athaliar/dockerStuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dockerStuff/config/codeServer/data/User/History/12701265/poC9.yml
Nathan root 4d7a9ef8c0 add everything
2025-11-16 21:46:46 +00:00

1382 lines
45 KiB
YAML
Raw Permalink Blame History

---
version: '3.7'
services:
traefik:
image: "traefik:v3.1.0"
container_name: "traefik"
command:
# - "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.directory=/traefikconfig"
- "--providers.file.watch=true"
- "--entrypoints.web.address=:80"
# HTTP-to-HTTPS Redirect
- "--entryPoints.web.http.redirections.entryPoint.to=websecure"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--metrics.prometheus=true"
- "--log.format=json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
extra_hosts:
- host.docker.internal:172.17.0.1
volumes:
- "${CONFIG}/traefik/letsencrypt:/letsencrypt"
- "${CONFIG}/traefik/configs:/traefikconfig"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
# google oauth
- "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181"
- "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
#rate limiting
- "traefik.http.middlewares.home-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50"
#http
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
#chain the middlewares to create a "secured" one
- "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,forward-auth"
- "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit"
# traefik dashboard rules
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
# dont autoupdate traefik container
- "com.centurylinklabs.watchtower.enable=false"
# flame dashboard
- "flame.type=application"
- "flame.name=traefik"
- "flame.icon=arrow-decision-outline"
- "flame.url=https://traefik.${DOMAIN}"
- "kuma.traefik.http.name=Traefik"
- "kuma.traefik.http.url=http://${LOCAL_IP}:8080"
oauth:
image: thomseddon/traefik-forward-auth:latest
container_name: oauth
environment:
- CLIENT_ID=$GOOGLE_CLIENT_ID
- CLIENT_SECRET=$GOOGLE_CLIENT_SECRET
- SECRET=$OAUTH_SECRET
- COOKIE_DOMAIN=$DOMAIN
- INSECURE_COOKIE=false
- AUTH_HOST=oauth.$DOMAIN
- URL_PATH=/_oauth
- WHITELIST=$EMAIL
- LOG_LEVEL=info
- LOG_FORMAT=text
- LIFETIME=2592000 # 30 days
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.oauth-rtr.entrypoints=websecure"
- "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)"
- "traefik.http.routers.oauth-rtr.tls=true"
## HTTP Services
- "traefik.http.routers.oauth-rtr.service=oauth-svc"
- "traefik.http.services.oauth-svc.loadbalancer.server.port=4181"
- "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver"
## Middlewares
- "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181"
- "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
- "traefik.http.routers.oauth-rtr.middlewares=forward-auth"
restart: unless-stopped
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- PGID
- PUID
- TZ
- WATCHTOWER_CLEANUP=true
command: --schedule "9 0 6 * * *" --cleanup
restart: unless-stopped
ddclient:
image: linuxserver/ddclient
container_name: ddclient
volumes:
- ${CONFIG}/ddclient:/config
environment:
- PGID
- PUID
- TZ
restart: unless-stopped
sabnzbd:
image: linuxserver/sabnzbd:latest
container_name: sabnzbd
#network_mode: service:transmission-vpn
ports:
- "8081:8080"
volumes:
- ${CONFIG}/sabnzbd:/config
- ${DOWNLOAD}:/downloads
environment:
- PUID
- PGID
- TZ
- UMASK_SET=002
labels:
- "traefik.enable=true"
- "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)"
- "traefik.http.routers.sab.entrypoints=websecure"
- "traefik.http.routers.sab.tls=true"
- "traefik.http.routers.sab.tls.certresolver=myresolver"
- "traefik.http.routers.sab.middlewares=secured"
#- "traefik.http.services.sab-svc.loadbalancer.server.port=8080"
- "flame.type=application"
- "flame.name=sabnzbd"
- "flame.url=https://sab.${DOMAIN}"
- "flame.icon=download-outline"
- "kuma.sab.http.name=Sabnzb"
- "kuma.sab.http.url=http://${LOCAL_IP}:8081"
restart: unless-stopped
sonarr:
image: linuxserver/sonarr:latest
container_name: sonarr
ports:
- "8989:8989"
volumes:
- ${CONFIG}/sonarr:/config
- ${DOWNLOAD}:/downloads
- ${DATA}:/nasMerged
- ${DATA}:/tv
environment:
- PGID
- PUID
- TZ
labels:
- "traefik.enable=true"
- "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)"
- "traefik.http.routers.sonarr.entrypoints=websecure"
- "traefik.http.routers.sonarr.tls=true"
- "traefik.http.routers.sonarr.tls.certresolver=myresolver"
- "traefik.http.routers.sonarr.middlewares=secured"
- "flame.type=application"
- "flame.name=sonarr"
- "flame.url=https://sonarr.${DOMAIN}"
- "flame.icon=television-classic"
- "kuma.sonarr.http.name=Sonarr"
- "kuma.sonarr.http.url=http://${LOCAL_IP}:8989"
restart: unless-stopped
radarr:
image: linuxserver/radarr:latest
container_name: radarr
ports:
- "7878:7878"
volumes:
- ${CONFIG}/radarr:/config
- ${DOWNLOAD}:/downloads
- ${DATA}:/nasMerged
- ${DATA}:/tv
environment:
- PGID
- PUID
- TZ
labels:
- "traefik.enable=true"
- "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)"
- "traefik.http.routers.radarr.entrypoints=websecure"
- "traefik.http.routers.radarr.tls=true"
- "traefik.http.routers.radarr.tls.certresolver=myresolver"
- "traefik.http.routers.radarr.middlewares=secured"
- "flame.type=application"
- "flame.name=radarr"
- "flame.url=https://radarr.${DOMAIN}"
- "flame.icon=movie-open-settings"
- "kuma.radarr.http.name=Radarr"
- "kuma.radarr.http.url=http://${LOCAL_IP}:7878"
restart: unless-stopped
prowlarr:
image: linuxserver/prowlarr:latest
container_name: prowlarr
#network_mode: service:transmission-vpn
ports:
- "9696:9696"
volumes:
- ${CONFIG}/prowlarr:/config
environment:
- PUID
- PGID
- TZ
- UMASK_SET=002
labels:
- "traefik.enable=true"
- "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)"
- "traefik.http.routers.prowlarr.entrypoints=websecure"
- "traefik.http.routers.prowlarr.tls=true"
- "traefik.http.routers.prowlarr.tls.certresolver=myresolver"
- "traefik.http.routers.prowlarr.middlewares=secured"
- "flame.type=application"
- "flame.name=prowlarr"
- "flame.url=https://prowlarr.${DOMAIN}"
- "flame.icon=download-outline"
- "kuma.prowlarr.http.name=Prowlarr"
- "kuma.prowlarr.http.url=http://${LOCAL_IP}:9696"
restart: unless-stopped
nzbhydra:
image: linuxserver/nzbhydra2:latest
container_name: nzbhydra
ports:
- "5076:5076"
volumes:
- ${CONFIG}/nzbhydra2:/config
- ${DOWNLOAD}:/downloads
environment:
- PGID
- PUID
- TZ
labels:
- "traefik.enable=true"
- "traefik.http.routers.hydra.rule=Host(`hydra.${DOMAIN}`)"
- "traefik.http.routers.hydra.entrypoints=websecure"
- "traefik.http.routers.hydra.tls=true"
- "traefik.http.routers.hydra.tls.certresolver=myresolver"
- "traefik.http.routers.hydra.middlewares=secured-no-oauth"
- "flame.type=application"
- "flame.name=hydra"
- "flame.url=https://hydra.${DOMAIN}"
- "flame.icon=spider"
- "kuma.hydra.http.name=Nzbhydra"
- "kuma.hydra.http.url=http://${LOCAL_IP}:5076"
restart: unless-stopped
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
restart: unless-stopped
ports:
- "8096:8096"
- "8921:8920"
environment:
- PGID
- PUID
- TZ
volumes:
- ${CONFIG}/jellyfin:/config
- ./cache/jellyfin:/cache
- ${DATA}:/media
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=myresolver"
- "traefik.http.routers.jellyfin.middlewares=secured-no-oauth"
- "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
- "flame.type=application"
- "flame.name=jellyfin"
- "flame.url=https://jellyfin.${DOMAIN}"
- "flame.icon=jellyfish-outline"
- "kuma.jellyfin.http.name=Jellyfin"
- "kuma.jellyfin.http.url=http://${LOCAL_IP}:8096"
flame:
image: pawelmalak/flame
container_name: flame
volumes:
- ${CONFIG}/flame:/app/data
- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
ports:
- 5005:5005
environment:
- PASSWORD=$ADMINPWD
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.flame.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.flame.entrypoints=websecure"
- "traefik.http.routers.flame.tls=true"
- "traefik.http.routers.flame.tls.certresolver=myresolver"
- "traefik.http.routers.flame.middlewares=secured"
- "kuma.flame.http.name=Flame"
- "kuma.flame.http.url=http://${LOCAL_IP}:5005"
pyload:
image: lscr.io/linuxserver/pyload-ng
container_name: pyload
environment:
- PGID
- PUID
- TZ
volumes:
- ${CONFIG}/pyload/config:/config
- ${DOWNLOAD}:/downloads
ports:
- 8005:8000
- 9666:9666
labels:
- "traefik.enable=true"
- "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)"
- "traefik.http.routers.pyload.entrypoints=websecure"
- "traefik.http.routers.pyload.tls=true"
- "traefik.http.routers.pyload.tls.certresolver=myresolver"
- "traefik.http.routers.pyload.middlewares=secured"
- "flame.type=application"
- "flame.name=pyload"
- "flame.url=https://pyload.${DOMAIN}"
- "flame.icon=file-download-outline"
- "kuma.pyload.http.name=Pyload"
- "kuma.pyload.http.url=http://${LOCAL_IP}:8005"
restart: unless-stopped
# duplicati:
# image: linuxserver/duplicati
# container_name: duplicati
# environment:
# - PGID
# - PUID
# - TZ
# #- CLI_ARGS= #optional
# volumes:
# - ${CONFIG}/duplicati:/config
# - /:/nas
# ports:
# - 8200:8200
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)"
# - "traefik.http.routers.duplicati.entrypoints=websecure"
# - "traefik.http.routers.duplicati.tls=true"
# - "traefik.http.routers.duplicati.tls.certresolver=myresolver"
# - "traefik.http.routers.duplicati.middlewares=secured"
# restart: unless-stopped
# metube:
# image: alexta69/metube
# container_name: metube
# restart: unless-stopped
# user: "1001:1001"
# ports:
# - "8084:8081"
# volumes:
# - ${DOWNLOAD}:/downloads
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)"
# - "traefik.http.routers.metube.entrypoints=websecure"
# - "traefik.http.routers.metube.tls=true"
# - "traefik.http.routers.metube.tls.certresolver=myresolver"
# - "traefik.http.routers.metube.middlewares=secured"
# - "flame.type=application"
# - "flame.name=metube"
# - "flame.url=https://metube.${DOMAIN}"
# - "flame.icon=youtube-subscription"
# - "kuma.metube.http.name=Metube"
# - "kuma.metube.http.url=http://${LOCAL_IP}:8084"
qbittorrent:
image: lscr.io/linuxserver/qbittorrent
container_name: qbittorrent
environment:
- PUID
- PGID
- TZ
- WEBUI_PORT=8085
volumes:
- ${CONFIG}/qbitorrent:/config
- ${DOWNLOAD}/Torrents:/downloads
ports:
- 8085:8085
- 6881:6881
- 6881:6881/udp
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.tls=true"
- "traefik.http.routers.qbittorrent.tls.certresolver=myresolver"
- "traefik.http.routers.qbittorrent.middlewares=secured"
- "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085"
- "flame.type=application"
- "flame.name=qbittorrent"
- "flame.url=https://qbittorrent.${DOMAIN}"
- "flame.icon=folder-download"
- "kuma.qbitorrent.http.name=Qbitorrent"
- "kuma.qbitorrent.http.url=http://${LOCAL_IP}:8085"
code-server:
image: lscr.io/linuxserver/code-server:latest
container_name: code-server
environment:
- PUID
- PGID
- TZ
- DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional
volumes:
- ${CONFIG}/codeServer:/config
- /:/nas
ports:
- 10543:8443
labels:
- "traefik.enable=true"
- "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)"
- "traefik.http.routers.code-server.entrypoints=websecure"
- "traefik.http.routers.code-server.tls=true"
- "traefik.http.routers.code-server.tls.certresolver=myresolver"
- "traefik.http.routers.code-server.middlewares=secured"
- "flame.type=application"
- "flame.name=code-server"
- "flame.icon=code-braces"
- "flame.url=https://code-server.${DOMAIN}"
- "kuma.code-server.http.name=VSCode"
- "kuma.code-server.http.url=http://${LOCAL_IP}:10543"
restart: unless-stopped
freshrss:
image: linuxserver/freshrss:latest
container_name: freshrss
environment:
- PUID
- PGID
- TZ
volumes:
- ${CONFIG}/freshrss:/config
ports:
- 10180:80
labels:
- "traefik.enable=true"
- "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)"
- "traefik.http.routers.freshrss.entrypoints=websecure"
- "traefik.http.routers.freshrss.tls=true"
- "traefik.http.routers.freshrss.tls.certresolver=myresolver"
- "traefik.http.routers.freshrss.middlewares=secured"
- "flame.type=application"
- "flame.name=freshrss"
- "flame.url=https://freshrss.${DOMAIN}"
- "flame.icon=rss-box"
- "kuma.freshrss.http.name=Prowlarr"
- "kuma.freshrss.http.url=http://${LOCAL_IP}:10180"
restart: unless-stopped
prometheus:
image: prom/prometheus:v2.42.0
container_name: prometheus
hostname: prometheus
user: root
restart: unless-stopped
depends_on:
- cadvisor
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=7d'
- '--web.enable-lifecycle'
volumes:
- ${DATA}/prometheus_data:/prometheus
- ${CONFIG}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
expose:
- "9090"
labels:
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)"
- "traefik.http.routers.prometheus.entrypoints=websecure"
- "traefik.http.routers.prometheus.tls=true"
- "traefik.http.routers.prometheus.tls.certresolver=myresolver"
- "traefik.http.routers.prometheus.middlewares=secured"
- "org.label-schema.group=monitoring"
- "flame.type=application"
- "flame.name=prometheus"
- "flame.url=https://prometheus.${DOMAIN}"
- "flame.icon=state-machine"
# WEB BASED UI VISUALISATION OF METRICS
grafana:
image: grafana/grafana:9.4.3
container_name: grafana
hostname: grafana
user: root
restart: unless-stopped
env_file: .env
volumes:
- ${CONFIG}/grafana_data:/var/lib/grafana
expose:
- "3000"
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)"
- "traefik.http.routers.grafana.entrypoints=websecure"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=myresolver"
- "traefik.http.routers.grafana.middlewares=secured"
- "org.label-schema.group=monitoring"
- "flame.type=application"
- "flame.name=grafana"
- "flame.url=https://grafana.${DOMAIN}"
- "flame.icon=chart-multiple"
- "kuma.grafana.http.name=Grafana"
- "kuma.grafana.http.url=http://${LOCAL_IP}:3000"
# HOST LINUX MACHINE METRICS EXPORTER
nodeexporter:
image: prom/node-exporter:v1.5.0
container_name: nodeexporter
hostname: nodeexporter
restart: unless-stopped
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
expose:
- "9100"
labels:
org.label-schema.group: "monitoring"
# DOCKER CONTAINERS METRICS EXPORTER
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
hostname: cadvisor
restart: unless-stopped
privileged: true
devices:
- /dev/kmsg:/dev/kmsg
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker:/var/lib/docker:ro
- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
- /dev/disk/:/dev/disk:ro
ports:
- 8088:8080
labels:
org.label-schema.group: "monitoring"
uptimekuma:
image: louislam/uptime-kuma:latest
container_name: uptimekuma
environment:
- PUID
- PGID
- TZ
volumes:
- ${DATA}/uptimekuma:/app/data
ports:
- 3001:3001
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.${DOMAIN}`)"
- "traefik.http.routers.uptimekuma.entrypoints=websecure"
- "traefik.http.routers.uptimekuma.tls=true"
- "traefik.http.routers.uptimekuma.tls.certresolver=myresolver"
- "traefik.http.routers.uptimekuma.middlewares=secured"
- "flame.type=application"
- "flame.name=uptimekuma"
- "flame.url=https://uptimekuma.${DOMAIN}"
- "flame.icon=bottle-tonic-plus-outline"
autokuma:
image: ghcr.io/bigboot/autokuma:latest
container_name: autokuma
restart: unless-stopped
environment:
AUTOKUMA__KUMA__URL: http://$LOCAL_IP:3001
AUTOKUMA__KUMA__USERNAME: $UPTIME_KUMA_LOGIN
AUTOKUMA__KUMA__PASSWORD: $UPTIME_KUMA_PASSWORD
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
syncthing:
image: lscr.io/linuxserver/syncthing:latest
container_name: syncthing
hostname: syncthing #optional
environment:
- PUID
- PGID
- TZ
volumes:
- ${CONFIG}/syncthing:/config
- ${DATA}:/nas
ports:
- 8384:8384
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)"
- "traefik.http.routers.syncthing.entrypoints=websecure"
- "traefik.http.routers.syncthing.tls=true"
- "traefik.http.routers.syncthing.tls.certresolver=myresolver"
- "traefik.http.routers.syncthing.middlewares=secured"
- "flame.type=application"
- "flame.name=syncthing"
- "flame.url=https://syncthing.${DOMAIN}"
- "flame.icon=sync"
- "kuma.syncthing.http.name=Synthings"
- "kuma.syncthing.http.url=http://${LOCAL_IP}:8384"
snapdrop:
image: lscr.io/linuxserver/snapdrop:latest
container_name: snapdrop
environment:
- PUID
- PGID
- TZ
volumes:
- ${CONFIG}/snapdrop:/config
ports:
- 8087:80
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.snapdrop.rule=Host(`snapdrop.${DOMAIN}`)"
- "traefik.http.routers.snapdrop.entrypoints=web"
- "traefik.http.routers.snapdrop.tls=true"
- "traefik.http.routers.snapdrop.tls.certresolver=myresolver"
- "traefik.http.routers.snapdrop.middlewares=secured"
- "flame.type=application"
- "flame.name=snapdrop"
- "flame.url=https://snapdrop.${DOMAIN}"
- "flame.icon=share-variant-outline"
- "kuma.snapdrop.http.name=Snapdrop"
- "kuma.snapdrop.http.url=http://${LOCAL_IP}:8087"
# vrising:
# image: trueosiris/vrising
# container_name: vrising
# environment:
# - TZ=Europe/Paris
# - SERVERNAME=vrisingAthaliar
# volumes:
# - '${CONFIG}/vrising/server:/mnt/vrising/server:rw'
# - '${DATA}/vrising/data:/mnt/vrising/persistentdata:rw'
# ports:
# - 9876:9876/udp
# - 9877:9877/udp
# restart: unless-stopped
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.vrising.rule=Host(`vrising.${DOMAIN}`)"
# - "traefik.http.routers.vrising.entrypoints=web"
# - "traefik.http.routers.vrising.tls=true"
# - "traefik.http.routers.vrising.tls.certresolver=myresolver"
# - "traefik.http.routers.vrising.middlewares=secured"
mealie:
image: ghcr.io/mealie-recipes/mealie:nightly
container_name: mealie
ports:
- 9925:3000
- 9000:9000
volumes:
- ${CONFIG}/mealie:/app/data/
environment:
- ALLOW_SIGNUP=true
- PUID
- PGID
- TZ
- BASE_URL=https://mealie.${DOMAIN}
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)"
- "traefik.http.routers.mealie.entrypoints=websecure"
- "traefik.http.routers.mealie.tls=true"
- "traefik.http.routers.mealie.tls.certresolver=myresolver"
- "traefik.http.routers.mealie.middlewares=secured"
- "traefik.http.services.mealie.loadbalancer.server.port=9000"
- "flame.type=application"
- "flame.name=mealie"
- "flame.url=https://mealie.${DOMAIN}"
- "flame.icon=noodles"
- BASE_URL=https://mealie.${DOMAIN}
- "kuma.mealie.http.name=Mealie"
- "kuma.mealie.http.url=http://${LOCAL_IP}:9000"
# for icons: https://mdi.bessarabov.com/
apprise:
image: caronc/apprise
container_name: apprise
ports:
- 8006:8000
volumes:
- ${CONFIG}/apprise:/app/data/
environment:
- PUID
- PGID
- TZ
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.apprise.rule=Host(`apprise.${DOMAIN}`)"
- "traefik.http.routers.apprise.entrypoints=websecure"
- "traefik.http.routers.apprise.tls=true"
- "traefik.http.routers.apprise.tls.certresolver=myresolver"
- "traefik.http.routers.apprise.middlewares=secured"
- "flame.type=application"
- "flame.name=apprise"
- "flame.url=https://apprise.${DOMAIN}"
- "flame.icon=bell"
- BASE_URL=https://apprise.${DOMAIN}
- "kuma.apprise.http.name=Apprise"
- "kuma.apprise.http.url=http://${LOCAL_IP}:8006"
gluetun:
image: qmcgaw/gluetun
# container_name: gluetun
# line above must be uncommented to allow external containers to connect.
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
restart: unless-stopped
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
volumes:
- ${CONFIG}/gluetun:/gluetun
environment:
# See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
- VPN_SERVICE_PROVIDER=protonvpn
- VPN_TYPE=openvpn
# OpenVPN:
- OPENVPN_USER=$PROTON_OVPN_USERNAME
- OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD
# Wireguard:
# - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
# - WIREGUARD_ADDRESSES=10.64.222.21/32
# Timezone for accurate log times
- TZ
# Server list updater
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
- HTTPPROXY=on
- SERVER_COUNTRIES=Bulgaria
dockerproxy:
image: ghcr.io/tecnativa/docker-socket-proxy:latest
container_name: dockerproxy
environment:
- CONTAINERS=1 # Allow access to viewing containers
# - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
# - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
- POST=0 # Disallow any POST operations (effectively read-only)
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
restart: unless-stopped
wg-easy:
image: weejewel/wg-easy
container_name: wg-easy
volumes:
- ${CONFIG}/wg-easy:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
environment:
- TZ
- PUID
- PGID
- WG_HOST=wg.${DOMAIN}
labels:
- "traefik.enable=true"
- "traefik.http.routers.wg.rule=Host(`wg.${DOMAIN}`)"
- "traefik.http.routers.wg.entrypoints=web"
- "traefik.http.routers.wg.tls=true"
- "traefik.http.routers.wg.tls.certresolver=myresolver"
- "traefik.http.routers.wg.middlewares=secured"
- "traefik.http.services.wireguard-ui.loadbalancer.server.port=51821"
- "flame.type=application"
- "flame.name=wg-easy"
- "flame.url=https://wg.${DOMAIN}"
- "flame.icon=vpn"
- "kuma.wg.http.name=Prowlarr"
- "kuma.wg.http.url=http://${LOCAL_IP}:51821"
joal:
image: anthonyraymond/joal
container_name: joal
restart: unless-stopped
environment:
- TZ
- PUID
- PGID
volumes:
- ${CONFIG}/joal:/data
ports:
- 9485:9485
command:
- "--joal-conf=/data"
- "--spring.main.web-environment=true"
- "--server.port=9485"
- "--joal.ui.path.prefix=joal"
- "--joal.ui.secret-token=joal"
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
container_name: audiobookshelf
restart: unless-stopped
ports:
- 13378:80
environment:
- PGID
- PUID
- TZ
volumes:
- ${DATA}/audiobookshelf/audiobooks:/audiobooks
- ${DATA}/audiobookshelf/podcasts:/podcasts
- ${CONFIG}/audiobookshelf/audiobooks:/config
- ${DATA}/audiobookshelf/metadata:/metadata
labels:
- "traefik.enable=true"
- "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN}`)"
- "traefik.http.routers.audiobookshelf.entrypoints=websecure"
- "traefik.http.routers.audiobookshelf.tls=true"
- "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver"
- "traefik.http.routers.audiobookshelf.middlewares=secured-no-oauth"
- "flame.type=application"
- "flame.name=audiobookshelf"
- "flame.url=https://audiobookshelf.${DOMAIN}"
- "flame.icon=book-open-outline"
- "kuma.audiobookshelf.http.name=Prowlarr"
- "kuma.audiobookshelf.http.url=http://${LOCAL_IP}:13378"
calibre-web:
image: lscr.io/linuxserver/calibre-web:latest
container_name: calibre-web
restart: unless-stopped
environment:
- PGID
- PUID
- TZ
- DOCKER_MODS=linuxserver/mods:universal-calibre #optional
volumes:
- ${CONFIG}/calibre:/config
- ${DATA}/calibre/library:/books
ports:
- 8083:8083
labels:
- "traefik.enable=true"
- "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)"
- "traefik.http.routers.calibre.entrypoints=websecure"
- "traefik.http.routers.calibre.tls=true"
- "traefik.http.routers.calibre.tls.certresolver=myresolver"
- "traefik.http.routers.calibre.middlewares=secured-no-oauth"
- "flame.type=application"
- "flame.name=calibre"
- "flame.url=https://calibre.${DOMAIN}"
- "flame.icon=book-open-outline"
- "kuma.calibre.http.name=Calibre"
- "kuma.calibre.http.url=http://${LOCAL_IP}:8083"
dozzle:
container_name: dozzle
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- PGID
- PUID
- TZ
ports:
- 9999:8080
labels:
- "traefik.enable=true"
- "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)"
- "traefik.http.routers.dozzle.entrypoints=websecure"
- "traefik.http.routers.dozzle.tls=true"
- "traefik.http.routers.dozzle.tls.certresolver=myresolver"
- "traefik.http.routers.dozzle.middlewares=secured"
- "flame.type=application"
- "flame.name=dozzle"
- "flame.url=https://dozzle.${DOMAIN}"
- "flame.icon=text-long"
- "kuma.dozzle.http.name=Dozzle"
- "kuma.dozzle.http.url=http://${LOCAL_IP}:9999"
stirling-pdf:
container_name: stirling-pdf
image: frooodle/s-pdf:latest
ports:
- 8093:8080
volumes:
# - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages
- ${CONFIG}/stirlingpdf:/configs
# - /location/of/customFiles:/customFiles/
# - /location/of/logs:/logs/
environment:
- PGID
- PUID
- TZ
- DOCKER_ENABLE_SECURITY=false # tell docker to download security jar (required as true for auth login)
- INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
labels:
- "traefik.enable=true"
- "traefik.http.routers.stirlingpdf.rule=Host(`stirlingpdf.${DOMAIN}`)"
- "traefik.http.routers.stirlingpdf.entrypoints=websecure"
- "traefik.http.routers.stirlingpdf.tls=true"
- "traefik.http.routers.stirlingpdf.tls.certresolver=myresolver"
- "traefik.http.routers.stirlingpdf.middlewares=secured"
- "flame.type=application"
- "flame.name=stirlingpdf"
- "flame.url=https://stirlingpdf.${DOMAIN}"
- "flame.icon=file-pdf-box"
- "kuma.stirlingpdf.http.name=Prowlarr"
- "kuma.stirlingpdf.http.url=http://${LOCAL_IP}:8093"
# satisfactory-server:
# container_name: 'satisfactory-server'
# hostname: 'satisfactory-server'
# image: 'wolveix/satisfactory-server:latest'
# ports:
# - '7777:7777/udp'
# - '7777:7777/tcp'
# volumes:
# - '${DATA}/satisfactory-server:/config'
# environment:
# - MAXPLAYERS=4
# - PGID
# - PUID
# - TZ
# - ROOTLESS=false
# - STEAMBETA=false
# restart: unless-stopped
# healthcheck:
# test: [ "CMD", "bash", "/healthcheck.sh" ]
# interval: 30s
# timeout: 10s
# retries: 3
# start_period: 120s
diyhue:
container_name: diyhue
image: diyhue/core:latest
ports:
- '8089:80'
- '9243:443'
- '1900:1900/udp'
- '2100:2100/udp'
- '1982:1982/udp'
volumes:
- '${CONFIG}/diyhue:/opt/hue-emulator/export'
environment:
- PGID
- PUID
- TZ
- IP=$LOCAL_IP
- MAC=d0:50:99:85:2a:01
labels:
- "traefik.enable=true"
- "traefik.http.routers.diyhue.rule=Host(`diyhue.${DOMAIN}`)"
- "traefik.http.routers.diyhue.entrypoints=websecure"
- "traefik.http.routers.diyhue.tls=true"
- "traefik.http.routers.diyhue.tls.certresolver=myresolver"
- "traefik.http.routers.diyhue.middlewares=secured-no-oauth"
- "flame.type=application"
- "flame.name=diyhue"
- "flame.url=https://diyhue.${DOMAIN}"
- "flame.icon=light"
- "kuma.diyhue.http.name=diyhue"
- "kuma.diyhue.http.url=http://${LOCAL_IP}:8089"
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
environment:
- PGID
- PUID
- TZ
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${CONFIG}/homarr/configs:/app/data/configs
- ${CONFIG}/homarr/icons:/app/public/icons
- ${CONFIG}/homarr/data:/data
ports:
- '7575:7575'
labels:
- "traefik.enable=true"
- "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)"
- "traefik.http.routers.homarr.entrypoints=websecure"
- "traefik.http.routers.homarr.tls=true"
- "traefik.http.routers.homarr.tls.certresolver=myresolver"
- "traefik.http.routers.homarr.middlewares=authentik@docker"
dash:
container_name: dash
image: mauricenino/dashdot:latest
restart: unless-stopped
environment:
- PGID
- PUID
- TZ
privileged: true
ports:
- '3002:3001'
volumes:
- /etc/os-release:/mnt/host/etc/os-release:ro
- /proc/1/ns/net:/mnt/host/proc/1/ns/net:ro
- /mnt:/mnt/host/mnt:ro
- /media:/mnt/host/media:ro
- /dev:/mnt/host/dev:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.dash.rule=Host(`dash.${DOMAIN}`)"
- "traefik.http.routers.dash.entrypoints=websecure"
- "traefik.http.routers.dash.tls=true"
- "traefik.http.routers.dash.tls.certresolver=myresolver"
- "traefik.http.routers.dash.middlewares=authentik@docker"
terraforming-mars:
container_name: terraforming-mars
build: ./terraformingMarsRepo/terraforming-mars/
restart: unless-stopped
depends_on:
- mars-postgres
environment:
- PGID
- PUID
- TZ
- POSTGRES_HOST=postgresql://terra:terrapw@mars-postgres:5432/terraforming-mars?sslmode=disable
- NODE_ENV=production
ports:
- "8082:8765"
security_opt:
- no-new-privileges:true
labels:
- "traefik.enable=true"
- "traefik.http.routers.terraforming-mars.rule=Host(`terraforming-mars.${DOMAIN}`)"
- "traefik.http.routers.terraforming-mars.entrypoints=websecure"
- "traefik.http.routers.terraforming-mars.tls=true"
- "traefik.http.routers.terraforming-mars.tls.certresolver=myresolver"
- "traefik.http.routers.terraforming-mars.middlewares=authentik@docker"
mars-postgres:
container_name: mars-postgres
image: postgres:14.5
restart: unless-stopped
environment:
PGID: 1000
PUID: 1000
POSTGRES_USER: terra
POSTGRES_PASSWORD: terrapw
POSTGRES_DB: terraforming-mars
volumes:
- terra-db:/var/lib/postgresql/data
scrutiny:
container_name: scrutiny
image: ghcr.io/analogj/scrutiny:master-omnibus
cap_add:
- SYS_RAWIO
ports:
- "8090:8080" # webapp
- "8086:8086" # influxDB admin
environment:
- PGID
- PUID
- TZ
volumes:
- /run/udev:/run/udev:ro
- $CONFIG/scrutiny/config:/opt/scrutiny/config
- $DATA/scrutiny/influxdb:/opt/scrutiny/influxdb
devices:
- "/dev/sda"
- "/dev/sdb"
- "/dev/sdc"
labels:
- "traefik.enable=true"
- "traefik.http.routers.scrutiny.rule=Host(`scrutiny.${DOMAIN}`)"
- "traefik.http.routers.scrutiny.entrypoints=websecure"
- "traefik.http.routers.scrutiny.tls=true"
- "traefik.http.routers.scrutiny.tls.certresolver=myresolver"
- "traefik.http.routers.scrutiny.middlewares=authentik@docker"
- "traefik.http.services.scrutiny.loadbalancer.server.port=8080"
############################ Paperless START ######################
paperless-broker:
container_name: paperless-broker
image: docker.io/library/redis:7
restart: unless-stopped
environment:
- PGID
- PUID
- TZ
volumes:
- paperless_redisdata:/data
paperless-db:
container_name: paperless-db
image: docker.io/library/postgres:16
restart: unless-stopped
volumes:
- paperless_pgdata:/var/lib/postgresql/data
environment:
PGID: 1000
PUID: 1000
TZ: Europe/Paris
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
paperless-server:
container_name: paperless-server
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- paperless-db
- paperless-broker
ports:
- "8045:8000"
volumes:
- $DATA/paperless/data:/usr/src/paperless/data
- $DATA/paperless/media:/usr/src/paperless/media
- $DATA/paperless/export:/usr/src/paperless/export
- $DATA/paperless/consume:/usr/src/paperless/consume
environment:
PAPERLESS_REDIS: redis://paperless-broker:6379
PAPERLESS_DBHOST: paperless-db
PAPERLESS_URL: https://paperless.$DOMAIN
PAPERLESS_OCR_LANGUAGE: fra
labels:
- "traefik.enable=true"
- "traefik.http.routers.paperless.rule=Host(`paperless.${DOMAIN}`)"
- "traefik.http.routers.paperless.entrypoints=websecure"
- "traefik.http.routers.paperless.tls=true"
- "traefik.http.routers.paperless.tls.certresolver=myresolver"
- "traefik.http.routers.paperless.middlewares=authentik@docker"
############################ Paperless END ######################
############################ Docmost START ######################
docmost:
container_name: docmost
image: docmost/docmost:latest
depends_on:
- docmost-db
- docmost-redis
environment:
- PGID
- PUID
- TZ
- APP_URL=https://docmost.${DOMAIN}
- APP_SECRET=${DOCMOST_APP_SECRET}
- DATABASE_URL=postgresql://docmost:123465@docmost-db:5432/docmost?schema=public
- REDIS_URL=redis://docmost-redis:6379
ports:
- "3003:3000"
restart: unless-stopped
volumes:
- ${DATA}/docmost:/app/data/storage
labels:
- "traefik.enable=true"
- "traefik.http.routers.docmost.rule=Host(`docmost.${DOMAIN}`)"
- "traefik.http.routers.docmost.entrypoints=websecure"
- "traefik.http.routers.docmost.tls=true"
- "traefik.http.routers.docmost.tls.certresolver=myresolver"
- "traefik.http.routers.docmost.middlewares=authentik@docker"
docmost-db:
container_name: docmost-db
image: postgres:16-alpine
environment:
- PGID
- PUID
- TZ
- "POSTGRES_DB=docmost"
- "POSTGRES_USER=docmost"
- "POSTGRES_PASSWORD=123465"
restart: unless-stopped
volumes:
- docmost_db_data:/var/lib/postgresql/data
docmost-redis:
container_name: docmost-redis
image: redis:7.2-alpine
environment:
- PGID
- PUID
- TZ
restart: unless-stopped
volumes:
- docmost_redis_data:/data
############################ Docmost END ######################
############################ Authentik START ######################
authentik-postgresql:
container_name: authentik-postgresql
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ${CONFIG}/authentik_postgres:/var/lib/postgresql/data
environment:
PGID: 1000
PUID: 1000
POSTGRES_PASSWORD: ${PG_PASS}
POSTGRES_USER: authentik
POSTGRES_DB: authentik
env_file:
- .env
authentik-redis:
container_name: authentik-redis
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
authentik-server:
container_name: authentik-server
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
command: server
environment:
PGID: 1000
PUID: 1000
AUTHENTIK_REDIS__HOST: authentik-redis
AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_TOKEN: WqhKA1cypieGrJbegta2kJxvq6AqdpJ1RKhqMFIm
volumes:
- ./media:/media
- ./custom-templates:/templates
env_file:
- .env
ports:
- "9001:9000"
- "9443:9443"
labels:
- "traefik.enable=true"
- "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)"
- "traefik.http.routers.authentik.entrypoints=websecure"
- "traefik.http.routers.authentik.tls.certresolver=myresolver"
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
- "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.authentik-http.rule=Host(`authentik.${DOMAIN}com`)"
- "traefik.http.routers.authentik-http.entrypoints=web"
- "traefik.http.routers.authentik-http.middlewares=authentik-https-redirect"
- "traefik.http.routers.authentik-proxy.rule=Host(`$DOMAIN`) && PathPrefix(`/outpost.goauthentik.io/`)"
# `authentik-server` refers to the service name in the compose file.
- "traefik.http.middlewares.authentik.forwardauth.address=http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
- "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
depends_on:
- authentik-postgresql
- authentik-redis
authentik-worker:
container_name: authentik-worker
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: authentik-redis
AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
- authentik-postgresql
- authentik-redis
whoami:
container_name: whoami
image: containous/whoami
labels:
- "traefik.http.routers.whoami.middlewares=authentik@docker"
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
# - "traefik.http.routers.whoami.middlewares=secured"
restart: unless-stopped
############################ Authentik END ######################
volumes:
paperless_redisdata:
paperless_pgdata:
terra-db:
docmost_redis_data:
docmost_db_data:
database:
driver: local
redis:
driver: local
data-volume:
# networks:
# default:
# name: $DOCKER_MY_NETWORK
# external: true
Reference in New Issue View Git Blame Copy Permalink