diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml new file mode 100644 index 00000000..c80308e6 --- /dev/null +++ b/.gitea/workflows/build.yaml @@ -0,0 +1,134 @@ +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] + +name: SonarQube Scan +jobs: + sonarqube: + name: SonarQube Scanning & Status + runs-on: ubuntu-latest + steps: + - name: Checking out + uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: SonarQube Quality Gate Check + id: quality-gate + uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + # - name: Comment on Pull Request with Quality Gate Status + # id: comment-pr + # uses: prasiman/gocurl@v1 + # with: + # method: POST + # url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" + # headers: > + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # body: | + # { + # "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" + # } + + docker-compose-dry-run: + name: Dry Run Docker Compose + runs-on: ubuntu-latest + needs: quality-gate + if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' + steps: + - name: Checking out + uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + + - name: Generate ephemeral env + run: | + echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env + + - name: Validate Docker Compose Configuration + id: docker-lint + run: | + docker compose config --no-interpolate --quiet --dry-run + EXIT_CODE=$? + if [ $? -ne 0 ]; then + echo "Docker Compose configuration validation failed." + exit 1 + else + echo "Docker Compose configuration is valid." + fi + echo "::set-output name=exit_code::$EXIT_CODE" + + # - name: Docker Compose Lint + # uses: sjafferali/docker-compose-lint-action@v0.1.2 + # with: + # compose-file: './docker-compose.yml' + + # manual-approval: + # name: Manual Approval + # needs: docker-compose-test + # if: always() + # runs-on: self-hosted + # steps: + # - name: Approval Required + # run: | + # echo "Manual approval step reached. Please approve to proceed." + # exit 1 + + deploy-changes: + name: Merge and Deploy Changes + runs-on: ubuntu-latest + needs: docker-lint + if: steps.docker-lint.outputs.exit_code == 0 + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Install & Setup Tea CLI + run: | + curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea + chmod +x /usr/local/bin/tea + tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token "${{ secrets.BOT_GITEA_TOKEN }}" + + - name: Merge PR with Tea CLI + run: | + tea pr m "${{ gitea.event.pull_request.number }}" + + # - name: Merge Pull Request + # uses: prasiman/gocurl@v1 + # with: + # method: POST + # url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" + # headers: > + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + + - name: Deploy Docker Compose Changes + uses: astappiev/docker-compose-remote-action@master + with: + ssh_host: 192.168.1.254 + ssh_user: gitea-deploy + ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} + ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} + docker_env: $ {{ secrets.RINOA_DOCKER_ENV }} + docker_args: -d --remove-orphans --build --dry-run + + # uses: alex-ac/github-action-ssh-docker-compose@master + # with: + # ssh_host: ${{ secrets.DOCKER_HOST }} + # ssh_user: ${{ secrets.DOCKER_USER }} + # ssh_key: ${{ secrets.DOCKER_SSH_KEY }} + # compose_file_path: /path/to/docker-compose.yml + # docker_compose_command: "up -d --remove-orphans" diff --git a/docker-compose.yml b/docker-compose.yml index 6298326b..7f128cb6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1458,7 +1458,10 @@ services: grafana-alloy: condition: service_started required: true +<<<<<<< HEAD restart: true +======= +>>>>>>> sonarqube-gitea-docker-compose-deploy environment: GF_INSTALL_PLUGINS: grafana-piechart-panel TZ: America/New_York @@ -1567,7 +1570,10 @@ services: grafana-alloy: condition: service_started required: true +<<<<<<< HEAD restart: true +======= +>>>>>>> sonarqube-gitea-docker-compose-deploy image: grafana/loki:latest networks: default: null @@ -1592,7 +1598,10 @@ services: grafana-alloy: condition: service_started required: true +<<<<<<< HEAD restart: true +======= +>>>>>>> sonarqube-gitea-docker-compose-deploy image: grafana/mimir:latest labels: - homepage.group=Infrastructure/App Performance Monitoring @@ -1647,7 +1656,10 @@ services: grafana-alloy: condition: service_started required: true +<<<<<<< HEAD restart: true +======= +>>>>>>> sonarqube-gitea-docker-compose-deploy image: grafana/pyroscope:latest labels: - homepage.group=Infrastructure/App Performance Monitoring @@ -1677,7 +1689,10 @@ services: grafana-alloy: condition: service_started required: true +<<<<<<< HEAD restart: true +======= +>>>>>>> sonarqube-gitea-docker-compose-deploy image: grafana/tempo:latest networks: default: null @@ -4526,6 +4541,7 @@ services: - SYS_RAWIO container_name: scrutiny devices: +<<<<<<< HEAD - permissions: rwm source: /dev/sda target: /dev/sda @@ -4544,6 +4560,14 @@ services: - permissions: rwm source: /dev/sdf target: /dev/sdf +======= + - "/dev/sda:/dev/sda:rwm" + - "/dev/sdb:/dev/sdb:rwm" + - "/dev/sdc:/dev/sdc:rwm" + - "/dev/sdd:/dev/sdd:rwm" + - "/dev/sde:/dev/sde:rwm" + - "/dev/sdf:/dev/sdf:rwm" +>>>>>>> sonarqube-gitea-docker-compose-deploy image: ghcr.io/analogj/scrutiny:master-omnibus labels: - homepage.group=Infrastructure/App Performance Monitoring diff --git a/rinoa-docker-compose.yml b/rinoa-docker-compose.yml deleted file mode 100644 index b11662f7..00000000 --- a/rinoa-docker-compose.yml +++ /dev/null @@ -1,7566 +0,0 @@ -name: compose -networks: - bitmagnet: - driver: bridge - ipam: - config: - - gateway: 192.168.55.1 - subnet: 192.168.55.0/27 - driver: default - name: compose_bitmagnet - default: - name: compose_default -services: - addy: - container_name: addy - depends_on: - mariadb: - condition: service_started - required: true - redis: - condition: service_started - required: true - environment: - ANONADDY_ADDITIONAL_USERNAME_LIMIT: ${ADDY_ANONADDY_ADDITIONAL_USERNAME_LIMIT} - ANONADDY_ADMIN_USERNAME: ${ADDY_ANONADDY_ADMIN_USERNAME} - ANONADDY_ALL_DOMAINS: ${ADDY_ANONADDY_ALL_DOMAINS} - ANONADDY_BANDWIDTH_LIMIT: ${ADDY_ANONADDY_BANDWIDTH_LIMIT} - ANONADDY_DOMAIN: ${ADDY_ANONADDY_DOMAIN} - ANONADDY_ENABLE_REGISTRATION: true - ANONADDY_HOSTNAME: ${ADDY_ANONADDY_HOSTNAME} - ANONADDY_LIMIT: ${ADDY_ANONADDY_LIMIT} - ANONADDY_NEW_ALIAS_LIMIT: ${ADDY_ANONADDY_NEW_ALIAS_LIMIT} - ANONADDY_RETURN_PATH: null - ANONADDY_SECRET: ${ADDY_ANONADDY_SECRET} - APP_DEBUG: false - APP_KEY: ${ADDY_APP_KEY} - APP_NAME: addy-rinoa - APP_URL: ${ADDY_APP_URL} - DB_DATABASE: anonaddy - DB_HOST: mariadb - DB_PASSWORD: ${ADDY_DB_PASSWORD} - DB_PORT: 3306 - DB_TIMEOUT: 120 - DB_USERNAME: addy - MAIL_ENCRYPTION: null - MAIL_FROM_ADDRESS: null - MAIL_FROM_NAME: addy@Rinoa - PGID: ${PGID} - POSTFIX_DEBUG: true - POSTFIX_MESSAGE_SIZE_LIMIT: 26214400 - POSTFIX_RELAYHOST: postal-smtp - POSTFIX_RELAYHOST_AUTH_ENABLE: false - POSTFIX_RELAYHOST_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - POSTFIX_RELAYHOST_USERNAME: ${POSTAL_SMTP_AUTH_USER} - POSTFIX_SMTP_TLS: false - POSTFIX_SMTPD_TLS: false - POSTFIX_SMTPD_TLS_CERT_FILE: null - POSTFIX_SMTPD_TLS_KEY_FILE: null - POSTFIX_SPAMHAUS_DQS_KEY: null - PUID: ${PUID} - REDIS_HOST: redis - REDIS_PASSWORD: null - REDIS_PORT: 6379 - RSPAMD_ENABLE: true - RSPAMD_NO_LOCAL_ADDRS: null - RSPAMD_WEB_PASSWORD: null - TZ: ${TZ} - image: anonaddy/anonaddy:latest - labels: - - swag=enable - - swag_proto=http - - swag_port=8000 - - swag_url=addy.${MY_TLD} - - homepage.group=Privacy/Security - - homepage.name=Addy - - homepage.icon=/icons/addy.png - - homepage.href=https://addy.${MY_TLD} - - homepage.description=Anonymous email forwarding - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: 8009 - target: 8000 - - mode: ingress - protocol: tcp - published: 11334 - target: 11334 - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/anonaddy - target: /data - type: bind - bind: - create_host_path: true - adguard: - container_name: adguard - environment: - TZ: America/New_York - hostname: Rinoa - image: adguard/adguardhome:latest - labels: - - swag=enable - - swag_proto=http - - swag_url=adgh.${MY_TLD} - - homepage.group=System Administration - - homepage.name=AdGuard Home - - homepage.icon=adguard-home.png - - homepage.href=https://adgh.${MY_TLD} - - homepage.description=Ad-blocking/DNS - - homepage.widget.type=adguard - - homepage.widget.url=http://adguard:80 - - homepage.widget.username=admin - - homepage.widget.password=${ADGUARD_PASSWORD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3001" - target: 3000 - - mode: ingress - protocol: tcp - published: "446" - target: 443 - - mode: ingress - protocol: tcp - published: "8008" - target: 80 - - mode: ingress - protocol: tcp - published: "853" - target: 853 - - host_ip: 0.0.0.0 - mode: ingress - protocol: tcp - published: "53" - target: 53 - - host_ip: 0.0.0.0 - mode: ingress - protocol: udp - published: "53" - target: 53 - - host_ip: 0.0.0.0 - mode: ingress - protocol: udp - published: "67" - target: 67 - - host_ip: 0.0.0.0 - mode: ingress - protocol: tcp - published: "688" - target: 68 - - host_ip: 0.0.0.0 - mode: ingress - protocol: udp - published: "688" - target: 68 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/adguard/work - target: /opt/adguardhome/work - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/adguard/conf - target: /opt/adguardhome/conf - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - source: ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/archive/trez.wtf - target: /etc/ssl/certs - type: bind - bind: - create_host_path: true - apprise: - container_name: apprise - environment: - PGID: "1000" - PUID: "1000" - TZ: America/New_York - hostname: Rinoa - image: lscr.io/linuxserver/apprise-api:latest - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Apprise - - homepage.icon=apprise.png - - homepage.href=http://192.168.1.254:8000 - - homepage.description=Cemtralized, multi-channel notification API - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8000" - target: 8000 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/apprise - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - audiobookshelf: - container_name: audiobookshelf - environment: - CONFIG_PATH: /config - HOME: /config/.home - LOG_LEVEL: info - METADATA_PATH: /metadata - TZ: America/New_York - hostname: Rinoa - image: ghcr.io/advplyr/audiobookshelf:latest - labels: - - homepage.group=Media Library - - homepage.name=Audiobookshelf - - homepage.href=https://abs.${MY_TLD} - - homepage.icon=audiobookshelf.png - - homepage.description=Podcasts, eBooks, & Audiobooks - - homepage.widget.type=audiobookshelf - - homepage.widget.url=http://audiobookshelf:80 - - homepage.widget.key=${AUDIOBOOKSHELF_ROOT_API_KEY} - - swag=enable - - swag_address=audiobookshelf - - swag_proto=http - - swag_url=abs.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://abs.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "13378" - target: 80 - restart: unless-stopped - user: 1000:1000 - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf - target: /config - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata - target: /metadata - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - authelia: - container_name: authelia - environment: - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${AUTHELIA_AUTH_BIND_LDAP_PASSWORD} - AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET} - AUTHELIA_NOTIFIER_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - AUTHELIA_NOTIFIER_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} - AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET} - AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY} - AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD} - GUID: ${PGID} - PGID: ${PGID} - PUID: ${PUID} - TZ: ${TZ} - expose: - - 9091 - image: authelia/authelia:master - labels: - - homepage.group=Privacy/Security - - homepage.name=Authelia - - homepage.href=https://auth.${MY_TLD} - - homepage.icon=authelia.svg - - homepage.description=Authentication/authorization server with MFA & SSO - - swag=enable - - swag_proto=http - - swag_port=9091 - - swag_url=auth.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://auth.${MY_TLD} - networks: - default: null - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/authelia/ - target: /config - type: bind - bind: - create_host_path: true - authelia-pg: - container_name: authelia-pg - environment: - - POSTGRES_PASSWORD=${AUTHELIA_STORAGE_POSTGRES_PASSWORD} - - POSTGRES_USER=authelia - - POSTGRES_DB=authelia - expose: - - 5432 - image: postgres:16-alpine - networks: - default: null - restart: unless-stopped - volumes: - - source: authelia-pg-db - target: /var/lib/postgresql/data - type: volume - bind: - create_host_path: true - bazarr: - container_name: bazarr - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/gilbn/theme.park:bazarr - hostname: Rinoa - image: lscr.io/linuxserver/bazarr:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=Bazarr - - homepage.href=https://bazarr.${MY_TLD} - - homepage.icon=bazarr.png - - homepage.description=Subtitle automation for TV shows/movies - - homepage.widget.type=bazarr - - homepage.widget.url=http://bazarr:6767 - - homepage.widget.key=${BAZARR_API_KEY} - - swag=enable - - swag_proto=http - - swag_port=6767 - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "6767" - target: 6767 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/bazarr - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - bitmagnet: - command: - - worker - - run - - --keys=http_server - - --keys=queue_server - - --keys=dht_crawler - container_name: bitmagnet - depends_on: - bitmagnet-pg-db: - condition: service_healthy - required: true - gluetun: - condition: service_started - required: true - restart: true - environment: - LOG_FILE_ROTATION_ENABLED: true - POSTGRES_HOST: bitmagnet-pg-db - POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} - POSTGRES_USER: bitmagnet - image: ghcr.io/bitmagnet-io/bitmagnet:latest - labels: - - homepage.group=Downloaders - - homepage.name=Bitmagnet - - homepage.href=https://btmag.${MY_TLD} - - homepage.icon=/icons/bitmagnet.svg - - homepage.description=Torrent indexer, DHT crawler, search engine, & content classifier - - homepage.widget.type=gluetun - - homepage.widget.url=http://gluetun:8000 - - swag=enable - - swag_proto=http - - swag_address=gluetun - - swag_auth=authelia - - swag_auth_bypass=/v1 - - swag_port=3333 - - swag_url=btmag.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://btmag.${MY_TLD} - network_mode: service:gluetun - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/bitmagnet - target: /root/.local/share/bitmagnet - type: bind - bind: - create_host_path: true - bitmagnet-pg-db: - container_name: bitmagnet-pg-db - environment: - POSTGRES_DB: bitmagnet - POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} - POSTGRES_USER: bitmagnet - expose: - - 5432 - healthcheck: - interval: 10s - start_period: 20s - test: - - CMD-SHELL - - pg_isready - image: postgres:17-alpine - networks: - bitmagnet: - ipv4_address: 192.168.55.8 - default: null - restart: unless-stopped - shm_size: 1g - volumes: - - source: bitmagnet-pg-db - target: /var/lib/postgresql/data - type: volume - volume: {} - bitwarden: - container_name: bitwarden - environment: - ADMIN_TOKEN: ${BITWARDEN_ENVIRONMENT_ADMIN_TOKEN} - DATABASE_URL: data/db.sqlite3 - DISABLE_ADMIN_TOKEN: "false" - DOMAIN: https://bitwarden.${MY_TLD} - ENABLE_DB_WAL: "true" - INVITATIONS_ALLOWED: "false" - SHOW_PASSWORD_HINT: "false" - SIGNUPS_ALLOWED: "true" - SIGNUPS_VERIFY: "true" - TZ: America/New_York - WEBSOCKET_ENABLED: "true" - hostname: Rinoa - image: vaultwarden/server:latest - labels: - - homepage.group=Privacy/Security - - homepage.name=Bitwarden - - homepage.icon=bitwarden.png - - homepage.href=https://bitwarden.${MY_TLD} - - homepage.description=Credential/Information Vault - - swag=enable - - swag_url=bitwarden.${MY_TLD} - - swag_proto=http - - swag_port=80 - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3012" - target: 3012 - - mode: ingress - protocol: tcp - published: "8013" - target: 80 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/bitwarden - target: /data - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - bluesky-pds: - container_name: bluesky-pds - environment: - PDS_ADMIN_EMAIL: charish.patel@trez.wtf - PDS_HOSTNAME: bsky.trez.wtf - PDS_JWT_SECRET: ${BLUESKY_PDS_JWT_SECRET} - PDS_ADMIN_PASSWORD: ${BLUESKY_PDS_ADMIN_PASSWORD} - PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${BLUESKY_PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX} - PDS_DATA_DIRECTORY: /pds - PDS_EMAIL_SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 - PDS_EMAIL_FROM_ADDRESS: noreply@trez.wtf - PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks - PDS_BLOB_UPLOAD_LIMIT: 52428800 - PDS_DID_PLC_URL: ${PDS_DID_PLC_URL} - PDS_BSKY_APP_VIEW_URL: ${PDS_BSKY_APP_VIEW_URL} - PDS_BSKY_APP_VIEW_DID: ${PDS_BSKY_APP_VIEW_DID} - PDS_REPORT_SERVICE_URL: ${PDS_REPORT_SERVICE_URL} - PDS_REPORT_SERVICE_DID: ${PDS_REPORT_SERVICE_DID} - PDS_CRAWLERS: ${PDS_CRAWLERS} - LOG_ENABLED: true - expose: - - 3000 - image: ghcr.io/bluesky-social/pds:latest - labels: - - swag=enable - - swag_port=3000 - - swag_url=bsky.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://bsky.${MY_TLD} - restart: unless-stopped - volumes: - - type: bind - source: ${DOCKER_VOLUME_CONFIG}/bluesky-pds - target: /pds - browserless: - container_name: browserless - environment: - ALLOW_FILE_PROTOCOL: true - CONCURRENT: 20 - HEALTH: false - PROXY_HOST: swag - PROXY_PORT: 443 - PROXY_SSL: true - QUEUED: 20 - TIMEOUT: 300000 - TOKEN: ${CHROMIUM_TOKEN} - TZ: ${TZ} - expose: - - 3000 - image: ghcr.io/browserless/chromium:latest - labels: - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=browse.${MY_TLD} - networks: - default: null - restart: unless-stopped - castopod: - container_name: castopod - depends_on: - - mariadb - environment: - MYSQL_DATABASE: castopod - MYSQL_USER: castopod - MYSQL_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} - CP_DATABASE_HOSTNAME: mariadb - CP_DATABASE_NAME: castopod - CP_DATABASE_USERNAME: castopod - CP_DATABASE_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} - CP_BASEURL: pod.trez.wtf - CP_ANALYTICS_SALT: ${CASTOPOD_ANALYTICS_SALT} - CP_CACHE_HANDLER: redis - CP_DISABLE_HTTPS: 1 - CP_REDIS_HOST: redis - CP_EMAIL_SMTP_HOST: postal-smtp - CP_EMAIL_FROM: noreply@trez.wtf - CP_EMAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} - CP_EMAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - expose: - - 8000 - image: castopod/castopod:latest - labels: - - homepage.group=Social - - homepage.name=Castopod - - homepage.href=https://pod.${MY_TLD} - - homepage.icon=castopod.png - - homepage.description=Podcast self-hosting - - swag=enable - - swag_port=8000 - - swag_url=pod.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://pod.${MY_TLD} - restart: unless-stopped - volumes: - - castopod-media:/var/www/castopod/public/media - cloudflared: - command: ['tunnel', '--no-autoupdate', 'run', '--token', '${CLOUDFLARED_TUNNEL_TOKEN}'] - container_name: cloudflared - environment: - CLOUDFLARED_TUNNEL_KEY: ${CLOUDFLARED_TUNNEL_TOKEN} - extra_hosts: - - host.docker.internal:host-gateway - image: 'cloudflare/cloudflared:latest' - restart: unless-stopped - volumes: - - ${DOCKER_VOLUME_CONFIG}/cloudflared:/etc/cloudflared - cloudflareddns: - container_name: cloudflareddns - environment: - ARGS: --dns-cloudflare-propagation-seconds 60 - CF_APIKEY: ${CLOUDFLAREDDNS_ENVIRONMENT_APIKEY} - CF_APITOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN} - CF_HOSTS: trez.wtf - CF_RECORDTYPES: A - CF_USER: charish.patel@trez.wtf - CF_ZONES: trez.wtf - DETECTION_MODE: dig-google.com - INTERVAL: "300" - LOG_LEVEL: "3" - PGID: "1000" - PUID: "1000" - TZ: America/New_York - hostname: Rinoa - image: ghcr.io/hotio/cloudflareddns:latest - networks: - default: null - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/cloudflareddns - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - crowdsec: - container_name: crowdsec - environment: - - DOCKER_HOST=tcp://dockerproxy:2375 - - GID=1000 - - BOUNCER_KEY_SWAG=${CROWDSEC_API_KEY} - - COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables - image: crowdsecurity/crowdsec:latest - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8101" - target: 8080 - restart: unless-stopped - security_opt: - - no-new-privileges=true - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local - target: /etc/crowdsec/config.yaml.local - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local - target: /etc/crowdsec/local_api_credentials.yaml.local - type: bind - bind: - create_host_path: true - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx - target: /var/log/swag - type: bind - bind: - create_host_path: true - - source: crowdsec-config - target: /etc/crowdsec - type: volume - volume: {} - - source: crowdsec-db - target: /var/lib/crowdsec/data - type: volume - volume: {} - - bind: - create_host_path: true - read_only: true - source: /var/log/journal - target: /var/log/host - type: bind - crowdsec-dashboard: - container_name: crowdsec-dashboard - depends_on: - crowdsec: - condition: service_started - required: true - environment: - MB_DB_FILE: /data/metabase.db - MGID: ${GID-1000} - image: metabase/metabase - labels: - - com.centurylinklabs.watchtower.enable=false - - homepage.group=Privacy/Security - - homepage.name=CrowdSec Dashboard - - homepage.href=https://csec.${MY_TLD} - - homepage.icon=crowdsec.svg - - homepage.description=Real-time & crowdsourced protection against aggressive IPs - - homepage.widget.type=crowdsec - - homepage.widget.url=http://crowdsec:8080 - - homepage.widget.username=localhost - - homepage.widget.password=${CROWDSEC_LOCAL_API_KEY} - - swag=enable - - swag_port=3000 - - swag_proto=http - - swag_url=csec.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://csec.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8908" - target: 3000 - restart: always - volumes: - - source: crowdsec-db - target: /metabase-data - type: volume - volume: {} - czkawka: - container_name: czkawka - environment: - KEEP_APP_RUNNING: 1 - PGID: ${PGID} - PUID: ${PUID} - TZ: ${TZ} - UMASK: 1 - WEB_LISTENING_PORT: 5800 - image: jlesage/czkawka - labels: - - homepage.group=System Administration - - homepage.name=Czkawka - - homepage.href=https://czkawka.${MY_TLD} - - homepage.icon=/icons/czkawka.png - - homepage.description=Smart file management - - swag=enable - - swag_port=5800 - - swag_proto=http - - swag_url=czkawka.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://czkawka.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "5800" - target: 5800 - privileged: true - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/czkawka - target: /config - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_STORAGE} - target: /storage - type: bind - bind: - create_host_path: true - dagu-scheduler: - command: dagu scheduler - container_name: dagu-scheduler - image: ghcr.io/dagu-org/dagu:latest - networks: - default: null - restart: unless-stopped - volumes: - - source: dagu_config - target: /home/dagu/.config/dagu - type: volume - volume: {} - - source: dagu_data - target: /home/dagu/.local/share - type: volume - volume: {} - dagu-server: - container_name: dagu-server - environment: - DAGU_PORT: 8080 - image: ghcr.io/dagu-org/dagu:latest - labels: - - homepage.group=System Administration - - homepage.name=Dagu - - homepage.href=https://cron.${MY_TLD} - - homepage.icon=/icons/dagu.png - - homepage.description=Cron alternative using DAGs (Directed Acyclic Graphs) - - swag=enable - - swag_port=8080 - - swag_proto=http - - swag_url=cron.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://cron.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8108" - target: 8080 - restart: unless-stopped - volumes: - - source: dagu_config - target: /home/dagu/.config/dagu - type: volume - bind: - create_host_path: true - - source: dagu_data - target: /home/dagu/.local/share - type: volume - bind: - create_host_path: true - delugevpn: - cap_add: - - NET_ADMIN - - SYS_MODULE - container_name: delugevpn - environment: - ENABLE_PRIVOXY: "no" - LAN_NETWORK: 192.168.1.0/24 - NAME_SERVERS: 192.168.1.254,1.1.1.1 - PGID: "1000" - PUID: "1000" - TZ: America/New_York - VPN_CLIENT: openvpn - VPN_ENABLED: "yes" - VPN_INPUT_PORTS: "" - VPN_OPTIONS: "" - VPN_OUTPUT_PORTS: "" - VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA - VPN_PROV: pia - VPN_USER: p3120278 - hostname: Rinoa - image: ghcr.io/binhex/arch-delugevpn:latest - labels: - - homepage.group=Downloaders - - homepage.name=DelugeVPN - - homepage.href=https://deluge.${MY_TLD} - - homepage.icon=deluge.png - - homepage.description=Torrent over VPN - - homepage.widget.type=deluge - - homepage.widget.url=http://delugevpn:8112 - - homepage.widget.password=${DELUGEVPN_PASSWORD} - - swag=enable - - swag_port=8112 - - swag_proto=http - - swag_url=deluge.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://deluge.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "58846" - target: 58846 - - mode: ingress - protocol: tcp - published: "58946" - target: 58946 - - mode: ingress - protocol: tcp - published: "6881" - target: 6881 - - mode: ingress - protocol: tcp - published: "8112" - target: 8112 - - mode: ingress - protocol: tcp - published: "8118" - target: 8118 - privileged: true - restart: unless-stopped - sysctls: - net.ipv4.conf.all.src_valid_mark: "1" - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/delugevpn - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - docker-socket-proxy: - container_name: dockerproxy - environment: - - BUILD=1 - - COMMIT=1 - - CONFIGS=1 - - CONTAINERS=1 - - DISTRIBUTION=1 - - EVENTS=1 - - EXEC=1 - - GPRC=1 - - IMAGES=1 - - INFO=1 - - NETWORKS=1 - - NODES=1 - - POST=1 - - PLUGINS=1 - - SERVICES=1 - - SESSION=1 - - SYSTEM=1 - - TASKS=1 - - VOLUMES=1 - - LOG_LEVEL=debug - image: ghcr.io/tecnativa/docker-socket-proxy:latest - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "2375" - target: 2375 - privileged: true - restart: unless-stopped - volumes: - - bind: - create_host_path: true - source: /var/run/docker.sock - target: /var/run/docker.sock - type: bind - docuseal: - container_name: docuseal - image: docuseal/docuseal:latest - labels: - - homepage.group=Personal Services - - homepage.name=Docuseal - - homepage.href=https://docs.${MY_TLD} - - homepage.description=OSS Document Signing & Verification - - homepage.icon=docuseal.png - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=sign.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://sign.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3002" - target: 3000 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/docuseal - target: /data - type: bind - bind: - create_host_path: true - duplicati: - container_name: duplicati - environment: - PGID: "1000" - PUID: "1000" - TZ: America/New_York - hostname: Rinoa - image: lscr.io/linuxserver/duplicati:latest - labels: - - swag=enable - - swag_port=8200 - - swag_proto=http - - swag_url=dup.${MY_TLD} - - homepage.group=Automation - - homepage.name=Duplicati - - homepage.href=https://dup.${MY_TLD} - - homepage.icon=duplicati.png - - homepage.description=Data backup - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8282" - target: 8200 - - ${DUPLICATI_PORT_8200}:8200 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/duplicati - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - bind: - create_host_path: true - source: /home/charish/.config/appdata/backups - target: /backups - type: bind - - bind: - create_host_path: true - source: /home/charish/.config/appdata - target: /source - type: bind - emby: - container_name: emby - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:emby - hostname: Rinoa - image: emby/embyserver - labels: - - homepage.group=Media Library - - homepage.name=Emby - - homepage.icon=emby.png - - homepage.href=http://emby.${MY_TLD} - - homepage.description=Movie/TV Streaming - - homepage.widget.type=emby - - homepage.widget.url=http://emby:8096 - - homepage.widget.key=${EMBY_HOMEPAGE_API_KEY} - - homepage.widget.enableBlocks=true - - homepage.widget.enableNowPlaying=true - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8096" - target: 8096 - - mode: ingress - protocol: tcp - published: "8920" - target: 8920 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/emby - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - bind: - create_host_path: true - source: /tmp - target: /transcode - type: bind - fastenhealth: - container_name: fastenhealth - image: ghcr.io/fastenhealth/fasten-onprem:main - labels: - - homepage.group=Lifestyle - - homepage.name=Fasten - - homepage.icon=/icons/fastenhealth.png - - homepage.href=http://health.${MY_TLD} - - homepage.description=Open-source, self-hosted, personal/family electronic medical record aggregator - - swag=enable - - swag_proto=http - - swag_port=8080 - - swag_url=health.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://health.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8105" - target: 8080 - restart: unless-stopped - volumes: - - source: fastenhealth-cache - target: /opt/fasten/cache - type: volume - volume: {} - - source: fastenhealth-db - target: /opt/fasten/db - type: volume - volume: {} - flaresolverr: - container_name: flaresolverr - environment: - - CAPTCHA_SOLVER=none - - LOG_HTML=false - - LOG_LEVEL=info - - PORT=8191 - - TZ=America/New_York - - BROWSER_TIMEOUT=40000 - - TEST_URL=https://duckduckgo.com - hostname: Rinoa - image: ghcr.io/flaresolverr/flaresolverr:latest - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8191" - target: 8191 - restart: unless-stopped - sysctls: - - net.ipv6.conf.all.disable_ipv6=1 - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - ghost: - container_name: ghost_blog - depends_on: - mariadb: - condition: service_started - required: true - restart: true - environment: - - database__client=mysql - - database__connection__host=mariadb - - database__connection__port=3306 - - database__connection__user=${GHOST_DB_USER} - - database__connection__password=${GHOST_DB_PASSWORD} - - database__connection__database=ghost_db - - mail__transport=SMTP - - mail__options__host=postal-smtp - - mail__options__port=25 - - mail__options__secure=false - - mail__options__auth__user=${POSTAL_SMTP_AUTH_USER} - - mail__options__auth__pass=${POSTAL_SMTP_AUTH_PASSWORD} - - mail__from="noreply@trez.wtf" - - url=https://blog.${MY_TLD} - image: ghost:latest - labels: - - homepage.group=Lifestyle - - homepage.name=Ghost - - homepage.href=https://blog.${MY_TLD} - - homepage.icon=ghost.png - - homepage.description=Personal blog - - swag=enable - - swag_port=2368 - - swag_proto=http - - swag_url=blog.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://blog.${MY_TLD} - links: - - mariadb - networks: - default: null - restart: always - gitea: - container_name: gitea - depends_on: - gitea-db: - condition: service_healthy - required: true - environment: - - USER_UID=${PUID} - - USER_GID=${PGID} - - GITEA__database__DB_TYPE=postgres - - GITEA__database__HOST=gitea-db:5432 - - GITEA__database__NAME=gitea - - GITEA__database__USER=gitea - - GITEA__database__PASSWD=${GITEA_PG_DB_PASSWORD} - - GITEA__mailer__ENABLED=true - - GITEA__mailer__FROM='"Gitea" ' - - GITEA__mailer__PROTOCOL=smtp - - GITEA__mailer__SMTP_ADDR=postal-smtp - - GITEA__mailer__SMTP_PORT=25 - - GITEA__mailer__USER=${POSTAL_SMTP_AUTH_USER} - - GITEA__mailer__PASSWD=${POSTAL_SMTP_AUTH_PASSWORD} - image: gitea/gitea:1.22.2 - labels: - - homepage.group=Code/DevOps - - homepage.name=Gitea - - homepage.href=https://git.${MY_TLD} - - homepage.icon=gitea.svg - - homepage.description=Private Code Repo - - homepage.widget.type=gitea - - homepage.widget.url=http://gitea:3000 - - homepage.widget.key=${GITEA_HOMEPAGE_API_KEY} - - swag=enable - - swag_url=git.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://git.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3013" - target: 3000 - - mode: ingress - protocol: tcp - published: "222" - target: 22 - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/gitea - target: /data - type: bind - bind: - create_host_path: true - - bind: - create_host_path: true - read_only: true - source: /etc/timezone - target: /etc/timezone - type: bind - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - gitea-db: - container_name: gitea-db - environment: - - POSTGRES_USER=gitea - - POSTGRES_PASSWORD=${GITEA_PG_DB_PASSWORD} - - POSTGRES_DB=gitea - expose: - - 5432 - healthcheck: - interval: 10s - start_period: 20s - test: - - CMD-SHELL - - pg_isready - image: postgres:14 - networks: - default: null - restart: always - volumes: - - source: gitea-pg-db - target: /var/lib/postgresql/data - type: volume - volume: {} - gitea-opengist: - container_name: gitea-opengist - environment: - OG_LOG_LEVEL: warn - OG_EXTERNAL_URL: https://gist.trez.wtf - OG_GIT_DEFAULT_BRANCH: "main" - OG_GITEA_CLIENT_KEY: ${OPENGIST_GITEA_CLIENT_KEY} - OG_GITEA_SECRET: ${OPENGIST_GITEA_SECRET} - OG_GITEA_URL: https://git.trez.wtf - OG_GITEA_NAME: "Gitea @ Rinoa" - OG_SSH_EXTERNAL_DOMAIN: gist-ssh.trez.wtf - image: ghcr.io/thomiceli/opengist:latest - labels: - homepage.description: Private Code Gists - homepage.group: Code/DevOps - homepage.href: https://gist.trez.wtf - homepage.icon: /icons/opengist.svg - homepage.name: Opengist - swag: enable - swag.uptime-kuma.enabled: "true" - swag.uptime-kuma.monitor.url: https://gist.trez.wtf - swag_port: "6157" - swag_proto: http - swag_url: gist.trez.wtf - ports: - - "6157:6157" # HTTP port - - "2222:2222" # SSH port, can be removed if you don't use SSH - restart: always - volumes: - - ${DOCKER_VOLUME_CONFIG}/gitea/opengist:/opengist - gitea-runner: - container_name: gitea-runner - depends_on: - gitea: - condition: service_started - environment: - CONFIG_FILE: /config.yaml - DOCKER_HOST: tcp://dockerproxy:2375 - GITEA_INSTANCE_URL: https://git.trez.wtf - GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" - GITEA_RUNNER_NAME: "gitea-runner-1" - image: gitea/act_runner:latest - ports: - - 63604:63604 - restart: always - volumes: - - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml - gitea-sonarqube-bot: - container_name: gitea-sonarqube-bot - depends_on: - gitea: - condition: service_started - sonarqube: - condition: service_started - image: justusbunsi/gitea-sonarqube-bot:v0.3.5 - environment: - GITEA_SQ_BOT_PORT: 58525 - GITEA_SQ_BOT_CONFIG_PATH: /home/bot/config/config.yaml - ports: - - 58525:58525 - restart: unless-stopped - volumes: - - ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/ - gluetun: - cap_add: - - NET_ADMIN - container_name: gluetun - environment: - OPENVPN_PASSWORD: ${DELUGEVPN_ENVIRONMENT_VPN_PASS} - OPENVPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER} - PORT_FORWARD_ONLY: true - SERVER_REGIONS: Bahamas,Belgium,Cyprus,Estonia,FI Helsinki,Iceland,Latvia,Lithuania,Luxembourg,Montenegro,Netherlands,Portugal,DK Copenhagen,Ukraine,Uruguay - VPN_SERVICE_PROVIDER: private internet access - expose: - - 8000 - extra_hosts: - - bitmagnet-pg-db:192.168.55.8 - image: qmcgaw/gluetun:latest - networks: - bitmagnet: - ipv4_address: 192.168.55.7 - default: null - ports: - - mode: ingress - protocol: tcp - published: "3333" - target: 3333 - - mode: ingress - protocol: tcp - published: "3334" - target: 3334 - - mode: ingress - protocol: udp - published: "3334" - target: 3334 - - mode: ingress - protocol: tcp - published: "5030" - target: 5030 - - mode: ingress - protocol: tcp - published: "5031" - target: 5031 - - mode: ingress - protocol: tcp - published: "50300" - target: 50300 - restart: always - gotify: - container_name: gotify - environment: - - GOTIFY_SERVER_PORT=80 - - GOTIFY_SERVER_KEEPALIVEPERIODSECONDS=0 - - GOTIFY_SERVER_LISTENADDR= - - GOTIFY_SERVER_SSL_ENABLED=false - - GOTIFY_SERVER_SSL_REDIRECTTOHTTPS=true - - GOTIFY_SERVER_SSL_LISTENADDR= - - GOTIFY_SERVER_SSL_PORT=443 - - GOTIFY_SERVER_SSL_CERTFILE= - - GOTIFY_SERVER_SSL_CERTKEY= - - GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED=false - - GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS=false - - GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE=certs - - GOTIFY_SERVER_STREAM_PINGPERIODSECONDS=45 - - GOTIFY_DATABASE_DIALECT=sqlite3 - - GOTIFY_DATABASE_CONNECTION=data/gotify.db - - GOTIFY_DEFAULTUSER_NAME=admin - - GOTIFY_DEFAULTUSER_PASS=${GOTIFY_PASSWORD} - - GOTIFY_PASSSTRENGTH=10 - - GOTIFY_UPLOADEDIMAGESDIR=data/images - - GOTIFY_PLUGINSDIR=data/plugins - - GOTIFY_REGISTRATION=false - image: gotify/server - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Gotify - - homepage.href=https://gotify.${MY_TLD} - - homepage.icon=gotify.png - - homepage.description=Notification System - - homepage.widget.type=gotify - - homepage.widget.url=http://gotify - - homepage.widget.key=${GOTIFY_HOMEPAGE_CLIENT_KEY} - - swag=enable - - swag_proto=http - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8097" - target: 80 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/gotify - target: /app/data - type: bind - bind: - create_host_path: true - grafana: - container_name: grafana - depends_on: - grafana-alloy: - condition: service_started - required: true - environment: - GF_INSTALL_PLUGINS: grafana-piechart-panel - TZ: America/New_York - hostname: Rinoa - image: grafana/grafana-enterprise:latest - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Grafana (LGTM) - - homepage.href=https://mon.${MY_TLD} - - homepage.description=Monitoring Dashboard for metrics, logs, traces, & profiles - - homepage.icon=grafana.png - - homepage.widget.type=grafana - - homepage.widget.url=http://grafana:3000 - - homepage.widget.username=admin - - homepage.widget.password=${GRAFANA_ADMIN_PASSWORD} - - swag=enable - - swag_proto=http - - swag_url=mon.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://mon.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3006" - target: 3000 - restart: unless-stopped - user: 1000:1000 - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - source: ${DOCKER_VOLUME_CONFIG}/grafana/data - target: /var/lib/grafana - type: bind - bind: - create_host_path: true - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - grafana-alloy: - cap_add: - - SYS_ADMIN - - SYS_TIME - - BPF - - SYSLOG - command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy - container_name: grafana-alloy - environment: - - DOCKER_HOST=tcp://dockerproxy:2375 - image: grafana/alloy:latest - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Grafana Alloy - - homepage.description=Agent for metric/log/trace/profile collection and writing - - homepage.href=http://192.168.1.254:12345 - - homepage.icon=/icons/grafana-alloy.svg - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "12345" - target: 12345 - privileged: true - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy - target: /etc/alloy/config.alloy - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json - target: /etc/alloy/endpoints.json - type: bind - bind: - create_host_path: true - - bind: - create_host_path: true - read_only: true - source: /proc - target: /host/proc - type: bind - - bind: - create_host_path: true - read_only: true - source: /sys - target: /host/sys - type: bind - - bind: - create_host_path: true - read_only: true - source: / - target: /rootfs - type: bind - grafana-loki: - command: -config.file=/etc/loki/loki-config.yaml - container_name: grafana-loki - depends_on: - grafana-alloy: - condition: service_started - required: true - image: grafana/loki:latest - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3100" - target: 3100 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml - target: /etc/loki/loki-config.yaml - type: bind - bind: - create_host_path: true - grafana-mimir: - command: - - -ingester.native-histograms-ingestion-enabled=true - - -config.file=/etc/mimir.yaml - container_name: grafana-mimir - depends_on: - grafana-alloy: - condition: service_started - required: true - image: grafana/mimir:latest - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Grafana Mimir - - homepage.href=http://192.168.1.254:9009 - - homepage.description=Long-term metrics storage - - homepage.icon=/icons/grafana-mimir.png - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "9009" - target: 9009 - restart: unless-stopped - volumes: - - source: grafana-mimir-data - target: /data - type: volume - volume: {} - - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml - target: /etc/mimir.yaml - type: bind - bind: - create_host_path: true - grafana-mimir-memcached: - container_name: grafana-mimir-memcached - depends_on: - grafana-alloy: - condition: service_started - required: true - environment: - - MEMCACHED_MEMORY_LIMIT=1g - - MEMCACHED_THREADS=4 - - MEMCACHED_MAX_CONNECTIONS=2048 - - MEMCACHED_TCP_PORT=11211 - - MEMCACHED_UDP_PORT=11211 - image: memcached - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "11211" - target: 11211 - restart: unless-stopped - grafana-pyroscope: - command: - - -config.file=/etc/pyroscope.yml - container_name: grafana-pyroscope - depends_on: - grafana-alloy: - condition: service_started - required: true - image: grafana/pyroscope:latest - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Grafana Pyroscope - - homepage.description=Profiling for applications - - homepage.href=http://192.168.1.254:4040 - - homepage.icon=/icons/grafana-pyroscope.svg - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "4040" - target: 4040 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml - target: /etc/pyroscope.yml - type: bind - bind: - create_host_path: true - grafana-tempo: - command: - - -config.file=/etc/tempo.yaml - container_name: grafana-tempo - depends_on: - grafana-alloy: - condition: service_started - required: true - image: grafana/tempo:latest - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "14268" - target: 14268 - - mode: ingress - protocol: tcp - published: "3200" - target: 3200 - - mode: ingress - protocol: tcp - published: "9095" - target: 9095 - - mode: ingress - protocol: tcp - published: "4317" - target: 4317 - - mode: ingress - protocol: tcp - published: "4318" - target: 4318 - - mode: ingress - protocol: tcp - published: "9411" - target: 9411 - restart: unless-stopped - volumes: - - source: grafana-tempo-data - target: /var/tempo - type: volume - volume: {} - - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml - target: /etc/tempo.yaml - type: bind - bind: - create_host_path: true - homepage: - container_name: homepage - image: ghcr.io/gethomepage/homepage:latest - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3004" - target: 3000 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/homepage - target: /app/config - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/homepage/images - target: /app/public/images - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/homepage/icons - target: /app/public/icons - type: bind - bind: - create_host_path: true - - read_only: true - source: ${DOCKER_VOLUME_STORAGE} - target: /rinoa-storage - type: bind - bind: - create_host_path: true - hortusfox: - container_name: hortusfox - depends_on: - mariadb: - condition: service_started - required: true - environment: - APP_ADMIN_EMAIL: charish.patel@trez.wtf - APP_ADMIN_PASSWORD: ${HORTUSFOX_ADMIN_PASSWORD} - DB_CHARSET: utf8mb4 - DB_DATABASE: hortusfox - DB_HOST: mariadb - DB_PASSWORD: ${HORTUSFOX_DB_PASSWORD} - DB_PORT: 3306 - DB_USERNAME: hortusfox - image: ghcr.io/danielbrendel/hortusfox-web:latest - labels: - - swag=enable - - swag_proto=http - - swag_url=plants.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://plants.${MY_TLD} - - homepage.group=Lifestyle - - homepage.name=HortusFox - - homepage.href=https://plants.${MY_TLD} - - homepage.icon=hortusfox.png - - homepage.description=Plant management system - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8006" - target: 80 - restart: unless-stopped - volumes: - - source: hortusfox_app_images - target: /var/www/html/public/img - type: volume - volume: {} - - source: hortusfox_app_logs - target: /var/www/html/app/logs - type: volume - volume: {} - - source: hortusfox_app_backup - target: /var/www/html/public/backup - type: volume - volume: {} - - source: hortusfox_app_themes - target: /var/www/html/public/themes - type: volume - volume: {} - - source: hortusfox_app_migrate - target: /var/www/html/app/migrations - type: volume - volume: {} - huginn: - container_name: huginn - environment: - HUGINN_DATABASE_HOST: mariadb - HUGINN_DATABASE_NAME: huginn - HUGINN_DATABASE_PASSWORD: MLbKPT3j9TYcguYevFRcfEcrXtL4kcxujtrNdrq9eCig4WhUbxkyLoAiCPpm4zob - HUGINN_DATABASE_PORT: "3306" - HUGINN_DATABASE_USERNAME: huginn - PGID: "1000" - PUID: "1000" - TZ: America/New_York - hostname: Rinoa - image: ghcr.io/huginn/huginn - labels: - - homepage.group=Automation - - homepage.name=Huginn - - homepage.href=https://huginn.${MY_TLD} - - homepage.icon=huginn - - homepage.description=Agent/Web Automation - - swag=enable - - swag_port=3000 - - swag_proto=http - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3005" - target: 3000 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - hugo: - command: hugo server --baseURL "it-services.trez.wtf" --bind 0.0.0.0 --appendPort=false --source=/src/it-services --configDir=/src/it-services/config/ -e production --logLevel debug - container_name: hugo - image: hugomods/hugo:exts - labels: - - swag=enable - - swag_proto=http - - swag_port=1313 - - swag_url=it-services.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://it-services.${MY_TLD} - - homepage.group=Professional Services - - homepage.name=Hugo - - homepage.href=https://it-services.${MY_TLD} - - homepage.icon=hugo.svg - - homepage.description=Static site - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "1313" - target: 1313 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/hugo/ - target: /src - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/hugo/cache - target: /tmp/hugo_cache - type: bind - bind: - create_host_path: true - invidious: - container_name: invidious - depends_on: - invidious-db: - condition: service_started - required: true - environment: - INVIDIOUS_CONFIG: | - db: - dbname: invidious - user: kemal - password: kemal - host: invidious-db - port: 5432 - check_tables: true - # external_port: - # domain: - # https_only: false - # statistics_enabled: false - hmac_key: "8Qyuvl9TWYdkvVo8BJ14qM4HBshKieR3KvDc3vsECx1L4OR51i-EtW2K74MmAVHeNPmJetM67T0M-9FIm7b-MA" - healthcheck: - interval: 30s - retries: 2 - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - timeout: 5s - image: quay.io/invidious/invidious:latest - labels: - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=invid.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://invid.${MY_TLD} - - homepage.group=Social - - homepage.name=Invidious - - homepage.href=https://invid.${MY_TLD} - - homepage.icon=invidious.svg - - homepage.description=Alternative YouTube frontend (privacy-focused, ad-blocking) - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3007" - target: 3000 - restart: unless-stopped - invidious-db: - container_name: invidious-db - environment: - POSTGRES_DB: invidious - POSTGRES_PASSWORD: kemal - POSTGRES_USER: kemal - healthcheck: - test: - - CMD-SHELL - - pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB - image: docker.io/library/postgres:14 - networks: - default: null - restart: unless-stopped - volumes: - - source: invidious-postgres - target: /var/lib/postgresql/data - type: volume - volume: {} - - source: ${DOCKER_VOLUME_CONFIG}/invidious/sql - target: /config/sql - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/invidious/entrypoint/init-invidious-db.sh - target: /docker-entrypoint-initdb.d/init-invidious-db.sh - type: bind - bind: - create_host_path: true - invoice_ninja: - container_name: invoice_ninja - environment: - APP_DEBUG: true - APP_KEY: ${IN_APP_KEY} - APP_URL: http://invoice_ninja:8003 - DB_DATABASE: invoice_ninja - DB_HOST: mariadb - DB_PASSWORD: ${IN_MYSQL_PASSWORD} - DB_PORT: 3306 - DB_USERNAME: ininja - IN_PASSWORD: ${IN_PASSWORD} - IN_USER_EMAIL: charish.patel@trez.wtf - MAIL_ENCRYPTION: null - MAIL_FROM_ADDRESS: noreply@trez.wtf - MAIL_FROM_NAME: null - MAIL_HOST: postal-smtp - MAIL_MAILER: log - MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - MAIL_PORT: 25 - MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} - MYSQL_DATABASE: invoice_ninja - MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} - MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} - MYSQL_USER: ininja - PDF_GENERATOR: snappdf - PHANTOMJS_PDF_GENERATION: false - QUEUE_CONNECTION: database - REQUIRE_HTTPS: false - TRUSTED_PROXIES: 172.18.0.0/16 - expose: - - 9000 - image: invoiceninja/invoiceninja:5 - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8003" - target: 8003 - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public - target: /var/www/app/public - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/storage - target: /var/www/app/storage - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php.ini - target: /usr/local/etc/php/php.ini - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php-cli.ini - target: /usr/local/etc/php/php-cli.ini - type: bind - bind: - create_host_path: true - invoice_ninja_proxy: - container_name: invoice_ninja_proxy - depends_on: - invoice_ninja: - condition: service_started - required: true - environment: - APP_DEBUG: true - APP_KEY: ${IN_APP_KEY} - APP_URL: http://invoice_ninja:9000 - DB_DATABASE: invoice_ninja - DB_HOST: mariadb - DB_PASSWORD: ${IN_MYSQL_PASSWORD} - DB_PORT: 3306 - DB_USERNAME: ininja - IN_PASSWORD: ${IN_PASSWORD} - IN_USER_EMAIL: charish.patel@trez.wtf - MAIL_ENCRYPTION: null - MAIL_FROM_ADDRESS: noreply@trez.wtf - MAIL_FROM_NAME: null - MAIL_HOST: postal-smtp - MAIL_MAILER: log - MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - MAIL_PORT: 25 - MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} - MYSQL_DATABASE: invoice_ninja - MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} - MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} - MYSQL_USER: ininja - PDF_GENERATOR: snappdf - PHANTOMJS_PDF_GENERATION: false - QUEUE_CONNECTION: database - REQUIRE_HTTPS: false - TRUSTED_PROXIES: 172.18.0.0/16 - image: nginx - labels: - - swag=enable - - swag_proto=http - - swag_url=biz.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://biz.${MY_TLD} - - homepage.group=Professional Services - - homepage.name=Invoice Ninja - - homepage.href=https://biz.${MY_TLD} - - homepage.icon=invoiceninja.svg - - homepage.description=Simple invoicing, multiple payment options, expense and vendor management, and more! - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8005" - target: 80 - restart: always - volumes: - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/proxy/invoice_ninja.conf - target: /etc/nginx/conf.d/in-vhost.conf - type: bind - bind: - create_host_path: true - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public - target: /var/www/app/public - type: bind - bind: - create_host_path: true - it-tools: - container_name: it-tools - image: ghcr.io/corentinth/it-tools:latest - labels: - - swag=enable - - swag_proto=http - - swag_url=itt.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://itt.${MY_TLD} - - homepage.group=Code/DevOps - - homepage.name=IT-Tools - - homepage.href=https://itt.${MY_TLD} - - homepage.icon=it-tools.svg - - homepage.description=Useful tools for developers and people working in IT - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8104" - target: 80 - restart: unless-stopped - jitsi-admin: - container_name: jitsi-admin - environment: - DATABASE_URL: mysql://jitsiadmin:${JITSI__ADMIN_DB_PASSWORD}@mariadb:3306/jitsiadmin - HTTP_METHOD: http - MAILER_DSN: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 - MERCURE_JWT_SECRET: ${JITSI__ADMIN_JWT_SECRET} - MERCURE_PUBLIC_URL: https://meet-admin.${MY_TLD} - MERCURE_URL: http://jitsi-admin-websocket:3000 - OAUTH_KEYCLOAK_CLIENT_ID: null - OAUTH_KEYCLOAK_CLIENT_REALM: null - OAUTH_KEYCLOAK_CLIENT_SECRET: null - OAUTH_KEYCLOAK_CLIENT_SERVER: null - PUBLIC_URL: https://meet-admin.${MY_TLD} - VICH_BASE: https://meet-admin.${MY_TLD} - laF_baseUrl: https://meet-admin.${MY_TLD} - registerEmailAdress: noreply@trez.wtf - image: h2invent/jitsi-admin-main - labels: - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=meet-admin.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://meet-admin.${MY_TLD} - - homepage.group=System Administration - - homepage.name=Jitsi Admin - - homepage.href=https://meet-admin.${MY_TLD} - - homepage.icon=/icons/jitsi-admin.png - - homepage.description=Web Conferencing - networks: - default: null - restart: unless-stopped - jitsi-admin-keycloak: - command: - - start-dev - - --import-realm - container_name: jitsi-admin-keycloak - environment: - KC_RUN_IN_CONTAINER: true - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} - KEYCLOAK_BIND_ADDRESS: 0.0.0.0 - KEYCLOAK_CACHE_TYPE: ispn - KEYCLOAK_DAEMON_GROUP: keycloak - KEYCLOAK_DAEMON_USER: keycloak - KEYCLOAK_DATABASE_HOST: postgresql - KEYCLOAK_DATABASE_NAME: bitnami_keycloak - KEYCLOAK_DATABASE_PASSWORD: nil - KEYCLOAK_DATABASE_PORT: 5432 - KEYCLOAK_DATABASE_SCHEMA: public - KEYCLOAK_DATABASE_USER: bn_keycloak - KEYCLOAK_DATABASE_VENDOR: postgresql - KEYCLOAK_ENABLE_HEALTH_ENDPOINTS: false - KEYCLOAK_ENABLE_HTTPS: false - KEYCLOAK_ENABLE_STATISTICS: false - KEYCLOAK_HOSTNAME: null - KEYCLOAK_HTTP_PORT: 8080 - KEYCLOAK_HTTP_RELATIVE_PATH: / - KEYCLOAK_HTTPS_PORT: 8443 - KEYCLOAK_HTTPS_USE_PEM: false - KEYCLOAK_INIT_MAX_RETRIES: 10 - KEYCLOAK_JDBC_DRIVER: postgresql - KEYCLOAK_JDBC_PARAMS: nil - KEYCLOAK_LOG_LEVEL: info - KEYCLOAK_LOG_OUTPUT: default - KEYCLOAK_MOUNTED_CONF_DIR: /opt/keycloak/conf - KEYCLOAK_PRODUCTION: false - KEYCLOAK_PROXY: passthrough - KEYCLOAK_ROOT_LOG_LEVEL: INFO - expose: - - 8080 - - 8443 - image: keycloak/keycloak - labels: - - homepage.group=Privacy/Security - - homepage.name=Keycloak - - homepage.href=https://cloak.${MY_TLD} - - homepage.icon=keycloak.svg - - homepage.description=Open-source IAM - - swag=enable - - swag_proto=http - - swag_port=8080 - - swag_url=cloak.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://cloak.${MY_TLD} - networks: - default: null - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/keycloak - target: /opt/keycloak/data/import - type: bind - bind: - create_host_path: true - jitsi-admin-websocket: - container_name: jitsi-admin-websocket - environment: - WEBSOCKET_SECRET: ${JITSI__ADMIN_JWT_SECRET} - expose: - - 3000 - image: h2invent/jitsi-admin-websocket - labels: - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=meet-admin.${MY_TLD} - - swag_server_custom_directive="location /ws { proxy_pass http://localhost:3000; proxy_set_header X-Forwarded-Proto http; proxy_set_header Host $$host; }" - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://meet-admin.${MY_TLD} - - homepage.group=System Administration - - homepage.name=Jitsi Admin - - homepage.href=https://meet-admin.${MY_TLD} - - homepage.icon=/icons/jitsi-admin.png - - homepage.description=Web Conferencing - networks: - default: null - restart: unless-stopped - jitsi-etherpad: - container_name: jitsi-etherpad - environment: - - TITLE=${JITSI__ETHERPAD_TITLE} - - DEFAULT_PAD_TEXT=${JITSI__ETHERPAD_DEFAULT_PAD_TEXT} - - SKIN_NAME=${JITSI__ETHERPAD_SKIN_NAME} - - SKIN_VARIANTS=${JITSI__ETHERPAD_SKIN_VARIANTS} - - SUPPRESS_ERRORS_IN_PAD_TEXT=true - image: etherpad/etherpad:1.8.6 - networks: - default: null - restart: unless-stopped - jitsi-jibri: - cap_add: - - SYS_ADMIN - container_name: jitsi-jibri - depends_on: - jitsi-jicofo: - condition: service_started - required: true - environment: - - AUTOSCALER_SIDECAR_KEY_FILE - - AUTOSCALER_SIDECAR_KEY_ID - - AUTOSCALER_SIDECAR_GROUP_NAME - - AUTOSCALER_SIDECAR_HOST_ID - - AUTOSCALER_SIDECAR_INSTANCE_ID - - AUTOSCALER_SIDECAR_PORT - - AUTOSCALER_SIDECAR_REGION - - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL - - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL - - AUTOSCALER_URL - - CHROMIUM_FLAGS - - DISPLAY=:0 - - ENABLE_STATS_D - - JIBRI_WEBHOOK_SUBSCRIBERS - - JIBRI_HTTP_API_EXTERNAL_PORT - - JIBRI_HTTP_API_INTERNAL_PORT - - JIBRI_RECORDING_RESOLUTION - - JIBRI_RECORDING_VIDEO_ENCODE_PRESET - - JIBRI_RECORDING_CONSTANT_RATE_FACTOR - - JIBRI_RECORDING_FRAMERATE - - JIBRI_RECORDING_QUEUE_SIZE - - JIBRI_RECORDING_STREAMING_MAX_BITRATE - - JIBRI_USAGE_TIMEOUT - - JIBRI_XMPP_USER - - JIBRI_XMPP_PASSWORD=${JITSI__JIBRI_XMPP_PASSWORD} - - JIBRI_BREWERY_MUC - - JIBRI_RECORDER_USER=jibri-recorder - - JIBRI_RECORDER_PASSWORD=${JITSI__JIBRI_RECORDER_PASSWORD} - - JIBRI_RECORDING_DIR - - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH - - JIBRI_STRIP_DOMAIN_JID - - JIBRI_STATSD_HOST - - JIBRI_STATSD_PORT - - LOCAL_ADDRESS - - PUBLIC_URL=${JITSI__PUBLIC_URL} - - TZ=${JITSI__TZ} - - XMPP_AUTH_DOMAIN - - XMPP_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN - - XMPP_SERVER= - - XMPP_PORT - - XMPP_TRUST_ALL_CERTS - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable} - networks: - default: null - restart: unless-stopped - shm_size: 2gb - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri - target: /config - type: bind - bind: - create_host_path: true - jitsi-jicofo: - container_name: focus.meet.jitsi - depends_on: - jitsi-prosody: - condition: service_started - required: true - environment: - - AUTH_TYPE - - BRIDGE_AVG_PARTICIPANT_STRESS - - BRIDGE_STRESS_THRESHOLD - - ENABLE_AUTH - - ENABLE_AUTO_OWNER - - ENABLE_CODEC_VP8 - - ENABLE_CODEC_VP9 - - ENABLE_CODEC_H264 - - ENABLE_CODEC_OPUS_RED - - ENABLE_JVB_XMPP_SERVER - - ENABLE_OCTO - - ENABLE_RECORDING=1 - - ENABLE_SCTP - - ENABLE_AUTO_LOGIN - - JICOFO_AUTH_LIFETIME - - JICOFO_AUTH_PASSWORD=${JITSI__JICOFO_AUTH_PASSWORD} - - JICOFO_AUTH_TYPE - - JICOFO_BRIDGE_REGION_GROUPS - - JICOFO_ENABLE_AUTH - - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS - - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT - - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT - - JICOFO_CONF_SOURCE_SIGNALING_DELAYS - - JICOFO_CONF_MAX_AUDIO_SENDERS - - JICOFO_CONF_MAX_VIDEO_SENDERS - - JICOFO_CONF_STRIP_SIMULCAST - - JICOFO_CONF_SSRC_REWRITING - - JICOFO_ENABLE_HEALTH_CHECKS - - JICOFO_ENABLE_REST - - JICOFO_HEALTH_CHECKS_USE_PRESENCE - - JICOFO_MULTI_STREAM_BACKWARD_COMPAT - - JICOFO_OCTO_REGION - - JIBRI_BREWERY_MUC - - JIBRI_REQUEST_RETRIES - - JIBRI_PENDING_TIMEOUT - - JIGASI_BREWERY_MUC - - JIGASI_SIP_URI - - JVB_BREWERY_MUC - - JVB_XMPP_AUTH_DOMAIN - - JVB_XMPP_INTERNAL_MUC_DOMAIN - - JVB_XMPP_PORT - - JVB_XMPP_SERVER - - MAX_BRIDGE_PARTICIPANTS - - OCTO_BRIDGE_SELECTION_STRATEGY - - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" - - SENTRY_ENVIRONMENT - - SENTRY_RELEASE - - TZ=${JITSI__JIGAGI_SIP_SERVER} - - XMPP_DOMAIN - - XMPP_AUTH_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN - - XMPP_SERVER= - - XMPP_PORT - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable} - networks: - default: null - ports: - - 127.0.0.1:${JICOFO_REST_PORT:-8889}:8888 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo - target: /config - type: bind - jitsi-jigasi: - container_name: jitsi-jigasi - depends_on: - jitsi-prosody: - condition: service_started - required: true - environment: - - ENABLE_AUTH=1 - - ENABLE_GUESTS=1 - - XMPP_AUTH_DOMAIN - - XMPP_GUEST_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_SERVER - - XMPP_PORT - - XMPP_DOMAIN - - PUBLIC_URL=${JITSI__PUBLIC_URL} - - JIGASI_DISABLE_SIP - - JIGASI_SIP_URI=${JITSI__SIP_URI} - - JIGASI_SIP_PASSWORD=${JITSI__JIGAGI_SIP_PASSWORD} - - JIGASI_SIP_SERVER=${JITSI__JIGAGI_SIP_SERVER} - - JIGASI_SIP_PORT=${JITSI__JIGAGI_SIP_PORT} - - JIGASI_SIP_TRANSPORT=${JITSI__JIGAGI_SIP_TRANSPORT} - - JIGASI_SIP_DEFAULT_ROOM - - JIGASI_XMPP_USER - - JIGASI_XMPP_PASSWORD=${JITSI__JIGASI_XMPP_PASSWORD} - - JIGASI_BREWERY_MUC - - JIGASI_PORT_MIN - - JIGASI_PORT_MAX - - JIGASI_HEALTH_CHECK_SIP_URI - - JIGASI_HEALTH_CHECK_INTERVAL - - JIGASI_SIP_KEEP_ALIVE_METHOD - - JIGASI_ENABLE_SDES_SRTP - - ENABLE_TRANSCRIPTIONS - - JIGASI_TRANSCRIBER_ADVERTISE_URL - - JIGASI_TRANSCRIBER_RECORD_AUDIO - - JIGASI_TRANSCRIBER_SEND_TXT - - GC_PROJECT_ID - - GC_PRIVATE_KEY_ID - - GC_PRIVATE_KEY - - GC_CLIENT_EMAIL - - GC_CLIENT_ID - - GC_CLIENT_CERT_URL - - SHUTDOWN_REST_ENABLED - - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}" - - SENTRY_ENVIRONMENT - - SENTRY_RELEASE - - TZ=${JITSI__TZ} - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable} - networks: - default: null - ports: - - ${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp - restart: unless-stopped - volumes: - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi - target: /config - type: bind - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts - target: /tmp/transcripts - type: bind - jitsi-jvb: - container_name: video.meet.jitsi - depends_on: - jitsi-prosody: - condition: service_started - required: true - environment: - - DOCKER_HOST_ADDRESS - - ENABLE_COLIBRI_WEBSOCKET - - ENABLE_JVB_XMPP_SERVER - - ENABLE_OCTO - - JVB_ADVERTISE_IPS - - JVB_ADVERTISE_PRIVATE_CANDIDATES - - JVB_AUTH_USER - - JVB_AUTH_PASSWORD=${JITSI__JVB_AUTH_PASSWORD} - - JVB_BREWERY_MUC - - JVB_DISABLE_STUN - - JVB_PORT - - JVB_MUC_NICKNAME - - JVB_STUN_SERVERS - - JVB_OCTO_BIND_ADDRESS - - JVB_OCTO_REGION - - JVB_OCTO_RELAY_ID - - JVB_WS_DOMAIN - - JVB_WS_SERVER_ID - - JVB_XMPP_AUTH_DOMAIN - - JVB_XMPP_INTERNAL_MUC_DOMAIN - - JVB_XMPP_PORT - - JVB_XMPP_SERVER - - PUBLIC_URL=${JITSI__PUBLIC_URL} - - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" - - SENTRY_ENVIRONMENT - - SENTRY_RELEASE - - COLIBRI_REST_ENABLED - - SHUTDOWN_REST_ENABLED - - TZ=${JITSI__JIGAGI_SIP_SERVER} - - XMPP_AUTH_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_SERVER= - - XMPP_PORT - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable} - networks: - default: null - ports: - - ${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp - - 127.0.0.1:${JVB_COLIBRI_PORT:-8091}:8080 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb - target: /config - type: bind - jitsi-prosody: - container_name: xmpp.meet.jitsi - environment: - - AUTH_TYPE - - DISABLE_POLLS - - ENABLE_AUTH - - ENABLE_AV_MODERATION - - ENABLE_BREAKOUT_ROOMS - - ENABLE_END_CONFERENCE - - ENABLE_GUESTS=1 - - ENABLE_IPV6 - - ENABLE_LOBBY - - ENABLE_RECORDING=1 - - ENABLE_XMPP_WEBSOCKET - - ENABLE_JAAS_COMPONENTS - - GC_TYPE - - GC_INC_TH - - GC_INC_SPEED - - GC_INC_STEP_SIZE - - GC_GEN_MIN_TH - - GC_GEN_MAX_TH - - GLOBAL_CONFIG - - GLOBAL_MODULES - - JIBRI_RECORDER_USER - - JIBRI_RECORDER_PASSWORD=${JITSI__JIBRI_RECORDER_PASSWORD} - - JIBRI_XMPP_USER - - JIBRI_XMPP_PASSWORD=${JITSI__JIBRI_XMPP_PASSWORD} - - JICOFO_AUTH_PASSWORD=${JITSI__JICOFO_AUTH_PASSWORD} - - JICOFO_COMPONENT_SECRET - - JIGASI_XMPP_USER - - JIGASI_XMPP_PASSWORD=${JITSI__JIGASI_XMPP_PASSWORD} - - JVB_AUTH_USER - - JVB_AUTH_PASSWORD=${JITSI__JVB_AUTH_PASSWORD} - - JWT_APP_ID - - JWT_APP_SECRET - - JWT_ACCEPTED_ISSUERS - - JWT_ACCEPTED_AUDIENCES - - JWT_ASAP_KEYSERVER - - JWT_ALLOW_EMPTY - - JWT_AUTH_TYPE - - JWT_ENABLE_DOMAIN_VERIFICATION - - JWT_TOKEN_AUTH_MODULE - - MATRIX_UVS_URL - - MATRIX_UVS_ISSUER - - MATRIX_UVS_AUTH_TOKEN - - MATRIX_UVS_SYNC_POWER_LEVELS - - LOG_LEVEL - - LDAP_AUTH_METHOD - - LDAP_BASE - - LDAP_BINDDN - - LDAP_BINDPW - - LDAP_FILTER - - LDAP_VERSION - - LDAP_TLS_CIPHERS - - LDAP_TLS_CHECK_PEER - - LDAP_TLS_CACERT_FILE - - LDAP_TLS_CACERT_DIR - - LDAP_START_TLS - - LDAP_URL - - LDAP_USE_TLS - - MAX_PARTICIPANTS - - PROSODY_AUTH_TYPE - - PROSODY_RESERVATION_ENABLED - - PROSODY_RESERVATION_REST_BASE_URL - - PROSODY_ENABLE_RATE_LIMITS - - PROSODY_RATE_LIMIT_LOGIN_RATE - - PROSODY_RATE_LIMIT_SESSION_RATE - - PROSODY_RATE_LIMIT_TIMEOUT - - PROSODY_RATE_LIMIT_ALLOW_RANGES - - PROSODY_RATE_LIMIT_CACHE_SIZE - - PUBLIC_URL=${JITSI__PUBLIC_URL} - - TURN_CREDENTIALS - - TURN_HOST - - TURNS_HOST - - TURN_PORT - - TURNS_PORT - - TURN_TRANSPORT - - TZ=${JITSI__JIGAGI_SIP_SERVER} - - XMPP_DOMAIN - - XMPP_AUTH_DOMAIN - - XMPP_GUEST_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_MODULES - - XMPP_MUC_MODULES - - XMPP_MUC_CONFIGURATION - - XMPP_INTERNAL_MUC_MODULES - - XMPP_RECORDER_DOMAIN - - XMPP_PORT - expose: - - ${XMPP_PORT:-5222} - - "5347" - - "5280" - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable} - networks: - default: null - restart: unless-stopped - volumes: - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config - target: /config - type: bind - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom - target: /prosody-plugins-custom - type: bind - jitsi-web: - container_name: meet.jitsi - environment: - - AMPLITUDE_ID - - ANALYTICS_SCRIPT_URLS - - ANALYTICS_WHITELISTED_EVENTS - - AUDIO_QUALITY_OPUS_BITRATE - - AUTO_CAPTION_ON_RECORD - - BRANDING_DATA_URL - - CALLSTATS_CUSTOM_SCRIPT_URL - - CALLSTATS_ID - - CALLSTATS_SECRET - - CHROME_EXTENSION_BANNER_JSON - - COLIBRI_WEBSOCKET_PORT - - CONFCODE_URL - - CONFIG_EXTERNAL_CONNECT - - DEFAULT_LANGUAGE - - DEPLOYMENTINFO_ENVIRONMENT - - DEPLOYMENTINFO_ENVIRONMENT_TYPE - - DEPLOYMENTINFO_REGION - - DEPLOYMENTINFO_SHARD - - DEPLOYMENTINFO_USERREGION - - DESKTOP_SHARING_FRAMERATE_MIN - - DESKTOP_SHARING_FRAMERATE_MAX - - DIALIN_NUMBERS_URL - - DIALOUT_AUTH_URL - - DIALOUT_CODES_URL - - DISABLE_AUDIO_LEVELS - - DISABLE_DEEP_LINKING - - DISABLE_GRANT_MODERATOR - - DISABLE_HTTPS - - DISABLE_KICKOUT - - DISABLE_LOCAL_RECORDING - - DISABLE_POLLS - - DISABLE_PRIVATE_CHAT - - DISABLE_PROFILE - - DISABLE_REACTIONS - - DISABLE_REMOTE_VIDEO_MENU - - DISABLE_START_FOR_ALL - - DROPBOX_APPKEY - - DROPBOX_REDIRECT_URI - - DYNAMIC_BRANDING_URL - - ENABLE_AUDIO_PROCESSING - - ENABLE_AUTH - - ENABLE_BREAKOUT_ROOMS - - ENABLE_CALENDAR - - ENABLE_COLIBRI_WEBSOCKET - - ENABLE_E2EPING - - ENABLE_FILE_RECORDING_SHARING - - ENABLE_GUESTS=1 - - ENABLE_HSTS - - ENABLE_HTTP_REDIRECT - - ENABLE_IPV6 - - ENABLE_LETSENCRYPT - - ENABLE_LIPSYNC - - ENABLE_NO_AUDIO_DETECTION - - ENABLE_NOISY_MIC_DETECTION - - ENABLE_OCTO - - ENABLE_OPUS_RED - - ENABLE_PREJOIN_PAGE - - ENABLE_P2P - - ENABLE_WELCOME_PAGE - - ENABLE_CLOSE_PAGE - - ENABLE_LIVESTREAMING - - ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK - - ENABLE_LIVESTREAMING_HELP_LINK - - ENABLE_LIVESTREAMING_TERMS_LINK - - ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING - - ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT - - ENABLE_LOCAL_RECORDING_SELF_START - - ENABLE_RECORDING=1 - - ENABLE_REMB - - ENABLE_REQUIRE_DISPLAY_NAME - - ENABLE_SERVICE_RECORDING - - ENABLE_SIMULCAST - - ENABLE_STATS_ID - - ENABLE_STEREO - - ENABLE_SUBDOMAINS - - ENABLE_TALK_WHILE_MUTED - - ENABLE_TCC - - ENABLE_TRANSCRIPTIONS - - ENABLE_XMPP_WEBSOCKET - - ENABLE_JAAS_COMPONENTS - - ETHERPAD_PUBLIC_URL - - ETHERPAD_URL_BASE=${JITSI__ETHERPAD_URL_BASE} - - E2EPING_NUM_REQUESTS - - E2EPING_MAX_CONFERENCE_SIZE - - E2EPING_MAX_MESSAGE_PER_SECOND - - GOOGLE_ANALYTICS_ID - - GOOGLE_API_APP_CLIENT_ID - - HIDE_PREMEETING_BUTTONS - - HIDE_PREJOIN_DISPLAY_NAME - - HIDE_PREJOIN_EXTRA_BUTTONS - - INVITE_SERVICE_URL - - LETSENCRYPT_DOMAIN - - LETSENCRYPT_EMAIL - - LETSENCRYPT_USE_STAGING - - MATOMO_ENDPOINT - - MATOMO_SITE_ID - - MICROSOFT_API_APP_CLIENT_ID - - NGINX_RESOLVER - - NGINX_WORKER_PROCESSES - - NGINX_WORKER_CONNECTIONS - - PEOPLE_SEARCH_URL - - PREFERRED_LANGUAGE - - PUBLIC_URL=${JITSI__PUBLIC_URL} - - P2P_PREFERRED_CODEC - - RESOLUTION - - RESOLUTION_MIN - - RESOLUTION_WIDTH - - RESOLUTION_WIDTH_MIN - - START_AUDIO_MUTED - - START_AUDIO_ONLY - - START_BITRATE - - START_SILENT - - START_WITH_AUDIO_MUTED - - START_VIDEO_MUTED - - START_WITH_VIDEO_MUTED - - TESTING_CAP_SCREENSHARE_BITRATE - - TESTING_OCTO_PROBABILITY - - TOKEN_AUTH_URL - - TOOLBAR_BUTTONS - - TRANSLATION_LANGUAGES - - TRANSLATION_LANGUAGES_HEAD - - TZ=${JITSI__JIGAGI_SIP_SERVER} - - USE_APP_LANGUAGE - - VIDEOQUALITY_BITRATE_H264_LOW - - VIDEOQUALITY_BITRATE_H264_STANDARD - - VIDEOQUALITY_BITRATE_H264_HIGH - - VIDEOQUALITY_BITRATE_VP8_LOW - - VIDEOQUALITY_BITRATE_VP8_STANDARD - - VIDEOQUALITY_BITRATE_VP8_HIGH - - VIDEOQUALITY_BITRATE_VP9_LOW - - VIDEOQUALITY_BITRATE_VP9_STANDARD - - VIDEOQUALITY_BITRATE_VP9_HIGH - - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC - - VIDEOQUALITY_PREFERRED_CODEC - - XMPP_AUTH_DOMAIN - - XMPP_BOSH_URL_BASE - - XMPP_DOMAIN - - XMPP_GUEST_DOMAIN - - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN - - XMPP_PORT - - WHITEBOARD_ENABLED - - WHITEBOARD_COLLAB_SERVER_PUBLIC_URL - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable} - labels: - - swag=enable - - swag_proto=https - - swag_url=meet.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://meet.${MY_TLD} - - homepage.group=Social - - homepage.name=Jitsi - - homepage.href=https://meet.${MY_TLD} - - homepage.icon=jitsi.png - - homepage.description=Web Conferencing - networks: - default: null - ports: - - ${JITSI__HTTP_PORT}:80 - - ${JITSI__HTTPS_PORT}:443 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/web - target: /config - type: bind - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs - target: /var/spool/cron/crontabs - type: bind - - bind: - create_host_path: true - selinux: Z - source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts - target: /usr/share/jitsi-meet/transcripts - type: bind - joplin-db: - container_name: joplin-db - environment: - - POSTGRES_PASSWORD=${JOPLIN_POSTGRES_PASSWORD} - - POSTGRES_USER=${JOPLIN_POSTGRES_USER} - - POSTGRES_DB=${JOPLIN_POSTGRES_DATABASE} - expose: - - 5432 - image: postgres:17-alpine - networks: - default: null - restart: unless-stopped - volumes: - - source: joplin_data - target: /var/lib/postgresql/data - type: volume - volume: {} - joplin: - container_name: joplin - environment: - - ACCOUNT_TYPES_ENABLED=true - - APP_PORT=${JOPLIN_APP_PORT} - - APP_BASE_URL=${JOPLIN_APP_BASE_URL} - - DB_CLIENT=pg - - INSTANCE_NAME='Joplin @ Rinoa' - - IS_ADMIN_INSTANCE=true - - MAILER_ENABLED=1 - - MAILER_HOST=postal-SMTP - - MAILER_PORT=25 - - MAILER_SECURITY=none - - MAILER_AUTH_USER=${POSTAL_SMTP_AUTH_USER} - - MAILER_AUTH_PASSWORD=${POSTAL_SMTP_AUTH_PASSWORD} - - MAILER_NOREPLY_NAME=Joplin @ Rinoa - - MAILER_NOREPLY_EMAIL=noreply@trez.wtf - - POSTGRES_PASSWORD=${JOPLIN_POSTGRES_PASSWORD} - - POSTGRES_DATABASE=${JOPLIN_POSTGRES_DATABASE} - - POSTGRES_USER=${JOPLIN_POSTGRES_USER} - - POSTGRES_PORT=5432 - - POSTGRES_HOST=joplin-db - image: joplin/server:latest - labels: - homepage.group: Personal Services - homepage.name: Joplin - homepage.href: https://notes.${MY_TLD} - homepage.icon: joplin.svg - homepage.description: Open-source note taking & to-do - swag: enable - swag_url: notes.${MY_TLD} - swag.uptime-kuma.enabled: true - swag.uptime-kuma.monitor.url: https://notes.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "22300" - target: 22300 - restart: unless-stopped - librespeed: - container_name: librespeed - environment: - - DB_HOSTNAME= - - DB_NAME= - - DB_PASSWORD= - - DB_TYPE=sqlite - - DB_USERNAME= - - PASSWORD= - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:librespeed - hostname: Rinoa - image: lscr.io/linuxserver/librespeed:latest - labels: - - homepage.group=System Administration - - homepage.name=LibreSpeed - - homepage.href=https://speed.${MY_TLD} - - homepage.icon=librespeed.png - - homepage.description=Speed test - - swag=enable - - swag_proto=http - - swag_url=speed.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://speed.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8014" - target: 80 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/librespeed - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - lidarr: - container_name: lidarr - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/gilbn/theme.park:lidarr - hostname: Rinoa - image: lscr.io/linuxserver/lidarr:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=Lidarr - - homepage.href=https://lidarr.${MY_TLD} - - homepage.icon=lidarr.png - - homepage.description=Music Automation - - homepage.widget.type=lidarr - - homepage.widget.url=http://lidarr:8686 - - homepage.widget.key=${LIDARR_API_KEY} - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8686" - target: 8686 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/lidarr - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - lidify: - container_name: lidify - environment: - app_name: lidify - app_rev: 0.09 - app_url: lidify.${MY_TLD} - dry_run_adding_to_lidarr: true - fallback_to_top_result: false - last_fm_api_key: ${LASTFM_API_KEY} - last_fm_api_secret: ${LASTFM_API_SECRET} - lidarr_address: http://lidarr:8686 - lidarr_api_key: ${LIDARR_API_KEY} - lidarr_api_timeout: 120 - metadata_profile_id: 1 - mode: LastFM - quality_profile_id: 1 - root_folder_path: /data/media/music - search_for_missing_albums: false - spotify_client_id: ${YOUR_SPOTIFY_ID} - spotify_client_secret: ${YOUR_SPOTIFY_SECRET} - expose: - - 5000 - image: thewicklowwolf/lidify:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=Lidify - - homepage.href=https://lidify.${MY_TLD} - - homepage.icon=/icons/lidify.png - - homepage.description=Music Discovery a la Last.fm, Spotify, Pandora, etc. - - swag=enable - - swag_auth=authelia - - swag_proto=http - - swag_port=5000 - - swag_url=lidify.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://lidify.${MY_TLD} - networks: - default: null - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/lidify - target: /lidify/config - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music - target: /data/media/music - type: bind - bind: - create_host_path: true - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - lldap: - container_name: lldap - environment: - - UID=${PUID} - - GID=${PGID} - - TZ=${TZ} - - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET} - - LLDAP_KEY_SEED=${LLDAP_KEY_SEED} - - LLDAP_LDAP_BASE_DN=dc=trez,dc=wtf - image: lldap/lldap:stable - labels: - - homepage.group=System Administration - - homepage.name=LLDAP - - homepage.href=https://ldap.${MY_TLD} - - homepage.icon=/icons/lldap.png - - homepage.description=LDAP made easy - - swag=enable - - swag_proto=http - - swag_port=17170 - - swag_url=ldap.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://ldap.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "17170" - target: 17170 - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/lldap - target: /data - type: bind - bind: - create_host_path: true - localai: - container_name: localai - environment: - - DEBUG=true - healthcheck: - interval: 1m - retries: 5 - test: - - CMD - - curl - - -f - - http://localhost:8080/readyz - timeout: 20m - image: localai/localai:latest-aio-cpu - labels: - - homepage.group=Personal Services - - homepage.name=LocalAI - - homepage.href=https://ai.${MY_TLD} - - homepage.icon=/icons/localai.png - - homepage.description=Open source OpenAI alternative - - swag=enable - - swag_proto=http - - swag_port=8080 - - swag_url=ai.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8109" - target: 8080 - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/localai/models - target: /build/models - type: bind - bind: - create_host_path: true - maloja: - container_name: maloja - environment: - MALOJA_CLEAN_OUTPUT: true - MALOJA_DEV_MODE: false - MALOJA_FORCE_PASSWORD: ${MALOJA_FORCE_PASSWORD} - MALOJA_LASTFM_API_KEY: ${LASTFM_API_KEY} - MALOJA_LASTFM_API_SECRET: ${LASTFM_API_SECRET} - MALOJA_LASTFM_PASSWORD: ${LASTFM_PASSWORD} - MALOJA_LASTFM_USERNAME: ${LASTFM_USERNAME} - MALOJA_LOGGING: true - MALOJA_PARSE_REMIX_ARTISTS: true - MALOJA_SCROBBLE_LASTFM: true - MALOJA_SKIP_SETUP: true - MALOJA_SPOTIFY_API_ID: ${YOUR_SPOTIFY_ID} - MALOJA_SPOTIFY_API_SECRET: ${YOUR_SPOTIFY_SECRET} - MALOJA_TIMEZONE: ${TZ} - image: krateng/maloja:latest - labels: - - homepage.group=Media Library - - homepage.name=Maloja - - homepage.href=https://scrobble.${MY_TLD} - - homepage.icon=maloja.png - - homepage.description=Simple self-hosted music scrobble database to create personal listening statistics - - swag=enable - - swag_proto=http - - swag_port=42010 - - swag_url=scrobble.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "42010" - target: 42010 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/maloja/config - target: /etc/maloja - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/maloja/data - target: /var/lib/maloja - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/maloja/logs - target: /var/log/maloja - type: bind - bind: - create_host_path: true - mariadb: - container_name: mariadb - environment: - - MYSQL_ROOT_PASSWORD=${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - MYSQL_PASSWORD=VQU23wHKRNmfpAPt5E9BxMaSGJdWjLuz - hostname: Rinoa - image: ghcr.io/linuxserver/mariadb - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3306" - target: 3306 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mariadb - target: /config - type: bind - - source: ${DOCKER_VOLUME_STORAGE} - target: /storage - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/mariadb - target: /var/lib/mysql - type: bind - bind: - create_host_path: true - mattermost: - container_name: mattermost - depends_on: - mattermost-db: - condition: service_started - required: true - environment: - MM_EMAILSETTINGS_ENABLESMTPAUTH: true - MM_EMAILSETTINGS_SMTPPASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - MM_EMAILSETTINGS_SMTPPORT: 25 - MM_EMAILSETTINGS_SMTPSERVER: postal-smtp - MM_EMAILSETTINGS_SMTPUSERNAME: ${POSTAL_SMTP_AUTH_USER} - MM_FILESETTINGS_AMAZONS3ACCESSKEYID: ${MATTERMOST_AWS_S3_ACCESSKEY} - MM_FILESETTINGS_AMAZONS3BUCKET: mattermost - MM_FILESETTINGS_AMAZONS3ENDPOINT: minio:9000 - MM_FILESETTINGS_AMAZONS3REGION: us-east-fh-pln - MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: ${MATTERMOST_AWS_S3_SECRETKEY} - MM_FILESETTINGS_AMAZONS3SSL: false - MM_FILESETTINGS_ARCHIVERECURSION: true - MM_FILESETTINGS_DRIVERNAME: amazons3 - MM_FILESETTINGS_MAXFILESIZE: 104857600 - MM_LOGSETTINGS_CONSOLELEVEL: info - MM_LOGSETTINGS_ENABLECOLOR: true - MM_METRICSSETTINGS_ENABLE: true - MM_PLUGINSETTINGS_ENABLEUPLOADS: true - MM_SERVICESETTINGS_FORWARD80TO443: false - MM_SERVICESETTINGS_LISTENADDRESS: :8065 - MM_SERVICESETTINGS_SITEURL: https://mm.${MY_TLD} - MM_SQLSETTINGS_DATASOURCE: ${MATTERMOST_POSTGRES_CONNECTION_URI} - MM_SQLSETTINGS_DRIVERNAME: postgres - TZ: ${TZ} - expose: - - 8067 - image: mattermost/mattermost-team-edition:latest - labels: - - homepage.group=Social - - homepage.name=Mattermost - - homepage.href=https://mm.${MY_TLD} - - homepage.icon=mattermost.svg - - homepage.description=Team collaboration and technical workflows (Slack alternative) - - swag=enable - - swag_server_custom_directive=client_max_body_size 0; - - swag_proto=http - - swag_port=8065 - - swag_url=mm.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://mm.${MY_TLD} - networks: - default: null - pids_limit: 200 - ports: - - mode: ingress - protocol: tcp - published: "8065" - target: 8065 - restart: unless-stopped - security_opt: - - no-new-privileges:true - tmpfs: - - /tmp - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/mattermost/config - target: /mattermost/config - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/mattermost/data - target: /mattermost/data - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/mattermost/logs - target: /mattermost/logs - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/mattermost/plugins - target: /mattermost/plugins - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/mattermost/client/plugins - target: /mattermost/client/plugins - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/mattermost/bleve-indexes - target: /mattermost/bleve-indexes - type: bind - bind: - create_host_path: true - mattermost-db: - container_name: mattermost-db - environment: - - TZ=${TZ} - - POSTGRES_DB=mattermost - - POSTGRES_USER=mattermost - - POSTGRES_PASSWORD=${MATTERMOST_POSTGRES_PASSWORD} - expose: - - 5432 - image: postgres:16-alpine - networks: - default: null - restart: unless-stopped - security_opt: - - no-new-privileges=true - tmpfs: - - /tmp - - /var/run/postgresql - volumes: - - source: mattermost-postgres - target: /var/lib/postgresql/data - type: volume - volume: {} - maybe-app: - container_name: maybe-app - depends_on: - maybe-pg: - condition: service_healthy - required: true - environment: - DB_HOST: maybe-pg - GOOD_JOB_EXECUTION_MODE: async - POSTGRES_DB: maybe - POSTGRES_PASSWORD: ${MAYBE_POSTGRES_PASSWORD} - POSTGRES_USER: maybe - RAILS_ASSUME_SSL: "false" - RAILS_FORCE_SSL: "false" - SECRET_KEY_BASE: ${MAYBE_SECRET_KEY_BASE} - SELF_HOSTED: "true" - image: ghcr.io/maybe-finance/maybe:latest - labels: - - homepage.group=Lifestyle - - homepage.name=Maybe - - homepage.href=https://finance.${MY_TLD} - - homepage.icon=/icons/maybe.png - - homepage.description=Personal finance app - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=finance.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://finance.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3014" - target: 3000 - restart: unless-stopped - volumes: - - source: maybe-app - target: /rails/storage - type: volume - volume: {} - maybe-pg: - container_name: maybe-pg - environment: - POSTGRES_DB: maybe - POSTGRES_PASSWORD: ${MAYBE_POSTGRES_PASSWORD} - POSTGRES_USER: maybe - healthcheck: - interval: 5s - retries: 5 - test: - - CMD-SHELL - - pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB - timeout: 5s - image: postgres:16-alpine - networks: - default: null - restart: unless-stopped - volumes: - - source: maybe-pg-db - target: /var/lib/postgresql/data - type: volume - volume: {} - minio: - command: server --console-address ":9090" /mnt/data - container_name: minio - environment: - - MINIO_ROOT_USER=minioadmin - - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} - - MINIO_ACCESS_KEY=${MINIO_MIMIR_STORAGE_ACCESS_KEY} - - MINIO_SECRET_KEY=${MINIO_MIMIR_STORAGE_SECRET_KEY} - hostname: minio - image: minio/minio - labels: - - swag=enable - - swag_proto=http - - swag_port=9090 - - swag_url=s3.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://s3.${MY_TLD} - - homepage.group=System Administration - - homepage.name=MinIO - - homepage.href=https://s3.${MY_TLD} - - homepage.icon=minio.png - - homepage.description=S3-compatible storage backend - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "9001" - target: 9000 - - mode: ingress - protocol: tcp - published: "9092" - target: 9090 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/minio/data - target: /mnt/data - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/minio/minio - target: /etc/config.env - type: bind - bind: - create_host_path: true - mongodb1: - command: - - --replSet - - rinoa-rs0 - - --bind_ip_all - - --port - - "27017" - container_name: mongodb1 - extra_hosts: - - host.docker.internal:host-gateway - healthcheck: - interval: 5s - retries: 30 - start_interval: 1s - start_period: 0s - test: echo "try { rs.status() } catch (err) { rs.initiate({_id:'rinoa-rs0',members:[{_id:0,host:'host.docker.internal:27017',priority:1},{_id:1,host:'host.docker.internal:27018',priority:0.5},{_id:2,host:'host.docker.internal:27019',priority:0.5}]}) }" | mongosh --port 27017 --quiet - timeout: 30s - image: mongo:7.0 - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "27017" - target: 27017 - restart: unless-stopped - volumes: - - source: mongo1_data - target: /data/db - type: bind - bind: - create_host_path: true - - source: mongo1_config - target: /data/configdb - type: bind - bind: - create_host_path: true - mongodb2: - command: - - --replSet - - rinoa-rs0 - - --bind_ip_all - - --port - - "27018" - container_name: mongodb2 - extra_hosts: - - host.docker.internal:host-gateway - image: mongo:7.0 - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "27018" - target: 27018 - restart: unless-stopped - volumes: - - source: mongo2_data - target: /data/db - type: bind - bind: - create_host_path: true - - source: mongo2_config - target: /data/configdb - type: bind - bind: - create_host_path: true - mongodb3: - command: - - --replSet - - rinoa-rs0 - - --bind_ip_all - - --port - - "27019" - container_name: mongodb3 - extra_hosts: - - host.docker.internal:host-gateway - image: mongo:7.0 - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "27019" - target: 27019 - restart: unless-stopped - volumes: - - source: mongo3_data - target: /data/db - type: volume - volume: {} - - source: mongo3_config - target: /data/configdb - type: volume - volume: {} - multi-scrobbler: - container_name: multi-scrobbler - environment: - - TZ=${TZ} - - PUID=${PUID} - - PGID=${PGID} - image: foxxmd/multi-scrobbler - labels: - - homepage.group=Media Library - - homepage.name=Multi-Scrobbler - - homepage.href=http://192.168.1.254:9078 - - homepage.icon=/icons/multi-scrobbler.png - - homepage.description=JS App for scrobbling/recording play history from/to multiple sources - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "9078" - target: 9078 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/multi-scrobbler - target: /config - type: bind - bind: - create_host_path: true - navidrome: - container_name: navidrome - environment: - ND_AUTOIMPORTPLAYLISTS: false - ND_BASEURL: "" - ND_LASTFM_APIKEY: ${LASTFM_API_KEY} - ND_LASTFM_ENABLED: true - ND_LASTFM_SECRET: ${LASTFM_API_SECRET} - ND_LOGLEVEL: info - ND_MUSICFOLDER: /music - ND_SCANNER_GROUPALBUMRELEASES: true - ND_SCANSCHEDULE: '@every 6h' - ND_SESSIONTIMEOUT: 24h - ND_SPOTIFY_ID: ${YOUR_SPOTIFY_ID} - ND_SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET} - ND_SUBSONICARTISTPARTICIPATIONS: true - image: deluan/navidrome:latest - labels: - - homepage.group=Media Library - - homepage.name=Navidrome - - homepage.href=https://navi.${MY_TLD} - - homepage.icon=navidrome.png - - homepage.description=Music Streaming - - homepage.widget.type=navidrome - - homepage.widget.url=http://navidrome:4533 - - homepage.widget.user=admin - - homepage.widget.token=e8a9e97b29aa963fa4729c633289d232 - - homepage.widget.salt=v5Z93Z - - swag=enable - - swag_port=4533 - - swag_proto=http - - swag_url=navi.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://navi.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "4533" - target: 4533 - restart: unless-stopped - user: 1000:1000 - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/navidrome - target: /data - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music - target: /music - type: bind - bind: - create_host_path: true - netbox: - container_name: netbox - depends_on: - netbox-db: - condition: service_healthy - required: true - redis: - condition: service_started - required: true - environment: - PUID: ${PUID} - PGID: ${PGID} - TZ: ${TZ} - SUPERUSER_EMAIL: charish.patel@pm.me - SUPERUSER_PASSWORD: ${NETBOX_SUPERUSER_PASSWORD} - ALLOWED_HOST: net.trez.wtf - DB_NAME: netbox - DB_USER: netbox - DB_PASSWORD: ${NETBOX_PG_DB_PASSWORD} - DB_HOST: netbox-db - DB_PORT: 5432 - DEBUG: false - DOCKER_MODS: linuxserver/mods:netbox-slurpit - REDIS_HOST: redis - REDIS_PORT: 6379 - REMOTE_AUTH_ENABLED: - image: lscr.io/linuxserver/netbox:latest - labels: - homepage.group: Infrastructure/App Performance Monitoring - homepage.name: Netbox - homepage.href: https://net.${MY_TLD} - homepage.icon: netbox.svg - homepage.description: Network modeling/documentation - swag: enable - swag_url: net.${MY_TLD} - swag.uptime-kuma.enabled: true - swag.uptime-kuma.monitor.url: https://net.${MY_TLD} - ports: - - 8007:8000 - restart: unless-stopped - volumes: - - ${DOCKER_VOLUME_CONFIG}/netbox/:/config - netbox-db: - container_name: netbox-db - environment: - POSTGRES_USER: netbox - POSTGRES_PASSWORD: ${NETBOX_PG_DB_PASSWORD} - POSTGRES_DB: netbox - expose: - - 5432 - healthcheck: - test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER - start_period: 20s - timeout: 30s - interval: 10s - retries: 5 - image: postgres:17-alpine - restart: always - volumes: - - source: netbox-pg-db - target: /var/lib/postgresql/data - type: volume - volume: {} - nextcloud: - container_name: nextcloud - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - LOG_LEVEL=debug - hostname: Rinoa - image: lscr.io/linuxserver/nextcloud:latest - labels: - - homepage.group=Personal Services - - homepage.name=NextCloud - - homepage.href=https://cloud.${MY_TLD} - - homepage.icon=nextcloud.png - - homepage.description=Private Cloud - - swag=enable - - swag_proto=https - - swag_url=cloud.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://cloud.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "444" - target: 443 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/nextcloud - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/nextcloud - target: /data - type: bind - ollama: - container_name: ollama - extra_hosts: - - host.docker.internal:host-gateway - image: ollama/ollama - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "11434" - target: 11434 - restart: always - volumes: - - source: ollama - target: /root/.ollama - type: volume - volume: {} - ombi: - container_name: ombi - environment: - PGID: "1000" - PUID: "1000" - TZ: America/New_York - hostname: Rinoa - image: lscr.io/linuxserver/ombi:latest - labels: - - homepage.group=Media Library - - homepage.name=Ombi - - homepage.href=https://ombi.${MY_TLD} - - homepage.icon=ombi.png - - homepage.description=Media Requests - - homepage.widget.type=ombi - - homepage.widget.url=http://ombi:3579 - - homepage.widget.key=${OMBI_API_KEY} - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3579" - target: 3579 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/ombi - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - paperless-ngx: - container_name: paperless-ngx - environment: - PAPERLESS_DBENGINE: mariadb - PAPERLESS_DBHOST: mariadb - PAPERLESS_DBPASS: ${PAPERLESS_DBPASS} - PAPERLESS_DBPORT: 3306 - PAPERLESS_DBUSER: paperless - PAPERLESS_OCR_LANGUAGE: eng - PAPERLESS_OCR_LANGUAGES: all - PAPERLESS_REDIS: redis://redis:6379 - PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} - PAPERLESS_TIME_ZONE: ${TZ} - PAPERLESS_URL: https://docs.${MY_TLD} - USERMAP_GID: ${PGID} - USERMAP_UID: ${PUID} - image: ghcr.io/paperless-ngx/paperless-ngx:latest - labels: - - swag=enable - - swag_proto=http - - swag_port=8000 - - swag_url=docs.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://docs.${MY_TLD} - - homepage.group=Personal Services - - homepage.name=Paperless-ngx - - homepage.href=https://docs.${MY_TLD} - - homepage.icon=paperless-ngx.svg - - homepage.description=Document indexer & archiver with OCR - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8004" - target: 8000 - restart: unless-stopped - volumes: - - source: paperless-ngx-data - target: /usr/src/paperless/data - type: volume - volume: {} - - source: paperless-ngx-media - target: /usr/src/paperless/media - type: volume - volume: {} - - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/export - target: /usr/src/paperless/export - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/consume - target: /usr/src/paperless/consume - type: bind - bind: - create_host_path: true - plausible: - command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" - container_name: plausible - depends_on: - plausible_db: - condition: service_started - required: true - plausible_events_db: - condition: service_started - required: true - environment: - BASE_URL: https://analytics.${MY_TLD} - CLICKHOUSE_DATABASE_URL: http://plausible-events-db:8123/plausible_events_db - DATABASE_URL: postgres://plausible:${PLAUSIBLE_PG_PASSWORD}@plausible-db:5432/plausible_db - DISABLE_REGISTRATION: invite_only - ENABLE_EMAIL_VERIFICATION: true - MAILER_ADAPTER: Bamboo.Mua - MAILER_EMAIL: noreply@trez.wtf - MAILER_NAME: Plausible - MAXMINDDB_LICENSE_KEY: ${SWAG_MAXMINDDB_LICENSE_KEY} - SECRET_KEY_BASE: ${PLAUSIBLE_SECRET_KEY_BASE} - SMTP_HOST_ADDR: postal-smtp - SMTP_HOST_PORT: 25 - SMTP_USER_NAME: ${POSTAL_SMTP_AUTH_USER} - SMTP_USER_PWD: ${POSTAL_SMTP_AUTH_PASSWORD} - TOTP_VAULT_KEY: ${PLAUSIBLE_TOTP_VAULT_KEY} - image: ghcr.io/plausible/community-edition:v2.1.0 - labels: - - swag=enable - - swag_proto=http - - swag_port=8000 - - swag_url=analytics.${MY_TLD} - - homepage.group=Professional Services - - homepage.name=Plausible - - homepage.href=https://analytics.${MY_TLD} - - homepage.icon=plausible.svg - - homepage.description=Open-source web analytics - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8107" - target: 8000 - restart: always - plausible_db: - container_name: plausible-db - environment: - POSTGRES_DB: plausible_db - POSTGRES_PASSWORD: ${PLAUSIBLE_PG_PASSWORD} - POSTGRES_USER: plausible - expose: - - 5432 - image: postgres:16-alpine - networks: - default: null - restart: always - volumes: - - source: plausible-db-data - target: /var/lib/postgresql/data - type: bind - bind: - create_host_path: true - plausible_events_db: - container_name: plausible-events-db - expose: - - 8123 - image: clickhouse/clickhouse-server:24.3.3.102-alpine - networks: - default: null - restart: always - ulimits: - nofile: - hard: 262144 - soft: 262144 - volumes: - - source: plausible-event-data - target: /var/lib/clickhouse - type: bind - bind: - create_host_path: true - - source: plausible-event-logs - target: /var/log/clickhouse-server - type: bind - bind: - create_host_path: true - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-config.xml - target: /etc/clickhouse-server/config.d/logging.xml - type: bind - bind: - create_host_path: true - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-user-config.xml - target: /etc/clickhouse-server/users.d/logging.xml - type: bind - bind: - create_host_path: true - portainer: - command: - - -H - - unix:///var/run/docker.sock - container_name: portainer - environment: - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:portainer - hostname: Rinoa - image: portainer/portainer-ce:latest - labels: - - homepage.group=System Administration - - homepage.name=Portainer - - homepage.href=https://portainer.${MY_TLD} - - homepage.icon=portainer.png - - homepage.description=Docker container management - - homepage.widget.type=portainer - - homepage.widget.url=http://portainer:9000 - - homepage.widget.env=1 - - homepage.widget.key=${PORTAINER_API_KEY} - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "9000" - target: 9000 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/portainer - target: /data - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - bind: - create_host_path: true - source: /var/run/docker.sock - target: /var/run/docker.sock - type: bind - postal-smtp: - cap_add: - - NET_BIND_SERVICE - command: postal smtp-server - container_name: postal-smtp - image: ghcr.io/postalserver/postal:latest - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "25" - target: 25 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/postal - target: /config - type: bind - bind: - create_host_path: true - postal-web: - command: postal web-server - container_name: postal-web - image: ghcr.io/postalserver/postal:latest - labels: - - swag=enable - - swag_proto=http - - swag_port=5000 - - swag_address=postal-web - - swag_url=post.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://post.${MY_TLD} - - homepage.group=System Administration - - homepage.name=Postal - - homepage.href=https://post.${MY_TLD} - - homepage.icon=/icons/postal.png - - homepage.description=OSS Mail delivery platform - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "5001" - target: 5000 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/postal - target: /config - type: bind - bind: - create_host_path: true - postal-worker: - command: postal worker - container_name: postal-worker - environment: - - LOG_LEVEL=debug - image: ghcr.io/postalserver/postal:latest - networks: - default: null - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/postal - target: /config - type: bind - bind: - create_host_path: true - prowlarr: - container_name: prowlarr - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/gilbn/theme.park:sonarr - - TP_DOMAIN=trez.wtf\/themepark - - TP_COMMUNITY_THEME=false - - TP_THEME=space-gray - hostname: Rinoa - image: lscr.io/linuxserver/prowlarr:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=Prowlarr - - homepage.href=https://prowlarr.${MY_TLD} - - homepage.icon=prowlarr.png - - homepage.description=Index aggregator - - homepage.widget.type=prowlarr - - homepage.widget.url=http://prowlarr:9696 - - homepage.widget.key=${PROWLARR_API_KEY} - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "9696" - target: 9696 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/prowlarr - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - radarec: - container_name: radarec - environment: - auto_start: true - auto_start_delay: 60 - dry_run_adding_to_radarr: false - fallback_to_top_result: false - language_choice: all - metadata_profile_id: 1 - minimum_rating: 4.5 - minimum_votes: 50 - quality_profile_id: 1 - radarr_address: http://radarr:7878 - radarr_api_key: ${RADARR_API_KEY} - radarr_api_timeout: 120 - root_folder_path: /data/media/movies - search_for_movie: true - tmdb_api_key: ${TMDB_API_KEY} - expose: - - 5000 - image: thewicklowwolf/radarec:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=RadaRec - - homepage.href=https://radarec.${MY_TLD} - - homepage.icon=/icons/radarec.png - - homepage.description=Movie discovery based on library/tastes - - swag=enable - - swag_proto=http - - swag_port=5000 - - swag_auth=authelia - - swag_url=radarec.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://radarec.${MY_TLD} - networks: - default: null - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_STORAGE}/Movies - target: /data/media/movies - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/radarec - target: /radarec/config - type: bind - bind: - create_host_path: true - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - radarr: - container_name: radarr - environment: - PGID: "1000" - PUID: "1000" - TZ: America/New_York - hostname: Rinoa - image: lscr.io/linuxserver/radarr:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=Radarr - - homepage.href=https://radarr.${MY_TLD} - - homepage.icon=radarr.png - - homepage.description=Movie Automation - - homepage.widget.type=radarr - - homepage.widget.url=http://radarr:7878 - - homepage.widget.key=${RADARR_API_KEY} - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "7878" - target: 7878 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/radarr - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - reactive-resume: - container_name: reactive-resume - depends_on: - browserless: - condition: service_started - required: true - minio: - condition: service_started - required: true - reactive-resume-pg: - condition: service_started - required: true - environment: - ACCESS_TOKEN_SECRET: ${REACTIVE_RESUME_ACCESS_TOKEN_SECRET} - CHROME_PORT: 443 - CHROME_TOKEN: ${CHROMIUM_TOKEN} - CHROME_URL: wss://browse.${MY_TLD} - DATABASE_URL: postgresql://reactiveresume:${REACTIVE_RESUME_PGSQL_PASSWORD}@reactive-resume-pg:5432/reactiveresume - MAIL_FROM: noreply@trez.wtf - NODE_ENV: production - PORT: 3000 - PUBLIC_URL: https://resume.${MY_TLD} - REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET} - SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 - STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY} - STORAGE_BUCKET: reactive-resume - STORAGE_ENDPOINT: minio - STORAGE_PORT: 9000 - STORAGE_REGION: us-east-fh-pln - STORAGE_SECRET_KEY: ${REACTIVE_RESUME_S3_SECRET_KEY} - STORAGE_URL: https://s3.trez.wtf/reactive-resume - STORAGE_USE_SSL: false - TZ: ${TZ} - image: amruthpillai/reactive-resume:latest - labels: - - homepage.group=Professional Services - - homepage.name=Reactive Resume - - homepage.href=https://resume.${MY_TLD} - - homepage.icon=reactive-resume.svg - - homepage.description=Open-source resume builder - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=resume.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://resume.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3011" - target: 3000 - restart: unless-stopped - reactive-resume-pg: - container_name: reactive-resume-pg - environment: - - TZ=${TZ} - - POSTGRES_DB=reactiveresume - - POSTGRES_USER=reactiveresume - - POSTGRES_PASSWORD=${REACTIVE_RESUME_PGSQL_PASSWORD} - expose: - - 5432 - image: postgres:16-alpine - networks: - default: null - restart: unless-stopped - volumes: - - source: reactive-resume-pg - target: /var/lib/postgresql/data - type: bind - bind: - create_host_path: true - readarr: - container_name: readarr - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/gilbn/theme.park:readnarr - hostname: Rinoa - image: lscr.io/linuxserver/readarr:develop - labels: - - homepage.group=Servarr Stack - - homepage.name=Readarr - - homepage.href=https://readarr.${MY_TLD} - - homepage.icon=readarr.png - - homepage.description=eBook/Audiobook Automation - - homepage.widget.type=readarr - - homepage.widget.url=http://readarr:8787 - - homepage.widget.key=${READARR_API_KEY} - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8787" - target: 8787 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/readarr - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - redis: - cap_add: - - SETGID - - SETUID - - DAC_OVERRIDE - cap_drop: - - ALL - command: redis-server --save "" --appendonly "no" - container_name: redis - expose: - - 6379 - image: redis:alpine - networks: - default: null - restart: unless-stopped - tmpfs: - - /var/lib/redis - redlib: - cap_drop: - - ALL - container_name: redlib - environment: - - REDLIB_SFW_ONLY=off - - REDLIB_BANNER= - - REDLIB_ROBOTS_DISABLE_INDEXING=off - - REDLIB_PUSHSHIFT_FRONTEND=undelete.pullpush.io - - REDLIB_DEFAULT_THEME=nord - - REDLIB_DEFAULT_FRONT_PAGE=default - - REDLIB_DEFAULT_LAYOUT=clean - - REDLIB_DEFAULT_WIDE=on - - REDLIB_DEFAULT_POST_SORT=hot - - REDLIB_DEFAULT_COMMENT_SORT=confidence - - REDLIB_DEFAULT_SHOW_NSFW=off - - REDLIB_DEFAULT_BLUR_NSFW=on - - REDLIB_DEFAULT_USE_HLS=off - - REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION=off - - REDLIB_DEFAULT_AUTOPLAY_VIDEOS=off - - REDLIB_DEFAULT_SUBSCRIPTIONS= - - REDLIB_DEFAULT_HIDE_AWARDS=off - - REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION=off - - REDLIB_DEFAULT_HIDE_SCORE=off - - REDLIB_DEFAULT_FIXED_NAVBAR=on - image: quay.io/redlib/redlib:latest - labels: - - homepage.group=Social - - homepage.name=Redlib - - homepage.href=https://rlib.${MY_TLD} - - homepage.icon=libreddit.svg - - homepage.description=Redlib is a private front-end like Invidious but for Reddit - - swag=enable - - swag_auth=authelia - - swag_proto=http - - swag_port=8080 - - swag_url=rlib.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://rlib.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8103" - target: 8080 - read_only: true - restart: always - security_opt: - - no-new-privileges=true - user: nobody - remmina: - container_name: remmina - environment: - CF_ACCOUNT_ID: ${CLOUDFLARE_ACCOUNT_ID} - CF_API_TOKEN: ${CLOUDFLARE_DNS_API_TOKEN} - CF_TUNNEL_CONFIG: | - ingress: - - hostname: rem.${MY_TLD} - service: http://192.168.1.254:3008 - - service: http_status:404 - CF_TUNNEL_NAME: remmina - CF_TUNNEL_PASSWORD: ${REMMINA_CF_TUNNEL_PASSWORD} - CF_ZONE_ID: ${CLOUDFLARE_ZONE_ID} - CUSTOM_HTTPS_PORT: 3009 - CUSTOM_PORT: 3008 - CUSTOM_USER: trez-one - DOCKER_HOST: tcp://dockerproxy:2375 - DOCKER_MODS: linuxserver/mods:universal-cloudflared - PASSWORD: ${REMMINA_USER_PASSWORD} - PGID: 1000 - PUID: 1000 - TITLE: Remmina @ Rinoa - TZ: ${TZ} - image: lscr.io/linuxserver/remmina:latest - labels: - - swag=enable - - swag_url=rem.${MY_TLD} - - swag_port=3008 - - homepage.group=System Administration - - homepage.name=Remmina - - homepage.href=https://rem.${MY_TLD} - - homepage.icon=/icons/remmina.svg - - homepage.description=GTK Remote desktop client (EXEC, SPICE, SSH, RDP, & VNC) - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3008" - target: 3008 - - mode: ingress - protocol: tcp - published: "3009" - target: 3009 - privileged: true - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/remmina - target: /config - type: bind - bind: - create_host_path: true - sabnzbdvpn: - cap_add: - - NET_ADMIN - - SYS_MODULE - container_name: sabnzbdvpn - environment: - - ENABLE_PRIVOXY=no - - LAN_NETWORK=192.168.1.0/24 - - NAME_SERVERS=192.168.1.254,1.1.1.1 - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - VPN_CLIENT=openvpn - - VPN_ENABLED=yes - - VPN_INPUT_PORTS= - - VPN_OPTIONS= - - VPN_OUTPUT_PORTS= - - VPN_PASS=QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA - - VPN_PROV=pia - - VPN_USER=p3120278 - - DEBUG=true - hostname: Rinoa - image: ghcr.io/binhex/arch-sabnzbdvpn:latest - labels: - - homepage.group=Downloaders - - homepage.name=SABnzbd - - homepage.href=https://sabnzbd.${MY_TLD} - - homepage.icon=sabnzbd.png - - homepage.description=NZB Downloader over VPN - - homepage.widget.type=sabnzbd - - homepage.widget.url=http://sabnzbdvpn:8080 - - homepage.widget.env=1 - - homepage.widget.key=${SABNZBDVPN_API_KEY} - - swag=enable - - swag_proto=http - - swag_url=sabnzbd.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://sabnzbd.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8080" - target: 8080 - - mode: ingress - protocol: tcp - published: "8090" - target: 8090 - - mode: ingress - protocol: tcp - published: "8119" - target: 8118 - privileged: true - restart: unless-stopped - sysctls: - net.ipv4.conf.all.src_valid_mark: "1" - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/sabnzbdvpn - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - scraperr: - command: - - npm - - run - - start - container_name: scraperr - expose: - - 3000 - image: jpyles0524/scraperr:latest - labels: - - homepage.group=Personal Services - - homepage.name=Scraperr - - homepage.href=https://scrape.${MY_TLD} - - homepage.icon=/icons/scraperr.png - - homepage.description=Web scraper - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_url=scrape.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://scrape.${MY_TLD} - networks: - default: null - restart: unless-stopped - scraperr-api: - container_name: scraperr-api - environment: - - LOG_LEVEL=DEBUG - - OLLAMA_URL=http://ollama:11434 - - OLLAMA_MODEL=phi3 - - MONGODB_URI=mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/scrapper - - SECRET_KEY=${SCRAPERR_SECRET_KEY} - - ALGORITHM=HS256 - - ACCESS_TOKEN_EXPIRE_MINUTES=600 - - DOCKER_HOST=tcp://dockerproxy:2375 - expose: - - 8000 - extra_hosts: - - host.docker.internal:host-gateway - image: jpyles0524/scraperr_api:latest - labels: - - swag=enable - - swag_proto=http - - swag_port=3000 - - swag_server_custom_directive="location /api/ { rewrite ^/api(/.*)$ /$1 break ; proxy_pass http://scraperr:3000; }" - networks: - default: null - restart: unless-stopped - scrutiny: - cap_add: - - SYS_RAWIO - container_name: scrutiny - devices: - - permissions: rwm - source: /dev/sda - target: /dev/sda - - permissions: rwm - source: /dev/sdb - target: /dev/sdb - - permissions: rwm - source: /dev/sdd - target: /dev/sdd - - permissions: rwm - source: /dev/sde - target: /dev/sde - - permissions: rwm - source: /dev/sdc - target: /dev/sdc - - permissions: rwm - source: /dev/sdf - target: /dev/sdf - image: ghcr.io/analogj/scrutiny:master-omnibus - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Scrutiny - - homepage.href=http://192.168.1.254:8909 - - homepage.icon=scrutiny.png - - homepage.description=WebUI for smartd S.M.A.R.T monitoring - - homepage.widget.type=scrutiny - - homepage.widget.url=http://scrutiny:8080 - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8909" - target: 8080 - - mode: ingress - protocol: tcp - published: "8910" - target: 8086 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /run/udev - target: /run/udev - type: bind - - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/config - target: /opt/scrutiny/config - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/influxdb - target: /opt/scrutiny/influxdb - type: bind - bind: - create_host_path: true - searxng: - cap_add: - - CHOWN - - SETGID - - SETUID - cap_drop: - - ALL - container_name: searxng - environment: - - SEARXNG_BASE_URL=https://${SEARXNG_BASE_URL:-localhost}/ - image: searxng/searxng:latest - labels: - - homepage.group=Personal Services - - homepage.name=SearxNG - - homepage.href=https://search.${MY_TLD} - - homepage.icon=searxng.png - - homepage.description=Anonymized Meta-Search Engine - - swag=enable - - swag_address=searxng - - swag_proto=http - - swag_url=search.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://search.${MY_TLD} - logging: - driver: json-file - options: - max-file: "1" - max-size: 1m - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8095" - target: 8080 - privileged: true - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/searxng - target: /etc/searxng - type: bind - bind: - create_host_path: true - semaphore: - container_name: semaphore - environment: - ANSIBLE_HOST_KEY_CHECKING: false - SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD} - SEMAPHORE_ADMIN_NAME: admin - SEMAPHORE_ADMIN_EMAIL: charish.patel@pm.me - SEMAPHORE_ADMIN: admin - SEMAPHORE_DB_DIALECT: bolt - SEMAPHORE_EMAIL_ALERT: true - SEMAPHORE_EMAIL_SENDER: noreply@trez.wtf - SEMAPHORE_EMAIL_HOST: postal-smtp - SEMAPHORE_EMAIL_PORT: 25 - SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} - SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} - SEMAPHORE_EMAIL_SECURE: false - SEMAPHORE_USE_REMOTE_RUNNER: true - image: semaphoreui/semaphore:v2.10.32 - labels: - - homepage.group=Code/DevOps - - homepage.name=Semaphore - - homepage.href=https://devops.${MY_TLD} - - homepage.icon=semaphore.svg - - homepage.description=Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools - - swag=enable - - swag_port=3000 - - swag_proto=http - - swag_url=devops.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://search.${MY_TLD} - ports: - - 3015:3000 - restart: unless-stopped - volumes: - - semaphore_config:/etc/semaphore - - semaphore_data:/var/lib/semaphore - - semaphore_tmp:/tmp/semaphore - slurpit-portal: - container_name: slurpit-portal - environment: - TZ: ${TZ} - PORTAL_BASE_URL: https://slurpit.trez.wtf - PORTAL_WAREHOUSE_URL: http://slurpit-warehouse - image: slurpit/portal:latest - labels: - homepage.group: Infrastructure/App Performance Monitoring - homepage.name: Slurp'it - homepage.href: https://slurpit.${MY_TLD} - homepage.icon: /icons/slurpit.png - homepage.description: Network discovery - swag: enable - swag_port: 80 - swag_url: slurpit.${MY_TLD} - swag.uptime-kuma.enabled: true - swag.uptime-kuma.monitor.url: https://slurpit.${MY_TLD} - ports: - - 8110:80 - - 5443:443 - restart: always - volumes: - - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/nginx:/var/log/nginx/ - - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/mysql:/var/log/mysql/ - - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/php:/var/log/php/ - - ${DOCKER_VOLUME_CONFIG}/slurpit/certs:/etc/nginx/certs/ - - ${DOCKER_VOLUME_CONFIG}/slurpit/db/portal:/var/lib/mysql - - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/portal:/backup/files - slurpit-scanner: - container_name: slurpit-scanner - depends_on: - slurpit-warehouse: - condition: service_healthy - environment: - TZ: ${TZ} - SCANNER_POOLSIZE: 4 - SCANNER_TIMEOUT: 10 - SCANNER_WAREHOUSE_URL: http://slurpit-warehouse - image: slurpit/scanner:latest - restart: always - volumes: - - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scanner:/logs - slurpit-scraper: - container_name: slurpit-scraper - depends_on: - slurpit-warehouse: - condition: service_healthy - image: slurpit/scraper:latest - environment: - TZ: ${TZ} - SCRAPER_TIMEOUT: 20 - SCRAPER_POOLSIZE: 4 - SCRAPER_WAREHOUSE_URL: http://slurpit-warehouse - restart: always - volumes: - - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scraper:/logs - slurpit-warehouse: - container_name: slurpit-warehouse - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost/services"] - interval: 10s - timeout: 10s - retries: 360 - image: slurpit/warehouse:latest - environment: - TZ: ${TZ} - WAREHOUSE_CALLBACK_SCANNER_URL: http://slurpit-portal/callback/scanner - WAREHOUSE_CALLBACK_SCANNER_TOKEN: - WAREHOUSE_CALLBACK_SCRAPER_URL: http://slurpit-portal/callback/scraper - WAREHOUSE_CALLBACK_SCRAPER_TOKEN: - restart: always - volumes: - - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/warehouse:/backup/files - - ${DOCKER_VOLUME_CONFIG}/slurpit/db/warehouse:/var/lib/mongodb - - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse/mongodb:/var/log/mongodb - - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse:/logs - sonarqube: - container_name: sonarqube - depends_on: - sonarqube-pg-db: - condition: service_healthy - environment: - SONAR_JDBC_URL: jdbc:postgresql://sonarqube-pg-db:5432/sonar - SONAR_JDBC_USERNAME: sonar - SONAR_JDBC_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} - SONAR_SECURITY_REALM: LDAP - LDAP_URL: ldap://lldap:3890 - LDAP_BINDDN: cn=sonarqube,ou=people,dc=trez,dc=wtf - LDAP_BINDPASSWORD: ${SONARQUBE_LDAP_BIND_PASSWORD} - LDAP_AUTHENTICATION: simple - LDAP_USER_BASEDN: ou=people,dc=trez,dc=wtf - LDAP_USER_REQUEST: (&(objectClass=inetOrgPerson)(uid={login})(memberof=cn=sonarqube_users,ou=groups,dc=example,dc=com)) - LDAP_USER_REALNAMEATTRIBUTE: cn - LDAP_USER_EMAILATTRIBUTE: mail - hostname: sonarqube - image: mc1arke/sonarqube-with-community-branch-plugin:lts - labels: - - homepage.group=Code/DevOps - - homepage.name=Sonarqube - - homepage.href=https://sqube.trez.wtf - - homepage.icon=sonarqube.svg - - homepage.description=Code/DevOps quality/security - - swag=enable - - swag_proto=http - - swag_port=9000 - - swag_url=sqube.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://sqube.${MY_TLD} - volumes: - - sonarqube-data:/opt/sonarqube/data - - sonarqube-extensions:/opt/sonarqube/extensions - - sonarqube-logs:/opt/sonarqube/logs - - sonarqube-temp:/opt/sonarqube/temp - ports: - - 9003:9000 - read_only: true - restart: unless-stopped - sonarqube-pg-db: - container_name: sonarqube-pg-db - environment: - POSTGRES_USER: sonar - POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} - POSTGRES_DB: sonar - healthcheck: - test: ["CMD-SHELL", "pg_isready"] - interval: 10s - timeout: 5s - retries: 5 - image: postgres:17-alpine - restart: unless-stopped - volumes: - - sonarqube-db:/var/lib/postgresql - - sonarqube-db-data:/var/lib/postgresql/data - sonarr: - container_name: sonarr - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - DOCKER_MODS=ghcr.io/gilbn/theme.park:sonarr - hostname: Rinoa - image: lscr.io/linuxserver/sonarr:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=Sonarr - - homepage.href=https://sonarr.${MY_TLD} - - homepage.icon=sonarr.png - - homepage.description=TV Show Automation - - homepage.widget.type=sonarr - - homepage.widget.url=http://sonarr:8989 - - homepage.widget.key=${SONARR_API_KEY} - - swag=enable - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8989" - target: 8989 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/sonarr - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - sonashow: - container_name: sonashow - environment: - auto_start: true - auto_start_delay: 60 - dry_run_adding_to_sonarr: false - fallback_to_top_result: false - language_choice: all - metadata_profile_id: 1 - minimum_rating: 4.5 - minimum_votes: 50 - quality_profile_id: 1 - radarr_address: http://sonarr:8989 - radarr_api_key: ${SONARR_API_KEY} - root_folder_path: /data/media/shows - search_for_missing_episodes: true - sonarr_api_timeout: 120 - tmdb_api_key: ${TMDB_API_KEY} - expose: - - 5000 - image: thewicklowwolf/sonashow:latest - labels: - - homepage.group=Servarr Stack - - homepage.name=Sonashow - - homepage.href=https://sonashow.${MY_TLD} - - homepage.icon=/icons/sonashow.png - - homepage.description=TV show discovery based on library/tastes - - swag=enable - - swag_auth=authelia - - swag_proto=http - - swag_port=5000 - - swag_url=sonashow.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://sonashow.${MY_TLD} - networks: - default: null - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_STORAGE}/TV_Shows - target: /data/media/shows - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/sonashow - target: /sonashow/config - type: bind - bind: - create_host_path: true - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - soulseek: - container_name: soulseek - depends_on: - gluetun: - condition: service_started - required: true - restart: true - environment: - SLSKD_PASSWORD: ${SLSKD_PASSWORD} - SLSKD_REMOTE_CONFIGURATION: true - SLSKD_SHARED_DIR: /music - SLSKD_USERNAME: slsk - image: slskd/slskd - labels: - - homepage.name=Soulseek - - homepage.group=Downloaders - - homepage.description=Modern client-server application for the Soulseek file-sharing network. - - homepage.href=https://slsk.${MY_TLD} - - homepage.icon=/icons/slskd.png - - swag=enable - - swag_proto=http - - swag_url=slsk.${MY_TLD} - - swag_address=gluetun - - swag_port=5030 - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://slsk.${MY_TLD} - network_mode: service:gluetun - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/soulseek - target: /app - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music - target: /music - type: bind - bind: - create_host_path: true - swag: - cap_add: - - NET_ADMIN - container_name: swag - environment: - - DNSPLUGIN=cloudflare - - EMAIL=charish.patel@trez.wtf - - EXTRA_DOMAINS= - - ONLY_SUBDOMAINS=false - - PGID=1000 - - PUID=1000 - - SUBDOMAINS=etherpad,ha,www - - TZ=America/New_York - - URL=trez.wtf - - VALIDATION=dns - - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} - - CROWDSEC_LAPI_URL=http://crowdsec:8080 - - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-auto-uptime-kuma - - PROPAGATION=30 - - UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD} - - UPTIME_KUMA_URL=http://uptimekuma:3001 - - UPTIME_KUMA_USERNAME=${UPTIME_KUMA_USERNAME} - hostname: Rinoa - image: lscr.io/linuxserver/swag:latest - labels: - - swag=enable - - swag_proto=http - - swag_port=81 - - swag_url=swag.${MY_TLD} - - swag_auth=authelia - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://swag.${MY_TLD} - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=SWAG Dashboard - - homepage.href=https://swag.${MY_TLD} - - homepage.icon=linuxserver-io.png - - homepage.description=SWAG Dashboard for proxies - - homepage.widget.type=swagdashboard - - homepage.widget.url=http://swag:81 - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "443" - target: 443 - - mode: ingress - protocol: tcp - published: "80" - target: 80 - - mode: ingress - protocol: tcp - published: "81" - target: 81 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/swag - target: /config - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - bind: - create_host_path: true - read_only: true - source: /var/run/docker.sock - target: /var/run/docker.sock - type: bind - tandoor: - container_name: tandoor-recipes - depends_on: - tandoor-pg: - condition: service_started - required: true - environment: - DB_ENGINE: django.db.backends.postgresql - GID: 1000 - POSTGRES_DB: tandoor - POSTGRES_HOST: tandoor-pg - POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} - POSTGRES_USER: tandoor - SECRET_KEY: ${TANDOOR_SECRET_KEY} - TZ: ${TZ} - UID: 1000 - image: vabene1111/recipes - labels: - - homepage.group=Lifestyle - - homepage.name=Tandoor Recipes - - homepage.href=https://recipes.${MY_TLD} - - homepage.icon=tandoor.svg - - homepage.description=Recipes, cookbooks, meal-planning, & grocery lists - - homepage.widget.type=tandoor - - homepage.widget.url=http://tandoor-recipes:8080 - - homepage.widget.key=${TANDOOR_API_TOKEN} - - swag=enable - - swag_proto=http - - swag_url=recipes.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://trac.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8106" - target: 8080 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/tandoor/static - target: /opt/recipes/staticfiles - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/tandoor/media - target: /opt/recipes/mediafiles - type: bind - bind: - create_host_path: true - tandoor-pg: - container_name: tandoor-pg - environment: - POSTGRES_DB: tandoor - POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} - POSTGRES_USER: tandoor - expose: - - 5432 - image: postgres:16-alpine - networks: - default: null - restart: always - volumes: - - source: tandoor-pg - target: /var/lib/postgresql/data - type: volume - volume: {} - traccar: - container_name: traccar - image: traccar/traccar:latest - labels: - - homepage.group=Personal Services - - homepage.name=Traccar - - homepage.href=https://trac.${MY_TLD} - - homepage.icon=traccar.svg - - homepage.description=Open-source GPS tracking system - - swag=enable - - swag_proto=http - - swag_port=8082 - - swag_url=trac.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://trac.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: udp - published: "6000" - target: 5000 - - mode: ingress - protocol: udp - published: "6001" - target: 5001 - - mode: ingress - protocol: udp - published: "6002" - target: 5002 - - mode: ingress - protocol: udp - published: "6003" - target: 5003 - - mode: ingress - protocol: udp - published: "6004" - target: 5004 - - mode: ingress - protocol: udp - published: "6005" - target: 5005 - - mode: ingress - protocol: udp - published: "6006" - target: 5006 - - mode: ingress - protocol: udp - published: "6007" - target: 5007 - - mode: ingress - protocol: udp - published: "6008" - target: 5008 - - mode: ingress - protocol: udp - published: "6009" - target: 5009 - - mode: ingress - protocol: udp - published: "6010" - target: 5010 - - mode: ingress - protocol: udp - published: "6011" - target: 5011 - - mode: ingress - protocol: udp - published: "6012" - target: 5012 - - mode: ingress - protocol: udp - published: "6013" - target: 5013 - - mode: ingress - protocol: udp - published: "6014" - target: 5014 - - mode: ingress - protocol: udp - published: "6015" - target: 5015 - - mode: ingress - protocol: udp - published: "6016" - target: 5016 - - mode: ingress - protocol: udp - published: "6017" - target: 5017 - - mode: ingress - protocol: udp - published: "6018" - target: 5018 - - mode: ingress - protocol: udp - published: "6019" - target: 5019 - - mode: ingress - protocol: udp - published: "6020" - target: 5020 - - mode: ingress - protocol: udp - published: "6021" - target: 5021 - - mode: ingress - protocol: udp - published: "6022" - target: 5022 - - mode: ingress - protocol: udp - published: "6023" - target: 5023 - - mode: ingress - protocol: udp - published: "6024" - target: 5024 - - mode: ingress - protocol: udp - published: "6025" - target: 5025 - - mode: ingress - protocol: udp - published: "6026" - target: 5026 - - mode: ingress - protocol: udp - published: "6027" - target: 5027 - - mode: ingress - protocol: udp - published: "6028" - target: 5028 - - mode: ingress - protocol: udp - published: "6029" - target: 5029 - - mode: ingress - protocol: udp - published: "6030" - target: 5030 - - mode: ingress - protocol: udp - published: "6031" - target: 5031 - - mode: ingress - protocol: udp - published: "6032" - target: 5032 - - mode: ingress - protocol: udp - published: "6033" - target: 5033 - - mode: ingress - protocol: udp - published: "6034" - target: 5034 - - mode: ingress - protocol: udp - published: "6035" - target: 5035 - - mode: ingress - protocol: udp - published: "6036" - target: 5036 - - mode: ingress - protocol: udp - published: "6037" - target: 5037 - - mode: ingress - protocol: udp - published: "6038" - target: 5038 - - mode: ingress - protocol: udp - published: "6039" - target: 5039 - - mode: ingress - protocol: udp - published: "6040" - target: 5040 - - mode: ingress - protocol: udp - published: "6041" - target: 5041 - - mode: ingress - protocol: udp - published: "6042" - target: 5042 - - mode: ingress - protocol: udp - published: "6043" - target: 5043 - - mode: ingress - protocol: udp - published: "6044" - target: 5044 - - mode: ingress - protocol: udp - published: "6045" - target: 5045 - - mode: ingress - protocol: udp - published: "6046" - target: 5046 - - mode: ingress - protocol: udp - published: "6047" - target: 5047 - - mode: ingress - protocol: udp - published: "6048" - target: 5048 - - mode: ingress - protocol: udp - published: "6049" - target: 5049 - - mode: ingress - protocol: udp - published: "6050" - target: 5050 - - mode: ingress - protocol: udp - published: "6051" - target: 5051 - - mode: ingress - protocol: udp - published: "6052" - target: 5052 - - mode: ingress - protocol: udp - published: "6053" - target: 5053 - - mode: ingress - protocol: udp - published: "6054" - target: 5054 - - mode: ingress - protocol: udp - published: "6055" - target: 5055 - - mode: ingress - protocol: udp - published: "6056" - target: 5056 - - mode: ingress - protocol: udp - published: "6057" - target: 5057 - - mode: ingress - protocol: udp - published: "6058" - target: 5058 - - mode: ingress - protocol: udp - published: "6059" - target: 5059 - - mode: ingress - protocol: udp - published: "6060" - target: 5060 - - mode: ingress - protocol: udp - published: "6061" - target: 5061 - - mode: ingress - protocol: udp - published: "6062" - target: 5062 - - mode: ingress - protocol: udp - published: "6063" - target: 5063 - - mode: ingress - protocol: udp - published: "6064" - target: 5064 - - mode: ingress - protocol: udp - published: "6065" - target: 5065 - - mode: ingress - protocol: udp - published: "6066" - target: 5066 - - mode: ingress - protocol: udp - published: "6067" - target: 5067 - - mode: ingress - protocol: udp - published: "6068" - target: 5068 - - mode: ingress - protocol: udp - published: "6069" - target: 5069 - - mode: ingress - protocol: udp - published: "6070" - target: 5070 - - mode: ingress - protocol: udp - published: "6071" - target: 5071 - - mode: ingress - protocol: udp - published: "6072" - target: 5072 - - mode: ingress - protocol: udp - published: "6073" - target: 5073 - - mode: ingress - protocol: udp - published: "6074" - target: 5074 - - mode: ingress - protocol: udp - published: "6075" - target: 5075 - - mode: ingress - protocol: udp - published: "6076" - target: 5076 - - mode: ingress - protocol: udp - published: "6077" - target: 5077 - - mode: ingress - protocol: udp - published: "6078" - target: 5078 - - mode: ingress - protocol: udp - published: "6079" - target: 5079 - - mode: ingress - protocol: udp - published: "6080" - target: 5080 - - mode: ingress - protocol: udp - published: "6081" - target: 5081 - - mode: ingress - protocol: udp - published: "6082" - target: 5082 - - mode: ingress - protocol: udp - published: "6083" - target: 5083 - - mode: ingress - protocol: udp - published: "6084" - target: 5084 - - mode: ingress - protocol: udp - published: "6085" - target: 5085 - - mode: ingress - protocol: udp - published: "6086" - target: 5086 - - mode: ingress - protocol: udp - published: "6087" - target: 5087 - - mode: ingress - protocol: udp - published: "6088" - target: 5088 - - mode: ingress - protocol: udp - published: "6089" - target: 5089 - - mode: ingress - protocol: udp - published: "6090" - target: 5090 - - mode: ingress - protocol: udp - published: "6091" - target: 5091 - - mode: ingress - protocol: udp - published: "6092" - target: 5092 - - mode: ingress - protocol: udp - published: "6093" - target: 5093 - - mode: ingress - protocol: udp - published: "6094" - target: 5094 - - mode: ingress - protocol: udp - published: "6095" - target: 5095 - - mode: ingress - protocol: udp - published: "6096" - target: 5096 - - mode: ingress - protocol: udp - published: "6097" - target: 5097 - - mode: ingress - protocol: udp - published: "6098" - target: 5098 - - mode: ingress - protocol: udp - published: "6099" - target: 5099 - - mode: ingress - protocol: udp - published: "6100" - target: 5100 - - mode: ingress - protocol: udp - published: "6101" - target: 5101 - - mode: ingress - protocol: udp - published: "6102" - target: 5102 - - mode: ingress - protocol: udp - published: "6103" - target: 5103 - - mode: ingress - protocol: udp - published: "6104" - target: 5104 - - mode: ingress - protocol: udp - published: "6105" - target: 5105 - - mode: ingress - protocol: udp - published: "6106" - target: 5106 - - mode: ingress - protocol: udp - published: "6107" - target: 5107 - - mode: ingress - protocol: udp - published: "6108" - target: 5108 - - mode: ingress - protocol: udp - published: "6109" - target: 5109 - - mode: ingress - protocol: udp - published: "6110" - target: 5110 - - mode: ingress - protocol: udp - published: "6111" - target: 5111 - - mode: ingress - protocol: udp - published: "6112" - target: 5112 - - mode: ingress - protocol: udp - published: "6113" - target: 5113 - - mode: ingress - protocol: udp - published: "6114" - target: 5114 - - mode: ingress - protocol: udp - published: "6115" - target: 5115 - - mode: ingress - protocol: udp - published: "6116" - target: 5116 - - mode: ingress - protocol: udp - published: "6117" - target: 5117 - - mode: ingress - protocol: udp - published: "6118" - target: 5118 - - mode: ingress - protocol: udp - published: "6119" - target: 5119 - - mode: ingress - protocol: udp - published: "6120" - target: 5120 - - mode: ingress - protocol: udp - published: "6121" - target: 5121 - - mode: ingress - protocol: udp - published: "6122" - target: 5122 - - mode: ingress - protocol: udp - published: "6123" - target: 5123 - - mode: ingress - protocol: udp - published: "6124" - target: 5124 - - mode: ingress - protocol: udp - published: "6125" - target: 5125 - - mode: ingress - protocol: udp - published: "6126" - target: 5126 - - mode: ingress - protocol: udp - published: "6127" - target: 5127 - - mode: ingress - protocol: udp - published: "6128" - target: 5128 - - mode: ingress - protocol: udp - published: "6129" - target: 5129 - - mode: ingress - protocol: udp - published: "6130" - target: 5130 - - mode: ingress - protocol: udp - published: "6131" - target: 5131 - - mode: ingress - protocol: udp - published: "6132" - target: 5132 - - mode: ingress - protocol: udp - published: "6133" - target: 5133 - - mode: ingress - protocol: udp - published: "6134" - target: 5134 - - mode: ingress - protocol: udp - published: "6135" - target: 5135 - - mode: ingress - protocol: udp - published: "6136" - target: 5136 - - mode: ingress - protocol: udp - published: "6137" - target: 5137 - - mode: ingress - protocol: udp - published: "6138" - target: 5138 - - mode: ingress - protocol: udp - published: "6139" - target: 5139 - - mode: ingress - protocol: udp - published: "6140" - target: 5140 - - mode: ingress - protocol: udp - published: "6141" - target: 5141 - - mode: ingress - protocol: udp - published: "6142" - target: 5142 - - mode: ingress - protocol: udp - published: "6143" - target: 5143 - - mode: ingress - protocol: udp - published: "6144" - target: 5144 - - mode: ingress - protocol: udp - published: "6145" - target: 5145 - - mode: ingress - protocol: udp - published: "6146" - target: 5146 - - mode: ingress - protocol: udp - published: "6147" - target: 5147 - - mode: ingress - protocol: udp - published: "6148" - target: 5148 - - mode: ingress - protocol: udp - published: "6149" - target: 5149 - - mode: ingress - protocol: udp - published: "6150" - target: 5150 - - mode: ingress - protocol: tcp - published: "6000" - target: 5000 - - mode: ingress - protocol: tcp - published: "6001" - target: 5001 - - mode: ingress - protocol: tcp - published: "6002" - target: 5002 - - mode: ingress - protocol: tcp - published: "6003" - target: 5003 - - mode: ingress - protocol: tcp - published: "6004" - target: 5004 - - mode: ingress - protocol: tcp - published: "6005" - target: 5005 - - mode: ingress - protocol: tcp - published: "6006" - target: 5006 - - mode: ingress - protocol: tcp - published: "6007" - target: 5007 - - mode: ingress - protocol: tcp - published: "6008" - target: 5008 - - mode: ingress - protocol: tcp - published: "6009" - target: 5009 - - mode: ingress - protocol: tcp - published: "6010" - target: 5010 - - mode: ingress - protocol: tcp - published: "6011" - target: 5011 - - mode: ingress - protocol: tcp - published: "6012" - target: 5012 - - mode: ingress - protocol: tcp - published: "6013" - target: 5013 - - mode: ingress - protocol: tcp - published: "6014" - target: 5014 - - mode: ingress - protocol: tcp - published: "6015" - target: 5015 - - mode: ingress - protocol: tcp - published: "6016" - target: 5016 - - mode: ingress - protocol: tcp - published: "6017" - target: 5017 - - mode: ingress - protocol: tcp - published: "6018" - target: 5018 - - mode: ingress - protocol: tcp - published: "6019" - target: 5019 - - mode: ingress - protocol: tcp - published: "6020" - target: 5020 - - mode: ingress - protocol: tcp - published: "6021" - target: 5021 - - mode: ingress - protocol: tcp - published: "6022" - target: 5022 - - mode: ingress - protocol: tcp - published: "6023" - target: 5023 - - mode: ingress - protocol: tcp - published: "6024" - target: 5024 - - mode: ingress - protocol: tcp - published: "6025" - target: 5025 - - mode: ingress - protocol: tcp - published: "6026" - target: 5026 - - mode: ingress - protocol: tcp - published: "6027" - target: 5027 - - mode: ingress - protocol: tcp - published: "6028" - target: 5028 - - mode: ingress - protocol: tcp - published: "6029" - target: 5029 - - mode: ingress - protocol: tcp - published: "6030" - target: 5030 - - mode: ingress - protocol: tcp - published: "6031" - target: 5031 - - mode: ingress - protocol: tcp - published: "6032" - target: 5032 - - mode: ingress - protocol: tcp - published: "6033" - target: 5033 - - mode: ingress - protocol: tcp - published: "6034" - target: 5034 - - mode: ingress - protocol: tcp - published: "6035" - target: 5035 - - mode: ingress - protocol: tcp - published: "6036" - target: 5036 - - mode: ingress - protocol: tcp - published: "6037" - target: 5037 - - mode: ingress - protocol: tcp - published: "6038" - target: 5038 - - mode: ingress - protocol: tcp - published: "6039" - target: 5039 - - mode: ingress - protocol: tcp - published: "6040" - target: 5040 - - mode: ingress - protocol: tcp - published: "6041" - target: 5041 - - mode: ingress - protocol: tcp - published: "6042" - target: 5042 - - mode: ingress - protocol: tcp - published: "6043" - target: 5043 - - mode: ingress - protocol: tcp - published: "6044" - target: 5044 - - mode: ingress - protocol: tcp - published: "6045" - target: 5045 - - mode: ingress - protocol: tcp - published: "6046" - target: 5046 - - mode: ingress - protocol: tcp - published: "6047" - target: 5047 - - mode: ingress - protocol: tcp - published: "6048" - target: 5048 - - mode: ingress - protocol: tcp - published: "6049" - target: 5049 - - mode: ingress - protocol: tcp - published: "6050" - target: 5050 - - mode: ingress - protocol: tcp - published: "6051" - target: 5051 - - mode: ingress - protocol: tcp - published: "6052" - target: 5052 - - mode: ingress - protocol: tcp - published: "6053" - target: 5053 - - mode: ingress - protocol: tcp - published: "6054" - target: 5054 - - mode: ingress - protocol: tcp - published: "6055" - target: 5055 - - mode: ingress - protocol: tcp - published: "6056" - target: 5056 - - mode: ingress - protocol: tcp - published: "6057" - target: 5057 - - mode: ingress - protocol: tcp - published: "6058" - target: 5058 - - mode: ingress - protocol: tcp - published: "6059" - target: 5059 - - mode: ingress - protocol: tcp - published: "6060" - target: 5060 - - mode: ingress - protocol: tcp - published: "6061" - target: 5061 - - mode: ingress - protocol: tcp - published: "6062" - target: 5062 - - mode: ingress - protocol: tcp - published: "6063" - target: 5063 - - mode: ingress - protocol: tcp - published: "6064" - target: 5064 - - mode: ingress - protocol: tcp - published: "6065" - target: 5065 - - mode: ingress - protocol: tcp - published: "6066" - target: 5066 - - mode: ingress - protocol: tcp - published: "6067" - target: 5067 - - mode: ingress - protocol: tcp - published: "6068" - target: 5068 - - mode: ingress - protocol: tcp - published: "6069" - target: 5069 - - mode: ingress - protocol: tcp - published: "6070" - target: 5070 - - mode: ingress - protocol: tcp - published: "6071" - target: 5071 - - mode: ingress - protocol: tcp - published: "6072" - target: 5072 - - mode: ingress - protocol: tcp - published: "6073" - target: 5073 - - mode: ingress - protocol: tcp - published: "6074" - target: 5074 - - mode: ingress - protocol: tcp - published: "6075" - target: 5075 - - mode: ingress - protocol: tcp - published: "6076" - target: 5076 - - mode: ingress - protocol: tcp - published: "6077" - target: 5077 - - mode: ingress - protocol: tcp - published: "6078" - target: 5078 - - mode: ingress - protocol: tcp - published: "6079" - target: 5079 - - mode: ingress - protocol: tcp - published: "6080" - target: 5080 - - mode: ingress - protocol: tcp - published: "6081" - target: 5081 - - mode: ingress - protocol: tcp - published: "6082" - target: 5082 - - mode: ingress - protocol: tcp - published: "6083" - target: 5083 - - mode: ingress - protocol: tcp - published: "6084" - target: 5084 - - mode: ingress - protocol: tcp - published: "6085" - target: 5085 - - mode: ingress - protocol: tcp - published: "6086" - target: 5086 - - mode: ingress - protocol: tcp - published: "6087" - target: 5087 - - mode: ingress - protocol: tcp - published: "6088" - target: 5088 - - mode: ingress - protocol: tcp - published: "6089" - target: 5089 - - mode: ingress - protocol: tcp - published: "6090" - target: 5090 - - mode: ingress - protocol: tcp - published: "6091" - target: 5091 - - mode: ingress - protocol: tcp - published: "6092" - target: 5092 - - mode: ingress - protocol: tcp - published: "6093" - target: 5093 - - mode: ingress - protocol: tcp - published: "6094" - target: 5094 - - mode: ingress - protocol: tcp - published: "6095" - target: 5095 - - mode: ingress - protocol: tcp - published: "6096" - target: 5096 - - mode: ingress - protocol: tcp - published: "6097" - target: 5097 - - mode: ingress - protocol: tcp - published: "6098" - target: 5098 - - mode: ingress - protocol: tcp - published: "6099" - target: 5099 - - mode: ingress - protocol: tcp - published: "6100" - target: 5100 - - mode: ingress - protocol: tcp - published: "6101" - target: 5101 - - mode: ingress - protocol: tcp - published: "6102" - target: 5102 - - mode: ingress - protocol: tcp - published: "6103" - target: 5103 - - mode: ingress - protocol: tcp - published: "6104" - target: 5104 - - mode: ingress - protocol: tcp - published: "6105" - target: 5105 - - mode: ingress - protocol: tcp - published: "6106" - target: 5106 - - mode: ingress - protocol: tcp - published: "6107" - target: 5107 - - mode: ingress - protocol: tcp - published: "6108" - target: 5108 - - mode: ingress - protocol: tcp - published: "6109" - target: 5109 - - mode: ingress - protocol: tcp - published: "6110" - target: 5110 - - mode: ingress - protocol: tcp - published: "6111" - target: 5111 - - mode: ingress - protocol: tcp - published: "6112" - target: 5112 - - mode: ingress - protocol: tcp - published: "6113" - target: 5113 - - mode: ingress - protocol: tcp - published: "6114" - target: 5114 - - mode: ingress - protocol: tcp - published: "6115" - target: 5115 - - mode: ingress - protocol: tcp - published: "6116" - target: 5116 - - mode: ingress - protocol: tcp - published: "6117" - target: 5117 - - mode: ingress - protocol: tcp - published: "6118" - target: 5118 - - mode: ingress - protocol: tcp - published: "6119" - target: 5119 - - mode: ingress - protocol: tcp - published: "6120" - target: 5120 - - mode: ingress - protocol: tcp - published: "6121" - target: 5121 - - mode: ingress - protocol: tcp - published: "6122" - target: 5122 - - mode: ingress - protocol: tcp - published: "6123" - target: 5123 - - mode: ingress - protocol: tcp - published: "6124" - target: 5124 - - mode: ingress - protocol: tcp - published: "6125" - target: 5125 - - mode: ingress - protocol: tcp - published: "6126" - target: 5126 - - mode: ingress - protocol: tcp - published: "6127" - target: 5127 - - mode: ingress - protocol: tcp - published: "6128" - target: 5128 - - mode: ingress - protocol: tcp - published: "6129" - target: 5129 - - mode: ingress - protocol: tcp - published: "6130" - target: 5130 - - mode: ingress - protocol: tcp - published: "6131" - target: 5131 - - mode: ingress - protocol: tcp - published: "6132" - target: 5132 - - mode: ingress - protocol: tcp - published: "6133" - target: 5133 - - mode: ingress - protocol: tcp - published: "6134" - target: 5134 - - mode: ingress - protocol: tcp - published: "6135" - target: 5135 - - mode: ingress - protocol: tcp - published: "6136" - target: 5136 - - mode: ingress - protocol: tcp - published: "6137" - target: 5137 - - mode: ingress - protocol: tcp - published: "6138" - target: 5138 - - mode: ingress - protocol: tcp - published: "6139" - target: 5139 - - mode: ingress - protocol: tcp - published: "6140" - target: 5140 - - mode: ingress - protocol: tcp - published: "6141" - target: 5141 - - mode: ingress - protocol: tcp - published: "6142" - target: 5142 - - mode: ingress - protocol: tcp - published: "6143" - target: 5143 - - mode: ingress - protocol: tcp - published: "6144" - target: 5144 - - mode: ingress - protocol: tcp - published: "6145" - target: 5145 - - mode: ingress - protocol: tcp - published: "6146" - target: 5146 - - mode: ingress - protocol: tcp - published: "6147" - target: 5147 - - mode: ingress - protocol: tcp - published: "6148" - target: 5148 - - mode: ingress - protocol: tcp - published: "6149" - target: 5149 - - mode: ingress - protocol: tcp - published: "6150" - target: 5150 - - mode: ingress - protocol: tcp - published: "8082" - target: 8082 - restart: unless-stopped - volumes: - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/traccar/traccar.xml - target: /opt/traccar/conf/traccar.xml - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/traccar/logs - target: /opt/traccar/logs - type: bind - bind: - create_host_path: true - traccar-pg: - container_name: traccar-pg - environment: - - POSTGRES_PASSWORD=${TRACCAR_POSTGRES_PASSWORD} - - POSTGRES_USER=${TRACCAR_POSTGRES_USER} - - POSTGRES_DB=${TRACCAR_POSTGRES_DATABASE} - expose: - - 5432 - image: postgres:16-alpine - networks: - default: null - restart: unless-stopped - volumes: - - source: traccar-pg - target: /var/lib/postgresql/data - type: bind - bind: - create_host_path: true - unmanic: - container_name: unmanic - environment: - - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:universal-stdout-logs - - PUID=${PUID} - - PGID=${PGID} - - LOGS_TO_STDOUT=/config/.unmanic/logs/unmanic.log - image: josh5/unmanic:latest - labels: - - homepage.group=Media Library - - homepage.name=Unmanic - - homepage.href=https://unmanic.${MY_TLD} - - homepage.icon=unmanic.png - - homepage.description=Library Optimizer - - homepage.widget.type=unmanic - - homepage.widget.url=http://unmanic:8888 - - swag=enable - - swag_port=8888 - - swag_url=unmanic.${MY_TLD} - - swag_proto=http - - swag.uptime-kuma.enabled=true - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8911" - target: 8888 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/unmanic - target: /config - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_STORAGE} - target: /library - type: bind - bind: - create_host_path: true - - source: unmanic-cache - target: /tmp/unmanic - type: volume - volume: {} - uptimekuma: - container_name: uptimekuma - environment: - - PGID=1000 - - PUID=1000 - - TZ=America/New_York - - UPTIME_KUMA_USERNAME=${UPTIME_KUMA_USERNAME} - - UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD} - - DOCKER_HOST=http://dockerproxy:2375 - - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:uptime-kuma - hostname: Rinoa - image: louislam/uptime-kuma:latest - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=Uptime Kuma - - homepage.href=https://uptime.${MY_TLD} - - homepage.icon=uptime-kuma.png - - homepage.description=HTTP Endpoint Monitoring - - swag=enable - - swag_proto=http - - swag_url=uptime.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3003" - target: 3001 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/uptimekuma - target: /app/data - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - wallabag: - container_name: wallabag - depends_on: - mariadb: - condition: service_started - required: true - redis: - condition: service_started - required: true - environment: - - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql - - SYMFONY__ENV__DATABASE_HOST=mariadb - - SYMFONY__ENV__DATABASE_PORT=3306 - - SYMFONY__ENV__DATABASE_NAME=${WALLABAG_DB} - - SYMFONY__ENV__DATABASE_USER=${WALLABAG_DB} - - SYMFONY__ENV__DATABASE_PASSWORD=${WALLABAG_DB_PASSWORD} - - SYMFONY__ENV__DATABASE_CHARSET=utf8 - - SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_" - - SYMFONY__ENV__MAILER_DSN=smtp://postal-smtp - - SYMFONY__ENV__FROM_EMAIL=noreply@trez.wtf - - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.${MY_TLD} - - SYMFONY__ENV__SERVER_NAME="Wallabag @ Rinoa" - - SYMFONY__ENV__REDIS_HOST=redis - - SYMFONY__ENV__REDIS_PORT=6379 - healthcheck: - interval: 1m - test: - - CMD - - wget - - --no-verbose - - --tries=1 - - --spider - - http://localhost - timeout: 3s - image: wallabag/wallabag - labels: - - swag=enable - - swag_address=wallabag - - swag_proto=http - - swag.uptime-kuma.enabled=true - - homepage.group=Lifestyle - - homepage.name=Wallabag - - homepage.href=https://wallabag.${MY_TLD} - - homepage.icon=wallabag.png - - homepage.description=Knowledge Store - networks: - default: null - ports: - - mode: ingress - protocol: tcp - target: 80 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/wallabag/images - target: /var/www/wallabag/web/assets/images - type: bind - bind: - create_host_path: true - wallos: - container_name: wallos - environment: - TZ: ${TZ} - image: bellamy/wallos:latest - labels: - - homepage.group=Lifestyle - - homepage.name=wallos - - homepage.href=https://subs.${MY_TLD} - - homepage.icon=wallos.png - - homepage.description=Subscription Tracking - - swag=enable - - swag_proto=http - - swag_url=subs.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://trac.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8283" - target: 80 - restart: unless-stopped - volumes: - - source: wallos-db - target: /var/www/html/db - type: bind - bind: - create_host_path: true - - source: wallos-logos - target: /var/www/html/images/uploads/logos - type: bind - bind: - create_host_path: true - watchtower: - container_name: watchtower - environment: - - REPO_PASS= - - REPO_USER= - - TZ=America/New_York - - WATCHTOWER_CLEANUP=true - - WATCHTOWER_INCLUDE_STOPPED=false - - WATCHTOWER_MONITOR_ONLY=false - - WATCHTOWER_NOTIFICATIONS=gotify - - WATCHTOWER_NOTIFICATIONS_LEVEL=info - - WATCHTOWER_NOTIFICATION_TEMPLATE={{range .}}{{.Message}}{{println}}{{end}} - - WATCHTOWER_NOTIFICATION_URL= - - WATCHTOWER_SCHEDULE=0 0 4 * * * - - WATCHTOWER_TIMEOUT=30s - - WATCHTOWER_HTTP_API_METRICS=true - - WATCHTOWER_HTTP_API_TOKEN=${WATCHTOWER_HTTP_API_TOKEN} - - WATCHTOWER_NOTIFICATION_GOTIFY_URL=${WATCHTOWER_NOTIFICATION_GOTIFY_URL} - - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN} - - WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true - expose: - - 8080 - hostname: Rinoa - image: ghcr.io/containrrr/watchtower:latest - labels: - - homepage.group=Automation - - homepage.name=Watchtower - - homepage.icon=watchtower.svg - - homepage.description=Container-based solution for automating Docker container base image updates - - homepage.widget.type=watchtower - - homepage.widget.url=http://watchtower:8080 - - homepage.widget.key=${WATCHTOWER_HTTP_API_TOKEN} - networks: - default: null - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - - bind: - create_host_path: true - source: /var/run/docker.sock - target: /var/run/docker.sock - type: bind - watchyourlan: - container_name: watchyourlan - environment: - DBPATH: /data/db.sqlite - GUIIP: 0.0.0.0 - GUIPORT: "8840" - IFACE: eno4 - IGNOREIP: "no" - SHOUTRRR_URL: "" - THEME: darkly - TIMEOUT: "120" - TZ: America/New_York - image: aceberg/watchyourlan - labels: - - homepage.group=Infrastructure/App Performance Monitoring - - homepage.name=WatchYourLAN - - homepage.href=https://wyl.${MY_TLD} - - homepage.icon=watchyourlan.png - - homepage.description=Lightweight network IP scanner - - swag=enable - - swag_proto=http - - swag_url=wyl.trez - - swag_port=8840 - network_mode: host - ports: - - mode: ingress - protocol: tcp - published: "8840" - target: 8840 - restart: unless-stopped - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/watchyourlan - target: /data - type: bind - bind: - create_host_path: true - wazuh.agent: - container_name: wazuh.agent - environment: - - JOIN_MANAGER_PROTOCOL=https - - JOIN_MANAGER_MASTER_HOST=wazuh.manager - - JOIN_MANAGER_WORKER_HOST=wazuh.manager - - JOIN_MANAGER_USER=wazuh-wui - - JOIN_MANAGER_PASSWORD=${WAZUH_API_PASSWORD} - - JOIN_MANAGER_API_PORT=55000 - - JOIN_MANAGER_PORT=1514 - - VIRUS_TOTAL_KEY=${VIRUS_TOTAL_API_KEY} - - DOCKER_HOST=tcp://dockerproxy:2375 - hostname: wazuh.agent - image: opennix/wazuh-agent:latest - networks: - default: null - restart: unless-stopped - wazuh.dashboard: - container_name: wazuh.dashboard - depends_on: - wazuh.indexer: - condition: service_started - required: true - wazuh.manager: - condition: service_started - required: true - restart: true - environment: - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=${WAZUH_INDEXER_PASSWORD} - - WAZUH_API_URL=https://wazuh.manager - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=${WAZUH_KIBANA_PASSWORD} - - API_USERNAME=wazuh-wui - - API_PASSWORD=${WAZUH_API_PASSWORD} - hostname: wazuh.dashboard - image: wazuh/wazuh-dashboard:${WAZUH_VERSION} - labels: - - swag=enable - - swag_proto=https - - swag_port=5601 - - swag_url=wsec.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://wsec.${MY_TLD} - - homepage.group=Privacy/Security - - homepage.name=Wazuh - - homepage.href=https://wsec.${MY_TLD} - - homepage.icon=wazuh-opaque.png - - homepage.description=OSS Security Platform for XDR/SIEM - links: - - wazuh.indexer:wazuh.indexer - - wazuh.manager:wazuh.manager - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "5601" - target: 5601 - restart: always - volumes: - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/wazuh.dashboard.pem - target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/wazuh.dashboard-key.pem - target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/root-ca.pem - target: /usr/share/wazuh-dashboard/certs/root-ca.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/config/opensearch_dashboards.yml - target: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/config/wazuh.yml - target: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - type: bind - bind: - create_host_path: true - - source: wazuh-dashboard-config - target: /usr/share/wazuh-dashboard/data/wazuh/config - type: volume - volume: {} - - source: wazuh-dashboard-custom - target: /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - type: volume - volume: {} - wazuh.indexer: - container_name: wazuh.indexer - environment: - - OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m - hostname: wazuh.indexer - image: wazuh/wazuh-indexer:${WAZUH_VERSION} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "9200" - target: 9200 - restart: always - ulimits: - memlock: - hard: -1 - soft: -1 - nofile: - hard: 65536 - soft: 65536 - volumes: - - source: wazuh-indexer-data - target: /var/lib/wazuh-indexer - type: volume - volume: {} - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/root-ca.pem - target: /usr/share/wazuh-indexer/certs/root-ca.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/wazuh.indexer-key.pem - target: /usr/share/wazuh-indexer/certs/wazuh.indexer.key - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/wazuh.indexer.pem - target: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/admin.pem - target: /usr/share/wazuh-indexer/certs/admin.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/admin-key.pem - target: /usr/share/wazuh-indexer/certs/admin-key.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/config/wazuh.indexer.yml - target: /usr/share/wazuh-indexer/opensearch.yml - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/config/internal_users.yml - target: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml - type: bind - bind: - create_host_path: true - wazuh.manager: - container_name: wazuh.manager - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=${WAZUH_INDEXER_PASSWORD} - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=${WAZUH_API_PASSWORD} - hostname: wazuh.manager - image: wazuh/wazuh-manager:${WAZUH_VERSION} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "1514" - target: 1514 - - mode: ingress - protocol: tcp - published: "1515" - target: 1515 - - mode: ingress - protocol: udp - published: "514" - target: 514 - - mode: ingress - protocol: tcp - published: "55000" - target: 55000 - restart: always - ulimits: - memlock: - hard: -1 - soft: -1 - nofile: - hard: 655360 - soft: 655360 - volumes: - - source: wazuh_api_configuration - target: /var/ossec/api/configuration - type: volume - volume: {} - - source: wazuh_etc - target: /var/ossec/etc - type: volume - volume: {} - - source: wazuh_logs - target: /var/ossec/logs - type: volume - volume: {} - - source: wazuh_queue - target: /var/ossec/queue - type: volume - volume: {} - - source: wazuh_var_multigroups - target: /var/ossec/var/multigroups - type: volume - volume: {} - - source: wazuh_integrations - target: /var/ossec/integrations - type: volume - volume: {} - - source: wazuh_active_response - target: /var/ossec/active-response/bin - type: volume - volume: {} - - source: wazuh_agentless - target: /var/ossec/agentless - type: volume - volume: {} - - source: wazuh_wodles - target: /var/ossec/wodles - type: volume - volume: {} - - source: filebeat_etc - target: /etc/filebeat - type: volume - volume: {} - - source: filebeat_var - target: /var/lib/filebeat - type: volume - volume: {} - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/root-ca.pem - target: /etc/ssl/root-ca.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/wazuh.manager.pem - target: /etc/ssl/filebeat.pem - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/wazuh.manager-key.pem - target: /etc/ssl/filebeat.key - type: bind - bind: - create_host_path: true - - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/config/wazuh_manager.conf - target: /wazuh-config-mount/etc/ossec.conf - type: bind - bind: - create_host_path: true - web-check: - container_name: web-check - image: lissy93/web-check - labels: - - homepage.group=Privacy/Security - - homepage.name=Web-Check - - homepage.icon=web-check.png - - homepage.href=https://scan.${MY_TLD} - - homepage.description=Site scanner for attack vectors, architecture, security configs, and more - - swag=enable - - swag_proto=http - - swag_url=scan.${MY_TLD} - - swag_port=3000 - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://scan.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "3010" - target: 3000 - restart: unless-stopped - whodb: - container_name: whodb - environment: - WHODB_MONGODB_1: null - WHODB_MYSQL_1: null - image: clidey/whodb - labels: - - homepage.group=System Administration - - homepage.name=WhoDB - - homepage.href=https://dbs.${MY_TLD} - - homepage.icon=/icons/whodb.png - - homepage.description=Web-based DB management - - swag=enable - - swag_proto=http - - swag_port=8080 - - swag_url=dbs.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://dbs.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8900" - target: 8080 - restart: unless-stopped - your_spotify: - container_name: your_spotify - environment: - - PUID=1000 - - PGID=1000 - - TZ=${TZ} - - APP_URL=https://myspotify.${MY_TLD} - - SPOTIFY_PUBLIC=${YOUR_SPOTIFY_ID} - - SPOTIFY_SECRET=${YOUR_SPOTIFY_SECRET} - - CORS=all - - MONGO_ENDPOINT=mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/your_spotify - - LOG_LEVEL=debug - expose: - - 8080 - extra_hosts: - - host.docker.internal:host-gateway - image: lscr.io/linuxserver/your_spotify:latest - labels: - - homepage.group=Media Library - - homepage.name=Your Spotify - - homepage.icon=your-spotify.svg - - homepage.href=https://myspotify.${MY_TLD} - - homepage.description=Personal Spotify Tracking - - swag=enable - - swag_proto=https - - swag_url=myspotify.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://myspotify.${MY_TLD} - networks: - default: null - ports: - - ${YOUR_SPOTIFY_PORT_80}:80 - - ${YOUR_SPOTIFY_PORT_443}:443 - restart: always - youtubedl: - container_name: youtubedl - environment: - PGID: "1000" - PUID: "1000" - TZ: America/New_York - YDL_CONFIG_PATH: /youtube-dl/config.yml - YDL_DEBUG: "false" - hostname: Rinoa - image: nbr23/youtube-dl-server:latest - labels: - - homepage.group=Downloaders - - homepage.name=YoutubeDL - - homepage.icon=youtubedl.png - - homepage.href=https://ytdl.${MY_TLD} - - homepage.description=YouTube Downloader - - swag=enable - - swag_proto=http - - swag_url=ytdl.${MY_TLD} - - swag_port=8080 - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://ytdl.${MY_TLD} - networks: - default: null - ports: - - mode: ingress - protocol: tcp - published: "8089" - target: 8080 - restart: unless-stopped - volumes: - - bind: - create_host_path: true - read_only: true - source: /etc/localtime - target: /etc/localtime - type: bind - - bind: - create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/youtubedl - target: /youtube-dl - type: bind - - bind: - create_host_path: true - source: /rinoa-storage - target: /storage - type: bind - zammad-backup: - command: - - zammad-backup - container_name: zammad-backup - depends_on: - zammad-postgresql: - condition: service_started - required: true - zammad-railsserver: - condition: service_started - required: true - entrypoint: /usr/local/bin/backup.sh - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - BACKUP_TIME: "03:00" - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - HOLD_DAYS: "10" - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - TZ: Europe/Berlin - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: postgres:${ZAMMAD_POSTGRES_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-backup - target: /var/tmp/zammad - type: volume - volume: {} - - read_only: true - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/zammad/scripts/backup.sh - target: /usr/local/bin/backup.sh - type: bind - volume: {} - zammad-elasticsearch: - container_name: zammad-elasticsearch - expose: - - 9200 - image: bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-es-data - target: /bitnami/elasticsearch/data - type: volume - volume: {} - zammad-init: - command: - - zammad-init - container_name: zammad-init - depends_on: - zammad-postgresql: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - hostname: init - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: on-failure - user: "0:0" - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: volume - bind: - create_host_path: true - zammad-memcached: - command: memcached -m 256M - container_name: zammad-memcached - image: memcached:${ZAMMAD_MEMCACHE_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - zammad-nginx: - command: - - zammad-nginx - container_name: zammad-nginx - depends_on: - zammad-railsserver: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - expose: - - "8080" - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - labels: - - swag=enable - - swag_proto=http - - swag_port=8080 - - swag_url=support.${MY_TLD} - - swag.uptime-kuma.enabled=true - - swag.uptime-kuma.monitor.url=https://support.${MY_TLD} - - homepage.group=Professional Services - - homepage.name=Zammad - - homepage.href=https://support.${MY_TLD} - - homepage.icon=zammad.svg - - homepage.description=Open-source helpdesk/customer support system - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: bind - bind: - create_host_path: true - zammad-postgresql: - container_name: zammad-postgresql - environment: - POSTGRES_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS} - POSTGRES_USER: ${ZAMMAD_POSTGRES_USER} - hostname: postgresql - image: postgres:${ZAMMAD_POSTGRES_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-pg-data - target: /var/lib/postgresql/data - type: volume - volume: {} - zammad-railsserver: - command: - - zammad-railsserver - container_name: zammad-railserver - depends_on: - zammad-memcached: - condition: service_started - required: true - zammad-postgresql: - condition: service_started - required: true - zammad-redis: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} - zammad-redis: - container_name: zammad-redis - image: redis:${ZAMMAD_REDIS_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-redis-data - target: /data - type: volume - volume: {} - zammad-scheduler: - command: - - zammad-scheduler - container_name: zammad-scheduler - depends_on: - zammad-memcached: - condition: service_started - required: true - zammad-postgresql: - condition: service_started - required: true - zammad-redis: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} - zammad-websocket: - command: - - zammad-websocket - container_name: zammad-websocket - depends_on: - zammad-memcached: - condition: service_started - required: true - zammad-postgresql: - condition: service_started - required: true - zammad-redis: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} -volumes: - authelia-pg-db: - name: compose_authelia-pg-db - bitmagnet-pg-db: - name: bitmagnet-pg-db - castopod-media: - name: castopod-media - crowdsec-config: - name: compose_crowdsec-config - crowdsec-db: - name: compose_crowdsec-db - dagu_config: - name: compose_dagu_config - dagu_data: - name: compose_dagu_data - fastenhealth-cache: - name: compose_fastenhealth-cache - fastenhealth-db: - name: compose_fastenhealth-db - filebeat_etc: - name: filebeat_etc - filebeat_var: - name: filebeat_var - gitea-pg-db: - name: compose_gitea-pg-db - grafana-mimir-data: - name: compose_grafana-mimir-data - grafana-tempo-data: - name: compose_grafana-tempo-data - hortusfox_app_backup: - name: compose_hortusfox_app_backup - hortusfox_app_images: - name: compose_hortusfox_app_images - hortusfox_app_logs: - name: compose_hortusfox_app_logs - hortusfox_app_migrate: - name: compose_hortusfox_app_migrate - hortusfox_app_themes: - name: compose_hortusfox_app_themes - hortusfox_db_data: - name: compose_hortusfox_db_data - invidious-postgres: - name: compose_invidious-postgres - invoice_ninja_public: - name: compose_invoice_ninja_public - jitsi-web-admin-theme: - name: compose_jitsi-web-admin-theme - jitsi-web-admin-upload: - name: compose_jitsi-web-admin-upload - joplin_data: - name: compose_joplin_data - lldap_data: - name: compose_lldap_data - localai_data: - name: compose_localai_data - mattermost-postgres: - name: compose_mattermost-postgres - maybe-app: - name: compose_maybe-app - maybe-pg-db: - name: compose_maybe-pg-db - medusajs_backend_node_modules: - name: compose_medusajs_backend_node_modules - medusajs_postgres_data: - name: compose_medusajs_postgres_data - medusajs_redis_data: - name: compose_medusajs_redis_data - medusajs_storefront_node_modules: - name: compose_medusajs_storefront_node_modules - mongo1_config: - name: compose_mongo1_config - mongo1_data: - name: compose_mongo1_data - mongo2_config: - name: compose_mongo2_config - mongo2_data: - name: compose_mongo2_data - mongo3_config: - name: compose_mongo3_config - mongo3_data: - name: compose_mongo3_data - netbox-pg-db: - name: netbox-pg-db - ollama: - name: compose_ollama - paperless-ngx-data: - name: compose_paperless-ngx-data - paperless-ngx-media: - name: compose_paperless-ngx-media - paperless-ngx-pg: - name: compose_paperless-ngx-pg - plausible-db-data: - name: compose_plausible-db-data - plausible-event-data: - name: compose_plausible-event-data - plausible-event-logs: - name: compose_plausible-event-logs - reactive-resume-pg: - name: compose_reactive-resume-pg - semaphore_config: - name: semaphore_config - semaphore_data: - name: semaphore_data - semaphore_tmp: - name: semaphore_tmp - sonarqube-data: - name: sonarqube-data - sonarqube-db: - name: sonarqube-db - sonarqube-db-data: - name: sonarqube-db-data - sonarqube-extensions: - name: sonarqube-extensions - sonarqube-logs: - name: sonarqube-logs - sonarqube-temp: - name: sonarqube-temp - tandoor-pg: - name: compose_tandoor-pg - traccar-pg: - name: compose_traccar-pg - unmanic-cache: - name: compose_unmanic-cache - wallos-db: - name: compose_wallos-db - wallos-logos: - name: compose_wallos-logos - wazuh-dashboard-config: - name: wazuh-dashboard-config - wazuh-dashboard-custom: - name: wazuh-dashboard-custom - wazuh-indexer-data: - name: wazuh-indexer-data - wazuh_active_response: - name: wazuh_active_response - wazuh_agentless: - name: wazuh_agentless - wazuh_api_configuration: - name: wazuh_api_configuration - wazuh_etc: - name: wazuh_etc - wazuh_integrations: - name: wazuh_integrations - wazuh_logs: - name: wazuh_logs - wazuh_queue: - name: wazuh_queue - wazuh_var_multigroups: - name: wazuh_var_multigroups - wazuh_wodles: - name: wazuh_wodles - zammad-backup: - driver: local - name: compose_zammad-backup - zammad-es-data: - driver: local - name: compose_zammad-es-data - zammad-pg-data: - driver: local - name: compose_zammad-pg-data - zammad-redis-data: - driver: local - name: compose_zammad-redis-data - zammad-storage: - driver: local - name: compose_zammad-storage -x-shared: - zammad-service: - depends_on: - - zammad-memcached - - zammad-postgresql - - zammad-redis - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - restart: ${ZAMMAD_RESTART} - volumes: - - zammad-storage:/opt/zammad/storage diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 00000000..c672cb47 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,18 @@ +sonar.projectKey=rinoa-docker + +# Source directories to analyze +sonar.sources=. + +# Include only the docker-compose.yml file for IaC analysis +sonar.inclusions=docker-compose.yml + +# Disable all other sensors explicitly +sonar.iac.enabled=true +sonar.iac.inclusions=**/*.yml,**/*.yaml,**/docker-compose.yml +sonar.iac.exclusions=**/*.* # Exclude everything not explicitly included +sonar.exclusions=**/*.* + +# Explicitly include IaC file types (if required for broader IaC scanning) + +# Optional: Wait for quality gate in pipelines +sonar.qualitygate.wait=true \ No newline at end of file