name: rikku networks: default: name: rikku_default services: adguard: cap_add: - NET_BIND_SERVICE - NET_RAW container_name: adguard environment: TZ: ${TZ} image: adguard/adguardhome:v0.107.67@sha256:927dc14b3e3cbd359e84658914590270a77d54446a6565e9498bef3444c286a4 network_mode: host privileged: true restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - ${RIKKU_DOCKER_DIR}/adguard/work:/opt/adguardhome/work - ${RIKKU_DOCKER_DIR}/adguard/conf:/opt/adguardhome/conf beszel-agent: container_name: beszel-agent environment: PORT: 45876 # Do not remove quotes around the key KEY: "${BESZEL_RINOA_AGENT_KEY}" TOKEN: ${BESZEL_RIKKU_TOKEN} HUB_URL: http://192.168.1.254:22220 expose: - 45876 image: henrygd/beszel-agent:0.12.12@sha256:0830d9eb7866d3dfe810d8a8ed4fc3dad2c51b3bc855e3558a9aa4e8886c99be network_mode: host restart: unless-stopped volumes: - ${RIKKU_DOCKER_DIR}/beszel-agent:/var/lib/beszel-agent - /dev/mmcblk0:/extra-filesystems/dev/mmcblk0:ro - /var/run/docker.sock:/var/run/docker.sock:ro castsponsorskip: container_name: castsponsorskip image: ghcr.io/gabe565/castsponsorskip:0.8.2@sha256:fe3a1b45987168b9cbccc394496e42bed5d396cd4869aa70ea402c686e679403 environment: TZ: ${TZ} # CSS_PAUSED_INTERVAL: # CSS_PLAYING_INTERVAL: # CSS_CATEGORIES: # CSS_YOUTUBE_API_KEY: # CSS_MUTE_ADS: network_mode: host restart: unless-stopped docker-socket-proxy: container_name: dockerproxy environment: AUTH: 1 BUILD: 1 COMMIT: 1 CONFIGS: 1 CONTAINERS: 1 DISTRIBUTION: 1 EVENTS: 1 EXEC: 1 GPRC: 1 IMAGES: 1 INFO: 1 NETWORKS: 1 NODES: 1 POST: 1 PLUGINS: 1 SERVICES: 1 SESSION: 1 SYSTEM: 1 TASKS: 1 VOLUMES: 1 LOG_LEVEL: debug image: ghcr.io/tecnativa/docker-socket-proxy:latest@sha256:3400c429c5f9e1b21d62130fb93b16e2e772d4fb7695bd52fc2b743800b9fe9e ports: - 2375:2375 privileged: true restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock dockflare: container_name: dockflare environment: AGENT_STATUS_UPDATE_INTERVAL_SECONDS: 10 CF_ACCOUNT_ID: ${CLOUDFLARE_ACCOUNT_ID} CF_API_TOKEN: ${CLOUDFLARE_API_TOKEN} CF_ZONE_ID: ${CLOUDFLARE_ZONE_ID} CLEANUP_INTERVAL_SECONDS: 300 CLOUDFLARED_METRICS_PORT: 20119 CLOUDFLARED_NETWORK_NAME: rikku_default DEFAULT_NO_TLS_VERIFY: false GRACE_PERIOD_SECONDS: 600 LABEL_PREFIX: cloudflare.tunnel MAX_CONCURRENT_DNS_OPS: 3 RECONCILIATION_BATCH_SIZE: 3 SCAN_ALL_NETWORKS: false STATE_FILE_PATH: /app/data/state.json TRUSTED_PROXIES: 192.168.1.0/24,172.18.0.0/16 TUNNEL_DNS_SCAN_ZONE_NAMES: TUNNEL_NAME: dockflared-tunnel TZ: ${TZ} healthcheck: test: [ "CMD-SHELL", "wget -qO- --server-response http://localhost:5000/ping 2>&1 | awk '/^ HTTP/{code=$2} /^[^{]/{next} {print; fflush()} END{exit (code>=400 || code==0)}' >/dev/null", ] interval: 1m30s timeout: 30s retries: 5 start_period: 30s image: alplat/dockflare:stable@sha256:8c419e698cdf4160b7043197b1d674cdf82910fdc4e249ff52da3cf86f5b5383 # Or :unstable for the latest features # labels: # ## EXAMPLE CF TUNNEL LABELS ### # Enable DockFlare management for this container # - "cloudflare.tunnel.enable=true" # The public hostname to expose # - "cloudflare.tunnel.hostname=my-service.example.com" # The internal service address (protocol://container_name_or_ip:port) # Service type (http, https, tcp, ssh, rdp, http_status) is inferred from the prefix. # - "cloudflare.tunnel.service=http://my-service:80" # Optional: Specify a URL path. Only requests to hostname/path will match. # - "cloudflare.tunnel.path=/app" # Optional: Specify a different Cloudflare Zone for this hostname # - "cloudflare.tunnel.zonename=another.example.com" # Optional: Disable TLS verification if your internal service uses HTTP or a self-signed cert # - "cloudflare.tunnel.no_tls_verify=true" # Optional: Specify Origin Server Name (SNI) for TLS connection to origin # - "cloudflare.tunnel.originsrvname=internal.service.local" ports: - 5001:5000 restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - dockflare_data:/app/data ha-fusion: container_name: ha-fusion depends_on: homeassistant: condition: service_started required: true environment: TZ: ${TZ} HASS_URL: http://192.168.1.252:8123 image: ghcr.io/matt8707/ha-fusion:2024.10.1@sha256:5eea4634ab2b1e7c7523943996d13318d109b293abe8e9e86c38daf5c41830cb ports: - 5050:5050 restart: unless-stopped volumes: - ${RIKKU_DOCKER_DIR}/ha-fusion:/app/data homeassistant: container_name: homeassistant devices: - /dev/ttyAMA0:/dev/ttyAMA0 - /dev/ttyS0:/dev/ttyS0 environment: DISABLE_JEMALLOC: true image: ghcr.io/home-assistant/home-assistant:stable@sha256:ae0e2a2f03822c49a0c506bc40e367b4abc8b3207d67a6e0312b42d60867c5e5 labels: com.centurylinklabs.watchtower.monitor-only: true network_mode: host privileged: true restart: unless-stopped volumes: - ${RIKKU_DOCKER_DIR}/homeassistant:/config - /etc/localtime:/etc/localtime:ro - /run/dbus:/run/dbus:ro ollama: container_name: ollama image: ollama/ollama:0.12.3@sha256:c622a7adec67cf5bd7fe1802b7e26aa583a955a54e91d132889301f50c3e0bd0 ports: - 11434:11434 restart: unless-stopped volumes: - ollama:/root/.ollama portainer-agent: container_name: portainer_agent image: portainer/agent:latest@sha256:a454c023f4b79ae308e372e5a4ab0d37961d6d8ad88fe5945544435203ded198 volumes: - /:/host - /var/lib/docker/volumes:/var/lib/docker/volumes - /var/run/docker.sock:/var/run/docker.sock restart: always ports: - 9001:9001 renovate: container_name: renovate environment: RENOVATE_CONFIG_FILE: /etc/renovate/config.js # --- Authentication & platform --- RENOVATE_TOKEN: "${RENOVATE_GITEA_TOKEN}" # Gitea personal access token for renovate-bot RENOVATE_PLATFORM: "gitea" RENOVATE_ENDPOINT: "https://git.${MY_TLD}/api/v1" # your Gitea URL RENOVATE_USERNAME: "renovate-bot" RENOVATE_GIT_AUTHOR: "Renovate Bot " RENOVATE_GITHUB_COM_TOKEN: ${LIBRECHAT_GITHUB_TOKEN} # --- Behavior --- RENOVATE_AUTODISCOVER: "true" # discover all repos renovate-bot has access to RENOVATE_ONBOARDING: "true" # create onboarding PR if repo not configured RENOVATE_REQUIRE_CONFIG: "optional" # run even if no renovate config exists RENOVATE_REDIS_URL: redis://renovate-valkey:6379 LOG_LEVEL: "info" # --- Enable dependency dashboard --- RENOVATE_EXTENDS: "config:base,:dependencyDashboard" # --- Example package rules --- RENOVATE_PRUNE_BRANCH_AFTER_AUTOMERG: false RENOVATE_PRUNE_STALE_BRANCHES: true # --- Scheduling --- # Renovate will only process PRs/updates in this time window RENOVATE_SCHEDULE: '["after 2am and before 6am"]' OTEL_EXPORTER_OTLP_ENDPOINT: http://192.168.1.254:4318 OTEL_SERVICE_NAME: renovate OTEL_SERVICE_NAMESPACE: renovate.${MY_TLD} # --- Registry creds --- DOCKER_HUB_PASS: ${RENOVATE__DOCKER_HUB_PASS} DOCKER_HUB_USER: ${RENOVATE__DOCKER_HUB_USER} GHCR_TOKEN: ${RENOVATE__GHCR_TOKEN} GHCR_USER: ${RENOVATE__GHCR_USER} GITEA_BOT_PASS: ${RENOVATE__GITEA_BOT_PASS} GITEA_BOT_USER: ${RENOVATE__GITEA_BOT_USER} image: renovate/renovate:41.131.12-full@sha256:d7f82f222b7ef6bd9a4166d7428aa82b42e0a5421d6797a417e2fef58bcf68e3 restart: unless-stopped volumes: - ${RIKKU_DOCKER_DIR}/renovate/config.js:/etc/renovate/config.js renovate-valkey: container_name: renovate-valkey healthcheck: test: redis-cli ping || exit 1 image: docker.io/valkey/valkey:8-alpine@sha256:d827e7f7552cdee40cc7482dbae9da020f42bc47669af6f71182a4ef76a22773 environment: ALLOW_EMPTY_PASSWORD: yes VALKEY_DATA_DIR: /data/valkey VALKEY_DATABASE: 0 expose: - 6379 restart: unless-stopped volumes: - renovate-valkey-data:/data/valkey signoz-logspout: command: signoz://192.168.1.254:8082 container_name: signoz-logspout environment: ENV: prod SIGNOZ_LOG_ENDPOINT: http://192.168.1.254:8082 image: pavanputhra/logspout-signoz:2025.07.19-887dfeb@sha256:6da8ce12279a5262de8b2d5c083ce82d4c878c4eab702b4d328afe147ed7553b restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock upsnap: container_name: upsnap dns: - 192.168.1.254 entrypoint: /bin/sh -c "./upsnap serve --http 0.0.0.0:5000" environment: TZ: ${TZ} # Set container timezone for cron schedules UPSNAP_INTERVAL: "*/10 * * * * *" # Sets the interval in which the devices are pinged UPSNAP_SCAN_RANGE: 192.168.1.0/24 # Scan range is used for device discovery on local network UPSNAP_SCAN_TIMEOUT: 500ms # Scan timeout is nmap's --host-timeout value to wait for devices (https://nmap.org/book/man-performance.html) UPSNAP_PING_PRIVILEGED: true # Set to false if you don't have root user permissions UPSNAP_WEBSITE_TITLE: "UpSnap @ Rikku" # Custom website title # # To use a non-root user, create the mountpoint first (mkdir data) so that it has the right permission. # # dns is used for name resolution during network scan # # or install custom packages for shutdown # entrypoint: /bin/sh -c "apk update && apk add --no-cache && rm -rf /var/cache/apk/* && ./upsnap serve --http 0.0.0.0:8090" healthcheck: test: curl -fs "http://localhost:5000/api/health" || exit 1 interval: 10s image: ghcr.io/seriousm4x/upsnap:5@sha256:c96e9d3f1559736544f723d99b778498982ebb2819de8e509548f8c5468b5542 # images are also available on docker hub: seriousm4x/upsnap:5 network_mode: host privileged: true restart: unless-stopped volumes: - ${RIKKU_DOCKER_DIR}/upsnap:/app/pb_data webhook: command: "-verbose -hooks=/etc/webhook/hooks.json -hotreload" image: thecatlady/webhook:2.8.1@sha256:2c20d15f8f1b87ea1fa242787af6f288175bbb3402a04f1744a7f7a6a529d711 container_name: webhook ports: - 9000:9000 restart: unless-stopped volumes: - ${RIKKU_DOCKER_DIR}/webhook/conf:/etc/webhook - ${RIKKU_DOCKER_DIR}/webhook/scripts:/opt/webhook_scripts volumes: dockflare_data: name: dockflare_data ollama: name: ollama renovate-valkey-data: name: renovate-valkey-data