name: compose networks: bitmagnet: driver: bridge ipam: config: - gateway: 192.168.55.1 subnet: 192.168.55.0/27 driver: default name: compose_bitmagnet default: name: compose_default services: actual_server: container_name: actualbudget environment: ACTUAL_LOGIN_METHOD: "pass" ACTUAL_PORT: 5006 # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20 # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50 # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20 # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration # !! If you are not using any of these options, remove the 'environment:' tag entirely. image: docker.io/actualbudget/actual-server:latest ports: - 5006:5006 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/actual-budget:/data adguard: container_name: adguard environment: TZ: America/New_York hostname: Rinoa image: adguard/adguardhome:latest labels: - swag=enable - swag_proto=http - swag_url=adgh.${MY_TLD} - homepage.group=System Administration - homepage.name=AdGuard Home - homepage.icon=adguard-home.png - homepage.href=https://adgh.${MY_TLD} - homepage.description=Ad-blocking/DNS - homepage.widget.type=adguard - homepage.widget.url=http://adguard:80 - homepage.widget.username=admin - homepage.widget.password=${ADGUARD_PASSWORD} networks: default: null ports: - mode: ingress protocol: tcp published: "3001" target: 3000 - mode: ingress protocol: tcp published: "446" target: 443 - mode: ingress protocol: tcp published: "8008" target: 80 - mode: ingress protocol: tcp published: "853" target: 853 - host_ip: 0.0.0.0 mode: ingress protocol: tcp published: "53" target: 53 - host_ip: 0.0.0.0 mode: ingress protocol: udp published: "53" target: 53 - host_ip: 0.0.0.0 mode: ingress protocol: udp published: "67" target: 67 - host_ip: 0.0.0.0 mode: ingress protocol: tcp published: "688" target: 68 - host_ip: 0.0.0.0 mode: ingress protocol: udp published: "688" target: 68 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/adguard/work target: /opt/adguardhome/work type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/adguard/conf target: /opt/adguardhome/conf type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - source: ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/archive/trez.wtf target: /etc/ssl/certs type: bind bind: create_host_path: true apprise: container_name: apprise environment: PGID: 1000 PUID: 1000 TZ: America/New_York hostname: Rinoa image: lscr.io/linuxserver/apprise-api:latest labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Apprise - homepage.icon=apprise.png - homepage.href=http://192.168.1.254:8000 - homepage.description=Cemtralized, multi-channel notification API networks: default: null ports: - mode: ingress protocol: tcp published: "8000" target: 8000 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/apprise target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind audiobookshelf: container_name: audiobookshelf environment: CONFIG_PATH: /config HOME: /config/.home LOG_LEVEL: info METADATA_PATH: /metadata TZ: America/New_York hostname: Rinoa image: ghcr.io/advplyr/audiobookshelf:latest labels: - homepage.group=Media Library - homepage.name=Audiobookshelf - homepage.href=https://abs.${MY_TLD} - homepage.icon=audiobookshelf.png - homepage.description=Podcasts, eBooks, & Audiobooks - homepage.widget.type=audiobookshelf - homepage.widget.url=http://audiobookshelf:80 - homepage.widget.key=${AUDIOBOOKSHELF_ROOT_API_KEY} - swag=enable - swag_address=audiobookshelf - swag_proto=http - swag_url=abs.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://abs.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "13378" target: 80 restart: unless-stopped user: 1000:1000 volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf target: /config type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata target: /metadata type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind authelia: container_name: authelia environment: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${AUTHELIA_AUTH_BIND_LDAP_PASSWORD} AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET} AUTHELIA_NOTIFIER_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} AUTHELIA_NOTIFIER_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET} AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY} AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD} GUID: ${PGID} PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} expose: - 9091 image: authelia/authelia:master labels: - homepage.group=Privacy/Security - homepage.name=Authelia - homepage.href=https://auth.${MY_TLD} - homepage.icon=authelia.svg - homepage.description=Authentication/authorization server with MFA & SSO - swag=enable - swag_proto=http - swag_port=9091 - swag_url=auth.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://auth.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/authelia/ target: /config type: bind bind: create_host_path: true authelia-pg: container_name: authelia-pg environment: - POSTGRES_PASSWORD=${AUTHELIA_STORAGE_POSTGRES_PASSWORD} - POSTGRES_USER=authelia - POSTGRES_DB=authelia expose: - 5432 image: postgres:16-alpine networks: default: null restart: unless-stopped volumes: - source: authelia-pg-db target: /var/lib/postgresql/data type: volume bind: create_host_path: true bazarr: container_name: bazarr environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - DOCKER_MODS=ghcr.io/gilbn/theme.park:bazarr hostname: Rinoa image: lscr.io/linuxserver/bazarr:latest labels: - homepage.group=Servarr Stack - homepage.name=Bazarr - homepage.href=https://bazarr.${MY_TLD} - homepage.icon=bazarr.png - homepage.description=Subtitle automation for TV shows/movies - homepage.widget.type=bazarr - homepage.widget.url=http://bazarr:6767 - homepage.widget.key=${BAZARR_API_KEY} - swag=enable - swag_proto=http - swag_port=6767 - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "6767" target: 6767 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/bazarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind bitmagnet: command: - worker - run - --keys=http_server - --keys=queue_server - --keys=dht_crawler container_name: bitmagnet depends_on: bitmagnet-pg-db: condition: service_healthy required: true gluetun: condition: service_started required: true restart: true environment: LOG_FILE_ROTATION_ENABLED: true POSTGRES_HOST: bitmagnet-pg-db POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} POSTGRES_USER: bitmagnet image: ghcr.io/bitmagnet-io/bitmagnet:latest labels: - homepage.group=Downloaders - homepage.name=Bitmagnet - homepage.href=https://btmag.${MY_TLD} - homepage.icon=/icons/bitmagnet.svg - homepage.description=Torrent indexer, DHT crawler, search engine, & content classifier - homepage.widget.type=gluetun - homepage.widget.url=http://gluetun:8000 - swag=enable - swag_proto=http - swag_address=gluetun - swag_auth=authelia - swag_auth_bypass=/v1 - swag_port=3333 - swag_url=btmag.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://btmag.${MY_TLD} network_mode: service:gluetun restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/bitmagnet target: /root/.local/share/bitmagnet type: bind bind: create_host_path: true bitmagnet-pg-db: container_name: bitmagnet-pg-db environment: POSTGRES_DB: bitmagnet POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} POSTGRES_USER: bitmagnet expose: - 5432 healthcheck: interval: 10s start_period: 20s test: - CMD-SHELL - pg_isready image: postgres:17-alpine networks: bitmagnet: ipv4_address: 192.168.55.8 default: null restart: unless-stopped shm_size: 1g volumes: - source: bitmagnet-pg-db target: /var/lib/postgresql/data type: volume volume: {} bitwarden: container_name: bitwarden environment: ADMIN_TOKEN: ${BITWARDEN_ENVIRONMENT_ADMIN_TOKEN} DATABASE_URL: data/db.sqlite3 DISABLE_ADMIN_TOKEN: "false" DOMAIN: https://bitwarden.${MY_TLD} ENABLE_DB_WAL: "true" INVITATIONS_ALLOWED: "false" SHOW_PASSWORD_HINT: "false" SIGNUPS_ALLOWED: "true" SIGNUPS_VERIFY: "true" TZ: America/New_York WEBSOCKET_ENABLED: "true" hostname: Rinoa image: vaultwarden/server:latest labels: - homepage.group=Privacy/Security - homepage.name=Bitwarden - homepage.icon=bitwarden.png - homepage.href=https://bitwarden.${MY_TLD} - homepage.description=Credential/Information Vault - swag=enable - swag_url=bitwarden.${MY_TLD} - swag_proto=http - swag_port=80 - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "3012" target: 3012 - mode: ingress protocol: tcp published: "8013" target: 80 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/bitwarden target: /data type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind bluesky-pds: container_name: bluesky-pds environment: PDS_ADMIN_EMAIL: charish.patel@trez.wtf PDS_HOSTNAME: bsky.trez.wtf PDS_JWT_SECRET: ${BLUESKY_PDS_JWT_SECRET} PDS_ADMIN_PASSWORD: ${BLUESKY_PDS_ADMIN_PASSWORD} PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${BLUESKY_PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX} PDS_DATA_DIRECTORY: /pds PDS_EMAIL_SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 PDS_EMAIL_FROM_ADDRESS: noreply@trez.wtf PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks PDS_BLOB_UPLOAD_LIMIT: 52428800 PDS_DID_PLC_URL: ${PDS_DID_PLC_URL} PDS_BSKY_APP_VIEW_URL: ${PDS_BSKY_APP_VIEW_URL} PDS_BSKY_APP_VIEW_DID: ${PDS_BSKY_APP_VIEW_DID} PDS_REPORT_SERVICE_URL: ${PDS_REPORT_SERVICE_URL} PDS_REPORT_SERVICE_DID: ${PDS_REPORT_SERVICE_DID} PDS_CRAWLERS: ${PDS_CRAWLERS} LOG_ENABLED: true expose: - 3000 image: ghcr.io/bluesky-social/pds:latest labels: - swag=enable - swag_port=3000 - swag_url=bsky.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://bsky.${MY_TLD} restart: unless-stopped volumes: - type: bind source: ${DOCKER_VOLUME_CONFIG}/bluesky-pds target: /pds browserless: container_name: browserless environment: ALLOW_FILE_PROTOCOL: true CONCURRENT: 20 HEALTH: false PROXY_HOST: swag PROXY_PORT: 443 PROXY_SSL: true QUEUED: 20 TIMEOUT: 300000 TOKEN: ${CHROMIUM_TOKEN} TZ: ${TZ} expose: - 3000 image: ghcr.io/browserless/chromium:latest labels: - swag=enable - swag_proto=http - swag_port=3000 - swag_url=browse.${MY_TLD} networks: default: null restart: unless-stopped castopod: container_name: castopod depends_on: - mariadb environment: MYSQL_DATABASE: castopod MYSQL_USER: castopod MYSQL_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} CP_DATABASE_HOSTNAME: mariadb CP_DATABASE_NAME: castopod CP_DATABASE_USERNAME: castopod CP_DATABASE_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} CP_BASEURL: pod.trez.wtf CP_ANALYTICS_SALT: ${CASTOPOD_ANALYTICS_SALT} CP_CACHE_HANDLER: redis CP_DISABLE_HTTPS: 1 CP_REDIS_HOST: redis CP_EMAIL_SMTP_HOST: postal-smtp CP_EMAIL_FROM: noreply@trez.wtf CP_EMAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} CP_EMAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} expose: - 8000 image: castopod/castopod:latest labels: - homepage.group=Social - homepage.name=Castopod - homepage.href=https://pod.${MY_TLD} - homepage.icon=castopod.png - homepage.description=Podcast self-hosting - swag=enable - swag_port=8000 - swag_url=pod.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://pod.${MY_TLD} restart: unless-stopped volumes: - castopod-media:/var/www/castopod/public/media cloudflared: command: ['tunnel', '--no-autoupdate', 'run', '--token', '${CLOUDFLARED_TUNNEL_TOKEN}'] container_name: cloudflared environment: CLOUDFLARED_TUNNEL_KEY: ${CLOUDFLARED_TUNNEL_TOKEN} image: 'cloudflare/cloudflared:latest' restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/cloudflared:/etc/cloudflared cloudflareddns: container_name: cloudflareddns environment: ARGS: --dns-cloudflare-propagation-seconds 60 CF_APIKEY: ${CLOUDFLAREDDNS_ENVIRONMENT_APIKEY} CF_APITOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN} CF_HOSTS: trez.wtf CF_RECORDTYPES: A CF_USER: charish.patel@trez.wtf CF_ZONES: trez.wtf DETECTION_MODE: dig-google.com INTERVAL: "300" LOG_LEVEL: "3" PGID: "1000" PUID: "1000" TZ: America/New_York hostname: Rinoa image: ghcr.io/hotio/cloudflareddns:latest networks: default: null restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/cloudflareddns target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind crowdsec: container_name: crowdsec environment: - DOCKER_HOST=tcp://dockerproxy:2375 - GID=1000 - BOUNCER_KEY_SWAG=${CROWDSEC_API_KEY} - COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables image: crowdsecurity/crowdsec:latest networks: default: null ports: - mode: ingress protocol: tcp published: "8101" target: 8080 restart: unless-stopped security_opt: - no-new-privileges=true volumes: - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local target: /etc/crowdsec/config.yaml.local type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local target: /etc/crowdsec/local_api_credentials.yaml.local type: bind bind: create_host_path: true - read_only: true source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx target: /var/log/swag type: bind bind: create_host_path: true - source: crowdsec-config target: /etc/crowdsec type: volume volume: {} - source: crowdsec-db target: /var/lib/crowdsec/data type: volume volume: {} - bind: create_host_path: true read_only: true source: /var/log/journal target: /var/log/host type: bind crowdsec-dashboard: container_name: crowdsec-dashboard depends_on: crowdsec: condition: service_started required: true environment: MB_DB_FILE: /data/metabase.db MGID: ${GID-1000} image: metabase/metabase labels: - com.centurylinklabs.watchtower.enable=false - homepage.group=Privacy/Security - homepage.name=CrowdSec Dashboard - homepage.href=https://csec.${MY_TLD} - homepage.icon=crowdsec.svg - homepage.description=Real-time & crowdsourced protection against aggressive IPs - homepage.widget.type=crowdsec - homepage.widget.url=http://crowdsec:8080 - homepage.widget.username=localhost - homepage.widget.password=${CROWDSEC_LOCAL_API_KEY} - swag=enable - swag_port=3000 - swag_proto=http - swag_url=csec.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://csec.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8908" target: 3000 restart: always volumes: - source: crowdsec-db target: /metabase-data type: volume volume: {} czkawka: container_name: czkawka environment: KEEP_APP_RUNNING: 1 PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} UMASK: 1 WEB_LISTENING_PORT: 5800 image: jlesage/czkawka labels: - homepage.group=System Administration - homepage.name=Czkawka - homepage.href=https://czkawka.${MY_TLD} - homepage.icon=/icons/czkawka.png - homepage.description=Smart file management - swag=enable - swag_port=5800 - swag_proto=http - swag_url=czkawka.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://czkawka.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "5800" target: 5800 privileged: true restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/czkawka target: /config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE} target: /storage type: bind bind: create_host_path: true dagu-scheduler: command: dagu scheduler container_name: dagu-scheduler image: ghcr.io/dagu-org/dagu:latest networks: default: null restart: unless-stopped volumes: - source: dagu_config target: /home/dagu/.config/dagu type: volume volume: {} - source: dagu_data target: /home/dagu/.local/share type: volume volume: {} dagu-server: container_name: dagu-server environment: DAGU_PORT: 8080 image: ghcr.io/dagu-org/dagu:latest labels: - homepage.group=System Administration - homepage.name=Dagu - homepage.href=https://cron.${MY_TLD} - homepage.icon=/icons/dagu.png - homepage.description=Cron alternative using DAGs (Directed Acyclic Graphs) - swag=enable - swag_port=8080 - swag_proto=http - swag_url=cron.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://cron.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8108" target: 8080 restart: unless-stopped volumes: - source: dagu_config target: /home/dagu/.config/dagu type: volume bind: create_host_path: true - source: dagu_data target: /home/dagu/.local/share type: volume bind: create_host_path: true delugevpn: cap_add: - NET_ADMIN - SYS_MODULE container_name: delugevpn environment: ENABLE_PRIVOXY: "no" LAN_NETWORK: 192.168.1.0/24 NAME_SERVERS: 192.168.1.254,1.1.1.1 PGID: "1000" PUID: "1000" TZ: America/New_York VPN_CLIENT: openvpn VPN_ENABLED: "yes" VPN_INPUT_PORTS: "" VPN_OPTIONS: "" VPN_OUTPUT_PORTS: "" VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA VPN_PROV: pia VPN_USER: p3120278 hostname: Rinoa image: ghcr.io/binhex/arch-delugevpn:latest labels: - homepage.group=Downloaders - homepage.name=DelugeVPN - homepage.href=https://deluge.${MY_TLD} - homepage.icon=deluge.png - homepage.description=Torrent over VPN - homepage.widget.type=deluge - homepage.widget.url=http://delugevpn:8112 - homepage.widget.password=${DELUGEVPN_PASSWORD} - swag=enable - swag_port=8112 - swag_proto=http - swag_url=deluge.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://deluge.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "58846" target: 58846 - mode: ingress protocol: tcp published: "58946" target: 58946 - mode: ingress protocol: tcp published: "6881" target: 6881 - mode: ingress protocol: tcp published: "8112" target: 8112 - mode: ingress protocol: tcp published: "8118" target: 8118 privileged: true restart: unless-stopped sysctls: net.ipv4.conf.all.src_valid_mark: "1" volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/delugevpn target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind docker-socket-proxy: container_name: dockerproxy environment: - AUTH=1 - BUILD=1 - COMMIT=1 - CONFIGS=1 - CONTAINERS=1 - DISTRIBUTION=1 - EVENTS=1 - EXEC=1 - GPRC=1 - IMAGES=1 - INFO=1 - NETWORKS=1 - NODES=1 - POST=1 - PLUGINS=1 - SERVICES=1 - SESSION=1 - SYSTEM=1 - TASKS=1 - VOLUMES=1 - LOG_LEVEL=debug image: ghcr.io/tecnativa/docker-socket-proxy:latest networks: default: null ports: - mode: ingress protocol: tcp published: "2375" target: 2375 privileged: true restart: unless-stopped volumes: - bind: create_host_path: true source: /var/run/docker.sock target: /var/run/docker.sock type: bind docuseal: container_name: docuseal image: docuseal/docuseal:latest labels: - homepage.group=Personal Services - homepage.name=Docuseal - homepage.href=https://docs.${MY_TLD} - homepage.description=OSS Document Signing & Verification - homepage.icon=docuseal.png - swag=enable - swag_proto=http - swag_port=3000 - swag_url=sign.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://sign.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "3002" target: 3000 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/docuseal target: /data type: bind bind: create_host_path: true duplicati: container_name: duplicati environment: PGID: "1000" PUID: "1000" TZ: America/New_York hostname: Rinoa image: lscr.io/linuxserver/duplicati:latest labels: - swag=enable - swag_port=8200 - swag_proto=http - swag_url=dup.${MY_TLD} - homepage.group=Automation - homepage.name=Duplicati - homepage.href=https://dup.${MY_TLD} - homepage.icon=duplicati.png - homepage.description=Data backup networks: default: null ports: - mode: ingress protocol: tcp published: "8282" target: 8200 - ${DUPLICATI_PORT_8200}:8200 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/duplicati target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true source: /home/charish/.config/appdata/backups target: /backups type: bind - bind: create_host_path: true source: /home/charish/.config/appdata target: /source type: bind emby: container_name: emby environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:emby hostname: Rinoa image: emby/embyserver labels: - homepage.group=Media Library - homepage.name=Emby - homepage.icon=emby.png - homepage.href=http://emby.${MY_TLD} - homepage.description=Movie/TV Streaming - homepage.widget.type=emby - homepage.widget.url=http://emby:8096 - homepage.widget.key=${EMBY_HOMEPAGE_API_KEY} - homepage.widget.enableBlocks=true - homepage.widget.enableNowPlaying=true - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "8096" target: 8096 - mode: ingress protocol: tcp published: "8920" target: 8920 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/emby target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true source: /tmp target: /transcode type: bind fastenhealth: container_name: fastenhealth image: ghcr.io/fastenhealth/fasten-onprem:main labels: - homepage.group=Lifestyle - homepage.name=Fasten - homepage.icon=/icons/fastenhealth.png - homepage.href=http://health.${MY_TLD} - homepage.description=Open-source, self-hosted, personal/family electronic medical record aggregator - swag=enable - swag_proto=http - swag_port=8080 - swag_url=health.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://health.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8105" target: 8080 restart: unless-stopped volumes: - source: fastenhealth-cache target: /opt/fasten/cache type: volume volume: {} - source: fastenhealth-db target: /opt/fasten/db type: volume volume: {} flaresolverr: container_name: flaresolverr environment: - CAPTCHA_SOLVER=none - LOG_HTML=false - LOG_LEVEL=info - PORT=8191 - TZ=America/New_York - BROWSER_TIMEOUT=40000 - TEST_URL=https://duckduckgo.com hostname: Rinoa image: ghcr.io/flaresolverr/flaresolverr:latest networks: default: null ports: - mode: ingress protocol: tcp published: "8191" target: 8191 restart: unless-stopped sysctls: - net.ipv6.conf.all.disable_ipv6=1 volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind ghost: container_name: ghost_blog depends_on: mariadb: condition: service_started required: true restart: true environment: - database__client=mysql - database__connection__host=mariadb - database__connection__port=3306 - database__connection__user=${GHOST_DB_USER} - database__connection__password=${GHOST_DB_PASSWORD} - database__connection__database=ghost_db - mail__transport=SMTP - mail__options__host=postal-smtp - mail__options__port=25 - mail__options__secure=false - mail__options__auth__user=${POSTAL_SMTP_AUTH_USER} - mail__options__auth__pass=${POSTAL_SMTP_AUTH_PASSWORD} - mail__from="noreply@trez.wtf" - url=https://blog.${MY_TLD} image: ghost:latest labels: - homepage.group=Lifestyle - homepage.name=Ghost - homepage.href=https://blog.${MY_TLD} - homepage.icon=ghost.png - homepage.description=Personal blog - swag=enable - swag_port=2368 - swag_proto=http - swag_url=blog.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://blog.${MY_TLD} links: - mariadb networks: default: null restart: always gitea: container_name: gitea depends_on: gitea-db: condition: service_healthy required: true environment: - USER_UID=${PUID} - USER_GID=${PGID} - GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=gitea-db:5432 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=${GITEA_PG_DB_PASSWORD} - GITEA__mailer__ENABLED=true - GITEA__mailer__FROM='"Gitea" ' - GITEA__mailer__PROTOCOL=smtp - GITEA__mailer__SMTP_ADDR=postal-smtp - GITEA__mailer__SMTP_PORT=25 - GITEA__mailer__USER=${POSTAL_SMTP_AUTH_USER} - GITEA__mailer__PASSWD=${POSTAL_SMTP_AUTH_PASSWORD} image: gitea/gitea:1.22.2 labels: - homepage.group=Code/DevOps - homepage.name=Gitea - homepage.href=https://git.${MY_TLD} - homepage.icon=gitea.svg - homepage.description=Private Code Repo - homepage.widget.type=gitea - homepage.widget.url=http://gitea:3000 - homepage.widget.key=${GITEA_HOMEPAGE_API_KEY} - swag=enable - swag_url=git.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://git.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "3013" target: 3000 - mode: ingress protocol: tcp published: "222" target: 22 restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/gitea target: /data type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/timezone target: /etc/timezone type: bind - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind gitea-db: container_name: gitea-db environment: - POSTGRES_USER=gitea - POSTGRES_PASSWORD=${GITEA_PG_DB_PASSWORD} - POSTGRES_DB=gitea expose: - 5432 healthcheck: interval: 10s start_period: 20s test: - CMD-SHELL - pg_isready image: postgres:14 networks: default: null restart: always volumes: - source: gitea-pg-db target: /var/lib/postgresql/data type: volume volume: {} gitea-opengist: container_name: gitea-opengist environment: OG_LOG_LEVEL: warn OG_EXTERNAL_URL: https://gist.trez.wtf OG_GIT_DEFAULT_BRANCH: "main" OG_GITEA_CLIENT_KEY: ${OPENGIST_GITEA_CLIENT_KEY} OG_GITEA_SECRET: ${OPENGIST_GITEA_SECRET} OG_GITEA_URL: https://git.trez.wtf OG_GITEA_NAME: "Gitea @ Rinoa" OG_SSH_EXTERNAL_DOMAIN: gist-ssh.trez.wtf image: ghcr.io/thomiceli/opengist:latest labels: homepage.description: Private Code Gists homepage.group: Code/DevOps homepage.href: https://gist.trez.wtf homepage.icon: /icons/opengist.svg homepage.name: Opengist swag: enable swag.uptime-kuma.enabled: "true" swag.uptime-kuma.monitor.url: https://gist.trez.wtf swag_port: "6157" swag_proto: http swag_url: gist.trez.wtf ports: - "6157:6157" # HTTP port - "2222:2222" # SSH port, can be removed if you don't use SSH restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/gitea/opengist:/opengist gitea-runner: container_name: gitea-runner depends_on: gitea: condition: service_started environment: CONFIG_FILE: /config.yaml DOCKER_HOST: tcp://dockerproxy:2375 GITEA_INSTANCE_URL: https://git.trez.wtf GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" GITEA_RUNNER_NAME: "gitea-runner-1" image: gitea/act_runner:latest ports: - 63604:63604 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml gitea-sonarqube-bot: container_name: gitea-sonarqube-bot depends_on: gitea: condition: service_started sonarqube: condition: service_started image: justusbunsi/gitea-sonarqube-bot:v0.4.0 environment: GITEA_SQ_BOT_PORT: 58525 GITEA_SQ_BOT_CONFIG_PATH: /home/bot/config/config.yaml ports: - 58525:58525 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/ gluetun: cap_add: - NET_ADMIN container_name: gluetun environment: OPENVPN_PASSWORD: ${DELUGEVPN_ENVIRONMENT_VPN_PASS} OPENVPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER} PORT_FORWARD_ONLY: true SERVER_REGIONS: Bahamas,Belgium,Cyprus,Estonia,FI Helsinki,Iceland,Latvia,Lithuania,Luxembourg,Montenegro,Netherlands,Portugal,DK Copenhagen,Ukraine,Uruguay VPN_SERVICE_PROVIDER: private internet access expose: - 8000 extra_hosts: - bitmagnet-pg-db:192.168.55.8 image: qmcgaw/gluetun:latest networks: bitmagnet: ipv4_address: 192.168.55.7 default: null ports: - mode: ingress protocol: tcp published: "3333" target: 3333 - mode: ingress protocol: tcp published: "3334" target: 3334 - mode: ingress protocol: udp published: "3334" target: 3334 - mode: ingress protocol: tcp published: "5030" target: 5030 - mode: ingress protocol: tcp published: "5031" target: 5031 - mode: ingress protocol: tcp published: "50300" target: 50300 restart: always gotify: container_name: gotify environment: - GOTIFY_SERVER_PORT=80 - GOTIFY_SERVER_KEEPALIVEPERIODSECONDS=0 - GOTIFY_SERVER_LISTENADDR= - GOTIFY_SERVER_SSL_ENABLED=false - GOTIFY_SERVER_SSL_REDIRECTTOHTTPS=true - GOTIFY_SERVER_SSL_LISTENADDR= - GOTIFY_SERVER_SSL_PORT=443 - GOTIFY_SERVER_SSL_CERTFILE= - GOTIFY_SERVER_SSL_CERTKEY= - GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED=false - GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS=false - GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE=certs - GOTIFY_SERVER_STREAM_PINGPERIODSECONDS=45 - GOTIFY_DATABASE_DIALECT=sqlite3 - GOTIFY_DATABASE_CONNECTION=data/gotify.db - GOTIFY_DEFAULTUSER_NAME=admin - GOTIFY_DEFAULTUSER_PASS=${GOTIFY_PASSWORD} - GOTIFY_PASSSTRENGTH=10 - GOTIFY_UPLOADEDIMAGESDIR=data/images - GOTIFY_PLUGINSDIR=data/plugins - GOTIFY_REGISTRATION=false image: gotify/server labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Gotify - homepage.href=https://gotify.${MY_TLD} - homepage.icon=gotify.png - homepage.description=Notification System - homepage.widget.type=gotify - homepage.widget.url=http://gotify - homepage.widget.key=${GOTIFY_HOMEPAGE_CLIENT_KEY} - swag=enable - swag_proto=http - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "8097" target: 80 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/gotify target: /app/data type: bind bind: create_host_path: true grafana: container_name: grafana depends_on: grafana-alloy: condition: service_started required: true environment: GF_INSTALL_PLUGINS: grafana-piechart-panel TZ: America/New_York hostname: Rinoa image: grafana/grafana-enterprise:latest labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Grafana (LGTM) - homepage.href=https://mon.${MY_TLD} - homepage.description=Monitoring Dashboard for metrics, logs, traces, & profiles - homepage.icon=grafana.png - homepage.widget.type=grafana - homepage.widget.url=http://grafana:3000 - homepage.widget.username=admin - homepage.widget.password=${GRAFANA_ADMIN_PASSWORD} - swag=enable - swag_proto=http - swag_url=mon.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://mon.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "3006" target: 3000 restart: unless-stopped user: 1000:1000 volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - source: ${DOCKER_VOLUME_CONFIG}/grafana/data target: /var/lib/grafana type: bind bind: create_host_path: true - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind grafana-alloy: cap_add: - SYS_ADMIN - SYS_TIME - BPF - SYSLOG command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy container_name: grafana-alloy environment: - DOCKER_HOST=tcp://dockerproxy:2375 image: grafana/alloy:latest labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Grafana Alloy - homepage.description=Agent for metric/log/trace/profile collection and writing - homepage.href=http://192.168.1.254:12345 - homepage.icon=/icons/grafana-alloy.svg networks: default: null ports: - mode: ingress protocol: tcp published: "12345" target: 12345 privileged: true restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy target: /etc/alloy/config.alloy type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json target: /etc/alloy/endpoints.json type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /proc target: /host/proc type: bind - bind: create_host_path: true read_only: true source: /sys target: /host/sys type: bind - bind: create_host_path: true read_only: true source: / target: /rootfs type: bind grafana-loki: command: -config.file=/etc/loki/loki-config.yaml container_name: grafana-loki depends_on: grafana-alloy: condition: service_started required: true image: grafana/loki:latest networks: default: null ports: - mode: ingress protocol: tcp published: "3100" target: 3100 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml target: /etc/loki/loki-config.yaml type: bind bind: create_host_path: true grafana-mimir: command: - -ingester.native-histograms-ingestion-enabled=true - -config.file=/etc/mimir.yaml container_name: grafana-mimir depends_on: grafana-alloy: condition: service_started required: true image: grafana/mimir:latest labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Grafana Mimir - homepage.href=http://192.168.1.254:9009 - homepage.description=Long-term metrics storage - homepage.icon=/icons/grafana-mimir.png networks: default: null ports: - mode: ingress protocol: tcp published: "9009" target: 9009 restart: unless-stopped volumes: - source: grafana-mimir-data target: /data type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml target: /etc/mimir.yaml type: bind bind: create_host_path: true grafana-mimir-memcached: container_name: grafana-mimir-memcached depends_on: grafana-alloy: condition: service_started required: true environment: - MEMCACHED_MEMORY_LIMIT=1g - MEMCACHED_THREADS=4 - MEMCACHED_MAX_CONNECTIONS=2048 - MEMCACHED_TCP_PORT=11211 - MEMCACHED_UDP_PORT=11211 image: memcached networks: default: null ports: - mode: ingress protocol: tcp published: "11211" target: 11211 restart: unless-stopped grafana-pyroscope: command: - -config.file=/etc/pyroscope.yml container_name: grafana-pyroscope depends_on: grafana-alloy: condition: service_started required: true image: grafana/pyroscope:latest labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Grafana Pyroscope - homepage.description=Profiling for applications - homepage.href=http://192.168.1.254:4040 - homepage.icon=/icons/grafana-pyroscope.svg networks: default: null ports: - mode: ingress protocol: tcp published: "4040" target: 4040 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml target: /etc/pyroscope.yml type: bind bind: create_host_path: true grafana-tempo: command: - -config.file=/etc/tempo.yaml container_name: grafana-tempo depends_on: grafana-alloy: condition: service_started required: true image: grafana/tempo:latest networks: default: null ports: - mode: ingress protocol: tcp published: "14268" target: 14268 - mode: ingress protocol: tcp published: "3200" target: 3200 - mode: ingress protocol: tcp published: "9095" target: 9095 - mode: ingress protocol: tcp published: "4317" target: 4317 - mode: ingress protocol: tcp published: "4318" target: 4318 - mode: ingress protocol: tcp published: "9411" target: 9411 restart: unless-stopped volumes: - source: grafana-tempo-data target: /var/tempo type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml target: /etc/tempo.yaml type: bind bind: create_host_path: true homepage: container_name: homepage image: ghcr.io/gethomepage/homepage:latest networks: default: null ports: - mode: ingress protocol: tcp published: "3004" target: 3000 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/homepage target: /app/config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/homepage/images target: /app/public/images type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/homepage/icons target: /app/public/icons type: bind bind: create_host_path: true - read_only: true source: ${DOCKER_VOLUME_STORAGE} target: /rinoa-storage type: bind bind: create_host_path: true hortusfox: container_name: hortusfox depends_on: mariadb: condition: service_started required: true environment: APP_ADMIN_EMAIL: charish.patel@trez.wtf APP_ADMIN_PASSWORD: ${HORTUSFOX_ADMIN_PASSWORD} DB_CHARSET: utf8mb4 DB_DATABASE: hortusfox DB_HOST: mariadb DB_PASSWORD: ${HORTUSFOX_DB_PASSWORD} DB_PORT: 3306 DB_USERNAME: hortusfox image: ghcr.io/danielbrendel/hortusfox-web:latest labels: - swag=enable - swag_proto=http - swag_url=plants.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://plants.${MY_TLD} - homepage.group=Lifestyle - homepage.name=HortusFox - homepage.href=https://plants.${MY_TLD} - homepage.icon=hortusfox.png - homepage.description=Plant management system networks: default: null ports: - mode: ingress protocol: tcp published: "8006" target: 80 restart: unless-stopped volumes: - source: hortusfox_app_images target: /var/www/html/public/img type: volume volume: {} - source: hortusfox_app_logs target: /var/www/html/app/logs type: volume volume: {} - source: hortusfox_app_backup target: /var/www/html/public/backup type: volume volume: {} - source: hortusfox_app_themes target: /var/www/html/public/themes type: volume volume: {} - source: hortusfox_app_migrate target: /var/www/html/app/migrations type: volume volume: {} huginn: container_name: huginn environment: HUGINN_DATABASE_HOST: mariadb HUGINN_DATABASE_NAME: huginn HUGINN_DATABASE_PASSWORD: MLbKPT3j9TYcguYevFRcfEcrXtL4kcxujtrNdrq9eCig4WhUbxkyLoAiCPpm4zob HUGINN_DATABASE_PORT: "3306" HUGINN_DATABASE_USERNAME: huginn PGID: "1000" PUID: "1000" TZ: America/New_York hostname: Rinoa image: ghcr.io/huginn/huginn labels: - homepage.group=Automation - homepage.name=Huginn - homepage.href=https://huginn.${MY_TLD} - homepage.icon=huginn - homepage.description=Agent/Web Automation - swag=enable - swag_port=3000 - swag_proto=http - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "3005" target: 3000 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind hugo: command: hugo server --baseURL "it-services.trez.wtf" --bind 0.0.0.0 --appendPort=false --source=/src/it-services --configDir=/src/it-services/config/ -e production --logLevel debug container_name: hugo image: hugomods/hugo:exts labels: - swag=enable - swag_proto=http - swag_port=1313 - swag_url=it-services.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://it-services.${MY_TLD} - homepage.group=Professional Services - homepage.name=Hugo - homepage.href=https://it-services.${MY_TLD} - homepage.icon=hugo.svg - homepage.description=Static site networks: default: null ports: - mode: ingress protocol: tcp published: "1313" target: 1313 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/hugo/ target: /src type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/hugo/cache target: /tmp/hugo_cache type: bind bind: create_host_path: true invidious: container_name: invidious depends_on: invidious-db: condition: service_started required: true environment: INVIDIOUS_CONFIG: | db: dbname: invidious user: kemal password: kemal host: invidious-db port: 5432 check_tables: true # external_port: # domain: # https_only: false # statistics_enabled: false hmac_key: "8Qyuvl9TWYdkvVo8BJ14qM4HBshKieR3KvDc3vsECx1L4OR51i-EtW2K74MmAVHeNPmJetM67T0M-9FIm7b-MA" healthcheck: interval: 30s retries: 2 test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 timeout: 5s image: quay.io/invidious/invidious:latest labels: - swag=enable - swag_proto=http - swag_port=3000 - swag_url=invid.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://invid.${MY_TLD} - homepage.group=Social - homepage.name=Invidious - homepage.href=https://invid.${MY_TLD} - homepage.icon=invidious.svg - homepage.description=Alternative YouTube frontend (privacy-focused, ad-blocking) networks: default: null ports: - mode: ingress protocol: tcp published: "3007" target: 3000 restart: unless-stopped invidious-db: container_name: invidious-db environment: POSTGRES_DB: invidious POSTGRES_PASSWORD: kemal POSTGRES_USER: kemal healthcheck: test: - CMD-SHELL - pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB image: docker.io/library/postgres:14 networks: default: null restart: unless-stopped volumes: - source: invidious-postgres target: /var/lib/postgresql/data type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/invidious/sql target: /config/sql type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/invidious/entrypoint/init-invidious-db.sh target: /docker-entrypoint-initdb.d/init-invidious-db.sh type: bind bind: create_host_path: true invoice_ninja: container_name: invoice_ninja environment: APP_DEBUG: true APP_KEY: ${IN_APP_KEY} APP_URL: http://invoice_ninja:8003 DB_DATABASE: invoice_ninja DB_HOST: mariadb DB_PASSWORD: ${IN_MYSQL_PASSWORD} DB_PORT: 3306 DB_USERNAME: ininja IN_PASSWORD: ${IN_PASSWORD} IN_USER_EMAIL: charish.patel@trez.wtf MAIL_ENCRYPTION: null MAIL_FROM_ADDRESS: noreply@trez.wtf MAIL_FROM_NAME: null MAIL_HOST: postal-smtp MAIL_MAILER: log MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} MAIL_PORT: 25 MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} MYSQL_DATABASE: invoice_ninja MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} MYSQL_USER: ininja PDF_GENERATOR: snappdf PHANTOMJS_PDF_GENERATION: false QUEUE_CONNECTION: database REQUIRE_HTTPS: false TRUSTED_PROXIES: 172.18.0.0/16 expose: - 9000 image: invoiceninja/invoiceninja:5 networks: default: null ports: - mode: ingress protocol: tcp published: "8003" target: 8003 restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public target: /var/www/app/public type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/storage target: /var/www/app/storage type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php.ini target: /usr/local/etc/php/php.ini type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php-cli.ini target: /usr/local/etc/php/php-cli.ini type: bind bind: create_host_path: true invoice_ninja_proxy: container_name: invoice_ninja_proxy depends_on: invoice_ninja: condition: service_started required: true environment: APP_DEBUG: true APP_KEY: ${IN_APP_KEY} APP_URL: http://invoice_ninja:9000 DB_DATABASE: invoice_ninja DB_HOST: mariadb DB_PASSWORD: ${IN_MYSQL_PASSWORD} DB_PORT: 3306 DB_USERNAME: ininja IN_PASSWORD: ${IN_PASSWORD} IN_USER_EMAIL: charish.patel@trez.wtf MAIL_ENCRYPTION: null MAIL_FROM_ADDRESS: noreply@trez.wtf MAIL_FROM_NAME: null MAIL_HOST: postal-smtp MAIL_MAILER: log MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} MAIL_PORT: 25 MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} MYSQL_DATABASE: invoice_ninja MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} MYSQL_USER: ininja PDF_GENERATOR: snappdf PHANTOMJS_PDF_GENERATION: false QUEUE_CONNECTION: database REQUIRE_HTTPS: false TRUSTED_PROXIES: 172.18.0.0/16 image: nginx labels: - swag=enable - swag_proto=http - swag_url=biz.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://biz.${MY_TLD} - homepage.group=Professional Services - homepage.name=Invoice Ninja - homepage.href=https://biz.${MY_TLD} - homepage.icon=invoiceninja.svg - homepage.description=Simple invoicing, multiple payment options, expense and vendor management, and more! networks: default: null ports: - mode: ingress protocol: tcp published: "8005" target: 80 restart: always volumes: - read_only: true source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/proxy/invoice_ninja.conf target: /etc/nginx/conf.d/in-vhost.conf type: bind bind: create_host_path: true - read_only: true source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public target: /var/www/app/public type: bind bind: create_host_path: true it-tools: container_name: it-tools image: ghcr.io/corentinth/it-tools:latest labels: - swag=enable - swag_proto=http - swag_url=itt.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://itt.${MY_TLD} - homepage.group=Code/DevOps - homepage.name=IT-Tools - homepage.href=https://itt.${MY_TLD} - homepage.icon=it-tools.svg - homepage.description=Useful tools for developers and people working in IT networks: default: null ports: - mode: ingress protocol: tcp published: "8104" target: 80 restart: unless-stopped jitsi-etherpad: container_name: jitsi-etherpad environment: - TITLE=${JITSI__ETHERPAD_TITLE} - DEFAULT_PAD_TEXT=${JITSI__ETHERPAD_DEFAULT_PAD_TEXT} - SKIN_NAME=${JITSI__ETHERPAD_SKIN_NAME} - SKIN_VARIANTS=${JITSI__ETHERPAD_SKIN_VARIANTS} - SUPPRESS_ERRORS_IN_PAD_TEXT=true image: etherpad/etherpad:1.8.6 networks: default: null restart: unless-stopped jitsi-jibri: cap_add: - SYS_ADMIN container_name: jitsi-jibri depends_on: jitsi-jicofo: condition: service_started required: true environment: - AUTOSCALER_SIDECAR_KEY_FILE - AUTOSCALER_SIDECAR_KEY_ID - AUTOSCALER_SIDECAR_GROUP_NAME - AUTOSCALER_SIDECAR_HOST_ID - AUTOSCALER_SIDECAR_INSTANCE_ID - AUTOSCALER_SIDECAR_PORT - AUTOSCALER_SIDECAR_REGION - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL - AUTOSCALER_URL - CHROMIUM_FLAGS - DISPLAY=:0 - ENABLE_STATS_D - JIBRI_WEBHOOK_SUBSCRIBERS - JIBRI_HTTP_API_EXTERNAL_PORT - JIBRI_HTTP_API_INTERNAL_PORT - JIBRI_RECORDING_RESOLUTION - JIBRI_RECORDING_VIDEO_ENCODE_PRESET - JIBRI_RECORDING_CONSTANT_RATE_FACTOR - JIBRI_RECORDING_FRAMERATE - JIBRI_RECORDING_QUEUE_SIZE - JIBRI_RECORDING_STREAMING_MAX_BITRATE - JIBRI_USAGE_TIMEOUT - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD=${JITSI__JIBRI_XMPP_PASSWORD} - JIBRI_BREWERY_MUC - JIBRI_RECORDER_USER=jibri-recorder - JIBRI_RECORDER_PASSWORD=${JITSI__JIBRI_RECORDER_PASSWORD} - JIBRI_RECORDING_DIR - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH - JIBRI_STRIP_DOMAIN_JID - JIBRI_STATSD_HOST - JIBRI_STATSD_PORT - LOCAL_ADDRESS - PUBLIC_URL=${JITSI__PUBLIC_URL} - TZ=${JITSI__TZ} - XMPP_AUTH_DOMAIN - XMPP_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_SERVER= - XMPP_PORT - XMPP_TRUST_ALL_CERTS image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable} networks: default: null restart: unless-stopped shm_size: 2gb volumes: - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri target: /config type: bind bind: create_host_path: true jitsi-jicofo: container_name: focus.meet.jitsi depends_on: jitsi-prosody: condition: service_started required: true environment: - AUTH_TYPE - BRIDGE_AVG_PARTICIPANT_STRESS - BRIDGE_STRESS_THRESHOLD - ENABLE_AUTH - ENABLE_AUTO_OWNER - ENABLE_CODEC_VP8 - ENABLE_CODEC_VP9 - ENABLE_CODEC_H264 - ENABLE_CODEC_OPUS_RED - ENABLE_JVB_XMPP_SERVER - ENABLE_OCTO - ENABLE_RECORDING=1 - ENABLE_SCTP - ENABLE_AUTO_LOGIN - JICOFO_AUTH_LIFETIME - JICOFO_AUTH_PASSWORD=${JITSI__JICOFO_AUTH_PASSWORD} - JICOFO_AUTH_TYPE - JICOFO_BRIDGE_REGION_GROUPS - JICOFO_ENABLE_AUTH - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT - JICOFO_CONF_SOURCE_SIGNALING_DELAYS - JICOFO_CONF_MAX_AUDIO_SENDERS - JICOFO_CONF_MAX_VIDEO_SENDERS - JICOFO_CONF_STRIP_SIMULCAST - JICOFO_CONF_SSRC_REWRITING - JICOFO_ENABLE_HEALTH_CHECKS - JICOFO_ENABLE_REST - JICOFO_HEALTH_CHECKS_USE_PRESENCE - JICOFO_MULTI_STREAM_BACKWARD_COMPAT - JICOFO_OCTO_REGION - JIBRI_BREWERY_MUC - JIBRI_REQUEST_RETRIES - JIBRI_PENDING_TIMEOUT - JIGASI_BREWERY_MUC - JIGASI_SIP_URI - JVB_BREWERY_MUC - JVB_XMPP_AUTH_DOMAIN - JVB_XMPP_INTERNAL_MUC_DOMAIN - JVB_XMPP_PORT - JVB_XMPP_SERVER - MAX_BRIDGE_PARTICIPANTS - OCTO_BRIDGE_SELECTION_STRATEGY - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ=${JITSI__JIGAGI_SIP_SERVER} - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_SERVER= - XMPP_PORT image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable} networks: default: null ports: - 127.0.0.1:${JICOFO_REST_PORT:-8889}:8888 restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo target: /config type: bind jitsi-jigasi: container_name: jitsi-jigasi depends_on: jitsi-prosody: condition: service_started required: true environment: - ENABLE_AUTH=1 - ENABLE_GUESTS=1 - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER - XMPP_PORT - XMPP_DOMAIN - PUBLIC_URL=${JITSI__PUBLIC_URL} - JIGASI_DISABLE_SIP - JIGASI_SIP_URI=${JITSI__SIP_URI} - JIGASI_SIP_PASSWORD=${JITSI__JIGAGI_SIP_PASSWORD} - JIGASI_SIP_SERVER=${JITSI__JIGAGI_SIP_SERVER} - JIGASI_SIP_PORT=${JITSI__JIGAGI_SIP_PORT} - JIGASI_SIP_TRANSPORT=${JITSI__JIGAGI_SIP_TRANSPORT} - JIGASI_SIP_DEFAULT_ROOM - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD=${JITSI__JIGASI_XMPP_PASSWORD} - JIGASI_BREWERY_MUC - JIGASI_PORT_MIN - JIGASI_PORT_MAX - JIGASI_HEALTH_CHECK_SIP_URI - JIGASI_HEALTH_CHECK_INTERVAL - JIGASI_SIP_KEEP_ALIVE_METHOD - JIGASI_ENABLE_SDES_SRTP - ENABLE_TRANSCRIPTIONS - JIGASI_TRANSCRIBER_ADVERTISE_URL - JIGASI_TRANSCRIBER_RECORD_AUDIO - JIGASI_TRANSCRIBER_SEND_TXT - GC_PROJECT_ID - GC_PRIVATE_KEY_ID - GC_PRIVATE_KEY - GC_CLIENT_EMAIL - GC_CLIENT_ID - GC_CLIENT_CERT_URL - SHUTDOWN_REST_ENABLED - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ=${JITSI__TZ} image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable} networks: default: null ports: - ${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi target: /config type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts target: /tmp/transcripts type: bind jitsi-jvb: container_name: video.meet.jitsi depends_on: jitsi-prosody: condition: service_started required: true environment: - DOCKER_HOST_ADDRESS - ENABLE_COLIBRI_WEBSOCKET - ENABLE_JVB_XMPP_SERVER - ENABLE_OCTO - JVB_ADVERTISE_IPS - JVB_ADVERTISE_PRIVATE_CANDIDATES - JVB_AUTH_USER - JVB_AUTH_PASSWORD=${JITSI__JVB_AUTH_PASSWORD} - JVB_BREWERY_MUC - JVB_DISABLE_STUN - JVB_PORT - JVB_MUC_NICKNAME - JVB_STUN_SERVERS - JVB_OCTO_BIND_ADDRESS - JVB_OCTO_REGION - JVB_OCTO_RELAY_ID - JVB_WS_DOMAIN - JVB_WS_SERVER_ID - JVB_XMPP_AUTH_DOMAIN - JVB_XMPP_INTERNAL_MUC_DOMAIN - JVB_XMPP_PORT - JVB_XMPP_SERVER - PUBLIC_URL=${JITSI__PUBLIC_URL} - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - COLIBRI_REST_ENABLED - SHUTDOWN_REST_ENABLED - TZ=${JITSI__JIGAGI_SIP_SERVER} - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER= - XMPP_PORT image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable} networks: default: null ports: - ${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp - 127.0.0.1:${JVB_COLIBRI_PORT:-8091}:8080 restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb target: /config type: bind jitsi-prosody: container_name: xmpp.meet.jitsi environment: - AUTH_TYPE - DISABLE_POLLS - ENABLE_AUTH - ENABLE_AV_MODERATION - ENABLE_BREAKOUT_ROOMS - ENABLE_END_CONFERENCE - ENABLE_GUESTS=1 - ENABLE_IPV6 - ENABLE_LOBBY - ENABLE_RECORDING=1 - ENABLE_XMPP_WEBSOCKET - ENABLE_JAAS_COMPONENTS - GC_TYPE - GC_INC_TH - GC_INC_SPEED - GC_INC_STEP_SIZE - GC_GEN_MIN_TH - GC_GEN_MAX_TH - GLOBAL_CONFIG - GLOBAL_MODULES - JIBRI_RECORDER_USER - JIBRI_RECORDER_PASSWORD=${JITSI__JIBRI_RECORDER_PASSWORD} - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD=${JITSI__JIBRI_XMPP_PASSWORD} - JICOFO_AUTH_PASSWORD=${JITSI__JICOFO_AUTH_PASSWORD} - JICOFO_COMPONENT_SECRET - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD=${JITSI__JIGASI_XMPP_PASSWORD} - JVB_AUTH_USER - JVB_AUTH_PASSWORD=${JITSI__JVB_AUTH_PASSWORD} - JWT_APP_ID - JWT_APP_SECRET - JWT_ACCEPTED_ISSUERS - JWT_ACCEPTED_AUDIENCES - JWT_ASAP_KEYSERVER - JWT_ALLOW_EMPTY - JWT_AUTH_TYPE - JWT_ENABLE_DOMAIN_VERIFICATION - JWT_TOKEN_AUTH_MODULE - MATRIX_UVS_URL - MATRIX_UVS_ISSUER - MATRIX_UVS_AUTH_TOKEN - MATRIX_UVS_SYNC_POWER_LEVELS - LOG_LEVEL - LDAP_AUTH_METHOD - LDAP_BASE - LDAP_BINDDN - LDAP_BINDPW - LDAP_FILTER - LDAP_VERSION - LDAP_TLS_CIPHERS - LDAP_TLS_CHECK_PEER - LDAP_TLS_CACERT_FILE - LDAP_TLS_CACERT_DIR - LDAP_START_TLS - LDAP_URL - LDAP_USE_TLS - MAX_PARTICIPANTS - PROSODY_AUTH_TYPE - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS - PROSODY_RATE_LIMIT_LOGIN_RATE - PROSODY_RATE_LIMIT_SESSION_RATE - PROSODY_RATE_LIMIT_TIMEOUT - PROSODY_RATE_LIMIT_ALLOW_RANGES - PROSODY_RATE_LIMIT_CACHE_SIZE - PUBLIC_URL=${JITSI__PUBLIC_URL} - TURN_CREDENTIALS - TURN_HOST - TURNS_HOST - TURN_PORT - TURNS_PORT - TURN_TRANSPORT - TZ=${JITSI__JIGAGI_SIP_SERVER} - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MODULES - XMPP_MUC_MODULES - XMPP_MUC_CONFIGURATION - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN - XMPP_PORT expose: - ${XMPP_PORT:-5222} - "5347" - "5280" image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable} networks: default: null restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config target: /config type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom target: /prosody-plugins-custom type: bind jitsi-web: container_name: meet.jitsi environment: - AMPLITUDE_ID - ANALYTICS_SCRIPT_URLS - ANALYTICS_WHITELISTED_EVENTS - AUDIO_QUALITY_OPUS_BITRATE - AUTO_CAPTION_ON_RECORD - BRANDING_DATA_URL - CALLSTATS_CUSTOM_SCRIPT_URL - CALLSTATS_ID - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON - COLIBRI_WEBSOCKET_PORT - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT - DEFAULT_LANGUAGE - DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT_TYPE - DEPLOYMENTINFO_REGION - DEPLOYMENTINFO_SHARD - DEPLOYMENTINFO_USERREGION - DESKTOP_SHARING_FRAMERATE_MIN - DESKTOP_SHARING_FRAMERATE_MAX - DIALIN_NUMBERS_URL - DIALOUT_AUTH_URL - DIALOUT_CODES_URL - DISABLE_AUDIO_LEVELS - DISABLE_DEEP_LINKING - DISABLE_GRANT_MODERATOR - DISABLE_HTTPS - DISABLE_KICKOUT - DISABLE_LOCAL_RECORDING - DISABLE_POLLS - DISABLE_PRIVATE_CHAT - DISABLE_PROFILE - DISABLE_REACTIONS - DISABLE_REMOTE_VIDEO_MENU - DISABLE_START_FOR_ALL - DROPBOX_APPKEY - DROPBOX_REDIRECT_URI - DYNAMIC_BRANDING_URL - ENABLE_AUDIO_PROCESSING - ENABLE_AUTH - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR - ENABLE_COLIBRI_WEBSOCKET - ENABLE_E2EPING - ENABLE_FILE_RECORDING_SHARING - ENABLE_GUESTS=1 - ENABLE_HSTS - ENABLE_HTTP_REDIRECT - ENABLE_IPV6 - ENABLE_LETSENCRYPT - ENABLE_LIPSYNC - ENABLE_NO_AUDIO_DETECTION - ENABLE_NOISY_MIC_DETECTION - ENABLE_OCTO - ENABLE_OPUS_RED - ENABLE_PREJOIN_PAGE - ENABLE_P2P - ENABLE_WELCOME_PAGE - ENABLE_CLOSE_PAGE - ENABLE_LIVESTREAMING - ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK - ENABLE_LIVESTREAMING_HELP_LINK - ENABLE_LIVESTREAMING_TERMS_LINK - ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING - ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT - ENABLE_LOCAL_RECORDING_SELF_START - ENABLE_RECORDING=1 - ENABLE_REMB - ENABLE_REQUIRE_DISPLAY_NAME - ENABLE_SERVICE_RECORDING - ENABLE_SIMULCAST - ENABLE_STATS_ID - ENABLE_STEREO - ENABLE_SUBDOMAINS - ENABLE_TALK_WHILE_MUTED - ENABLE_TCC - ENABLE_TRANSCRIPTIONS - ENABLE_XMPP_WEBSOCKET - ENABLE_JAAS_COMPONENTS - ETHERPAD_PUBLIC_URL - ETHERPAD_URL_BASE=${JITSI__ETHERPAD_URL_BASE} - E2EPING_NUM_REQUESTS - E2EPING_MAX_CONFERENCE_SIZE - E2EPING_MAX_MESSAGE_PER_SECOND - GOOGLE_ANALYTICS_ID - GOOGLE_API_APP_CLIENT_ID - HIDE_PREMEETING_BUTTONS - HIDE_PREJOIN_DISPLAY_NAME - HIDE_PREJOIN_EXTRA_BUTTONS - INVITE_SERVICE_URL - LETSENCRYPT_DOMAIN - LETSENCRYPT_EMAIL - LETSENCRYPT_USE_STAGING - MATOMO_ENDPOINT - MATOMO_SITE_ID - MICROSOFT_API_APP_CLIENT_ID - NGINX_RESOLVER - NGINX_WORKER_PROCESSES - NGINX_WORKER_CONNECTIONS - PEOPLE_SEARCH_URL - PREFERRED_LANGUAGE - PUBLIC_URL=${JITSI__PUBLIC_URL} - P2P_PREFERRED_CODEC - RESOLUTION - RESOLUTION_MIN - RESOLUTION_WIDTH - RESOLUTION_WIDTH_MIN - START_AUDIO_MUTED - START_AUDIO_ONLY - START_BITRATE - START_SILENT - START_WITH_AUDIO_MUTED - START_VIDEO_MUTED - START_WITH_VIDEO_MUTED - TESTING_CAP_SCREENSHARE_BITRATE - TESTING_OCTO_PROBABILITY - TOKEN_AUTH_URL - TOOLBAR_BUTTONS - TRANSLATION_LANGUAGES - TRANSLATION_LANGUAGES_HEAD - TZ=${JITSI__JIGAGI_SIP_SERVER} - USE_APP_LANGUAGE - VIDEOQUALITY_BITRATE_H264_LOW - VIDEOQUALITY_BITRATE_H264_STANDARD - VIDEOQUALITY_BITRATE_H264_HIGH - VIDEOQUALITY_BITRATE_VP8_LOW - VIDEOQUALITY_BITRATE_VP8_STANDARD - VIDEOQUALITY_BITRATE_VP8_HIGH - VIDEOQUALITY_BITRATE_VP9_LOW - VIDEOQUALITY_BITRATE_VP9_STANDARD - VIDEOQUALITY_BITRATE_VP9_HIGH - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC - VIDEOQUALITY_PREFERRED_CODEC - XMPP_AUTH_DOMAIN - XMPP_BOSH_URL_BASE - XMPP_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_PORT - WHITEBOARD_ENABLED - WHITEBOARD_COLLAB_SERVER_PUBLIC_URL image: jitsi/web:${JITSI_IMAGE_VERSION:-stable} labels: - swag=enable - swag_proto=https - swag_url=meet.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://meet.${MY_TLD} - homepage.group=Social - homepage.name=Jitsi - homepage.href=https://meet.${MY_TLD} - homepage.icon=jitsi.png - homepage.description=Web Conferencing networks: default: null ports: - ${JITSI__HTTP_PORT}:80 - ${JITSI__HTTPS_PORT}:443 restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/web target: /config type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs target: /var/spool/cron/crontabs type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts target: /usr/share/jitsi-meet/transcripts type: bind joplin-db: container_name: joplin-db environment: - POSTGRES_PASSWORD=${JOPLIN_POSTGRES_PASSWORD} - POSTGRES_USER=${JOPLIN_POSTGRES_USER} - POSTGRES_DB=${JOPLIN_POSTGRES_DATABASE} expose: - 5432 image: postgres:17-alpine networks: default: null restart: unless-stopped volumes: - source: joplin_data target: /var/lib/postgresql/data type: volume volume: {} joplin: container_name: joplin environment: - ACCOUNT_TYPES_ENABLED=true - APP_PORT=${JOPLIN_APP_PORT} - APP_BASE_URL=${JOPLIN_APP_BASE_URL} - DB_CLIENT=pg - INSTANCE_NAME='Joplin @ Rinoa' - IS_ADMIN_INSTANCE=true - MAILER_ENABLED=1 - MAILER_HOST=postal-SMTP - MAILER_PORT=25 - MAILER_SECURITY=none - MAILER_AUTH_USER=${POSTAL_SMTP_AUTH_USER} - MAILER_AUTH_PASSWORD=${POSTAL_SMTP_AUTH_PASSWORD} - MAILER_NOREPLY_NAME=Joplin @ Rinoa - MAILER_NOREPLY_EMAIL=noreply@trez.wtf - POSTGRES_PASSWORD=${JOPLIN_POSTGRES_PASSWORD} - POSTGRES_DATABASE=${JOPLIN_POSTGRES_DATABASE} - POSTGRES_USER=${JOPLIN_POSTGRES_USER} - POSTGRES_PORT=5432 - POSTGRES_HOST=joplin-db image: joplin/server:latest labels: homepage.group: Personal Services homepage.name: Joplin homepage.href: https://notes.${MY_TLD} homepage.icon: joplin.svg homepage.description: Open-source note taking & to-do swag: enable swag_url: notes.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://notes.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "22300" target: 22300 restart: unless-stopped komodo-core: container_name: komodo-core depends_on: - komodo-ferretdb - komodo-periphery image: ghcr.io/mbecker20/komodo:latest labels: homepage.group: System Administration homepage.name: Komodo homepage.href: https://komodo.${MY_TLD} homepage.icon: /icons/komodo.png homepage.description: Open-source note taking & to-do swag: enable swag_url: komodo.${MY_TLD} swag_port: 9120 swag_proto: http ports: - 9120:9120 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/komodo/core.config.toml:/config/config.toml komodo-ferretdb: container_name: komodo-ferretdb depends_on: - komodo-pg-db image: ghcr.io/ferretdb/ferretdb labels: komodo.skip: # Prevent Komodo from stopping with StopAllContainers restart: unless-stopped expose: - 27017 environment: - FERRETDB_POSTGRESQL_URL=postgres://komodo-pg-db:5432/komodo komodo-periphery: container_name: komodo-periphery environment: DOCKER_HOST: tcp://dockerproxy:2375 PERIPHERY_PASSKEYS: ${KOMODO_PASSKEY} PERIPHERY_SSL_ENABLED: false PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname # PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos expose: - 8120 image: ghcr.io/mbecker20/periphery:latest labels: komodo.skip: restart: always volumes: - /proc:/proc komodo-pg-db: container_name: komodo-pg-db environment: POSTGRES_USER: komodo POSTGRES_PASSWORD: ${KOMODO_PG_DB_PASSWORD} POSTGRES_DB: komodo expose: - 5432 image: postgres:17-alpine restart: unless-stopped volumes: - komodo-pg-data:/var/lib/postgresql/data librespeed: container_name: librespeed environment: - DB_HOSTNAME= - DB_NAME= - DB_PASSWORD= - DB_TYPE=sqlite - DB_USERNAME= - PASSWORD= - PGID=1000 - PUID=1000 - TZ=America/New_York - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:librespeed hostname: Rinoa image: lscr.io/linuxserver/librespeed:latest labels: - homepage.group=System Administration - homepage.name=LibreSpeed - homepage.href=https://speed.${MY_TLD} - homepage.icon=librespeed.png - homepage.description=Speed test - swag=enable - swag_proto=http - swag_url=speed.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://speed.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8014" target: 80 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/librespeed target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind lidarr: container_name: lidarr environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - DOCKER_MODS=ghcr.io/gilbn/theme.park:lidarr hostname: Rinoa image: lscr.io/linuxserver/lidarr:latest labels: - homepage.group=Servarr Stack - homepage.name=Lidarr - homepage.href=https://lidarr.${MY_TLD} - homepage.icon=lidarr.png - homepage.description=Music Automation - homepage.widget.type=lidarr - homepage.widget.url=http://lidarr:8686 - homepage.widget.key=${LIDARR_API_KEY} - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "8686" target: 8686 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/lidarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind lidify: container_name: lidify environment: app_name: lidify app_rev: 0.09 app_url: lidify.${MY_TLD} dry_run_adding_to_lidarr: true fallback_to_top_result: false last_fm_api_key: ${LASTFM_API_KEY} last_fm_api_secret: ${LASTFM_API_SECRET} lidarr_address: http://lidarr:8686 lidarr_api_key: ${LIDARR_API_KEY} lidarr_api_timeout: 120 metadata_profile_id: 1 mode: LastFM quality_profile_id: 1 root_folder_path: /data/media/music search_for_missing_albums: false spotify_client_id: ${YOUR_SPOTIFY_ID} spotify_client_secret: ${YOUR_SPOTIFY_SECRET} expose: - 5000 image: thewicklowwolf/lidify:latest labels: - homepage.group=Servarr Stack - homepage.name=Lidify - homepage.href=https://lidify.${MY_TLD} - homepage.icon=/icons/lidify.png - homepage.description=Music Discovery a la Last.fm, Spotify, Pandora, etc. - swag=enable - swag_auth=authelia - swag_proto=http - swag_port=5000 - swag_url=lidify.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://lidify.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/lidify target: /lidify/config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music target: /data/media/music type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind lldap: container_name: lldap environment: - UID=${PUID} - GID=${PGID} - TZ=${TZ} - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET} - LLDAP_KEY_SEED=${LLDAP_KEY_SEED} - LLDAP_LDAP_BASE_DN=dc=trez,dc=wtf image: lldap/lldap:stable labels: - homepage.group=System Administration - homepage.name=LLDAP - homepage.href=https://ldap.${MY_TLD} - homepage.icon=/icons/lldap.png - homepage.description=LDAP made easy - swag=enable - swag_proto=http - swag_port=17170 - swag_url=ldap.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://ldap.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "17170" target: 17170 restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/lldap target: /data type: bind bind: create_host_path: true localai: container_name: localai environment: - DEBUG=true healthcheck: interval: 1m retries: 5 test: - CMD - curl - -f - http://localhost:8080/readyz timeout: 20m image: localai/localai:latest-aio-cpu labels: - homepage.group=Personal Services - homepage.name=LocalAI - homepage.href=https://ai.${MY_TLD} - homepage.icon=/icons/localai.png - homepage.description=Open source OpenAI alternative - swag=enable - swag_proto=http - swag_port=8080 - swag_url=ai.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8109" target: 8080 restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/localai/models target: /build/models type: bind bind: create_host_path: true maloja: container_name: maloja environment: MALOJA_CLEAN_OUTPUT: true MALOJA_DEV_MODE: false MALOJA_FORCE_PASSWORD: ${MALOJA_FORCE_PASSWORD} MALOJA_LASTFM_API_KEY: ${LASTFM_API_KEY} MALOJA_LASTFM_API_SECRET: ${LASTFM_API_SECRET} MALOJA_LASTFM_PASSWORD: ${LASTFM_PASSWORD} MALOJA_LASTFM_USERNAME: ${LASTFM_USERNAME} MALOJA_LOGGING: true MALOJA_PARSE_REMIX_ARTISTS: true MALOJA_SCROBBLE_LASTFM: true MALOJA_SKIP_SETUP: true MALOJA_SPOTIFY_API_ID: ${YOUR_SPOTIFY_ID} MALOJA_SPOTIFY_API_SECRET: ${YOUR_SPOTIFY_SECRET} MALOJA_TIMEZONE: ${TZ} image: krateng/maloja:latest labels: - homepage.group=Media Library - homepage.name=Maloja - homepage.href=https://scrobble.${MY_TLD} - homepage.icon=maloja.png - homepage.description=Simple self-hosted music scrobble database to create personal listening statistics - swag=enable - swag_proto=http - swag_port=42010 - swag_url=scrobble.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "42010" target: 42010 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/maloja/config target: /etc/maloja type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/maloja/data target: /var/lib/maloja type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/maloja/logs target: /var/log/maloja type: bind bind: create_host_path: true mariadb: container_name: mariadb environment: - MYSQL_ROOT_PASSWORD=${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} - PGID=1000 - PUID=1000 - TZ=America/New_York - MYSQL_PASSWORD=VQU23wHKRNmfpAPt5E9BxMaSGJdWjLuz hostname: Rinoa image: ghcr.io/linuxserver/mariadb networks: default: null ports: - mode: ingress protocol: tcp published: "3306" target: 3306 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/mariadb target: /config type: bind - source: ${DOCKER_VOLUME_STORAGE} target: /storage type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mariadb target: /var/lib/mysql type: bind bind: create_host_path: true mattermost: container_name: mattermost depends_on: mattermost-db: condition: service_started required: true environment: MM_EMAILSETTINGS_ENABLESMTPAUTH: true MM_EMAILSETTINGS_SMTPPASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} MM_EMAILSETTINGS_SMTPPORT: 25 MM_EMAILSETTINGS_SMTPSERVER: postal-smtp MM_EMAILSETTINGS_SMTPUSERNAME: ${POSTAL_SMTP_AUTH_USER} MM_FILESETTINGS_AMAZONS3ACCESSKEYID: ${MATTERMOST_AWS_S3_ACCESSKEY} MM_FILESETTINGS_AMAZONS3BUCKET: mattermost MM_FILESETTINGS_AMAZONS3ENDPOINT: minio:9000 MM_FILESETTINGS_AMAZONS3REGION: us-east-fh-pln MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: ${MATTERMOST_AWS_S3_SECRETKEY} MM_FILESETTINGS_AMAZONS3SSL: false MM_FILESETTINGS_ARCHIVERECURSION: true MM_FILESETTINGS_DRIVERNAME: amazons3 MM_FILESETTINGS_MAXFILESIZE: 104857600 MM_LOGSETTINGS_CONSOLELEVEL: info MM_LOGSETTINGS_ENABLECOLOR: true MM_METRICSSETTINGS_ENABLE: true MM_PLUGINSETTINGS_ENABLEUPLOADS: true MM_SERVICESETTINGS_FORWARD80TO443: false MM_SERVICESETTINGS_LISTENADDRESS: :8065 MM_SERVICESETTINGS_SITEURL: https://mm.${MY_TLD} MM_SQLSETTINGS_DATASOURCE: ${MATTERMOST_POSTGRES_CONNECTION_URI} MM_SQLSETTINGS_DRIVERNAME: postgres TZ: ${TZ} expose: - 8067 image: mattermost/mattermost-team-edition:latest labels: - homepage.group=Social - homepage.name=Mattermost - homepage.href=https://mm.${MY_TLD} - homepage.icon=mattermost.svg - homepage.description=Team collaboration and technical workflows (Slack alternative) - swag=enable - swag_proto=http - swag_port=8065 - swag_url=mm.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://mm.${MY_TLD} networks: default: null pids_limit: 200 ports: - mode: ingress protocol: tcp published: "8065" target: 8065 restart: unless-stopped security_opt: - no-new-privileges:true tmpfs: - /tmp volumes: - source: ${DOCKER_VOLUME_CONFIG}/mattermost/config target: /mattermost/config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mattermost/data target: /mattermost/data type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mattermost/logs target: /mattermost/logs type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mattermost/plugins target: /mattermost/plugins type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mattermost/client/plugins target: /mattermost/client/plugins type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mattermost/bleve-indexes target: /mattermost/bleve-indexes type: bind bind: create_host_path: true mattermost-db: container_name: mattermost-db environment: - TZ=${TZ} - POSTGRES_DB=mattermost - POSTGRES_USER=mattermost - POSTGRES_PASSWORD=${MATTERMOST_POSTGRES_PASSWORD} expose: - 5432 image: postgres:16-alpine networks: default: null restart: unless-stopped security_opt: - no-new-privileges=true tmpfs: - /tmp - /var/run/postgresql volumes: - source: mattermost-postgres target: /var/lib/postgresql/data type: volume volume: {} minio: command: server --console-address ":9090" /mnt/data container_name: minio environment: - MINIO_ROOT_USER=minioadmin - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} - MINIO_ACCESS_KEY=${MINIO_MIMIR_STORAGE_ACCESS_KEY} - MINIO_SECRET_KEY=${MINIO_MIMIR_STORAGE_SECRET_KEY} hostname: minio image: minio/minio labels: - swag=enable - swag_proto=http - swag_port=9090 - swag_url=s3.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://s3.${MY_TLD} - homepage.group=System Administration - homepage.name=MinIO - homepage.href=https://s3.${MY_TLD} - homepage.icon=minio.png - homepage.description=S3-compatible storage backend networks: default: null ports: - mode: ingress protocol: tcp published: "9001" target: 9000 - mode: ingress protocol: tcp published: "9092" target: 9090 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/minio/data target: /mnt/data type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/minio/minio target: /etc/config.env type: bind bind: create_host_path: true mongodb: container_name: mongodb image: mongo:7.0 ports: - 27017:27017 restart: unless-stopped volumes: - mongodb_data:/data/db - mongodb_config:/data/configdb multi-scrobbler: container_name: multi-scrobbler environment: - TZ=${TZ} - PUID=${PUID} - PGID=${PGID} image: foxxmd/multi-scrobbler labels: - homepage.group=Media Library - homepage.name=Multi-Scrobbler - homepage.href=http://192.168.1.254:9078 - homepage.icon=/icons/multi-scrobbler.png - homepage.description=JS App for scrobbling/recording play history from/to multiple sources networks: default: null ports: - mode: ingress protocol: tcp published: "9078" target: 9078 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/multi-scrobbler target: /config type: bind bind: create_host_path: true navidrome: container_name: navidrome environment: ND_AUTOIMPORTPLAYLISTS: false ND_BASEURL: "" ND_LASTFM_APIKEY: ${LASTFM_API_KEY} ND_LASTFM_ENABLED: true ND_LASTFM_SECRET: ${LASTFM_API_SECRET} ND_LOGLEVEL: info ND_MUSICFOLDER: /music ND_SCANNER_GROUPALBUMRELEASES: true ND_SCANSCHEDULE: '@every 6h' ND_SESSIONTIMEOUT: 24h ND_SPOTIFY_ID: ${YOUR_SPOTIFY_ID} ND_SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET} ND_SUBSONICARTISTPARTICIPATIONS: true image: deluan/navidrome:latest labels: - homepage.group=Media Library - homepage.name=Navidrome - homepage.href=https://navi.${MY_TLD} - homepage.icon=navidrome.png - homepage.description=Music Streaming - homepage.widget.type=navidrome - homepage.widget.url=http://navidrome:4533 - homepage.widget.user=admin - homepage.widget.token=e8a9e97b29aa963fa4729c633289d232 - homepage.widget.salt=v5Z93Z - swag=enable - swag_port=4533 - swag_proto=http - swag_url=navi.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://navi.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "4533" target: 4533 restart: unless-stopped user: 1000:1000 volumes: - source: ${DOCKER_VOLUME_CONFIG}/navidrome target: /data type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music target: /music type: bind bind: create_host_path: true netbox: container_name: netbox depends_on: netbox-db: condition: service_healthy required: true redis: condition: service_started required: true environment: PUID: ${PUID} PGID: ${PGID} TZ: ${TZ} SUPERUSER_EMAIL: charish.patel@pm.me SUPERUSER_PASSWORD: ${NETBOX_SUPERUSER_PASSWORD} ALLOWED_HOST: net.trez.wtf DB_NAME: netbox DB_USER: netbox DB_PASSWORD: ${NETBOX_PG_DB_PASSWORD} DB_HOST: netbox-db DB_PORT: 5432 DEBUG: false DOCKER_MODS: linuxserver/mods:netbox-slurpit REDIS_HOST: redis REDIS_PORT: 6379 REMOTE_AUTH_ENABLED: image: lscr.io/linuxserver/netbox:latest labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: Netbox homepage.href: https://net.${MY_TLD} homepage.icon: netbox.svg homepage.description: Network modeling/documentation swag: enable swag_url: net.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://net.${MY_TLD} ports: - 8007:8000 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/netbox/:/config netbox-db: container_name: netbox-db environment: POSTGRES_USER: netbox POSTGRES_PASSWORD: ${NETBOX_PG_DB_PASSWORD} POSTGRES_DB: netbox expose: - 5432 healthcheck: test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER start_period: 20s timeout: 30s interval: 10s retries: 5 image: postgres:17-alpine restart: always volumes: - source: netbox-pg-db target: /var/lib/postgresql/data type: volume volume: {} nextcloud: container_name: nextcloud environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - LOG_LEVEL=debug hostname: Rinoa image: lscr.io/linuxserver/nextcloud:latest labels: - homepage.group=Personal Services - homepage.name=NextCloud - homepage.href=https://cloud.${MY_TLD} - homepage.icon=nextcloud.png - homepage.description=Private Cloud - swag=enable - swag_proto=https - swag_url=cloud.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://cloud.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "444" target: 443 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/nextcloud target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/nextcloud target: /data type: bind ollama: container_name: ollama extra_hosts: - host.docker.internal:host-gateway image: ollama/ollama networks: default: null ports: - mode: ingress protocol: tcp published: "11434" target: 11434 restart: always volumes: - source: ollama target: /root/.ollama type: volume volume: {} ombi: container_name: ombi environment: PGID: "1000" PUID: "1000" TZ: America/New_York hostname: Rinoa image: lscr.io/linuxserver/ombi:latest labels: - homepage.group=Media Library - homepage.name=Ombi - homepage.href=https://ombi.${MY_TLD} - homepage.icon=ombi.png - homepage.description=Media Requests - homepage.widget.type=ombi - homepage.widget.url=http://ombi:3579 - homepage.widget.key=${OMBI_API_KEY} - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "3579" target: 3579 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/ombi target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind paperless-ngx: container_name: paperless-ngx environment: PAPERLESS_DBENGINE: mariadb PAPERLESS_DBHOST: mariadb PAPERLESS_DBPASS: ${PAPERLESS_DBPASS} PAPERLESS_DBPORT: 3306 PAPERLESS_DBUSER: paperless PAPERLESS_OCR_LANGUAGE: eng PAPERLESS_OCR_LANGUAGES: all PAPERLESS_REDIS: redis://redis:6379 PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} PAPERLESS_TIME_ZONE: ${TZ} PAPERLESS_URL: https://docs.${MY_TLD} USERMAP_GID: ${PGID} USERMAP_UID: ${PUID} image: ghcr.io/paperless-ngx/paperless-ngx:latest labels: - swag=enable - swag_proto=http - swag_port=8000 - swag_url=docs.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://docs.${MY_TLD} - homepage.group=Personal Services - homepage.name=Paperless-ngx - homepage.href=https://docs.${MY_TLD} - homepage.icon=paperless-ngx.svg - homepage.description=Document indexer & archiver with OCR networks: default: null ports: - mode: ingress protocol: tcp published: "8004" target: 8000 restart: unless-stopped volumes: - source: paperless-ngx-data target: /usr/src/paperless/data type: volume volume: {} - source: paperless-ngx-media target: /usr/src/paperless/media type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/export target: /usr/src/paperless/export type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/consume target: /usr/src/paperless/consume type: bind bind: create_host_path: true plausible: command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" container_name: plausible depends_on: plausible_db: condition: service_started required: true plausible_events_db: condition: service_started required: true environment: BASE_URL: https://analytics.${MY_TLD} CLICKHOUSE_DATABASE_URL: http://plausible-events-db:8123/plausible_events_db DATABASE_URL: postgres://plausible:${PLAUSIBLE_PG_PASSWORD}@plausible-db:5432/plausible_db DISABLE_REGISTRATION: invite_only ENABLE_EMAIL_VERIFICATION: true MAILER_ADAPTER: Bamboo.Mua MAILER_EMAIL: noreply@trez.wtf MAILER_NAME: Plausible MAXMINDDB_LICENSE_KEY: ${SWAG_MAXMINDDB_LICENSE_KEY} SECRET_KEY_BASE: ${PLAUSIBLE_SECRET_KEY_BASE} SMTP_HOST_ADDR: postal-smtp SMTP_HOST_PORT: 25 SMTP_USER_NAME: ${POSTAL_SMTP_AUTH_USER} SMTP_USER_PWD: ${POSTAL_SMTP_AUTH_PASSWORD} TOTP_VAULT_KEY: ${PLAUSIBLE_TOTP_VAULT_KEY} image: ghcr.io/plausible/community-edition:v2.1.0 labels: - swag=enable - swag_proto=http - swag_port=8000 - swag_url=analytics.${MY_TLD} - homepage.group=Professional Services - homepage.name=Plausible - homepage.href=https://analytics.${MY_TLD} - homepage.icon=plausible.svg - homepage.description=Open-source web analytics networks: default: null ports: - mode: ingress protocol: tcp published: "8107" target: 8000 restart: always plausible_db: container_name: plausible-db environment: POSTGRES_DB: plausible_db POSTGRES_PASSWORD: ${PLAUSIBLE_PG_PASSWORD} POSTGRES_USER: plausible expose: - 5432 image: postgres:16-alpine networks: default: null restart: always volumes: - plausible-db-data:/var/lib/postgresql/data plausible_events_db: container_name: plausible-events-db expose: - 8123 image: clickhouse/clickhouse-server:24.3.3.102-alpine networks: default: null restart: always ulimits: nofile: hard: 262144 soft: 262144 volumes: - plausible-event-data:/var/lib/clickhouse - plausible-event-logs:/var/log/clickhouse-server - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro portainer: command: - -H - unix:///var/run/docker.sock container_name: portainer environment: - TZ=America/New_York - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:portainer hostname: Rinoa image: portainer/portainer-ce:latest labels: - homepage.group=System Administration - homepage.name=Portainer - homepage.href=https://portainer.${MY_TLD} - homepage.icon=portainer.png - homepage.description=Docker container management - homepage.widget.type=portainer - homepage.widget.url=http://portainer:9000 - homepage.widget.env=1 - homepage.widget.key=${PORTAINER_API_KEY} - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "9000" target: 9000 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/portainer target: /data type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true source: /var/run/docker.sock target: /var/run/docker.sock type: bind postal-smtp: cap_add: - NET_BIND_SERVICE command: postal smtp-server container_name: postal-smtp image: ghcr.io/postalserver/postal:latest networks: default: null ports: - mode: ingress protocol: tcp published: "25" target: 25 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/postal target: /config type: bind bind: create_host_path: true postal-web: command: postal web-server container_name: postal-web image: ghcr.io/postalserver/postal:latest labels: - swag=enable - swag_proto=http - swag_port=5000 - swag_address=postal-web - swag_url=post.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://post.${MY_TLD} - homepage.group=System Administration - homepage.name=Postal - homepage.href=https://post.${MY_TLD} - homepage.icon=/icons/postal.png - homepage.description=OSS Mail delivery platform networks: default: null ports: - mode: ingress protocol: tcp published: "5001" target: 5000 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/postal target: /config type: bind bind: create_host_path: true postal-worker: command: postal worker container_name: postal-worker environment: - LOG_LEVEL=debug image: ghcr.io/postalserver/postal:latest networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/postal target: /config type: bind bind: create_host_path: true prowlarr: container_name: prowlarr environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - DOCKER_MODS=ghcr.io/gilbn/theme.park:sonarr - TP_DOMAIN=trez.wtf\/themepark - TP_COMMUNITY_THEME=false - TP_THEME=space-gray hostname: Rinoa image: lscr.io/linuxserver/prowlarr:latest labels: - homepage.group=Servarr Stack - homepage.name=Prowlarr - homepage.href=https://prowlarr.${MY_TLD} - homepage.icon=prowlarr.png - homepage.description=Index aggregator - homepage.widget.type=prowlarr - homepage.widget.url=http://prowlarr:9696 - homepage.widget.key=${PROWLARR_API_KEY} - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "9696" target: 9696 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/prowlarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind radarec: container_name: radarec environment: auto_start: true auto_start_delay: 60 dry_run_adding_to_radarr: false fallback_to_top_result: false language_choice: all metadata_profile_id: 1 minimum_rating: 4.5 minimum_votes: 50 quality_profile_id: 1 radarr_address: http://radarr:7878 radarr_api_key: ${RADARR_API_KEY} radarr_api_timeout: 120 root_folder_path: /data/media/movies search_for_movie: true tmdb_api_key: ${TMDB_API_KEY} expose: - 5000 image: thewicklowwolf/radarec:latest labels: - homepage.group=Servarr Stack - homepage.name=RadaRec - homepage.href=https://radarec.${MY_TLD} - homepage.icon=/icons/radarec.png - homepage.description=Movie discovery based on library/tastes - swag=enable - swag_proto=http - swag_port=5000 - swag_auth=authelia - swag_url=radarec.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://radarec.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_STORAGE}/Movies target: /data/media/movies type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/radarec target: /radarec/config type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind radarr: container_name: radarr environment: PGID: "1000" PUID: "1000" TZ: America/New_York hostname: Rinoa image: lscr.io/linuxserver/radarr:latest labels: - homepage.group=Servarr Stack - homepage.name=Radarr - homepage.href=https://radarr.${MY_TLD} - homepage.icon=radarr.png - homepage.description=Movie Automation - homepage.widget.type=radarr - homepage.widget.url=http://radarr:7878 - homepage.widget.key=${RADARR_API_KEY} - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "7878" target: 7878 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/radarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind reactive-resume: container_name: reactive-resume depends_on: browserless: condition: service_started required: true minio: condition: service_started required: true reactive-resume-pg: condition: service_started required: true environment: ACCESS_TOKEN_SECRET: ${REACTIVE_RESUME_ACCESS_TOKEN_SECRET} CHROME_PORT: 443 CHROME_TOKEN: ${CHROMIUM_TOKEN} CHROME_URL: wss://browse.${MY_TLD} DATABASE_URL: postgresql://reactiveresume:${REACTIVE_RESUME_PGSQL_PASSWORD}@reactive-resume-pg:5432/reactiveresume MAIL_FROM: noreply@trez.wtf NODE_ENV: production PORT: 3000 PUBLIC_URL: https://resume.${MY_TLD} REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET} SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY} STORAGE_BUCKET: reactive-resume STORAGE_ENDPOINT: minio STORAGE_PORT: 9000 STORAGE_REGION: us-east-fh-pln STORAGE_SECRET_KEY: ${REACTIVE_RESUME_S3_SECRET_KEY} STORAGE_URL: https://s3.trez.wtf/reactive-resume STORAGE_USE_SSL: false TZ: ${TZ} image: amruthpillai/reactive-resume:latest labels: - homepage.group=Professional Services - homepage.name=Reactive Resume - homepage.href=https://resume.${MY_TLD} - homepage.icon=reactive-resume.svg - homepage.description=Open-source resume builder - swag=enable - swag_proto=http - swag_port=3000 - swag_url=resume.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://resume.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "3011" target: 3000 restart: unless-stopped reactive-resume-pg: container_name: reactive-resume-pg environment: - TZ=${TZ} - POSTGRES_DB=reactiveresume - POSTGRES_USER=reactiveresume - POSTGRES_PASSWORD=${REACTIVE_RESUME_PGSQL_PASSWORD} expose: - 5432 image: postgres:16-alpine networks: default: null restart: unless-stopped volumes: - reactive-resume-pg:/var/lib/postgresql/data readarr: container_name: readarr environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - DOCKER_MODS=ghcr.io/gilbn/theme.park:readnarr hostname: Rinoa image: lscr.io/linuxserver/readarr:develop labels: - homepage.group=Servarr Stack - homepage.name=Readarr - homepage.href=https://readarr.${MY_TLD} - homepage.icon=readarr.png - homepage.description=eBook/Audiobook Automation - homepage.widget.type=readarr - homepage.widget.url=http://readarr:8787 - homepage.widget.key=${READARR_API_KEY} - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "8787" target: 8787 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/readarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind redis: cap_add: - SETGID - SETUID - DAC_OVERRIDE cap_drop: - ALL command: redis-server --save "" --appendonly "no" container_name: redis expose: - 6379 image: redis:alpine networks: default: null restart: unless-stopped tmpfs: - /var/lib/redis redlib: cap_drop: - ALL container_name: redlib environment: - REDLIB_SFW_ONLY=off - REDLIB_BANNER= - REDLIB_ROBOTS_DISABLE_INDEXING=off - REDLIB_PUSHSHIFT_FRONTEND=undelete.pullpush.io - REDLIB_DEFAULT_THEME=nord - REDLIB_DEFAULT_FRONT_PAGE=default - REDLIB_DEFAULT_LAYOUT=clean - REDLIB_DEFAULT_WIDE=on - REDLIB_DEFAULT_POST_SORT=hot - REDLIB_DEFAULT_COMMENT_SORT=confidence - REDLIB_DEFAULT_SHOW_NSFW=off - REDLIB_DEFAULT_BLUR_NSFW=on - REDLIB_DEFAULT_USE_HLS=off - REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION=off - REDLIB_DEFAULT_AUTOPLAY_VIDEOS=off - REDLIB_DEFAULT_SUBSCRIPTIONS= - REDLIB_DEFAULT_HIDE_AWARDS=off - REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION=off - REDLIB_DEFAULT_HIDE_SCORE=off - REDLIB_DEFAULT_FIXED_NAVBAR=on image: quay.io/redlib/redlib:latest labels: - homepage.group=Social - homepage.name=Redlib - homepage.href=https://rlib.${MY_TLD} - homepage.icon=libreddit.svg - homepage.description=Redlib is a private front-end like Invidious but for Reddit - swag=enable - swag_auth=authelia - swag_proto=http - swag_port=8080 - swag_url=rlib.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://rlib.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8103" target: 8080 read_only: true restart: always security_opt: - no-new-privileges=true user: nobody remmina: container_name: remmina environment: CF_ACCOUNT_ID: ${CLOUDFLARE_ACCOUNT_ID} CF_API_TOKEN: ${CLOUDFLARE_DNS_API_TOKEN} CF_TUNNEL_CONFIG: | ingress: - hostname: rem.${MY_TLD} service: http://192.168.1.254:3008 - service: http_status:404 CF_TUNNEL_NAME: remmina CF_TUNNEL_PASSWORD: ${REMMINA_CF_TUNNEL_PASSWORD} CF_ZONE_ID: ${CLOUDFLARE_ZONE_ID} CUSTOM_HTTPS_PORT: 3009 CUSTOM_PORT: 3008 CUSTOM_USER: trez-one DOCKER_HOST: tcp://dockerproxy:2375 DOCKER_MODS: linuxserver/mods:universal-cloudflared PASSWORD: ${REMMINA_USER_PASSWORD} PGID: 1000 PUID: 1000 TITLE: Remmina @ Rinoa TZ: ${TZ} image: lscr.io/linuxserver/remmina:latest labels: - swag=enable - swag_url=rem.${MY_TLD} - swag_port=3008 - homepage.group=System Administration - homepage.name=Remmina - homepage.href=https://rem.${MY_TLD} - homepage.icon=/icons/remmina.svg - homepage.description=GTK Remote desktop client (EXEC, SPICE, SSH, RDP, & VNC) networks: default: null ports: - mode: ingress protocol: tcp published: "3008" target: 3008 - mode: ingress protocol: tcp published: "3009" target: 3009 privileged: true restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/remmina target: /config type: bind bind: create_host_path: true sabnzbdvpn: cap_add: - NET_ADMIN - SYS_MODULE container_name: sabnzbdvpn environment: - ENABLE_PRIVOXY=no - LAN_NETWORK=192.168.1.0/24 - NAME_SERVERS=192.168.1.254,1.1.1.1 - PGID=1000 - PUID=1000 - TZ=America/New_York - VPN_CLIENT=openvpn - VPN_ENABLED=yes - VPN_INPUT_PORTS= - VPN_OPTIONS= - VPN_OUTPUT_PORTS= - VPN_PASS=QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA - VPN_PROV=pia - VPN_USER=p3120278 - DEBUG=true hostname: Rinoa image: ghcr.io/binhex/arch-sabnzbdvpn:latest labels: - homepage.group=Downloaders - homepage.name=SABnzbd - homepage.href=https://sabnzbd.${MY_TLD} - homepage.icon=sabnzbd.png - homepage.description=NZB Downloader over VPN - homepage.widget.type=sabnzbd - homepage.widget.url=http://sabnzbdvpn:8080 - homepage.widget.env=1 - homepage.widget.key=${SABNZBDVPN_API_KEY} - swag=enable - swag_proto=http - swag_url=sabnzbd.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://sabnzbd.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8080" target: 8080 - mode: ingress protocol: tcp published: "8090" target: 8090 - mode: ingress protocol: tcp published: "8119" target: 8118 privileged: true restart: unless-stopped sysctls: net.ipv4.conf.all.src_valid_mark: "1" volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/sabnzbdvpn target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind scraperr: command: - npm - run - start container_name: scraperr expose: - 3000 image: jpyles0524/scraperr:latest labels: - homepage.group=Personal Services - homepage.name=Scraperr - homepage.href=https://scrape.${MY_TLD} - homepage.icon=/icons/scraperr.png - homepage.description=Web scraper - swag=enable - swag_proto=http - swag_port=3000 - swag_url=scrape.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://scrape.${MY_TLD} networks: default: null restart: unless-stopped scraperr-api: container_name: scraperr-api environment: - LOG_LEVEL=DEBUG - OLLAMA_URL=http://ollama:11434 - OLLAMA_MODEL=phi3 - MONGODB_URI=mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/scrapper - SECRET_KEY=${SCRAPERR_SECRET_KEY} - ALGORITHM=HS256 - ACCESS_TOKEN_EXPIRE_MINUTES=600 - DOCKER_HOST=tcp://dockerproxy:2375 expose: - 8000 extra_hosts: - host.docker.internal:host-gateway image: jpyles0524/scraperr_api:latest labels: - swag=enable - swag_proto=http - swag_port=3000 - swag_server_custom_directive="location /api/ { rewrite ^/api(/.*)$ /$1 break ; proxy_pass http://scraperr:3000; }" networks: default: null restart: unless-stopped scrutiny: cap_add: - SYS_RAWIO container_name: scrutiny devices: - "/dev/sda:/dev/sda:rwm" - "/dev/sdb:/dev/sdb:rwm" - "/dev/sdc:/dev/sdc:rwm" - "/dev/sdd:/dev/sdd:rwm" - "/dev/sde:/dev/sde:rwm" - "/dev/sdf:/dev/sdf:rwm" image: ghcr.io/analogj/scrutiny:master-omnibus labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Scrutiny - homepage.href=http://192.168.1.254:8909 - homepage.icon=scrutiny.png - homepage.description=WebUI for smartd S.M.A.R.T monitoring - homepage.widget.type=scrutiny - homepage.widget.url=http://scrutiny:8080 networks: default: null ports: - mode: ingress protocol: tcp published: "8909" target: 8080 - mode: ingress protocol: tcp published: "8910" target: 8086 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /run/udev target: /run/udev type: bind - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/config target: /opt/scrutiny/config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/influxdb target: /opt/scrutiny/influxdb type: bind bind: create_host_path: true searxng: cap_add: - CHOWN - SETGID - SETUID cap_drop: - ALL container_name: searxng environment: - SEARXNG_BASE_URL=https://${SEARXNG_BASE_URL:-localhost}/ image: searxng/searxng:latest labels: - homepage.group=Personal Services - homepage.name=SearxNG - homepage.href=https://search.${MY_TLD} - homepage.icon=searxng.png - homepage.description=Anonymized Meta-Search Engine - swag=enable - swag_address=searxng - swag_proto=http - swag_url=search.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://search.${MY_TLD} logging: driver: json-file options: max-file: "1" max-size: 1m networks: default: null ports: - mode: ingress protocol: tcp published: "8095" target: 8080 privileged: true restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/searxng target: /etc/searxng type: bind bind: create_host_path: true semaphore: container_name: semaphore environment: ANSIBLE_HOST_KEY_CHECKING: false SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD} SEMAPHORE_ADMIN_NAME: admin SEMAPHORE_ADMIN_EMAIL: charish.patel@pm.me SEMAPHORE_ADMIN: admin SEMAPHORE_DB_DIALECT: bolt SEMAPHORE_EMAIL_ALERT: true SEMAPHORE_EMAIL_SENDER: noreply@trez.wtf SEMAPHORE_EMAIL_HOST: postal-smtp SEMAPHORE_EMAIL_PORT: 25 SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} SEMAPHORE_EMAIL_SECURE: false SEMAPHORE_USE_REMOTE_RUNNER: true image: semaphoreui/semaphore:v2.10.32 labels: - homepage.group=Code/DevOps - homepage.name=Semaphore - homepage.href=https://devops.${MY_TLD} - homepage.icon=semaphore.svg - homepage.description=Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools - swag=enable - swag_port=3000 - swag_proto=http - swag_url=devops.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://search.${MY_TLD} ports: - 3015:3000 restart: unless-stopped volumes: - semaphore_config:/etc/semaphore - semaphore_data:/var/lib/semaphore - semaphore_tmp:/tmp/semaphore slurpit-portal: container_name: slurpit-portal environment: TZ: ${TZ} PORTAL_BASE_URL: https://slurpit.trez.wtf PORTAL_WAREHOUSE_URL: http://slurpit-warehouse image: slurpit/portal:latest labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: Slurp'it homepage.href: https://slurpit.${MY_TLD} homepage.icon: /icons/slurpit.png homepage.description: Network discovery swag: enable swag_port: 80 swag_url: slurpit.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://slurpit.${MY_TLD} ports: - 8110:80 - 5443:443 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/nginx:/var/log/nginx/ - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/mysql:/var/log/mysql/ - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/php:/var/log/php/ - ${DOCKER_VOLUME_CONFIG}/slurpit/certs:/etc/nginx/certs/ - ${DOCKER_VOLUME_CONFIG}/slurpit/db/portal:/var/lib/mysql - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/portal:/backup/files slurpit-scanner: container_name: slurpit-scanner depends_on: slurpit-warehouse: condition: service_healthy environment: TZ: ${TZ} SCANNER_POOLSIZE: 4 SCANNER_TIMEOUT: 10 SCANNER_WAREHOUSE_URL: http://slurpit-warehouse image: slurpit/scanner:latest restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scanner:/logs slurpit-scraper: container_name: slurpit-scraper depends_on: slurpit-warehouse: condition: service_healthy image: slurpit/scraper:latest environment: TZ: ${TZ} SCRAPER_TIMEOUT: 20 SCRAPER_POOLSIZE: 4 SCRAPER_WAREHOUSE_URL: http://slurpit-warehouse restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/scraper:/logs slurpit-warehouse: container_name: slurpit-warehouse healthcheck: test: ["CMD", "curl", "-f", "http://localhost/services"] interval: 10s timeout: 10s retries: 360 image: slurpit/warehouse:latest environment: TZ: ${TZ} WAREHOUSE_CALLBACK_SCANNER_URL: http://slurpit-portal/callback/scanner WAREHOUSE_CALLBACK_SCANNER_TOKEN: WAREHOUSE_CALLBACK_SCRAPER_URL: http://slurpit-portal/callback/scraper WAREHOUSE_CALLBACK_SCRAPER_TOKEN: restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/slurpit/backup/warehouse:/backup/files - ${DOCKER_VOLUME_CONFIG}/slurpit/db/warehouse:/var/lib/mongodb - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse/mongodb:/var/log/mongodb - ${DOCKER_VOLUME_CONFIG}/slurpit/logs/warehouse:/logs sonarqube: container_name: sonarqube depends_on: sonarqube-pg-db: condition: service_healthy environment: SONAR_JDBC_URL: jdbc:postgresql://sonarqube-pg-db:5432/sonar SONAR_JDBC_USERNAME: sonar SONAR_JDBC_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} SONAR_SECURITY_REALM: LDAP LDAP_URL: ldap://lldap:3890 LDAP_BINDDN: cn=sonarqube,ou=people,dc=trez,dc=wtf LDAP_BINDPASSWORD: ${SONARQUBE_LDAP_BIND_PASSWORD} LDAP_AUTHENTICATION: simple LDAP_USER_BASEDN: ou=people,dc=trez,dc=wtf LDAP_USER_REQUEST: (&(objectClass=inetOrgPerson)(uid={login})(memberof=cn=sonarqube_users,ou=groups,dc=example,dc=com)) LDAP_USER_REALNAMEATTRIBUTE: cn LDAP_USER_EMAILATTRIBUTE: mail hostname: sonarqube image: mc1arke/sonarqube-with-community-branch-plugin:lts labels: - homepage.group=Code/DevOps - homepage.name=Sonarqube - homepage.href=https://sqube.trez.wtf - homepage.icon=sonarqube.svg - homepage.description=Code/DevOps quality/security - swag=enable - swag_proto=http - swag_port=9000 - swag_url=sqube.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://sqube.${MY_TLD} volumes: - sonarqube-data:/opt/sonarqube/data - sonarqube-extensions:/opt/sonarqube/extensions - sonarqube-logs:/opt/sonarqube/logs - sonarqube-temp:/opt/sonarqube/temp ports: - 9003:9000 read_only: true restart: unless-stopped sonarqube-pg-db: container_name: sonarqube-pg-db environment: POSTGRES_USER: sonar POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} POSTGRES_DB: sonar healthcheck: test: ["CMD-SHELL", "pg_isready"] interval: 10s timeout: 5s retries: 5 image: postgres:17-alpine restart: unless-stopped volumes: - sonarqube-db:/var/lib/postgresql - sonarqube-db-data:/var/lib/postgresql/data sonarr: container_name: sonarr environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - DOCKER_MODS=ghcr.io/gilbn/theme.park:sonarr hostname: Rinoa image: lscr.io/linuxserver/sonarr:latest labels: - homepage.group=Servarr Stack - homepage.name=Sonarr - homepage.href=https://sonarr.${MY_TLD} - homepage.icon=sonarr.png - homepage.description=TV Show Automation - homepage.widget.type=sonarr - homepage.widget.url=http://sonarr:8989 - homepage.widget.key=${SONARR_API_KEY} - swag=enable - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "8989" target: 8989 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/sonarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind sonashow: container_name: sonashow environment: auto_start: true auto_start_delay: 60 dry_run_adding_to_sonarr: false fallback_to_top_result: false language_choice: all metadata_profile_id: 1 minimum_rating: 4.5 minimum_votes: 50 quality_profile_id: 1 radarr_address: http://sonarr:8989 radarr_api_key: ${SONARR_API_KEY} root_folder_path: /data/media/shows search_for_missing_episodes: true sonarr_api_timeout: 120 tmdb_api_key: ${TMDB_API_KEY} expose: - 5000 image: thewicklowwolf/sonashow:latest labels: - homepage.group=Servarr Stack - homepage.name=Sonashow - homepage.href=https://sonashow.${MY_TLD} - homepage.icon=/icons/sonashow.png - homepage.description=TV show discovery based on library/tastes - swag=enable - swag_auth=authelia - swag_proto=http - swag_port=5000 - swag_url=sonashow.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://sonashow.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_STORAGE}/TV_Shows target: /data/media/shows type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/sonashow target: /sonashow/config type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind soulseek: container_name: soulseek depends_on: gluetun: condition: service_started required: true restart: true environment: SLSKD_PASSWORD: ${SLSKD_PASSWORD} SLSKD_REMOTE_CONFIGURATION: true SLSKD_SHARED_DIR: /music SLSKD_USERNAME: slsk image: slskd/slskd labels: - homepage.name=Soulseek - homepage.group=Downloaders - homepage.description=Modern client-server application for the Soulseek file-sharing network. - homepage.href=https://slsk.${MY_TLD} - homepage.icon=/icons/slskd.png - swag=enable - swag_proto=http - swag_url=slsk.${MY_TLD} - swag_address=gluetun - swag_port=5030 - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://slsk.${MY_TLD} network_mode: service:gluetun restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/soulseek target: /app type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music target: /music type: bind bind: create_host_path: true swag: cap_add: - NET_ADMIN container_name: swag environment: - DNSPLUGIN=cloudflare - EMAIL=charish.patel@trez.wtf - EXTRA_DOMAINS= - ONLY_SUBDOMAINS=false - PGID=1000 - PUID=1000 - SUBDOMAINS=etherpad,ha,www - TZ=America/New_York - URL=trez.wtf - VALIDATION=dns - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} - CROWDSEC_LAPI_URL=http://crowdsec:8080 - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma - PROPAGATION=30 - UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD} - UPTIME_KUMA_URL=http://uptimekuma:3001 - UPTIME_KUMA_USERNAME=${UPTIME_KUMA_USERNAME} hostname: Rinoa image: lscr.io/linuxserver/swag:latest labels: - swag=enable - swag_proto=http - swag_port=81 - swag_url=swag.${MY_TLD} - swag_auth=authelia - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://swag.${MY_TLD} - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=SWAG Dashboard - homepage.href=https://swag.${MY_TLD} - homepage.icon=linuxserver-io.png - homepage.description=SWAG Dashboard for proxies - homepage.widget.type=swagdashboard - homepage.widget.url=http://swag:81 networks: default: null ports: - mode: ingress protocol: tcp published: "443" target: 443 - mode: ingress protocol: tcp published: "80" target: 80 - mode: ingress protocol: tcp published: "81" target: 81 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/swag target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true read_only: true source: /var/run/docker.sock target: /var/run/docker.sock type: bind tandoor: container_name: tandoor-recipes depends_on: tandoor-pg: condition: service_started required: true environment: DB_ENGINE: django.db.backends.postgresql GID: 1000 POSTGRES_DB: tandoor POSTGRES_HOST: tandoor-pg POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} POSTGRES_USER: tandoor SECRET_KEY: ${TANDOOR_SECRET_KEY} TZ: ${TZ} UID: 1000 image: vabene1111/recipes labels: - homepage.group=Lifestyle - homepage.name=Tandoor Recipes - homepage.href=https://recipes.${MY_TLD} - homepage.icon=tandoor.svg - homepage.description=Recipes, cookbooks, meal-planning, & grocery lists - homepage.widget.type=tandoor - homepage.widget.url=http://tandoor-recipes:8080 - homepage.widget.key=${TANDOOR_API_TOKEN} - swag=enable - swag_proto=http - swag_url=recipes.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://trac.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8106" target: 8080 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/tandoor/static target: /opt/recipes/staticfiles type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/tandoor/media target: /opt/recipes/mediafiles type: bind bind: create_host_path: true tandoor-pg: container_name: tandoor-pg environment: POSTGRES_DB: tandoor POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} POSTGRES_USER: tandoor expose: - 5432 image: postgres:16-alpine networks: default: null restart: always volumes: - source: tandoor-pg target: /var/lib/postgresql/data type: volume volume: {} traccar: container_name: traccar image: traccar/traccar:latest labels: - homepage.group=Personal Services - homepage.name=Traccar - homepage.href=https://trac.${MY_TLD} - homepage.icon=traccar.svg - homepage.description=Open-source GPS tracking system - swag=enable - swag_proto=http - swag_port=8082 - swag_url=trac.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://trac.${MY_TLD} networks: default: null ports: - mode: ingress protocol: udp published: "6000" target: 5000 - mode: ingress protocol: udp published: "6001" target: 5001 - mode: ingress protocol: udp published: "6002" target: 5002 - mode: ingress protocol: udp published: "6003" target: 5003 - mode: ingress protocol: udp published: "6004" target: 5004 - mode: ingress protocol: udp published: "6005" target: 5005 - mode: ingress protocol: udp published: "6006" target: 5006 - mode: ingress protocol: udp published: "6007" target: 5007 - mode: ingress protocol: udp published: "6008" target: 5008 - mode: ingress protocol: udp published: "6009" target: 5009 - mode: ingress protocol: udp published: "6010" target: 5010 - mode: ingress protocol: udp published: "6011" target: 5011 - mode: ingress protocol: udp published: "6012" target: 5012 - mode: ingress protocol: udp published: "6013" target: 5013 - mode: ingress protocol: udp published: "6014" target: 5014 - mode: ingress protocol: udp published: "6015" target: 5015 - mode: ingress protocol: udp published: "6016" target: 5016 - mode: ingress protocol: udp published: "6017" target: 5017 - mode: ingress protocol: udp published: "6018" target: 5018 - mode: ingress protocol: udp published: "6019" target: 5019 - mode: ingress protocol: udp published: "6020" target: 5020 - mode: ingress protocol: udp published: "6021" target: 5021 - mode: ingress protocol: udp published: "6022" target: 5022 - mode: ingress protocol: udp published: "6023" target: 5023 - mode: ingress protocol: udp published: "6024" target: 5024 - mode: ingress protocol: udp published: "6025" target: 5025 - mode: ingress protocol: udp published: "6026" target: 5026 - mode: ingress protocol: udp published: "6027" target: 5027 - mode: ingress protocol: udp published: "6028" target: 5028 - mode: ingress protocol: udp published: "6029" target: 5029 - mode: ingress protocol: udp published: "6030" target: 5030 - mode: ingress protocol: udp published: "6031" target: 5031 - mode: ingress protocol: udp published: "6032" target: 5032 - mode: ingress protocol: udp published: "6033" target: 5033 - mode: ingress protocol: udp published: "6034" target: 5034 - mode: ingress protocol: udp published: "6035" target: 5035 - mode: ingress protocol: udp published: "6036" target: 5036 - mode: ingress protocol: udp published: "6037" target: 5037 - mode: ingress protocol: udp published: "6038" target: 5038 - mode: ingress protocol: udp published: "6039" target: 5039 - mode: ingress protocol: udp published: "6040" target: 5040 - mode: ingress protocol: udp published: "6041" target: 5041 - mode: ingress protocol: udp published: "6042" target: 5042 - mode: ingress protocol: udp published: "6043" target: 5043 - mode: ingress protocol: udp published: "6044" target: 5044 - mode: ingress protocol: udp published: "6045" target: 5045 - mode: ingress protocol: udp published: "6046" target: 5046 - mode: ingress protocol: udp published: "6047" target: 5047 - mode: ingress protocol: udp published: "6048" target: 5048 - mode: ingress protocol: udp published: "6049" target: 5049 - mode: ingress protocol: udp published: "6050" target: 5050 - mode: ingress protocol: udp published: "6051" target: 5051 - mode: ingress protocol: udp published: "6052" target: 5052 - mode: ingress protocol: udp published: "6053" target: 5053 - mode: ingress protocol: udp published: "6054" target: 5054 - mode: ingress protocol: udp published: "6055" target: 5055 - mode: ingress protocol: udp published: "6056" target: 5056 - mode: ingress protocol: udp published: "6057" target: 5057 - mode: ingress protocol: udp published: "6058" target: 5058 - mode: ingress protocol: udp published: "6059" target: 5059 - mode: ingress protocol: udp published: "6060" target: 5060 - mode: ingress protocol: udp published: "6061" target: 5061 - mode: ingress protocol: udp published: "6062" target: 5062 - mode: ingress protocol: udp published: "6063" target: 5063 - mode: ingress protocol: udp published: "6064" target: 5064 - mode: ingress protocol: udp published: "6065" target: 5065 - mode: ingress protocol: udp published: "6066" target: 5066 - mode: ingress protocol: udp published: "6067" target: 5067 - mode: ingress protocol: udp published: "6068" target: 5068 - mode: ingress protocol: udp published: "6069" target: 5069 - mode: ingress protocol: udp published: "6070" target: 5070 - mode: ingress protocol: udp published: "6071" target: 5071 - mode: ingress protocol: udp published: "6072" target: 5072 - mode: ingress protocol: udp published: "6073" target: 5073 - mode: ingress protocol: udp published: "6074" target: 5074 - mode: ingress protocol: udp published: "6075" target: 5075 - mode: ingress protocol: udp published: "6076" target: 5076 - mode: ingress protocol: udp published: "6077" target: 5077 - mode: ingress protocol: udp published: "6078" target: 5078 - mode: ingress protocol: udp published: "6079" target: 5079 - mode: ingress protocol: udp published: "6080" target: 5080 - mode: ingress protocol: udp published: "6081" target: 5081 - mode: ingress protocol: udp published: "6082" target: 5082 - mode: ingress protocol: udp published: "6083" target: 5083 - mode: ingress protocol: udp published: "6084" target: 5084 - mode: ingress protocol: udp published: "6085" target: 5085 - mode: ingress protocol: udp published: "6086" target: 5086 - mode: ingress protocol: udp published: "6087" target: 5087 - mode: ingress protocol: udp published: "6088" target: 5088 - mode: ingress protocol: udp published: "6089" target: 5089 - mode: ingress protocol: udp published: "6090" target: 5090 - mode: ingress protocol: udp published: "6091" target: 5091 - mode: ingress protocol: udp published: "6092" target: 5092 - mode: ingress protocol: udp published: "6093" target: 5093 - mode: ingress protocol: udp published: "6094" target: 5094 - mode: ingress protocol: udp published: "6095" target: 5095 - mode: ingress protocol: udp published: "6096" target: 5096 - mode: ingress protocol: udp published: "6097" target: 5097 - mode: ingress protocol: udp published: "6098" target: 5098 - mode: ingress protocol: udp published: "6099" target: 5099 - mode: ingress protocol: udp published: "6100" target: 5100 - mode: ingress protocol: udp published: "6101" target: 5101 - mode: ingress protocol: udp published: "6102" target: 5102 - mode: ingress protocol: udp published: "6103" target: 5103 - mode: ingress protocol: udp published: "6104" target: 5104 - mode: ingress protocol: udp published: "6105" target: 5105 - mode: ingress protocol: udp published: "6106" target: 5106 - mode: ingress protocol: udp published: "6107" target: 5107 - mode: ingress protocol: udp published: "6108" target: 5108 - mode: ingress protocol: udp published: "6109" target: 5109 - mode: ingress protocol: udp published: "6110" target: 5110 - mode: ingress protocol: udp published: "6111" target: 5111 - mode: ingress protocol: udp published: "6112" target: 5112 - mode: ingress protocol: udp published: "6113" target: 5113 - mode: ingress protocol: udp published: "6114" target: 5114 - mode: ingress protocol: udp published: "6115" target: 5115 - mode: ingress protocol: udp published: "6116" target: 5116 - mode: ingress protocol: udp published: "6117" target: 5117 - mode: ingress protocol: udp published: "6118" target: 5118 - mode: ingress protocol: udp published: "6119" target: 5119 - mode: ingress protocol: udp published: "6120" target: 5120 - mode: ingress protocol: udp published: "6121" target: 5121 - mode: ingress protocol: udp published: "6122" target: 5122 - mode: ingress protocol: udp published: "6123" target: 5123 - mode: ingress protocol: udp published: "6124" target: 5124 - mode: ingress protocol: udp published: "6125" target: 5125 - mode: ingress protocol: udp published: "6126" target: 5126 - mode: ingress protocol: udp published: "6127" target: 5127 - mode: ingress protocol: udp published: "6128" target: 5128 - mode: ingress protocol: udp published: "6129" target: 5129 - mode: ingress protocol: udp published: "6130" target: 5130 - mode: ingress protocol: udp published: "6131" target: 5131 - mode: ingress protocol: udp published: "6132" target: 5132 - mode: ingress protocol: udp published: "6133" target: 5133 - mode: ingress protocol: udp published: "6134" target: 5134 - mode: ingress protocol: udp published: "6135" target: 5135 - mode: ingress protocol: udp published: "6136" target: 5136 - mode: ingress protocol: udp published: "6137" target: 5137 - mode: ingress protocol: udp published: "6138" target: 5138 - mode: ingress protocol: udp published: "6139" target: 5139 - mode: ingress protocol: udp published: "6140" target: 5140 - mode: ingress protocol: udp published: "6141" target: 5141 - mode: ingress protocol: udp published: "6142" target: 5142 - mode: ingress protocol: udp published: "6143" target: 5143 - mode: ingress protocol: udp published: "6144" target: 5144 - mode: ingress protocol: udp published: "6145" target: 5145 - mode: ingress protocol: udp published: "6146" target: 5146 - mode: ingress protocol: udp published: "6147" target: 5147 - mode: ingress protocol: udp published: "6148" target: 5148 - mode: ingress protocol: udp published: "6149" target: 5149 - mode: ingress protocol: udp published: "6150" target: 5150 - mode: ingress protocol: tcp published: "6000" target: 5000 - mode: ingress protocol: tcp published: "6001" target: 5001 - mode: ingress protocol: tcp published: "6002" target: 5002 - mode: ingress protocol: tcp published: "6003" target: 5003 - mode: ingress protocol: tcp published: "6004" target: 5004 - mode: ingress protocol: tcp published: "6005" target: 5005 - mode: ingress protocol: tcp published: "6006" target: 5006 - mode: ingress protocol: tcp published: "6007" target: 5007 - mode: ingress protocol: tcp published: "6008" target: 5008 - mode: ingress protocol: tcp published: "6009" target: 5009 - mode: ingress protocol: tcp published: "6010" target: 5010 - mode: ingress protocol: tcp published: "6011" target: 5011 - mode: ingress protocol: tcp published: "6012" target: 5012 - mode: ingress protocol: tcp published: "6013" target: 5013 - mode: ingress protocol: tcp published: "6014" target: 5014 - mode: ingress protocol: tcp published: "6015" target: 5015 - mode: ingress protocol: tcp published: "6016" target: 5016 - mode: ingress protocol: tcp published: "6017" target: 5017 - mode: ingress protocol: tcp published: "6018" target: 5018 - mode: ingress protocol: tcp published: "6019" target: 5019 - mode: ingress protocol: tcp published: "6020" target: 5020 - mode: ingress protocol: tcp published: "6021" target: 5021 - mode: ingress protocol: tcp published: "6022" target: 5022 - mode: ingress protocol: tcp published: "6023" target: 5023 - mode: ingress protocol: tcp published: "6024" target: 5024 - mode: ingress protocol: tcp published: "6025" target: 5025 - mode: ingress protocol: tcp published: "6026" target: 5026 - mode: ingress protocol: tcp published: "6027" target: 5027 - mode: ingress protocol: tcp published: "6028" target: 5028 - mode: ingress protocol: tcp published: "6029" target: 5029 - mode: ingress protocol: tcp published: "6030" target: 5030 - mode: ingress protocol: tcp published: "6031" target: 5031 - mode: ingress protocol: tcp published: "6032" target: 5032 - mode: ingress protocol: tcp published: "6033" target: 5033 - mode: ingress protocol: tcp published: "6034" target: 5034 - mode: ingress protocol: tcp published: "6035" target: 5035 - mode: ingress protocol: tcp published: "6036" target: 5036 - mode: ingress protocol: tcp published: "6037" target: 5037 - mode: ingress protocol: tcp published: "6038" target: 5038 - mode: ingress protocol: tcp published: "6039" target: 5039 - mode: ingress protocol: tcp published: "6040" target: 5040 - mode: ingress protocol: tcp published: "6041" target: 5041 - mode: ingress protocol: tcp published: "6042" target: 5042 - mode: ingress protocol: tcp published: "6043" target: 5043 - mode: ingress protocol: tcp published: "6044" target: 5044 - mode: ingress protocol: tcp published: "6045" target: 5045 - mode: ingress protocol: tcp published: "6046" target: 5046 - mode: ingress protocol: tcp published: "6047" target: 5047 - mode: ingress protocol: tcp published: "6048" target: 5048 - mode: ingress protocol: tcp published: "6049" target: 5049 - mode: ingress protocol: tcp published: "6050" target: 5050 - mode: ingress protocol: tcp published: "6051" target: 5051 - mode: ingress protocol: tcp published: "6052" target: 5052 - mode: ingress protocol: tcp published: "6053" target: 5053 - mode: ingress protocol: tcp published: "6054" target: 5054 - mode: ingress protocol: tcp published: "6055" target: 5055 - mode: ingress protocol: tcp published: "6056" target: 5056 - mode: ingress protocol: tcp published: "6057" target: 5057 - mode: ingress protocol: tcp published: "6058" target: 5058 - mode: ingress protocol: tcp published: "6059" target: 5059 - mode: ingress protocol: tcp published: "6060" target: 5060 - mode: ingress protocol: tcp published: "6061" target: 5061 - mode: ingress protocol: tcp published: "6062" target: 5062 - mode: ingress protocol: tcp published: "6063" target: 5063 - mode: ingress protocol: tcp published: "6064" target: 5064 - mode: ingress protocol: tcp published: "6065" target: 5065 - mode: ingress protocol: tcp published: "6066" target: 5066 - mode: ingress protocol: tcp published: "6067" target: 5067 - mode: ingress protocol: tcp published: "6068" target: 5068 - mode: ingress protocol: tcp published: "6069" target: 5069 - mode: ingress protocol: tcp published: "6070" target: 5070 - mode: ingress protocol: tcp published: "6071" target: 5071 - mode: ingress protocol: tcp published: "6072" target: 5072 - mode: ingress protocol: tcp published: "6073" target: 5073 - mode: ingress protocol: tcp published: "6074" target: 5074 - mode: ingress protocol: tcp published: "6075" target: 5075 - mode: ingress protocol: tcp published: "6076" target: 5076 - mode: ingress protocol: tcp published: "6077" target: 5077 - mode: ingress protocol: tcp published: "6078" target: 5078 - mode: ingress protocol: tcp published: "6079" target: 5079 - mode: ingress protocol: tcp published: "6080" target: 5080 - mode: ingress protocol: tcp published: "6081" target: 5081 - mode: ingress protocol: tcp published: "6082" target: 5082 - mode: ingress protocol: tcp published: "6083" target: 5083 - mode: ingress protocol: tcp published: "6084" target: 5084 - mode: ingress protocol: tcp published: "6085" target: 5085 - mode: ingress protocol: tcp published: "6086" target: 5086 - mode: ingress protocol: tcp published: "6087" target: 5087 - mode: ingress protocol: tcp published: "6088" target: 5088 - mode: ingress protocol: tcp published: "6089" target: 5089 - mode: ingress protocol: tcp published: "6090" target: 5090 - mode: ingress protocol: tcp published: "6091" target: 5091 - mode: ingress protocol: tcp published: "6092" target: 5092 - mode: ingress protocol: tcp published: "6093" target: 5093 - mode: ingress protocol: tcp published: "6094" target: 5094 - mode: ingress protocol: tcp published: "6095" target: 5095 - mode: ingress protocol: tcp published: "6096" target: 5096 - mode: ingress protocol: tcp published: "6097" target: 5097 - mode: ingress protocol: tcp published: "6098" target: 5098 - mode: ingress protocol: tcp published: "6099" target: 5099 - mode: ingress protocol: tcp published: "6100" target: 5100 - mode: ingress protocol: tcp published: "6101" target: 5101 - mode: ingress protocol: tcp published: "6102" target: 5102 - mode: ingress protocol: tcp published: "6103" target: 5103 - mode: ingress protocol: tcp published: "6104" target: 5104 - mode: ingress protocol: tcp published: "6105" target: 5105 - mode: ingress protocol: tcp published: "6106" target: 5106 - mode: ingress protocol: tcp published: "6107" target: 5107 - mode: ingress protocol: tcp published: "6108" target: 5108 - mode: ingress protocol: tcp published: "6109" target: 5109 - mode: ingress protocol: tcp published: "6110" target: 5110 - mode: ingress protocol: tcp published: "6111" target: 5111 - mode: ingress protocol: tcp published: "6112" target: 5112 - mode: ingress protocol: tcp published: "6113" target: 5113 - mode: ingress protocol: tcp published: "6114" target: 5114 - mode: ingress protocol: tcp published: "6115" target: 5115 - mode: ingress protocol: tcp published: "6116" target: 5116 - mode: ingress protocol: tcp published: "6117" target: 5117 - mode: ingress protocol: tcp published: "6118" target: 5118 - mode: ingress protocol: tcp published: "6119" target: 5119 - mode: ingress protocol: tcp published: "6120" target: 5120 - mode: ingress protocol: tcp published: "6121" target: 5121 - mode: ingress protocol: tcp published: "6122" target: 5122 - mode: ingress protocol: tcp published: "6123" target: 5123 - mode: ingress protocol: tcp published: "6124" target: 5124 - mode: ingress protocol: tcp published: "6125" target: 5125 - mode: ingress protocol: tcp published: "6126" target: 5126 - mode: ingress protocol: tcp published: "6127" target: 5127 - mode: ingress protocol: tcp published: "6128" target: 5128 - mode: ingress protocol: tcp published: "6129" target: 5129 - mode: ingress protocol: tcp published: "6130" target: 5130 - mode: ingress protocol: tcp published: "6131" target: 5131 - mode: ingress protocol: tcp published: "6132" target: 5132 - mode: ingress protocol: tcp published: "6133" target: 5133 - mode: ingress protocol: tcp published: "6134" target: 5134 - mode: ingress protocol: tcp published: "6135" target: 5135 - mode: ingress protocol: tcp published: "6136" target: 5136 - mode: ingress protocol: tcp published: "6137" target: 5137 - mode: ingress protocol: tcp published: "6138" target: 5138 - mode: ingress protocol: tcp published: "6139" target: 5139 - mode: ingress protocol: tcp published: "6140" target: 5140 - mode: ingress protocol: tcp published: "6141" target: 5141 - mode: ingress protocol: tcp published: "6142" target: 5142 - mode: ingress protocol: tcp published: "6143" target: 5143 - mode: ingress protocol: tcp published: "6144" target: 5144 - mode: ingress protocol: tcp published: "6145" target: 5145 - mode: ingress protocol: tcp published: "6146" target: 5146 - mode: ingress protocol: tcp published: "6147" target: 5147 - mode: ingress protocol: tcp published: "6148" target: 5148 - mode: ingress protocol: tcp published: "6149" target: 5149 - mode: ingress protocol: tcp published: "6150" target: 5150 - mode: ingress protocol: tcp published: "8082" target: 8082 restart: unless-stopped volumes: - read_only: true source: ${DOCKER_VOLUME_CONFIG}/traccar/traccar.xml target: /opt/traccar/conf/traccar.xml type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/traccar/logs target: /opt/traccar/logs type: bind bind: create_host_path: true traccar-pg: container_name: traccar-pg environment: - POSTGRES_PASSWORD=${TRACCAR_POSTGRES_PASSWORD} - POSTGRES_USER=${TRACCAR_POSTGRES_USER} - POSTGRES_DB=${TRACCAR_POSTGRES_DATABASE} expose: - 5432 image: postgres:16-alpine networks: default: null restart: unless-stopped volumes: - traccar-pg:/var/lib/postgresql/data unmanic: container_name: unmanic environment: - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:universal-stdout-logs - PUID=${PUID} - PGID=${PGID} - LOGS_TO_STDOUT=/config/.unmanic/logs/unmanic.log image: josh5/unmanic:latest labels: - homepage.group=Media Library - homepage.name=Unmanic - homepage.href=https://unmanic.${MY_TLD} - homepage.icon=unmanic.png - homepage.description=Library Optimizer - homepage.widget.type=unmanic - homepage.widget.url=http://unmanic:8888 - swag=enable - swag_port=8888 - swag_url=unmanic.${MY_TLD} - swag_proto=http - swag.uptime-kuma.enabled=true networks: default: null ports: - mode: ingress protocol: tcp published: "8911" target: 8888 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/unmanic target: /config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE} target: /library type: bind bind: create_host_path: true - source: unmanic-cache target: /tmp/unmanic type: volume volume: {} uptimekuma: container_name: uptimekuma environment: - PGID=1000 - PUID=1000 - TZ=America/New_York - UPTIME_KUMA_USERNAME=${UPTIME_KUMA_USERNAME} - UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD} - DOCKER_HOST=http://dockerproxy:2375 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:uptime-kuma hostname: Rinoa image: louislam/uptime-kuma:latest labels: - homepage.group=Infrastructure/App Performance Monitoring - homepage.name=Uptime Kuma - homepage.href=https://uptime.${MY_TLD} - homepage.icon=uptime-kuma.png - homepage.description=HTTP Endpoint Monitoring - swag=enable - swag_proto=http - swag_url=uptime.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "3003" target: 3001 restart: unless-stopped volumes: - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/uptimekuma target: /app/data type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind wallabag: container_name: wallabag depends_on: mariadb: condition: service_started required: true redis: condition: service_started required: true environment: - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql - SYMFONY__ENV__DATABASE_HOST=mariadb - SYMFONY__ENV__DATABASE_PORT=3306 - SYMFONY__ENV__DATABASE_NAME=${WALLABAG_DB} - SYMFONY__ENV__DATABASE_USER=${WALLABAG_DB} - SYMFONY__ENV__DATABASE_PASSWORD=${WALLABAG_DB_PASSWORD} - SYMFONY__ENV__DATABASE_CHARSET=utf8 - SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_" - SYMFONY__ENV__MAILER_DSN=smtp://postal-smtp - SYMFONY__ENV__FROM_EMAIL=noreply@trez.wtf - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.${MY_TLD} - SYMFONY__ENV__SERVER_NAME="Wallabag @ Rinoa" - SYMFONY__ENV__REDIS_HOST=redis - SYMFONY__ENV__REDIS_PORT=6379 healthcheck: interval: 1m test: - CMD - wget - --no-verbose - --tries=1 - --spider - http://localhost timeout: 3s image: wallabag/wallabag labels: - swag=enable - swag_address=wallabag - swag_proto=http - swag.uptime-kuma.enabled=true - homepage.group=Lifestyle - homepage.name=Wallabag - homepage.href=https://wallabag.${MY_TLD} - homepage.icon=wallabag.png - homepage.description=Knowledge Store networks: default: null ports: - mode: ingress protocol: tcp target: 80 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/wallabag/images target: /var/www/wallabag/web/assets/images type: bind bind: create_host_path: true wallos: container_name: wallos environment: TZ: ${TZ} image: bellamy/wallos:latest labels: - homepage.group=Lifestyle - homepage.name=wallos - homepage.href=https://subs.${MY_TLD} - homepage.icon=wallos.png - homepage.description=Subscription Tracking - swag=enable - swag_proto=http - swag_url=subs.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://trac.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8283" target: 80 restart: unless-stopped volumes: - wallos-db:/var/www/html/db - wallos-logos:/var/www/html/images/uploads/logos watchtower: container_name: watchtower environment: - REPO_PASS= - REPO_USER= - TZ=America/New_York - WATCHTOWER_CLEANUP=true - WATCHTOWER_INCLUDE_STOPPED=false - WATCHTOWER_MONITOR_ONLY=false - WATCHTOWER_NOTIFICATIONS=gotify - WATCHTOWER_NOTIFICATIONS_LEVEL=info - WATCHTOWER_NOTIFICATION_TEMPLATE={{range .}}{{.Message}}{{println}}{{end}} - WATCHTOWER_NOTIFICATION_URL= - WATCHTOWER_SCHEDULE=0 0 4 * * * - WATCHTOWER_TIMEOUT=30s - WATCHTOWER_HTTP_API_METRICS=true - WATCHTOWER_HTTP_API_TOKEN=${WATCHTOWER_HTTP_API_TOKEN} - WATCHTOWER_NOTIFICATION_GOTIFY_URL=${WATCHTOWER_NOTIFICATION_GOTIFY_URL} - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN} - WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true expose: - 8080 hostname: Rinoa image: ghcr.io/containrrr/watchtower:latest labels: - homepage.group=Automation - homepage.name=Watchtower - homepage.icon=watchtower.svg - homepage.description=Container-based solution for automating Docker container base image updates - homepage.widget.type=watchtower - homepage.widget.url=http://watchtower:8080 - homepage.widget.key=${WATCHTOWER_HTTP_API_TOKEN} networks: default: null restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true source: /var/run/docker.sock target: /var/run/docker.sock type: bind wazuh.agent: container_name: wazuh.agent environment: - JOIN_MANAGER_PROTOCOL=https - JOIN_MANAGER_MASTER_HOST=wazuh.manager - JOIN_MANAGER_WORKER_HOST=wazuh.manager - JOIN_MANAGER_USER=wazuh-wui - JOIN_MANAGER_PASSWORD=${WAZUH_API_PASSWORD} - JOIN_MANAGER_API_PORT=55000 - JOIN_MANAGER_PORT=1514 - VIRUS_TOTAL_KEY=${VIRUS_TOTAL_API_KEY} - DOCKER_HOST=tcp://dockerproxy:2375 hostname: wazuh.agent image: opennix/wazuh-agent:latest networks: default: null restart: unless-stopped wazuh.dashboard: container_name: wazuh.dashboard depends_on: wazuh.indexer: condition: service_started required: true wazuh.manager: condition: service_started required: true restart: true environment: - INDEXER_USERNAME=admin - INDEXER_PASSWORD=${WAZUH_INDEXER_PASSWORD} - WAZUH_API_URL=https://wazuh.manager - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=${WAZUH_KIBANA_PASSWORD} - API_USERNAME=wazuh-wui - API_PASSWORD=${WAZUH_API_PASSWORD} hostname: wazuh.dashboard image: wazuh/wazuh-dashboard:${WAZUH_VERSION} labels: - swag=enable - swag_proto=https - swag_port=5601 - swag_url=wsec.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://wsec.${MY_TLD} - homepage.group=Privacy/Security - homepage.name=Wazuh - homepage.href=https://wsec.${MY_TLD} - homepage.icon=wazuh-opaque.png - homepage.description=OSS Security Platform for XDR/SIEM links: - wazuh.indexer:wazuh.indexer - wazuh.manager:wazuh.manager networks: default: null ports: - mode: ingress protocol: tcp published: "5601" target: 5601 restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/wazuh.dashboard.pem target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/wazuh.dashboard-key.pem target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/root-ca.pem target: /usr/share/wazuh-dashboard/certs/root-ca.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/config/opensearch_dashboards.yml target: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/config/wazuh.yml target: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml type: bind bind: create_host_path: true - source: wazuh-dashboard-config target: /usr/share/wazuh-dashboard/data/wazuh/config type: volume volume: {} - source: wazuh-dashboard-custom target: /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom type: volume volume: {} wazuh.indexer: container_name: wazuh.indexer environment: - OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m hostname: wazuh.indexer image: wazuh/wazuh-indexer:${WAZUH_VERSION} networks: default: null ports: - mode: ingress protocol: tcp published: "9200" target: 9200 restart: always ulimits: memlock: hard: -1 soft: -1 nofile: hard: 65536 soft: 65536 volumes: - source: wazuh-indexer-data target: /var/lib/wazuh-indexer type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/root-ca.pem target: /usr/share/wazuh-indexer/certs/root-ca.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/wazuh.indexer-key.pem target: /usr/share/wazuh-indexer/certs/wazuh.indexer.key type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/wazuh.indexer.pem target: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/admin.pem target: /usr/share/wazuh-indexer/certs/admin.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/admin-key.pem target: /usr/share/wazuh-indexer/certs/admin-key.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/config/wazuh.indexer.yml target: /usr/share/wazuh-indexer/opensearch.yml type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/config/internal_users.yml target: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml type: bind bind: create_host_path: true wazuh.manager: container_name: wazuh.manager environment: - INDEXER_URL=https://wazuh.indexer:9200 - INDEXER_USERNAME=admin - INDEXER_PASSWORD=${WAZUH_INDEXER_PASSWORD} - FILEBEAT_SSL_VERIFICATION_MODE=full - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - SSL_KEY=/etc/ssl/filebeat.key - API_USERNAME=wazuh-wui - API_PASSWORD=${WAZUH_API_PASSWORD} hostname: wazuh.manager image: wazuh/wazuh-manager:${WAZUH_VERSION} networks: default: null ports: - mode: ingress protocol: tcp published: "1514" target: 1514 - mode: ingress protocol: tcp published: "1515" target: 1515 - mode: ingress protocol: udp published: "514" target: 514 - mode: ingress protocol: tcp published: "55000" target: 55000 restart: always ulimits: memlock: hard: -1 soft: -1 nofile: hard: 655360 soft: 655360 volumes: - source: wazuh_api_configuration target: /var/ossec/api/configuration type: volume volume: {} - source: wazuh_etc target: /var/ossec/etc type: volume volume: {} - source: wazuh_logs target: /var/ossec/logs type: volume volume: {} - source: wazuh_queue target: /var/ossec/queue type: volume volume: {} - source: wazuh_var_multigroups target: /var/ossec/var/multigroups type: volume volume: {} - source: wazuh_integrations target: /var/ossec/integrations type: volume volume: {} - source: wazuh_active_response target: /var/ossec/active-response/bin type: volume volume: {} - source: wazuh_agentless target: /var/ossec/agentless type: volume volume: {} - source: wazuh_wodles target: /var/ossec/wodles type: volume volume: {} - source: filebeat_etc target: /etc/filebeat type: volume volume: {} - source: filebeat_var target: /var/lib/filebeat type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/root-ca.pem target: /etc/ssl/root-ca.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/wazuh.manager.pem target: /etc/ssl/filebeat.pem type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/wazuh.manager-key.pem target: /etc/ssl/filebeat.key type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/config/wazuh_manager.conf target: /wazuh-config-mount/etc/ossec.conf type: bind bind: create_host_path: true web-check: container_name: web-check image: lissy93/web-check labels: - homepage.group=Privacy/Security - homepage.name=Web-Check - homepage.icon=web-check.png - homepage.href=https://scan.${MY_TLD} - homepage.description=Site scanner for attack vectors, architecture, security configs, and more - swag=enable - swag_proto=http - swag_url=scan.${MY_TLD} - swag_port=3000 - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://scan.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "3010" target: 3000 restart: unless-stopped whodb: container_name: whodb environment: WHODB_MONGODB_1: null WHODB_MYSQL_1: null image: clidey/whodb labels: - homepage.group=System Administration - homepage.name=WhoDB - homepage.href=https://dbs.${MY_TLD} - homepage.icon=/icons/whodb.png - homepage.description=Web-based DB management - swag=enable - swag_proto=http - swag_port=8080 - swag_url=dbs.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://dbs.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8900" target: 8080 restart: unless-stopped your_spotify: container_name: your_spotify environment: - PUID=1000 - PGID=1000 - TZ=${TZ} - APP_URL=https://myspotify.${MY_TLD} - SPOTIFY_PUBLIC=${YOUR_SPOTIFY_ID} - SPOTIFY_SECRET=${YOUR_SPOTIFY_SECRET} - CORS=all - MONGO_ENDPOINT=mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/your_spotify - LOG_LEVEL=debug expose: - 8080 extra_hosts: - host.docker.internal:host-gateway image: lscr.io/linuxserver/your_spotify:latest labels: - homepage.group=Media Library - homepage.name=Your Spotify - homepage.icon=your-spotify.svg - homepage.href=https://myspotify.${MY_TLD} - homepage.description=Personal Spotify Tracking - swag=enable - swag_proto=https - swag_url=myspotify.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://myspotify.${MY_TLD} networks: default: null ports: - ${YOUR_SPOTIFY_PORT_80}:80 - ${YOUR_SPOTIFY_PORT_443}:443 restart: always youtubedl: container_name: youtubedl environment: PGID: "1000" PUID: "1000" TZ: America/New_York YDL_CONFIG_PATH: /youtube-dl/config.yml YDL_DEBUG: "false" hostname: Rinoa image: nbr23/youtube-dl-server:latest labels: - homepage.group=Downloaders - homepage.name=YoutubeDL - homepage.icon=youtubedl.png - homepage.href=https://ytdl.${MY_TLD} - homepage.description=YouTube Downloader - swag=enable - swag_proto=http - swag_url=ytdl.${MY_TLD} - swag_port=8080 - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://ytdl.${MY_TLD} networks: default: null ports: - mode: ingress protocol: tcp published: "8089" target: 8080 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/youtubedl target: /youtube-dl type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind zammad-backup: command: - zammad-backup container_name: zammad-backup depends_on: zammad-postgresql: condition: service_started required: true zammad-railsserver: condition: service_started required: true entrypoint: /usr/local/bin/backup.sh environment: AUTOWIZARD_JSON: null AUTOWIZARD_RELATIVE_PATH: null BACKUP_TIME: "03:00" ELASTICSEARCH_ENABLED: true ELASTICSEARCH_HOST: zammad-elasticsearch ELASTICSEARCH_NAMESPACE: trez_it ELASTICSEARCH_PORT: 9200 ELASTICSEARCH_REINDEX: true ELASTICSEARCH_SCHEMA: http ELASTICSEARCH_SSL_VERIFY: false HOLD_DAYS: "10" MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} POSTGRESQL_DB_CREATE: true POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} RAILS_LOG_TO_STDOUT: true RAILS_TRUSTED_PROXIES: 172.18.0.0/16 REDIS_URL: ${ZAMMAD_REDIS_URL} S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true TZ: Europe/Berlin ZAMMAD_BIND_IP: 0.0.0.0 ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null ZAMMAD_PROCESS_SCHEDULED: null ZAMMAD_SESSION_JOBS: null ZAMMAD_WEB_CONCURRENCY: null image: postgres:${ZAMMAD_POSTGRES_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} volumes: - source: zammad-backup target: /var/tmp/zammad type: volume volume: {} - read_only: true source: zammad-storage target: /opt/zammad/storage type: volume volume: {} - read_only: true source: ${DOCKER_VOLUME_CONFIG}/zammad/scripts/backup.sh target: /usr/local/bin/backup.sh type: bind volume: {} zammad-elasticsearch: container_name: zammad-elasticsearch expose: - 9200 image: bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} volumes: - source: zammad-es-data target: /bitnami/elasticsearch/data type: volume volume: {} zammad-init: command: - zammad-init container_name: zammad-init depends_on: zammad-postgresql: condition: service_started required: true environment: AUTOWIZARD_JSON: null AUTOWIZARD_RELATIVE_PATH: null ELASTICSEARCH_ENABLED: true ELASTICSEARCH_HOST: zammad-elasticsearch ELASTICSEARCH_NAMESPACE: trez_it ELASTICSEARCH_PORT: 9200 ELASTICSEARCH_REINDEX: true ELASTICSEARCH_SCHEMA: http ELASTICSEARCH_SSL_VERIFY: false MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} POSTGRESQL_DB_CREATE: true POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} RAILS_LOG_TO_STDOUT: true RAILS_TRUSTED_PROXIES: 172.18.0.0/16 REDIS_URL: ${ZAMMAD_REDIS_URL} S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true ZAMMAD_BIND_IP: 0.0.0.0 ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null ZAMMAD_PROCESS_SCHEDULED: null ZAMMAD_SESSION_JOBS: null ZAMMAD_WEB_CONCURRENCY: null hostname: init image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} networks: default: null restart: on-failure user: "0:0" volumes: - zammad-storage:/opt/zammad/storage zammad-memcached: command: memcached -m 256M container_name: zammad-memcached image: memcached:${ZAMMAD_MEMCACHE_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} zammad-nginx: command: - zammad-nginx container_name: zammad-nginx depends_on: zammad-railsserver: condition: service_started required: true environment: AUTOWIZARD_JSON: null AUTOWIZARD_RELATIVE_PATH: null ELASTICSEARCH_ENABLED: true ELASTICSEARCH_HOST: zammad-elasticsearch ELASTICSEARCH_NAMESPACE: trez_it ELASTICSEARCH_PORT: 9200 ELASTICSEARCH_REINDEX: true ELASTICSEARCH_SCHEMA: http ELASTICSEARCH_SSL_VERIFY: false MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} POSTGRESQL_DB_CREATE: true POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} RAILS_LOG_TO_STDOUT: true RAILS_TRUSTED_PROXIES: 172.18.0.0/16 REDIS_URL: ${ZAMMAD_REDIS_URL} S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true ZAMMAD_BIND_IP: 0.0.0.0 ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null ZAMMAD_PROCESS_SCHEDULED: null ZAMMAD_SESSION_JOBS: null ZAMMAD_WEB_CONCURRENCY: null expose: - "8080" image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} labels: - swag=enable - swag_proto=http - swag_port=8080 - swag_url=support.${MY_TLD} - swag.uptime-kuma.enabled=true - swag.uptime-kuma.monitor.url=https://support.${MY_TLD} - homepage.group=Professional Services - homepage.name=Zammad - homepage.href=https://support.${MY_TLD} - homepage.icon=zammad.svg - homepage.description=Open-source helpdesk/customer support system networks: default: null restart: ${ZAMMAD_RESTART} volumes: - zammad-storage:/opt/zammad/storage zammad-postgresql: container_name: zammad-postgresql environment: POSTGRES_DB: ${ZAMMAD_POSTGRES_DB} POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS} POSTGRES_USER: ${ZAMMAD_POSTGRES_USER} hostname: postgresql image: postgres:${ZAMMAD_POSTGRES_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} volumes: - source: zammad-pg-data target: /var/lib/postgresql/data type: volume volume: {} zammad-railsserver: command: - zammad-railsserver container_name: zammad-railserver depends_on: zammad-memcached: condition: service_started required: true zammad-postgresql: condition: service_started required: true zammad-redis: condition: service_started required: true environment: AUTOWIZARD_JSON: null AUTOWIZARD_RELATIVE_PATH: null ELASTICSEARCH_ENABLED: true ELASTICSEARCH_HOST: zammad-elasticsearch ELASTICSEARCH_NAMESPACE: trez_it ELASTICSEARCH_PORT: 9200 ELASTICSEARCH_REINDEX: true ELASTICSEARCH_SCHEMA: http ELASTICSEARCH_SSL_VERIFY: false MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} POSTGRESQL_DB_CREATE: true POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} RAILS_LOG_TO_STDOUT: true RAILS_TRUSTED_PROXIES: 172.18.0.0/16 REDIS_URL: ${ZAMMAD_REDIS_URL} S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true ZAMMAD_BIND_IP: 0.0.0.0 ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null ZAMMAD_PROCESS_SCHEDULED: null ZAMMAD_SESSION_JOBS: null ZAMMAD_WEB_CONCURRENCY: null image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} volumes: - source: zammad-storage target: /opt/zammad/storage type: volume volume: {} zammad-redis: container_name: zammad-redis image: redis:${ZAMMAD_REDIS_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} volumes: - source: zammad-redis-data target: /data type: volume volume: {} zammad-scheduler: command: - zammad-scheduler container_name: zammad-scheduler depends_on: zammad-memcached: condition: service_started required: true zammad-postgresql: condition: service_started required: true zammad-redis: condition: service_started required: true environment: AUTOWIZARD_JSON: null AUTOWIZARD_RELATIVE_PATH: null ELASTICSEARCH_ENABLED: true ELASTICSEARCH_HOST: zammad-elasticsearch ELASTICSEARCH_NAMESPACE: trez_it ELASTICSEARCH_PORT: 9200 ELASTICSEARCH_REINDEX: true ELASTICSEARCH_SCHEMA: http ELASTICSEARCH_SSL_VERIFY: false MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} POSTGRESQL_DB_CREATE: true POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} RAILS_LOG_TO_STDOUT: true RAILS_TRUSTED_PROXIES: 172.18.0.0/16 REDIS_URL: ${ZAMMAD_REDIS_URL} S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true ZAMMAD_BIND_IP: 0.0.0.0 ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null ZAMMAD_PROCESS_SCHEDULED: null ZAMMAD_SESSION_JOBS: null ZAMMAD_WEB_CONCURRENCY: null image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} volumes: - source: zammad-storage target: /opt/zammad/storage type: volume volume: {} zammad-websocket: command: - zammad-websocket container_name: zammad-websocket depends_on: zammad-memcached: condition: service_started required: true zammad-postgresql: condition: service_started required: true zammad-redis: condition: service_started required: true environment: AUTOWIZARD_JSON: null AUTOWIZARD_RELATIVE_PATH: null ELASTICSEARCH_ENABLED: true ELASTICSEARCH_HOST: zammad-elasticsearch ELASTICSEARCH_NAMESPACE: trez_it ELASTICSEARCH_PORT: 9200 ELASTICSEARCH_REINDEX: true ELASTICSEARCH_SCHEMA: http ELASTICSEARCH_SSL_VERIFY: false MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} POSTGRESQL_DB_CREATE: true POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} RAILS_LOG_TO_STDOUT: true RAILS_TRUSTED_PROXIES: 172.18.0.0/16 REDIS_URL: ${ZAMMAD_REDIS_URL} S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true ZAMMAD_BIND_IP: 0.0.0.0 ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null ZAMMAD_PROCESS_SCHEDULED: null ZAMMAD_SESSION_JOBS: null ZAMMAD_WEB_CONCURRENCY: null image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} networks: default: null restart: ${ZAMMAD_RESTART} volumes: - source: zammad-storage target: /opt/zammad/storage type: volume volume: {} zitadel: container_name: zitadel image: ghcr.io/zitadel/zitadel:latest command: 'start-from-init --masterkeyFromEnv --tlsMode external' # depends_on: # zitadel-pg-db: # condition: 'service_healthy' environment: ZITADEL_DATABASE_POSTGRES_HOST: zitadel-pg-db ZITADEL_DATABASE_POSTGRES_PORT: 5432 ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: ${ZITADEL_DB_PASSWORD} ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: ${ZITADEL_DB_ADMIN_PASSWORD} ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable ZITADEL_EXTERNALSECURE: true ZITADEL_EXTERNALPORT: 443 ZITADEL_EXTERNALDOMAIN: zitadel.trez.wtf ZITADEL_MASTERKEY: ${ZITADEL_MASTER_KEY} expose: - 8080 labels: - swag=enable - swag_proto=http - swag_port=8080 - swag_url=zitadel.${MY_TLD} - homepage.group=System Administration - homepage.name=Zitadel - homepage.href=https://zitadel.${MY_TLD} - homepage.icon=zitadel.svg - homepage.description=Centralized authentication management zitadel-pg-db: container_name: zitadel-pg-db environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: ${ZITADEL_DB_ADMIN_PASSWORD} expose: - 5432 healthcheck: test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres"] interval: '10s' timeout: '30s' retries: 5 start_period: '20s' image: postgres:16-alpine restart: always volumes: - zitadel-pg-db:/var/lib/postgresql/data volumes: authelia-pg-db: name: compose_authelia-pg-db bitmagnet-pg-db: name: bitmagnet-pg-db castopod-media: name: castopod-media crowdsec-config: name: compose_crowdsec-config crowdsec-db: name: compose_crowdsec-db dagu_config: name: compose_dagu_config dagu_data: name: compose_dagu_data fastenhealth-cache: name: compose_fastenhealth-cache fastenhealth-db: name: compose_fastenhealth-db filebeat_etc: name: filebeat_etc filebeat_var: name: filebeat_var gitea-pg-db: name: compose_gitea-pg-db grafana-mimir-data: name: compose_grafana-mimir-data grafana-tempo-data: name: compose_grafana-tempo-data hortusfox_app_backup: name: compose_hortusfox_app_backup hortusfox_app_images: name: compose_hortusfox_app_images hortusfox_app_logs: name: compose_hortusfox_app_logs hortusfox_app_migrate: name: compose_hortusfox_app_migrate hortusfox_app_themes: name: compose_hortusfox_app_themes hortusfox_db_data: name: compose_hortusfox_db_data invidious-postgres: name: compose_invidious-postgres invoice_ninja_public: name: compose_invoice_ninja_public jitsi-web-admin-theme: name: compose_jitsi-web-admin-theme jitsi-web-admin-upload: name: compose_jitsi-web-admin-upload joplin_data: name: compose_joplin_data komodo-pg-data: name: komodo-pg-data lldap_data: name: compose_lldap_data localai_data: name: compose_localai_data mattermost-postgres: name: compose_mattermost-postgres mongodb_config: name: compose_mongo1_config mongodb_data: name: compose_mongo1_data netbox-pg-db: name: netbox-pg-db ollama: name: compose_ollama paperless-ngx-data: name: compose_paperless-ngx-data paperless-ngx-media: name: compose_paperless-ngx-media paperless-ngx-pg: name: compose_paperless-ngx-pg plausible-db-data: name: compose_plausible-db-data plausible-event-data: name: compose_plausible-event-data plausible-event-logs: name: compose_plausible-event-logs reactive-resume-pg: name: compose_reactive-resume-pg semaphore_config: name: semaphore_config semaphore_data: name: semaphore_data semaphore_tmp: name: semaphore_tmp sonarqube-data: name: sonarqube-data sonarqube-db: name: sonarqube-db sonarqube-db-data: name: sonarqube-db-data sonarqube-extensions: name: sonarqube-extensions sonarqube-logs: name: sonarqube-logs sonarqube-temp: name: sonarqube-temp tandoor-pg: name: compose_tandoor-pg traccar-pg: name: compose_traccar-pg unmanic-cache: name: compose_unmanic-cache wallos-db: name: compose_wallos-db wallos-logos: name: compose_wallos-logos wazuh-dashboard-config: name: wazuh-dashboard-config wazuh-dashboard-custom: name: wazuh-dashboard-custom wazuh-indexer-data: name: wazuh-indexer-data wazuh_active_response: name: wazuh_active_response wazuh_agentless: name: wazuh_agentless wazuh_api_configuration: name: wazuh_api_configuration wazuh_etc: name: wazuh_etc wazuh_integrations: name: wazuh_integrations wazuh_logs: name: wazuh_logs wazuh_queue: name: wazuh_queue wazuh_var_multigroups: name: wazuh_var_multigroups wazuh_wodles: name: wazuh_wodles zammad-backup: driver: local name: compose_zammad-backup zammad-es-data: driver: local name: compose_zammad-es-data zammad-pg-data: driver: local name: compose_zammad-pg-data zammad-redis-data: driver: local name: compose_zammad-redis-data zammad-storage: driver: local name: compose_zammad-storage zitadel-pg-db: name: zitadel-pg-db x-shared: zammad-service: depends_on: - zammad-memcached - zammad-postgresql - zammad-redis environment: AUTOWIZARD_JSON: null AUTOWIZARD_RELATIVE_PATH: null ELASTICSEARCH_ENABLED: true ELASTICSEARCH_HOST: zammad-elasticsearch ELASTICSEARCH_NAMESPACE: trez_it ELASTICSEARCH_PORT: 9200 ELASTICSEARCH_REINDEX: true ELASTICSEARCH_SCHEMA: http ELASTICSEARCH_SSL_VERIFY: false MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} POSTGRESQL_DB_CREATE: true POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} RAILS_LOG_TO_STDOUT: true RAILS_TRUSTED_PROXIES: 172.18.0.0/16 REDIS_URL: ${ZAMMAD_REDIS_URL} S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true ZAMMAD_BIND_IP: 0.0.0.0 ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null ZAMMAD_PROCESS_SCHEDULED: null ZAMMAD_SESSION_JOBS: null ZAMMAD_WEB_CONCURRENCY: null image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} restart: ${ZAMMAD_RESTART} volumes: - zammad-storage:/opt/zammad/storage