Trez/rikku-home-assistant
4
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity
Files
36645f290bbb7a637865603f9d32a1a78e878dbc
rikku-home-assistant/docker-compose.yml
T
renovate-bot 580bbda26c
Renovate PR Deployment / Renovate PR Deployment (pull_request) Failing after 36s
Details
🔧 Renovate: Pin dependencies
2026-06-13 20:47:52 +00:00

406 lines
14 KiB
YAML
Raw Blame History

name: rikku
networks:
default:
name: rikku_default
services:
adguard:
cap_add:
- NET_BIND_SERVICE
- NET_RAW
container_name: adguard
environment:
TZ: ${TZ}
image: adguard/adguardhome:v0.107.77@sha256:e6f2b8bcda06064ab055b44933a4f0e983c35558b9cdb8d2e7ab1efcee36d890
network_mode: host
privileged: true
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- ${RIKKU_DOCKER_DIR}/adguard/work:/opt/adguardhome/work
- ${RIKKU_DOCKER_DIR}/adguard/conf:/opt/adguardhome/conf
- /mnt/swag-certs:/opt/adguardhome/certs
beszel-agent:
container_name: beszel-agent
environment:
PORT: 45876
# Do not remove quotes around the key
KEY: "${BESZEL_RINOA_AGENT_KEY}"
TOKEN: ${BESZEL_RIKKU_TOKEN}
HUB_URL: http://192.168.1.254:22220
expose:
- 45876
image: henrygd/beszel-agent:0.18.7@sha256:8874e2c53f9de5e063a6a80d6b617e20fa593ac5dc4eb4c6ce1f912f510f38f8
network_mode: host
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/beszel-agent:/var/lib/beszel-agent
- /dev/mmcblk0:/extra-filesystems/dev/mmcblk0:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
castsponsorskip:
container_name: castsponsorskip
image: ghcr.io/gabe565/castsponsorskip:0.8.3@sha256:f556d274aab94c3140058e9f192396bc75e04d8e075769223c1edfc8c4f4daa4
environment:
TZ: ${TZ}
# CSS_PAUSED_INTERVAL:
# CSS_PLAYING_INTERVAL:
# CSS_CATEGORIES:
# CSS_YOUTUBE_API_KEY:
# CSS_MUTE_ADS:
network_mode: host
restart: unless-stopped
docker-socket-proxy:
container_name: dockerproxy
environment:
AUTH: 1
BUILD: 1
COMMIT: 1
CONFIGS: 1
CONTAINERS: 1
DISTRIBUTION: 1
EVENTS: 1
EXEC: 1
GPRC: 1
IMAGES: 1
INFO: 1
NETWORKS: 1
NODES: 1
POST: 1
PLUGINS: 1
SERVICES: 1
SESSION: 1
SYSTEM: 1
TASKS: 1
VOLUMES: 1
LOG_LEVEL: debug
image: ghcr.io/tecnativa/docker-socket-proxy:latest@sha256:1f3a6f303320723d199d2316a3e82b2e2685d86c275d5e3deeaf182573b47476
ports:
- 2375:2375
privileged: true
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
dockflare:
container_name: dockflare
environment:
AGENT_STATUS_UPDATE_INTERVAL_SECONDS: 10
CF_ACCOUNT_ID: ${CLOUDFLARE_ACCOUNT_ID}
CF_API_TOKEN: ${CLOUDFLARE_API_TOKEN}
CF_ZONE_ID: ${CLOUDFLARE_ZONE_ID}
CLEANUP_INTERVAL_SECONDS: 300
CLOUDFLARED_METRICS_PORT: 20119
CLOUDFLARED_NETWORK_NAME: rikku_default
DEFAULT_NO_TLS_VERIFY: false
GRACE_PERIOD_SECONDS: 600
LABEL_PREFIX: cloudflare.tunnel
MAX_CONCURRENT_DNS_OPS: 3
RECONCILIATION_BATCH_SIZE: 3
SCAN_ALL_NETWORKS: false
STATE_FILE_PATH: /app/data/state.json
TRUSTED_PROXIES: 192.168.1.0/24,172.18.0.0/16
TUNNEL_DNS_SCAN_ZONE_NAMES:
TUNNEL_NAME: dockflared-tunnel
TZ: ${TZ}
healthcheck:
test: [
"CMD-SHELL",
"wget -qO- --server-response http://localhost:5000/ping 2>&1 | awk
'/^ HTTP/{code=$2} /^[^{]/{next} {print; fflush()} END{exit
(code>=400 || code==0)}' >/dev/null",
]
interval: 1m30s
timeout: 30s
retries: 5
start_period: 30s
image: alplat/dockflare:stable@sha256:ff2807c696b0752767716825e7b3d9f7d4f353e7ea8a323dc2b7cc174ad27ef7 # Or :unstable for the latest features
# labels:
# ## EXAMPLE CF TUNNEL LABELS ###
# Enable DockFlare management for this container
# - "cloudflare.tunnel.enable=true"
# The public hostname to expose
# - "cloudflare.tunnel.hostname=my-service.example.com"
# The internal service address (protocol://container_name_or_ip:port)
# Service type (http, https, tcp, ssh, rdp, http_status) is inferred from the prefix.
# - "cloudflare.tunnel.service=http://my-service:80"
# Optional: Specify a URL path. Only requests to hostname/path will match.
# - "cloudflare.tunnel.path=/app"
# Optional: Specify a different Cloudflare Zone for this hostname
# - "cloudflare.tunnel.zonename=another.example.com"
# Optional: Disable TLS verification if your internal service uses HTTP or a self-signed cert
# - "cloudflare.tunnel.no_tls_verify=true"
# Optional: Specify Origin Server Name (SNI) for TLS connection to origin
# - "cloudflare.tunnel.originsrvname=internal.service.local"
ports:
- 5001:5000
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- dockflare_data:/app/data
ha-fusion:
container_name: ha-fusion
depends_on:
homeassistant:
condition: service_started
required: true
environment:
TZ: ${TZ}
HASS_URL: http://192.168.1.252:8123
image: ghcr.io/matt8707/ha-fusion:2024.10.1@sha256:5eea4634ab2b1e7c7523943996d13318d109b293abe8e9e86c38daf5c41830cb
ports:
- 5050:5050
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/ha-fusion:/app/data
homeassistant:
cap_add:
- NET_ADMIN
- NET_RAW
container_name: homeassistant
devices:
- /dev/ttyAMA0:/dev/ttyAMA0
- /dev/ttyS0:/dev/ttyS0
environment:
DISABLE_JEMALLOC: true
image: ghcr.io/home-assistant/home-assistant:stable@sha256:f0baa7922ecec7790c40c41baf08ab218b6ab8db5f96dc03b03a0ae33d987c3d
labels:
com.centurylinklabs.watchtower.monitor-only: true
network_mode: host
privileged: true
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/homeassistant:/config
- /etc/localtime:/etc/localtime:ro
- /run/dbus:/run/dbus:ro
patchmon-server:
container_name: patchmon-server
depends_on:
patchmon-pg-db:
condition: service_healthy
patchmon-redis:
condition: service_healthy
patchmon-guacd:
condition: service_healthy
environment:
CORS_ORIGIN: "*"
JWT_SECRET: ${PATCHMON_JWT_SECRET}
POSTGRES_HOST: patchmon-pg-db
DATABASE_URL: postgresql://patchmon:${PATCHMON_PG_PASSWORD}@patchmon-pg-db:5432/patchmon
ENABLE_LOGGING: true
GUACD_ADDRESS: patchmon-guacd:4822
LOG_LEVEL: info
REDIS_HOST: patchmon-redis
SESSION_SECRET: ${PATCHMON_SESSION_SECRET}
AI_ENCRYPTION_KEY: ${PATCHMON_AI_ENCRYPTION_KEY}
REDIS_PORT: 6379
REDIS_PASSWORD: ${PATCHMON_REDIS_PASSWORD}
REDIS_DB: 0
TRUST_PROXY: true
TZ: ${TZ}
image: ghcr.io/patchmon/patchmon-server:latest@sha256:eaa1bcce290c7003cff01a96cfc893a64cb144e582e9b797875e6381f56b297a
ports:
- 3000:3000
restart: unless-stopped
patchmon-pg-db:
container_name: patchmon-pg-db
image: postgres:17-alpine@sha256:979c4379dd698aba0b890599a6104e082035f98ef31d9b9291ec22f2b13059ca
restart: unless-stopped
environment:
POSTGRES_PASSWORD: ${PATCHMON_PG_PASSWORD}
POSTGRES_USER: patchmon
POSTGRES_DB: patchmon
expose:
- 5432
volumes:
- patchmon-pg-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U patchmon -d patchmon"]
interval: 3s
timeout: 5s
retries: 7
patchmon-redis:
container_name: patchmon-redis
image: redis:7-alpine@sha256:6ab0b6e7381779332f97b8ca76193e45b0756f38d4c0dcda72dbb3c32061ab99
restart: unless-stopped
environment:
TZ: ${TZ}
REDIS_PORT: 6379
REDIS_PASSWORD: ${PATCHMON_REDIS_PASSWORD}
REDIS_DB: 0
expose:
- 6379
command: redis-server --requirepass ${PATCHMON_REDIS_PASSWORD}
volumes:
- patchmon-redis-data:/data
healthcheck:
test:
[
"CMD",
"redis-cli",
"--no-auth-warning",
"-a",
"${PATCHMON_REDIS_PASSWORD}",
"ping",
]
interval: 3s
timeout: 5s
retries: 7
patchmon-guacd:
container_name: patchmon-guacd
image: guacamole/guacd:1.6.0@sha256:8974eaa9ba32f713daf311e7cc8cd7e4cdfba1edea39eed75524e78ef4b08f4f
expose:
- 4822
restart: unless-stopped
read_only: true
tmpfs:
- /tmp:size=64m
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
mem_limit: 512m
cpus: "1.0"
healthcheck:
test: ["CMD-SHELL", "nc -z localhost 4822 || exit 1"]
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
portainer-agent:
container_name: portainer_agent
image: portainer/agent:latest@sha256:236246fc09b3e7e9269aad53e57ec71f27b7e114a2b6b70d4fd98c117ccc36d8
volumes:
- /:/host
- /var/lib/docker/volumes:/var/lib/docker/volumes
- /var/run/docker.sock:/var/run/docker.sock
restart: always
ports:
- 9001:9001
renovate:
container_name: renovate
environment:
RENOVATE_CONFIG_FILE: /etc/renovate/config.js
# --- Authentication & platform ---
RENOVATE_TOKEN: "${RENOVATE_GITEA_TOKEN}" # Gitea personal access token for renovate-bot
RENOVATE_PLATFORM: "gitea"
RENOVATE_ENDPOINT: "https://git.${MY_TLD}/api/v1" # your Gitea URL
RENOVATE_USERNAME: "renovate-bot"
RENOVATE_GIT_AUTHOR: "Renovate Bot <it-services@trez.wtf>"
RENOVATE_GITHUB_COM_TOKEN: ${LIBRECHAT_GITHUB_TOKEN}
# --- Behavior ---
RENOVATE_AUTODISCOVER: "true" # discover all repos renovate-bot has access to
RENOVATE_ONBOARDING: "true" # create onboarding PR if repo not configured
RENOVATE_REQUIRE_CONFIG: "optional" # run even if no renovate config exists
RENOVATE_REDIS_URL: redis://renovate-valkey:6379
LOG_LEVEL: "info"
# --- Enable dependency dashboard ---
RENOVATE_EXTENDS: "config:base,:dependencyDashboard"
# --- Example package rules ---
RENOVATE_PRUNE_BRANCH_AFTER_AUTOMERG: false
RENOVATE_PRUNE_STALE_BRANCHES: true
# --- Scheduling ---
# Renovate will only process PRs/updates in this time window
RENOVATE_SCHEDULE: '["after 2am and before 6am"]'
OTEL_EXPORTER_OTLP_ENDPOINT: http://192.168.1.254:4318
OTEL_SERVICE_NAME: renovate
OTEL_SERVICE_NAMESPACE: renovate.${MY_TLD}
# --- Registry creds ---
DOCKER_HUB_PASS: ${RENOVATE__DOCKER_HUB_PASS}
DOCKER_HUB_USER: ${RENOVATE__DOCKER_HUB_USER}
GHCR_TOKEN: ${RENOVATE__GHCR_TOKEN}
GHCR_USER: ${RENOVATE__GHCR_USER}
GITEA_BOT_PASS: ${RENOVATE__GITEA_BOT_PASS}
GITEA_BOT_USER: ${RENOVATE__GITEA_BOT_USER}
image: renovate/renovate:43.170.22-full@sha256:934f64671c3f6535f5cce940b921a06aaaf47a347ce7de82b01b4028b223dcda
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/renovate/config.js:/etc/renovate/config.js
renovate-valkey:
container_name: renovate-valkey
healthcheck:
test: redis-cli ping || exit 1
image: docker.io/valkey/valkey:9-alpine@sha256:a35428eba9043cc0b79dbe54100f0c92784f2de00ad09b01182bfb1c5c83d1bd
environment:
ALLOW_EMPTY_PASSWORD: yes
VALKEY_DATA_DIR: /data/valkey
VALKEY_DATABASE: 0
expose:
- 6379
restart: unless-stopped
volumes:
- renovate-valkey-data:/data/valkey
signoz-logspout:
command: signoz://192.168.1.254:8082
container_name: signoz-logspout
environment:
ENV: prod
SIGNOZ_LOG_ENDPOINT: http://192.168.1.254:8082
image: pavanputhra/logspout-signoz:2025.07.19-887dfeb@sha256:6da8ce12279a5262de8b2d5c083ce82d4c878c4eab702b4d328afe147ed7553b
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
snapcast-server:
image: docker.io/sweisgerber/snapcast:latest@sha256:8859aaf7949781d47787fa048a3c85c7b3ea97aad4270d6f4ae2ff8b341db22c
hostname: snapcast-server
container_name: snapcast-server
environment:
TZ: ${TZ}
restart: "unless-stopped"
ports:
- 1704:1704
- 1705:1705
- 1780:1780
- 4953:4953
# devices:
# - /dev/snd:/dev/snd # optional, only if you want to use snapclient
volumes:
- ${RIKKU_DOCKER_DIR}/snapcast/config/:/config/
- ${RIKKU_DOCKER_DIR}/snapcast/data/:/data/
upsnap:
container_name: upsnap
dns:
- 192.168.1.254
entrypoint: /bin/sh -c "./upsnap serve --http 0.0.0.0:5000"
environment:
TZ: ${TZ} # Set container timezone for cron schedules
UPSNAP_INTERVAL: "*/10 * * * * *" # Sets the interval in which the devices are pinged
UPSNAP_SCAN_RANGE: 192.168.1.0/24 # Scan range is used for device discovery on local network
UPSNAP_SCAN_TIMEOUT: 500ms # Scan timeout is nmap's --host-timeout value to wait for devices (https://nmap.org/book/man-performance.html)
UPSNAP_PING_PRIVILEGED: true # Set to false if you don't have root user permissions
UPSNAP_WEBSITE_TITLE: "UpSnap @ Rikku" # Custom website title
# # To use a non-root user, create the mountpoint first (mkdir data) so that it has the right permission.
# # dns is used for name resolution during network scan
# # or install custom packages for shutdown
# entrypoint: /bin/sh -c "apk update && apk add --no-cache <YOUR_PACKAGE> && rm -rf /var/cache/apk/* && ./upsnap serve --http 0.0.0.0:8090"
healthcheck:
test: curl -fs "http://localhost:5000/api/health" || exit 1
interval: 10s
image: ghcr.io/seriousm4x/upsnap:5@sha256:a73c9db5a987289da68dc602e68fc0307c9ee57c563f53004d09ae3e3cf45a0a # images are also available on docker hub: seriousm4x/upsnap:5
network_mode: host
privileged: true
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/upsnap:/app/pb_data
webhook:
command: "-verbose -hooks=/etc/webhook/hooks.json -hotreload"
image: thecatlady/webhook:2.8.2@sha256:0507d6c27d87837bcdee5078d63f54e50d9073ae879618233858e3da68d4b0cc
container_name: webhook
ports:
- 9000:9000
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/webhook/conf:/etc/webhook
- ${RIKKU_DOCKER_DIR}/webhook/scripts:/opt/webhook_scripts
volumes:
dockflare_data:
name: dockflare_data
patchmon-pg-data:
name: patchmon-pg-data
patchmon-redis-data:
name: patchmon-redis-data
renovate-valkey-data:
name: renovate-valkey-data
Reference in New Issue View Git Blame Copy Permalink