--- services: traefik: image: "traefik:v3.6.1" container_name: "traefik" restart: unless-stopped command: # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/traefikconfig" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" # HTTP-to-HTTPS Redirect - "--entryPoints.web.http.redirections.entryPoint.to=websecure" - "--entryPoints.web.http.redirections.entryPoint.scheme=https" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.email=${EMAIL}" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--metrics.prometheus=true" - "--log.format=json" ports: - "80:80" - "443:443" - "8080:8080" extra_hosts: - host.docker.internal:172.17.0.1 volumes: - "${CONFIG}/traefik/letsencrypt:/letsencrypt" - "${CONFIG}/traefik/configs:/traefikconfig" - "/var/run/docker.sock:/var/run/docker.sock:ro" labels: - "traefik.enable=true" # google oauth # - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" # - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" # - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" #rate limiting - "traefik.http.middlewares.home-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50" #http - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" #chain the middlewares to create a "secured" one - "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,authentik" - "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit" # traefik dashboard rules - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls=true" - "traefik.http.services.traefik.loadbalancer.server.port=8080" - "traefik.http.routers.traefik.tls.certresolver=myresolver" # dont autoupdate traefik container - "kuma.traefik.http.name=Traefik" - "kuma.traefik.http.url=http://${LOCAL_IP}:8080" # oauth: # image: thomseddon/traefik-forward-auth:latest # container_name: oauth # restart: unless-stopped # environment: # - CLIENT_ID=$GOOGLE_CLIENT_ID # - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET # - SECRET=$OAUTH_SECRET # - COOKIE_DOMAIN=$DOMAIN # - INSECURE_COOKIE=false # - AUTH_HOST=oauth.$DOMAIN # - URL_PATH=/_oauth # - WHITELIST=$EMAIL # - LOG_LEVEL=info # - LOG_FORMAT=text # - LIFETIME=2592000 # 30 days # labels: # - "traefik.enable=true" # - "traefik.http.routers.oauth-rtr.entrypoints=websecure" # - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)" # - "traefik.http.routers.oauth-rtr.tls=true" # - "traefik.http.routers.oauth-rtr.service=oauth-svc" # - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" # - "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver" # - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" # - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" # - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" # - "traefik.http.routers.oauth-rtr.middlewares=forward-auth" ddclient: image: linuxserver/ddclient container_name: ddclient restart: unless-stopped volumes: - ${CONFIG}/ddclient:/config environment: - PGID - PUID - TZ sabnzbd: image: linuxserver/sabnzbd:latest container_name: sabnzbd restart: unless-stopped #network_mode: service:transmission-vpn ports: - "8081:8080" volumes: - ${CONFIG}/sabnzbd:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PUID - PGID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)" - "traefik.http.routers.sab.entrypoints=websecure" - "traefik.http.routers.sab.tls=true" - "traefik.http.routers.sab.tls.certresolver=myresolver" - "traefik.http.routers.sab.middlewares=secured" #- "traefik.http.services.sab-svc.loadbalancer.server.port=8080" - "kuma.sab.http.name=Sabnzb" - "kuma.sab.http.url=http://${LOCAL_IP}:8081" sonarr: image: linuxserver/sonarr:latest container_name: sonarr restart: unless-stopped ports: - "8989:8989" volumes: - ${CONFIG}/sonarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)" - "traefik.http.routers.sonarr.entrypoints=websecure" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.tls.certresolver=myresolver" - "traefik.http.routers.sonarr.middlewares=secured" - "kuma.sonarr.http.name=Sonarr" - "kuma.sonarr.http.url=http://${LOCAL_IP}:8989" radarr: image: linuxserver/radarr:latest container_name: radarr restart: unless-stopped ports: - "7878:7878" volumes: - ${CONFIG}/radarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)" - "traefik.http.routers.radarr.entrypoints=websecure" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.tls.certresolver=myresolver" - "traefik.http.routers.radarr.middlewares=secured" - "kuma.radarr.http.name=Radarr" - "kuma.radarr.http.url=http://${LOCAL_IP}:7878" prowlarr: image: lscr.io/linuxserver/prowlarr:latest container_name: prowlarr restart: unless-stopped #network_mode: service:transmission-vpn ports: - "9696:9696" volumes: - ${CONFIG}/prowlarr:/config environment: - PUID - PGID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)" - "traefik.http.routers.prowlarr.entrypoints=websecure" - "traefik.http.routers.prowlarr.tls=true" - "traefik.http.routers.prowlarr.tls.certresolver=myresolver" - "traefik.http.routers.prowlarr.middlewares=authentik@docker" - "kuma.prowlarr.http.name=Prowlarr" - "kuma.prowlarr.http.url=http://${LOCAL_IP}:9696" bazarr: image: lscr.io/linuxserver/bazarr:latest container_name: bazarr restart: unless-stopped ports: - 6767:6767 environment: - PGID - PUID - TZ volumes: - ${CONFIG}/bazarr:/config - ${DATA}:/nasMerged labels: - "traefik.enable=true" - "traefik.http.routers.bazarr.rule=Host(`bazarr.${DOMAIN}`)" - "traefik.http.routers.bazarr.entrypoints=websecure" - "traefik.http.routers.bazarr.tls=true" - "traefik.http.routers.bazarr.tls.certresolver=myresolver" - "traefik.http.routers.bazarr.middlewares=authentik@docker" - "kuma.bazarr.http.name=Bazarr" - "kuma.bazarr.http.url=http://${LOCAL_IP}:6767" jellyfin: image: jellyfin/jellyfin container_name: jellyfin restart: unless-stopped ports: - "8096:8096" - "8921:8920" environment: - PGID - PUID - TZ group_add: - '105' volumes: - ${CONFIG}/jellyfin:/config - ${DATA}/jellyfin/cache:/cache - ${DATA}:/media devices: - /dev/dri/renderD128:/dev/dri/renderD128 labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" - "traefik.http.routers.jellyfin.entrypoints=websecure" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls.certresolver=myresolver" - "traefik.http.routers.jellyfin.middlewares=secured-no-oauth" - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" - "kuma.jellyfin.http.name=Jellyfin" - "kuma.jellyfin.http.url=http://${LOCAL_IP}:8096" jellyseerr: image: fallenbagel/jellyseerr:latest container_name: jellyseerr restart: unless-stopped ports: - 5055:5055 environment: - LOG_LEVEL=debug - PGID - PUID - TZ volumes: - ${CONFIG}/jellyseer:/app/config labels: - "traefik.enable=true" - "traefik.http.routers.jellyseer.rule=Host(`jellyseer.${DOMAIN}`)" - "traefik.http.routers.jellyseer.entrypoints=websecure" - "traefik.http.routers.jellyseer.tls=true" - "traefik.http.routers.jellyseer.tls.certresolver=myresolver" - "traefik.http.routers.jellyseer.middlewares=authentik@docker" - "kuma.jellyseer.http.name=jellyseer" - "kuma.jellyseer.http.url=http://${LOCAL_IP}:5055" pyload: image: lscr.io/linuxserver/pyload-ng container_name: pyload restart: unless-stopped environment: - PGID - PUID - TZ volumes: - ${CONFIG}/pyload/config:/config - ${DOWNLOAD}:/downloads ports: - 8005:8000 - 9666:9666 labels: - "traefik.enable=true" - "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)" - "traefik.http.routers.pyload.entrypoints=websecure" - "traefik.http.routers.pyload.tls=true" - "traefik.http.routers.pyload.tls.certresolver=myresolver" - "traefik.http.routers.pyload.middlewares=secured" - "traefik.http.services.pyload.loadbalancer.server.port=9666" - "kuma.pyload.http.name=Pyload" - "kuma.pyload.http.url=http://${LOCAL_IP}:9666" metube: image: alexta69/metube container_name: metube restart: unless-stopped environment: - PUID - PGID - TZ ports: - "8084:8081" volumes: - ${DOWNLOAD}:/downloads labels: - "traefik.enable=true" - "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)" - "traefik.http.routers.metube.entrypoints=websecure" - "traefik.http.routers.metube.tls=true" - "traefik.http.routers.metube.tls.certresolver=myresolver" - "traefik.http.routers.metube.middlewares=secured" - "kuma.metube.http.name=Metube" - "kuma.metube.http.url=http://${LOCAL_IP}:8084" qbittorrent: image: lscr.io/linuxserver/qbittorrent container_name: qbittorrent restart: unless-stopped environment: - PUID - PGID - TZ - WEBUI_PORT=8085 volumes: - ${CONFIG}/qbitorrent:/config - ${DOWNLOAD}/Torrents:/downloads ports: - 8085:8085 - 6881:6881 - 6881:6881/udp labels: - "traefik.enable=true" - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)" - "traefik.http.routers.qbittorrent.entrypoints=websecure" - "traefik.http.routers.qbittorrent.tls=true" - "traefik.http.routers.qbittorrent.tls.certresolver=myresolver" - "traefik.http.routers.qbittorrent.middlewares=secured" - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085" - "kuma.qbitorrent.http.name=Qbitorrent" - "kuma.qbitorrent.http.url=http://${LOCAL_IP}:8085" code-server: image: lscr.io/linuxserver/code-server:latest container_name: code-server restart: unless-stopped environment: - PUID - PGID - TZ - DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional volumes: - ${CONFIG}/codeServer:/config - /:/nas ports: - 10543:8443 labels: - "traefik.enable=true" - "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)" - "traefik.http.routers.code-server.entrypoints=websecure" - "traefik.http.routers.code-server.tls=true" - "traefik.http.routers.code-server.tls.certresolver=myresolver" - "traefik.http.routers.code-server.middlewares=secured" - "kuma.code-server.http.name=VSCode" - "kuma.code-server.http.url=http://${LOCAL_IP}:10543" freshrss: image: linuxserver/freshrss:latest container_name: freshrss restart: unless-stopped environment: - PUID - PGID - TZ volumes: - ${CONFIG}/freshrss:/config ports: - 10180:80 labels: - "traefik.enable=true" - "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)" - "traefik.http.routers.freshrss.entrypoints=websecure" - "traefik.http.routers.freshrss.tls=true" - "traefik.http.routers.freshrss.tls.certresolver=myresolver" - "traefik.http.routers.freshrss.middlewares=secured" - "kuma.freshrss.http.name=FreshRSS" - "kuma.freshrss.http.url=http://${LOCAL_IP}:10180" uptimekuma: image: louislam/uptime-kuma:latest container_name: uptimekuma restart: unless-stopped environment: - PUID - PGID - TZ volumes: - ${DATA}/uptimekuma:/app/data ports: - 3001:3001 labels: - "traefik.enable=true" - "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.${DOMAIN}`)" - "traefik.http.routers.uptimekuma.entrypoints=websecure" - "traefik.http.routers.uptimekuma.tls=true" - "traefik.http.routers.uptimekuma.tls.certresolver=myresolver" - "traefik.http.routers.uptimekuma.middlewares=secured" autokuma: image: ghcr.io/bigboot/autokuma:latest container_name: autokuma restart: unless-stopped environment: AUTOKUMA__KUMA__URL: http://$LOCAL_IP:3001 AUTOKUMA__KUMA__USERNAME: $UPTIME_KUMA_LOGIN AUTOKUMA__KUMA__PASSWORD: $UPTIME_KUMA_PASSWORD volumes: - /var/run/docker.sock:/var/run/docker.sock:ro syncthing: image: lscr.io/linuxserver/syncthing:latest container_name: syncthing restart: unless-stopped hostname: syncthing #optional environment: - PUID - PGID - TZ volumes: - ${CONFIG}/syncthing:/config - ${DATA}:/nas ports: - 8384:8384 - 22000:22000/tcp - 22000:22000/udp - 21027:21027/udp labels: - "traefik.enable=true" - "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)" - "traefik.http.routers.syncthing.entrypoints=websecure" - "traefik.http.routers.syncthing.tls=true" - "traefik.http.routers.syncthing.tls.certresolver=myresolver" - "traefik.http.routers.syncthing.middlewares=secured" - "kuma.syncthing.http.name=Synthings" - "kuma.syncthing.http.url=http://${LOCAL_IP}:8384" # mealie: # image: ghcr.io/mealie-recipes/mealie:v2.6.0 # container_name: mealie # restart: unless-stopped # ports: # - 9925:3000 # - 9001:9000 # volumes: # - ${CONFIG}/mealie:/app/data/ # environment: # - ALLOW_SIGNUP=true # - PUID # - PGID # - TZ # - BASE_URL=https://mealie.${DOMAIN} # labels: # - "traefik.enable=true" # - "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)" # - "traefik.http.routers.mealie.entrypoints=websecure" # - "traefik.http.routers.mealie.tls=true" # - "traefik.http.routers.mealie.tls.certresolver=myresolver" # - "traefik.http.routers.mealie.middlewares=secured" # - "traefik.http.services.mealie.loadbalancer.server.port=9001" # - BASE_URL=https://mealie.${DOMAIN} # - "kuma.mealie.http.name=Mealie" # - "kuma.mealie.http.url=http://${LOCAL_IP}:9001" # # for icons: https://mdi.bessarabov.com/ tandoor_postgres: image: postgres:16-alpine restart: unless-stopped volumes: - $CONFIG/postgresql/tandoor:/var/lib/postgresql/data environment: - PUID - PGID - TZ - SECRET_KEY=M193KADj1N4wYQ2uDjWroct3xtCvl8yq - DB_ENGINE=django.db.backends.postgresql - POSTGRES_DB=djangodb - POSTGRES_PORT=5432 - POSTGRES_USER=djangouser - POSTGRES_PASSWORD=awekjahwe tandoor: image: vabene1111/recipes restart: unless-stopped ports: - 8086:80 volumes: - $CONFIG/tandoor/staticfiles:/opt/recipes/staticfiles # Do not make this a bind mount, see https://docs.tandoor.dev/install/docker/#volumes-vs-bind-mounts # - nginx_config:/opt/recipes/nginx/conf.d - $CONFIG/tandoor/mediafiles:/opt/recipes/mediafiles environment: - PUID - PGID - TZ - SECRET_KEY=M193KADj1N4wYQ2uDjWroct3xtCvl8yq - DB_ENGINE=django.db.backends.postgresql - POSTGRES_HOST=tandoor_postgres - POSTGRES_DB=djangodb - POSTGRES_PORT=5432 - POSTGRES_USER=djangouser - POSTGRES_PASSWORD=awekjahwe - GUNICORN_MEDIA=1 depends_on: - tandoor_postgres # no traefik label, managed in yml apprise: image: caronc/apprise container_name: apprise restart: unless-stopped ports: - 8006:8000 volumes: - ${CONFIG}/apprise:/app/data/ environment: - PUID - PGID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.apprise.rule=Host(`apprise.${DOMAIN}`)" - "traefik.http.routers.apprise.entrypoints=websecure" - "traefik.http.routers.apprise.tls=true" - "traefik.http.routers.apprise.tls.certresolver=myresolver" - "traefik.http.routers.apprise.middlewares=secured" - BASE_URL=https://apprise.${DOMAIN} - "kuma.apprise.http.name=Apprise" - "kuma.apprise.http.url=http://${LOCAL_IP}:8006" # gluetun: # image: qmcgaw/gluetun # # container_name: gluetun # # line above must be uncommented to allow external containers to connect. # # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun # restart: unless-stopped # cap_add: # - NET_ADMIN # devices: # - /dev/net/tun:/dev/net/tun # ports: # - 8888:8888/tcp # HTTP proxy # - 8388:8388/tcp # Shadowsocks # - 8388:8388/udp # Shadowsocks # volumes: # - ${CONFIG}/gluetun:/gluetun # environment: # # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup # - VPN_SERVICE_PROVIDER=protonvpn # - VPN_TYPE=openvpn # # OpenVPN: # - OPENVPN_USER=$PROTON_OVPN_USERNAME # - OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD # # Wireguard: # # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # # - WIREGUARD_ADDRESSES=10.64.222.21/32 # # Timezone for accurate log times # - TZ # # Server list updater # # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list # - HTTPPROXY=on # - SERVER_COUNTRIES=Bulgaria # wg-easy: # image: weejewel/wg-easy # container_name: wg-easy # restart: unless-stopped # volumes: # - ${CONFIG}/wg-easy:/etc/wireguard # ports: # - "51820:51820/udp" # - "51821:51821/tcp" # cap_add: # - NET_ADMIN # - SYS_MODULE # sysctls: # - net.ipv4.ip_forward=1 # - net.ipv4.conf.all.src_valid_mark=1 # environment: # - TZ # - PUID # - PGID # - WG_HOST=wg.${DOMAIN} # labels: # - "traefik.enable=true" # - "traefik.http.routers.wg.rule=Host(`wg.${DOMAIN}`)" # - "traefik.http.routers.wg.entrypoints=web" # - "traefik.http.routers.wg.tls=true" # - "traefik.http.routers.wg.tls.certresolver=myresolver" # - "traefik.http.routers.wg.middlewares=secured" # - "traefik.http.services.wireguard-ui.loadbalancer.server.port=51821" # - "kuma.wg.http.name=WG-Easy" # - "kuma.wg.http.url=http://${LOCAL_IP}:51821" joal: image: anthonyraymond/joal container_name: joal restart: unless-stopped environment: - TZ - PUID - PGID volumes: - ${CONFIG}/joal:/data ports: - 9485:9485 command: - "--joal-conf=/data" - "--spring.main.web-environment=true" - "--server.port=9485" - "--joal.ui.path.prefix=joal" - "--joal.ui.secret-token=joal" audiobookshelf: image: ghcr.io/advplyr/audiobookshelf:latest container_name: audiobookshelf restart: unless-stopped ports: - 13378:80 environment: - PGID - PUID - TZ volumes: - ${DATA}/audiobookshelf/audiobooks:/audiobooks - ${DATA}/audiobookshelf/podcasts:/podcasts - ${CONFIG}/audiobookshelf/audiobooks:/config - ${DATA}/audiobookshelf/metadata:/metadata labels: - "traefik.enable=true" - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN}`)" - "traefik.http.routers.audiobookshelf.entrypoints=websecure" - "traefik.http.routers.audiobookshelf.tls=true" - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver" - "traefik.http.routers.audiobookshelf.middlewares=secured-no-oauth" - "kuma.audiobookshelf.http.name=Audiobookshelf" - "kuma.audiobookshelf.http.url=http://${LOCAL_IP}:13378" dozzle: container_name: dozzle image: amir20/dozzle:latest restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - PGID - PUID - TZ ports: - 9999:8080 labels: - "traefik.enable=true" - "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)" - "traefik.http.routers.dozzle.entrypoints=websecure" - "traefik.http.routers.dozzle.tls=true" - "traefik.http.routers.dozzle.tls.certresolver=myresolver" - "traefik.http.routers.dozzle.middlewares=secured" - "kuma.dozzle.http.name=Dozzle" - "kuma.dozzle.http.url=http://${LOCAL_IP}:9999" stirling-pdf: container_name: stirling-pdf image: frooodle/s-pdf:latest restart: unless-stopped ports: - 8093:8080 volumes: # - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages - ${CONFIG}/stirlingpdf:/configs # - /location/of/customFiles:/customFiles/ # - /location/of/logs:/logs/ environment: - PGID - PUID - TZ - DOCKER_ENABLE_SECURITY=false # tell docker to download security jar (required as true for auth login) - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false labels: - "traefik.enable=true" - "traefik.http.routers.stirlingpdf.rule=Host(`stirlingpdf.${DOMAIN}`)" - "traefik.http.routers.stirlingpdf.entrypoints=websecure" - "traefik.http.routers.stirlingpdf.tls=true" - "traefik.http.routers.stirlingpdf.tls.certresolver=myresolver" - "traefik.http.routers.stirlingpdf.middlewares=secured" - "kuma.stirlingpdf.http.name=Stirlingpdf" - "kuma.stirlingpdf.http.url=http://${LOCAL_IP}:8093" booklore: image: booklore/booklore:latest container_name: booklore restart: unless-stopped environment: - PUID - PGID - TZ - DATABASE_URL=jdbc:mariadb://booklore-mariadb:3306/booklore - DATABASE_USERNAME=booklore - DATABASE_PASSWORD=${PG_PASS} - BOOKLORE_PORT=6060 depends_on: booklore-mariadb: condition: service_healthy ports: - "6060:6060" volumes: - $DATA/booklore/data:/app/data - $DATA/books:/books - $DATA/bookdrop:/bookdrop labels: - "traefik.enable=true" - "traefik.http.routers.booklore.rule=Host(`booklore.${DOMAIN}`)" - "traefik.http.routers.booklore.entrypoints=websecure" - "traefik.http.routers.booklore.tls=true" - "traefik.http.routers.booklore.tls.certresolver=myresolver" - "traefik.http.routers.booklore.middlewares=secured" - "traefik.http.services.booklore-svc.loadbalancer.server.port=6060" - "kuma.booklore.http.name=booklore" - "kuma.booklore.http.url=http://${LOCAL_IP}:6060" booklore-mariadb: image: lscr.io/linuxserver/mariadb:11.4.5 container_name: booklore-mariadb restart: unless-stopped environment: - PUID - PGID - TZ - MYSQL_ROOT_PASSWORD=${PG_PASS} - MYSQL_DATABASE=booklore - MYSQL_USER=booklore - MYSQL_PASSWORD=${PG_PASS} volumes: - ./mariadb/config:/config healthcheck: test: [ "CMD", "mariadb-admin", "ping", "-h", "localhost" ] interval: 5s timeout: 5s retries: 10 homarr: container_name: homarr image: ghcr.io/homarr-labs/homarr:latest restart: unless-stopped environment: - PGID - PUID - TZ - SECRET_ENCRYPTION_KEY=$HOMARR_SECRET_KEY volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${CONFIG}/homarr/appdata:/appdata ports: - '7575:7575' labels: - "traefik.enable=true" - "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)" - "traefik.http.routers.homarr.entrypoints=websecure" - "traefik.http.routers.homarr.tls=true" - "traefik.http.routers.homarr.tls.certresolver=myresolver" - "traefik.http.routers.homarr.middlewares=authentik@docker" homepage: image: ghcr.io/gethomepage/homepage:latest container_name: homepage ports: - 3008:3000 volumes: - ${CONFIG}/homepage:/app/config # Make sure your local config directory exists - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations environment: - PGID - PUID - TZ - HOMEPAGE_ALLOWED_HOSTS=homepage.${DOMAIN} # required, may need port. See gethomepage.dev/installation/#homepage_allowed_hosts labels: - "traefik.enable=true" - "traefik.http.routers.homepage.rule=Host(`homepage.${DOMAIN}`)" - "traefik.http.routers.homepage.entrypoints=websecure" - "traefik.http.routers.homepage.tls=true" - "traefik.http.routers.homepage.tls.certresolver=myresolver" - "traefik.http.routers.homepage.middlewares=authentik@docker" dash: container_name: dash image: mauricenino/dashdot:latest restart: unless-stopped environment: - PGID - PUID - TZ privileged: true ports: - '3002:3001' volumes: - /etc/os-release:/mnt/host/etc/os-release:ro - /proc/1/ns/net:/mnt/host/proc/1/ns/net:ro - /mnt:/mnt/host/mnt:ro - /media:/mnt/host/media:ro - /dev:/mnt/host/dev:ro labels: - "traefik.enable=true" - "traefik.http.routers.dash.rule=Host(`dash.${DOMAIN}`)" - "traefik.http.routers.dash.entrypoints=websecure" - "traefik.http.routers.dash.tls=true" - "traefik.http.routers.dash.tls.certresolver=myresolver" - "traefik.http.routers.dash.middlewares=authentik@docker" - homepage.name=Dash - homepage.icon=dash.png terraforming-mars: container_name: terraforming-mars build: ../terraforming-mars/ restart: unless-stopped depends_on: - mars-postgres environment: - PGID - PUID - TZ - POSTGRES_HOST=postgresql://terra:terrapw@mars-postgres:5432/terraforming-mars?sslmode=disable - NODE_ENV=production ports: - "8082:8765" security_opt: - no-new-privileges:true labels: - "traefik.enable=true" - "traefik.http.routers.terraforming-mars.rule=Host(`terraforming-mars.${DOMAIN}`)" - "traefik.http.routers.terraforming-mars.entrypoints=websecure" - "traefik.http.routers.terraforming-mars.tls=true" - "traefik.http.routers.terraforming-mars.tls.certresolver=myresolver" - "traefik.http.routers.terraforming-mars.middlewares=authentik@docker" mars-postgres: container_name: mars-postgres image: postgres:14.5 restart: unless-stopped environment: PGID: 1000 PUID: 1000 POSTGRES_USER: terra POSTGRES_PASSWORD: terrapw POSTGRES_DB: terraforming-mars volumes: - terra-db:/var/lib/postgresql/data beszel: container_name: beszel image: henrygd/beszel restart: unless-stopped ports: - "8091:8090" # webapp environment: - PGID - PUID - TZ volumes: - $CONFIG/beszel:/beszel_data - $CONFIG/beszel/beszel_socket:/beszel_socket labels: - "traefik.enable=true" - "traefik.http.routers.beszel.rule=Host(`beszel.${DOMAIN}`)" - "traefik.http.routers.beszel.entrypoints=websecure" - "traefik.http.routers.beszel.tls=true" - "traefik.http.routers.beszel.tls.certresolver=myresolver" - "traefik.http.routers.beszel.middlewares=authentik@docker" beszel-agent: container_name: beszel-agent image: henrygd/beszel-agent:latest restart: unless-stopped network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - $CONFIG/beszel/beszel_socket:/beszel_socket environment: PGID: 1000 PUID: 1000 TZ: Europe/Paris LISTEN: /beszel_socket/beszel.sock # Do not remove quotes around the key KEY: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnL7QH2tt3y+nwrC/Yr96EVXsU1672Q4PV2jFfoBRwi" deezer-downloader: container_name: deezer-downloader image: kmille2/deezer-downloader:latest restart: unless-stopped ports: - "5000:5000" volumes: - $DATA/Downloads/Music/deezer:/mnt/deezer-downloader environment: - PGID - PUID - TZ - DEEZER_COOKIE_ARL=07329ecdc126315f7e2335f9d8a95b9a84f7d7a244536681cbeab88b83160bc1108bc5719f7d6ab03b502bce10dabdf0bc7b656b751a66c9688b5116234369bebd71f2659a5445ad24359cdb4671161ce0618c09e59d1b60eebe461f04579c8e labels: - "traefik.enable=true" - "traefik.http.routers.deezerdl.rule=Host(`deezerdl.${DOMAIN}`)" - "traefik.http.routers.deezerdl.entrypoints=websecure" - "traefik.http.routers.deezerdl.tls=true" - "traefik.http.routers.deezerdl.tls.certresolver=myresolver" - "traefik.http.routers.deezerdl.middlewares=authentik@docker" signal-api: image: bbernhard/signal-cli-rest-api:0.92 container_name: signal-api restart: unless-stopped ports: - "8088:8080" volumes: - $DATA/signal-api:/home/.local/share/signal-cli environment: - MODE=native - PGID - PUID - TZ - LOG_LEVEL=debug gotify: image: gotify/server restart: unless-stopped ports: - 8092:80 environment: - PGID - PUID - TZ - GOTIFY_DEFAULTUSER_PASS=$ADMINPWD volumes: - $CONFIG/gotify_data:/app/data labels: - "traefik.enable=true" - "traefik.http.routers.gotify.rule=Host(`gotify.${DOMAIN}`)" - "traefik.http.routers.gotify.entrypoints=websecure" - "traefik.http.routers.gotify.tls=true" - "traefik.http.routers.gotify.tls.certresolver=myresolver" - "traefik.http.routers.gotify.middlewares=secured-no-oauth" siyuan: image: b3log/siyuan command: ['--workspace=/siyuan/workspace/', '--accessAuthCode=${ADMINPWD}'] restart: unless-stopped ports: - 6806:6806 environment: - PGID - PUID - TZ volumes: - $CONFIG/siyuan/workspace:/siyuan/workspace labels: - "traefik.enable=true" - "traefik.http.routers.siyuan.rule=Host(`siyuan.${DOMAIN}`)" - "traefik.http.routers.siyuan.entrypoints=websecure" - "traefik.http.routers.siyuan.tls=true" - "traefik.http.routers.siyuan.tls.certresolver=myresolver" - "traefik.http.routers.siyuan.middlewares=secured-no-oauth" backrest: image: garethgeorge/backrest:latest container_name: backrest hostname: backrest restart: unless-stopped volumes: - $CONFIG/backrest/data:/data - $CONFIG/backrest/config:/config - $CONFIG/backrest/cache:/cache - $CONFIG/backrest/tmp:/tmp - $CONFIG/backrest/rclone:/root/.config/rclone # Mount for rclone config (needed when using rclone remotes) - $DATA:/nasMerged # Mount local paths to backup - /path/to/local/repos:/repos # Mount local repos (optional for remote storage) environment: - BACKREST_DATA=/data - BACKREST_CONFIG=/config/config.json - XDG_CACHE_HOME=/cache - TMPDIR=/tmp - TZ ports: - "9898:9898" labels: - "traefik.enable=true" - "traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)" - "traefik.http.routers.backrest.entrypoints=websecure" - "traefik.http.routers.backrest.tls=true" - "traefik.http.routers.backrest.tls.certresolver=myresolver" - "traefik.http.routers.backrest.middlewares=secured" whatsupdocker: image: getwud/wud restart: unless-stopped container_name: wud volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - PGID - PUID - TZ - WUD_TRIGGER_GOTIFY_DOCKERUPDATES_URL=https://gotify.${DOMAIN} - WUD_TRIGGER_GOTIFY_DOCKERUPDATES_TOKEN=ABgJGCGhSBAmQ2o - WUD_TRIGGER_GOTIFY_DOCKERUPDATES_THRESHOLD=all - WUD_WATCHER_LOCAL_CRON=0 1 * * * ports: - 3007:3000 labels: - "traefik.enable=true" - "traefik.http.routers.wud.rule=Host(`wud.${DOMAIN}`)" - "traefik.http.routers.wud.entrypoints=websecure" - "traefik.http.routers.wud.tls=true" - "traefik.http.routers.wud.tls.certresolver=myresolver" - "traefik.http.routers.wud.middlewares=secured" ############################ Yamtrack START ###################### yamtrack: container_name: yamtrack image: ghcr.io/fuzzygrim/yamtrack restart: unless-stopped depends_on: - yamtrack-redis - yamtrack-db environment: - PGID - PUID - TZ - REDIS_URL=redis://yamtrack-redis:6379 - SECRET=$PG_PASS - DB_HOST=yamtrack-db - DB_NAME=yamtrack - DB_USER=yamtrack - DB_PASSWORD=yamtrack - DB_PORT=5432 ports: - "8009:8000" labels: - "traefik.enable=true" - "traefik.http.routers.yamtrack.rule=Host(`yamtrack.${DOMAIN}`)" - "traefik.http.routers.yamtrack.entrypoints=websecure" - "traefik.http.routers.yamtrack.tls=true" - "traefik.http.routers.yamtrack.tls.certresolver=myresolver" - "traefik.http.routers.yamtrack.middlewares=authentik@docker" yamtrack-db: image: postgres:16-alpine container_name: yamtrack-db environment: - PGID - PUID - TZ - POSTGRES_DB=yamtrack - POSTGRES_USER=yamtrack - POSTGRES_PASSWORD=yamtrack volumes: - yamtrack_postgres_data:/var/lib/postgresql/data restart: unless-stopped yamtrack-redis: container_name: yamtrack-redis image: redis:7-alpine restart: unless-stopped environment: - PGID - PUID - TZ volumes: - yamtrack_redis_data:/data ############################ Yamtrack END ###################### ############################ Paperless START ###################### paperless-broker: container_name: paperless-broker image: docker.io/library/redis:8 restart: unless-stopped environment: - PGID - PUID - TZ volumes: - $CONFIG/paperless/redis:/data paperless-db: container_name: paperless-db image: docker.io/library/postgres:17 restart: unless-stopped volumes: - $CONFIG/paperless/db:/var/lib/postgresql/data environment: PGID: 1000 PUID: 1000 TZ: Europe/Paris POSTGRES_DB: paperless POSTGRES_USER: paperless POSTGRES_PASSWORD: paperless paperless-server: container_name: paperless-server image: ghcr.io/paperless-ngx/paperless-ngx:latest restart: unless-stopped depends_on: - paperless-db - paperless-broker ports: - "8045:8000" volumes: - $DATA/paperless/data:/usr/src/paperless/data - $DATA/paperless/media:/usr/src/paperless/media - $DATA/paperless/export:/usr/src/paperless/export - $DATA/paperless/consume:/usr/src/paperless/consume environment: PAPERLESS_REDIS: redis://paperless-broker:6379 PAPERLESS_DBHOST: paperless-db PAPERLESS_URL: https://paperless.$DOMAIN PAPERLESS_OCR_LANGUAGE: fra labels: - "traefik.enable=true" - "traefik.http.routers.paperless.rule=Host(`paperless.${DOMAIN}`)" - "traefik.http.routers.paperless.entrypoints=websecure" - "traefik.http.routers.paperless.tls=true" - "traefik.http.routers.paperless.tls.certresolver=myresolver" - "traefik.http.routers.paperless.middlewares=authentik@docker" ############################ Paperless END ###################### ############################ Docmost START ###################### docmost: container_name: docmost image: docmost/docmost:latest restart: unless-stopped depends_on: - docmost-db - docmost-redis environment: - PGID - PUID - TZ - APP_URL=https://docmost.${DOMAIN} - APP_SECRET=${DOCMOST_APP_SECRET} - DATABASE_URL=postgresql://docmost:123465@docmost-db:5432/docmost?schema=public - REDIS_URL=redis://docmost-redis:6379 ports: - "3003:3000" volumes: - ${DATA}/docmost:/app/data/storage labels: - "traefik.enable=true" - "traefik.http.routers.docmost.rule=Host(`docmost.${DOMAIN}`)" - "traefik.http.routers.docmost.entrypoints=websecure" - "traefik.http.routers.docmost.tls=true" - "traefik.http.routers.docmost.tls.certresolver=myresolver" - "traefik.http.routers.docmost.middlewares=authentik@docker" docmost-db: container_name: docmost-db image: postgres:16-alpine restart: unless-stopped environment: - PGID - PUID - TZ - "POSTGRES_DB=docmost" - "POSTGRES_USER=docmost" - "POSTGRES_PASSWORD=123465" volumes: - docmost_db_data:/var/lib/postgresql/data docmost-redis: container_name: docmost-redis image: redis:7.2-alpine restart: unless-stopped environment: - PGID - PUID - TZ volumes: - docmost_redis_data:/data ############################ Docmost END ###################### ############################ Authentik START ###################### authentik-postgresql: container_name: authentik-postgresql image: docker.io/library/postgres:16-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - /home/nathan/dockerDbs/authentik_postgres:/var/lib/postgresql/data environment: PGID: 1000 PUID: 1000 POSTGRES_PASSWORD: ${PG_PASS} POSTGRES_USER: authentik POSTGRES_DB: authentik env_file: - .env authentik-redis: container_name: authentik-redis image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped environment: PGID: 1000 PUID: 1000 healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ${CONFIG}/authentik_redis:/data authentik-server: container_name: authentik-server image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: server environment: PGID: 1000 PUID: 1000 AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_TOKEN: WqhKA1cypieGrJbegta2kJxvq6AqdpJ1RKhqMFIm volumes: - ${CONFIG}/authentik/media:/media - ${CONFIG}/authentik/templates:/templates env_file: - .env ports: - "9000:9000" - "9443:9443" labels: - "traefik.enable=true" - "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)" - "traefik.http.routers.authentik.entrypoints=websecure" - "traefik.http.routers.authentik.tls.certresolver=myresolver" - "traefik.http.routers.authentik.priority=1" - "traefik.http.services.authentik.loadbalancer.server.port=9000" - "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.authentik-http.rule=Host(`authentik.${DOMAIN}com`)" - "traefik.http.routers.authentik-http.entrypoints=web" - "traefik.http.routers.authentik-http.middlewares=authentik-https-redirect" - "traefik.http.routers.authentik-proxy.rule=Host(`$DOMAIN`) && PathPrefix(`/outpost.goauthentik.io/`)" - "traefik.http.middlewares.authentik.forwardauth.address=http://${LOCAL_IP}:9000/outpost.goauthentik.io/auth/traefik" - "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version" depends_on: - authentik-postgresql - authentik-redis authentik-worker: container_name: authentik-worker image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} PGID: 1000 PUID: 1000 # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) volumes: - /var/run/docker.sock:/var/run/docker.sock - ${CONFIG}/authentik/media:/media - ${CONFIG}/authentik/certs:/certs - ${CONFIG}/authentik/templates:/templates env_file: - .env depends_on: - authentik-postgresql - authentik-redis whoami: container_name: whoami image: containous/whoami restart: unless-stopped labels: - "traefik.http.routers.whoami.middlewares=authentik@docker" - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls=true" - "traefik.http.routers.whoami.tls.certresolver=myresolver" # - "traefik.http.routers.whoami.middlewares=secured" ############################ Authentik END ###################### volumes: paperless_redisdata: paperless_pgdata: terra-db: docmost_redis_data: docmost_db_data: yamtrack_redis_data: yamtrack_postgres_data: database: driver: local redis: driver: local