athaliar/dockerStuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a085ba9714e5945f44c76c5a57f4fabed83789d9
dockerStuff/config/codeServer/data/User/History/12701265/Qosh.yml
Nathan root 4d7a9ef8c0 add everything
2025-11-16 21:46:46 +00:00

1089 lines
35 KiB
YAML
Raw Blame History

---
version: '3.7'
services:
traefik:
image: "traefik:v3.1.0"
container_name: "traefik"
command:
# - "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.directory=/traefikconfig"
- "--providers.file.watch=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--metrics.prometheus=true"
- "--log.format=json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
extra_hosts:
- host.docker.internal:172.17.0.1
volumes:
- "${CONFIG}/traefik/letsencrypt:/letsencrypt"
- "${CONFIG}/traefik/configs:/traefikconfig"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
# Middlewares
#basic auth
# - "traefik.http.middlewares.basic-auth.basicauth.users=$HTPASSWD"
# google oauth
- "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181"
- "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
#rate limiting
- "traefik.http.middlewares.home-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50"
#http
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
#chain the middlewares to create a "secured" one
- "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,forward-auth"
- "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit"
# traefik dashboard rules
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
# dont autoupdate traefik container
- "com.centurylinklabs.watchtower.enable=false"
# flame dashboard
- "flame.type=application"
- "flame.name=traefik"
- "flame.icon=arrow-decision-outline"
- "flame.url=https://traefik.${DOMAIN}"
- "kuma.traefik.http.name=Traefik"
- "kuma.traefik.http.url=http://${LOCAL_IP}:8080"
oauth:
image: thomseddon/traefik-forward-auth:latest
container_name: oauth
environment:
- CLIENT_ID=$GOOGLE_CLIENT_ID
- CLIENT_SECRET=$GOOGLE_CLIENT_SECRET
- SECRET=$OAUTH_SECRET
- COOKIE_DOMAIN=$DOMAIN
- INSECURE_COOKIE=false
- AUTH_HOST=oauth.$DOMAIN
- URL_PATH=/_oauth
- WHITELIST=$EMAIL
- LOG_LEVEL=info
- LOG_FORMAT=text
- LIFETIME=2592000 # 30 days
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.oauth-rtr.entrypoints=websecure"
- "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)"
- "traefik.http.routers.oauth-rtr.tls=true"
## HTTP Services
- "traefik.http.routers.oauth-rtr.service=oauth-svc"
- "traefik.http.services.oauth-svc.loadbalancer.server.port=4181"
- "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver"
## Middlewares
- "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181"
- "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
- "traefik.http.routers.oauth-rtr.middlewares=forward-auth"
restart: unless-stopped
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- PGID
- PUID
- TZ
- WATCHTOWER_CLEANUP=true
command: --schedule "9 0 6 * * *" --cleanup
restart: unless-stopped
ddclient:
image: linuxserver/ddclient
container_name: ddclient
volumes:
- ${CONFIG}/ddclient:/config
environment:
- PGID
- PUID
- TZ
restart: unless-stopped
sabnzbd:
image: linuxserver/sabnzbd:latest
container_name: sabnzbd
#network_mode: service:transmission-vpn
ports:
- "8081:8080"
volumes:
- ${CONFIG}/sabnzbd:/config
- ${DOWNLOAD}:/downloads
environment:
- PUID
- PGID
- TZ
- UMASK_SET=002
labels:
- "traefik.enable=true"
- "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)"
- "traefik.http.routers.sab.entrypoints=websecure"
- "traefik.http.routers.sab.tls=true"
- "traefik.http.routers.sab.tls.certresolver=myresolver"
- "traefik.http.routers.sab.middlewares=secured"
#- "traefik.http.services.sab-svc.loadbalancer.server.port=8080"
- "flame.type=application"
- "flame.name=sabnzbd"
- "flame.url=https://sab.${DOMAIN}"
- "flame.icon=download-outline"
- homepage.group=Newsgroups
- homepage.name=SABnzbd
- homepage.href=https://sab.${DOMAIN}
- homepage.icon=sabnzbd
- homepage.widget.type=sabnzbd
- homepage.widget.url=http://${LOCAL_IP}:8081
- homepage.widget.key=78a5f66f979f2d5d3720f944cfe3c1fd
- homepage.weight=90
- "kuma.sab.http.name=Sabnzb"
- "kuma.sab.http.url=http://${LOCAL_IP}:8081"
restart: unless-stopped
sonarr:
image: linuxserver/sonarr:latest
container_name: sonarr
ports:
- "8989:8989"
volumes:
- ${CONFIG}/sonarr:/config
- ${DOWNLOAD}:/downloads
- ${DATA}:/nasMerged
- ${DATA}:/tv
environment:
- PGID
- PUID
- TZ
labels:
- "traefik.enable=true"
- "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)"
- "traefik.http.routers.sonarr.entrypoints=websecure"
- "traefik.http.routers.sonarr.tls=true"
- "traefik.http.routers.sonarr.tls.certresolver=myresolver"
- "traefik.http.routers.sonarr.middlewares=secured"
- "flame.type=application"
- "flame.name=sonarr"
- "flame.url=https://sonarr.${DOMAIN}"
- "flame.icon=television-classic"
- homepage.group=Newsgroups
- homepage.name=Sonarr
- homepage.href=https://sonarr.${DOMAIN}
- homepage.icon=sonarr
- homepage.widget.type=sonarr
- homepage.widget.url=http://${LOCAL_IP}:8989
- homepage.widget.key=069396631eca455aa5e44d3f96463b38
- "kuma.sonarr.http.name=Sonarr"
- "kuma.sonarr.http.url=http://${LOCAL_IP}:8989"
restart: unless-stopped
radarr:
image: linuxserver/radarr:latest
container_name: radarr
ports:
- "7878:7878"
volumes:
- ${CONFIG}/radarr:/config
- ${DOWNLOAD}:/downloads
- ${DATA}:/nasMerged
- ${DATA}:/tv
environment:
- PGID
- PUID
- TZ
labels:
- "traefik.enable=true"
- "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)"
- "traefik.http.routers.radarr.entrypoints=websecure"
- "traefik.http.routers.radarr.tls=true"
- "traefik.http.routers.radarr.tls.certresolver=myresolver"
- "traefik.http.routers.radarr.middlewares=secured"
- "flame.type=application"
- "flame.name=radarr"
- "flame.url=https://radarr.${DOMAIN}"
- "flame.icon=movie-open-settings"
- homepage.group=Newsgroups
- homepage.name=Radarr
- homepage.href=https://radarr.${DOMAIN}
- homepage.icon=radarr
- homepage.widget.type=radarr
- homepage.widget.url=http://${LOCAL_IP}:7878
- homepage.widget.key=5288c691b26149aa81e60863ab4cb890
- "kuma.radarr.http.name=Radarr"
- "kuma.radarr.http.url=http://${LOCAL_IP}:7878"
restart: unless-stopped
prowlarr:
image: linuxserver/prowlarr:latest
container_name: prowlarr
#network_mode: service:transmission-vpn
ports:
- "9696:9696"
volumes:
- ${CONFIG}/prowlarr:/config
environment:
- PUID
- PGID
- TZ
- UMASK_SET=002
labels:
- "traefik.enable=true"
- "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)"
- "traefik.http.routers.prowlarr.entrypoints=websecure"
- "traefik.http.routers.prowlarr.tls=true"
- "traefik.http.routers.prowlarr.tls.certresolver=myresolver"
- "traefik.http.routers.prowlarr.middlewares=secured"
- "flame.type=application"
- "flame.name=prowlarr"
- "flame.url=https://prowlarr.${DOMAIN}"
- "flame.icon=download-outline"
- homepage.group=Newsgroups
- homepage.name=Prowlarr
- homepage.href=https://prowlarr.${DOMAIN}
- homepage.icon=prowlarr
- "kuma.prowlarr.http.name=Prowlarr"
- "kuma.prowlarr.http.url=http://${LOCAL_IP}:9696"
restart: unless-stopped
nzbhydra:
image: linuxserver/nzbhydra2:latest
container_name: nzbhydra
ports:
- "5076:5076"
volumes:
- ${CONFIG}/nzbhydra2:/config
- ${DOWNLOAD}:/downloads
environment:
- PGID
- PUID
- TZ
labels:
- "traefik.enable=true"
- "traefik.http.routers.hydra.rule=Host(`hydra.${DOMAIN}`)"
- "traefik.http.routers.hydra.entrypoints=websecure"
- "traefik.http.routers.hydra.tls=true"
- "traefik.http.routers.hydra.tls.certresolver=myresolver"
- "traefik.http.routers.hydra.middlewares=secured-no-oauth"
- "flame.type=application"
- "flame.name=hydra"
- "flame.url=https://hydra.${DOMAIN}"
- "flame.icon=spider"
- "kuma.hydra.http.name=Nzbhydra"
- "kuma.hydra.http.url=http://${LOCAL_IP}:5076"
restart: unless-stopped
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
restart: unless-stopped
ports:
- "8096:8096"
- "8921:8920"
environment:
- PGID
- PUID
- TZ
volumes:
- ${CONFIG}/jellyfin:/config
- ./cache/jellyfin:/cache
- ${DATA}:/media
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=myresolver"
- "traefik.http.routers.jellyfin.middlewares=secured-no-oauth"
- "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
- "flame.type=application"
- "flame.name=jellyfin"
- "flame.url=https://jellyfin.${DOMAIN}"
- "flame.icon=jellyfish-outline"
- "kuma.jellyfin.http.name=Jellyfin"
- "kuma.jellyfin.http.url=http://${LOCAL_IP}:8096"
flame:
image: pawelmalak/flame
container_name: flame
volumes:
- ${CONFIG}/flame:/app/data
- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
ports:
- 5005:5005
environment:
- PASSWORD=$ADMINPWD
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.flame.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.flame.entrypoints=websecure"
- "traefik.http.routers.flame.tls=true"
- "traefik.http.routers.flame.tls.certresolver=myresolver"
- "traefik.http.routers.flame.middlewares=secured"
- "kuma.flame.http.name=Flame"
- "kuma.flame.http.url=http://${LOCAL_IP}:5005"
pyload:
image: lscr.io/linuxserver/pyload-ng
container_name: pyload
environment:
- PGID
- PUID
- TZ
volumes:
- ${CONFIG}/pyload/config:/config
- ${DOWNLOAD}:/downloads
ports:
- 8005:8000
- 9666:9666
labels:
- "traefik.enable=true"
- "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)"
- "traefik.http.routers.pyload.entrypoints=websecure"
- "traefik.http.routers.pyload.tls=true"
- "traefik.http.routers.pyload.tls.certresolver=myresolver"
- "traefik.http.routers.pyload.middlewares=secured"
- "flame.type=application"
- "flame.name=pyload"
- "flame.url=https://pyload.${DOMAIN}"
- "flame.icon=file-download-outline"
- "kuma.pyload.http.name=Pyload"
- "kuma.pyload.http.url=http://${LOCAL_IP}:8005"
restart: unless-stopped
# unifi-controller:
# image: linuxserver/unifi-controller:7.3.83
# container_name: unifi-controller
# environment:
# - PGID
# - PUID
# #- MEM_LIMIT=256M #optional
# volumes:
# - ${CONFIG}/unify:/config
# ports:
# - 3478:3478/udp
# - 10001:10001/udp
# - 10080:8080
# - 10081:8081
# - 10443:8443 #web ui
# - 10843:8843
# - 10880:8880
# - 6789:6789
# restart: unless-stopped
# labels:
# - "flame.type=application"
# - "flame.name=unifi controller"
# - "flame.url=https://${LOCAL_IP}:10443"
# - "flame.icon=wifi"
# duplicati:
# image: linuxserver/duplicati
# container_name: duplicati
# environment:
# - PGID
# - PUID
# - TZ
# #- CLI_ARGS= #optional
# volumes:
# - ${CONFIG}/duplicati:/config
# - /:/nas
# ports:
# - 8200:8200
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)"
# - "traefik.http.routers.duplicati.entrypoints=websecure"
# - "traefik.http.routers.duplicati.tls=true"
# - "traefik.http.routers.duplicati.tls.certresolver=myresolver"
# - "traefik.http.routers.duplicati.middlewares=secured"
# restart: unless-stopped
metube:
image: alexta69/metube
container_name: metube
restart: unless-stopped
user: "1001:1001"
ports:
- "8084:8081"
volumes:
- ${DOWNLOAD}:/downloads
labels:
- "traefik.enable=true"
- "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)"
- "traefik.http.routers.metube.entrypoints=websecure"
- "traefik.http.routers.metube.tls=true"
- "traefik.http.routers.metube.tls.certresolver=myresolver"
- "traefik.http.routers.metube.middlewares=secured"
- "flame.type=application"
- "flame.name=metube"
- "flame.url=https://metube.${DOMAIN}"
- "flame.icon=youtube-subscription"
- "kuma.metube.http.name=Metube"
- "kuma.metube.http.url=http://${LOCAL_IP}:8084"
qbittorrent:
image: lscr.io/linuxserver/qbittorrent
container_name: qbittorrent
environment:
- PUID
- PGID
- TZ
- WEBUI_PORT=8085
volumes:
- ${CONFIG}/qbitorrent:/config
- ${DOWNLOAD}/Torrents:/downloads
ports:
- 8085:8085
- 6881:6881
- 6881:6881/udp
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.tls=true"
- "traefik.http.routers.qbittorrent.tls.certresolver=myresolver"
- "traefik.http.routers.qbittorrent.middlewares=secured"
- "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085"
- "flame.type=application"
- "flame.name=qbittorrent"
- "flame.url=https://qbittorrent.${DOMAIN}"
- "flame.icon=folder-download"
- "kuma.qbitorrent.http.name=Qbitorrent"
- "kuma.qbitorrent.http.url=http://${LOCAL_IP}:8085"
code-server:
image: lscr.io/linuxserver/code-server:latest
container_name: code-server
environment:
- PUID
- PGID
- TZ
- DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional
volumes:
- ${CONFIG}/codeServer:/config
- /:/nas
ports:
- 10543:8443
labels:
- "traefik.enable=true"
- "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)"
- "traefik.http.routers.code-server.entrypoints=websecure"
- "traefik.http.routers.code-server.tls=true"
- "traefik.http.routers.code-server.tls.certresolver=myresolver"
- "traefik.http.routers.code-server.middlewares=secured"
- "flame.type=application"
- "flame.name=code-server"
- "flame.icon=code-braces"
- "flame.url=https://code-server.${DOMAIN}"
- "kuma.code-server.http.name=VSCode"
- "kuma.code-server.http.url=http://${LOCAL_IP}:10543"
restart: unless-stopped
freshrss:
image: linuxserver/freshrss:latest
container_name: freshrss
environment:
- PUID
- PGID
- TZ
volumes:
- ${CONFIG}/freshrss:/config
ports:
- 10180:80
labels:
- "traefik.enable=true"
- "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)"
- "traefik.http.routers.freshrss.entrypoints=websecure"
- "traefik.http.routers.freshrss.tls=true"
- "traefik.http.routers.freshrss.tls.certresolver=myresolver"
- "traefik.http.routers.freshrss.middlewares=secured"
- "flame.type=application"
- "flame.name=freshrss"
- "flame.url=https://freshrss.${DOMAIN}"
- "flame.icon=rss-box"
- "kuma.freshrss.http.name=Prowlarr"
- "kuma.freshrss.http.url=http://${LOCAL_IP}:10180"
restart: unless-stopped
prometheus:
image: prom/prometheus:v2.42.0
container_name: prometheus
hostname: prometheus
user: root
restart: unless-stopped
depends_on:
- cadvisor
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=7d'
- '--web.enable-lifecycle'
volumes:
- ${CONFIG}/prometheus_data:/prometheus
- ${CONFIG}/prometheus.yml:/etc/prometheus/prometheus.yml
expose:
- "9090"
labels:
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)"
- "traefik.http.routers.prometheus.entrypoints=websecure"
- "traefik.http.routers.prometheus.tls=true"
- "traefik.http.routers.prometheus.tls.certresolver=myresolver"
- "traefik.http.routers.prometheus.middlewares=secured"
- "org.label-schema.group=monitoring"
- "flame.type=application"
- "flame.name=prometheus"
- "flame.url=https://prometheus.${DOMAIN}"
- "flame.icon=state-machine"
# WEB BASED UI VISUALISATION OF METRICS
grafana:
image: grafana/grafana:9.4.3
container_name: grafana
hostname: grafana
user: root
restart: unless-stopped
env_file: .env
volumes:
- ${CONFIG}/grafana_data:/var/lib/grafana
expose:
- "3000"
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)"
- "traefik.http.routers.grafana.entrypoints=websecure"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=myresolver"
- "traefik.http.routers.grafana.middlewares=secured"
- "org.label-schema.group=monitoring"
- "flame.type=application"
- "flame.name=grafana"
- "flame.url=https://grafana.${DOMAIN}"
- "flame.icon=chart-multiple"
- "kuma.grafana.http.name=Grafana"
- "kuma.grafana.http.url=http://${LOCAL_IP}:3000"
# HOST LINUX MACHINE METRICS EXPORTER
nodeexporter:
image: prom/node-exporter:v1.5.0
container_name: nodeexporter
hostname: nodeexporter
restart: unless-stopped
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
expose:
- "9100"
labels:
org.label-schema.group: "monitoring"
# DOCKER CONTAINERS METRICS EXPORTER
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.47.1
container_name: cadvisor
hostname: cadvisor
restart: unless-stopped
privileged: true
devices:
- /dev/kmsg:/dev/kmsg
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker:/var/lib/docker:ro
- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
expose:
- "3000"
labels:
org.label-schema.group: "monitoring"
uptimekuma:
image: louislam/uptime-kuma:latest
container_name: uptimekuma
environment:
- PUID
- PGID
- TZ
volumes:
- ${DATA}/uptimekuma:/app/data
ports:
- 3001:3001
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.${DOMAIN}`)"
- "traefik.http.routers.uptimekuma.entrypoints=websecure"
- "traefik.http.routers.uptimekuma.tls=true"
- "traefik.http.routers.uptimekuma.tls.certresolver=myresolver"
- "traefik.http.routers.uptimekuma.middlewares=secured"
- "flame.type=application"
- "flame.name=uptimekuma"
- "flame.url=https://uptimekuma.${DOMAIN}"
- "flame.icon=bottle-tonic-plus-outline"
autokuma:
image: ghcr.io/bigboot/autokuma:latest
container_name: autokuma
restart: unless-stopped
environment:
AUTOKUMA__KUMA__URL: http://$LOCAL_IP:3001
AUTOKUMA__KUMA__USERNAME: $UPTIME_KUMA_LOGIN
AUTOKUMA__KUMA__PASSWORD: $UPTIME_KUMA_PASSWORD
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
syncthing:
image: lscr.io/linuxserver/syncthing:latest
container_name: syncthing
hostname: syncthing #optional
environment:
- PUID
- PGID
- TZ
volumes:
- ${CONFIG}/syncthing:/config
- ${DATA}:/nas
ports:
- 8384:8384
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)"
- "traefik.http.routers.syncthing.entrypoints=websecure"
- "traefik.http.routers.syncthing.tls=true"
- "traefik.http.routers.syncthing.tls.certresolver=myresolver"
- "traefik.http.routers.syncthing.middlewares=secured"
- "flame.type=application"
- "flame.name=syncthing"
- "flame.url=https://syncthing.${DOMAIN}"
- "flame.icon=sync"
- "kuma.syncthing.http.name=Synthings"
- "kuma.syncthing.http.url=http://${LOCAL_IP}:8384"
snapdrop:
image: lscr.io/linuxserver/snapdrop:latest
container_name: snapdrop
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- ${CONFIG}/snapdrop:/config
ports:
- 8087:80
- 4437:443
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.snapdrop.rule=Host(`snapdrop.${DOMAIN}`)"
- "traefik.http.routers.snapdrop.entrypoints=web"
- "traefik.http.routers.snapdrop.tls=true"
- "traefik.http.routers.snapdrop.tls.certresolver=myresolver"
- "traefik.http.routers.snapdrop.middlewares=secured"
- "flame.type=application"
- "flame.name=snapdrop"
- "flame.url=https://snapdrop.${DOMAIN}"
- "flame.icon=share-variant-outline"
- "kuma.snapdrop.http.name=Snapdrop"
- "kuma.snapdrop.http.url=http://${LOCAL_IP}:8087"
# vrising:
# image: trueosiris/vrising
# container_name: vrising
# environment:
# - TZ=Europe/Paris
# - SERVERNAME=vrisingAthaliar
# volumes:
# - '${CONFIG}/vrising/server:/mnt/vrising/server:rw'
# - '${CONFIG}/vrising/data:/mnt/vrising/persistentdata:rw'
# ports:
# - 9876:9876/udp
# - 9877:9877/udp
# restart: unless-stopped
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.vrising.rule=Host(`vrising.${DOMAIN}`)"
# - "traefik.http.routers.vrising.entrypoints=web"
# - "traefik.http.routers.vrising.tls=true"
# - "traefik.http.routers.vrising.tls.certresolver=myresolver"
# - "traefik.http.routers.vrising.middlewares=secured"
mealie:
image: ghcr.io/mealie-recipes/mealie:nightly
container_name: mealie
ports:
- 9925:3000
- 9000:9000
volumes:
- ${CONFIG}/mealie:/app/data/
environment:
- ALLOW_SIGNUP=true
- PUID
- PGID
- TZ
- BASE_URL=https://mealie.${DOMAIN}
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)"
- "traefik.http.routers.mealie.entrypoints=websecure"
- "traefik.http.routers.mealie.tls=true"
- "traefik.http.routers.mealie.tls.certresolver=myresolver"
- "traefik.http.routers.mealie.middlewares=secured"
- "traefik.http.services.mealie.loadbalancer.server.port=9000"
- "flame.type=application"
- "flame.name=mealie"
- "flame.url=https://mealie.${DOMAIN}"
- "flame.icon=noodles"
- BASE_URL=https://mealie.${DOMAIN}
- "kuma.mealie.http.name=Mealie"
- "kuma.mealie.http.url=http://${LOCAL_IP}:9000"
# for icons: https://mdi.bessarabov.com/
apprise:
image: caronc/apprise
container_name: apprise
ports:
- 8006:8000
volumes:
- ${CONFIG}/apprise:/app/data/
environment:
- PUID
- PGID
- TZ
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.apprise.rule=Host(`apprise.${DOMAIN}`)"
- "traefik.http.routers.apprise.entrypoints=websecure"
- "traefik.http.routers.apprise.tls=true"
- "traefik.http.routers.apprise.tls.certresolver=myresolver"
- "traefik.http.routers.apprise.middlewares=secured"
- "flame.type=application"
- "flame.name=apprise"
- "flame.url=https://apprise.${DOMAIN}"
- "flame.icon=bell"
- BASE_URL=https://apprise.${DOMAIN}
- "kuma.apprise.http.name=Apprise"
- "kuma.apprise.http.url=http://${LOCAL_IP}:8006"
gluetun:
image: qmcgaw/gluetun
# container_name: gluetun
# line above must be uncommented to allow external containers to connect.
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
volumes:
- ${CONFIG}/gluetun:/gluetun
environment:
# See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
- VPN_SERVICE_PROVIDER=protonvpn
- VPN_TYPE=openvpn
# OpenVPN:
- OPENVPN_USER=$PROTON_OVPN_USERNAME
- OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD
# Wireguard:
# - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
# - WIREGUARD_ADDRESSES=10.64.222.21/32
# Timezone for accurate log times
- TZ
# Server list updater
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
- HTTPPROXY=on
- SERVER_COUNTRIES=Bulgaria
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
ports:
- 3123:3000
volumes:
- ${CONFIG}/homepage:/app/config # Make sure your local config directory exists
# - /var/run/docker.sock:ro:/var/run/docker.sock # For docker integrations
- ${DATA}:${DATA}
- /:/system
restart: unless-stopped
environment:
- TZ
- PUID
- PGID
labels:
- "traefik.enable=true"
- "traefik.http.routers.homepage.rule=Host(`home.${DOMAIN}`)"
- "traefik.http.routers.homepage.entrypoints=websecure"
- "traefik.http.routers.homepage.tls=true"
- "traefik.http.routers.homepage.tls.certresolver=myresolver"
- "traefik.http.routers.homepage.middlewares=secured"
dockerproxy:
image: ghcr.io/tecnativa/docker-socket-proxy:latest
container_name: dockerproxy
environment:
- CONTAINERS=1 # Allow access to viewing containers
# - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
# - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
- POST=0 # Disallow any POST operations (effectively read-only)
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
restart: unless-stopped
wg-easy:
image: weejewel/wg-easy
container_name: wg-easy
volumes:
- ${CONFIG}/wg-easy:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
environment:
- TZ
- PUID
- PGID
- WG_HOST=wg.${DOMAIN}
labels:
- "traefik.enable=true"
- "traefik.http.routers.wg.rule=Host(`wg.${DOMAIN}`)"
- "traefik.http.routers.wg.entrypoints=web"
- "traefik.http.routers.wg.tls=true"
- "traefik.http.routers.wg.tls.certresolver=myresolver"
- "traefik.http.routers.wg.middlewares=secured"
- "traefik.http.services.wireguard-ui.loadbalancer.server.port=51821"
- "flame.type=application"
- "flame.name=wg-easy"
- "flame.url=https://wg.${DOMAIN}"
- "flame.icon=vpn"
- "kuma.wg.http.name=Prowlarr"
- "kuma.wg.http.url=http://${LOCAL_IP}:51821"
joal:
image: anthonyraymond/joal
container_name: joal
restart: unless-stopped
environment:
- TZ
- PUID
- PGID
volumes:
- ${CONFIG}/joal:/data
ports:
- 9485:9485
command:
- "--joal-conf=/data"
- "--spring.main.web-environment=true"
- "--server.port=9485"
- "--joal.ui.path.prefix=joal"
- "--joal.ui.secret-token=joal"
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
container_name: audiobookshelf
restart: unless-stopped
ports:
- 13378:80
environment:
- PGID
- PUID
- TZ
volumes:
- ${DATA}/audiobookshelf/audiobooks:/audiobooks
- ${DATA}/audiobookshelf/podcasts:/podcasts
- ${CONFIG}/audiobookshelf/audiobooks:/config
- ${DATA}/audiobookshelf/metadata:/metadata
labels:
- "traefik.enable=true"
- "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN}`)"
- "traefik.http.routers.audiobookshelf.entrypoints=websecure"
- "traefik.http.routers.audiobookshelf.tls=true"
- "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver"
- "traefik.http.routers.audiobookshelf.middlewares=secured-no-oauth"
- "flame.type=application"
- "flame.name=audiobookshelf"
- "flame.url=https://audiobookshelf.${DOMAIN}"
- "flame.icon=book-open-outline"
- "kuma.audiobookshelf.http.name=Prowlarr"
- "kuma.audiobookshelf.http.url=http://${LOCAL_IP}:13378"
calibre-web:
image: lscr.io/linuxserver/calibre-web:latest
container_name: calibre-web
restart: unless-stopped
environment:
- PGID
- PUID
- TZ
- DOCKER_MODS=linuxserver/mods:universal-calibre #optional
volumes:
- ${CONFIG}/calibre:/config
- ${DATA}/calibre/library:/books
ports:
- 8083:8083
labels:
- "traefik.enable=true"
- "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)"
- "traefik.http.routers.calibre.entrypoints=websecure"
- "traefik.http.routers.calibre.tls=true"
- "traefik.http.routers.calibre.tls.certresolver=myresolver"
- "traefik.http.routers.calibre.middlewares=secured-no-oauth"
- "flame.type=application"
- "flame.name=calibre"
- "flame.url=https://calibre.${DOMAIN}"
- "flame.icon=book-open-outline"
- "kuma.calibre.http.name=Calibre"
- "kuma.calibre.http.url=http://${LOCAL_IP}:8083"
dozzle:
container_name: dozzle
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- PGID
- PUID
- TZ
ports:
- 9999:8080
labels:
- "traefik.enable=true"
- "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)"
- "traefik.http.routers.dozzle.entrypoints=websecure"
- "traefik.http.routers.dozzle.tls=true"
- "traefik.http.routers.dozzle.tls.certresolver=myresolver"
- "traefik.http.routers.dozzle.middlewares=secured"
- "flame.type=application"
- "flame.name=dozzle"
- "flame.url=https://dozzle.${DOMAIN}"
- "flame.icon=text-long"
- "kuma.dozzle.http.name=Dozzle"
- "kuma.dozzle.http.url=http://${LOCAL_IP}:9999"
stirling-pdf:
image: frooodle/s-pdf:latest
ports:
- 8093:8080
volumes:
# - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages
- ${CONFIG}/stirlingpdf:/configs
# - /location/of/customFiles:/customFiles/
# - /location/of/logs:/logs/
environment:
- PGID
- PUID
- TZ
- DOCKER_ENABLE_SECURITY=false # tell docker to download security jar (required as true for auth login)
- INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
labels:
- "traefik.enable=true"
- "traefik.http.routers.stirlingpdf.rule=Host(`stirlingpdf.${DOMAIN}`)"
- "traefik.http.routers.stirlingpdf.entrypoints=websecure"
- "traefik.http.routers.stirlingpdf.tls=true"
- "traefik.http.routers.stirlingpdf.tls.certresolver=myresolver"
- "traefik.http.routers.stirlingpdf.middlewares=secured"
- "flame.type=application"
- "flame.name=stirlingpdf"
- "flame.url=https://stirlingpdf.${DOMAIN}"
- "flame.icon=file-pdf-box"
- "kuma.stirlingpdf.http.name=Prowlarr"
- "kuma.stirlingpdf.http.url=http://${LOCAL_IP}:8093"
alfio:
image: alfio/alf.io
environment:
POSTGRES_PORT_5432_TCP_PORT: 5432
POSTGRES_PORT_5432_TCP_ADDR: db
POSTGRES_ENV_POSTGRES_DB: alfio
POSTGRES_ENV_POSTGRES_USERNAME: alfio
POSTGRES_ENV_POSTGRES_PASSWORD: alfio
SPRING_PROFILES_ACTIVE: dev,jdbc-session
ports:
- "8086:8080"
labels:
- "traefik.enable=true"
- "traefik.http.routers.alf.rule=Host(`alf.${DOMAIN}`)"
- "traefik.http.routers.alf.entrypoints=websecure"
- "traefik.http.routers.alf.tls=true"
- "traefik.http.routers.alf.tls.certresolver=myresolver"
- "traefik.http.routers.alf.middlewares=secured"
- "flame.type=application"
- "flame.name=alf"
- "flame.url=https://alf.${DOMAIN}"
- "flame.icon=file-pdf-box"
db:
image: postgres:10
environment:
POSTGRES_DB: alfio
POSTGRES_USER: alfio
POSTGRES_PASSWORD: alfio
ports:
- target: 5432
published: 5432
protocol: tcp
mode: host
volumes:
- data-volume:/var/lib/postgresql/data
volumes:
data-volume:
networks:
default:
name: $DOCKER_MY_NETWORK
external: true
Reference in New Issue View Git Blame Copy Permalink