1311 lines
42 KiB
YAML
1311 lines
42 KiB
YAML
---
|
|
services:
|
|
traefik:
|
|
image: "traefik:v3.6.1"
|
|
container_name: "traefik"
|
|
restart: unless-stopped
|
|
command:
|
|
# - "--log.level=DEBUG"
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.file.directory=/traefikconfig"
|
|
- "--providers.file.watch=true"
|
|
- "--entrypoints.web.address=:80"
|
|
# HTTP-to-HTTPS Redirect
|
|
- "--entryPoints.web.http.redirections.entryPoint.to=websecure"
|
|
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
|
|
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
|
|
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
|
- "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
|
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
|
- "--metrics.prometheus=true"
|
|
- "--log.format=json"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8080:8080"
|
|
extra_hosts:
|
|
- host.docker.internal:172.17.0.1
|
|
volumes:
|
|
- "${CONFIG}/traefik/letsencrypt:/letsencrypt"
|
|
- "${CONFIG}/traefik/configs:/traefikconfig"
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# google oauth
|
|
# - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181"
|
|
# - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
|
|
# - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
|
|
|
|
#rate limiting
|
|
- "traefik.http.middlewares.home-ratelimit.ratelimit.average=100"
|
|
- "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50"
|
|
#http
|
|
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
|
#chain the middlewares to create a "secured" one
|
|
- "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,authentik"
|
|
- "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit"
|
|
# traefik dashboard rules
|
|
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
|
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
|
- "traefik.http.routers.traefik.tls=true"
|
|
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
|
|
# dont autoupdate traefik container
|
|
- "kuma.traefik.http.name=Traefik"
|
|
- "kuma.traefik.http.url=http://${LOCAL_IP}:8080"
|
|
|
|
|
|
# oauth:
|
|
# image: thomseddon/traefik-forward-auth:latest
|
|
# container_name: oauth
|
|
# restart: unless-stopped
|
|
# environment:
|
|
# - CLIENT_ID=$GOOGLE_CLIENT_ID
|
|
# - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET
|
|
# - SECRET=$OAUTH_SECRET
|
|
# - COOKIE_DOMAIN=$DOMAIN
|
|
# - INSECURE_COOKIE=false
|
|
# - AUTH_HOST=oauth.$DOMAIN
|
|
# - URL_PATH=/_oauth
|
|
# - WHITELIST=$EMAIL
|
|
# - LOG_LEVEL=info
|
|
# - LOG_FORMAT=text
|
|
# - LIFETIME=2592000 # 30 days
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.oauth-rtr.entrypoints=websecure"
|
|
# - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)"
|
|
# - "traefik.http.routers.oauth-rtr.tls=true"
|
|
# - "traefik.http.routers.oauth-rtr.service=oauth-svc"
|
|
# - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181"
|
|
# - "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver"
|
|
|
|
# - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181"
|
|
# - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
|
|
# - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User"
|
|
|
|
# - "traefik.http.routers.oauth-rtr.middlewares=forward-auth"
|
|
|
|
ddclient:
|
|
image: linuxserver/ddclient
|
|
container_name: ddclient
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ${CONFIG}/ddclient:/config
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
|
|
sabnzbd:
|
|
image: linuxserver/sabnzbd:latest
|
|
container_name: sabnzbd
|
|
restart: unless-stopped
|
|
#network_mode: service:transmission-vpn
|
|
ports:
|
|
- "8081:8080"
|
|
volumes:
|
|
- ${CONFIG}/sabnzbd:/config
|
|
- ${DOWNLOAD}:/downloads
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
- UMASK_SET=002
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)"
|
|
- "traefik.http.routers.sab.entrypoints=websecure"
|
|
- "traefik.http.routers.sab.tls=true"
|
|
- "traefik.http.routers.sab.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.sab.middlewares=secured"
|
|
#- "traefik.http.services.sab-svc.loadbalancer.server.port=8080"
|
|
- "kuma.sab.http.name=Sabnzb"
|
|
- "kuma.sab.http.url=http://${LOCAL_IP}:8081"
|
|
|
|
sonarr:
|
|
image: linuxserver/sonarr:latest
|
|
container_name: sonarr
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8989:8989"
|
|
volumes:
|
|
- ${CONFIG}/sonarr:/config
|
|
- ${DOWNLOAD}:/downloads
|
|
- ${DATA}:/nasMerged
|
|
- ${DATA}:/tv
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)"
|
|
- "traefik.http.routers.sonarr.entrypoints=websecure"
|
|
- "traefik.http.routers.sonarr.tls=true"
|
|
- "traefik.http.routers.sonarr.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.sonarr.middlewares=secured"
|
|
- "kuma.sonarr.http.name=Sonarr"
|
|
- "kuma.sonarr.http.url=http://${LOCAL_IP}:8989"
|
|
|
|
radarr:
|
|
image: linuxserver/radarr:latest
|
|
container_name: radarr
|
|
restart: unless-stopped
|
|
ports:
|
|
- "7878:7878"
|
|
volumes:
|
|
- ${CONFIG}/radarr:/config
|
|
- ${DOWNLOAD}:/downloads
|
|
- ${DATA}:/nasMerged
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)"
|
|
- "traefik.http.routers.radarr.entrypoints=websecure"
|
|
- "traefik.http.routers.radarr.tls=true"
|
|
- "traefik.http.routers.radarr.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.radarr.middlewares=secured"
|
|
- "kuma.radarr.http.name=Radarr"
|
|
- "kuma.radarr.http.url=http://${LOCAL_IP}:7878"
|
|
|
|
prowlarr:
|
|
image: lscr.io/linuxserver/prowlarr:latest
|
|
container_name: prowlarr
|
|
restart: unless-stopped
|
|
#network_mode: service:transmission-vpn
|
|
ports:
|
|
- "9696:9696"
|
|
volumes:
|
|
- ${CONFIG}/prowlarr:/config
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)"
|
|
- "traefik.http.routers.prowlarr.entrypoints=websecure"
|
|
- "traefik.http.routers.prowlarr.tls=true"
|
|
- "traefik.http.routers.prowlarr.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.prowlarr.middlewares=authentik@docker"
|
|
- "kuma.prowlarr.http.name=Prowlarr"
|
|
- "kuma.prowlarr.http.url=http://${LOCAL_IP}:9696"
|
|
|
|
bazarr:
|
|
image: lscr.io/linuxserver/bazarr:latest
|
|
container_name: bazarr
|
|
restart: unless-stopped
|
|
ports:
|
|
- 6767:6767
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- ${CONFIG}/bazarr:/config
|
|
- ${DATA}:/nasMerged
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.bazarr.rule=Host(`bazarr.${DOMAIN}`)"
|
|
- "traefik.http.routers.bazarr.entrypoints=websecure"
|
|
- "traefik.http.routers.bazarr.tls=true"
|
|
- "traefik.http.routers.bazarr.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.bazarr.middlewares=authentik@docker"
|
|
- "kuma.bazarr.http.name=Bazarr"
|
|
- "kuma.bazarr.http.url=http://${LOCAL_IP}:6767"
|
|
|
|
jellyfin:
|
|
image: jellyfin/jellyfin
|
|
container_name: jellyfin
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8096:8096"
|
|
- "8921:8920"
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
group_add:
|
|
- '105'
|
|
volumes:
|
|
- ${CONFIG}/jellyfin:/config
|
|
- ${DATA}/jellyfin/cache:/cache
|
|
- ${DATA}:/media
|
|
devices:
|
|
- /dev/dri/renderD128:/dev/dri/renderD128
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
|
|
- "traefik.http.routers.jellyfin.entrypoints=websecure"
|
|
- "traefik.http.routers.jellyfin.tls=true"
|
|
- "traefik.http.routers.jellyfin.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.jellyfin.middlewares=secured-no-oauth"
|
|
- "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
|
|
- "kuma.jellyfin.http.name=Jellyfin"
|
|
- "kuma.jellyfin.http.url=http://${LOCAL_IP}:8096"
|
|
|
|
jellyseerr:
|
|
image: fallenbagel/jellyseerr:latest
|
|
container_name: jellyseerr
|
|
restart: unless-stopped
|
|
ports:
|
|
- 5055:5055
|
|
environment:
|
|
- LOG_LEVEL=debug
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- ${CONFIG}/jellyseer:/app/config
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.jellyseer.rule=Host(`jellyseer.${DOMAIN}`)"
|
|
- "traefik.http.routers.jellyseer.entrypoints=websecure"
|
|
- "traefik.http.routers.jellyseer.tls=true"
|
|
- "traefik.http.routers.jellyseer.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.jellyseer.middlewares=authentik@docker"
|
|
- "kuma.jellyseer.http.name=jellyseer"
|
|
- "kuma.jellyseer.http.url=http://${LOCAL_IP}:5055"
|
|
|
|
pyload:
|
|
image: lscr.io/linuxserver/pyload-ng
|
|
container_name: pyload
|
|
restart: unless-stopped
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- ${CONFIG}/pyload/config:/config
|
|
- ${DOWNLOAD}:/downloads
|
|
ports:
|
|
- 8005:8000
|
|
- 9666:9666
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)"
|
|
- "traefik.http.routers.pyload.entrypoints=websecure"
|
|
- "traefik.http.routers.pyload.tls=true"
|
|
- "traefik.http.routers.pyload.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.pyload.middlewares=secured"
|
|
- "traefik.http.services.pyload.loadbalancer.server.port=9666"
|
|
- "kuma.pyload.http.name=Pyload"
|
|
- "kuma.pyload.http.url=http://${LOCAL_IP}:9666"
|
|
|
|
|
|
metube:
|
|
image: alexta69/metube
|
|
container_name: metube
|
|
restart: unless-stopped
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
ports:
|
|
- "8084:8081"
|
|
volumes:
|
|
- ${DOWNLOAD}:/downloads
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)"
|
|
- "traefik.http.routers.metube.entrypoints=websecure"
|
|
- "traefik.http.routers.metube.tls=true"
|
|
- "traefik.http.routers.metube.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.metube.middlewares=secured"
|
|
- "kuma.metube.http.name=Metube"
|
|
- "kuma.metube.http.url=http://${LOCAL_IP}:8084"
|
|
|
|
qbittorrent:
|
|
image: lscr.io/linuxserver/qbittorrent
|
|
container_name: qbittorrent
|
|
restart: unless-stopped
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
- WEBUI_PORT=8085
|
|
volumes:
|
|
- ${CONFIG}/qbitorrent:/config
|
|
- ${DOWNLOAD}/Torrents:/downloads
|
|
ports:
|
|
- 8085:8085
|
|
- 6881:6881
|
|
- 6881:6881/udp
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)"
|
|
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
|
|
- "traefik.http.routers.qbittorrent.tls=true"
|
|
- "traefik.http.routers.qbittorrent.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.qbittorrent.middlewares=secured"
|
|
- "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085"
|
|
- "kuma.qbitorrent.http.name=Qbitorrent"
|
|
- "kuma.qbitorrent.http.url=http://${LOCAL_IP}:8085"
|
|
|
|
code-server:
|
|
image: lscr.io/linuxserver/code-server:latest
|
|
container_name: code-server
|
|
restart: unless-stopped
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
- DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional
|
|
volumes:
|
|
- ${CONFIG}/codeServer:/config
|
|
- /:/nas
|
|
ports:
|
|
- 10543:8443
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)"
|
|
- "traefik.http.routers.code-server.entrypoints=websecure"
|
|
- "traefik.http.routers.code-server.tls=true"
|
|
- "traefik.http.routers.code-server.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.code-server.middlewares=secured"
|
|
- "kuma.code-server.http.name=VSCode"
|
|
- "kuma.code-server.http.url=http://${LOCAL_IP}:10543"
|
|
|
|
freshrss:
|
|
image: linuxserver/freshrss:latest
|
|
container_name: freshrss
|
|
restart: unless-stopped
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
volumes:
|
|
- ${CONFIG}/freshrss:/config
|
|
ports:
|
|
- 10180:80
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)"
|
|
- "traefik.http.routers.freshrss.entrypoints=websecure"
|
|
- "traefik.http.routers.freshrss.tls=true"
|
|
- "traefik.http.routers.freshrss.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.freshrss.middlewares=secured"
|
|
- "kuma.freshrss.http.name=FreshRSS"
|
|
- "kuma.freshrss.http.url=http://${LOCAL_IP}:10180"
|
|
|
|
uptimekuma:
|
|
image: louislam/uptime-kuma:latest
|
|
container_name: uptimekuma
|
|
restart: unless-stopped
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
volumes:
|
|
- ${DATA}/uptimekuma:/app/data
|
|
ports:
|
|
- 3001:3001
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.${DOMAIN}`)"
|
|
- "traefik.http.routers.uptimekuma.entrypoints=websecure"
|
|
- "traefik.http.routers.uptimekuma.tls=true"
|
|
- "traefik.http.routers.uptimekuma.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.uptimekuma.middlewares=secured"
|
|
|
|
autokuma:
|
|
image: ghcr.io/bigboot/autokuma:latest
|
|
container_name: autokuma
|
|
restart: unless-stopped
|
|
environment:
|
|
AUTOKUMA__KUMA__URL: http://$LOCAL_IP:3001
|
|
AUTOKUMA__KUMA__USERNAME: $UPTIME_KUMA_LOGIN
|
|
AUTOKUMA__KUMA__PASSWORD: $UPTIME_KUMA_PASSWORD
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
syncthing:
|
|
image: lscr.io/linuxserver/syncthing:latest
|
|
container_name: syncthing
|
|
restart: unless-stopped
|
|
hostname: syncthing #optional
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
volumes:
|
|
- ${CONFIG}/syncthing:/config
|
|
- ${DATA}:/nas
|
|
ports:
|
|
- 8384:8384
|
|
- 22000:22000/tcp
|
|
- 22000:22000/udp
|
|
- 21027:21027/udp
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)"
|
|
- "traefik.http.routers.syncthing.entrypoints=websecure"
|
|
- "traefik.http.routers.syncthing.tls=true"
|
|
- "traefik.http.routers.syncthing.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.syncthing.middlewares=secured"
|
|
- "kuma.syncthing.http.name=Synthings"
|
|
- "kuma.syncthing.http.url=http://${LOCAL_IP}:8384"
|
|
|
|
# mealie:
|
|
# image: ghcr.io/mealie-recipes/mealie:v2.6.0
|
|
# container_name: mealie
|
|
# restart: unless-stopped
|
|
# ports:
|
|
# - 9925:3000
|
|
# - 9001:9000
|
|
# volumes:
|
|
# - ${CONFIG}/mealie:/app/data/
|
|
# environment:
|
|
# - ALLOW_SIGNUP=true
|
|
# - PUID
|
|
# - PGID
|
|
# - TZ
|
|
# - BASE_URL=https://mealie.${DOMAIN}
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)"
|
|
# - "traefik.http.routers.mealie.entrypoints=websecure"
|
|
# - "traefik.http.routers.mealie.tls=true"
|
|
# - "traefik.http.routers.mealie.tls.certresolver=myresolver"
|
|
# - "traefik.http.routers.mealie.middlewares=secured"
|
|
# - "traefik.http.services.mealie.loadbalancer.server.port=9001"
|
|
# - BASE_URL=https://mealie.${DOMAIN}
|
|
# - "kuma.mealie.http.name=Mealie"
|
|
# - "kuma.mealie.http.url=http://${LOCAL_IP}:9001"
|
|
# # for icons: https://mdi.bessarabov.com/
|
|
|
|
tandoor_postgres:
|
|
image: postgres:16-alpine
|
|
restart: unless-stopped
|
|
volumes:
|
|
- $CONFIG/postgresql/tandoor:/var/lib/postgresql/data
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
- SECRET_KEY=M193KADj1N4wYQ2uDjWroct3xtCvl8yq
|
|
- DB_ENGINE=django.db.backends.postgresql
|
|
- POSTGRES_DB=djangodb
|
|
- POSTGRES_PORT=5432
|
|
- POSTGRES_USER=djangouser
|
|
- POSTGRES_PASSWORD=awekjahwe
|
|
|
|
tandoor:
|
|
image: vabene1111/recipes
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8086:80
|
|
volumes:
|
|
- $CONFIG/tandoor/staticfiles:/opt/recipes/staticfiles
|
|
# Do not make this a bind mount, see https://docs.tandoor.dev/install/docker/#volumes-vs-bind-mounts
|
|
# - nginx_config:/opt/recipes/nginx/conf.d
|
|
- $CONFIG/tandoor/mediafiles:/opt/recipes/mediafiles
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
- SECRET_KEY=M193KADj1N4wYQ2uDjWroct3xtCvl8yq
|
|
- DB_ENGINE=django.db.backends.postgresql
|
|
- POSTGRES_HOST=tandoor_postgres
|
|
- POSTGRES_DB=djangodb
|
|
- POSTGRES_PORT=5432
|
|
- POSTGRES_USER=djangouser
|
|
- POSTGRES_PASSWORD=awekjahwe
|
|
- GUNICORN_MEDIA=1
|
|
depends_on:
|
|
- tandoor_postgres
|
|
# no traefik label, managed in yml
|
|
|
|
apprise:
|
|
image: caronc/apprise
|
|
container_name: apprise
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8006:8000
|
|
volumes:
|
|
- ${CONFIG}/apprise:/app/data/
|
|
environment:
|
|
- PUID
|
|
- PGID
|
|
- TZ
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.apprise.rule=Host(`apprise.${DOMAIN}`)"
|
|
- "traefik.http.routers.apprise.entrypoints=websecure"
|
|
- "traefik.http.routers.apprise.tls=true"
|
|
- "traefik.http.routers.apprise.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.apprise.middlewares=secured"
|
|
- BASE_URL=https://apprise.${DOMAIN}
|
|
- "kuma.apprise.http.name=Apprise"
|
|
- "kuma.apprise.http.url=http://${LOCAL_IP}:8006"
|
|
|
|
# gluetun:
|
|
# image: qmcgaw/gluetun
|
|
# # container_name: gluetun
|
|
# # line above must be uncommented to allow external containers to connect.
|
|
# # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
|
|
# restart: unless-stopped
|
|
# cap_add:
|
|
# - NET_ADMIN
|
|
# devices:
|
|
# - /dev/net/tun:/dev/net/tun
|
|
# ports:
|
|
# - 8888:8888/tcp # HTTP proxy
|
|
# - 8388:8388/tcp # Shadowsocks
|
|
# - 8388:8388/udp # Shadowsocks
|
|
# volumes:
|
|
# - ${CONFIG}/gluetun:/gluetun
|
|
# environment:
|
|
# # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
|
|
# - VPN_SERVICE_PROVIDER=protonvpn
|
|
# - VPN_TYPE=openvpn
|
|
# # OpenVPN:
|
|
# - OPENVPN_USER=$PROTON_OVPN_USERNAME
|
|
# - OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD
|
|
# # Wireguard:
|
|
# # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
|
|
# # - WIREGUARD_ADDRESSES=10.64.222.21/32
|
|
# # Timezone for accurate log times
|
|
# - TZ
|
|
# # Server list updater
|
|
# # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
|
|
# - HTTPPROXY=on
|
|
# - SERVER_COUNTRIES=Bulgaria
|
|
|
|
# wg-easy:
|
|
# image: weejewel/wg-easy
|
|
# container_name: wg-easy
|
|
# restart: unless-stopped
|
|
# volumes:
|
|
# - ${CONFIG}/wg-easy:/etc/wireguard
|
|
# ports:
|
|
# - "51820:51820/udp"
|
|
# - "51821:51821/tcp"
|
|
# cap_add:
|
|
# - NET_ADMIN
|
|
# - SYS_MODULE
|
|
# sysctls:
|
|
# - net.ipv4.ip_forward=1
|
|
# - net.ipv4.conf.all.src_valid_mark=1
|
|
# environment:
|
|
# - TZ
|
|
# - PUID
|
|
# - PGID
|
|
# - WG_HOST=wg.${DOMAIN}
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.wg.rule=Host(`wg.${DOMAIN}`)"
|
|
# - "traefik.http.routers.wg.entrypoints=web"
|
|
# - "traefik.http.routers.wg.tls=true"
|
|
# - "traefik.http.routers.wg.tls.certresolver=myresolver"
|
|
# - "traefik.http.routers.wg.middlewares=secured"
|
|
# - "traefik.http.services.wireguard-ui.loadbalancer.server.port=51821"
|
|
# - "kuma.wg.http.name=WG-Easy"
|
|
# - "kuma.wg.http.url=http://${LOCAL_IP}:51821"
|
|
|
|
joal:
|
|
image: anthonyraymond/joal
|
|
container_name: joal
|
|
restart: unless-stopped
|
|
environment:
|
|
- TZ
|
|
- PUID
|
|
- PGID
|
|
volumes:
|
|
- ${CONFIG}/joal:/data
|
|
ports:
|
|
- 9485:9485
|
|
command:
|
|
- "--joal-conf=/data"
|
|
- "--spring.main.web-environment=true"
|
|
- "--server.port=9485"
|
|
- "--joal.ui.path.prefix=joal"
|
|
- "--joal.ui.secret-token=joal"
|
|
|
|
audiobookshelf:
|
|
image: ghcr.io/advplyr/audiobookshelf:latest
|
|
container_name: audiobookshelf
|
|
restart: unless-stopped
|
|
ports:
|
|
- 13378:80
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- ${DATA}/audiobookshelf/audiobooks:/audiobooks
|
|
- ${DATA}/audiobookshelf/podcasts:/podcasts
|
|
- ${CONFIG}/audiobookshelf/audiobooks:/config
|
|
- ${DATA}/audiobookshelf/metadata:/metadata
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN}`)"
|
|
- "traefik.http.routers.audiobookshelf.entrypoints=websecure"
|
|
- "traefik.http.routers.audiobookshelf.tls=true"
|
|
- "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.audiobookshelf.middlewares=secured-no-oauth"
|
|
- "kuma.audiobookshelf.http.name=Audiobookshelf"
|
|
- "kuma.audiobookshelf.http.url=http://${LOCAL_IP}:13378"
|
|
|
|
mylar3:
|
|
image: lscr.io/linuxserver/mylar3:latest
|
|
container_name: mylar3
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- $CONFIG/mylar:/config
|
|
- $DATA/books/comics:/comics
|
|
- $DATA/Downloads:/downloads
|
|
ports:
|
|
- 8090:8090
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.mylar3.rule=Host(`comics.${DOMAIN}`)"
|
|
- "traefik.http.routers.mylar3.entrypoints=websecure"
|
|
- "traefik.http.routers.mylar3.tls=true"
|
|
- "traefik.http.routers.mylar3.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.mylar3.middlewares=secured-no-oauth"
|
|
- "kuma.mylar3.http.name=Mylar3"
|
|
- "kuma.mylar3.http.url=http://${LOCAL_IP}:8090"
|
|
|
|
dozzle:
|
|
container_name: dozzle
|
|
image: amir20/dozzle:latest
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
ports:
|
|
- 9999:8080
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)"
|
|
- "traefik.http.routers.dozzle.entrypoints=websecure"
|
|
- "traefik.http.routers.dozzle.tls=true"
|
|
- "traefik.http.routers.dozzle.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.dozzle.middlewares=secured"
|
|
- "kuma.dozzle.http.name=Dozzle"
|
|
- "kuma.dozzle.http.url=http://${LOCAL_IP}:9999"
|
|
|
|
stirling-pdf:
|
|
container_name: stirling-pdf
|
|
image: frooodle/s-pdf:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8093:8080
|
|
volumes:
|
|
# - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages
|
|
- ${CONFIG}/stirlingpdf:/configs
|
|
# - /location/of/customFiles:/customFiles/
|
|
# - /location/of/logs:/logs/
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- DOCKER_ENABLE_SECURITY=false # tell docker to download security jar (required as true for auth login)
|
|
- INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.stirlingpdf.rule=Host(`stirlingpdf.${DOMAIN}`)"
|
|
- "traefik.http.routers.stirlingpdf.entrypoints=websecure"
|
|
- "traefik.http.routers.stirlingpdf.tls=true"
|
|
- "traefik.http.routers.stirlingpdf.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.stirlingpdf.middlewares=secured"
|
|
- "kuma.stirlingpdf.http.name=Stirlingpdf"
|
|
- "kuma.stirlingpdf.http.url=http://${LOCAL_IP}:8093"
|
|
|
|
# satisfactory-server:
|
|
# container_name: 'satisfactory-server'
|
|
# hostname: 'satisfactory-server'
|
|
# image: 'wolveix/satisfactory-server:latest'
|
|
# ports:
|
|
# - '7777:7777/udp'
|
|
# - '7777:7777/tcp'
|
|
# volumes:
|
|
# - '${DATA}/satisfactory-server:/config'
|
|
# environment:
|
|
# - MAXPLAYERS=4
|
|
# - PGID
|
|
# - PUID
|
|
# - TZ
|
|
# - ROOTLESS=false
|
|
# - STEAMBETA=false
|
|
# restart: unless-stopped
|
|
# healthcheck:
|
|
# test: [ "CMD", "bash", "/healthcheck.sh" ]
|
|
# interval: 30s
|
|
# timeout: 10s
|
|
# retries: 3
|
|
# start_period: 120s
|
|
|
|
homarr:
|
|
container_name: homarr
|
|
image: ghcr.io/homarr-labs/homarr:latest
|
|
restart: unless-stopped
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- SECRET_ENCRYPTION_KEY=$HOMARR_SECRET_KEY
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ${CONFIG}/homarr/appdata:/appdata
|
|
ports:
|
|
- '7575:7575'
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)"
|
|
- "traefik.http.routers.homarr.entrypoints=websecure"
|
|
- "traefik.http.routers.homarr.tls=true"
|
|
- "traefik.http.routers.homarr.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.homarr.middlewares=authentik@docker"
|
|
|
|
dash:
|
|
container_name: dash
|
|
image: mauricenino/dashdot:latest
|
|
restart: unless-stopped
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
privileged: true
|
|
ports:
|
|
- '3002:3001'
|
|
volumes:
|
|
- /etc/os-release:/mnt/host/etc/os-release:ro
|
|
- /proc/1/ns/net:/mnt/host/proc/1/ns/net:ro
|
|
- /mnt:/mnt/host/mnt:ro
|
|
- /media:/mnt/host/media:ro
|
|
- /dev:/mnt/host/dev:ro
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.dash.rule=Host(`dash.${DOMAIN}`)"
|
|
- "traefik.http.routers.dash.entrypoints=websecure"
|
|
- "traefik.http.routers.dash.tls=true"
|
|
- "traefik.http.routers.dash.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.dash.middlewares=authentik@docker"
|
|
|
|
terraforming-mars:
|
|
container_name: terraforming-mars
|
|
build: ../terraforming-mars/
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- mars-postgres
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- POSTGRES_HOST=postgresql://terra:terrapw@mars-postgres:5432/terraforming-mars?sslmode=disable
|
|
- NODE_ENV=production
|
|
ports:
|
|
- "8082:8765"
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.terraforming-mars.rule=Host(`terraforming-mars.${DOMAIN}`)"
|
|
- "traefik.http.routers.terraforming-mars.entrypoints=websecure"
|
|
- "traefik.http.routers.terraforming-mars.tls=true"
|
|
- "traefik.http.routers.terraforming-mars.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.terraforming-mars.middlewares=authentik@docker"
|
|
|
|
mars-postgres:
|
|
container_name: mars-postgres
|
|
image: postgres:14.5
|
|
restart: unless-stopped
|
|
environment:
|
|
PGID: 1000
|
|
PUID: 1000
|
|
POSTGRES_USER: terra
|
|
POSTGRES_PASSWORD: terrapw
|
|
POSTGRES_DB: terraforming-mars
|
|
volumes:
|
|
- terra-db:/var/lib/postgresql/data
|
|
|
|
beszel:
|
|
container_name: beszel
|
|
image: henrygd/beszel
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8091:8090" # webapp
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- $CONFIG/beszel:/beszel_data
|
|
- $CONFIG/beszel/beszel_socket:/beszel_socket
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.beszel.rule=Host(`beszel.${DOMAIN}`)"
|
|
- "traefik.http.routers.beszel.entrypoints=websecure"
|
|
- "traefik.http.routers.beszel.tls=true"
|
|
- "traefik.http.routers.beszel.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.beszel.middlewares=authentik@docker"
|
|
|
|
beszel-agent:
|
|
container_name: beszel-agent
|
|
image: henrygd/beszel-agent:latest
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- $CONFIG/beszel/beszel_socket:/beszel_socket
|
|
environment:
|
|
PGID: 1000
|
|
PUID: 1000
|
|
TZ: Europe/Paris
|
|
LISTEN: /beszel_socket/beszel.sock
|
|
# Do not remove quotes around the key
|
|
KEY: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnL7QH2tt3y+nwrC/Yr96EVXsU1672Q4PV2jFfoBRwi"
|
|
|
|
deezer-downloader:
|
|
container_name: deezer-downloader
|
|
image: kmille2/deezer-downloader:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- "5000:5000"
|
|
volumes:
|
|
- $DATA/Downloads/Music/deezer:/mnt/deezer-downloader
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- DEEZER_COOKIE_ARL=07329ecdc126315f7e2335f9d8a95b9a84f7d7a244536681cbeab88b83160bc1108bc5719f7d6ab03b502bce10dabdf0bc7b656b751a66c9688b5116234369bebd71f2659a5445ad24359cdb4671161ce0618c09e59d1b60eebe461f04579c8e
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.deezerdl.rule=Host(`deezerdl.${DOMAIN}`)"
|
|
- "traefik.http.routers.deezerdl.entrypoints=websecure"
|
|
- "traefik.http.routers.deezerdl.tls=true"
|
|
- "traefik.http.routers.deezerdl.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.deezerdl.middlewares=authentik@docker"
|
|
|
|
signal-api:
|
|
image: bbernhard/signal-cli-rest-api:0.92
|
|
container_name: signal-api
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8088:8080"
|
|
volumes:
|
|
- $DATA/signal-api:/home/.local/share/signal-cli
|
|
environment:
|
|
- MODE=native
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- LOG_LEVEL=debug
|
|
|
|
gotify:
|
|
image: gotify/server
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8092:80
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- GOTIFY_DEFAULTUSER_PASS=$ADMINPWD
|
|
volumes:
|
|
- $CONFIG/gotify_data:/app/data
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.gotify.rule=Host(`gotify.${DOMAIN}`)"
|
|
- "traefik.http.routers.gotify.entrypoints=websecure"
|
|
- "traefik.http.routers.gotify.tls=true"
|
|
- "traefik.http.routers.gotify.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.gotify.middlewares=secured-no-oauth"
|
|
|
|
siyuan:
|
|
image: b3log/siyuan
|
|
command: ['--workspace=/siyuan/workspace/', '--accessAuthCode=${ADMINPWD}']
|
|
restart: unless-stopped
|
|
ports:
|
|
- 6806:6806
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- $CONFIG/siyuan/workspace:/siyuan/workspace
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.siyuan.rule=Host(`siyuan.${DOMAIN}`)"
|
|
- "traefik.http.routers.siyuan.entrypoints=websecure"
|
|
- "traefik.http.routers.siyuan.tls=true"
|
|
- "traefik.http.routers.siyuan.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.siyuan.middlewares=secured-no-oauth"
|
|
|
|
backrest:
|
|
image: garethgeorge/backrest:latest
|
|
container_name: backrest
|
|
hostname: backrest
|
|
restart: unless-stopped
|
|
volumes:
|
|
- $CONFIG/backrest/data:/data
|
|
- $CONFIG/backrest/config:/config
|
|
- $CONFIG/backrest/cache:/cache
|
|
- $CONFIG/backrest/tmp:/tmp
|
|
- $CONFIG/backrest/rclone:/root/.config/rclone # Mount for rclone config (needed when using rclone remotes)
|
|
- $DATA:/nasMerged # Mount local paths to backup
|
|
- /path/to/local/repos:/repos # Mount local repos (optional for remote storage)
|
|
environment:
|
|
- BACKREST_DATA=/data
|
|
- BACKREST_CONFIG=/config/config.json
|
|
- XDG_CACHE_HOME=/cache
|
|
- TMPDIR=/tmp
|
|
- TZ
|
|
ports:
|
|
- "9898:9898"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)"
|
|
- "traefik.http.routers.backrest.entrypoints=websecure"
|
|
- "traefik.http.routers.backrest.tls=true"
|
|
- "traefik.http.routers.backrest.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.backrest.middlewares=secured"
|
|
|
|
whatsupdocker:
|
|
image: getwud/wud
|
|
restart: unless-stopped
|
|
container_name: wud
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- WUD_TRIGGER_GOTIFY_DOCKERUPDATES_URL=https://gotify.${DOMAIN}
|
|
- WUD_TRIGGER_GOTIFY_DOCKERUPDATES_TOKEN=ABgJGCGhSBAmQ2o
|
|
- WUD_TRIGGER_GOTIFY_DOCKERUPDATES_THRESHOLD=all
|
|
- WUD_WATCHER_LOCAL_CRON=0 1 * * *
|
|
ports:
|
|
- 3007:3000
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.wud.rule=Host(`wud.${DOMAIN}`)"
|
|
- "traefik.http.routers.wud.entrypoints=websecure"
|
|
- "traefik.http.routers.wud.tls=true"
|
|
- "traefik.http.routers.wud.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.wud.middlewares=secured"
|
|
|
|
|
|
############################ Yamtrack START ######################
|
|
|
|
yamtrack:
|
|
container_name: yamtrack
|
|
image: ghcr.io/fuzzygrim/yamtrack
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- yamtrack-redis
|
|
- yamtrack-db
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- REDIS_URL=redis://yamtrack-redis:6379
|
|
- SECRET=$PG_PASS
|
|
- DB_HOST=yamtrack-db
|
|
- DB_NAME=yamtrack
|
|
- DB_USER=yamtrack
|
|
- DB_PASSWORD=yamtrack
|
|
- DB_PORT=5432
|
|
ports:
|
|
- "8009:8000"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.yamtrack.rule=Host(`yamtrack.${DOMAIN}`)"
|
|
- "traefik.http.routers.yamtrack.entrypoints=websecure"
|
|
- "traefik.http.routers.yamtrack.tls=true"
|
|
- "traefik.http.routers.yamtrack.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.yamtrack.middlewares=authentik@docker"
|
|
|
|
yamtrack-db:
|
|
image: postgres:16-alpine
|
|
container_name: yamtrack-db
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- POSTGRES_DB=yamtrack
|
|
- POSTGRES_USER=yamtrack
|
|
- POSTGRES_PASSWORD=yamtrack
|
|
volumes:
|
|
- yamtrack_postgres_data:/var/lib/postgresql/data
|
|
restart: unless-stopped
|
|
|
|
yamtrack-redis:
|
|
container_name: yamtrack-redis
|
|
image: redis:7-alpine
|
|
restart: unless-stopped
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- yamtrack_redis_data:/data
|
|
|
|
############################ Yamtrack END ######################
|
|
|
|
############################ Paperless START ######################
|
|
|
|
paperless-broker:
|
|
container_name: paperless-broker
|
|
image: docker.io/library/redis:8
|
|
restart: unless-stopped
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- $CONFIG/paperless/redis:/data
|
|
|
|
paperless-db:
|
|
container_name: paperless-db
|
|
image: docker.io/library/postgres:17
|
|
restart: unless-stopped
|
|
volumes:
|
|
- $CONFIG/paperless/db:/var/lib/postgresql/data
|
|
environment:
|
|
PGID: 1000
|
|
PUID: 1000
|
|
TZ: Europe/Paris
|
|
POSTGRES_DB: paperless
|
|
POSTGRES_USER: paperless
|
|
POSTGRES_PASSWORD: paperless
|
|
|
|
paperless-server:
|
|
container_name: paperless-server
|
|
image: ghcr.io/paperless-ngx/paperless-ngx:latest
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- paperless-db
|
|
- paperless-broker
|
|
ports:
|
|
- "8045:8000"
|
|
volumes:
|
|
- $DATA/paperless/data:/usr/src/paperless/data
|
|
- $DATA/paperless/media:/usr/src/paperless/media
|
|
- $DATA/paperless/export:/usr/src/paperless/export
|
|
- $DATA/paperless/consume:/usr/src/paperless/consume
|
|
environment:
|
|
PAPERLESS_REDIS: redis://paperless-broker:6379
|
|
PAPERLESS_DBHOST: paperless-db
|
|
PAPERLESS_URL: https://paperless.$DOMAIN
|
|
PAPERLESS_OCR_LANGUAGE: fra
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.paperless.rule=Host(`paperless.${DOMAIN}`)"
|
|
- "traefik.http.routers.paperless.entrypoints=websecure"
|
|
- "traefik.http.routers.paperless.tls=true"
|
|
- "traefik.http.routers.paperless.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.paperless.middlewares=authentik@docker"
|
|
|
|
############################ Paperless END ######################
|
|
|
|
############################ Docmost START ######################
|
|
docmost:
|
|
container_name: docmost
|
|
image: docmost/docmost:latest
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- docmost-db
|
|
- docmost-redis
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- APP_URL=https://docmost.${DOMAIN}
|
|
- APP_SECRET=${DOCMOST_APP_SECRET}
|
|
- DATABASE_URL=postgresql://docmost:123465@docmost-db:5432/docmost?schema=public
|
|
- REDIS_URL=redis://docmost-redis:6379
|
|
ports:
|
|
- "3003:3000"
|
|
volumes:
|
|
- ${DATA}/docmost:/app/data/storage
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.docmost.rule=Host(`docmost.${DOMAIN}`)"
|
|
- "traefik.http.routers.docmost.entrypoints=websecure"
|
|
- "traefik.http.routers.docmost.tls=true"
|
|
- "traefik.http.routers.docmost.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.docmost.middlewares=authentik@docker"
|
|
|
|
docmost-db:
|
|
container_name: docmost-db
|
|
image: postgres:16-alpine
|
|
restart: unless-stopped
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
- "POSTGRES_DB=docmost"
|
|
- "POSTGRES_USER=docmost"
|
|
- "POSTGRES_PASSWORD=123465"
|
|
volumes:
|
|
- docmost_db_data:/var/lib/postgresql/data
|
|
|
|
docmost-redis:
|
|
container_name: docmost-redis
|
|
image: redis:7.2-alpine
|
|
restart: unless-stopped
|
|
environment:
|
|
- PGID
|
|
- PUID
|
|
- TZ
|
|
volumes:
|
|
- docmost_redis_data:/data
|
|
############################ Docmost END ######################
|
|
|
|
############################ Authentik START ######################
|
|
authentik-postgresql:
|
|
container_name: authentik-postgresql
|
|
image: docker.io/library/postgres:16-alpine
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 5s
|
|
volumes:
|
|
- /home/nathan/dockerDbs/authentik_postgres:/var/lib/postgresql/data
|
|
environment:
|
|
PGID: 1000
|
|
PUID: 1000
|
|
POSTGRES_PASSWORD: ${PG_PASS}
|
|
POSTGRES_USER: authentik
|
|
POSTGRES_DB: authentik
|
|
env_file:
|
|
- .env
|
|
|
|
authentik-redis:
|
|
container_name: authentik-redis
|
|
image: docker.io/library/redis:alpine
|
|
command: --save 60 1 --loglevel warning
|
|
restart: unless-stopped
|
|
environment:
|
|
PGID: 1000
|
|
PUID: 1000
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 3s
|
|
volumes:
|
|
- ${CONFIG}/authentik_redis:/data
|
|
|
|
authentik-server:
|
|
container_name: authentik-server
|
|
image: ghcr.io/goauthentik/server:latest
|
|
restart: unless-stopped
|
|
command: server
|
|
environment:
|
|
PGID: 1000
|
|
PUID: 1000
|
|
AUTHENTIK_REDIS__HOST: authentik-redis
|
|
AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: authentik
|
|
AUTHENTIK_POSTGRESQL__NAME: authentik
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
AUTHENTIK_TOKEN: WqhKA1cypieGrJbegta2kJxvq6AqdpJ1RKhqMFIm
|
|
volumes:
|
|
- ${CONFIG}/authentik/media:/media
|
|
- ${CONFIG}/authentik/templates:/templates
|
|
env_file:
|
|
- .env
|
|
ports:
|
|
- "9000:9000"
|
|
- "9443:9443"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)"
|
|
- "traefik.http.routers.authentik.entrypoints=websecure"
|
|
- "traefik.http.routers.authentik.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.authentik.priority=1"
|
|
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
|
|
- "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.authentik-http.rule=Host(`authentik.${DOMAIN}com`)"
|
|
- "traefik.http.routers.authentik-http.entrypoints=web"
|
|
- "traefik.http.routers.authentik-http.middlewares=authentik-https-redirect"
|
|
- "traefik.http.routers.authentik-proxy.rule=Host(`$DOMAIN`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
|
|
|
- "traefik.http.middlewares.authentik.forwardauth.address=http://${LOCAL_IP}:9000/outpost.goauthentik.io/auth/traefik"
|
|
- "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true"
|
|
- "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
|
|
|
|
depends_on:
|
|
- authentik-postgresql
|
|
- authentik-redis
|
|
|
|
authentik-worker:
|
|
container_name: authentik-worker
|
|
image: ghcr.io/goauthentik/server:latest
|
|
restart: unless-stopped
|
|
command: worker
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: authentik-redis
|
|
AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: authentik
|
|
AUTHENTIK_POSTGRESQL__NAME: authentik
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
PGID: 1000
|
|
PUID: 1000
|
|
# `user: root` and the docker socket volume are optional.
|
|
# See more for the docker socket integration here:
|
|
# https://goauthentik.io/docs/outposts/integrations/docker
|
|
# Removing `user: root` also prevents the worker from fixing the permissions
|
|
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
|
# (1000:1000 by default)
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ${CONFIG}/authentik/media:/media
|
|
- ${CONFIG}/authentik/certs:/certs
|
|
- ${CONFIG}/authentik/templates:/templates
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- authentik-postgresql
|
|
- authentik-redis
|
|
|
|
whoami:
|
|
container_name: whoami
|
|
image: containous/whoami
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.http.routers.whoami.middlewares=authentik@docker"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
|
|
- "traefik.http.routers.whoami.entrypoints=websecure"
|
|
- "traefik.http.routers.whoami.tls=true"
|
|
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
|
# - "traefik.http.routers.whoami.middlewares=secured"
|
|
############################ Authentik END ######################
|
|
|
|
volumes:
|
|
paperless_redisdata:
|
|
paperless_pgdata:
|
|
terra-db:
|
|
docmost_redis_data:
|
|
docmost_db_data:
|
|
yamtrack_redis_data:
|
|
yamtrack_postgres_data:
|
|
database:
|
|
driver: local
|
|
redis:
|
|
driver: local
|