qbitorrent.http.url=http://${LOCAL_IP}:8085" code-server: image: lscr.io/linuxserver/code-server:latest container_name: code-server restart: unless-stopped environment: - PUID - PGID - TZ - DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional volumes: - ${CONFIG}/codeServer:/config - /:/nas ports: - 10543:8443 labels: - "traefik.enable=true" - "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)" - "traefik.http.routers.code-server.entrypoints=websecure" - "traefik.http.routers.code-server.tls=true" - "traefik.http.routers.code-server.tls.certresolver=myresolver" - "traefik.http.routers.code-server.middlewares=secured" - "kuma.code-server.http.name=VSCode" - "kuma.code-server.http.url=http://${LOCAL_IP}:10543" freshrss: image: linuxserver/freshrss:latest container_name: freshrss restart: unless-stopped environment: - PUID - PGID - TZ volumes: - ${CONFIG}/freshrss:/config ports: - 10180:80 labels: - "traefik.enable=true" - "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)" - "traefik.http.routers.freshrss.entrypoints=websecure" - "traefik.http.routers.freshrss.tls=true" - "traefik.http.routers.freshrss.tls.certresolver=myresolver" - "traefik.http.routers.freshrss.middlewares=secured" - "kuma.freshrss.http.name=Prowlarr" - "kuma.freshrss.http.url=http://${LOCAL_IP}:10180" uptimekuma: image: louislam/uptime-kuma:latest container_name: uptimekuma restart: unless-stopped environment: - PUID - PGID - TZ volumes: - ${DATA}/uptimekuma:/app/data ports: - 3001:3001 labels: - "traefik.enable=true" - "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.${DOMAIN}`)" - "traefik.http.routers.uptimekuma.entrypoints=websecure" - "traefik.http.routers.uptimekuma.tls=true" - "traefik.http.routers.uptimekuma.tls.certresolver=myresolver" - "traefik.http.routers.uptimekuma.middlewares=secured" autokuma: image: ghcr.io/bigboot/autokuma:latest container_name: autokuma restart: unless-stopped environment: AUTOKUMA__KUMA__URL: http://$LOCAL_IP:3001 AUTOKUMA__KUMA__USERNAME: $UPTIME_KUMA_LOGIN AUTOKUMA__KUMA__PASSWORD: $UPTIME_KUMA_PASSWORD volumes: - /var/run/docker.sock:/var/run/docker.sock:ro syncthing: image: lscr.io/linuxserver/syncthing:latest container_name: syncthing restart: unless-stopped hostname: syncthing #optional environment: - PUID - PGID - TZ volumes: - ${CONFIG}/syncthing:/config - ${DATA}:/nas ports: - 8384:8384 - 22000:22000/tcp - 22000:22000/udp - 21027:21027/udp labels: - "traefik.enable=true" - "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)" - "traefik.http.routers.syncthing.entrypoints=websecure" - "traefik.http.routers.syncthing.tls=true" - "traefik.http.routers.syncthing.tls.certresolver=myresolver" - "traefik.http.routers.syncthing.middlewares=secured" - "kuma.syncthing.http.name=Synthings" - "kuma.syncthing.http.url=http://${LOCAL_IP}:8384" # mealie: # image: ghcr.io/mealie-recipes/mealie:v2.6.0 # container_name: mealie # restart: unless-stopped # ports: # - 9925:3000 # - 9001:9000 # volumes: # - ${CONFIG}/mealie:/app/data/ # environment: # - ALLOW_SIGNUP=true # - PUID # - PGID # - TZ # - BASE_URL=https://mealie.${DOMAIN} # labels: # - "traefik.enable=true" # - "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)" # - "traefik.http.routers.mealie.entrypoints=websecure" # - "traefik.http.routers.mealie.tls=true" # - "traefik.http.routers.mealie.tls.certresolver=myresolver" # - "traefik.http.routers.mealie.middlewares=secured" # - "traefik.http.services.mealie.loadbalancer.server.port=9001" # - BASE_URL=https://mealie.${DOMAIN} # - "kuma.mealie.http.name=Mealie" # - "kuma.mealie.http.url=http://${LOCAL_IP}:9001" # # for icons: https://mdi.bessarabov.com/ tandoor_postgres: image: postgres:16-alpine restart: unless-stopped volumes: - $CONFIG/postgresql/tandoor:/var/lib/postgresql/data environment: - PUID - PGID - TZ - SECRET_KEY=M193KADj1N4wYQ2uDjWroct3xtCvl8yq - DB_ENGINE=django.db.backends.postgresql - POSTGRES_DB=djangodb - POSTGRES_PORT=5432 - POSTGRES_USER=djangouser - POSTGRES_PASSWORD=awekjahwe tandoor: image: vabene1111/recipes restart: unless-stopped ports: - 8086:8080 volumes: - $CONFIG/tandoor/staticfiles:/opt/recipes/staticfiles # Do not make this a bind mount, see https://docs.tandoor.dev/install/docker/#volumes-vs-bind-mounts # - nginx_config:/opt/recipes/nginx/conf.d - $CONFIG/tandoor/mediafiles:/opt/recipes/mediafiles environment: - PUID - PGID - TZ - SECRET_KEY=M193KADj1N4wYQ2uDjWroct3xtCvl8yq - DB_ENGINE=django.db.backends.postgresql - POSTGRES_HOST=tandoor_postgres - POSTGRES_DB=djangodb - POSTGRES_PORT=5432 - POSTGRES_USER=djangouser - POSTGRES_PASSWORD=awekjahwe - GUNICORN_MEDIA=1 depends_on: - tandoor_postgres # no traefik label, managed in yml apprise: image: caronc/apprise container_name: apprise restart: unless-stopped ports: - 8006:8000 volumes: - ${CONFIG}/apprise:/app/data/ environment: - PUID - PGID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.apprise.rule=Host(`apprise.${DOMAIN}`)" - "traefik.http.routers.apprise.entrypoints=websecure" - "traefik.http.routers.apprise.tls=true" - "traefik.http.routers.apprise.tls.certresolver=myresolver" - "traefik.http.routers.apprise.middlewares=secured" - BASE_URL=https://apprise.${DOMAIN} - "kuma.apprise.http.name=Apprise" - "kuma.apprise.http.url=http://${LOCAL_IP}:8006" # gluetun: # image: qmcgaw/gluetun # # container_name: gluetun # # line above must be uncommented to allow external containers to connect. # # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun # restart: unless-stopped # cap_add: # - NET_ADMIN # devices: # - /dev/net/tun:/dev/net/tun # ports: # - 8888:8888/tcp # HTTP proxy # - 8388:8388/tcp # Shadowsocks # - 8388:8388/udp # Shadowsocks # volumes: # - ${CONFIG}/gluetun:/gluetun # environment: # # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup # - VPN_SERVICE_PROVIDER=protonvpn # - VPN_TYPE=openvpn # # OpenVPN: # - OPENVPN_USER=$PROTON_OVPN_USERNAME # - OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD # # Wireguard: # # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # # - WIREGUARD_ADDRESSES=10.64.222.21/32 # # Timezone for accurate log times # - TZ # # Server list updater # # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list # - HTTPPROXY=on # - SERVER_COUNTRIES=Bulgaria wg-easy: image: weejewel/wg-easy container_name: wg-easy restart: unless-stopped volumes: - ${CONFIG}/wg-easy:/etc/wireguard ports: - "51820:51820/udp" - "51821:51821/tcp" cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 environment: - TZ - PUID - PGID - WG_HOST=wg.${DOMAIN} labels: - "traefik.enable=true" - "traefik.http.routers.wg.rule=Host(`wg.${DOMAIN}`)" - "traefik.http.routers.wg.entrypoints=web" - "traefik.http.routers.wg.tls=true" - "traefik.http.routers.wg.tls.certresolver=myresolver" - "traefik.http.routers.wg.middlewares=secured" - "traefik.http.services.wireguard-ui.loadbalancer.server.port=51821" - "kuma.wg.http.name=Prowlarr" - "kuma.wg.http.url=http://${LOCAL_IP}:51821" joal: image: anthonyraymond/joal container_name: joal restart: unless-stopped environment: - TZ - PUID - PGID volumes: - ${CONFIG}/joal:/data ports: - 9485:9485 command: - "--joal-conf=/data" - "--spring.main.web-environment=true" - "--server.port=9485" - "--joal.ui.path.prefix=joal" - "--joal.ui.secret-token=joal" audiobookshelf: image: ghcr.io/advplyr/audiobookshelf:latest container_name: audiobookshelf restart: unless-stopped ports: - 13378:80 environment: - PGID - PUID - TZ volumes: - ${DATA}/audiobookshelf/audiobooks:/audiobooks - ${DATA}/audiobookshelf/podcasts:/podcasts - ${CONFIG}/audiobookshelf/audiobooks:/config - ${DATA}/audiobookshelf/metadata:/metadata labels: - "traefik.enable=true" - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN}`)" - "traefik.http.routers.audiobookshelf.entrypoints=websecure" - "traefik.http.routers.audiobookshelf.tls=true" - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver" - "traefik.http.routers.audiobookshelf.middlewares=secured-no-oauth" - "kuma.audiobookshelf.http.name=Prowlarr" - "kuma.audiobookshelf.http.url=http://${LOCAL_IP}:13378" calibre-web: image: crocodilestick/calibre-web-automated:latest container_name: calibre-web restart: unless-stopped environment: - PGID - PUID - TZ - DOCKER_MODS=linuxserver/mods:universal-calibre #optional volumes: - ${CONFIG}/calibre:/config - ${DATA}/calibre/library:/books - ${DATA}/calibre/ingestion:/cwa-book-ingest ports: - 8083:8083 labels: - "traefik.enable=true" - "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)" - "traefik.http.routers.calibre.entrypoints=websecure" - "traefik.http.routers.calibre.tls=true" - "traefik.http.routers.calibre.tls.certresolver=myresolver" - "traefik.http.routers.calibre.middlewares=secured-no-oauth" - "kuma.calibre.http.name=Calibre" - "kuma.calibre.http.url=http://${LOCAL_IP}:8083" mylar3: image: lscr.io/linuxserver/mylar3:latest container_name: mylar3 environment: - PGID - PUID - TZ volumes: - $CONFIG/mylar:/config - $DATA/books/comics:/comics - $DATA/Downloads:/downloads ports: - 8090:8090 restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.mylar3.rule=Host(`comics.${DOMAIN}`)" - "traefik.http.routers.mylar3.entrypoints=websecure" - "traefik.http.routers.mylar3.tls=true" - "traefik.http.routers.mylar3.tls.certresolver=myresolver" - "traefik.http.routers.mylar3.middlewares=secured-no-oauth" - "kuma.mylar3.http.name=Mylar3" - "kuma.mylar3.http.url=http://${LOCAL_IP}:8090" dozzle: container_name: dozzle image: amir20/dozzle:latest restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - PGID - PUID - TZ ports: - 9999:8080 labels: - "traefik.enable=true" - "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)" - "traefik.http.routers.dozzle.entrypoints=websecure" - "traefik.http.routers.dozzle.tls=true" - "traefik.http.routers.dozzle.tls.certresolver=myresolver" - "traefik.http.routers.dozzle.middlewares=secured" - "kuma.dozzle.http.name=Dozzle" - "kuma.dozzle.http.url=http://${LOCAL_IP}:9999" stirling-pdf: container_name: stirling-pdf image: frooodle/s-pdf:latest restart: unless-stopped ports: - 8093:8080 volumes: # - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages - ${CONFIG}/stirlingpdf:/configs # - /location/of/customFiles:/customFiles/ # - /location/of/logs:/logs/ environment: - PGID - PUID - TZ - DOCKER_ENABLE_SECURITY=false # tell docker to download security jar (required as true for auth login) - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false labels: - "traefik.enable=true" - "traefik.http.routers.stirlingpdf.rule=Host(`stirlingpdf.${DOMAIN}`)" - "traefik.http.routers.stirlingpdf.entrypoints=websecure" - "traefik.http.routers.stirlingpdf.tls=true" - "traefik.http.routers.stirlingpdf.tls.certresolver=myresolver" - "traefik.http.routers.stirlingpdf.middlewares=secured" - "kuma.stirlingpdf.http.name=Stirlingpdf" - "kuma.stirlingpdf.http.url=http://${LOCAL_IP}:8093" # satisfactory-server: # container_name: 'satisfactory-server' # hostname: 'satisfactory-server' # image: 'wolveix/satisfactory-server:latest' # ports: # - '7777:7777/udp' # - '7777:7777/tcp' # volumes: # - '${DATA}/satisfactory-server:/config' # environment: # - MAXPLAYERS=4 # - PGID # - PUID # - TZ # - ROOTLESS=false # - STEAMBETA=false # restart: unless-stopped # healthcheck: # test: [ "CMD", "bash", "/healthcheck.sh" ] # interval: 30s # timeout: 10s # retries: 3 # start_period: 120s homarr: container_name: homarr image: ghcr.io/ajnart/homarr:latest restart: unless-stopped environment: - PGID - PUID - TZ volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${CONFIG}/homarr/configs:/app/data/configs - ${CONFIG}/homarr/icons:/app/public/icons - ${CONFIG}/homarr/data:/data ports: - '7575:7575' labels: - "traefik.enable=true" - "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)" - "traefik.http.routers.homarr.entrypoints=websecure" - "traefik.http.routers.homarr.tls=true" - "traefik.http.routers.homarr.tls.certresolver=myresolver" - "traefik.http.routers.homarr.middlewares=authentik@docker" dash: container_name: dash image: mauricenino/dashdot:latest restart: unless-stopped environment: - PGID - PUID - TZ privileged: true ports: - '3002:3001' volumes: - /etc/os-release:/mnt/host/etc/os-release:ro - /proc/1/ns/net:/mnt/host/proc/1/ns/net:ro - /mnt:/mnt/host/mnt:ro - /media:/mnt/host/media:ro - /dev:/mnt/host/dev:ro labels: - "traefik.enable=true" - "traefik.http.routers.dash.rule=Host(`dash.${DOMAIN}`)" - "traefik.http.routers.dash.entrypoints=websecure" - "traefik.http.routers.dash.tls=true" - "traefik.http.routers.dash.tls.certresolver=myresolver" - "traefik.http.routers.dash.middlewares=authentik@docker" terraforming-mars: container_name: terraforming-mars build: ../terraforming-mars/ restart: unless-stopped depends_on: - mars-postgres environment: - PGID - PUID - TZ - POSTGRES_HOST=postgresql://terra:terrapw@mars-postgres:5432/terraforming-mars?sslmode=disable - NODE_ENV=production ports: - "8082:8765" security_opt: - no-new-privileges:true labels: - "traefik.enable=true" - "traefik.http.routers.terraforming-mars.rule=Host(`terraforming-mars.${DOMAIN}`)" - "traefik.http.routers.terraforming-mars.entrypoints=websecure" - "traefik.http.routers.terraforming-mars.tls=true" - "traefik.http.routers.terraforming-mars.tls.certresolver=myresolver" - "traefik.http.routers.terraforming-mars.middlewares=authentik@docker" mars-postgres: container_name: mars-postgres image: postgres:14.5 restart: unless-stopped environment: PGID: 1000 PUID: 1000 POSTGRES_USER: terra POSTGRES_PASSWORD: terrapw POSTGRES_DB: terraforming-mars volumes: - terra-db:/var/lib/postgresql/data beszel: container_name: beszel image: henrygd/beszel restart: unless-stopped ports: - "8091:8090" # webapp environment: - PGID - PUID - TZ volumes: - $CONFIG/beszel:/beszel_data - $CONFIG/beszel/beszel_socket:/beszel_socket labels: - "traefik.enable=true" - "traefik.http.routers.beszel.rule=Host(`beszel.${DOMAIN}`)" - "traefik.http.routers.beszel.entrypoints=websecure" - "traefik.http.routers.beszel.tls=true" - "traefik.http.routers.beszel.tls.certresolver=myresolver" - "traefik.http.routers.beszel.middlewares=authentik@docker" beszel-agent: container_name: beszel-agent image: henrygd/beszel-agent:latest restart: unless-stopped network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - $CONFIG/beszel/beszel_socket:/beszel_socket environment: PGID: 1000 PUID: 1000 TZ: Europe/Paris LISTEN: /beszel_socket/beszel.sock # Do not remove quotes around the key KEY: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnL7QH2tt3y+nwrC/Yr96EVXsU1672Q4PV2jFfoBRwi" deezer-downloader: container_name: deezer-downloader image: kmille2/deezer-downloader:latest restart: unless-stopped ports: - "5000:5000" volumes: - $DATA/Downloads/Music/deezer:/mnt/deezer-downloader environment: - PGID - PUID - TZ - DEEZER_COOKIE_ARL=07329ecdc126315f7e2335f9d8a95b9a84f7d7a244536681cbeab88b83160bc1108bc5719f7d6ab03b502bce10dabdf0bc7b656b751a66c9688b5116234369bebd71f2659a5445ad24359cdb4671161ce0618c09e59d1b60eebe461f04579c8e labels: - "traefik.enable=true" - "traefik.http.routers.deezerdl.rule=Host(`deezerdl.${DOMAIN}`)" - "traefik.http.routers.deezerdl.entrypoints=websecure" - "traefik.http.routers.deezerdl.tls=true" - "traefik.http.routers.deezerdl.tls.certresolver=myresolver" - "traefik.http.routers.deezerdl.middlewares=authentik@docker" changedetection: container_name: changedetection image: dgtlmoon/changedetection.io:latest restart: unless-stopped ports: - "5001:5000" depends_on: - playwright-chrome volumes: - $DATA/changedetection:/datastore environment: - PGID - PUID - TZ - PLAYWRIGHT_DRIVER_URL=ws://$LOCAL_IP:3005/?stealth=1&--disable-web-security=true labels: - "traefik.enable=true" - "traefik.http.routers.changedetection.rule=Host(`changedetection.${DOMAIN}`)" - "traefik.http.routers.changedetection.entrypoints=websecure" - "traefik.http.routers.changedetection.tls=true" - "traefik.http.routers.changedetection.tls.certresolver=myresolver" - "traefik.http.routers.changedetection.middlewares=authentik@docker" playwright-chrome: hostname: playwright-chrome container_name: playwright-chrome image: browserless/chrome:latest restart: unless-stopped ports: - 3005:3000 environment: - PGID - PUID - TZ - SCREEN_WIDTH=1920 - SCREEN_HEIGHT=1024 - SCREEN_DEPTH=16 - ENABLE_DEBUGGER=false - PREBOOT_CHROME=true - CONNECTION_TIMEOUT=300000 - MAX_CONCURRENT_SESSIONS=10 - CHROME_REFRESH_TIME= 600000 - DEFAULT_BLOCK_ADS=true - DEFAULT_STEALTH=true - DEFAULT_IGNORE_HTTPS_ERRORS=true signal-api: image: bbernhard/signal-cli-rest-api:0.92 container_name: signal-api restart: unless-stopped ports: - "8088:8080" volumes: - $DATA/signal-api:/home/.local/share/signal-cli environment: - MODE=native - PGID - PUID - TZ - LOG_LEVEL=debug gotify: image: gotify/server restart: unless-stopped ports: - 8092:80 environment: - PGID - PUID - TZ - GOTIFY_DEFAULTUSER_PASS=$ADMINPWD volumes: - $CONFIG/gotify_data:/app/data labels: - "traefik.enable=true" - "traefik.http.routers.gotify.rule=Host(`gotify.${DOMAIN}`)" - "traefik.http.routers.gotify.entrypoints=websecure" - "traefik.http.routers.gotify.tls=true" - "traefik.http.routers.gotify.tls.certresolver=myresolver" - "traefik.http.routers.gotify.middlewares=secured-no-oauth" siyuan: image: b3log/siyuan command: ['--workspace=/siyuan/workspace/', '--accessAuthCode=${ADMINPWD}'] restart: unless-stopped ports: - 6806:6806 environment: - PGID - PUID - TZ volumes: - $CONFIG/siyuan/workspace:/siyuan/workspace labels: - "traefik.enable=true" - "traefik.http.routers.siyuan.rule=Host(`siyuan.${DOMAIN}`)" - "traefik.http.routers.siyuan.entrypoints=websecure" - "traefik.http.routers.siyuan.tls=true" - "traefik.http.routers.siyuan.tls.certresolver=myresolver" - "traefik.http.routers.siyuan.middlewares=secured-no-oauth" backrest: image: garethgeorge/backrest:latest container_name: backrest hostname: backrest restart: unless-stopped volumes: - $CONFIG/backrest/data:/data - $CONFIG/backrest/config:/config - $CONFIG/backrest/cache:/cache - $CONFIG/backrest/tmp:/tmp - $CONFIG/backrest/rclone:/root/.config/rclone # Mount for rclone config (needed when using rclone remotes) - $DATA:/nasMerged # Mount local paths to backup - /path/to/local/repos:/repos # Mount local repos (optional for remote storage) environment: - BACKREST_DATA=/data - BACKREST_CONFIG=/config/config.json - XDG_CACHE_HOME=/cache - TMPDIR=/tmp - TZ ports: - "9898:9898" labels: - "traefik.enable=true" - "traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)" - "traefik.http.routers.backrest.entrypoints=websecure" - "traefik.http.routers.backrest.tls=true" - "traefik.http.routers.backrest.tls.certresolver=myresolver" - "traefik.http.routers.backrest.middlewares=secured-no-oauth" ############################ Yamtrack START ###################### yamtrack: container_name: yamtrack image: ghcr.io/fuzzygrim/yamtrack restart: unless-stopped depends_on: - yamtrack-redis - yamtrack-db environment: - PGID - PUID - TZ - REDIS_URL=redis://yamtrack-redis:6379 - SECRET=$PG_PASS - DB_HOST=yamtrack-db - DB_NAME=yamtrack - DB_USER=yamtrack - DB_PASSWORD=yamtrack - DB_PORT=5432 ports: - "8009:8000" labels: - "traefik.enable=true" - "traefik.http.routers.yamtrack.rule=Host(`yamtrack.${DOMAIN}`)" - "traefik.http.routers.yamtrack.entrypoints=websecure" - "traefik.http.routers.yamtrack.tls=true" - "traefik.http.routers.yamtrack.tls.certresolver=myresolver" - "traefik.http.routers.yamtrack.middlewares=authentik@docker" yamtrack-db: image: postgres:16-alpine container_name: yamtrack-db environment: - PGID - PUID - TZ - POSTGRES_DB=yamtrack - POSTGRES_USER=yamtrack - POSTGRES_PASSWORD=yamtrack volumes: - yamtrack_postgres_data:/var/lib/postgresql/data restart: unless-stopped yamtrack-redis: container_name: yamtrack-redis image: redis:7-alpine restart: unless-stopped environment: - PGID - PUID - TZ volumes: - yamtrack_redis_data:/data ############################ Yamtrack END ###################### ############################ Paperless START ###################### paperless-broker: container_name: paperless-broker image: docker.io/library/redis:8 restart: unless-stopped environment: - PGID - PUID - TZ volumes: - $CONFIG/paperless/redis:/data paperless-db: container_name: paperless-db image: docker.io/library/postgres:17 restart: unless-stopped volumes: - $CONFIG/paperless/db:/var/lib/postgresql/data environment: PGID: 1000 PUID: 1000 TZ: Europe/Paris POSTGRES_DB: paperless POSTGRES_USER: paperless POSTGRES_PASSWORD: paperless paperless-server: container_name: paperless-server image: ghcr.io/paperless-ngx/paperless-ngx:latest restart: unless-stopped depends_on: - paperless-db - paperless-broker ports: - "8045:8000" volumes: - $DATA/paperless/data:/usr/src/paperless/data - $DATA/paperless/media:/usr/src/paperless/media - $DATA/paperless/export:/usr/src/paperless/export - $DATA/paperless/consume:/usr/src/paperless/consume environment: PAPERLESS_REDIS: redis://paperless-broker:6379 PAPERLESS_DBHOST: paperless-db PAPERLESS_URL: https://paperless.$DOMAIN PAPERLESS_OCR_LANGUAGE: fra labels: - "traefik.enable=true" - "traefik.http.routers.paperless.rule=Host(`paperless.${DOMAIN}`)" - "traefik.http.routers.paperless.entrypoints=websecure" - "traefik.http.routers.paperless.tls=true" - "traefik.http.routers.paperless.tls.certresolver=myresolver" - "traefik.http.routers.paperless.middlewares=authentik@docker" ############################ Paperless END ###################### ############################ Docmost START ###################### docmost: container_name: docmost image: docmost/docmost:latest restart: unless-stopped depends_on: - docmost-db - docmost-redis environment: - PGID - PUID - TZ - APP_URL=https://docmost.${DOMAIN} - APP_SECRET=${DOCMOST_APP_SECRET} - DATABASE_URL=postgresql://docmost:123465@docmost-db:5432/docmost?schema=public - REDIS_URL=redis://docmost-redis:6379 ports: - "3003:3000" volumes: - ${DATA}/docmost:/app/data/storage labels: - "traefik.enable=true" - "traefik.http.routers.docmost.rule=Host(`docmost.${DOMAIN}`)" - "traefik.http.routers.docmost.entrypoints=websecure" - "traefik.http.routers.docmost.tls=true" - "traefik.http.routers.docmost.tls.certresolver=myresolver" - "traefik.http.routers.docmost.middlewares=authentik@docker" docmost-db: container_name: docmost-db image: postgres:16-alpine restart: unless-stopped environment: - PGID - PUID - TZ - "POSTGRES_DB=docmost" - "POSTGRES_USER=docmost" - "POSTGRES_PASSWORD=123465" volumes: - docmost_db_data:/var/lib/postgresql/data docmost-redis: container_name: docmost-redis image: redis:7.2-alpine restart: unless-stopped environment: - PGID - PUID - TZ volumes: - docmost_redis_data:/data ############################ Docmost END ###################### ############################ Authentik START ###################### authentik-postgresql: container_name: authentik-postgresql image: docker.io/library/postgres:16-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - /home/nathan/dockerDbs/authentik_postgres:/var/lib/postgresql/data environment: PGID: 1000 PUID: 1000 POSTGRES_PASSWORD: ${PG_PASS} POSTGRES_USER: authentik POSTGRES_DB: authentik env_file: - .env authentik-redis: container_name: authentik-redis image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped environment: PGID: 1000 PUID: 1000 healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ${CONFIG}/authentik_redis:/data authentik-server: container_name: authentik-server image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: server environment: PGID: 1000 PUID: 1000 AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_TOKEN: WqhKA1cypieGrJbegta2kJxvq6AqdpJ1RKhqMFIm volumes: - ${CONFIG}/authentik/media:/media - ${CONFIG}/authentik/templates:/templates env_file: - .env ports: - "9000:9000" - "9443:9443" labels: - "traefik.enable=true" - "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)" - "traefik.http.routers.authentik.entrypoints=websecure" - "traefik.http.routers.authentik.tls.certresolver=myresolver" - "traefik.http.routers.authentik.priority=1" - "traefik.http.services.authentik.loadbalancer.server.port=9000" - "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.authentik-http.rule=Host(`authentik.${DOMAIN}com`)" - "traefik.http.routers.authentik-http.entrypoints=web" - "traefik.http.routers.authentik-http.middlewares=authentik-https-redirect" - "traefik.http.routers.authentik-proxy.rule=Host(`$DOMAIN`) && PathPrefix(`/outpost.goauthentik.io/`)" - "traefik.http.middlewares.authentik.forwardauth.address=http://${LOCAL_IP}:9000/outpost.goauthentik.io/auth/traefik" - "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version" depends_on: - authentik-postgresql - authentik-redis authentik-worker: container_name: authentik-worker image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} PGID: 1000 PUID: 1000 # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) volumes: - /var/run/docker.sock:/var/run/docker.sock - ${CONFIG}/authentik/media:/media - ${CONFIG}/authentik/certs:/certs - ${CONFIG}/authentik/templates:/templates env_file: - .env depends_on: - authentik-postgresql - authentik-redis whoami: container_name: whoami image: containous/whoami restart: unless-stopped labels: - "traefik.http.routers.whoami.middlewares=authentik@docker" - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls=true" - "traefik.http.routers.whoami.tls.certresolver=myresolver" # - "traefik.http.routers.whoami.middlewares=secured" ############################ Authentik END ###################### volumes: paperless_redisdata: paperless_pgdata: terra-db: docmost_redis_data: docmost_db_data: yamtrack_redis_data: yamtrack_postgres_data: database: driver: local redis: driver: local