From 06655add2ba0f5d1d4ad1a4dc7197351be365f60 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 31 Jan 2025 13:31:53 -0500 Subject: [PATCH 1/3] Attempting to put both Immich server and proxy under one domain; also updated deployment pipeline. --- .../workflows/pr-cloudflare-docker-deploy.yml | 14 +++++++- docker-compose.yml | 32 ++++++++++++------- 2 files changed, 33 insertions(+), 13 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index b858b753..cc478929 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -186,11 +186,23 @@ jobs: needs: [cloudflare-dns-setup] outputs: pr-pushed: ${{ steps.commit-readme.outputs.pushed }} + modified_services: ${{ steps.compare-services.outputs.modified_services }} steps: - name: Checkout uses: actions/checkout@v4 - name: Install yq uses: dcarbone/install-yq-action@v1 + - name: Fetch main branch for comparison + run: | + git fetch origin main:main + - name: Compare services using yq + id: compare-services + run: | + current_services=$(yq '.services | keys | .[]' docker-compose.yml | sort) + main_services=$(yq '.services | keys | .[]' $(git show main:docker-compose.yml) | sort) + modified_services=$(comm -13 <(echo "$main_services") <(echo "$current_services")) + echo "Modified services: $modified_services" + echo "modified_services=$modified_services" >> $GITHUB_OUTPUT - name: Generate service list run: | yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml @@ -292,7 +304,7 @@ jobs: uses: keatonLiu/docker-compose-remote-action@v1.2 with: docker_compose_file: docker-compose.yml - docker_args: -d --remove-orphans --pull missing --parallel -1 --no-recreate + docker_args: -d --remove-orphans --pull missing --parallel -1 ${{ steps.detect-modified-services.outputs.modified_services }} ssh_user: gitea-deploy ssh_host: 192.168.1.254 ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }} diff --git a/docker-compose.yml b/docker-compose.yml index 3afe94cb..5a9df318 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1939,6 +1939,26 @@ services: healthcheck: disable: false image: ghcr.io/immich-app/immich-server:release + labels: + swag: enable + swag_proto: http + swag_port: 2283 + swag_url: pics.${MY_TLD} + swag_server_custom_directive: >- + location /share { + proxy_pass http://immich-public-proxy:3000; + proxy_set_header Host $$host; + proxy_set_header X-Real-IP $$remote_addr; + proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $$scheme; + } + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://pics.${MY_TLD} + homepage.group: Lifestyle + homepage.name: Immich + homepage.href: https://pics.${MY_TLD} + homepage.icon: immich.svg + homepage.description: High performance self-hosted photo and video management solution ports: - 2283:2283 restart: always @@ -2003,18 +2023,6 @@ services: start_period: 10s timeout: 5s image: alangrainger/immich-public-proxy:latest - labels: - swag: enable - swag_proto: http - swag_port: 3000 - swag_url: pics.${MY_TLD} - swag.uptime-kuma.enabled: true - swag.uptime-kuma.monitor.url: https://pics.${MY_TLD} - homepage.group: Lifestyle - homepage.name: Immich - homepage.href: https://pics.${MY_TLD} - homepage.icon: immich.svg - homepage.description: High performance self-hosted photo and video management solution restart: always immich-power-tools: container_name: immich-power-tools From d8810273b77590a4355522ae9ea56bb3734a4594 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 31 Jan 2025 14:52:40 -0500 Subject: [PATCH 2/3] Tweaks to service comparison. --- .../workflows/pr-cloudflare-docker-deploy.yml | 8 +- changes.yml | 47 + main_svcs.yml | 7589 +++++++++++++++++ 3 files changed, 7641 insertions(+), 3 deletions(-) create mode 100644 changes.yml create mode 100644 main_svcs.yml diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index cc478929..b8b1b4af 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -198,9 +198,11 @@ jobs: - name: Compare services using yq id: compare-services run: | - current_services=$(yq '.services | keys | .[]' docker-compose.yml | sort) - main_services=$(yq '.services | keys | .[]' $(git show main:docker-compose.yml) | sort) - modified_services=$(comm -13 <(echo "$main_services") <(echo "$current_services")) + current_services=$(yq '.services | to_entries' docker-compose.yml) + git show main:docker-compose.yml > main_compose.yml + main_services=$(yq '.services | to_entries' main_compose.yml) + modified_services_file=$(comm -13 <(echo "$main_services") <(echo "$current_services") > changes_compose.yml) + modified_services=${egrep '^ [a-z]' changes.yml | sed -e 's|^ ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'} echo "Modified services: $modified_services" echo "modified_services=$modified_services" >> $GITHUB_OUTPUT - name: Generate service list diff --git a/changes.yml b/changes.yml new file mode 100644 index 00000000..5bda7bab --- /dev/null +++ b/changes.yml @@ -0,0 +1,47 @@ + ports: + - 2283:2283 + restart: always + labels: + swag_port: 3000 + swag_url: pics.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://pics.${MY_TLD} + homepage.group: Lifestyle + homepage.name: Immich + homepage.href: https://pics.${MY_TLD} + homepage.icon: immich.svg + homepage.description: High performance self-hosted photo and video management solution + restart: always + immich-power-tools: + container_name: immich-power-tools + environment: + IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY} + IMMICH_URL: http://immich-server:2283 + EXTERNAL_IMMICH_URL: https://pics.trez.wtf + image: ghcr.io/varun-raj/immich-power-tools:latest + ports: + - 54018:3000 + influxdb2: + container_name: influxdb2 + environment: + DOCKER_INFLUXDB_INIT_MODE: setup + DOCKER_INFLUXDB_INIT_USERNAME: admin + DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB2_ADMIN_PASSWORD} + DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: /run/secrets/influxdb2-admin-token + DOCKER_INFLUXDB_INIT_ORG: rinoa + DOCKER_INFLUXDB_INIT_BUCKET: rinoa + image: influxdb:2-alpine + labels: + swag: enable + swag_proto: http + swag_port: 8086 + swag_url: influxdb.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://influxdb.${MY_TLD} + homepage.group: System Administration + homepage.name: InfluxDBv2 + homepage.href: https://influxdb.${MY_TLD} + homepage.icon: influxdb.svg + homepage.description: Scalable datastore for metrics, events, and real-time analytics + ports: + - 8086:8086 diff --git a/main_svcs.yml b/main_svcs.yml new file mode 100644 index 00000000..3afe94cb --- /dev/null +++ b/main_svcs.yml @@ -0,0 +1,7589 @@ +name: compose +networks: + bitmagnet: + driver: bridge + ipam: + config: + - gateway: 192.168.55.1 + subnet: 192.168.55.0/27 + driver: default + name: compose_bitmagnet + default: + name: compose_default + nextcloud-aio: + external: true +services: + actual_server: + container_name: actualbudget + environment: + ACTUAL_LOGIN_METHOD: "pass" + ACTUAL_PORT: 5006 + # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20 + # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50 + # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20 + # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration + # !! If you are not using any of these options, remove the 'environment:' tag entirely. + image: docker.io/actualbudget/actual-server:latest + labels: + swag: enable + swag_port: 5006 + swag_proto: http + swag_url: fin.${MY_TLD} + homepage.group: Lifestyle + homepage.name: Actual Budget + homepage.icon: actual-budget.svg + homepage.href: https://fin.${MY_TLD} + homepage.description: Privacy-focused app for managing finances + ports: + - 5006:5006 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/actual-budget:/data + adguard: + container_name: adguard + environment: + TZ: ${TZ} + hostname: Rinoa + image: adguard/adguardhome:latest + labels: + swag: enable + swag_proto: http + swag_url: adgh.${MY_TLD} + homepage.group: System Administration + homepage.name: AdGuard Home + homepage.icon: adguard-home.png + homepage.href: https://adgh.${MY_TLD} + homepage.description: Ad-blocking/DNS + homepage.widget.type: adguard + homepage.widget.url: http://adguard:80 + homepage.widget.username: admin + homepage.widget.password: ${ADGUARD_PASSWORD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3001" + target: 3000 + - mode: ingress + protocol: tcp + published: "446" + target: 443 + - mode: ingress + protocol: tcp + published: "8008" + target: 80 + - mode: ingress + protocol: tcp + published: "853" + target: 853 + - host_ip: 0.0.0.0 + mode: ingress + protocol: tcp + published: "53" + target: 53 + - host_ip: 0.0.0.0 + mode: ingress + protocol: udp + published: "53" + target: 53 + - host_ip: 0.0.0.0 + mode: ingress + protocol: udp + published: "67" + target: 67 + - host_ip: 0.0.0.0 + mode: ingress + protocol: tcp + published: "688" + target: 68 + - host_ip: 0.0.0.0 + mode: ingress + protocol: udp + published: "688" + target: 68 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/adguard/work + target: /opt/adguardhome/work + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/adguard/conf + target: /opt/adguardhome/conf + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + - source: ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/archive/trez.wtf + target: /etc/ssl/certs + type: bind + bind: + create_host_path: true + apprise: + container_name: apprise + environment: + PGID: 1000 + PUID: 1000 + TZ: America/New_York + hostname: Rinoa + image: lscr.io/linuxserver/apprise-api:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Apprise + homepage.icon: apprise.png + homepage.href: http://192.168.1.254:8000 + homepage.description: Cemtralized, multi-channel notification API + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8000" + target: 8000 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/apprise + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + audiobookshelf: + container_name: audiobookshelf + environment: + CONFIG_PATH: /config + HOME: /config/.home + LOG_LEVEL: info + METADATA_PATH: /metadata + TZ: America/New_York + hostname: Rinoa + image: ghcr.io/advplyr/audiobookshelf:latest + labels: + homepage.group: Media Library + homepage.name: Audiobookshelf + homepage.href: https://abs.${MY_TLD} + homepage.icon: audiobookshelf.png + homepage.description: Podcasts, eBooks, & Audiobooks + homepage.widget.type: audiobookshelf + homepage.widget.url: http://audiobookshelf:80 + homepage.widget.key: ${AUDIOBOOKSHELF_ROOT_API_KEY} + swag: enable + swag_address: audiobookshelf + swag_proto: http + swag_url: abs.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://abs.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "13378" + target: 80 + restart: unless-stopped + user: 1000:1000 + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf + target: /config + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata + target: /metadata + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + authelia: + container_name: authelia + depends_on: + authelia-pg: + condition: service_started + required: true + lldap: + condition: service_started + required: true + environment: + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${AUTHELIA_AUTH_BIND_LDAP_PASSWORD} + AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET} + AUTHELIA_NOTIFIER_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + AUTHELIA_NOTIFIER_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} + AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET} + AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY} + AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD} + GUID: ${PGID} + PGID: ${PGID} + PUID: ${PUID} + TZ: ${TZ} + expose: + - 9091 + image: authelia/authelia:master + labels: + homepage.group: Privacy/Security + homepage.name: Authelia + homepage.href: https://auth.${MY_TLD} + homepage.icon: authelia.svg + homepage.description: Authentication/authorization server with MFA & SSO + swag: enable + swag_proto: http + swag_port: 9091 + swag_url: auth.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://auth.${MY_TLD} + networks: + default: null + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/authelia/ + target: /config + type: bind + bind: + create_host_path: true + authelia-pg: + container_name: authelia-pg + environment: + POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD} + POSTGRES_USER: authelia + POSTGRES_DB: authelia + expose: + - 5432 + image: postgres:16-alpine + networks: + default: null + restart: unless-stopped + volumes: + - source: authelia-pg-db + target: /var/lib/postgresql/data + type: volume + bind: + create_host_path: true + bazarr: + container_name: bazarr + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: ${TZ} + DOCKER_MODS: ghcr.io/gilbn/theme.park:bazarr + hostname: Rinoa + image: lscr.io/linuxserver/bazarr:latest + labels: + homepage.group: Servarr Stack + homepage.name: Bazarr + homepage.href: https://bazarr.${MY_TLD} + homepage.icon: bazarr.png + homepage.description: Subtitle automation for TV shows/movies + homepage.widget.type: bazarr + homepage.widget.url: http://bazarr:6767 + homepage.widget.key: ${BAZARR_API_KEY} + swag: enable + swag_proto: http + swag_port: 6767 + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "6767" + target: 6767 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/bazarr + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + bitmagnet: + command: + - worker + - run + - --keys=http_server + - --keys=queue_server + - --keys=dht_crawler + container_name: bitmagnet + depends_on: + bitmagnet-pg-db: + condition: service_healthy + required: true + gluetun: + condition: service_started + required: true + restart: true + environment: + LOG_FILE_ROTATION_ENABLED: true + POSTGRES_HOST: bitmagnet-pg-db + POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} + POSTGRES_USER: bitmagnet + image: ghcr.io/bitmagnet-io/bitmagnet:latest + labels: + homepage.group: Downloaders + homepage.name: Bitmagnet + homepage.href: https://btmag.${MY_TLD} + homepage.icon: sh-bitmagnet.png + homepage.description: Torrent indexer, DHT crawler, search engine, & content classifier + homepage.widget.type: gluetun + homepage.widget.url: http://gluetun:8000 + swag: enable + swag_proto: http + swag_address: gluetun + swag_auth: authelia + swag_auth_bypass: /v1 + swag_port: 3333 + swag_url: btmag.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://btmag.${MY_TLD} + network_mode: service:gluetun + restart: always + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/bitmagnet + target: /root/.local/share/bitmagnet + type: bind + bind: + create_host_path: true + bitmagnet-pg-db: + container_name: bitmagnet-pg-db + environment: + POSTGRES_DB: bitmagnet + POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} + POSTGRES_USER: bitmagnet + expose: + - 5432 + healthcheck: + interval: 10s + start_period: 20s + test: + - CMD-SHELL + - pg_isready + image: postgres:17-alpine + networks: + bitmagnet: + ipv4_address: 192.168.55.8 + default: null + restart: unless-stopped + shm_size: 1g + volumes: + - source: bitmagnet-pg-db + target: /var/lib/postgresql/data + type: volume + volume: {} + bitwarden: + container_name: bitwarden + environment: + ADMIN_TOKEN: ${BITWARDEN_ENVIRONMENT_ADMIN_TOKEN} + DATABASE_URL: data/db.sqlite3 + DISABLE_ADMIN_TOKEN: "false" + DOMAIN: https://bitwarden.${MY_TLD} + ENABLE_DB_WAL: "true" + INVITATIONS_ALLOWED: "false" + SHOW_PASSWORD_HINT: "false" + SIGNUPS_ALLOWED: "true" + SIGNUPS_VERIFY: "true" + TZ: America/New_York + WEBSOCKET_ENABLED: "true" + hostname: Rinoa + image: vaultwarden/server:latest + labels: + homepage.group: Privacy/Security + homepage.name: Bitwarden + homepage.icon: bitwarden.png + homepage.href: https://bitwarden.${MY_TLD} + homepage.description: Credential/Information Vault + swag: enable + swag_url: bitwarden.${MY_TLD} + swag_proto: http + swag_port: 80 + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3012" + target: 3012 + - mode: ingress + protocol: tcp + published: "8013" + target: 80 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/bitwarden + target: /data + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + bluesky-pds: + container_name: bluesky-pds + environment: + PDS_ADMIN_EMAIL: charish.patel@trez.wtf + PDS_HOSTNAME: bsky.trez.wtf + PDS_JWT_SECRET: ${BLUESKY_PDS_JWT_SECRET} + PDS_ADMIN_PASSWORD: ${BLUESKY_PDS_ADMIN_PASSWORD} + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${BLUESKY_PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX} + PDS_DATA_DIRECTORY: /pds + PDS_EMAIL_SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 + PDS_EMAIL_FROM_ADDRESS: noreply@trez.wtf + PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks + PDS_BLOB_UPLOAD_LIMIT: 52428800 + PDS_DID_PLC_URL: ${PDS_DID_PLC_URL} + PDS_BSKY_APP_VIEW_URL: ${PDS_BSKY_APP_VIEW_URL} + PDS_BSKY_APP_VIEW_DID: ${PDS_BSKY_APP_VIEW_DID} + PDS_REPORT_SERVICE_URL: ${PDS_REPORT_SERVICE_URL} + PDS_REPORT_SERVICE_DID: ${PDS_REPORT_SERVICE_DID} + PDS_CRAWLERS: ${PDS_CRAWLERS} + LOG_ENABLED: true + expose: + - 3000 + image: ghcr.io/bluesky-social/pds:latest + labels: + swag: enable + swag_port: 3000 + swag_url: bsky.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://bsky.${MY_TLD} + restart: unless-stopped + volumes: + - type: bind + source: ${DOCKER_VOLUME_CONFIG}/bluesky-pds + target: /pds + browserless: + container_name: browserless + environment: + ALLOW_FILE_PROTOCOL: true + CONCURRENT: 20 + HEALTH: false + PROXY_HOST: swag + PROXY_PORT: 443 + PROXY_SSL: true + QUEUED: 20 + TIMEOUT: 300000 + TOKEN: ${CHROMIUM_TOKEN} + TZ: ${TZ} + expose: + - 3000 + image: ghcr.io/browserless/chromium:latest + labels: + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: browse.${MY_TLD} + networks: + default: null + restart: unless-stopped + castopod: + container_name: castopod + depends_on: + mariadb: + condition: service_started + required: true + restart: true + environment: + MYSQL_DATABASE: castopod + MYSQL_USER: castopod + MYSQL_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} + CP_DATABASE_HOSTNAME: mariadb + CP_DATABASE_NAME: castopod + CP_DATABASE_USERNAME: castopod + CP_DATABASE_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} + CP_BASEURL: pod.trez.wtf + CP_ANALYTICS_SALT: ${CASTOPOD_ANALYTICS_SALT} + CP_CACHE_HANDLER: redis + CP_DISABLE_HTTPS: 1 + CP_REDIS_HOST: redis + CP_EMAIL_SMTP_HOST: postal-smtp + CP_EMAIL_FROM: noreply@trez.wtf + CP_EMAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} + CP_EMAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + expose: + - 8000 + image: castopod/castopod:latest + labels: + homepage.group: Social + homepage.name: Castopod + homepage.href: https://pod.${MY_TLD} + homepage.icon: castopod.png + homepage.description: Podcast self-hosting + swag: enable + swag_port: 8000 + swag_url: pod.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://pod.${MY_TLD} + restart: unless-stopped + volumes: + - castopod-media:/var/www/castopod/public/media + cloudflared: + command: ['tunnel', '--no-autoupdate', 'run', '--token', '${CLOUDFLARED_TUNNEL_TOKEN}'] + container_name: cloudflared + environment: + CLOUDFLARED_TUNNEL_KEY: ${CLOUDFLARED_TUNNEL_TOKEN} + image: 'cloudflare/cloudflared:latest' + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/cloudflared:/etc/cloudflared + cloudflareddns: + container_name: cloudflareddns + environment: + ARGS: --dns-cloudflare-propagation-seconds 60 + CF_APIKEY: ${CLOUDFLAREDDNS_ENVIRONMENT_APIKEY} + CF_APITOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN} + CF_HOSTS: trez.wtf + CF_RECORDTYPES: A + CF_USER: charish.patel@trez.wtf + CF_ZONES: trez.wtf + DETECTION_MODE: dig-google.com + INTERVAL: "300" + LOG_LEVEL: "3" + PGID: "1000" + PUID: "1000" + TZ: America/New_York + hostname: Rinoa + image: ghcr.io/hotio/cloudflareddns:latest + networks: + default: null + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/cloudflareddns + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + crowdsec: + container_name: crowdsec + environment: + DOCKER_HOST: tcp://dockerproxy:2375 + GID: 1000 + BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY} + COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables + image: crowdsecurity/crowdsec:latest + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8101" + target: 8080 + restart: unless-stopped + security_opt: + - no-new-privileges=true + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local + target: /etc/crowdsec/config.yaml.local + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local + target: /etc/crowdsec/local_api_credentials.yaml.local + type: bind + bind: + create_host_path: true + - read_only: true + source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx + target: /var/log/swag + type: bind + bind: + create_host_path: true + - source: crowdsec-config + target: /etc/crowdsec + type: volume + volume: {} + - source: crowdsec-db + target: /var/lib/crowdsec/data + type: volume + volume: {} + - bind: + create_host_path: true + read_only: true + source: /var/log/journal + target: /var/log/host + type: bind + crowdsec-dashboard: + container_name: crowdsec-dashboard + depends_on: + crowdsec: + condition: service_started + required: true + environment: + MB_DB_FILE: /data/metabase.db + MGID: ${GID-1000} + image: metabase/metabase + labels: + com.centurylinklabs.watchtower.enable: false + homepage.group: Privacy/Security + homepage.name: CrowdSec Dashboard + homepage.href: https://csec.${MY_TLD} + homepage.icon: crowdsec.svg + homepage.description: Real-time & crowdsourced protection against aggressive IPs + homepage.widget.type: crowdsec + homepage.widget.url: http://crowdsec:8080 + homepage.widget.username: localhost + homepage.widget.password: ${CROWDSEC_LOCAL_API_KEY} + swag: enable + swag_port: 3000 + swag_proto: http + swag_url: csec.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://csec.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8908" + target: 3000 + restart: always + volumes: + - source: crowdsec-db + target: /metabase-data + type: volume + volume: {} + czkawka: + container_name: czkawka + environment: + KEEP_APP_RUNNING: 1 + PGID: ${PGID} + PUID: ${PUID} + TZ: ${TZ} + UMASK: 1 + WEB_LISTENING_PORT: 5800 + image: jlesage/czkawka + labels: + homepage.group: System Administration + homepage.name: Czkawka + homepage.href: https://czkawka.${MY_TLD} + homepage.icon: sh-czkawka.svg + homepage.description: Smart file management + swag: enable + swag_port: 5800 + swag_proto: http + swag_url: czkawka.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://czkawka.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "5800" + target: 5800 + privileged: true + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/czkawka + target: /config + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_STORAGE} + target: /storage + type: bind + bind: + create_host_path: true + dagu-scheduler: + command: dagu scheduler + container_name: dagu-scheduler + image: ghcr.io/dagu-org/dagu:latest + networks: + default: null + restart: unless-stopped + volumes: + - source: dagu_config + target: /home/dagu/.config/dagu + type: volume + volume: {} + - source: dagu_data + target: /home/dagu/.local/share + type: volume + volume: {} + dagu-server: + container_name: dagu-server + environment: + DAGU_PORT: 8080 + image: ghcr.io/dagu-org/dagu:latest + labels: + homepage.group: System Administration + homepage.name: Dagu + homepage.href: https://cron.${MY_TLD} + homepage.icon: sh-dagu.png + homepage.description: Cron alternative using DAGs (Directed Acyclic Graphs) + swag: enable + swag_port: 8080 + swag_proto: http + swag_url: cron.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://cron.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8108" + target: 8080 + restart: unless-stopped + volumes: + - source: dagu_config + target: /home/dagu/.config/dagu + type: volume + bind: + create_host_path: true + - source: dagu_data + target: /home/dagu/.local/share + type: volume + bind: + create_host_path: true + dbgate: + container_name: dbgate + environment: + CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,lobe-chat-pg-db,mariadb,mastodon-pg-db,mongodb,netbox-db,pgbackweb,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,traccar-pg,whodb,zitadel-pg-db + + LOGIN: TrezOne + PASSWORD: ${DBGATE_LOGIN_PASSWORD} + + LABEL_mariadb: mariadb + SERVER_mariadb: mariadb + USER_mariadb: root + PASSWORD_mariadb: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} + PORT_mariadb: 3306 + ENGINE_mariadb: mariadb@dbgate-plugin-mysql + + LABEL_authelia-pg: authelia-pg + SERVER_authelia-pg: authelia-pg + USER_authelia-pg: authelia + DATABASE_authelia-pg: authelia + PASSWORD_authelia-pg: ${BITMAGNET_POSTGRESQL_PASSWORD} + PORT_authelia-pg: 5432 + ENGINE_authelia-pg: postgres@dbgate-plugin-postgres + + LABEL_bitmagnet-pg-db: bitmagnet-pg-db + SERVER_bitmagnet-pg-db: bitmagnet-pg-db + USER_bitmagnet-pg-db: bitmagnet-pg + DATABASE_bitmagnet-pg-db: bitmagnet + PASSWORD_bitmagnet-pg-db: ${BITMAGNET_POSTGRESQL_PASSWORD} + PORT_bitmagnet-pg-db: 5432 + ENGINE_bitmagnet-pg-db: postgres@dbgate-plugin-postgres + + LABEL_gitea-db: gitea-db + SERVER_gitea-db: gitea-db + USER_gitea-db: gitea + PASSWORD_gitea-db: ${GITEA_PG_DB_PASSWORD} + DATABASE_gitea-db: gitea + PORT_gitea-db: 5432 + ENGINE_gitea-db: postgres@dbgate-plugin-postgres + + LABEL_invidious-db: invidious-db + SERVER_invidious-db: invidious-db + USER_invidious-db: kemal + PASSWORD_invidious-db: ${INVID_PG_DB_PASSWORD} + PORT_invidious-db: 5432 + DATABASE_invidious-db: invidious + ENGINE_invidious-db: postgres@dbgate-plugin-postgres + + LABEL_joplin-db: joplin-db + SERVER_joplin-db: joplin-db + USER_joplin-db: ${JOPLIN_POSTGRES_USER} + PASSWORD_joplin-db: ${JOPLIN_POSTGRES_DATABASE} + DATABASE_joplin-db: joplin + PORT_joplin-db: 5432 + ENGINE_joplin-db: postgres@dbgate-plugin-postgres + + LABEL_lobe-chat-pg-db: lobe-chat-pg-db + SERVER_lobe-chat-pg-db: lobe-chat-pg-db + USER_lobe-chat-pg-db: lobe + PASSWORD_lobe-chat-pg-db: ${GITEA_PG_DB_PASSWORD} + DATABASE_lobe-chat-pg-db: lobe + PORT_lobe-chat-pg-db: 5432 + ENGINE_lobe-chat-pg-db: postgres@dbgate-plugin-postgres + + LABEL_mastodon-pg-db: mastodon-pg-db + SERVER_mastodon-pg-db: mastodon-pg-db + USER_mastodon-pg-db: mastodon + PASSWORD_mastodon-pg-db: ${MASTODON_PG_DB_PASSWORD} + DATABASE_mastodon-pg-db: mastodon + PORT_mastodon-pg-db: 5432 + ENGINE_mastodon-pg-db: postgres@dbgate-plugin-postgres + + LABEL_mongodb: mongodb + URI_mongodb: mongodb://root:${MONGO_INITDB_ROOT_PASSWORD}@mongodb:27017 + ENGINE_mongodb: mongo@dbgate-plugin-mongo-v2 + + LABEL_netbox-db: netbox-db + SERVER_netbox-db: netbox-db + USER_netbox-db: netbox + PASSWORD_netbox-db: ${NETBOX_PG_DB_PASSWORD} + PORT_netbox-db: 5432 + DATABASE_netbox-db: netbox + ENGINE_netbox-db: postgres@dbgate-plugin-postgres + + LABEL_pgbackweb-db: pgbackweb-db + SERVER_pgbackweb-db: pgbackweb-db + USER_pgbackweb-db: pgbackweb + PASSWORD_pgbackweb-db: ${PGBACKWEB_PG_DB_PASSWD} + PORT_pgbackweb-db: 5432 + ENGINE_pgbackweb-db: postgres@dbgate-plugin-postgres + + LABEL_plausible-db: plausible-db + SERVER_plausible-db: plausible-db + USER_plausible-db: plausible + PASSWORD_plausible-db: ${PLAUSIBLE_PG_PASSWORD} + PORT_plausible-db: 5432 + ENGINE_plausible-db: postgres@dbgate-plugin-postgres + + LABEL_reactive-resume-pg: reactive-resume-pg + SERVER_reactive-resume-pg: reactive-resume-pg + USER_reactive-resume-pg: reactiveresume + PASSWORD_reactive-resume-pg: ${REACTIVE_RESUME_PGSQL_PASSWORD} + PORT_reactive-resume-pg: 5432 + ENGINE_reactive-resume-pg: postgres@dbgate-plugin-postgres + + LABEL_sonarqube-pg-db: sonarqube-pg-db + SERVER_sonarqube-pg-db: sonarqube-pg-db + USER_sonarqube-pg-db: sonar + PASSWORD_sonarqube-pg-db: ${SONARQUBE_POSTGRES_PASSWORD} + PORT_sonarqube-pg-db: 5432 + ENGINE_sonarqube-pg-db: postgres@dbgate-plugin-postgres + + LABEL_synapse-db: synapse-db + SERVER_synapse-db: synapse-db + USER_synapse-db: synapse + PASSWORD_synapse-db: ${SYNAPSE_POSTGRES_PASSWORD} + PORT_synapse-db: 5432 + ENGINE_synapse-db: postgres@dbgate-plugin-postgres + + LABEL_tandoor-pg: tandoor-pg + SERVER_tandoor-pg: tandoor-pg + USER_tandoor-pg: tandoor + PASSWORD_tandoor-pg: ${TANDOOR_POSTGRES_PASSWORD} + PORT_tandoor-pg: 5432 + ENGINE_tandoor-pg: postgres@dbgate-plugin-postgres + + LABEL_traccar-pg: traccar-pg + SERVER_traccar-pg: traccar-pg + USER_traccar-pg: ${TRACCAR_POSTGRES_USER} + PASSWORD_traccar-pg: ${TRACCAR_POSTGRES_PASSWORD} + PORT_traccar-pg: 5432 + ENGINE_traccar-pg: postgres@dbgate-plugin-postgres + + LABEL_zitadel-pg-db: zitadel-pg-db + SERVER_zitadel-pg-db: zitadel-pg-db + USER_zitadel-pg-db: root + PASSWORD_zitadel-pg-db: ${ZITADEL_DB_ADMIN_PASSWORD} + PORT_zitadel-pg-db: 5432 + ENGINE_zitadel-pg-db: postgres@dbgate-plugin-postgres + image: dbgate/dbgate:alpine + labels: + homepage.group: System Administration + homepage.name: DbGate + homepage.href: https://dbs.${MY_TLD} + homepage.icon: sh-dbgate.png + homepage.description: Cross-platform database manager + swag: enable + swag_port: 3000 + swag_proto: http + swag_url: dbs.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD} + ports: + - 49054:3000 + restart: unless-stopped + volumes: + - dbgate-data:/root/.dbgate + delugevpn: + cap_add: + - NET_ADMIN + - SYS_MODULE + container_name: delugevpn + environment: + ENABLE_PRIVOXY: "no" + LAN_NETWORK: 192.168.1.0/24 + NAME_SERVERS: 192.168.1.254,1.1.1.1 + PGID: "1000" + PUID: "1000" + TZ: America/New_York + VPN_CLIENT: openvpn + VPN_ENABLED: "yes" + VPN_INPUT_PORTS: "" + VPN_OPTIONS: "" + VPN_OUTPUT_PORTS: "" + VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA + VPN_PROV: pia + VPN_USER: p3120278 + hostname: Rinoa + image: ghcr.io/binhex/arch-delugevpn:latest + labels: + homepage.group: Downloaders + homepage.name: DelugeVPN + homepage.href: https://deluge.${MY_TLD} + homepage.icon: deluge.png + homepage.description: Torrent over VPN + homepage.widget.type: deluge + homepage.widget.url: http://delugevpn:8112 + homepage.widget.password: ${DELUGEVPN_PASSWORD} + swag: enable + swag_port: 8112 + swag_proto: http + swag_url: deluge.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://deluge.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "58846" + target: 58846 + - mode: ingress + protocol: tcp + published: "58946" + target: 58946 + - mode: ingress + protocol: tcp + published: "6881" + target: 6881 + - mode: ingress + protocol: tcp + published: "8112" + target: 8112 + - mode: ingress + protocol: tcp + published: "8118" + target: 8118 + privileged: true + restart: unless-stopped + sysctls: + net.ipv4.conf.all.src_valid_mark: "1" + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/delugevpn + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + docker-socket-proxy: + container_name: dockerproxy + environment: + AUTH: 1 + BUILD: 1 + COMMIT: 1 + CONFIGS: 1 + CONTAINERS: 1 + DISTRIBUTION: 1 + EVENTS: 1 + EXEC: 1 + GPRC: 1 + IMAGES: 1 + INFO: 1 + NETWORKS: 1 + NODES: 1 + POST: 1 + PLUGINS: 1 + SERVICES: 1 + SESSION: 1 + SYSTEM: 1 + TASKS: 1 + VOLUMES: 1 + LOG_LEVEL: debug + image: ghcr.io/tecnativa/docker-socket-proxy:latest + labels: + komodo.skip: s + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "2375" + target: 2375 + privileged: true + restart: unless-stopped + volumes: + - bind: + create_host_path: true + source: /var/run/docker.sock + target: /var/run/docker.sock + type: bind + docuseal: + container_name: docuseal + image: docuseal/docuseal:latest + labels: + homepage.group: Personal Services + homepage.name: Docuseal + homepage.href: https://docs.${MY_TLD} + homepage.description: OSS Document Signing & Verification + homepage.icon: docuseal.png + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: sign.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://sign.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3002" + target: 3000 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/docuseal + target: /data + type: bind + bind: + create_host_path: true + duplicati: + container_name: duplicati + environment: + PGID: "1000" + PUID: "1000" + TZ: America/New_York + hostname: Rinoa + image: lscr.io/linuxserver/duplicati:latest + labels: + swag: enable + swag_port: 8200 + swag_proto: http + swag_url: dup.${MY_TLD} + homepage.group: Automation + homepage.name: Duplicati + homepage.href: https://dup.${MY_TLD} + homepage.icon: duplicati.png + homepage.description: Data backup + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8282" + target: 8200 + - ${DUPLICATI_PORT_8200}:8200 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/duplicati + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + - bind: + create_host_path: true + source: /home/charish/.config/appdata/backups + target: /backups + type: bind + - bind: + create_host_path: true + source: /home/charish/.config/appdata + target: /source + type: bind + fastenhealth: + container_name: fastenhealth + image: ghcr.io/fastenhealth/fasten-onprem:main + labels: + homepage.group: Lifestyle + homepage.name: Fasten + homepage.icon: sh-fasten-health.svg + homepage.href: http://health.${MY_TLD} + homepage.description: Open-source, self-hosted, personal/family electronic medical record aggregator + swag: enable + swag_proto: http + swag_port: 8080 + swag_url: health.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://health.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8105" + target: 8080 + restart: unless-stopped + volumes: + - source: fastenhealth-cache + target: /opt/fasten/cache + type: volume + volume: {} + - source: fastenhealth-db + target: /opt/fasten/db + type: volume + volume: {} + flaresolverr: + container_name: flaresolverr + environment: + CAPTCHA_SOLVER: none + LOG_HTML: false + LOG_LEVEL: info + PORT: 8191 + TZ: America/New_York + BROWSER_TIMEOUT: 40000 + TEST_URL: https://duckduckgo.com + hostname: Rinoa + image: ghcr.io/flaresolverr/flaresolverr:latest + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8191" + target: 8191 + restart: unless-stopped + sysctls: + - net.ipv6.conf.all.disable_ipv6=1 + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + ghost: + container_name: ghost_blog + depends_on: + mariadb: + condition: service_started + required: true + restart: true + environment: + database__client: mysql + database__connection__host: mariadb + database__connection__port: 3306 + database__connection__user: ${GHOST_DB_USER} + database__connection__password: ${GHOST_DB_PASSWORD} + database__connection__database: ghost_db + mail__transport: SMTP + mail__options__host: postal-smtp + mail__options__port: 25 + mail__options__secure: false + mail__options__auth__user: ${POSTAL_SMTP_AUTH_USER} + mail__options__auth__pass: ${POSTAL_SMTP_AUTH_PASSWORD} + mail__from: "noreply@trez.wtf" + url: https://blog.${MY_TLD} + image: ghost:latest + labels: + homepage.group: Lifestyle + homepage.name: Ghost + homepage.href: https://blog.${MY_TLD} + homepage.icon: ghost.png + homepage.description: Personal blog + swag: enable + swag_port: 2368 + swag_proto: http + swag_url: blog.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://blog.${MY_TLD} + links: + - mariadb + networks: + default: null + restart: always + gitea: + container_name: gitea + depends_on: + gitea-db: + condition: service_healthy + required: true + environment: + USER_UID: ${PUID} + USER_GID: ${PGID} + GITEA__database__DB_TYPE: postgres + GITEA__database__HOST: gitea-db:5432 + GITEA__database__NAME: gitea + GITEA__database__USER: gitea + GITEA__database__PASSWD: ${GITEA_PG_DB_PASSWORD} + GITEA__mailer__ENABLED: true + GITEA__mailer__FROM: '"Gitea" ' + GITEA__mailer__PROTOCOL: smtp + GITEA__mailer__SMTP_ADDR: postal-smtp + GITEA__mailer__SMTP_PORT: 25 + GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER} + GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD} + image: gitea/gitea:1.23.1 + labels: + homepage.group: Code/DevOps + homepage.name: Gitea + homepage.href: https://git.${MY_TLD} + homepage.icon: gitea.svg + homepage.description: Private Code Repo + homepage.widget.type: gitea + homepage.widget.url: http://gitea:3000 + homepage.widget.key: ${GITEA_HOMEPAGE_API_KEY} + swag: enable + swag_url: git.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://git.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3013" + target: 3000 + - mode: ingress + protocol: tcp + published: "222" + target: 22 + restart: always + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/gitea + target: /data/gitea + type: bind + bind: + create_host_path: true + - bind: + create_host_path: true + read_only: true + source: /etc/timezone + target: /etc/timezone + type: bind + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + gitea-db: + container_name: gitea-db + environment: + POSTGRES_USER: gitea + POSTGRES_PASSWORD: ${GITEA_PG_DB_PASSWORD} + POSTGRES_DB: gitea + expose: + - 5432 + healthcheck: + interval: 10s + start_period: 20s + test: + - CMD-SHELL + - pg_isready + image: postgres:14 + networks: + default: null + restart: always + volumes: + - source: gitea-pg-db + target: /var/lib/postgresql/data + type: volume + volume: {} + gitea-opengist: + container_name: gitea-opengist + environment: + OG_LOG_LEVEL: warn + OG_EXTERNAL_URL: https://gist.trez.wtf + OG_GIT_DEFAULT_BRANCH: "main" + OG_GITEA_CLIENT_KEY: ${OPENGIST_GITEA_CLIENT_KEY} + OG_GITEA_SECRET: ${OPENGIST_GITEA_SECRET} + OG_GITEA_URL: https://git.trez.wtf + OG_GITEA_NAME: "Gitea @ Rinoa" + OG_SSH_EXTERNAL_DOMAIN: gist-ssh.trez.wtf + image: ghcr.io/thomiceli/opengist:latest + labels: + homepage.description: Private Code Gists + homepage.group: Code/DevOps + homepage.href: https://gist.trez.wtf + homepage.icon: sh-opengist.svg + homepage.name: Opengist + swag: enable + swag.uptime-kuma.enabled: "true" + swag.uptime-kuma.monitor.url: https://gist.trez.wtf + swag_port: "6157" + swag_proto: http + swag_url: gist.trez.wtf + ports: + - "6157:6157" # HTTP port + - "2222:2222" # SSH port, can be removed if you don't use SSH + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/gitea/opengist:/opengist + gitea-runner: + container_name: gitea-runner + depends_on: + gitea: + condition: service_started + environment: + CONFIG_FILE: /config.yaml + DOCKER_HOST: tcp://dockerproxy:2375 + GITEA_INSTANCE_URL: https://git.trez.wtf + GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" + GITEA_RUNNER_NAME: "gitea-runner-1" + image: gitea/act_runner:latest + ports: + - 63604:63604 + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml + gitea-sonarqube-bot: + container_name: gitea-sonarqube-bot + depends_on: + gitea: + condition: service_started + sonarqube: + condition: service_started + image: justusbunsi/gitea-sonarqube-bot:v0.4.0 + environment: + GITEA_SQ_BOT_PORT: 58525 + GITEA_SQ_BOT_CONFIG_PATH: /home/bot/config/config.yaml + ports: + - 58525:58525 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/ + gluetun: + cap_add: + - NET_ADMIN + container_name: gluetun + environment: + OPENVPN_PASSWORD: ${DELUGEVPN_ENVIRONMENT_VPN_PASS} + OPENVPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER} + PORT_FORWARD_ONLY: true + SERVER_REGIONS: Bahamas,Belgium,Cyprus,Estonia,FI Helsinki,Iceland,Latvia,Lithuania,Luxembourg,Montenegro,Netherlands,Portugal,DK Copenhagen,Ukraine,Uruguay + VPN_SERVICE_PROVIDER: private internet access + expose: + - 8000 + extra_hosts: + - bitmagnet-pg-db:192.168.55.8 + image: qmcgaw/gluetun:latest + networks: + bitmagnet: + ipv4_address: 192.168.55.7 + default: null + ports: + - mode: ingress + protocol: tcp + published: "3333" + target: 3333 + - mode: ingress + protocol: tcp + published: "3334" + target: 3334 + - mode: ingress + protocol: udp + published: "3334" + target: 3334 + - mode: ingress + protocol: tcp + published: "5030" + target: 5030 + - mode: ingress + protocol: tcp + published: "5031" + target: 5031 + - mode: ingress + protocol: tcp + published: "50300" + target: 50300 + restart: always + gotify: + container_name: gotify + environment: + GOTIFY_SERVER_PORT: 80 + GOTIFY_SERVER_KEEPALIVEPERIODSECONDS: 0 + GOTIFY_SERVER_LISTENADDR: + GOTIFY_SERVER_SSL_ENABLED: false + GOTIFY_SERVER_SSL_REDIRECTTOHTTPS: true + GOTIFY_SERVER_SSL_LISTENADDR: + GOTIFY_SERVER_SSL_PORT: 443 + GOTIFY_SERVER_SSL_CERTFILE: + GOTIFY_SERVER_SSL_CERTKEY: + GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED: false + GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS: false + GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE: certs + GOTIFY_SERVER_STREAM_PINGPERIODSECONDS: 45 + GOTIFY_DATABASE_DIALECT: sqlite3 + GOTIFY_DATABASE_CONNECTION: data/gotify.db + GOTIFY_DEFAULTUSER_NAME: admin + GOTIFY_DEFAULTUSER_PASS: ${GOTIFY_PASSWORD} + GOTIFY_PASSSTRENGTH: 10 + GOTIFY_UPLOADEDIMAGESDIR: data/images + GOTIFY_PLUGINSDIR: data/plugins + GOTIFY_REGISTRATION: false + image: gotify/server + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Gotify + homepage.href: https://gotify.${MY_TLD} + homepage.icon: gotify.png + homepage.description: Notification System + homepage.widget.type: gotify + homepage.widget.url: http://gotify + homepage.widget.key: ${GOTIFY_HOMEPAGE_CLIENT_KEY} + swag: enable + swag_proto: http + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8097" + target: 80 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/gotify + target: /app/data + type: bind + bind: + create_host_path: true + grafana: + container_name: grafana + depends_on: + grafana-alloy: + condition: service_started + required: true + environment: + GF_INSTALL_PLUGINS: grafana-piechart-panel + TZ: America/New_York + hostname: Rinoa + image: grafana/grafana-enterprise:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Grafana (LGTM) + homepage.href: https://mon.${MY_TLD} + homepage.description: Monitoring Dashboard for metrics, logs, traces, & profiles + homepage.icon: grafana.png + homepage.widget.type: grafana + homepage.widget.url: http://grafana:3000 + homepage.widget.username: admin + homepage.widget.password: ${GRAFANA_ADMIN_PASSWORD} + swag: enable + swag_proto: http + swag_url: mon.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://mon.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3006" + target: 3000 + restart: unless-stopped + user: 1000:1000 + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - source: ${DOCKER_VOLUME_CONFIG}/grafana/data + target: /var/lib/grafana + type: bind + bind: + create_host_path: true + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + grafana-alloy: + cap_add: + - SYS_ADMIN + - SYS_TIME + - BPF + - SYSLOG + command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy + container_name: grafana-alloy + environment: + DOCKER_HOST: tcp://dockerproxy:2375 + image: grafana/alloy:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Grafana Alloy + homepage.description: Agent for metric/log/trace/profile collection and writing + homepage.href: http://192.168.1.254:12345 + homepage.icon: sh-grafana-alloy.svg + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "12345" + target: 12345 + privileged: true + restart: always + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy + target: /etc/alloy/config.alloy + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json + target: /etc/alloy/endpoints.json + type: bind + bind: + create_host_path: true + - bind: + create_host_path: true + read_only: true + source: /proc + target: /host/proc + type: bind + - bind: + create_host_path: true + read_only: true + source: /sys + target: /host/sys + type: bind + - bind: + create_host_path: true + read_only: true + source: / + target: /rootfs + type: bind + grafana-loki: + command: -config.file=/etc/loki/loki-config.yaml + container_name: grafana-loki + depends_on: + grafana-alloy: + condition: service_started + required: true + image: grafana/loki:latest + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3100" + target: 3100 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml + target: /etc/loki/loki-config.yaml + type: bind + bind: + create_host_path: true + grafana-mimir: + command: + - -ingester.native-histograms-ingestion-enabled=true + - -config.file=/etc/mimir.yaml + container_name: grafana-mimir + depends_on: + grafana-alloy: + condition: service_started + required: true + image: grafana/mimir:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Grafana Mimir + homepage.href: http://192.168.1.254:9009 + homepage.description: Long-term metrics storage + homepage.icon: /icons/grafana-mimir.png + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "9009" + target: 9009 + restart: unless-stopped + volumes: + - source: grafana-mimir-data + target: /data + type: volume + volume: {} + - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml + target: /etc/mimir.yaml + type: bind + bind: + create_host_path: true + grafana-mimir-memcached: + container_name: grafana-mimir-memcached + depends_on: + grafana-alloy: + condition: service_started + required: true + environment: + MEMCACHED_MEMORY_LIMIT: 1g + MEMCACHED_THREADS: 4 + MEMCACHED_MAX_CONNECTIONS: 2048 + MEMCACHED_TCP_PORT: 11211 + MEMCACHED_UDP_PORT: 11211 + image: memcached + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "11211" + target: 11211 + restart: unless-stopped + grafana-pyroscope: + command: + - -config.file=/etc/pyroscope.yml + container_name: grafana-pyroscope + depends_on: + grafana-alloy: + condition: service_started + required: true + image: grafana/pyroscope:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Grafana Pyroscope + homepage.description: Profiling for applications + homepage.href: http://192.168.1.254:4040 + homepage.icon: /icons/grafana-pyroscope.svg + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "4040" + target: 4040 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml + target: /etc/pyroscope.yml + type: bind + bind: + create_host_path: true + grafana-tempo: + command: + - -config.file=/etc/tempo.yaml + container_name: grafana-tempo + depends_on: + grafana-alloy: + condition: service_started + required: true + image: grafana/tempo:latest + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "14268" + target: 14268 + - mode: ingress + protocol: tcp + published: "3200" + target: 3200 + - mode: ingress + protocol: tcp + published: "9095" + target: 9095 + - mode: ingress + protocol: tcp + published: "4317" + target: 4317 + - mode: ingress + protocol: tcp + published: "4318" + target: 4318 + - mode: ingress + protocol: tcp + published: "9411" + target: 9411 + restart: unless-stopped + volumes: + - source: grafana-tempo-data + target: /var/tempo + type: volume + volume: {} + - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml + target: /etc/tempo.yaml + type: bind + bind: + create_host_path: true + guacamole: + container_name: guacamole + environment: + DOCKER_HOST: tcp://dockerproxy:2375 + EXTENSIONS: 'auth-totp' + TZ: ${TZ} + image: flcontainers/guacamole:latest + labels: + homepage.group: System Administration + homepage.name: Guacamole + homepage.description: Client-less remote desktop gateway + homepage.href: https://guac.trez.wtf + homepage.icon: guacamole.svg + swag: enable + swag_proto: http + swag_port: 8080 + swag_url: guac.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://guac.${MY_TLD} + ports: + - 62173:8080 + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/guacamole/:/config + - /etc/localtime:/etc/localtime:ro + homepage: + container_name: homepage + image: ghcr.io/gethomepage/homepage:latest + labels: + swag_server_custom_directive: access_log /config/log/$$host_access.log ; error_log /config/log/$$host_error.log ; + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3004" + target: 3000 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/homepage + target: /app/config + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/homepage/images + target: /app/public/images + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/homepage/icons + target: /app/public/icons + type: bind + bind: + create_host_path: true + - read_only: true + source: ${DOCKER_VOLUME_STORAGE} + target: /rinoa-storage + type: bind + bind: + create_host_path: true + hortusfox: + container_name: hortusfox + depends_on: + mariadb: + condition: service_started + required: true + restart: true + environment: + APP_ADMIN_EMAIL: charish.patel@trez.wtf + APP_ADMIN_PASSWORD: ${HORTUSFOX_ADMIN_PASSWORD} + DB_CHARSET: utf8mb4 + DB_DATABASE: hortusfox + DB_HOST: mariadb + DB_PASSWORD: ${HORTUSFOX_DB_PASSWORD} + DB_PORT: 3306 + DB_USERNAME: hortusfox + image: ghcr.io/danielbrendel/hortusfox-web:latest + labels: + swag: enable + swag_proto: http + swag_url: plants.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://plants.${MY_TLD} + homepage.group: Lifestyle + homepage.name: HortusFox + homepage.href: https://plants.${MY_TLD} + homepage.icon: hortusfox.png + homepage.description: Plant management system + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8006" + target: 80 + restart: unless-stopped + volumes: + - source: hortusfox_app_images + target: /var/www/html/public/img + type: volume + volume: {} + - source: hortusfox_app_logs + target: /var/www/html/app/logs + type: volume + volume: {} + - source: hortusfox_app_backup + target: /var/www/html/public/backup + type: volume + volume: {} + - source: hortusfox_app_themes + target: /var/www/html/public/themes + type: volume + volume: {} + - source: hortusfox_app_migrate + target: /var/www/html/app/migrations + type: volume + volume: {} + hugo: + command: hugo server --baseURL "it-services.trez.wtf" --bind 0.0.0.0 --appendPort=false --source=/src/it-services --configDir=/src/it-services/config/ -e production --logLevel debug + container_name: hugo + image: hugomods/hugo:exts + labels: + swag: enable + swag_proto: http + swag_port: 1313 + swag_url: it-services.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://it-services.${MY_TLD} + homepage.group: Professional Services + homepage.name: Hugo + homepage.href: https://it-services.${MY_TLD} + homepage.icon: hugo.svg + homepage.description: Static site + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "1313" + target: 1313 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/hugo/ + target: /src + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/hugo/cache + target: /tmp/hugo_cache + type: bind + bind: + create_host_path: true + immich-server: + container_name: immich-server + depends_on: + redis: + condition: service_started + required: true + immich-pg-db: + condition: service_started + required: true + environment: + DB_DATABASE_NAME: immich + DB_HOSTNAME: immich-pg-db + DB_PORT: 5432 + DB_USERNAME: immich + DB_PASSWORD: ${IMMICH_DB_PASSWORD} + IMMICH_TELEMETRY_INCLUDE: all + healthcheck: + disable: false + image: ghcr.io/immich-app/immich-server:release + ports: + - 2283:2283 + restart: always + volumes: + # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file + - ${DOCKER_VOLUME_STORAGE}/Pics:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + immich-machine-learning: + container_name: immich-machine-learning + depends_on: + immich-server: + condition: service_started + required: true + healthcheck: + disable: false + image: ghcr.io/immich-app/immich-machine-learning:release + restart: always + volumes: + - immich-model-cache:/cache + immich-pg-db: + command: >- + postgres + -c shared_preload_libraries=vectors.so + -c 'search_path="$$user", public, vectors' + -c logging_collector=on + -c max_wal_size=2GB + -c shared_buffers=512MB + -c wal_compression=on + container_name: immich-pg-db + environment: + POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD} + POSTGRES_USER: immich + POSTGRES_DB: immich + expose: + - 5432 + healthcheck: + test: >- + pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1; + Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align + --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; + echo "checksum failure count is $$Chksum"; + [ "$$Chksum" = '0' ] || exit 1 + interval: 5m + start_interval: 30s + start_period: 5m + image: tensorchord/pgvecto-rs:pg14-v0.2.1 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/immich/db:/var/lib/postgresql/data + immich-public-proxy: + container_name: immich-public-proxy + depends_on: + immich-server: + condition: service_started + required: true + environment: + IMMICH_URL: http://immich-server:2283 + expose: + - 3000 + healthcheck: + test: wget -q --spider http://localhost:3000/share/healthcheck || exit 1 + start_period: 10s + timeout: 5s + image: alangrainger/immich-public-proxy:latest + labels: + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: pics.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://pics.${MY_TLD} + homepage.group: Lifestyle + homepage.name: Immich + homepage.href: https://pics.${MY_TLD} + homepage.icon: immich.svg + homepage.description: High performance self-hosted photo and video management solution + restart: always + immich-power-tools: + container_name: immich-power-tools + environment: + IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY} + IMMICH_URL: http://immich-server:2283 + EXTERNAL_IMMICH_URL: https://pics.trez.wtf + image: ghcr.io/varun-raj/immich-power-tools:latest + ports: + - 54018:3000 + influxdb2: + container_name: influxdb2 + environment: + DOCKER_INFLUXDB_INIT_MODE: setup + DOCKER_INFLUXDB_INIT_USERNAME: admin + DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB2_ADMIN_PASSWORD} + DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: /run/secrets/influxdb2-admin-token + DOCKER_INFLUXDB_INIT_ORG: rinoa + DOCKER_INFLUXDB_INIT_BUCKET: rinoa + image: influxdb:2-alpine + labels: + swag: enable + swag_proto: http + swag_port: 8086 + swag_url: influxdb.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://influxdb.${MY_TLD} + homepage.group: System Administration + homepage.name: InfluxDBv2 + homepage.href: https://influxdb.${MY_TLD} + homepage.icon: influxdb.svg + homepage.description: Scalable datastore for metrics, events, and real-time analytics + ports: + - 8086:8086 + volumes: + - influxdb2-data:/var/lib/influxdb2 + - influxdb2-config:/etc/influxdb2 + invidious: + container_name: invidious + depends_on: + invidious-db: + condition: service_started + required: true + environment: + INVIDIOUS_CONFIG: | + db: + dbname: invidious + user: kemal + password: ${INVID_PG_DB_PASSWORD} + host: invidious-db + port: 5432 + check_tables: true + # external_port: + # domain: + # https_only: false + # statistics_enabled: false + hmac_key: "8Qyuvl9TWYdkvVo8BJ14qM4HBshKieR3KvDc3vsECx1L4OR51i-EtW2K74MmAVHeNPmJetM67T0M-9FIm7b-MA" + healthcheck: + interval: 30s + retries: 2 + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 + timeout: 5s + image: quay.io/invidious/invidious:latest + labels: + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: invid.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://invid.${MY_TLD} + homepage.group: Social + homepage.name: Invidious + homepage.href: https://invid.${MY_TLD} + homepage.icon: invidious.svg + homepage.description: Alternative YouTube frontend (privacy-focused, ad-blocking) + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3007" + target: 3000 + restart: unless-stopped + invidious-db: + container_name: invidious-db + environment: + POSTGRES_DB: invidious + POSTGRES_PASSWORD: ${INVID_PG_DB_PASSWORD} + POSTGRES_USER: kemal + healthcheck: + test: + - CMD-SHELL + - pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB + image: docker.io/library/postgres:14 + networks: + default: null + restart: unless-stopped + volumes: + - source: invidious-postgres + target: /var/lib/postgresql/data + type: volume + volume: {} + - source: ${DOCKER_VOLUME_CONFIG}/invidious/sql + target: /config/sql + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/invidious/entrypoint/init-invidious-db.sh + target: /docker-entrypoint-initdb.d/init-invidious-db.sh + type: bind + bind: + create_host_path: true + invoice_ninja: + container_name: invoice_ninja + depends_on: + mariadb: + condition: service_started + required: true + restart: true + environment: + APP_DEBUG: true + APP_KEY: ${IN_APP_KEY} + APP_URL: http://invoice_ninja:8003 + DB_DATABASE: invoice_ninja + DB_HOST: mariadb + DB_PASSWORD: ${IN_MYSQL_PASSWORD} + DB_PORT: 3306 + DB_USERNAME: ininja + IN_PASSWORD: ${IN_PASSWORD} + IN_USER_EMAIL: charish.patel@trez.wtf + MAIL_ENCRYPTION: null + MAIL_FROM_ADDRESS: noreply@trez.wtf + MAIL_FROM_NAME: null + MAIL_HOST: postal-smtp + MAIL_MAILER: log + MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + MAIL_PORT: 25 + MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} + MYSQL_DATABASE: invoice_ninja + MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} + MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} + MYSQL_USER: ininja + PDF_GENERATOR: snappdf + PHANTOMJS_PDF_GENERATION: false + QUEUE_CONNECTION: database + REQUIRE_HTTPS: false + TRUSTED_PROXIES: 172.18.0.0/16 + expose: + - 9000 + image: invoiceninja/invoiceninja:5 + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8003" + target: 8003 + restart: always + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/app/public + target: /var/www/app/public + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/app/storage + target: /var/www/app/storage + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/php/php.ini + target: /usr/local/etc/php/php.ini + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/php/php-cli.ini + target: /usr/local/etc/php/php-cli.ini + type: bind + bind: + create_host_path: true + invoice_ninja_proxy: + container_name: invoice_ninja_proxy + depends_on: + invoice_ninja: + condition: service_started + required: true + environment: + APP_DEBUG: true + APP_KEY: ${IN_APP_KEY} + APP_URL: http://invoice_ninja:9000 + DB_DATABASE: invoice_ninja + DB_HOST: mariadb + DB_PASSWORD: ${IN_MYSQL_PASSWORD} + DB_PORT: 3306 + DB_USERNAME: ininja + IN_PASSWORD: ${IN_PASSWORD} + IN_USER_EMAIL: charish.patel@trez.wtf + MAIL_ENCRYPTION: null + MAIL_FROM_ADDRESS: noreply@trez.wtf + MAIL_FROM_NAME: null + MAIL_HOST: postal-smtp + MAIL_MAILER: log + MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + MAIL_PORT: 25 + MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} + MYSQL_DATABASE: invoice_ninja + MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} + MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} + MYSQL_USER: ininja + PDF_GENERATOR: snappdf + PHANTOMJS_PDF_GENERATION: false + QUEUE_CONNECTION: database + REQUIRE_HTTPS: false + TRUSTED_PROXIES: 172.18.0.0/16 + image: nginx + labels: + swag: enable + swag_proto: http + swag_url: biz.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://biz.${MY_TLD} + homepage.group: Professional Services + homepage.name: Invoice Ninja + homepage.href: https://biz.${MY_TLD} + homepage.icon: invoice-ninja.svg + homepage.description: Simple invoicing, multiple payment options, expense and vendor management, and more! + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8005" + target: 80 + restart: always + volumes: + - read_only: true + source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/proxy/invoice_ninja.conf + target: /etc/nginx/conf.d/in-vhost.conf + type: bind + bind: + create_host_path: true + - read_only: true + source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public + target: /var/www/app/public + type: bind + bind: + create_host_path: true + it-tools: + container_name: it-tools + image: ghcr.io/corentinth/it-tools:latest + labels: + swag: enable + swag_proto: http + swag_url: itt.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://itt.${MY_TLD} + homepage.group: Code/DevOps + homepage.name: IT-Tools + homepage.href: https://itt.${MY_TLD} + homepage.icon: it-tools.svg + homepage.description: Useful tools for developers and people working in IT + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8104" + target: 80 + restart: unless-stopped + jellyfin: + container_name: jellyfin + environment: + JELLYFIN_PublishedServerUrl: https://jf.trez.wtf + image: jellyfin/jellyfin + labels: + homepage.group: Media Library + homepage.name: Jellyfin + homepage.icon: jellyfin.svg + homepage.href: https://jf.${MY_TLD} + homepage.description: Movie/TV Streaming + homepage.widget.type: jellyfin + homepage.widget.url: http://jellyfin:8096 + homepage.widget.key: ${JELLYFIN_API_KEY} + homepage.widget.enableBlocks: true + homepage.widget.enableNowPlaying: true + homepage.widget.enableUser: true + homepage.widget.showEpisodeNumber: true + homepage.widget.expandOneStreamToTwoRows: false + swag: enable + swag_url: jf.${MY_TLD} + swag_port: 8096 + swag_proto: http + swag.uptime-kuma.enabled: true + ports: + - 8487:8096 + - 7359:7359 + - 1900:1900 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/jellyfin:/config + - ${DOCKER_VOLUME_CONFIG}/jellyfin/cache:/cache + - ${DOCKER_VOLUME_STORAGE}/TV_Shows:/storage/tv + - ${DOCKER_VOLUME_STORAGE}/Movies:/storage/movies + - /etc/localtime:/etc/localtime + - /usr/share/fonts:/usr/local/share/fonts/custom + jitsi-etherpad: + container_name: jitsi-etherpad + environment: + TITLE: ${JITSI__ETHERPAD_TITLE} + DEFAULT_PAD_TEXT: ${JITSI__ETHERPAD_DEFAULT_PAD_TEXT} + SKIN_NAME: ${JITSI__ETHERPAD_SKIN_NAME} + SKIN_VARIANTS: ${JITSI__ETHERPAD_SKIN_VARIANTS} + SUPPRESS_ERRORS_IN_PAD_TEXT: true + image: etherpad/etherpad:1.8.6 + networks: + default: null + restart: unless-stopped + jitsi-jibri: + cap_add: + - SYS_ADMIN + container_name: jitsi-jibri + depends_on: + jitsi-jicofo: + condition: service_started + required: true + environment: + AUTOSCALER_SIDECAR_KEY_FILE: + AUTOSCALER_SIDECAR_KEY_ID: + AUTOSCALER_SIDECAR_GROUP_NAME: + AUTOSCALER_SIDECAR_HOST_ID: + AUTOSCALER_SIDECAR_INSTANCE_ID: + AUTOSCALER_SIDECAR_PORT: + AUTOSCALER_SIDECAR_REGION: + AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL: + AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL: + AUTOSCALER_URL: + CHROMIUM_FLAGS: + DISPLAY: :0 + ENABLE_STATS_D: + JIBRI_WEBHOOK_SUBSCRIBERS: + JIBRI_HTTP_API_EXTERNAL_PORT: + JIBRI_HTTP_API_INTERNAL_PORT: + JIBRI_RECORDING_RESOLUTION: + JIBRI_RECORDING_VIDEO_ENCODE_PRESET: + JIBRI_RECORDING_CONSTANT_RATE_FACTOR: + JIBRI_RECORDING_FRAMERATE: + JIBRI_RECORDING_QUEUE_SIZE: + JIBRI_RECORDING_STREAMING_MAX_BITRATE: + JIBRI_USAGE_TIMEOUT: + JIBRI_XMPP_USER: + JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD} + JIBRI_BREWERY_MUC: + JIBRI_RECORDER_USER: jibri-recorder + JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD} + JIBRI_RECORDING_DIR: + JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: + JIBRI_STRIP_DOMAIN_JID: + JIBRI_STATSD_HOST: + JIBRI_STATSD_PORT: + LOCAL_ADDRESS: + PUBLIC_URL: ${JITSI__PUBLIC_URL} + TZ: ${JITSI__TZ} + XMPP_AUTH_DOMAIN: + XMPP_DOMAIN: + XMPP_INTERNAL_MUC_DOMAIN: + XMPP_MUC_DOMAIN: + XMPP_RECORDER_DOMAIN: + XMPP_SERVER: + XMPP_PORT: + XMPP_TRUST_ALL_CERTS: + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable} + networks: + default: null + restart: unless-stopped + shm_size: 2gb + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri + target: /config + type: bind + bind: + create_host_path: true + jitsi-jicofo: + container_name: focus.meet.jitsi + depends_on: + jitsi-prosody: + condition: service_started + required: true + environment: + AUTH_TYPE: + BRIDGE_AVG_PARTICIPANT_STRESS: + BRIDGE_STRESS_THRESHOLD: + ENABLE_AUTH: + ENABLE_AUTO_OWNER: + ENABLE_CODEC_VP8: + ENABLE_CODEC_VP9: + ENABLE_CODEC_H264: + ENABLE_CODEC_OPUS_RED: + ENABLE_JVB_XMPP_SERVER: + ENABLE_OCTO: + ENABLE_RECORDING: 1 + ENABLE_SCTP: + ENABLE_AUTO_LOGIN: + JICOFO_AUTH_LIFETIME: + JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD} + JICOFO_AUTH_TYPE: + JICOFO_BRIDGE_REGION_GROUPS: + JICOFO_ENABLE_AUTH: + JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS: + JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT: + JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT: + JICOFO_CONF_SOURCE_SIGNALING_DELAYS: + JICOFO_CONF_MAX_AUDIO_SENDERS: + JICOFO_CONF_MAX_VIDEO_SENDERS: + JICOFO_CONF_STRIP_SIMULCAST: + JICOFO_CONF_SSRC_REWRITING: + JICOFO_ENABLE_HEALTH_CHECKS: + JICOFO_ENABLE_REST: + JICOFO_HEALTH_CHECKS_USE_PRESENCE: + JICOFO_MULTI_STREAM_BACKWARD_COMPAT: + JICOFO_OCTO_REGION: + JIBRI_BREWERY_MUC: + JIBRI_REQUEST_RETRIES: + JIBRI_PENDING_TIMEOUT: + JIGASI_BREWERY_MUC: + JIGASI_SIP_URI: + JVB_BREWERY_MUC: + JVB_XMPP_AUTH_DOMAIN: + JVB_XMPP_INTERNAL_MUC_DOMAIN: + JVB_XMPP_PORT: + JVB_XMPP_SERVER: + MAX_BRIDGE_PARTICIPANTS: + OCTO_BRIDGE_SELECTION_STRATEGY: + SENTRY_DSN: "${JICOFO_SENTRY_DSN:-0}" + SENTRY_ENVIRONMENT: + SENTRY_RELEASE: + TZ: ${JITSI__JIGAGI_SIP_SERVER} + XMPP_DOMAIN: + XMPP_AUTH_DOMAIN: + XMPP_INTERNAL_MUC_DOMAIN: + XMPP_MUC_DOMAIN: + XMPP_RECORDER_DOMAIN: + XMPP_SERVER: + XMPP_PORT: + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable} + networks: + default: null + ports: + - 127.0.0.1:${JICOFO_REST_PORT:-8889}:8888 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo + target: /config + type: bind + jitsi-jigasi: + container_name: jitsi-jigasi + depends_on: + jitsi-prosody: + condition: service_started + required: true + environment: + ENABLE_AUTH: 1 + ENABLE_GUESTS: 1 + XMPP_AUTH_DOMAIN: + XMPP_GUEST_DOMAIN: + XMPP_MUC_DOMAIN: + XMPP_INTERNAL_MUC_DOMAIN: + XMPP_SERVER: + XMPP_PORT: + XMPP_DOMAIN: + PUBLIC_URL: ${JITSI__PUBLIC_URL} + JIGASI_DISABLE_SIP: + JIGASI_SIP_URI: ${JITSI__SIP_URI} + JIGASI_SIP_PASSWORD: ${JITSI__JIGAGI_SIP_PASSWORD} + JIGASI_SIP_SERVER: ${JITSI__JIGAGI_SIP_SERVER} + JIGASI_SIP_PORT: ${JITSI__JIGAGI_SIP_PORT} + JIGASI_SIP_TRANSPORT: ${JITSI__JIGAGI_SIP_TRANSPORT} + JIGASI_SIP_DEFAULT_ROOM: + JIGASI_XMPP_USER: + JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD} + JIGASI_BREWERY_MUC: + JIGASI_PORT_MIN: + JIGASI_PORT_MAX: + JIGASI_HEALTH_CHECK_SIP_URI: + JIGASI_HEALTH_CHECK_INTERVAL: + JIGASI_SIP_KEEP_ALIVE_METHOD: + JIGASI_ENABLE_SDES_SRTP: + ENABLE_TRANSCRIPTIONS: + JIGASI_TRANSCRIBER_ADVERTISE_URL: + JIGASI_TRANSCRIBER_RECORD_AUDIO: + JIGASI_TRANSCRIBER_SEND_TXT: + GC_PROJECT_ID: + GC_PRIVATE_KEY_ID: + GC_PRIVATE_KEY: + GC_CLIENT_EMAIL: + GC_CLIENT_ID: + GC_CLIENT_CERT_URL: + SHUTDOWN_REST_ENABLED: + SENTRY_DSN: "${JIGASI_SENTRY_DSN:-0}" + SENTRY_ENVIRONMENT: + SENTRY_RELEASE: + TZ: ${JITSI__TZ} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable} + networks: + default: null + ports: + - ${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp + restart: unless-stopped + volumes: + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi + target: /config + type: bind + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts + target: /tmp/transcripts + type: bind + jitsi-jvb: + container_name: video.meet.jitsi + depends_on: + jitsi-prosody: + condition: service_started + required: true + environment: + DOCKER_HOST_ADDRESS: + ENABLE_COLIBRI_WEBSOCKET: + ENABLE_JVB_XMPP_SERVER: + ENABLE_OCTO: + JVB_ADVERTISE_IPS: + JVB_ADVERTISE_PRIVATE_CANDIDATES: + JVB_AUTH_USER: + JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD} + JVB_BREWERY_MUC: + JVB_DISABLE_STUN: + JVB_PORT: + JVB_MUC_NICKNAME: + JVB_STUN_SERVERS: + JVB_OCTO_BIND_ADDRESS: + JVB_OCTO_REGION: + JVB_OCTO_RELAY_ID: + JVB_WS_DOMAIN: + JVB_WS_SERVER_ID: + JVB_XMPP_AUTH_DOMAIN: + JVB_XMPP_INTERNAL_MUC_DOMAIN: + JVB_XMPP_PORT: + JVB_XMPP_SERVER: + PUBLIC_URL: ${JITSI__PUBLIC_URL} + SENTRY_DSN: "${JVB_SENTRY_DSN:-0}" + SENTRY_ENVIRONMENT: + SENTRY_RELEASE: + COLIBRI_REST_ENABLED: + SHUTDOWN_REST_ENABLED: + TZ: ${JITSI__JIGAGI_SIP_SERVER} + XMPP_AUTH_DOMAIN: + XMPP_INTERNAL_MUC_DOMAIN: + XMPP_SERVER: + XMPP_PORT: + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable} + networks: + default: null + ports: + - ${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp + - 127.0.0.1:${JVB_COLIBRI_PORT:-8091}:8080 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb + target: /config + type: bind + jitsi-prosody: + container_name: xmpp.meet.jitsi + environment: + AUTH_TYPE: + DISABLE_POLLS: + ENABLE_AUTH: + ENABLE_AV_MODERATION: + ENABLE_BREAKOUT_ROOMS: + ENABLE_END_CONFERENCE: + ENABLE_GUESTS: 1 + ENABLE_IPV6: + ENABLE_LOBBY: + ENABLE_RECORDING: 1 + ENABLE_XMPP_WEBSOCKET: + ENABLE_JAAS_COMPONENTS: + GC_TYPE: + GC_INC_TH: + GC_INC_SPEED: + GC_INC_STEP_SIZE: + GC_GEN_MIN_TH: + GC_GEN_MAX_TH: + GLOBAL_CONFIG: + GLOBAL_MODULES: + JIBRI_RECORDER_USER: + JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD} + JIBRI_XMPP_USER: + JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD} + JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD} + JICOFO_COMPONENT_SECRET: + JIGASI_XMPP_USER: + JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD} + JVB_AUTH_USER: + JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD} + JWT_APP_ID: + JWT_APP_SECRET: + JWT_ACCEPTED_ISSUERS: + JWT_ACCEPTED_AUDIENCES: + JWT_ASAP_KEYSERVER: + JWT_ALLOW_EMPTY: + JWT_AUTH_TYPE: + JWT_ENABLE_DOMAIN_VERIFICATION: + JWT_TOKEN_AUTH_MODULE: + MATRIX_UVS_URL: + MATRIX_UVS_ISSUER: + MATRIX_UVS_AUTH_TOKEN: + MATRIX_UVS_SYNC_POWER_LEVELS: + LOG_LEVEL: + LDAP_AUTH_METHOD: + LDAP_BASE: + LDAP_BINDDN: + LDAP_BINDPW: + LDAP_FILTER: + LDAP_VERSION: + LDAP_TLS_CIPHERS: + LDAP_TLS_CHECK_PEER: + LDAP_TLS_CACERT_FILE: + LDAP_TLS_CACERT_DIR: + LDAP_START_TLS: + LDAP_URL: + LDAP_USE_TLS: + MAX_PARTICIPANTS: + PROSODY_AUTH_TYPE: + PROSODY_RESERVATION_ENABLED: + PROSODY_RESERVATION_REST_BASE_URL: + PROSODY_ENABLE_RATE_LIMITS: + PROSODY_RATE_LIMIT_LOGIN_RATE: + PROSODY_RATE_LIMIT_SESSION_RATE: + PROSODY_RATE_LIMIT_TIMEOUT: + PROSODY_RATE_LIMIT_ALLOW_RANGES: + PROSODY_RATE_LIMIT_CACHE_SIZE: + PUBLIC_URL: ${JITSI__PUBLIC_URL} + TURN_CREDENTIALS: + TURN_HOST: + TURNS_HOST: + TURN_PORT: + TURNS_PORT: + TURN_TRANSPORT: + TZ: ${JITSI__JIGAGI_SIP_SERVER} + XMPP_DOMAIN: + XMPP_AUTH_DOMAIN: + XMPP_GUEST_DOMAIN: + XMPP_MUC_DOMAIN: + XMPP_INTERNAL_MUC_DOMAIN: + XMPP_MODULES: + XMPP_MUC_MODULES: + XMPP_MUC_CONFIGURATION: + XMPP_INTERNAL_MUC_MODULES: + XMPP_RECORDER_DOMAIN: + XMPP_PORT: + expose: + - ${XMPP_PORT:-5222} + - "5347" + - "5280" + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable} + networks: + default: null + restart: unless-stopped + volumes: + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config + target: /config + type: bind + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom + target: /prosody-plugins-custom + type: bind + jitsi-web: + container_name: meet.jitsi + environment: + AMPLITUDE_ID: + ANALYTICS_SCRIPT_URLS: + ANALYTICS_WHITELISTED_EVENTS: + AUDIO_QUALITY_OPUS_BITRATE: + AUTO_CAPTION_ON_RECORD: + BRANDING_DATA_URL: + CALLSTATS_CUSTOM_SCRIPT_URL: + CALLSTATS_ID: + CALLSTATS_SECRET: + CHROME_EXTENSION_BANNER_JSON: + COLIBRI_WEBSOCKET_PORT: + CONFCODE_URL: + CONFIG_EXTERNAL_CONNECT: + DEFAULT_LANGUAGE: + DEPLOYMENTINFO_ENVIRONMENT: + DEPLOYMENTINFO_ENVIRONMENT_TYPE: + DEPLOYMENTINFO_REGION: + DEPLOYMENTINFO_SHARD: + DEPLOYMENTINFO_USERREGION: + DESKTOP_SHARING_FRAMERATE_MIN: + DESKTOP_SHARING_FRAMERATE_MAX: + DIALIN_NUMBERS_URL: + DIALOUT_AUTH_URL: + DIALOUT_CODES_URL: + DISABLE_AUDIO_LEVELS: + DISABLE_DEEP_LINKING: + DISABLE_GRANT_MODERATOR: + DISABLE_HTTPS: + DISABLE_KICKOUT: + DISABLE_LOCAL_RECORDING: + DISABLE_POLLS: + DISABLE_PRIVATE_CHAT: + DISABLE_PROFILE: + DISABLE_REACTIONS: + DISABLE_REMOTE_VIDEO_MENU: + DISABLE_START_FOR_ALL: + DROPBOX_APPKEY: + DROPBOX_REDIRECT_URI: + DYNAMIC_BRANDING_URL: + ENABLE_AUDIO_PROCESSING: + ENABLE_AUTH: + ENABLE_BREAKOUT_ROOMS: + ENABLE_CALENDAR: + ENABLE_COLIBRI_WEBSOCKET: + ENABLE_E2EPING: + ENABLE_FILE_RECORDING_SHARING: + ENABLE_GUESTS: 1 + ENABLE_HSTS: + ENABLE_HTTP_REDIRECT: + ENABLE_IPV6: + ENABLE_LETSENCRYPT: + ENABLE_LIPSYNC: + ENABLE_NO_AUDIO_DETECTION: + ENABLE_NOISY_MIC_DETECTION: + ENABLE_OCTO: + ENABLE_OPUS_RED: + ENABLE_PREJOIN_PAGE: + ENABLE_P2P: + ENABLE_WELCOME_PAGE: + ENABLE_CLOSE_PAGE: + ENABLE_LIVESTREAMING: + ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK: + ENABLE_LIVESTREAMING_HELP_LINK: + ENABLE_LIVESTREAMING_TERMS_LINK: + ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING: + ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT: + ENABLE_LOCAL_RECORDING_SELF_START: + ENABLE_RECORDING: 1 + ENABLE_REMB: + ENABLE_REQUIRE_DISPLAY_NAME: + ENABLE_SERVICE_RECORDING: + ENABLE_SIMULCAST: + ENABLE_STATS_ID: + ENABLE_STEREO: + ENABLE_SUBDOMAINS: + ENABLE_TALK_WHILE_MUTED: + ENABLE_TCC: + ENABLE_TRANSCRIPTIONS: + ENABLE_XMPP_WEBSOCKET: + ENABLE_JAAS_COMPONENTS: + ETHERPAD_PUBLIC_URL: + ETHERPAD_URL_BASE: ${JITSI__ETHERPAD_URL_BASE} + E2EPING_NUM_REQUESTS: + E2EPING_MAX_CONFERENCE_SIZE: + E2EPING_MAX_MESSAGE_PER_SECOND: + GOOGLE_ANALYTICS_ID: + GOOGLE_API_APP_CLIENT_ID: + HIDE_PREMEETING_BUTTONS: + HIDE_PREJOIN_DISPLAY_NAME: + HIDE_PREJOIN_EXTRA_BUTTONS: + INVITE_SERVICE_URL: + LETSENCRYPT_DOMAIN: + LETSENCRYPT_EMAIL: + LETSENCRYPT_USE_STAGING: + MATOMO_ENDPOINT: + MATOMO_SITE_ID: + MICROSOFT_API_APP_CLIENT_ID: + NGINX_RESOLVER: + NGINX_WORKER_PROCESSES: + NGINX_WORKER_CONNECTIONS: + PEOPLE_SEARCH_URL: + PREFERRED_LANGUAGE: + PUBLIC_URL: ${JITSI__PUBLIC_URL} + P2P_PREFERRED_CODEC: + RESOLUTION: + RESOLUTION_MIN: + RESOLUTION_WIDTH: + RESOLUTION_WIDTH_MIN: + START_AUDIO_MUTED: + START_AUDIO_ONLY: + START_BITRATE: + START_SILENT: + START_WITH_AUDIO_MUTED: + START_VIDEO_MUTED: + START_WITH_VIDEO_MUTED: + TESTING_CAP_SCREENSHARE_BITRATE: + TESTING_OCTO_PROBABILITY: + TOKEN_AUTH_URL: + TOOLBAR_BUTTONS: + TRANSLATION_LANGUAGES: + TRANSLATION_LANGUAGES_HEAD: + TZ: ${JITSI__JIGAGI_SIP_SERVER} + USE_APP_LANGUAGE: + VIDEOQUALITY_BITRATE_H264_LOW: + VIDEOQUALITY_BITRATE_H264_STANDARD: + VIDEOQUALITY_BITRATE_H264_HIGH: + VIDEOQUALITY_BITRATE_VP8_LOW: + VIDEOQUALITY_BITRATE_VP8_STANDARD: + VIDEOQUALITY_BITRATE_VP8_HIGH: + VIDEOQUALITY_BITRATE_VP9_LOW: + VIDEOQUALITY_BITRATE_VP9_STANDARD: + VIDEOQUALITY_BITRATE_VP9_HIGH: + VIDEOQUALITY_ENFORCE_PREFERRED_CODEC: + VIDEOQUALITY_PREFERRED_CODEC: + XMPP_AUTH_DOMAIN: + XMPP_BOSH_URL_BASE: + XMPP_DOMAIN: + XMPP_GUEST_DOMAIN: + XMPP_MUC_DOMAIN: + XMPP_RECORDER_DOMAIN: + XMPP_PORT: + WHITEBOARD_ENABLED: + WHITEBOARD_COLLAB_SERVER_PUBLIC_URL: + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable} + labels: + swag: enable + swag_proto: https + swag_url: meet.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://meet.${MY_TLD} + homepage.group: Social + homepage.name: Jitsi + homepage.href: https://meet.${MY_TLD} + homepage.icon: jitsi.png + homepage.description: Web Conferencing + networks: + default: null + ports: + - ${JITSI__HTTP_PORT}:80 + - ${JITSI__HTTPS_PORT}:443 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/web + target: /config + type: bind + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs + target: /var/spool/cron/crontabs + type: bind + - bind: + create_host_path: true + selinux: Z + source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts + target: /usr/share/jitsi-meet/transcripts + type: bind + joplin-db: + container_name: joplin-db + environment: + POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD} + POSTGRES_USER: ${JOPLIN_POSTGRES_USER} + POSTGRES_DB: ${JOPLIN_POSTGRES_DATABASE} + expose: + - 5432 + image: postgres:17-alpine + networks: + default: null + restart: unless-stopped + volumes: + - source: joplin_data + target: /var/lib/postgresql/data + type: volume + volume: {} + joplin: + container_name: joplin + environment: + ACCOUNT_TYPES_ENABLED: true + APP_PORT: ${JOPLIN_APP_PORT} + APP_BASE_URL: ${JOPLIN_APP_BASE_URL} + DB_CLIENT: pg + INSTANCE_NAME: 'Joplin @ Rinoa' + IS_ADMIN_INSTANCE: true + MAILER_ENABLED: 1 + MAILER_HOST: postal-SMTP + MAILER_PORT: 25 + MAILER_SECURITY: none + MAILER_AUTH_USER: ${POSTAL_SMTP_AUTH_USER} + MAILER_AUTH_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + MAILER_NOREPLY_NAME: Joplin @ Rinoa + MAILER_NOREPLY_EMAIL: noreply@trez.wtf + POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD} + POSTGRES_DATABASE: ${JOPLIN_POSTGRES_DATABASE} + POSTGRES_USER: ${JOPLIN_POSTGRES_USER} + POSTGRES_PORT: 5432 + POSTGRES_HOST: joplin-db + image: joplin/server:latest + labels: + homepage.group: Personal Services + homepage.name: Joplin + homepage.href: https://notes.${MY_TLD} + homepage.icon: joplin.svg + homepage.description: Open-source note taking & to-do + swag: enable + swag_url: notes.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://notes.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "22300" + target: 22300 + restart: unless-stopped + lidarr: + container_name: lidarr + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: America/New_York + DOCKER_MODS: ghcr.io/gilbn/theme.park:lidarr + hostname: Rinoa + image: lscr.io/linuxserver/lidarr:latest + labels: + homepage.group: Servarr Stack + homepage.name: Lidarr + homepage.href: https://lidarr.${MY_TLD} + homepage.icon: lidarr.png + homepage.description: Music Automation + homepage.widget.type: lidarr + homepage.widget.url: http://lidarr:8686 + homepage.widget.key: ${LIDARR_API_KEY} + swag: enable + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8686" + target: 8686 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/lidarr + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + lidify: + container_name: lidify + environment: + app_name: lidify + app_rev: 0.09 + app_url: lidify.${MY_TLD} + dry_run_adding_to_lidarr: true + fallback_to_top_result: false + last_fm_api_key: ${LASTFM_API_KEY} + last_fm_api_secret: ${LASTFM_API_SECRET} + lidarr_address: http://lidarr:8686 + lidarr_api_key: ${LIDARR_API_KEY} + lidarr_api_timeout: 120 + metadata_profile_id: 1 + mode: LastFM + quality_profile_id: 1 + root_folder_path: /data/media/music + search_for_missing_albums: false + spotify_client_id: ${YOUR_SPOTIFY_ID} + spotify_client_secret: ${YOUR_SPOTIFY_SECRET} + expose: + - 5000 + image: thewicklowwolf/lidify:latest + labels: + homepage.group: Servarr Stack + homepage.name: Lidify + homepage.href: https://lidify.${MY_TLD} + homepage.icon: sh-lidify.png + homepage.description: Music Discovery a la Last.fm, Spotify, Pandora, etc. + swag: enable + swag_auth: authelia + swag_proto: http + swag_port: 5000 + swag_url: lidify.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://lidify.${MY_TLD} + networks: + default: null + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/lidify + target: /lidify/config + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music + target: /data/media/music + type: bind + bind: + create_host_path: true + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + lldap: + container_name: lldap + environment: + UID: ${PUID} + GID: ${PGID} + TZ: ${TZ} + LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} + LLDAP_KEY_SEED: ${LLDAP_KEY_SEED} + LLDAP_LDAP_BASE_DN: dc=trez,dc=wtf + image: lldap/lldap:stable + labels: + homepage.group: System Administration + homepage.name: LLDAP + homepage.href: https://ldap.${MY_TLD} + homepage.icon: /icons/lldap.png + homepage.description: LDAP made easy + swag: enable + swag_proto: http + swag_port: 17170 + swag_url: ldap.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://ldap.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "17170" + target: 17170 + restart: always + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/lldap + target: /data + type: bind + bind: + create_host_path: true + lobe-chat: + container_name: lobe-chat + depends_on: + lobe-chat-pg-db: + condition: service_started + required: true + minio: + condition: service_started + required: true + zitadel: + condition: service_started + required: true + environment: + APP_URL: https://ai.trez.wtf/ + KEY_VAULTS_SECRET: ${LOBECHAT_KEY_VAULT_SECRET} + DATABASE_URL: postgresql://lobe:${LOBECHAT_PG_DB_PASSWD}@lobe-chat-pg-db:5432/lobe + NEXTAUTH_URL: https://lobe.example.com/api/auth + NEXT_AUTH_SECRET: ${LOBECHAT_NEXT_AUTH_SECRET} + NEXT_AUTH_SSO_PROVIDERS: zitadel + AUTH_ZITADEL_ID: ${LOBECHAT_ZITADEL_CLIENT_ID} + AUTH_ZITADEL_SECRET: ${LOBECHAT_ZITADEL_CLIENT_SECRET} + AUTH_ZITADEL_ISSUER: https://id.trez.wtf + S3_ACCESS_KEY_ID: ${LOBECHAT_S3_ACCESS_KEY_ID} + S3_SECRET_ACCESS_KEY: ${LOBECHAT_S3_SECRET_ACCESS_KEY} + S3_ENDPOINT: http://minio:9000 + S3_BUCKET: lobechat + S3_PUBLIC_DOMAIN: https://s3.trez.wtf + S3_ENABLE_PATH_STYLE: 1+ + OPENAI_API_KEY: ${LOBECHAT_OPENAI_API_KEY} + ANTHROPIC_API_KEY: ${LOBECHAT_ANTHROPIC_API_KEY} + GITHUB_TOKEN: ${LOBECHAT_GITHUB_TOKEN} + OLLAMA_MODEL_LIST: +llama3.1:8b,+nomic-embed-text:latest,+starcoder2:3b,+llama3.1:latest,+llama2:7B + MISTRAL_API_KEY: ${LOBECHAT_MISTRAL_API_KEY} + GROQ_API_KEY: ${LOBECHAT_GROQAI_API_KEY} + image: lobehub/lobe-chat-database + labels: + homepage.group: Personal Services + homepage.name: LobeChat + homepage.href: https://ai.${MY_TLD} + homepage.icon: lobe-chat.png + homepage.description: An open-source, modern-design ChatGPT/LLMs UI/Framework + swag: enable + swag_proto: http + swag_port: 3210 + swag_url: ai.${MY_TLD} + ports: + - 3210:3210 + restart: unless-stopped + lobe-chat-pg-db: + container_name: lobe-chat-pg-db + environment: + POSTGRES_DB: lobe + POSTGRES_USER: lobe + POSTGRES_PASSWORD: ${LOBECHAT_PG_DB_PASSWD} + expose: + - 5432 + image: pgvector/pgvector:pg16 + volumes: + - ${DOCKER_VOLUME_CONFIG}/lobechat/db:/var/lib/postgresql/data + restart: unless-stopped + maloja: + container_name: maloja + environment: + MALOJA_CLEAN_OUTPUT: true + MALOJA_DEV_MODE: false + MALOJA_FORCE_PASSWORD: ${MALOJA_FORCE_PASSWORD} + MALOJA_LASTFM_API_KEY: ${LASTFM_API_KEY} + MALOJA_LASTFM_API_SECRET: ${LASTFM_API_SECRET} + MALOJA_LASTFM_PASSWORD: ${LASTFM_PASSWORD} + MALOJA_LASTFM_USERNAME: ${LASTFM_USERNAME} + MALOJA_LOGGING: true + MALOJA_PARSE_REMIX_ARTISTS: true + MALOJA_SCROBBLE_LASTFM: true + MALOJA_SKIP_SETUP: true + MALOJA_SPOTIFY_API_ID: ${YOUR_SPOTIFY_ID} + MALOJA_SPOTIFY_API_SECRET: ${YOUR_SPOTIFY_SECRET} + MALOJA_TIMEZONE: ${TZ} + image: krateng/maloja:latest + labels: + homepage.group: Media Library + homepage.name: Maloja + homepage.href: https://scrobble.${MY_TLD} + homepage.icon: maloja.png + homepage.description: Simple self-hosted music scrobble database to create personal listening statistics + swag: enable + swag_proto: http + swag_port: 42010 + swag_url: scrobble.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "42010" + target: 42010 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/maloja/config + target: /etc/maloja + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/maloja/data + target: /var/lib/maloja + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/maloja/logs + target: /var/log/maloja + type: bind + bind: + create_host_path: true + mariadb: + container_name: mariadb + environment: + MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} + PGID: 1000 + PUID: 1000 + TZ: America/New_York + hostname: Rinoa + image: linuxserver/mariadb + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3306" + target: 3306 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/mariadb + target: /config + type: bind + - source: ${DOCKER_VOLUME_STORAGE} + target: /storage + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/mariadb + target: /var/lib/mysql + type: bind + bind: + create_host_path: true + mastodon: + container_name: mastodon + environment: + PUID: ${PUID} + PGID: ${PGID} + TZ: ${TZ} + LOCAL_DOMAIN: trez.wtf + REDIS_HOST: redis + REDIS_PORT: 6379 + DB_HOST: mastodon-pg-db + DB_USER: mastodon + DB_NAME: mastodon + DB_PASS: ${MASTODON_PG_DB_PASSWORD} + DB_PORT: 5432 + ES_ENABLED: false + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: + SECRET_KEY_BASE: + OTP_SECRET: + VAPID_PRIVATE_KEY: + VAPID_PUBLIC_KEY: + SMTP_SERVER: postal-smtp + SMTP_PORT: 25 + SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER} + SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} + SMTP_FROM_ADDRESS: noreply@trez.wtf + S3_ENABLED: true + S3_BUCKET: mastodon + AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY} + AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY} + image: lscr.io/linuxserver/mastodon:latest + labels: + swag: enable + swag_proto: http + swag_port: 5678 + swag_url: mastodon.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD} + homepage.group: Social + homepage.name: Mastodon + homepage.href: https://mastodon.${MY_TLD} + homepage.icon: mastodon.svg + homepage.description: Open-source social network + homepage.widget.type: mastodon + homepage.widget.url: http://mastodon + ports: + - 9044:80 + - 3444:443 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/mastodon:/config + mastodon-pg-db: + container_name: mastodon-pg-db + environment: + POSTGRES_USER: mastodon + POSTGRES_PASSWORD: ${MASTODON_PG_DB_PASSWORD} + POSTGRES_DB: mastodon + expose: + - 5432 + healthcheck: + test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER + start_period: 20s + timeout: 30s + interval: 10s + retries: 5 + image: postgres:17-alpine + restart: always + volumes: + - mastodon-pg-db:/var/lib/postgresql/data + minio: + command: server --console-address ":9090" /mnt/data + container_name: minio + environment: + MINIO_ROOT_USER: minioadmin + MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} + MINIO_ACCESS_KEY: ${MINIO_MIMIR_STORAGE_ACCESS_KEY} + MINIO_SECRET_KEY: ${MINIO_MIMIR_STORAGE_SECRET_KEY} + hostname: minio + image: minio/minio + labels: + swag: enable + swag_proto: http + swag_port: 9090 + swag_url: s3.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://s3.${MY_TLD} + homepage.group: System Administration + homepage.name: MinIO + homepage.href: https://s3.${MY_TLD} + homepage.icon: minio.png + homepage.description: S3-compatible storage backend + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "9001" + target: 9000 + - mode: ingress + protocol: tcp + published: "9092" + target: 9090 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/minio/data + target: /mnt/data + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/minio/minio + target: /etc/config.env + type: bind + bind: + create_host_path: true + mongodb: + container_name: mongodb + environment: + MONGODB_ADVERTISED_HOSTNAME: mongodb + MONGODB_ENABLE_DIRECTORY_PER_DB: true + MONGODB_SYSTEM_LOG_VERBOSITY: 1 + MONGODB_ROOT_USER: ${MONGO_INITDB_ROOT_USERNAME} + MONGODB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD} + ALLOW_EMPTY_PASSWORD: yes + MONGODB_REPLICA_SET_MODE: primary + MONGODB_REPLICA_SET_NAME: rinoa + MONGODB_REPLICA_SET_KEY: ${MONGODB_REPLICA_SET_KEY} + image: bitnami/mongodb:7.0 + ports: + - 27017:27017 + restart: unless-stopped + volumes: + - mongodb_data:/data/db + - mongodb_config:/data/configdb + multi-scrobbler: + container_name: multi-scrobbler + environment: + TZ: ${TZ} + PUID: ${PUID} + PGID: ${PGID} + MALOJA_URL: http://maloja:42010 + MALOJA_API_KEY: ${MALOJA_API_KEY} + LASTFM_API_KEY: ${LASTFM_API_KEY} + LASTFM_API_SECRET: ${LASTFM_API_SECRET} + LZ_USER: Trez.on + LZ_TOKEN: ${MALOJA_LISTENBRAINZ_TOKEN} + SPOTIFY_CLIENT_ID: ${YOUR_SPOTIFY_ID} + SPOTIFY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET} + image: foxxmd/multi-scrobbler + labels: + homepage.group: Media Library + homepage.name: Multi-Scrobbler + homepage.href: http://192.168.1.254:9078 + homepage.icon: sh-multi-scrobbler.svg + homepage.description: JS App for scrobbling/recording play history from/to multiple sources + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "9078" + target: 9078 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/multi-scrobbler + target: /config + type: bind + bind: + create_host_path: true + n8n: + container_name: n8n + environment: + N8N_HOST: n8n.${MY_TLD} + N8N_PORT: 5678 + N8N_PROTOCOL: https + NODE_ENV: production + WEBHOOK_URL: https://n8n.${MY_TLD}/ + GENERIC_TIMEZONE: ${TZ} + image: docker.n8n.io/n8nio/n8n + labels: + swag: enable + swag_proto: http + swag_port: 5678 + swag_url: n8n.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://n8n.${MY_TLD} + homepage.group: Automation + homepage.name: n8n + homepage.href: https://n8n.${MY_TLD} + homepage.icon: n8n.svg + homepage.description: Extendable workflow automation tool to easily automate tasks + ports: + - 5678:5678 + restart: unless-stopped + volumes: + - n8n-data:/home/node/.n8n + navidrome: + container_name: navidrome + environment: + ND_AUTOIMPORTPLAYLISTS: false + ND_BASEURL: "" + ND_LASTFM_APIKEY: ${LASTFM_API_KEY} + ND_LASTFM_ENABLED: true + ND_LASTFM_SECRET: ${LASTFM_API_SECRET} + ND_LOGLEVEL: info + ND_MUSICFOLDER: /music + ND_SCANNER_GROUPALBUMRELEASES: true + ND_SCANSCHEDULE: '@every 6h' + ND_SESSIONTIMEOUT: 24h + ND_SPOTIFY_ID: ${YOUR_SPOTIFY_ID} + ND_SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET} + ND_SUBSONICARTISTPARTICIPATIONS: true + image: deluan/navidrome:latest + labels: + homepage.group: Media Library + homepage.name: Navidrome + homepage.href: https://navi.${MY_TLD} + homepage.icon: navidrome.png + homepage.description: Music Streaming + homepage.widget.type: navidrome + homepage.widget.url: http://navidrome:4533 + homepage.widget.user: admin + homepage.widget.token: e8a9e97b29aa963fa4729c633289d232 + homepage.widget.salt: v5Z93Z + swag: enable + swag_port: 4533 + swag_proto: http + swag_url: navi.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://navi.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "4533" + target: 4533 + restart: unless-stopped + user: 1000:1000 + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/navidrome + target: /data + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music + target: /music + type: bind + bind: + create_host_path: true + netbird-dashboard: + container_name: netbird-dashboard + environment: + # Endpoints + NETBIRD_MGMT_API_ENDPOINT: https://netbird.${MY_TLD}:33073 + NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.${MY_TLD}:33073 + # OIDC + AUTH_AUDIENCE: ${NETBIRD_ZITADEL_CLIENT_ID} + AUTH_CLIENT_ID: ${NETBIRD_ZITADEL_CLIENT_ID} + AUTH_CLIENT_SECRET: ${NETBIRD_ZITADEL_CLIENT_SECRET} + AUTH_AUTHORITY: https://id.${MY_TLD} + USE_AUTH0: false + AUTH_SUPPORTED_SCOPES: openid profile email offline_access api + AUTH_REDIRECT_URI: /auth + AUTH_SILENT_REDIRECT_URI: /silent-auth + NETBIRD_TOKEN_SOURCE: accessToken + # SSL + NGINX_SSL_PORT: 443 + # Letsencrypt + LETSENCRYPT_DOMAIN: + LETSENCRYPT_EMAIL: + image: netbirdio/dashboard:latest + labels: + homepage.group: Privacy/Security + homepage.name: Netbird + homepage.href: https://netbird.${MY_TLD} + homepage.icon: netbird.svg + homepage.description: Peer-to-peer private network and centralized access control system + swag: enable + swag_proto: http + swag_port: 80 + swag_auth: authelia + swag_url: netbird.${MY_TLD} + swag_server_custom_directive: | + location /signalexchange.SignalExchange/ { + grpc_pass grpc://netbird-signal:80; + #grpc_ssl_verify off; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + } + # Proxy Management http endpoint + location /api { + proxy_pass http://netbird-management:443; + } + # Proxy Management grpc endpoint + location /management.ManagementService/ { + grpc_pass grpc://netbird-management:443; + #grpc_ssl_verify off; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + } + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://netbird.${MY_TLD} + ports: + - 32908:80 + - 36610:443 + restart: unless-stopped + volumes: + - netbird-letsencrypt:/etc/letsencrypt/ + netbird-signal: + container_name: netbird-signal + image: netbirdio/signal:latest + ports: + - 10001:80 + restart: unless-stopped + volumes: + - netbird-signal:/var/lib/netbird + netbird-relay: + container_name: netbird-relay + image: netbirdio/relay:latest + restart: unless-stopped + environment: + NB_LOG_LEVEL: info + NB_LISTEN_ADDRESS: :33080 + NB_EXPOSED_ADDRESS: netbird.${MY_TLD}:33080 + # todo: change to a secure secret + NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET} + ports: + - 33080:33080 + netbird-management: + command: [ + "--port", "443", + "--log-file", "console", + "--log-level", "info", + "--disable-anonymous-metrics=false", + "--single-account-mode-domain=netbird.${MY_TLD}", + "--dns-domain=netbird.selfhosted" + ] + container_name: netbird-management + depends_on: + netbird-dashboard: + condition: service_started + environment: + NETBIRD_STORE_ENGINE_POSTGRES_DSN: + NETBIRD_STORE_ENGINE_MYSQL_DSN: + image: netbirdio/management:latest + restart: unless-stopped + volumes: + - netbird-mgmt:/var/lib/netbird + - netbird-letsencrypt:/etc/letsencrypt:ro + - ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json + ports: + - 33073:443 #API port + netbird-coturn: + command: + - -c /etc/turnserver.conf + container_name: netbird-coturn + image: coturn/coturn:latest + restart: unless-stopped + #domainname: netbird.${MY_TLD} # only needed when TLS is enabled + volumes: + - ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro + # - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro + # - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro + network_mode: host + netbox: + container_name: netbox + depends_on: + netbox-db: + condition: service_healthy + required: true + redis: + condition: service_started + required: true + environment: + PUID: ${PUID} + PGID: ${PGID} + TZ: ${TZ} + SUPERUSER_EMAIL: charish.patel@pm.me + SUPERUSER_PASSWORD: ${NETBOX_SUPERUSER_PASSWORD} + ALLOWED_HOST: net.trez.wtf + DB_NAME: netbox + DB_USER: netbox + DB_PASSWORD: ${NETBOX_PG_DB_PASSWORD} + DB_HOST: netbox-db + DB_PORT: 5432 + DEBUG: false + DOCKER_MODS: linuxserver/mods:netbox-slurpit + REDIS_HOST: redis + REDIS_PORT: 6379 + REMOTE_AUTH_ENABLED: + image: lscr.io/linuxserver/netbox:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Netbox + homepage.href: https://net.${MY_TLD} + homepage.icon: netbox.svg + homepage.description: Network modeling/documentation + swag: enable + swag_url: net.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://net.${MY_TLD} + ports: + - 8007:8000 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/netbox/:/config + netbox-db: + container_name: netbox-db + environment: + POSTGRES_USER: netbox + POSTGRES_PASSWORD: ${NETBOX_PG_DB_PASSWORD} + POSTGRES_DB: netbox + expose: + - 5432 + healthcheck: + test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER + start_period: 20s + timeout: 30s + interval: 10s + retries: 5 + image: postgres:17-alpine + restart: always + volumes: + - source: netbox-pg-db + target: /var/lib/postgresql/data + type: volume + volume: {} + nextcloud: + container_name: nextcloud-aio-mastercontainer + environment: + SKIP_DOMAIN_VALIDATION: false + APACHE_ADDITIONAL_NETWORK: compose_default + APACHE_IP_BINDING: 0.0.0.0 + APACHE_PORT: 11000 + expose: + - 11000 + image: nextcloud/all-in-one:latest + labels: + homepage.group: Personal Services + homepage.name: NextCloud + homepage.href: https://cloud.${MY_TLD} + homepage.icon: nextcloud.svg + homepage.description: Private Cloud + swag: enable + swag_port: 11000 + swag_proto: http + swag_address: nextcloud-aio-apache + swag_url: cloud.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://cloud.${MY_TLD} + ports: + - 56713:8080 + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + ollama: + container_name: ollama + image: ollama/ollama + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "11434" + target: 11434 + restart: always + volumes: + - source: ollama + target: /root/.ollama + type: volume + volume: {} + ombi: + container_name: ombi + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: America/New_York + hostname: Rinoa + image: lscr.io/linuxserver/ombi:latest + labels: + homepage.group: Media Library + homepage.name: Ombi + homepage.href: https://ombi.${MY_TLD} + homepage.icon: ombi.png + homepage.description: Media Requests + homepage.widget.type: ombi + homepage.widget.url: http://ombi:3579 + homepage.widget.key: ${OMBI_API_KEY} + swag: enable + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3579" + target: 3579 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/ombi + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + paperless-ngx: + container_name: paperless-ngx + depends_on: + mariadb: + condition: service_started + required: true + restart: true + environment: + PAPERLESS_DBENGINE: mariadb + PAPERLESS_DBHOST: mariadb + PAPERLESS_DBPASS: ${PAPERLESS_DBPASS} + PAPERLESS_DBPORT: 3306 + PAPERLESS_DBUSER: paperless + PAPERLESS_OCR_LANGUAGE: eng + PAPERLESS_OCR_LANGUAGES: all + PAPERLESS_REDIS: redis://redis:6379 + PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} + PAPERLESS_TIME_ZONE: ${TZ} + PAPERLESS_URL: https://docs.${MY_TLD} + USERMAP_GID: ${PGID} + USERMAP_UID: ${PUID} + image: ghcr.io/paperless-ngx/paperless-ngx:latest + labels: + swag: enable + swag_proto: http + swag_port: 8000 + swag_url: docs.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://docs.${MY_TLD} + homepage.group: Personal Services + homepage.name: Paperless-ngx + homepage.href: https://docs.${MY_TLD} + homepage.icon: paperless-ngx.svg + homepage.description: Document indexer & archiver with OCR + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8004" + target: 8000 + restart: unless-stopped + volumes: + - source: paperless-ngx-data + target: /usr/src/paperless/data + type: volume + volume: {} + - source: paperless-ngx-media + target: /usr/src/paperless/media + type: volume + volume: {} + - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/export + target: /usr/src/paperless/export + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/consume + target: /usr/src/paperless/consume + type: bind + bind: + create_host_path: true + pgbackweb: + container_name: pgbackweb + depends_on: + pgbackweb-db: + condition: service_healthy + environment: + PBW_ENCRYPTION_KEY: ${PGBACKWEB_ENCRYPTION_KEY} + PBW_POSTGRES_CONN_STRING: "postgresql://pgbackweb:${PGBACKWEB_PG_DB_PASSWD}@pgbackweb-db:5432/pgbackweb?sslmode=disable" + TZ: ${TZ} + image: eduardolat/pgbackweb:latest + labels: + homepage.group: System Administration + homepage.name: PG Back Web + homepage.href: https://pg.${MY_TLD} + homepage.icon: sh-pg-back-web.svg + homepage.description: Backups for PostgreSQL + swag: enable + swag_proto: http + swag_port: 8085 + swag_url: pg.${MY_TLD} + ports: + - "8085:8085" # Access the web interface at http://localhost:8085 + restart: unless-stopped + pgbackweb-db: + container_name: pgbackweb-db + environment: + POSTGRES_USER: pgbackweb + POSTGRES_DB: pgbackweb + POSTGRES_PASSWORD: ${PGBACKWEB_PG_DB_PASSWD} + expose: + - 5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + image: postgres:16-alpine + restart: unless-stopped + volumes: + - pgbackweb-data:/var/lib/postgresql/data + plantuml-server: + container_name: plantuml-server + expose: + - 8080 + image: 'plantuml/plantuml-server:jetty' + restart: unless-stopped + plausible: + command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" + container_name: plausible + depends_on: + plausible_db: + condition: service_started + required: true + plausible_events_db: + condition: service_started + required: true + environment: + BASE_URL: https://analytics.${MY_TLD} + CLICKHOUSE_DATABASE_URL: http://plausible-events-db:8123/plausible_events_db + DATABASE_URL: postgres://plausible:${PLAUSIBLE_PG_PASSWORD}@plausible-db:5432/plausible_db + DISABLE_REGISTRATION: invite_only + ENABLE_EMAIL_VERIFICATION: true + MAILER_ADAPTER: Bamboo.Mua + MAILER_EMAIL: noreply@trez.wtf + MAILER_NAME: Plausible + MAXMINDDB_LICENSE_KEY: ${SWAG_MAXMINDDB_LICENSE_KEY} + SECRET_KEY_BASE: ${PLAUSIBLE_SECRET_KEY_BASE} + SMTP_HOST_ADDR: postal-smtp + SMTP_HOST_PORT: 25 + SMTP_USER_NAME: ${POSTAL_SMTP_AUTH_USER} + SMTP_USER_PWD: ${POSTAL_SMTP_AUTH_PASSWORD} + TOTP_VAULT_KEY: ${PLAUSIBLE_TOTP_VAULT_KEY} + image: ghcr.io/plausible/community-edition:v2.1.0 + labels: + swag: enable + swag_proto: http + swag_port: 8000 + swag_url: analytics.${MY_TLD} + homepage.group: Professional Services + homepage.name: Plausible + homepage.href: https://analytics.${MY_TLD} + homepage.icon: plausible.svg + homepage.description: Open-source web analytics + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8107" + target: 8000 + restart: always + plausible_db: + container_name: plausible-db + environment: + POSTGRES_DB: plausible_db + POSTGRES_PASSWORD: ${PLAUSIBLE_PG_PASSWORD} + POSTGRES_USER: plausible + expose: + - 5432 + image: postgres:16-alpine + networks: + default: null + restart: always + volumes: + - plausible-db-data:/var/lib/postgresql/data + plausible_events_db: + container_name: plausible-events-db + expose: + - 8123 + image: clickhouse/clickhouse-server:24.3.3.102-alpine + networks: + default: null + restart: always + ulimits: + nofile: + hard: 262144 + soft: 262144 + volumes: + - plausible-event-data:/var/lib/clickhouse + - plausible-event-logs:/var/log/clickhouse-server + - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro + - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro + portainer: + command: -H tcp://dockerproxy:2375 + container_name: portainer + depends_on: + docker-socket-proxy: + condition: service_started + required: true + environment: + DOCKER_HOST: tcp://dockerproxy:2375 + expose: + - 9000 + - 9443 + image: portainer/portainer-ce:alpine-sts + labels: + swag: enable + swag_proto: http + swag_port: 9000 + swag_url: portainer.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://portainer.${MY_TLD} + homepage.group: System Administration + homepage.name: Portainer + homepage.href: https://portainer.${MY_TLD} + homepage.icon: portainer.svg + homepage.description: Service delivery platform for containerized applications + restart: unless-stopped + volumes: + - portainer-data:/data + postal-smtp: + cap_add: + - NET_BIND_SERVICE + command: postal smtp-server + container_name: postal-smtp + image: ghcr.io/postalserver/postal:latest + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "25" + target: 25 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/postal + target: /config + type: bind + bind: + create_host_path: true + postal-web: + command: postal web-server + container_name: postal-web + image: ghcr.io/postalserver/postal:latest + labels: + swag: enable + swag_proto: http + swag_port: 5000 + swag_address: postal-web + swag_url: post.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://post.${MY_TLD} + homepage.group: System Administration + homepage.name: Postal + homepage.href: https://post.${MY_TLD} + homepage.icon: sh-postal.svg + homepage.description: OSS Mail delivery platform + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "5001" + target: 5000 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/postal + target: /config + type: bind + bind: + create_host_path: true + postal-worker: + command: postal worker + container_name: postal-worker + environment: + LOG_LEVEL: debug + image: ghcr.io/postalserver/postal:latest + networks: + default: null + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/postal + target: /config + type: bind + bind: + create_host_path: true + prowlarr: + container_name: prowlarr + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: America/New_York + DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr + TP_DOMAIN: trez.wtf\/themepark + TP_COMMUNITY_THEME: false + TP_THEME: space-gray + hostname: Rinoa + image: lscr.io/linuxserver/prowlarr:latest + labels: + homepage.group: Servarr Stack + homepage.name: Prowlarr + homepage.href: https://prowlarr.${MY_TLD} + homepage.icon: prowlarr.png + homepage.description: Index aggregator + homepage.widget.type: prowlarr + homepage.widget.url: http://prowlarr:9696 + homepage.widget.key: ${PROWLARR_API_KEY} + swag: enable + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "9696" + target: 9696 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/prowlarr + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + radarec: + container_name: radarec + environment: + auto_start: true + auto_start_delay: 60 + dry_run_adding_to_radarr: false + fallback_to_top_result: false + language_choice: all + metadata_profile_id: 1 + minimum_rating: 4.5 + minimum_votes: 50 + quality_profile_id: 1 + radarr_address: http://radarr:7878 + radarr_api_key: ${RADARR_API_KEY} + radarr_api_timeout: 120 + root_folder_path: /data/media/movies + search_for_movie: true + tmdb_api_key: ${TMDB_API_KEY} + expose: + - 5000 + image: thewicklowwolf/radarec:latest + labels: + homepage.group: Servarr Stack + homepage.name: RadaRec + homepage.href: https://radarec.${MY_TLD} + homepage.icon: sh-radarec.png + homepage.description: Movie discovery based on library/tastes + swag: enable + swag_proto: http + swag_port: 5000 + swag_auth: authelia + swag_url: radarec.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://radarec.${MY_TLD} + networks: + default: null + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_STORAGE}/Movies + target: /data/media/movies + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/radarec + target: /radarec/config + type: bind + bind: + create_host_path: true + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + radarr: + container_name: radarr + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: ${TZ} + hostname: Rinoa + image: lscr.io/linuxserver/radarr:latest + labels: + homepage.group: Servarr Stack + homepage.name: Radarr + homepage.href: https://radarr.${MY_TLD} + homepage.icon: radarr.png + homepage.description: Movie Automation + homepage.widget.type: radarr + homepage.widget.url: http://radarr:7878 + homepage.widget.key: ${RADARR_API_KEY} + swag: enable + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "7878" + target: 7878 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/radarr + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + reactive-resume: + container_name: reactive-resume + depends_on: + browserless: + condition: service_started + required: true + minio: + condition: service_started + required: true + reactive-resume-pg: + condition: service_started + required: true + environment: + ACCESS_TOKEN_SECRET: ${REACTIVE_RESUME_ACCESS_TOKEN_SECRET} + CHROME_PORT: 443 + CHROME_TOKEN: ${CHROMIUM_TOKEN} + CHROME_URL: wss://browse.${MY_TLD} + DATABASE_URL: postgresql://reactiveresume:${REACTIVE_RESUME_PGSQL_PASSWORD}@reactive-resume-pg:5432/reactiveresume + MAIL_FROM: noreply@trez.wtf + NODE_ENV: production + PORT: 3000 + PUBLIC_URL: https://resume.${MY_TLD} + REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET} + SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 + STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY} + STORAGE_BUCKET: reactive-resume + STORAGE_ENDPOINT: minio + STORAGE_PORT: 9000 + STORAGE_REGION: us-east-fh-pln + STORAGE_SECRET_KEY: ${REACTIVE_RESUME_S3_SECRET_KEY} + STORAGE_URL: https://s3.trez.wtf/reactive-resume + STORAGE_USE_SSL: false + TZ: ${TZ} + image: amruthpillai/reactive-resume:latest + labels: + homepage.group: Professional Services + homepage.name: Reactive Resume + homepage.href: https://resume.${MY_TLD} + homepage.icon: reactive-resume.svg + homepage.description: Open-source resume builder + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: resume.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://resume.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3011" + target: 3000 + restart: unless-stopped + reactive-resume-pg: + container_name: reactive-resume-pg + environment: + TZ: ${TZ} + POSTGRES_DB: reactiveresume + POSTGRES_USER: reactiveresume + POSTGRES_PASSWORD: ${REACTIVE_RESUME_PGSQL_PASSWORD} + expose: + - 5432 + image: postgres:16-alpine + networks: + default: null + restart: unless-stopped + volumes: + - reactive-resume-pg:/var/lib/postgresql/data + readarr: + container_name: readarr + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: America/New_York + DOCKER_MODS: ghcr.io/gilbn/theme.park:readnarr + hostname: Rinoa + image: lscr.io/linuxserver/readarr:develop + labels: + homepage.group: Servarr Stack + homepage.name: Readarr + homepage.href: https://readarr.${MY_TLD} + homepage.icon: readarr.png + homepage.description: eBook/Audiobook Automation + homepage.widget.type: readarr + homepage.widget.url: http://readarr:8787 + homepage.widget.key: ${READARR_API_KEY} + swag: enable + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8787" + target: 8787 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/readarr + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + redis: + cap_add: + - SETGID + - SETUID + - DAC_OVERRIDE + cap_drop: + - ALL + command: redis-server --save "" --appendonly "no" + container_name: redis + expose: + - 6379 + image: redis:alpine + networks: + default: null + restart: unless-stopped + tmpfs: + - /var/lib/redis + redlib: + cap_drop: + - ALL + container_name: redlib + environment: + REDLIB_SFW_ONLY: off + REDLIB_BANNER: + REDLIB_ROBOTS_DISABLE_INDEXING: off + REDLIB_PUSHSHIFT_FRONTEND: undelete.pullpush.io + REDLIB_DEFAULT_THEME: nord + REDLIB_DEFAULT_FRONT_PAGE: default + REDLIB_DEFAULT_LAYOUT: clean + REDLIB_DEFAULT_WIDE: on + REDLIB_DEFAULT_POST_SORT: hot + REDLIB_DEFAULT_COMMENT_SORT: confidence + REDLIB_DEFAULT_SHOW_NSFW: off + REDLIB_DEFAULT_BLUR_NSFW: on + REDLIB_DEFAULT_USE_HLS: off + REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION: off + REDLIB_DEFAULT_AUTOPLAY_VIDEOS: off + REDLIB_DEFAULT_SUBSCRIPTIONS: + REDLIB_DEFAULT_HIDE_AWARDS: off + REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION: off + REDLIB_DEFAULT_HIDE_SCORE: off + REDLIB_DEFAULT_FIXED_NAVBAR: on + image: quay.io/redlib/redlib:latest + labels: + homepage.group: Social + homepage.name: Redlib + homepage.href: https://rlib.${MY_TLD} + homepage.icon: libreddit.svg + homepage.description: Redlib is a private front-end like Invidious but for Reddit + swag: enable + swag_auth: authelia + swag_proto: http + swag_port: 8080 + swag_url: rlib.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://rlib.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8103" + target: 8080 + read_only: true + restart: always + security_opt: + - no-new-privileges=true + user: nobody + rocketchat: + container_name: rocketchat + depends_on: + mongodb: + condition: service_started + required: true + environment: + ADMIN_USERNAME: Trez.One + ADMIN_NAME: Charish Patel + ADMIN_PASS: ${ROCKETCHAT_ADMIN_PASSWORD} + ADMIN_EMAIL: charish.patel@trez.wtf + MONGO_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/rocketchat?replicaSet=rinoa + MONGO_OPLOG_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/local?replicaSet=rinoa + ROOT_URL: https://chat.trez.wtf + PORT: 3000 + DEPLOY_METHOD: docker + DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-} + REG_TOKEN: ${REG_TOKEN:-} + expose: + - 3000 + image: ${IMAGE:-registry.rocket.chat/rocketchat/rocket.chat}:${RELEASE:-latest} + labels: + homepage.group: Social + homepage.name: Rocket.Chat + homepage.href: https://chat.${MY_TLD} + homepage.icon: rocket-chat.svg + homepage.description: Fully customizable communications platform with high standards of data protection + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: chat.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://chat.${MY_TLD} + restart: always + sabnzbdvpn: + cap_add: + - NET_ADMIN + - SYS_MODULE + container_name: sabnzbdvpn + environment: + ENABLE_PRIVOXY: no + LAN_NETWORK: 192.168.1.0/24 + NAME_SERVERS: 192.168.1.254,1.1.1.1 + PGID: 1000 + PUID: 1000 + TZ: America/New_York + VPN_CLIENT: openvpn + VPN_ENABLED: yes + VPN_INPUT_PORTS: + VPN_OPTIONS: + VPN_OUTPUT_PORTS: + VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA + VPN_PROV: pia + VPN_USER: p3120278 + DEBUG: true + hostname: Rinoa + image: ghcr.io/binhex/arch-sabnzbdvpn:latest + labels: + homepage.group: Downloaders + homepage.name: SABnzbd + homepage.href: https://sabnzbd.${MY_TLD} + homepage.icon: sabnzbd.png + homepage.description: NZB Downloader over VPN + homepage.widget.type: sabnzbd + homepage.widget.url: http://sabnzbdvpn:8080 + homepage.widget.env: 1 + homepage.widget.key: ${SABNZBDVPN_API_KEY} + swag: enable + swag_proto: http + swag_url: sabnzbd.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://sabnzbd.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8080" + target: 8080 + - mode: ingress + protocol: tcp + published: "8090" + target: 8090 + - mode: ingress + protocol: tcp + published: "8119" + target: 8118 + privileged: true + restart: unless-stopped + sysctls: + net.ipv4.conf.all.src_valid_mark: "1" + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/sabnzbdvpn + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + scraperr: + command: + - npm + - run + - start + container_name: scraperr + expose: + - 3000 + image: jpyles0524/scraperr:latest + labels: + homepage.group: Personal Services + homepage.name: Scraperr + homepage.href: https://scrape.${MY_TLD} + homepage.icon: /icons/scraperr.png + homepage.description: Web scraper + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: scrape.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://scrape.${MY_TLD} + networks: + default: null + restart: unless-stopped + scraperr-api: + container_name: scraperr-api + environment: + LOG_LEVEL: DEBUG + OLLAMA_URL: http://ollama:11434 + OLLAMA_MODEL: phi3 + MONGODB_URI: mongodb://mongodb:27017/scrapper + SECRET_KEY: ${SCRAPERR_SECRET_KEY} + ALGORITHM: HS256 + ACCESS_TOKEN_EXPIRE_MINUTES: 600 + DOCKER_HOST: tcp://dockerproxy:2375 + expose: + - 8000 + image: jpyles0524/scraperr_api:latest + labels: + swag: enable + swag_proto: http + swag_port: 3000 + swag_server_custom_directive: "location /api/ { rewrite ^/api(/.*)$ /$1 break ; proxy_pass http://scraperr:3000; }" + networks: + default: null + restart: unless-stopped + scrutiny: + cap_add: + - SYS_RAWIO + container_name: scrutiny + devices: + - "/dev/nvme0n1:/dev/nvme0n1:rwm" + - "/dev/sda:/dev/sda:rwm" + - "/dev/sdb:/dev/sdb:rwm" + - "/dev/sdc:/dev/sdc:rwm" + - "/dev/sdd:/dev/sdd:rwm" + - "/dev/sde:/dev/sde:rwm" + - "/dev/sdf:/dev/sdf:rwm" + image: ghcr.io/analogj/scrutiny:master-omnibus + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Scrutiny + homepage.href: http://192.168.1.254:8909 + homepage.icon: scrutiny.png + homepage.description: WebUI for smartd S.M.A.R.T monitoring + homepage.widget.type: scrutiny + homepage.widget.url: http://scrutiny:8080 + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8909" + target: 8080 + - mode: ingress + protocol: tcp + published: "8910" + target: 8086 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /run/udev + target: /run/udev + type: bind + - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/config + target: /opt/scrutiny/config + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/influxdb + target: /opt/scrutiny/influxdb + type: bind + bind: + create_host_path: true + searxng: + cap_add: + - CHOWN + - SETGID + - SETUID + cap_drop: + - ALL + container_name: searxng + environment: + SEARXNG_BASE_URL: https://${SEARXNG_BASE_URL:-localhost}/ + image: searxng/searxng:latest + labels: + homepage.group: Personal Services + homepage.name: SearxNG + homepage.href: https://search.${MY_TLD} + homepage.icon: searxng.png + homepage.description: Anonymized Meta-Search Engine + swag: enable + swag_address: searxng + swag_proto: http + swag_url: search.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://search.${MY_TLD} + logging: + driver: json-file + options: + max-file: "1" + max-size: 1m + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8095" + target: 8080 + privileged: true + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/searxng + target: /etc/searxng + type: bind + bind: + create_host_path: true + slurpit-portal: + container_name: slurpit-portal + environment: + TZ: ${TZ} + PORTAL_BASE_URL: https://slurpit.trez.wtf + PORTAL_WAREHOUSE_URL: http://slurpit-warehouse + image: slurpit/portal:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Slurp'it + homepage.href: https://slurpit.${MY_TLD} + homepage.icon: /icons/slurpit.png + homepage.description: Network discovery + swag: enable + swag_port: 80 + swag_url: slurpit.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://slurpit.${MY_TLD} + ports: + - 8110:80 + - 5443:443 + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/nginx:/var/log/nginx/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/mysql:/var/log/mysql/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/php:/var/log/php/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/certs:/etc/nginx/certs/ + - ${DOCKER_VOLUME_CONFIG}/slurpit/db/portal:/var/lib/mysql + - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/portal:/backup/files + slurpit-scanner: + container_name: slurpit-scanner + depends_on: + slurpit-warehouse: + condition: service_healthy + environment: + TZ: ${TZ} + SCANNER_POOLSIZE: 4 + SCANNER_TIMEOUT: 10 + SCANNER_WAREHOUSE_URL: http://slurpit-warehouse + image: slurpit/scanner:latest + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scanner:/logs + slurpit-scraper: + container_name: slurpit-scraper + depends_on: + slurpit-warehouse: + condition: service_healthy + image: slurpit/scraper:latest + environment: + TZ: ${TZ} + SCRAPER_TIMEOUT: 20 + SCRAPER_POOLSIZE: 4 + SCRAPER_WAREHOUSE_URL: http://slurpit-warehouse + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scraper:/logs + slurpit-warehouse: + container_name: slurpit-warehouse + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/services"] + interval: 10s + timeout: 10s + retries: 360 + image: slurpit/warehouse:latest + environment: + TZ: ${TZ} + WAREHOUSE_CALLBACK_SCANNER_URL: http://slurpit-portal/callback/scanner + WAREHOUSE_CALLBACK_SCANNER_TOKEN: + WAREHOUSE_CALLBACK_SCRAPER_URL: http://slurpit-portal/callback/scraper + WAREHOUSE_CALLBACK_SCRAPER_TOKEN: + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/warehouse:/backup/files + - ${DOCKER_VOLUME_CONFIG}/slurpit/db/warehouse:/var/lib/mongodb + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse/mongodb:/var/log/mongodb + - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse:/logs + sonarqube: + container_name: sonarqube + depends_on: + sonarqube-pg-db: + condition: service_healthy + environment: + SONAR_JDBC_URL: jdbc:postgresql://sonarqube-pg-db:5432/sonar + SONAR_JDBC_USERNAME: sonar + SONAR_JDBC_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} + SONAR_SECURITY_REALM: LDAP + LDAP_URL: ldap://lldap:3890 + LDAP_BINDDN: cn=sonarqube,ou=people,dc=trez,dc=wtf + LDAP_BINDPASSWORD: ${SONARQUBE_LDAP_BIND_PASSWORD} + LDAP_AUTHENTICATION: simple + LDAP_USER_BASEDN: ou=people,dc=trez,dc=wtf + LDAP_USER_REQUEST: (&(objectClass=inetOrgPerson)(uid={login})(memberof=cn=sonarqube_users,ou=groups,dc=example,dc=com)) + LDAP_USER_REALNAMEATTRIBUTE: cn + LDAP_USER_EMAILATTRIBUTE: mail + hostname: sonarqube + image: mc1arke/sonarqube-with-community-branch-plugin:lts + labels: + homepage.group: Code/DevOps + homepage.name: Sonarqube + homepage.href: https://sqube.trez.wtf + homepage.icon: sonarqube.svg + homepage.description: Code/DevOps quality/security + swag: enable + swag_proto: http + swag_port: 9000 + swag_url: sqube.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://sqube.${MY_TLD} + volumes: + - sonarqube-data:/opt/sonarqube/data + - sonarqube-extensions:/opt/sonarqube/extensions + - sonarqube-logs:/opt/sonarqube/logs + - sonarqube-temp:/opt/sonarqube/temp + ports: + - 9003:9000 + read_only: true + restart: unless-stopped + sonarqube-pg-db: + container_name: sonarqube-pg-db + environment: + POSTGRES_USER: sonar + POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} + POSTGRES_DB: sonar + healthcheck: + test: ["CMD-SHELL", "pg_isready"] + interval: 10s + timeout: 5s + retries: 5 + image: postgres:17-alpine + restart: unless-stopped + volumes: + - sonarqube-db:/var/lib/postgresql + - sonarqube-db-data:/var/lib/postgresql/data + sonarr: + container_name: sonarr + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: ${TZ} + DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr + hostname: Rinoa + image: lscr.io/linuxserver/sonarr:latest + labels: + homepage.group: Servarr Stack + homepage.name: Sonarr + homepage.href: https://sonarr.${MY_TLD} + homepage.icon: sonarr.png + homepage.description: TV Show Automation + homepage.widget.type: sonarr + homepage.widget.url: http://sonarr:8989 + homepage.widget.key: ${SONARR_API_KEY} + swag: enable + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8989" + target: 8989 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/sonarr + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + sonashow: + container_name: sonashow + environment: + auto_start: true + auto_start_delay: 60 + dry_run_adding_to_sonarr: false + fallback_to_top_result: false + language_choice: all + metadata_profile_id: 1 + minimum_rating: 4.5 + minimum_votes: 50 + quality_profile_id: 1 + radarr_address: http://sonarr:8989 + radarr_api_key: ${SONARR_API_KEY} + root_folder_path: /data/media/shows + search_for_missing_episodes: true + sonarr_api_timeout: 120 + tmdb_api_key: ${TMDB_API_KEY} + expose: + - 5000 + image: thewicklowwolf/sonashow:latest + labels: + homepage.group: Servarr Stack + homepage.name: Sonashow + homepage.href: https://sonashow.${MY_TLD} + homepage.icon: sh-sonashow.png + homepage.description: TV show discovery based on library/tastes + swag: enable + swag_auth: authelia + swag_proto: http + swag_port: 5000 + swag_url: sonashow.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://sonashow.${MY_TLD} + networks: + default: null + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_STORAGE}/TV_Shows + target: /data/media/shows + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/sonashow + target: /sonashow/config + type: bind + bind: + create_host_path: true + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + soularr: + container_name: soularr + depends_on: + - lidarr + - soulseek + environment: + PUID: ${PUID} + PGID: ${PGID} + TZ: ${TZ} + #Script interval in seconds + SCRIPT_INTERVAL: 300 + image: mrusse08/soularr:latest + restart: unless-stopped + volumes: + #"You can set /downloads to whatever you want but will then need to change the Slskd download dir in your config file" + - ${DOCKER_VOLUME_STORAGE}/downloads:/downloads + #Select where you are storing your config file. Leave "/data" since thats where the script expects the config file to be + - ${DOCKER_VOLUME_CONFIG}/soularr:/data + soulseek: + container_name: soulseek + depends_on: + gluetun: + condition: service_started + required: true + restart: true + environment: + SLSKD_PASSWORD: ${SLSKD_PASSWORD} + SLSKD_REMOTE_CONFIGURATION: true + SLSKD_SHARED_DIR: /music + SLSKD_USERNAME: slsk + image: slskd/slskd + labels: + homepage.name: Soulseek + homepage.group: Downloaders + homepage.description: Modern client-server application for the Soulseek file-sharing network. + homepage.href: https://slsk.${MY_TLD} + homepage.icon: slskd.svg + swag: enable + swag_proto: http + swag_url: slsk.${MY_TLD} + swag_address: gluetun + swag_port: 5030 + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://slsk.${MY_TLD} + network_mode: service:gluetun + restart: always + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/soulseek + target: /app + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music + target: /music + type: bind + bind: + create_host_path: true + sourcebot: + container_name: sourcebot + environment: + CONFIG_PATH: /data/config.json + image: ghcr.io/sourcebot-dev/sourcebot:latest + labels: + homepage.name: Sourcebot + homepage.group: Code/DevOps + homepage.description: Self-hosted internet performance tracking + homepage.href: https://source.${MY_TLD} + homepage.icon: /icons/sourcebot.png + swag: enable + swag_proto: http + swag_port: 3000 + swag_url: source.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://source.${MY_TLD} + ports: + - 45251:3000 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/sourcebot:/data + speedtest-tracker: + container_name: speedtest-tracker + image: lscr.io/linuxserver/speedtest-tracker:latest + environment: + PUID: ${PUID} + PGID: ${PGID} + APP_KEY: ${SPEEDTEST_TRACKER_APP_KEY} + DB_CONNECTION: sqlite + SPEEDTEST_SCHEDULE: 15 */3 * * * + labels: + homepage.name: Speedtest Tracker + homepage.group: System Administration + homepage.description: Self-hosted internet performance tracking + homepage.href: https://speed.${MY_TLD} + homepage.icon: speedtest-tracker.png + swag: enable + swag_proto: http + swag_url: speed.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://slsk.${MY_TLD} + ports: + - 47512:80 + - 62777:443 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/speedtest-tracker:/config + spotisub: + container_name: spotisub + environment: + SPOTIPY_CLIENT_ID: ${YOUR_SPOTIFY_ID} + SPOTIPY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET} + SPOTIPY_REDIRECT_URI: http://127.0.0.1:8080/ + SUBSONIC_API_HOST: http://navidrome + SUBSONIC_API_PORT: 4533 + SUBSONIC_API_USER: ${NAVIDROME_USERNAME} + SUBSONIC_API_PASS: ${NAVIDROME_PASSWORD} + healthcheck: + test: curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!' || exit 1 + interval: 30s + retries: 20 + start_period: 30s + image: blastbeng/spotisub:latest + ports: + - 5183:5183 + restart: always + volumes: + - ${DOCKER_VOLUME_CONFIG}/spotisub:/home/user/spotisub/cache + swag: + cap_add: + - NET_ADMIN + container_name: swag + environment: + DNSPLUGIN: cloudflare + EMAIL: charish.patel@trez.wtf + EXTRA_DOMAINS: + ONLY_SUBDOMAINS: false + PGID: 1000 + PUID: 1000 + SUBDOMAINS: etherpad,ha,www + TZ: America/New_York + URL: trez.wtf + VALIDATION: dns + CROWDSEC_API_KEY: ${CROWDSEC_API_KEY} + CROWDSEC_LAPI_URL: http://crowdsec:8080 + DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma + PROPAGATION: 30 + UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD} + UPTIME_KUMA_URL: http://uptimekuma:3001 + UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME} + hostname: Rinoa + image: lscr.io/linuxserver/swag:latest + labels: + swag: enable + swag_proto: http + swag_port: 81 + swag_url: swag.${MY_TLD} + swag_auth: authelia + komodo.skip: a + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://swag.${MY_TLD} + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: SWAG Dashboard + homepage.href: https://swag.${MY_TLD} + homepage.icon: linuxserver-io.png + homepage.description: SWAG Dashboard for proxies + homepage.widget.type: swagdashboard + homepage.widget.url: http://swag:81 + networks: + - default + - nextcloud-aio + ports: + - mode: ingress + protocol: tcp + published: "443" + target: 443 + - mode: ingress + protocol: tcp + published: "80" + target: 80 + - mode: ingress + protocol: tcp + published: "81" + target: 81 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/swag + target: /config + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + - bind: + create_host_path: true + read_only: true + source: /var/run/docker.sock + target: /var/run/docker.sock + type: bind + tandoor: + container_name: tandoor-recipes + depends_on: + tandoor-pg: + condition: service_started + required: true + environment: + DB_ENGINE: django.db.backends.postgresql + GID: 1000 + POSTGRES_DB: tandoor + POSTGRES_HOST: tandoor-pg + POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} + POSTGRES_USER: tandoor + SECRET_KEY: ${TANDOOR_SECRET_KEY} + TZ: ${TZ} + UID: 1000 + image: vabene1111/recipes + labels: + homepage.group: Lifestyle + homepage.name: Tandoor Recipes + homepage.href: https://recipes.${MY_TLD} + homepage.icon: tandoor-recipes.svg + homepage.description: Recipes, cookbooks, meal-planning, & grocery lists + homepage.widget.type: tandoor + homepage.widget.url: http://tandoor-recipes:8080 + homepage.widget.key: ${TANDOOR_API_TOKEN} + swag: enable + swag_proto: http + swag_url: recipes.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://trac.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8106" + target: 8080 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/tandoor/static + target: /opt/recipes/staticfiles + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/tandoor/media + target: /opt/recipes/mediafiles + type: bind + bind: + create_host_path: true + tandoor-pg: + container_name: tandoor-pg + environment: + POSTGRES_DB: tandoor + POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} + POSTGRES_USER: tandoor + expose: + - 5432 + image: postgres:16-alpine + networks: + default: null + restart: always + volumes: + - source: tandoor-pg + target: /var/lib/postgresql/data + type: volume + volume: {} + traccar: + container_name: traccar + image: traccar/traccar:latest + labels: + homepage.group: Personal Services + homepage.name: Traccar + homepage.href: https://trac.${MY_TLD} + homepage.icon: traccar.svg + homepage.description: Open-source GPS tracking system + swag: enable + swag_proto: http + swag_port: 8082 + swag_url: trac.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://trac.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: udp + published: "6000" + target: 5000 + - mode: ingress + protocol: udp + published: "6001" + target: 5001 + - mode: ingress + protocol: udp + published: "6002" + target: 5002 + - mode: ingress + protocol: udp + published: "6003" + target: 5003 + - mode: ingress + protocol: udp + published: "6004" + target: 5004 + - mode: ingress + protocol: udp + published: "6005" + target: 5005 + - mode: ingress + protocol: udp + published: "6006" + target: 5006 + - mode: ingress + protocol: udp + published: "6007" + target: 5007 + - mode: ingress + protocol: udp + published: "6008" + target: 5008 + - mode: ingress + protocol: udp + published: "6009" + target: 5009 + - mode: ingress + protocol: udp + published: "6010" + target: 5010 + - mode: ingress + protocol: udp + published: "6011" + target: 5011 + - mode: ingress + protocol: udp + published: "6012" + target: 5012 + - mode: ingress + protocol: udp + published: "6013" + target: 5013 + - mode: ingress + protocol: udp + published: "6014" + target: 5014 + - mode: ingress + protocol: udp + published: "6015" + target: 5015 + - mode: ingress + protocol: udp + published: "6016" + target: 5016 + - mode: ingress + protocol: udp + published: "6017" + target: 5017 + - mode: ingress + protocol: udp + published: "6018" + target: 5018 + - mode: ingress + protocol: udp + published: "6019" + target: 5019 + - mode: ingress + protocol: udp + published: "6020" + target: 5020 + - mode: ingress + protocol: udp + published: "6021" + target: 5021 + - mode: ingress + protocol: udp + published: "6022" + target: 5022 + - mode: ingress + protocol: udp + published: "6023" + target: 5023 + - mode: ingress + protocol: udp + published: "6024" + target: 5024 + - mode: ingress + protocol: udp + published: "6025" + target: 5025 + - mode: ingress + protocol: udp + published: "6026" + target: 5026 + - mode: ingress + protocol: udp + published: "6027" + target: 5027 + - mode: ingress + protocol: udp + published: "6028" + target: 5028 + - mode: ingress + protocol: udp + published: "6029" + target: 5029 + - mode: ingress + protocol: udp + published: "6030" + target: 5030 + - mode: ingress + protocol: udp + published: "6031" + target: 5031 + - mode: ingress + protocol: udp + published: "6032" + target: 5032 + - mode: ingress + protocol: udp + published: "6033" + target: 5033 + - mode: ingress + protocol: udp + published: "6034" + target: 5034 + - mode: ingress + protocol: udp + published: "6035" + target: 5035 + - mode: ingress + protocol: udp + published: "6036" + target: 5036 + - mode: ingress + protocol: udp + published: "6037" + target: 5037 + - mode: ingress + protocol: udp + published: "6038" + target: 5038 + - mode: ingress + protocol: udp + published: "6039" + target: 5039 + - mode: ingress + protocol: udp + published: "6040" + target: 5040 + - mode: ingress + protocol: udp + published: "6041" + target: 5041 + - mode: ingress + protocol: udp + published: "6042" + target: 5042 + - mode: ingress + protocol: udp + published: "6043" + target: 5043 + - mode: ingress + protocol: udp + published: "6044" + target: 5044 + - mode: ingress + protocol: udp + published: "6045" + target: 5045 + - mode: ingress + protocol: udp + published: "6046" + target: 5046 + - mode: ingress + protocol: udp + published: "6047" + target: 5047 + - mode: ingress + protocol: udp + published: "6048" + target: 5048 + - mode: ingress + protocol: udp + published: "6049" + target: 5049 + - mode: ingress + protocol: udp + published: "6050" + target: 5050 + - mode: ingress + protocol: udp + published: "6051" + target: 5051 + - mode: ingress + protocol: udp + published: "6052" + target: 5052 + - mode: ingress + protocol: udp + published: "6053" + target: 5053 + - mode: ingress + protocol: udp + published: "6054" + target: 5054 + - mode: ingress + protocol: udp + published: "6055" + target: 5055 + - mode: ingress + protocol: udp + published: "6056" + target: 5056 + - mode: ingress + protocol: udp + published: "6057" + target: 5057 + - mode: ingress + protocol: udp + published: "6058" + target: 5058 + - mode: ingress + protocol: udp + published: "6059" + target: 5059 + - mode: ingress + protocol: udp + published: "6060" + target: 5060 + - mode: ingress + protocol: udp + published: "6061" + target: 5061 + - mode: ingress + protocol: udp + published: "6062" + target: 5062 + - mode: ingress + protocol: udp + published: "6063" + target: 5063 + - mode: ingress + protocol: udp + published: "6064" + target: 5064 + - mode: ingress + protocol: udp + published: "6065" + target: 5065 + - mode: ingress + protocol: udp + published: "6066" + target: 5066 + - mode: ingress + protocol: udp + published: "6067" + target: 5067 + - mode: ingress + protocol: udp + published: "6068" + target: 5068 + - mode: ingress + protocol: udp + published: "6069" + target: 5069 + - mode: ingress + protocol: udp + published: "6070" + target: 5070 + - mode: ingress + protocol: udp + published: "6071" + target: 5071 + - mode: ingress + protocol: udp + published: "6072" + target: 5072 + - mode: ingress + protocol: udp + published: "6073" + target: 5073 + - mode: ingress + protocol: udp + published: "6074" + target: 5074 + - mode: ingress + protocol: udp + published: "6075" + target: 5075 + - mode: ingress + protocol: udp + published: "6076" + target: 5076 + - mode: ingress + protocol: udp + published: "6077" + target: 5077 + - mode: ingress + protocol: udp + published: "6078" + target: 5078 + - mode: ingress + protocol: udp + published: "6079" + target: 5079 + - mode: ingress + protocol: udp + published: "6080" + target: 5080 + - mode: ingress + protocol: udp + published: "6081" + target: 5081 + - mode: ingress + protocol: udp + published: "6082" + target: 5082 + - mode: ingress + protocol: udp + published: "6083" + target: 5083 + - mode: ingress + protocol: udp + published: "6084" + target: 5084 + - mode: ingress + protocol: udp + published: "6085" + target: 5085 + - mode: ingress + protocol: udp + published: "6086" + target: 5086 + - mode: ingress + protocol: udp + published: "6087" + target: 5087 + - mode: ingress + protocol: udp + published: "6088" + target: 5088 + - mode: ingress + protocol: udp + published: "6089" + target: 5089 + - mode: ingress + protocol: udp + published: "6090" + target: 5090 + - mode: ingress + protocol: udp + published: "6091" + target: 5091 + - mode: ingress + protocol: udp + published: "6092" + target: 5092 + - mode: ingress + protocol: udp + published: "6093" + target: 5093 + - mode: ingress + protocol: udp + published: "6094" + target: 5094 + - mode: ingress + protocol: udp + published: "6095" + target: 5095 + - mode: ingress + protocol: udp + published: "6096" + target: 5096 + - mode: ingress + protocol: udp + published: "6097" + target: 5097 + - mode: ingress + protocol: udp + published: "6098" + target: 5098 + - mode: ingress + protocol: udp + published: "6099" + target: 5099 + - mode: ingress + protocol: udp + published: "6100" + target: 5100 + - mode: ingress + protocol: udp + published: "6101" + target: 5101 + - mode: ingress + protocol: udp + published: "6102" + target: 5102 + - mode: ingress + protocol: udp + published: "6103" + target: 5103 + - mode: ingress + protocol: udp + published: "6104" + target: 5104 + - mode: ingress + protocol: udp + published: "6105" + target: 5105 + - mode: ingress + protocol: udp + published: "6106" + target: 5106 + - mode: ingress + protocol: udp + published: "6107" + target: 5107 + - mode: ingress + protocol: udp + published: "6108" + target: 5108 + - mode: ingress + protocol: udp + published: "6109" + target: 5109 + - mode: ingress + protocol: udp + published: "6110" + target: 5110 + - mode: ingress + protocol: udp + published: "6111" + target: 5111 + - mode: ingress + protocol: udp + published: "6112" + target: 5112 + - mode: ingress + protocol: udp + published: "6113" + target: 5113 + - mode: ingress + protocol: udp + published: "6114" + target: 5114 + - mode: ingress + protocol: udp + published: "6115" + target: 5115 + - mode: ingress + protocol: udp + published: "6116" + target: 5116 + - mode: ingress + protocol: udp + published: "6117" + target: 5117 + - mode: ingress + protocol: udp + published: "6118" + target: 5118 + - mode: ingress + protocol: udp + published: "6119" + target: 5119 + - mode: ingress + protocol: udp + published: "6120" + target: 5120 + - mode: ingress + protocol: udp + published: "6121" + target: 5121 + - mode: ingress + protocol: udp + published: "6122" + target: 5122 + - mode: ingress + protocol: udp + published: "6123" + target: 5123 + - mode: ingress + protocol: udp + published: "6124" + target: 5124 + - mode: ingress + protocol: udp + published: "6125" + target: 5125 + - mode: ingress + protocol: udp + published: "6126" + target: 5126 + - mode: ingress + protocol: udp + published: "6127" + target: 5127 + - mode: ingress + protocol: udp + published: "6128" + target: 5128 + - mode: ingress + protocol: udp + published: "6129" + target: 5129 + - mode: ingress + protocol: udp + published: "6130" + target: 5130 + - mode: ingress + protocol: udp + published: "6131" + target: 5131 + - mode: ingress + protocol: udp + published: "6132" + target: 5132 + - mode: ingress + protocol: udp + published: "6133" + target: 5133 + - mode: ingress + protocol: udp + published: "6134" + target: 5134 + - mode: ingress + protocol: udp + published: "6135" + target: 5135 + - mode: ingress + protocol: udp + published: "6136" + target: 5136 + - mode: ingress + protocol: udp + published: "6137" + target: 5137 + - mode: ingress + protocol: udp + published: "6138" + target: 5138 + - mode: ingress + protocol: udp + published: "6139" + target: 5139 + - mode: ingress + protocol: udp + published: "6140" + target: 5140 + - mode: ingress + protocol: udp + published: "6141" + target: 5141 + - mode: ingress + protocol: udp + published: "6142" + target: 5142 + - mode: ingress + protocol: udp + published: "6143" + target: 5143 + - mode: ingress + protocol: udp + published: "6144" + target: 5144 + - mode: ingress + protocol: udp + published: "6145" + target: 5145 + - mode: ingress + protocol: udp + published: "6146" + target: 5146 + - mode: ingress + protocol: udp + published: "6147" + target: 5147 + - mode: ingress + protocol: udp + published: "6148" + target: 5148 + - mode: ingress + protocol: udp + published: "6149" + target: 5149 + - mode: ingress + protocol: udp + published: "6150" + target: 5150 + - mode: ingress + protocol: tcp + published: "6000" + target: 5000 + - mode: ingress + protocol: tcp + published: "6001" + target: 5001 + - mode: ingress + protocol: tcp + published: "6002" + target: 5002 + - mode: ingress + protocol: tcp + published: "6003" + target: 5003 + - mode: ingress + protocol: tcp + published: "6004" + target: 5004 + - mode: ingress + protocol: tcp + published: "6005" + target: 5005 + - mode: ingress + protocol: tcp + published: "6006" + target: 5006 + - mode: ingress + protocol: tcp + published: "6007" + target: 5007 + - mode: ingress + protocol: tcp + published: "6008" + target: 5008 + - mode: ingress + protocol: tcp + published: "6009" + target: 5009 + - mode: ingress + protocol: tcp + published: "6010" + target: 5010 + - mode: ingress + protocol: tcp + published: "6011" + target: 5011 + - mode: ingress + protocol: tcp + published: "6012" + target: 5012 + - mode: ingress + protocol: tcp + published: "6013" + target: 5013 + - mode: ingress + protocol: tcp + published: "6014" + target: 5014 + - mode: ingress + protocol: tcp + published: "6015" + target: 5015 + - mode: ingress + protocol: tcp + published: "6016" + target: 5016 + - mode: ingress + protocol: tcp + published: "6017" + target: 5017 + - mode: ingress + protocol: tcp + published: "6018" + target: 5018 + - mode: ingress + protocol: tcp + published: "6019" + target: 5019 + - mode: ingress + protocol: tcp + published: "6020" + target: 5020 + - mode: ingress + protocol: tcp + published: "6021" + target: 5021 + - mode: ingress + protocol: tcp + published: "6022" + target: 5022 + - mode: ingress + protocol: tcp + published: "6023" + target: 5023 + - mode: ingress + protocol: tcp + published: "6024" + target: 5024 + - mode: ingress + protocol: tcp + published: "6025" + target: 5025 + - mode: ingress + protocol: tcp + published: "6026" + target: 5026 + - mode: ingress + protocol: tcp + published: "6027" + target: 5027 + - mode: ingress + protocol: tcp + published: "6028" + target: 5028 + - mode: ingress + protocol: tcp + published: "6029" + target: 5029 + - mode: ingress + protocol: tcp + published: "6030" + target: 5030 + - mode: ingress + protocol: tcp + published: "6031" + target: 5031 + - mode: ingress + protocol: tcp + published: "6032" + target: 5032 + - mode: ingress + protocol: tcp + published: "6033" + target: 5033 + - mode: ingress + protocol: tcp + published: "6034" + target: 5034 + - mode: ingress + protocol: tcp + published: "6035" + target: 5035 + - mode: ingress + protocol: tcp + published: "6036" + target: 5036 + - mode: ingress + protocol: tcp + published: "6037" + target: 5037 + - mode: ingress + protocol: tcp + published: "6038" + target: 5038 + - mode: ingress + protocol: tcp + published: "6039" + target: 5039 + - mode: ingress + protocol: tcp + published: "6040" + target: 5040 + - mode: ingress + protocol: tcp + published: "6041" + target: 5041 + - mode: ingress + protocol: tcp + published: "6042" + target: 5042 + - mode: ingress + protocol: tcp + published: "6043" + target: 5043 + - mode: ingress + protocol: tcp + published: "6044" + target: 5044 + - mode: ingress + protocol: tcp + published: "6045" + target: 5045 + - mode: ingress + protocol: tcp + published: "6046" + target: 5046 + - mode: ingress + protocol: tcp + published: "6047" + target: 5047 + - mode: ingress + protocol: tcp + published: "6048" + target: 5048 + - mode: ingress + protocol: tcp + published: "6049" + target: 5049 + - mode: ingress + protocol: tcp + published: "6050" + target: 5050 + - mode: ingress + protocol: tcp + published: "6051" + target: 5051 + - mode: ingress + protocol: tcp + published: "6052" + target: 5052 + - mode: ingress + protocol: tcp + published: "6053" + target: 5053 + - mode: ingress + protocol: tcp + published: "6054" + target: 5054 + - mode: ingress + protocol: tcp + published: "6055" + target: 5055 + - mode: ingress + protocol: tcp + published: "6056" + target: 5056 + - mode: ingress + protocol: tcp + published: "6057" + target: 5057 + - mode: ingress + protocol: tcp + published: "6058" + target: 5058 + - mode: ingress + protocol: tcp + published: "6059" + target: 5059 + - mode: ingress + protocol: tcp + published: "6060" + target: 5060 + - mode: ingress + protocol: tcp + published: "6061" + target: 5061 + - mode: ingress + protocol: tcp + published: "6062" + target: 5062 + - mode: ingress + protocol: tcp + published: "6063" + target: 5063 + - mode: ingress + protocol: tcp + published: "6064" + target: 5064 + - mode: ingress + protocol: tcp + published: "6065" + target: 5065 + - mode: ingress + protocol: tcp + published: "6066" + target: 5066 + - mode: ingress + protocol: tcp + published: "6067" + target: 5067 + - mode: ingress + protocol: tcp + published: "6068" + target: 5068 + - mode: ingress + protocol: tcp + published: "6069" + target: 5069 + - mode: ingress + protocol: tcp + published: "6070" + target: 5070 + - mode: ingress + protocol: tcp + published: "6071" + target: 5071 + - mode: ingress + protocol: tcp + published: "6072" + target: 5072 + - mode: ingress + protocol: tcp + published: "6073" + target: 5073 + - mode: ingress + protocol: tcp + published: "6074" + target: 5074 + - mode: ingress + protocol: tcp + published: "6075" + target: 5075 + - mode: ingress + protocol: tcp + published: "6076" + target: 5076 + - mode: ingress + protocol: tcp + published: "6077" + target: 5077 + - mode: ingress + protocol: tcp + published: "6078" + target: 5078 + - mode: ingress + protocol: tcp + published: "6079" + target: 5079 + - mode: ingress + protocol: tcp + published: "6080" + target: 5080 + - mode: ingress + protocol: tcp + published: "6081" + target: 5081 + - mode: ingress + protocol: tcp + published: "6082" + target: 5082 + - mode: ingress + protocol: tcp + published: "6083" + target: 5083 + - mode: ingress + protocol: tcp + published: "6084" + target: 5084 + - mode: ingress + protocol: tcp + published: "6085" + target: 5085 + - mode: ingress + protocol: tcp + published: "6086" + target: 5086 + - mode: ingress + protocol: tcp + published: "6087" + target: 5087 + - mode: ingress + protocol: tcp + published: "6088" + target: 5088 + - mode: ingress + protocol: tcp + published: "6089" + target: 5089 + - mode: ingress + protocol: tcp + published: "6090" + target: 5090 + - mode: ingress + protocol: tcp + published: "6091" + target: 5091 + - mode: ingress + protocol: tcp + published: "6092" + target: 5092 + - mode: ingress + protocol: tcp + published: "6093" + target: 5093 + - mode: ingress + protocol: tcp + published: "6094" + target: 5094 + - mode: ingress + protocol: tcp + published: "6095" + target: 5095 + - mode: ingress + protocol: tcp + published: "6096" + target: 5096 + - mode: ingress + protocol: tcp + published: "6097" + target: 5097 + - mode: ingress + protocol: tcp + published: "6098" + target: 5098 + - mode: ingress + protocol: tcp + published: "6099" + target: 5099 + - mode: ingress + protocol: tcp + published: "6100" + target: 5100 + - mode: ingress + protocol: tcp + published: "6101" + target: 5101 + - mode: ingress + protocol: tcp + published: "6102" + target: 5102 + - mode: ingress + protocol: tcp + published: "6103" + target: 5103 + - mode: ingress + protocol: tcp + published: "6104" + target: 5104 + - mode: ingress + protocol: tcp + published: "6105" + target: 5105 + - mode: ingress + protocol: tcp + published: "6106" + target: 5106 + - mode: ingress + protocol: tcp + published: "6107" + target: 5107 + - mode: ingress + protocol: tcp + published: "6108" + target: 5108 + - mode: ingress + protocol: tcp + published: "6109" + target: 5109 + - mode: ingress + protocol: tcp + published: "6110" + target: 5110 + - mode: ingress + protocol: tcp + published: "6111" + target: 5111 + - mode: ingress + protocol: tcp + published: "6112" + target: 5112 + - mode: ingress + protocol: tcp + published: "6113" + target: 5113 + - mode: ingress + protocol: tcp + published: "6114" + target: 5114 + - mode: ingress + protocol: tcp + published: "6115" + target: 5115 + - mode: ingress + protocol: tcp + published: "6116" + target: 5116 + - mode: ingress + protocol: tcp + published: "6117" + target: 5117 + - mode: ingress + protocol: tcp + published: "6118" + target: 5118 + - mode: ingress + protocol: tcp + published: "6119" + target: 5119 + - mode: ingress + protocol: tcp + published: "6120" + target: 5120 + - mode: ingress + protocol: tcp + published: "6121" + target: 5121 + - mode: ingress + protocol: tcp + published: "6122" + target: 5122 + - mode: ingress + protocol: tcp + published: "6123" + target: 5123 + - mode: ingress + protocol: tcp + published: "6124" + target: 5124 + - mode: ingress + protocol: tcp + published: "6125" + target: 5125 + - mode: ingress + protocol: tcp + published: "6126" + target: 5126 + - mode: ingress + protocol: tcp + published: "6127" + target: 5127 + - mode: ingress + protocol: tcp + published: "6128" + target: 5128 + - mode: ingress + protocol: tcp + published: "6129" + target: 5129 + - mode: ingress + protocol: tcp + published: "6130" + target: 5130 + - mode: ingress + protocol: tcp + published: "6131" + target: 5131 + - mode: ingress + protocol: tcp + published: "6132" + target: 5132 + - mode: ingress + protocol: tcp + published: "6133" + target: 5133 + - mode: ingress + protocol: tcp + published: "6134" + target: 5134 + - mode: ingress + protocol: tcp + published: "6135" + target: 5135 + - mode: ingress + protocol: tcp + published: "6136" + target: 5136 + - mode: ingress + protocol: tcp + published: "6137" + target: 5137 + - mode: ingress + protocol: tcp + published: "6138" + target: 5138 + - mode: ingress + protocol: tcp + published: "6139" + target: 5139 + - mode: ingress + protocol: tcp + published: "6140" + target: 5140 + - mode: ingress + protocol: tcp + published: "6141" + target: 5141 + - mode: ingress + protocol: tcp + published: "6142" + target: 5142 + - mode: ingress + protocol: tcp + published: "6143" + target: 5143 + - mode: ingress + protocol: tcp + published: "6144" + target: 5144 + - mode: ingress + protocol: tcp + published: "6145" + target: 5145 + - mode: ingress + protocol: tcp + published: "6146" + target: 5146 + - mode: ingress + protocol: tcp + published: "6147" + target: 5147 + - mode: ingress + protocol: tcp + published: "6148" + target: 5148 + - mode: ingress + protocol: tcp + published: "6149" + target: 5149 + - mode: ingress + protocol: tcp + published: "6150" + target: 5150 + - mode: ingress + protocol: tcp + published: "8082" + target: 8082 + restart: unless-stopped + volumes: + - read_only: true + source: ${DOCKER_VOLUME_CONFIG}/traccar/traccar.xml + target: /opt/traccar/conf/traccar.xml + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/traccar/logs + target: /opt/traccar/logs + type: bind + bind: + create_host_path: true + traccar-pg: + container_name: traccar-pg + environment: + POSTGRES_PASSWORD: ${TRACCAR_POSTGRES_PASSWORD} + POSTGRES_USER: ${TRACCAR_POSTGRES_USER} + POSTGRES_DB: ${TRACCAR_POSTGRES_DATABASE} + expose: + - 5432 + image: postgres:16-alpine + networks: + default: null + restart: unless-stopped + volumes: + - traccar-pg:/var/lib/postgresql/data + unmanic: + container_name: unmanic + environment: + DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:universal-stdout-logs + PUID: ${PUID} + PGID: ${PGID} + LOGS_TO_STDOUT: /config/.unmanic/logs/unmanic.log + image: josh5/unmanic:latest + labels: + homepage.group: Media Library + homepage.name: Unmanic + homepage.href: https://unmanic.${MY_TLD} + homepage.icon: unmanic.png + homepage.description: Library Optimizer + homepage.widget.type: unmanic + homepage.widget.url: http://unmanic:8888 + swag: enable + swag_port: 8888 + swag_url: unmanic.${MY_TLD} + swag_proto: http + swag.uptime-kuma.enabled: true + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8911" + target: 8888 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/unmanic + target: /config + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_STORAGE} + target: /library + type: bind + bind: + create_host_path: true + - source: unmanic-cache + target: /tmp/unmanic + type: volume + volume: {} + uptimekuma: + container_name: uptimekuma + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: America/New_York + UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME} + UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD} + DOCKER_HOST: http://dockerproxy:2375 + DOCKER_MODS: ghcr.io/themepark-dev/theme.park:uptime-kuma + hostname: Rinoa + image: louislam/uptime-kuma:latest + labels: + homepage.group: Infrastructure/App Performance Monitoring + homepage.name: Uptime Kuma + homepage.href: https://uptime.${MY_TLD} + homepage.icon: uptime-kuma.png + homepage.description: HTTP Endpoint Monitoring + swag: enable + swag_proto: http + swag_url: uptime.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3003" + target: 3001 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/uptimekuma + target: /app/data + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + vault: + cap_add: + - IPC_LOCK + command: + - server + container_name: hc-vault + environment: + AWS_ACCESS_KEY_ID: ${VAULT_HASHICORP_AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY} + image: hashicorp/vault:latest + labels: + homepage.group: Code/DevOps + homepage.name: Vault + homepage.icon: vault.png + homepage.href: https://vault.${MY_TLD} + homepage.description: Hashicorp Vault for secrets, key/value stores, etc. + swag: enable + swag_proto: http + swag_port: 8200 + swag_url: vault.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://vault.${MY_TLD} + ports: + - 8200:8200 + - 8250:8250 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config + - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs + wallabag: + container_name: wallabag + depends_on: + mariadb: + condition: service_started + required: true + restart: true + redis: + condition: service_started + required: true + environment: + SYMFONY__ENV__DATABASE_DRIVER: pdo_mysql + SYMFONY__ENV__DATABASE_HOST: mariadb + SYMFONY__ENV__DATABASE_PORT: 3306 + SYMFONY__ENV__DATABASE_NAME: ${WALLABAG_DB} + SYMFONY__ENV__DATABASE_USER: ${WALLABAG_DB} + SYMFONY__ENV__DATABASE_PASSWORD: ${WALLABAG_DB_PASSWORD} + SYMFONY__ENV__DATABASE_CHARSET: utf8 + SYMFONY__ENV__DATABASE_TABLE_PREFIX: "wallabag_" + SYMFONY__ENV__MAILER_DSN: smtp://postal-smtp + SYMFONY__ENV__FROM_EMAIL: noreply@trez.wtf + SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${MY_TLD} + SYMFONY__ENV__SERVER_NAME: "Wallabag @ Rinoa" + SYMFONY__ENV__REDIS_HOST: redis + SYMFONY__ENV__REDIS_PORT: 6379 + healthcheck: + interval: 1m + test: + - CMD + - wget + - --no-verbose + - --tries=1 + - --spider + - http://localhost + timeout: 3s + image: wallabag/wallabag + labels: + swag: enable + swag_address: wallabag + swag_proto: http + swag.uptime-kuma.enabled: true + homepage.group: Lifestyle + homepage.name: Wallabag + homepage.href: https://wallabag.${MY_TLD} + homepage.icon: wallabag.png + homepage.description: Knowledge Store + networks: + default: null + ports: + - mode: ingress + protocol: tcp + target: 80 + restart: unless-stopped + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/wallabag/images + target: /var/www/wallabag/web/assets/images + type: bind + bind: + create_host_path: true + wallos: + container_name: wallos + environment: + TZ: ${TZ} + image: bellamy/wallos:latest + labels: + homepage.group: Lifestyle + homepage.name: wallos + homepage.href: https://subs.${MY_TLD} + homepage.icon: wallos.png + homepage.description: Subscription Tracking + swag: enable + swag_proto: http + swag_url: subs.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://trac.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8283" + target: 80 + restart: unless-stopped + volumes: + - wallos-db:/var/www/html/db + - wallos-logos:/var/www/html/images/uploads/logos + watchtower: + container_name: watchtower + environment: + REPO_PASS: + REPO_USER: + TZ: America/New_York + WATCHTOWER_CLEANUP: true + WATCHTOWER_INCLUDE_STOPPED: false + WATCHTOWER_MONITOR_ONLY: false + WATCHTOWER_NOTIFICATIONS: gotify + WATCHTOWER_NOTIFICATIONS_LEVEL: info + WATCHTOWER_NOTIFICATION_TEMPLATE: '{{range .}}{{.Message}}{{println}}{{end}}' + WATCHTOWER_NOTIFICATION_URL: + WATCHTOWER_SCHEDULE: 0 0 4 * * * + WATCHTOWER_TIMEOUT: 30s + WATCHTOWER_HTTP_API_METRICS: true + WATCHTOWER_HTTP_API_TOKEN: ${WATCHTOWER_HTTP_API_TOKEN} + WATCHTOWER_NOTIFICATION_GOTIFY_URL: ${WATCHTOWER_NOTIFICATION_GOTIFY_URL} + WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN: ${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN} + WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY: true + expose: + - 8080 + hostname: Rinoa + image: ghcr.io/containrrr/watchtower:latest + labels: + homepage.group: Automation + homepage.name: Watchtower + homepage.icon: watchtower.svg + homepage.description: Container-based solution for automating Docker container base image updates + homepage.widget.type: watchtower + homepage.widget.url: http://watchtower:8080 + homepage.widget.key: ${WATCHTOWER_HTTP_API_TOKEN} + networks: + default: null + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + - bind: + create_host_path: true + source: /var/run/docker.sock + target: /var/run/docker.sock + type: bind + wazuh-agent: + container_name: wazuh.agent + environment: + JOIN_MANAGER_PROTOCOL: https + JOIN_MANAGER_MASTER_HOST: wazuh.manager + JOIN_MANAGER_WORKER_HOST: wazuh.manager + JOIN_MANAGER_USER: wazuh-wui + JOIN_MANAGER_PASSWORD: ${WAZUH_API_PASSWORD} + JOIN_MANAGER_API_PORT: 55000 + JOIN_MANAGER_PORT: 1514 + VIRUS_TOTAL_KEY: ${VIRUS_TOTAL_API_KEY} + DOCKER_HOST: tcp://dockerproxy:2375 + hostname: wazuh.agent + image: kennyopennix/wazuh-agent:latest + networks: + default: null + restart: unless-stopped + wazuh-dashboard: + container_name: wazuh-dashboard + depends_on: + wazuh-indexer: + condition: service_started + required: true + wazuh-manager: + condition: service_started + required: true + restart: true + environment: + INDEXER_USERNAME: admin + INDEXER_PASSWORD: ${WAZUH_INDEXER_PASSWORD} + WAZUH_API_URL: https://wazuh.manager + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: ${WAZUH_KIBANA_PASSWORD} + API_USERNAME: wazuh-wui + API_PASSWORD: ${WAZUH_API_PASSWORD} + hostname: wazuh-dashboard + image: wazuh/wazuh-dashboard:${WAZUH_VERSION} + labels: + swag: enable + swag_proto: https + swag_port: 5601 + swag_url: wsec.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://wsec.${MY_TLD} + homepage.group: Privacy/Security + homepage.name: Wazuh + homepage.href: https://wsec.${MY_TLD} + homepage.icon: wazuh.svg + homepage.description: OSS Security Platform for XDR/SIEM + links: + - wazuh-indexer:wazuh-indexer + - wazuh-manager:wazuh-manager + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "5601" + target: 5601 + restart: always + volumes: + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/wazuh.dashboard.pem + target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/wazuh.dashboard-key.pem + target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/root-ca.pem + target: /usr/share/wazuh-dashboard/certs/root-ca.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/opensearch_dashboards.yml + target: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/wazuh.yml + target: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + type: bind + bind: + create_host_path: true + - source: wazuh-dashboard-config + target: /usr/share/wazuh-dashboard/data/wazuh/config + type: volume + volume: {} + - source: wazuh-dashboard-custom + target: /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + type: volume + volume: {} + wazuh-indexer: + container_name: wazuh-indexer + environment: + OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m + hostname: wazuh-indexer + image: wazuh/wazuh-indexer:${WAZUH_VERSION} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "9200" + target: 9200 + restart: always + ulimits: + memlock: + hard: -1 + soft: -1 + nofile: + hard: 65536 + soft: 65536 + volumes: + - source: wazuh-indexer-data + target: /var/lib/wazuh-indexer + type: volume + volume: {} + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/root-ca.pem + target: /usr/share/wazuh-indexer/certs/root-ca.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/wazuh.indexer-key.pem + target: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/wazuh.indexer.pem + target: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/admin.pem + target: /usr/share/wazuh-indexer/certs/admin.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/admin-key.pem + target: /usr/share/wazuh-indexer/certs/admin-key.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/wazuh.indexer.yml + target: /usr/share/wazuh-indexer/opensearch.yml + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/internal_users.yml + target: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml + type: bind + bind: + create_host_path: true + wazuh-manager: + container_name: wazuh-manager + environment: + INDEXER_URL: https://wazuh.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: ${WAZUH_INDEXER_PASSWORD} + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: ${WAZUH_API_PASSWORD} + hostname: wazuh-manager + image: wazuh/wazuh-manager:${WAZUH_VERSION} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "1514" + target: 1514 + - mode: ingress + protocol: tcp + published: "1515" + target: 1515 + - mode: ingress + protocol: udp + published: "514" + target: 514 + - mode: ingress + protocol: tcp + published: "55000" + target: 55000 + restart: always + ulimits: + memlock: + hard: -1 + soft: -1 + nofile: + hard: 655360 + soft: 655360 + volumes: + - source: wazuh_api_configuration + target: /var/ossec/api/configuration + type: volume + volume: {} + - source: wazuh_etc + target: /var/ossec/etc + type: volume + volume: {} + - source: wazuh_logs + target: /var/ossec/logs + type: volume + volume: {} + - source: wazuh_queue + target: /var/ossec/queue + type: volume + volume: {} + - source: wazuh_var_multigroups + target: /var/ossec/var/multigroups + type: volume + volume: {} + - source: wazuh_integrations + target: /var/ossec/integrations + type: volume + volume: {} + - source: wazuh_active_response + target: /var/ossec/active-response/bin + type: volume + volume: {} + - source: wazuh_agentless + target: /var/ossec/agentless + type: volume + volume: {} + - source: wazuh_wodles + target: /var/ossec/wodles + type: volume + volume: {} + - source: filebeat_etc + target: /etc/filebeat + type: volume + volume: {} + - source: filebeat_var + target: /var/lib/filebeat + type: volume + volume: {} + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/root-ca.pem + target: /etc/ssl/root-ca.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/wazuh.manager.pem + target: /etc/ssl/filebeat.pem + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/generator/wazuh.manager-key.pem + target: /etc/ssl/filebeat.key + type: bind + bind: + create_host_path: true + - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/wazuh_manager.conf + target: /wazuh-config-mount/etc/ossec.conf + type: bind + bind: + create_host_path: true + web-check: + container_name: web-check + image: lissy93/web-check + labels: + homepage.group: Privacy/Security + homepage.name: Web-Check + homepage.icon: web-check.png + homepage.href: https://scan.${MY_TLD} + homepage.description: Site scanner for attack vectors, architecture, security configs, and more + swag: enable + swag_proto: http + swag_url: scan.${MY_TLD} + swag_port: 3000 + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://scan.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "3010" + target: 3000 + restart: unless-stopped + your_spotify: + container_name: your_spotify + environment: + PUID: ${PUID} + PGID: ${PGID} + TZ: ${TZ} + APP_URL: https://myspotify.${MY_TLD} + SPOTIFY_PUBLIC: ${YOUR_SPOTIFY_ID} + SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET} + CORS: all + MONGO_ENDPOINT: mongodb://mongodb:27017/your_spotify + LOG_LEVEL: debug + expose: + - 8080 + image: lscr.io/linuxserver/your_spotify:latest + labels: + homepage.group: Media Library + homepage.name: Your Spotify + homepage.icon: your-spotify.svg + homepage.href: https://myspotify.${MY_TLD} + homepage.description: Personal Spotify Tracking + swag: enable + swag_proto: https + swag_url: myspotify.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://myspotify.${MY_TLD} + networks: + default: null + ports: + - ${YOUR_SPOTIFY_PORT_80}:80 + - ${YOUR_SPOTIFY_PORT_443}:443 + restart: always + youtubedl: + container_name: youtubedl + environment: + PGID: ${PGID} + PUID: ${PUID} + TZ: America/New_York + YDL_CONFIG_PATH: /youtube-dl/config.yml + YDL_DEBUG: "false" + hostname: Rinoa + image: nbr23/youtube-dl-server:latest + labels: + homepage.group: Downloaders + homepage.name: YoutubeDL + homepage.icon: youtube-dl.svg + homepage.href: https://ytdl.${MY_TLD} + homepage.description: YouTube Downloader + swag: enable + swag_proto: http + swag_url: ytdl.${MY_TLD} + swag_port: 8080 + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://ytdl.${MY_TLD} + networks: + default: null + ports: + - mode: ingress + protocol: tcp + published: "8089" + target: 8080 + restart: unless-stopped + volumes: + - bind: + create_host_path: true + read_only: true + source: /etc/localtime + target: /etc/localtime + type: bind + - bind: + create_host_path: true + source: ${DOCKER_VOLUME_CONFIG}/youtubedl + target: /youtube-dl + type: bind + - bind: + create_host_path: true + source: /rinoa-storage + target: /storage + type: bind + zammad-backup: + command: + - zammad-backup + container_name: zammad-backup + depends_on: + zammad-postgresql: + condition: service_started + required: true + zammad-railsserver: + condition: service_started + required: true + entrypoint: /usr/local/bin/backup.sh + environment: + AUTOWIZARD_JSON: null + AUTOWIZARD_RELATIVE_PATH: null + BACKUP_TIME: "03:00" + ELASTICSEARCH_ENABLED: true + ELASTICSEARCH_HOST: zammad-elasticsearch + ELASTICSEARCH_NAMESPACE: trez_it + ELASTICSEARCH_PORT: 9200 + ELASTICSEARCH_REINDEX: true + ELASTICSEARCH_SCHEMA: http + ELASTICSEARCH_SSL_VERIFY: false + HOLD_DAYS: "10" + MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} + POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRESQL_DB_CREATE: true + POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} + POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} + POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} + POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} + POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} + RAILS_LOG_TO_STDOUT: true + RAILS_TRUSTED_PROXIES: 172.18.0.0/16 + REDIS_URL: ${ZAMMAD_REDIS_URL} + S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true + TZ: Europe/Berlin + ZAMMAD_BIND_IP: 0.0.0.0 + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null + ZAMMAD_PROCESS_SCHEDULED: null + ZAMMAD_SESSION_JOBS: null + ZAMMAD_WEB_CONCURRENCY: null + image: postgres:${ZAMMAD_POSTGRES_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - source: zammad-backup + target: /var/tmp/zammad + type: volume + volume: {} + - read_only: true + source: zammad-storage + target: /opt/zammad/storage + type: volume + volume: {} + - read_only: true + source: ${DOCKER_VOLUME_CONFIG}/zammad/scripts/backup.sh + target: /usr/local/bin/backup.sh + type: bind + volume: {} + zammad-elasticsearch: + container_name: zammad-elasticsearch + expose: + - 9200 + image: bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - source: zammad-es-data + target: /bitnami/elasticsearch/data + type: volume + volume: {} + zammad-init: + command: + - zammad-init + container_name: zammad-init + depends_on: + zammad-postgresql: + condition: service_started + required: true + environment: + AUTOWIZARD_JSON: null + AUTOWIZARD_RELATIVE_PATH: null + ELASTICSEARCH_ENABLED: true + ELASTICSEARCH_HOST: zammad-elasticsearch + ELASTICSEARCH_NAMESPACE: trez_it + ELASTICSEARCH_PORT: 9200 + ELASTICSEARCH_REINDEX: true + ELASTICSEARCH_SCHEMA: http + ELASTICSEARCH_SSL_VERIFY: false + MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} + POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRESQL_DB_CREATE: true + POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} + POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} + POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} + POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} + POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} + RAILS_LOG_TO_STDOUT: true + RAILS_TRUSTED_PROXIES: 172.18.0.0/16 + REDIS_URL: ${ZAMMAD_REDIS_URL} + S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true + ZAMMAD_BIND_IP: 0.0.0.0 + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null + ZAMMAD_PROCESS_SCHEDULED: null + ZAMMAD_SESSION_JOBS: null + ZAMMAD_WEB_CONCURRENCY: null + hostname: init + image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} + networks: + default: null + restart: on-failure + user: "0:0" + volumes: + - zammad-storage:/opt/zammad/storage + zammad-memcached: + command: memcached -m 256M + container_name: zammad-memcached + image: memcached:${ZAMMAD_MEMCACHE_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + zammad-nginx: + command: + - zammad-nginx + container_name: zammad-nginx + depends_on: + zammad-railsserver: + condition: service_started + required: true + environment: + AUTOWIZARD_JSON: null + AUTOWIZARD_RELATIVE_PATH: null + ELASTICSEARCH_ENABLED: true + ELASTICSEARCH_HOST: zammad-elasticsearch + ELASTICSEARCH_NAMESPACE: trez_it + ELASTICSEARCH_PORT: 9200 + ELASTICSEARCH_REINDEX: true + ELASTICSEARCH_SCHEMA: http + ELASTICSEARCH_SSL_VERIFY: false + MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} + POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRESQL_DB_CREATE: true + POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} + POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} + POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} + POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} + POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} + RAILS_LOG_TO_STDOUT: true + RAILS_TRUSTED_PROXIES: 172.18.0.0/16 + REDIS_URL: ${ZAMMAD_REDIS_URL} + S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true + ZAMMAD_BIND_IP: 0.0.0.0 + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null + ZAMMAD_PROCESS_SCHEDULED: null + ZAMMAD_SESSION_JOBS: null + ZAMMAD_WEB_CONCURRENCY: null + expose: + - "8080" + image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} + labels: + swag: enable + swag_proto: http + swag_port: 8080 + swag_url: support.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://support.${MY_TLD} + homepage.group: Professional Services + homepage.name: Zammad + homepage.href: https://support.${MY_TLD} + homepage.icon: zammad.svg + homepage.description: Open-source helpdesk/customer support system + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - zammad-storage:/opt/zammad/storage + zammad-postgresql: + container_name: zammad-postgresql + environment: + POSTGRES_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS} + POSTGRES_USER: ${ZAMMAD_POSTGRES_USER} + hostname: postgresql + image: postgres:${ZAMMAD_POSTGRES_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - source: zammad-pg-data + target: /var/lib/postgresql/data + type: volume + volume: {} + zammad-railsserver: + command: + - zammad-railsserver + container_name: zammad-railserver + depends_on: + zammad-memcached: + condition: service_started + required: true + zammad-postgresql: + condition: service_started + required: true + zammad-redis: + condition: service_started + required: true + environment: + AUTOWIZARD_JSON: null + AUTOWIZARD_RELATIVE_PATH: null + ELASTICSEARCH_ENABLED: true + ELASTICSEARCH_HOST: zammad-elasticsearch + ELASTICSEARCH_NAMESPACE: trez_it + ELASTICSEARCH_PORT: 9200 + ELASTICSEARCH_REINDEX: true + ELASTICSEARCH_SCHEMA: http + ELASTICSEARCH_SSL_VERIFY: false + MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} + POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRESQL_DB_CREATE: true + POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} + POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} + POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} + POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} + POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} + RAILS_LOG_TO_STDOUT: true + RAILS_TRUSTED_PROXIES: 172.18.0.0/16 + REDIS_URL: ${ZAMMAD_REDIS_URL} + S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true + ZAMMAD_BIND_IP: 0.0.0.0 + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null + ZAMMAD_PROCESS_SCHEDULED: null + ZAMMAD_SESSION_JOBS: null + ZAMMAD_WEB_CONCURRENCY: null + image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - source: zammad-storage + target: /opt/zammad/storage + type: volume + volume: {} + zammad-redis: + container_name: zammad-redis + image: redis:${ZAMMAD_REDIS_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - source: zammad-redis-data + target: /data + type: volume + volume: {} + zammad-scheduler: + command: + - zammad-scheduler + container_name: zammad-scheduler + depends_on: + zammad-memcached: + condition: service_started + required: true + zammad-postgresql: + condition: service_started + required: true + zammad-redis: + condition: service_started + required: true + environment: + AUTOWIZARD_JSON: null + AUTOWIZARD_RELATIVE_PATH: null + ELASTICSEARCH_ENABLED: true + ELASTICSEARCH_HOST: zammad-elasticsearch + ELASTICSEARCH_NAMESPACE: trez_it + ELASTICSEARCH_PORT: 9200 + ELASTICSEARCH_REINDEX: true + ELASTICSEARCH_SCHEMA: http + ELASTICSEARCH_SSL_VERIFY: false + MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} + POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRESQL_DB_CREATE: true + POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} + POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} + POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} + POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} + POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} + RAILS_LOG_TO_STDOUT: true + RAILS_TRUSTED_PROXIES: 172.18.0.0/16 + REDIS_URL: ${ZAMMAD_REDIS_URL} + S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true + ZAMMAD_BIND_IP: 0.0.0.0 + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null + ZAMMAD_PROCESS_SCHEDULED: null + ZAMMAD_SESSION_JOBS: null + ZAMMAD_WEB_CONCURRENCY: null + image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - source: zammad-storage + target: /opt/zammad/storage + type: volume + volume: {} + zammad-websocket: + command: + - zammad-websocket + container_name: zammad-websocket + depends_on: + zammad-memcached: + condition: service_started + required: true + zammad-postgresql: + condition: service_started + required: true + zammad-redis: + condition: service_started + required: true + environment: + AUTOWIZARD_JSON: null + AUTOWIZARD_RELATIVE_PATH: null + ELASTICSEARCH_ENABLED: true + ELASTICSEARCH_HOST: zammad-elasticsearch + ELASTICSEARCH_NAMESPACE: trez_it + ELASTICSEARCH_PORT: 9200 + ELASTICSEARCH_REINDEX: true + ELASTICSEARCH_SCHEMA: http + ELASTICSEARCH_SSL_VERIFY: false + MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} + POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRESQL_DB_CREATE: true + POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} + POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} + POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} + POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} + POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} + RAILS_LOG_TO_STDOUT: true + RAILS_TRUSTED_PROXIES: 172.18.0.0/16 + REDIS_URL: ${ZAMMAD_REDIS_URL} + S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true + ZAMMAD_BIND_IP: 0.0.0.0 + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null + ZAMMAD_PROCESS_SCHEDULED: null + ZAMMAD_SESSION_JOBS: null + ZAMMAD_WEB_CONCURRENCY: null + image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} + networks: + default: null + restart: ${ZAMMAD_RESTART} + volumes: + - source: zammad-storage + target: /opt/zammad/storage + type: volume + volume: {} + zitadel: + container_name: zitadel + image: ghcr.io/zitadel/zitadel:latest + command: 'start-from-init --masterkeyFromEnv --config /config.yaml --config /secrets.yaml --config /init-steps.yaml --tlsMode external' + depends_on: + zitadel-pg-db: + condition: 'service_started' + environment: + ZITADEL_MASTERKEY: ${ZITADEL_MASTER_KEY} + expose: + - 8080 + labels: + swag: enable + swag_proto: http + swag_port: 8080 + swag_url: id.${MY_TLD} + swag_server_custom_directive: http2 on; + homepage.group: System Administration + homepage.name: Zitadel + homepage.href: https://id.${MY_TLD} + homepage.icon: zitadel.svg + homepage.description: Centralized authentication management + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_CONFIG}/zitadel/config.yaml:/config.yaml + - ${DOCKER_VOLUME_CONFIG}/zitadel/init-steps.yaml:/init-steps.yaml + - ${DOCKER_VOLUME_CONFIG}/zitadel/secrets.yaml:/secrets.yaml + zitadel-pg-db: + container_name: zitadel-pg-db + environment: + POSTGRES_USER: root + POSTGRES_PASSWORD: ${ZITADEL_DB_ADMIN_PASSWORD} + expose: + - 5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "root" ] + interval: '10s' + timeout: '30s' + retries: 5 + start_period: '20s' + image: postgres:16-alpine + restart: unless-stopped + volumes: + - zitadel-pg-db:/var/lib/postgresql/data +volumes: + authelia-pg-db: + name: authelia-pg-db + bitmagnet-pg-db: + name: bitmagnet-pg-db + bunkerweb-data: + name: bunkerweb-data + castopod-media: + name: castopod-media + crowdsec-config: + name: crowdsec-config + crowdsec-db: + name: crowdsec-db + dagu_config: + name: dagu_config + dagu_data: + name: dagu_data + dbgate-data: + name: dbgate-data + fastenhealth-cache: + name: fastenhealth-cache + fastenhealth-db: + name: fastenhealth-db + filebeat_etc: + name: filebeat_etc + filebeat_var: + name: filebeat_var + gitea-pg-db: + name: gitea-pg-db + grafana-mimir-data: + name: grafana-mimir-data + grafana-tempo-data: + name: grafana-tempo-data + hortusfox_app_backup: + name: hortusfox_app_backup + hortusfox_app_images: + name: hortusfox_app_images + hortusfox_app_logs: + name: hortusfox_app_logs + hortusfox_app_migrate: + name: hortusfox_app_migrate + hortusfox_app_themes: + name: hortusfox_app_themes + hortusfox_db_data: + name: hortusfox_db_data + immich-model-cache: + name: immich-model-cache + influxdb2-data: + name: influxdb2-data + influxdb2-config: + name: influxdb2-config + invidious-postgres: + name: invidious-postgres + invoice_ninja_public: + name: invoice_ninja_public + jitsi-web-admin-theme: + name: jitsi-web-admin-theme + jitsi-web-admin-upload: + name: jitsi-web-admin-upload + joplin_data: + name: joplin_data + lldap_data: + name: lldap_data + localai_data: + name: localai_data + mastodon-pg-db: + name: mastodon-pg-db + mongodb_config: + name: mongodb_config + mongodb_data: + name: mongodb_data + n8n-data: + name: n8n-data + netbird-mgmt: + name: netbird-mgmt + netbird-signal: + name: netbird-signal + netbird-letsencrypt: + name: netbird-letsencrypt + netbox-pg-db: + name: netbox-pg-db + nextcloud_aio_mastercontainer: + name: nextcloud_aio_mastercontainer + ollama: + name: ollama + paperless-ngx-data: + name: paperless-ngx-data + paperless-ngx-media: + name: paperless-ngx-media + paperless-ngx-pg: + name: paperless-ngx-pg + pgbackweb-data: + name: pgbackweb-data + plausible-db-data: + name: plausible-db-data + plausible-event-data: + name: plausible-event-data + plausible-event-logs: + name: plausible-event-logs + portainer-data: + name: portainer-data + reactive-resume-pg: + name: reactive-resume-pg + sonarqube-data: + name: sonarqube-data + sonarqube-db: + name: sonarqube-db + sonarqube-db-data: + name: sonarqube-db-data + sonarqube-extensions: + name: sonarqube-extensions + sonarqube-logs: + name: sonarqube-logs + sonarqube-temp: + name: sonarqube-temp + tandoor-pg: + name: tandoor-pg + traccar-pg: + name: traccar-pg + unmanic-cache: + name: unmanic-cache + wallos-db: + name: wallos-db + wallos-logos: + name: wallos-logos + wazuh-dashboard-config: + name: wazuh-dashboard-config + wazuh-dashboard-custom: + name: wazuh-dashboard-custom + wazuh-indexer-data: + name: wazuh-indexer-data + wazuh_active_response: + name: wazuh_active_response + wazuh_agentless: + name: wazuh_agentless + wazuh_api_configuration: + name: wazuh_api_configuration + wazuh_etc: + name: wazuh_etc + wazuh_integrations: + name: wazuh_integrations + wazuh_logs: + name: wazuh_logs + wazuh_queue: + name: wazuh_queue + wazuh_var_multigroups: + name: wazuh_var_multigroups + wazuh_wodles: + name: wazuh_wodles + zammad-backup: + driver: local + name: zammad-backup + zammad-es-data: + driver: local + name: zammad-es-data + zammad-pg-data: + driver: local + name: zammad-pg-data + zammad-redis-data: + driver: local + name: zammad-redis-data + zammad-storage: + driver: local + name: zammad-storage + zitadel-pg-db: + name: zitadel-pg-db +x-shared: + zammad-service: + depends_on: + - zammad-memcached + - zammad-postgresql + - zammad-redis + environment: + AUTOWIZARD_JSON: null + AUTOWIZARD_RELATIVE_PATH: null + ELASTICSEARCH_ENABLED: true + ELASTICSEARCH_HOST: zammad-elasticsearch + ELASTICSEARCH_NAMESPACE: trez_it + ELASTICSEARCH_PORT: 9200 + ELASTICSEARCH_REINDEX: true + ELASTICSEARCH_SCHEMA: http + ELASTICSEARCH_SSL_VERIFY: false + MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} + POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} + POSTGRESQL_DB_CREATE: true + POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} + POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} + POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} + POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} + POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} + RAILS_LOG_TO_STDOUT: true + RAILS_TRUSTED_PROXIES: 172.18.0.0/16 + REDIS_URL: ${ZAMMAD_REDIS_URL} + S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true + ZAMMAD_BIND_IP: 0.0.0.0 + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null + ZAMMAD_PROCESS_SCHEDULED: null + ZAMMAD_SESSION_JOBS: null + ZAMMAD_WEB_CONCURRENCY: null + image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} + restart: ${ZAMMAD_RESTART} + volumes: + - zammad-storage:/opt/zammad/storage \ No newline at end of file From 049c21f5380ba743aef4367e69c8ef6bd4967c1b Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 31 Jan 2025 15:28:44 -0500 Subject: [PATCH 3/3] Removing service comparison for now. --- .../workflows/pr-cloudflare-docker-deploy.yml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index b8b1b4af..0afd7bf9 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -192,19 +192,19 @@ jobs: uses: actions/checkout@v4 - name: Install yq uses: dcarbone/install-yq-action@v1 - - name: Fetch main branch for comparison - run: | - git fetch origin main:main - - name: Compare services using yq - id: compare-services - run: | - current_services=$(yq '.services | to_entries' docker-compose.yml) - git show main:docker-compose.yml > main_compose.yml - main_services=$(yq '.services | to_entries' main_compose.yml) - modified_services_file=$(comm -13 <(echo "$main_services") <(echo "$current_services") > changes_compose.yml) - modified_services=${egrep '^ [a-z]' changes.yml | sed -e 's|^ ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'} - echo "Modified services: $modified_services" - echo "modified_services=$modified_services" >> $GITHUB_OUTPUT + # - name: Fetch main branch for comparison + # run: | + # git fetch origin main:main + # - name: Compare services using yq + # id: compare-services + # run: | + # current_services=$(yq '.services | to_entries' docker-compose.yml) + # git show main:docker-compose.yml > main_compose.yml + # main_services=$(yq '.services | to_entries' main_compose.yml) + # modified_services_file=$(comm -13 <(echo "$main_services") <(echo "$current_services") > changes_compose.yml) + # modified_services=${egrep '^ [a-z]' changes.yml | sed -e 's|^ ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'} + # echo "Modified services: $modified_services" + # echo "modified_services=$modified_services" >> $GITHUB_OUTPUT - name: Generate service list run: | yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml