name: compose networks: bitmagnet: driver: bridge ipam: config: - gateway: 192.168.55.1 subnet: 192.168.55.0/27 driver: default name: compose_bitmagnet default: name: compose_default nextcloud-aio: external: true services: actual_server: container_name: actualbudget environment: ACTUAL_LOGIN_METHOD: "pass" ACTUAL_PORT: 5006 # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20 # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50 # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20 # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration # !! If you are not using any of these options, remove the 'environment:' tag entirely. image: docker.io/actualbudget/actual-server:latest labels: swag: enable swag_port: 5006 swag_proto: http swag_url: fin.${MY_TLD} homepage.group: Lifestyle homepage.name: Actual Budget homepage.icon: actual-budget.svg homepage.href: https://fin.${MY_TLD} homepage.description: Privacy-focused app for managing finances ports: - 5006:5006 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/actual-budget:/data adguard: container_name: adguard environment: TZ: ${TZ} hostname: Rinoa image: adguard/adguardhome:latest labels: swag: enable swag_proto: http swag_url: adgh.${MY_TLD} homepage.group: System Administration homepage.name: AdGuard Home homepage.icon: adguard-home.png homepage.href: https://adgh.${MY_TLD} homepage.description: Ad-blocking/DNS homepage.widget.type: adguard homepage.widget.url: http://adguard:80 homepage.widget.username: admin homepage.widget.password: ${ADGUARD_PASSWORD} networks: default: null ports: - 3001:3000 - 446:443 - 8008:80 - 853:853 - 67:67 - 688:68 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/adguard/work target: /opt/adguardhome/work type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/adguard/conf target: /opt/adguardhome/conf type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - source: ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/archive/trez.wtf target: /etc/ssl/certs type: bind bind: create_host_path: true audiobookshelf: container_name: audiobookshelf environment: CONFIG_PATH: /config HOME: /config/.home LOG_LEVEL: info METADATA_PATH: /metadata TZ: America/New_York hostname: Rinoa image: ghcr.io/advplyr/audiobookshelf:latest labels: homepage.group: Media Library homepage.name: Audiobookshelf homepage.href: https://abs.${MY_TLD} homepage.icon: audiobookshelf.png homepage.description: Podcasts, eBooks, & Audiobooks homepage.widget.type: audiobookshelf homepage.widget.url: http://audiobookshelf:80 homepage.widget.key: ${AUDIOBOOKSHELF_ROOT_API_KEY} swag: enable swag_address: audiobookshelf swag_proto: http swag_url: abs.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://abs.${MY_TLD} networks: default: null ports: - 13378:80 restart: unless-stopped user: 1000:1000 volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf target: /config type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata target: /metadata type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind authelia: container_name: authelia depends_on: authelia-pg: condition: service_started required: true lldap: condition: service_started required: true environment: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${AUTHELIA_AUTH_BIND_LDAP_PASSWORD} AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET} AUTHELIA_NOTIFIER_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} AUTHELIA_NOTIFIER_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET} AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY} AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD} GUID: ${PGID} PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} expose: - 9091 image: authelia/authelia:master labels: homepage.group: Privacy/Security homepage.name: Authelia homepage.href: https://auth.${MY_TLD} homepage.icon: authelia.svg homepage.description: Authentication/authorization server with MFA & SSO swag: enable swag_proto: http swag_port: 9091 swag_url: auth.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://auth.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/authelia/ target: /config type: bind bind: create_host_path: true authelia-pg: container_name: authelia-pg environment: POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD} POSTGRES_USER: authelia POSTGRES_DB: authelia expose: - 5432 image: postgres:16-alpine networks: default: null restart: unless-stopped volumes: - source: authelia-pg-db target: /var/lib/postgresql/data type: volume bind: create_host_path: true bazarr: container_name: bazarr environment: PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} DOCKER_MODS: ghcr.io/gilbn/theme.park:bazarr hostname: Rinoa image: lscr.io/linuxserver/bazarr:latest labels: homepage.group: Servarr Stack homepage.name: Bazarr homepage.href: https://bazarr.${MY_TLD} homepage.icon: bazarr.png homepage.description: Subtitle automation for TV shows/movies homepage.widget.type: bazarr homepage.widget.url: http://bazarr:6767 homepage.widget.key: ${BAZARR_API_KEY} swag: enable swag_proto: http swag_port: 6767 swag.uptime-kuma.enabled: true networks: default: null ports: - 6767:6767 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/bazarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind beszel: container_name: beszel extra_hosts: - host.docker.internal:host-gateway image: henrygd/beszel:latest labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: Beszel homepage.href: https://beszel.${MY_TLD} homepage.icon: beszel.svg homepage.description: Lightweight server monitoring hub homepage.widget.type: beszel homepage.widget.url: http://beszel:8090 homepage.widget.username: ${SWAG_ENVIRONMENT_EMAIL} homepage.widget.password: ${BESZEL_ADMIN_PASSWORD} homepage.widget.version: 2 swag: enable swag_proto: http swag_port: 8090 swag_url: beszel.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://beszel.${MY_TLD} ports: - 22220:8090 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/beszel:/beszel_data beszel-agent: container_name: beszel-agent depends_on: - beszel environment: DOCKER_HOST: tcp://dockerproxy:2375 PORT: 45876 # Do not remove quotes around the key KEY: '${BESZEL_RINOA_AGENT_KEY}' expose: - 45876 image: henrygd/beszel-agent:latest network_mode: host restart: unless-stopped volumes: - /rinoa-storage:/extra-filesystems/rinoa-storage:ro - /dev/nvme0n1:/extra-filesystems/nvme0n1:ro bitmagnet: command: - worker - run - --keys=http_server - --keys=queue_server - --keys=dht_crawler container_name: bitmagnet depends_on: bitmagnet-pg-db: condition: service_healthy required: true gluetun: condition: service_started required: true restart: true environment: LOG_FILE_ROTATION_ENABLED: true POSTGRES_HOST: bitmagnet-pg-db POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} POSTGRES_USER: bitmagnet image: ghcr.io/bitmagnet-io/bitmagnet:latest labels: homepage.group: Downloaders homepage.name: Bitmagnet homepage.href: https://btmag.${MY_TLD} homepage.icon: sh-bitmagnet.png homepage.description: Torrent indexer, DHT crawler, search engine, & content classifier homepage.widget.type: gluetun homepage.widget.url: http://gluetun:8000 swag: enable swag_proto: http swag_address: gluetun swag_auth: authelia swag_auth_bypass: /v1 swag_port: 3333 swag_url: btmag.${MY_TLD} network_mode: service:gluetun restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/bitmagnet target: /root/.local/share/bitmagnet type: bind bind: create_host_path: true bitmagnet-pg-db: container_name: bitmagnet-pg-db environment: POSTGRES_DB: bitmagnet POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD} POSTGRES_USER: bitmagnet expose: - 5432 healthcheck: interval: 10s start_period: 20s test: - CMD-SHELL - pg_isready image: postgres:17-alpine networks: bitmagnet: ipv4_address: 192.168.55.8 restart: unless-stopped shm_size: 1g volumes: - source: bitmagnet-pg-db target: /var/lib/postgresql/data type: volume volume: {} bitwarden: container_name: bitwarden environment: ADMIN_TOKEN: ${BITWARDEN_ENVIRONMENT_ADMIN_TOKEN} DATABASE_URL: data/db.sqlite3 DISABLE_ADMIN_TOKEN: "false" DOMAIN: https://bitwarden.${MY_TLD} ENABLE_DB_WAL: "true" INVITATIONS_ALLOWED: "false" SHOW_PASSWORD_HINT: "false" SIGNUPS_ALLOWED: "true" SIGNUPS_VERIFY: "true" TZ: America/New_York WEBSOCKET_ENABLED: "true" hostname: Rinoa image: vaultwarden/server:latest labels: homepage.group: Privacy/Security homepage.name: Bitwarden homepage.icon: bitwarden.png homepage.href: https://bitwarden.${MY_TLD} homepage.description: Credential/Information Vault swag: enable swag_url: bitwarden.${MY_TLD} swag_proto: http swag_port: 80 swag.uptime-kuma.enabled: true networks: default: null ports: - 3012:3012 - 8013:80 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/bitwarden target: /data type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind bluesky-pds: container_name: bluesky-pds environment: PDS_ADMIN_EMAIL: charish.patel@trez.wtf PDS_HOSTNAME: bsky.trez.wtf PDS_JWT_SECRET: ${BLUESKY_PDS_JWT_SECRET} PDS_ADMIN_PASSWORD: ${BLUESKY_PDS_ADMIN_PASSWORD} PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${BLUESKY_PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX} PDS_DATA_DIRECTORY: /pds PDS_EMAIL_SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 PDS_EMAIL_FROM_ADDRESS: noreply@trez.wtf PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks PDS_BLOB_UPLOAD_LIMIT: 52428800 PDS_DID_PLC_URL: ${PDS_DID_PLC_URL} PDS_BSKY_APP_VIEW_URL: ${PDS_BSKY_APP_VIEW_URL} PDS_BSKY_APP_VIEW_DID: ${PDS_BSKY_APP_VIEW_DID} PDS_REPORT_SERVICE_URL: ${PDS_REPORT_SERVICE_URL} PDS_REPORT_SERVICE_DID: ${PDS_REPORT_SERVICE_DID} PDS_CRAWLERS: ${PDS_CRAWLERS} LOG_ENABLED: true expose: - 3000 image: ghcr.io/bluesky-social/pds:latest labels: swag: enable swag_port: 3000 swag_url: bsky.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://bsky.${MY_TLD} restart: unless-stopped volumes: - type: bind source: ${DOCKER_VOLUME_CONFIG}/bluesky-pds target: /pds browserless: container_name: browserless environment: ALLOW_FILE_PROTOCOL: true CONCURRENT: 20 HEALTH: false PROXY_HOST: swag PROXY_PORT: 443 PROXY_SSL: true QUEUED: 20 TIMEOUT: 300000 TOKEN: ${CHROMIUM_TOKEN} TZ: ${TZ} expose: - 3000 image: ghcr.io/browserless/chromium:latest labels: swag: enable swag_proto: http swag_port: 3000 swag_url: browse.${MY_TLD} networks: default: null restart: unless-stopped castopod: container_name: castopod depends_on: mariadb: condition: service_started required: true restart: true environment: MYSQL_DATABASE: castopod MYSQL_USER: castopod MYSQL_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} CP_DATABASE_HOSTNAME: mariadb CP_DATABASE_NAME: castopod CP_DATABASE_USERNAME: castopod CP_DATABASE_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD} CP_BASEURL: "https://pod.trez.wtf" CP_ANALYTICS_SALT: ${CASTOPOD_ANALYTICS_SALT} CP_CACHE_HANDLER: redis CP_DISABLE_HTTPS: 0 CP_REDIS_HOST: redis CP_EMAIL_SMTP_HOST: postal-smtp CP_EMAIL_FROM: noreply@trez.wtf CP_EMAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER} CP_EMAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} expose: - 8000 image: castopod/castopod:latest labels: homepage.group: Social homepage.name: Castopod homepage.href: https://pod.${MY_TLD} homepage.icon: castopod.png homepage.description: Podcast self-hosting swag: enable swag_address: castopod swag_port: 8000 swag_url: pod.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://pod.${MY_TLD} restart: unless-stopped volumes: - castopod-media:/var/www/castopod/public/media cloudflared: command: ['tunnel', '--no-autoupdate', 'run', '--token', '${CLOUDFLARED_TUNNEL_TOKEN}'] container_name: cloudflared environment: CLOUDFLARED_TUNNEL_KEY: ${CLOUDFLARED_TUNNEL_TOKEN} image: 'cloudflare/cloudflared:latest' restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/cloudflared:/etc/cloudflared cloudflareddns: container_name: cloudflareddns environment: ARGS: --dns-cloudflare-propagation-seconds 60 CF_APIKEY: ${CLOUDFLAREDDNS_ENVIRONMENT_APIKEY} CF_APITOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN} CF_HOSTS: trez.wtf CF_RECORDTYPES: A CF_USER: charish.patel@trez.wtf CF_ZONES: trez.wtf DETECTION_MODE: dig-google.com INTERVAL: "300" LOG_LEVEL: "3" PGID: "1000" PUID: "1000" TZ: America/New_York hostname: Rinoa image: ghcr.io/hotio/cloudflareddns:latest networks: default: null restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/cloudflareddns target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind convertx: container_name: convertx environment: JWT_SECRET: ${CONVERTX_JWT_SECRET} image: ghcr.io/c4illin/convertx labels: homepage.group: System Administration homepage.name: ConvertX homepage.href: https://convert.${MY_TLD} homepage.icon: sh-convertx.png homepage.description: Online file converter swag: enable swag_port: 3000 swag_proto: http swag_url: convert.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://convert.${MY_TLD} ports: - 38946:3000 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/convertx:/app/data cronicle: container_name: cronicle entrypoint: manager environment: CRONICLE_manager: 1 CRONICLE_secret_key: "${CRONICLE_SECRET_KEY}" DOCKER_HOST: tcp://dockerproxy:2375 hostname: cronicle image: elestio/cronicle:latest labels: homepage.group: Automation homepage.name: Cronicle homepage.href: https://cron.${MY_TLD} homepage.icon: sh-cronicle.png homepage.description: Multi-server task schedule with a web interface swag: enable swag_port: 3012 swag_proto: http swag_url: cron.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://cron.${MY_TLD} ports: - 31037:3012 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/cronicle/data:/opt/cronicle/data - ${DOCKER_VOLUME_CONFIG}/cronicle/logs:/opt/cronicle/logs - ${DOCKER_VOLUME_CONFIG}/cronicle/plugins:/opt/cronicle/plugins - ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app crowdsec: container_name: crowdsec environment: DOCKER_HOST: tcp://dockerproxy:2375 GID: 1000 BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY} COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables image: crowdsecurity/crowdsec:latest networks: default: null ports: - 8101:8080 restart: unless-stopped security_opt: - no-new-privileges=true volumes: - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local target: /etc/crowdsec/config.yaml.local type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local target: /etc/crowdsec/local_api_credentials.yaml.local type: bind bind: create_host_path: true - read_only: true source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx target: /var/log/swag type: bind bind: create_host_path: true - source: crowdsec-config target: /etc/crowdsec type: volume volume: {} - source: crowdsec-db target: /var/lib/crowdsec/data type: volume volume: {} - bind: create_host_path: true read_only: true source: /var/log/journal target: /var/log/host type: bind crowdsec-dashboard: container_name: crowdsec-dashboard depends_on: crowdsec: condition: service_started required: true environment: MB_DB_FILE: /data/metabase.db MGID: ${GID-1000} image: metabase/metabase labels: com.centurylinklabs.watchtower.enable: false homepage.group: Privacy/Security homepage.name: CrowdSec Dashboard homepage.href: https://csec.${MY_TLD} homepage.icon: crowdsec.svg homepage.description: Real-time & crowdsourced protection against aggressive IPs homepage.widget.type: crowdsec homepage.widget.url: http://crowdsec:8080 homepage.widget.username: localhost homepage.widget.password: ${CROWDSEC_LOCAL_API_KEY} swag: enable swag_port: 3000 swag_proto: http swag_url: csec.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://csec.${MY_TLD} networks: default: null ports: - 8908:3000 restart: always volumes: - source: crowdsec-db target: /data/ type: volume volume: {} czkawka: container_name: czkawka environment: KEEP_APP_RUNNING: 1 PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} UMASK: 1 WEB_LISTENING_PORT: 5800 image: jlesage/czkawka labels: homepage.group: System Administration homepage.name: Czkawka homepage.href: https://czkawka.${MY_TLD} homepage.icon: sh-czkawka.svg homepage.description: Smart file management swag: enable swag_port: 5800 swag_proto: http swag_url: czkawka.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://czkawka.${MY_TLD} networks: default: null ports: - 5800:5800 privileged: true restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/czkawka target: /config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE} target: /storage type: bind bind: create_host_path: true dawarich-app: command: ['bin/rails', 'server', '-p', '3000', '-b', '::'] container_name: dawarich-app depends_on: dawarich-pg-db: condition: service_healthy restart: true redis: condition: service_started restart: true deploy: resources: limits: cpus: '0.50' # Limit CPU usage to 50% of one core memory: '4G' # Limit memory usage to 4GB entrypoint: web-entrypoint.sh environment: RAILS_ENV: development REDIS_URL: redis://redis:6379/ DATABASE_HOST: dawarich-pg-db DATABASE_USERNAME: dawarich DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD} DATABASE_NAME: dawarich MIN_MINUTES_SPENT_IN_CITY: 60 APPLICATION_HOSTS: localhost,loc.trez.wtf,192.168.1.254 TIME_ZONE: ${TZ} APPLICATION_PROTOCOL: http DISTANCE_UNIT: km PROMETHEUS_EXPORTER_ENABLED: false PROMETHEUS_EXPORTER_HOST: 0.0.0.0 PROMETHEUS_EXPORTER_PORT: 9394 ENABLE_TELEMETRY: false # More on telemetry: https://dawarich.app/docs/tutorials/telemetry healthcheck: test: [ "CMD-SHELL", "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'" ] interval: 10s retries: 30 start_period: 30s timeout: 10s image: freikin/dawarich:latest labels: homepage.group: Personal Services homepage.name: Dawarich homepage.href: https://loc.${MY_TLD} homepage.icon: dawarich.svg homepage.description: Self-hosted alternative to Google Location History swag: enable swag_port: 3000 swag_proto: http swag_url: loc.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://loc.${MY_TLD} ports: - 63561:3000 # - 9394:9394 # Prometheus exporter, uncomment if needed restart: on-failure stdin_open: true tty: true volumes: - dawarich_public:/var/app/public - dawarich_watched:/var/app/tmp/imports/watched - ${DOCKER_VOLUME_CONFIG}/dawarich/web-entrypoint.sh:/usr/local/bin/web-entrypoint.sh dawarich-pg-db: container_name: dawarich-pg-db environment: POSTGRES_DB: dawarich POSTGRES_USER: dawarich POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD} healthcheck: test: [ "CMD-SHELL", "pg_isready -U postgres -d dawarich_development" ] interval: 10s retries: 5 start_period: 30s timeout: 10s image: postgis/postgis:17-3.5-alpine restart: always shm_size: 1G volumes: - dawarich_db_data:/var/lib/postgresql/data - dawarich_shared:/var/shared dawarich-sidekiq: command: ['sidekiq'] container_name: dawarich-sidekiq entrypoint: sidekiq-entrypoint.sh environment: RAILS_ENV: development REDIS_URL: redis://redis:6379/ DATABASE_HOST: dawarich-pg-db DATABASE_USERNAME: dawarich DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD} DATABASE_NAME: dawarich APPLICATION_HOSTS: localhost,loc.trez.wtf BACKGROUND_PROCESSING_CONCURRENCY: 10 APPLICATION_PROTOCOL: http DISTANCE_UNIT: km PROMETHEUS_EXPORTER_ENABLED: false PROMETHEUS_EXPORTER_HOST: dawarich-app PROMETHEUS_EXPORTER_PORT: 9394 ENABLE_TELEMETRY: false # More on telemetry: https://dawarich.app/docs/tutorials/telemetry depends_on: dawarich-app: condition: service_healthy restart: true dawarich-pg-db: condition: service_healthy restart: true redis: condition: service_started restart: true deploy: resources: limits: cpus: '0.50' # Limit CPU usage to 50% of one core memory: '4G' # Limit memory usage to 4GB healthcheck: test: [ "CMD-SHELL", "bundle exec sidekiqmon processes | grep $${HOSTNAME}" ] interval: 10s retries: 30 start_period: 30s timeout: 10s image: freikin/dawarich:latest restart: on-failure stdin_open: true tty: true volumes: - dawarich_public:/var/app/public - dawarich_watched:/var/app/tmp/imports/watched - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh dbgate: container_name: dbgate environment: CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,mariadb,mastodon-pg-db,mongodb,pgbackweb,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,traccar-pg,zitadel-pg-db LOGIN: TrezOne PASSWORD: ${DBGATE_LOGIN_PASSWORD} LABEL_mariadb: mariadb SERVER_mariadb: mariadb USER_mariadb: root PASSWORD_mariadb: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} PORT_mariadb: 3306 ENGINE_mariadb: mariadb@dbgate-plugin-mysql LABEL_authelia-pg: authelia-pg SERVER_authelia-pg: authelia-pg USER_authelia-pg: authelia DATABASE_authelia-pg: authelia PASSWORD_authelia-pg: ${BITMAGNET_POSTGRESQL_PASSWORD} PORT_authelia-pg: 5432 ENGINE_authelia-pg: postgres@dbgate-plugin-postgres LABEL_bitmagnet-pg-db: bitmagnet-pg-db SERVER_bitmagnet-pg-db: bitmagnet-pg-db USER_bitmagnet-pg-db: bitmagnet-pg DATABASE_bitmagnet-pg-db: bitmagnet PASSWORD_bitmagnet-pg-db: ${BITMAGNET_POSTGRESQL_PASSWORD} PORT_bitmagnet-pg-db: 5432 ENGINE_bitmagnet-pg-db: postgres@dbgate-plugin-postgres LABEL_gitea-db: gitea-db SERVER_gitea-db: gitea-db USER_gitea-db: gitea PASSWORD_gitea-db: ${GITEA_PG_DB_PASSWORD} DATABASE_gitea-db: gitea PORT_gitea-db: 5432 ENGINE_gitea-db: postgres@dbgate-plugin-postgres LABEL_invidious-db: invidious-db SERVER_invidious-db: invidious-db USER_invidious-db: kemal PASSWORD_invidious-db: ${INVID_PG_DB_PASSWORD} PORT_invidious-db: 5432 DATABASE_invidious-db: invidious ENGINE_invidious-db: postgres@dbgate-plugin-postgres LABEL_joplin-db: joplin-db SERVER_joplin-db: joplin-db USER_joplin-db: ${JOPLIN_POSTGRES_USER} PASSWORD_joplin-db: ${JOPLIN_POSTGRES_DATABASE} DATABASE_joplin-db: joplin PORT_joplin-db: 5432 ENGINE_joplin-db: postgres@dbgate-plugin-postgres LABEL_mastodon-pg-db: mastodon-pg-db SERVER_mastodon-pg-db: mastodon-pg-db USER_mastodon-pg-db: mastodon PASSWORD_mastodon-pg-db: ${MASTODON_PG_DB_PASSWORD} DATABASE_mastodon-pg-db: mastodon PORT_mastodon-pg-db: 5432 ENGINE_mastodon-pg-db: postgres@dbgate-plugin-postgres LABEL_mongodb: mongodb SERVER_mongodb: mongodb USER_mongodb: root PASSWORD_mongodb: ${MONGO_INITDB_ROOT_PASSWORD} PORT_mongodb: 27017 DATABSE_mongodb: admin # URI_mongodb: mongodb://root:${MONGO_INITDB_ROOT_PASSWORD}@mongodb:27017/admin?replicaSet=rinoa ENGINE_mongodb: mongo@dbgate-plugin-mongo-v2 LABEL_pgbackweb-db: pgbackweb-db SERVER_pgbackweb-db: pgbackweb-db USER_pgbackweb-db: pgbackweb PASSWORD_pgbackweb-db: ${PGBACKWEB_PG_DB_PASSWD} PORT_pgbackweb-db: 5432 ENGINE_pgbackweb-db: postgres@dbgate-plugin-postgres LABEL_plausible-db: plausible-db SERVER_plausible-db: plausible-db USER_plausible-db: plausible PASSWORD_plausible-db: ${PLAUSIBLE_PG_PASSWORD} PORT_plausible-db: 5432 ENGINE_plausible-db: postgres@dbgate-plugin-postgres LABEL_reactive-resume-pg: reactive-resume-pg SERVER_reactive-resume-pg: reactive-resume-pg USER_reactive-resume-pg: reactiveresume PASSWORD_reactive-resume-pg: ${REACTIVE_RESUME_PGSQL_PASSWORD} PORT_reactive-resume-pg: 5432 ENGINE_reactive-resume-pg: postgres@dbgate-plugin-postgres LABEL_sonarqube-pg-db: sonarqube-pg-db SERVER_sonarqube-pg-db: sonarqube-pg-db USER_sonarqube-pg-db: sonar PASSWORD_sonarqube-pg-db: ${SONARQUBE_POSTGRES_PASSWORD} PORT_sonarqube-pg-db: 5432 ENGINE_sonarqube-pg-db: postgres@dbgate-plugin-postgres LABEL_tandoor-pg: tandoor-pg SERVER_tandoor-pg: tandoor-pg USER_tandoor-pg: tandoor PASSWORD_tandoor-pg: ${TANDOOR_POSTGRES_PASSWORD} PORT_tandoor-pg: 5432 ENGINE_tandoor-pg: postgres@dbgate-plugin-postgres LABEL_traccar-pg: traccar-pg SERVER_traccar-pg: traccar-pg USER_traccar-pg: ${TRACCAR_POSTGRES_USER} PASSWORD_traccar-pg: ${TRACCAR_POSTGRES_PASSWORD} PORT_traccar-pg: 5432 ENGINE_traccar-pg: postgres@dbgate-plugin-postgres LABEL_zitadel-pg-db: zitadel-pg-db SERVER_zitadel-pg-db: zitadel-pg-db USER_zitadel-pg-db: root PASSWORD_zitadel-pg-db: ${ZITADEL_DB_ADMIN_PASSWORD} PORT_zitadel-pg-db: 5432 ENGINE_zitadel-pg-db: postgres@dbgate-plugin-postgres image: dbgate/dbgate:alpine labels: homepage.group: System Administration homepage.name: DbGate homepage.href: https://dbs.${MY_TLD} homepage.icon: sh-dbgate.png homepage.description: Cross-platform database manager swag: enable swag_port: 3000 swag_proto: http swag_url: dbs.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD} ports: - 49054:3000 restart: unless-stopped volumes: - dbgate-data:/root/.dbgate delugevpn: cap_add: - NET_ADMIN - SYS_MODULE container_name: delugevpn environment: ENABLE_PRIVOXY: "no" LAN_NETWORK: 192.168.1.0/24 NAME_SERVERS: 192.168.1.254,1.1.1.1 PGID: "1000" PUID: "1000" TZ: America/New_York VPN_CLIENT: openvpn VPN_ENABLED: "yes" VPN_INPUT_PORTS: "" VPN_OPTIONS: "" VPN_OUTPUT_PORTS: "" VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA VPN_PROV: pia VPN_USER: p3120278 hostname: Rinoa image: ghcr.io/binhex/arch-delugevpn:latest labels: homepage.group: Downloaders homepage.name: DelugeVPN homepage.href: https://deluge.${MY_TLD} homepage.icon: deluge.png homepage.description: Torrent over VPN homepage.widget.type: deluge homepage.widget.url: http://delugevpn:8112 homepage.widget.password: ${DELUGEVPN_PASSWORD} swag: enable swag_port: 8112 swag_proto: http swag_url: deluge.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://deluge.${MY_TLD} networks: default: null ports: - 58846:58846 - 58946:58946 - 6881:6881 - 8112:8112 - 8118:8118 privileged: true restart: unless-stopped sysctls: net.ipv4.conf.all.src_valid_mark: "1" volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/delugevpn target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind docker-socket-proxy: container_name: dockerproxy environment: AUTH: 1 BUILD: 1 COMMIT: 1 CONFIGS: 1 CONTAINERS: 1 DISTRIBUTION: 1 EVENTS: 1 EXEC: 1 GPRC: 1 IMAGES: 1 INFO: 1 NETWORKS: 1 NODES: 1 POST: 1 PLUGINS: 1 SERVICES: 1 SESSION: 1 SYSTEM: 1 TASKS: 1 VOLUMES: 1 LOG_LEVEL: debug image: ghcr.io/tecnativa/docker-socket-proxy:latest labels: komodo.skip: s networks: default: null ports: - 2375:2375 privileged: true restart: unless-stopped volumes: - bind: create_host_path: true source: /var/run/docker.sock target: /var/run/docker.sock type: bind docuseal: container_name: docuseal image: docuseal/docuseal:latest labels: homepage.group: Personal Services homepage.name: Docuseal homepage.href: https://docs.${MY_TLD} homepage.description: OSS Document Signing & Verification homepage.icon: docuseal.png swag: enable swag_proto: http swag_port: 3000 swag_url: sign.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://sign.${MY_TLD} networks: default: null ports: - 3002:3000 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/docuseal target: /data type: bind bind: create_host_path: true duplicati: container_name: duplicati environment: PGID: "1000" PUID: "1000" TZ: America/New_York hostname: Rinoa image: lscr.io/linuxserver/duplicati:latest labels: swag: enable swag_port: 8200 swag_proto: http swag_url: dup.${MY_TLD} homepage.group: Automation homepage.name: Duplicati homepage.href: https://dup.${MY_TLD} homepage.icon: duplicati.png homepage.description: Data backup networks: default: null ports: - 8282:8200 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/duplicati target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true source: /home/charish/.config/appdata/backups target: /backups type: bind - bind: create_host_path: true source: /home/charish/.config/appdata target: /source type: bind fastenhealth: container_name: fastenhealth image: ghcr.io/fastenhealth/fasten-onprem:main labels: homepage.group: Lifestyle homepage.name: Fasten homepage.icon: sh-fasten-health.svg homepage.href: http://health.${MY_TLD} homepage.description: Open-source, self-hosted, personal/family electronic medical record aggregator swag: enable swag_proto: http swag_port: 8080 swag_url: health.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://health.${MY_TLD} networks: default: null ports: - 8105:8080 restart: unless-stopped volumes: - source: fastenhealth-cache target: /opt/fasten/cache type: volume volume: {} - source: fastenhealth-db target: /opt/fasten/db type: volume volume: {} flaresolverr: container_name: flaresolverr environment: CAPTCHA_SOLVER: none LOG_HTML: false LOG_LEVEL: info PORT: 8191 TZ: America/New_York BROWSER_TIMEOUT: 40000 TEST_URL: https://duckduckgo.com hostname: Rinoa image: ghcr.io/flaresolverr/flaresolverr:latest networks: default: null ports: - 8191:8191 restart: unless-stopped sysctls: - net.ipv6.conf.all.disable_ipv6=1 volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind ghost: container_name: ghost_blog depends_on: mariadb: condition: service_started required: true restart: true environment: database__client: mysql database__connection__host: mariadb database__connection__port: 3306 database__connection__user: ${GHOST_DB_USER} database__connection__password: ${GHOST_DB_PASSWORD} database__connection__database: ghost_db mail__transport: SMTP mail__options__host: postal-smtp mail__options__port: 25 mail__options__secure: false mail__options__auth__user: ${POSTAL_SMTP_AUTH_USER} mail__options__auth__pass: ${POSTAL_SMTP_AUTH_PASSWORD} mail__from: "noreply@trez.wtf" url: https://blog.${MY_TLD} image: ghost:latest labels: homepage.group: Lifestyle homepage.name: Ghost homepage.href: https://blog.${MY_TLD} homepage.icon: ghost.png homepage.description: Personal blog swag: enable swag_port: 2368 swag_proto: http swag_url: blog.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://blog.${MY_TLD} links: - mariadb networks: default: null restart: always gitea: container_name: gitea depends_on: gitea-db: condition: service_healthy required: true environment: USER_UID: ${PUID} USER_GID: ${PGID} GITEA__database__DB_TYPE: postgres GITEA__database__HOST: gitea-db:5432 GITEA__database__NAME: gitea GITEA__database__USER: gitea GITEA__database__PASSWD: ${GITEA_PG_DB_PASSWORD} GITEA__mailer__ENABLED: true GITEA__mailer__FROM: '"Gitea" ' GITEA__mailer__PROTOCOL: smtp GITEA__mailer__SMTP_ADDR: postal-smtp GITEA__mailer__SMTP_PORT: 25 GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER} GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD} image: gitea/gitea:1.23.1 labels: homepage.group: Code/DevOps homepage.name: Gitea homepage.href: https://git.${MY_TLD} homepage.icon: gitea.svg homepage.description: Private Code Repo homepage.widget.type: gitea homepage.widget.url: http://gitea:3000 homepage.widget.key: ${GITEA_HOMEPAGE_API_KEY} swag: enable swag_url: git.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://git.${MY_TLD} networks: default: null ports: - 3013:3000 - 222:22 restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/gitea target: /data/gitea type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/timezone target: /etc/timezone type: bind - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind gitea-db: container_name: gitea-db environment: POSTGRES_USER: gitea POSTGRES_PASSWORD: ${GITEA_PG_DB_PASSWORD} POSTGRES_DB: gitea expose: - 5432 healthcheck: interval: 10s start_period: 20s test: - CMD-SHELL - pg_isready image: postgres:14 networks: default: null restart: always volumes: - source: gitea-pg-db target: /var/lib/postgresql/data type: volume volume: {} gitea-opengist: container_name: gitea-opengist environment: OG_LOG_LEVEL: warn OG_EXTERNAL_URL: https://gist.trez.wtf OG_GIT_DEFAULT_BRANCH: "main" OG_GITEA_CLIENT_KEY: ${OPENGIST_GITEA_CLIENT_KEY} OG_GITEA_SECRET: ${OPENGIST_GITEA_SECRET} OG_GITEA_URL: https://git.trez.wtf OG_GITEA_NAME: "Gitea @ Rinoa" OG_SSH_EXTERNAL_DOMAIN: gist-ssh.trez.wtf image: ghcr.io/thomiceli/opengist:latest labels: homepage.description: Private Code Gists homepage.group: Code/DevOps homepage.href: https://gist.trez.wtf homepage.icon: sh-opengist.svg homepage.name: Opengist swag: enable swag.uptime-kuma.enabled: "true" swag.uptime-kuma.monitor.url: https://gist.trez.wtf swag_port: "6157" swag_proto: http swag_url: gist.trez.wtf ports: - "6157:6157" # HTTP port - "2222:2222" # SSH port, can be removed if you don't use SSH restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/gitea/opengist:/opengist gitea-runner: container_name: gitea-runner depends_on: gitea: condition: service_started environment: CONFIG_FILE: /config.yaml DOCKER_HOST: tcp://dockerproxy:2375 GITEA_INSTANCE_URL: https://git.trez.wtf GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" GITEA_RUNNER_NAME: "gitea-runner-1" image: gitea/act_runner:latest ports: - 63604:63604 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml gitea-sonarqube-bot: container_name: gitea-sonarqube-bot depends_on: gitea: condition: service_started sonarqube: condition: service_started image: justusbunsi/gitea-sonarqube-bot:v0.4.0 environment: GITEA_SQ_BOT_PORT: 58525 GITEA_SQ_BOT_CONFIG_PATH: /home/bot/config/config.yaml ports: - 58525:58525 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/ gluetun: cap_add: - NET_ADMIN container_name: gluetun environment: OPENVPN_PASSWORD: ${DELUGEVPN_ENVIRONMENT_VPN_PASS} OPENVPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER} PORT_FORWARD_ONLY: true SERVER_REGIONS: Bahamas,Belgium,Cyprus,Estonia,FI Helsinki,Iceland,Latvia,Lithuania,Luxembourg,Montenegro,Netherlands,Portugal,DK Copenhagen,Ukraine,Uruguay VPN_SERVICE_PROVIDER: private internet access expose: - 8000 extra_hosts: - bitmagnet-pg-db:192.168.55.8 image: qmcgaw/gluetun:latest networks: bitmagnet: ipv4_address: 192.168.55.7 default: null ports: - 3333:3333 - 3334:3334 - 5030:5030 - 5031:5031 - 50300:50300 restart: always gotify: container_name: gotify environment: GOTIFY_SERVER_PORT: 80 GOTIFY_SERVER_KEEPALIVEPERIODSECONDS: 0 GOTIFY_SERVER_LISTENADDR: GOTIFY_SERVER_SSL_ENABLED: false GOTIFY_SERVER_SSL_REDIRECTTOHTTPS: true GOTIFY_SERVER_SSL_LISTENADDR: GOTIFY_SERVER_SSL_PORT: 443 GOTIFY_SERVER_SSL_CERTFILE: GOTIFY_SERVER_SSL_CERTKEY: GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED: false GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS: false GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE: certs GOTIFY_SERVER_STREAM_PINGPERIODSECONDS: 45 GOTIFY_DATABASE_DIALECT: sqlite3 GOTIFY_DATABASE_CONNECTION: data/gotify.db GOTIFY_DEFAULTUSER_NAME: admin GOTIFY_DEFAULTUSER_PASS: ${GOTIFY_PASSWORD} GOTIFY_PASSSTRENGTH: 10 GOTIFY_UPLOADEDIMAGESDIR: data/images GOTIFY_PLUGINSDIR: data/plugins GOTIFY_REGISTRATION: false image: gotify/server labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: Gotify homepage.href: https://gotify.${MY_TLD} homepage.icon: gotify.png homepage.description: Notification System homepage.widget.type: gotify homepage.widget.url: http://gotify homepage.widget.key: ${GOTIFY_HOMEPAGE_CLIENT_KEY} swag: enable swag_proto: http swag.uptime-kuma.enabled: true networks: default: null ports: - 8097:80 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/gotify target: /app/data type: bind bind: create_host_path: true guacamole: container_name: guacamole environment: DOCKER_HOST: tcp://dockerproxy:2375 EXTENSIONS: 'auth-totp' TZ: ${TZ} image: flcontainers/guacamole:latest labels: homepage.group: System Administration homepage.name: Guacamole homepage.description: Client-less remote desktop gateway homepage.href: https://guac.trez.wtf homepage.icon: guacamole.svg swag: enable swag_proto: http swag_port: 8080 swag_url: guac.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://guac.${MY_TLD} ports: - 62173:8080 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/guacamole/:/config - /etc/localtime:/etc/localtime:ro homepage: container_name: homepage image: ghcr.io/gethomepage/homepage:latest labels: swag_server_custom_directive: access_log /config/log/$$host_access.log ; error_log /config/log/$$host_error.log ; networks: default: null ports: - 3004:3000 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/homepage target: /app/config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/homepage/images target: /app/public/images type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/homepage/icons target: /app/public/icons type: bind bind: create_host_path: true - read_only: true source: ${DOCKER_VOLUME_STORAGE} target: /rinoa-storage type: bind bind: create_host_path: true hortusfox: container_name: hortusfox depends_on: mariadb: condition: service_started required: true restart: true environment: APP_ADMIN_EMAIL: charish.patel@trez.wtf APP_ADMIN_PASSWORD: ${HORTUSFOX_ADMIN_PASSWORD} DB_CHARSET: utf8mb4 DB_DATABASE: hortusfox DB_HOST: mariadb DB_PASSWORD: ${HORTUSFOX_DB_PASSWORD} DB_PORT: 3306 DB_USERNAME: hortusfox image: ghcr.io/danielbrendel/hortusfox-web:latest labels: swag: enable swag_proto: http swag_url: plants.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://plants.${MY_TLD} homepage.group: Lifestyle homepage.name: HortusFox homepage.href: https://plants.${MY_TLD} homepage.icon: hortusfox.png homepage.description: Plant management system networks: default: null ports: - 8006:80 restart: unless-stopped volumes: - source: hortusfox_app_images target: /var/www/html/public/img type: volume volume: {} - source: hortusfox_app_logs target: /var/www/html/app/logs type: volume volume: {} - source: hortusfox_app_backup target: /var/www/html/public/backup type: volume volume: {} - source: hortusfox_app_themes target: /var/www/html/public/themes type: volume volume: {} - source: hortusfox_app_migrate target: /var/www/html/app/migrations type: volume volume: {} hugo: command: hugo server --baseURL "it-services.trez.wtf" --bind 0.0.0.0 --appendPort=false --source=/src/it-services --configDir=/src/it-services/config/ -e production --logLevel debug container_name: hugo image: hugomods/hugo:exts labels: swag: enable swag_proto: http swag_port: 1313 swag_url: it-services.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://it-services.${MY_TLD} homepage.group: Professional Services homepage.name: Hugo homepage.href: https://it-services.${MY_TLD} homepage.icon: hugo.svg homepage.description: Static site networks: default: null ports: - 1313:1313 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/hugo/ target: /src type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/hugo/cache target: /tmp/hugo_cache type: bind bind: create_host_path: true immich-server: container_name: immich-server depends_on: redis: condition: service_started required: true immich-pg-db: condition: service_started required: true environment: DB_DATABASE_NAME: immich DB_HOSTNAME: immich-pg-db DB_PORT: 5432 DB_USERNAME: immich DB_PASSWORD: ${IMMICH_DB_PASSWORD} IMMICH_LOG_LEVEL: error IMMICH_TELEMETRY_INCLUDE: all healthcheck: disable: false image: ghcr.io/immich-app/immich-server:release labels: swag: enable swag_proto: http swag_port: 2283 swag_url: pics.${MY_TLD} swag_server_custom_directive: | location /share { proxy_pass http://immich-public-proxy:3000; } location /tools { proxy_pass http://immich-power-tools:3000; } swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://pics.${MY_TLD} homepage.group: Media Library homepage.name: Immich homepage.href: https://pics.${MY_TLD} homepage.icon: immich.svg homepage.description: High performance self-hosted photo and video management solution homepage.widget.type: immich homepage.widget.url: http://immich-server:2283 homepage.widget.key: ${IMMICH_POWER_TOOLS_KEY} homepage.widget.version: 2 ports: - 2283:2283 restart: always volumes: # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file - ${DOCKER_VOLUME_STORAGE}/Pics:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro immich-machine-learning: container_name: immich-machine-learning depends_on: immich-server: condition: service_started required: true healthcheck: disable: false image: ghcr.io/immich-app/immich-machine-learning:release restart: always volumes: - immich-model-cache:/cache immich-pg-db: command: >- postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on container_name: immich-pg-db environment: POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD} POSTGRES_USER: immich POSTGRES_DB: immich expose: - 5432 healthcheck: test: >- pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1; Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1 interval: 5m start_interval: 30s start_period: 5m image: tensorchord/pgvecto-rs:pg14-v0.2.1 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/immich/db:/var/lib/postgresql/data immich-public-proxy: container_name: immich-public-proxy depends_on: immich-server: condition: service_healthy required: true environment: IMMICH_URL: http://immich-server:2283 expose: - 3000 healthcheck: test: wget -q --spider http://localhost:3000/share/healthcheck || exit 1 start_period: 10s timeout: 5s image: alangrainger/immich-public-proxy:latest labels: homepage.group: Lifestyle homepage.name: Immich Public Proxy homepage.href: https://pics.${MY_TLD}/share homepage.icon: sh-immich-public-proxy.svg homepage.description: Immich Proxy for public sharing homepage.widget.type: immich homepage.widget.url: http://immich-server:2283 homepage.widget.key: ${IMMICH_POWER_TOOLS_KEY} homepage.widget.version: 2 restart: always immich-power-tools: container_name: immich-power-tools environment: DB_DATABASE_NAME: immich DB_HOSTNAME: immich-pg-db DB_PORT: 5432 DB_USERNAME: immich DB_PASSWORD: ${IMMICH_DB_PASSWORD} EXTERNAL_IMMICH_URL: https://pics.trez.wtf IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY} IMMICH_URL: http://immich-server:2283 image: ghcr.io/varun-raj/immich-power-tools:latest labels: homepage.group: Lifestyle homepage.name: Immich Power Tools homepage.href: https://pics.${MY_TLD}/tools homepage.icon: sh-immich-power-tools.png homepage.description: Tools for Immich ports: - 54018:3000 restart: unless-stopped influxdb2: container_name: influxdb2 environment: DOCKER_INFLUXDB_INIT_MODE: setup DOCKER_INFLUXDB_INIT_USERNAME: admin DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB2_ADMIN_PASSWORD} DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: /run/secrets/influxdb2-admin-token DOCKER_INFLUXDB_INIT_ORG: rinoa DOCKER_INFLUXDB_INIT_BUCKET: rinoa image: influxdb:2-alpine labels: swag: enable swag_proto: http swag_port: 8086 swag_url: influxdb.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://influxdb.${MY_TLD} homepage.group: System Administration homepage.name: InfluxDBv2 homepage.href: https://influxdb.${MY_TLD} homepage.icon: influxdb.svg homepage.description: Scalable datastore for metrics, events, and real-time analytics ports: - 8086:8086 restart: unless-stopped volumes: - influxdb2-data:/var/lib/influxdb2 - influxdb2-config:/etc/influxdb2 invidious: container_name: invidious depends_on: invidious-db: condition: service_started required: true environment: INVIDIOUS_CONFIG_FILE: /config.yml healthcheck: interval: 30s retries: 2 test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 timeout: 5s image: quay.io/invidious/invidious:latest labels: swag: enable swag_proto: http swag_port: 3000 swag_url: invid.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://invid.${MY_TLD} homepage.group: Social homepage.name: Invidious homepage.href: https://invid.${MY_TLD} homepage.icon: invidious.svg homepage.description: Alternative YouTube frontend (privacy-focused, ad-blocking) networks: default: null ports: - 3007:3000 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/invidious/config.yml:/config.yml invidious-sig-helper: cap_drop: - ALL command: ["--tcp", "0.0.0.0:12999"] container_name: invidious-sig-helper image: quay.io/invidious/inv-sig-helper:latest init: true environment: RUST_LOG: info expose: - 12999 restart: unless-stopped read_only: true security_opt: - no-new-privileges:true invidious-db: container_name: invidious-db environment: POSTGRES_DB: invidious POSTGRES_PASSWORD: ${INVID_PG_DB_PASSWORD} POSTGRES_USER: kemal healthcheck: test: - CMD-SHELL - pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB image: docker.io/library/postgres:14 networks: default: null restart: unless-stopped volumes: - source: invidious-postgres target: /var/lib/postgresql/data type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/invidious/sql target: /config/sql type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/invidious/entrypoint/init-invidious-db.sh target: /docker-entrypoint-initdb.d/init-invidious-db.sh type: bind bind: create_host_path: true invoice-ninja: container_name: invoice-ninja depends_on: mariadb: condition: service_started required: true restart: true environment: APP_DEBUG: true APP_KEY: ${IN_APP_KEY} APP_URL: http://invoice_ninja:8003 APP_ENV: /var/www/html/.env DB_DATABASE: invoice_ninja DB_HOST: mariadb DB_PASSWORD: ${IN_MYSQL_PASSWORD} DB_PORT: 3306 DB_USERNAME: ininja IN_PASSWORD: ${IN_PASSWORD} IN_USER_EMAIL: charish.patel@trez.wtf MAIL_ENCRYPTION: null MAIL_FROM_ADDRESS: noreply@trez.wtf MAIL_FROM_NAME: null MAIL_HOST: postal-smtp MAIL_MAILER: log MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} MAIL_PORT: 25 MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} MYSQL_DATABASE: invoice_ninja MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} MYSQL_USER: ininja PDF_GENERATOR: snappdf PHANTOMJS_PDF_GENERATION: false QUEUE_CONNECTION: database REQUIRE_HTTPS: false TRUSTED_PROXIES: 172.18.0.0/16 expose: - 9000 image: invoiceninja/invoiceninja-debian:5 networks: default: null ports: - 8003:8003 restart: always volumes: - invoice-ninja_cache:/var/www/html/bootstrap/cache - invoice-ninja_public:/var/www/html/public - invoice-ninja_storage:/var/www/html/storage invoice-ninja_proxy: container_name: invoice-ninja_proxy depends_on: invoice-ninja: condition: service_started required: true restart: true environment: APP_DEBUG: true APP_KEY: ${IN_APP_KEY} APP_URL: http://invoice_ninja:9000 DB_DATABASE: invoice_ninja DB_HOST: mariadb DB_PASSWORD: ${IN_MYSQL_PASSWORD} DB_PORT: 3306 DB_USERNAME: ininja IN_PASSWORD: ${IN_PASSWORD} IN_USER_EMAIL: charish.patel@trez.wtf MAIL_ENCRYPTION: null MAIL_FROM_ADDRESS: noreply@trez.wtf MAIL_FROM_NAME: null MAIL_HOST: postal-smtp MAIL_MAILER: log MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} MAIL_PORT: 25 MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER} MYSQL_DATABASE: invoice_ninja MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD} MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} MYSQL_USER: ininja PDF_GENERATOR: snappdf PHANTOMJS_PDF_GENERATION: false QUEUE_CONNECTION: database REQUIRE_HTTPS: false TRUSTED_PROXIES: 172.18.0.0/16 image: nginx labels: swag: enable swag_proto: http swag_url: biz.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://biz.${MY_TLD} homepage.group: Professional Services homepage.name: Invoice Ninja homepage.href: https://biz.${MY_TLD} homepage.icon: invoice-ninja.svg homepage.description: Simple invoicing, multiple payment options, expense and vendor management, and more! networks: default: null ports: - 8005:80 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/nginx:/etc/nginx/conf.d:ro - invoice-ninja_public:/var/www/html/public - invoice-ninja_storage:/var/www/html/storage it-tools: container_name: it-tools image: ghcr.io/corentinth/it-tools:latest labels: swag: enable swag_proto: http swag_url: itt.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://itt.${MY_TLD} homepage.group: Code/DevOps homepage.name: IT-Tools homepage.href: https://itt.${MY_TLD} homepage.icon: it-tools.svg homepage.description: Useful tools for developers and people working in IT networks: default: null ports: - 8104:80 restart: unless-stopped jellyfin: container_name: jellyfin environment: JELLYFIN_PublishedServerUrl: https://jf.trez.wtf image: jellyfin/jellyfin labels: homepage.group: Media Library homepage.name: Jellyfin homepage.icon: jellyfin.svg homepage.href: https://jf.${MY_TLD} homepage.description: Movie/TV Streaming homepage.widget.type: jellyfin homepage.widget.url: http://jellyfin:8096 homepage.widget.key: ${JELLYFIN_API_KEY} homepage.widget.enableBlocks: true homepage.widget.enableNowPlaying: true homepage.widget.enableUser: true homepage.widget.showEpisodeNumber: true homepage.widget.expandOneStreamToTwoRows: false swag: enable swag_url: jf.${MY_TLD} swag_port: 8096 swag_proto: http swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://jf.${MY_TLD} ports: - 8487:8096 - 7359:7359 - 1900:1900 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/jellyfin:/config - ${DOCKER_VOLUME_CONFIG}/jellyfin/cache:/cache - ${DOCKER_VOLUME_STORAGE}/TV_Shows:/storage/tv - ${DOCKER_VOLUME_STORAGE}/Movies:/storage/movies - /etc/localtime:/etc/localtime - /usr/share/fonts:/usr/local/share/fonts/custom jitsi-etherpad: container_name: jitsi-etherpad environment: TITLE: ${JITSI__ETHERPAD_TITLE} DEFAULT_PAD_TEXT: ${JITSI__ETHERPAD_DEFAULT_PAD_TEXT} SKIN_NAME: ${JITSI__ETHERPAD_SKIN_NAME} SKIN_VARIANTS: ${JITSI__ETHERPAD_SKIN_VARIANTS} SUPPRESS_ERRORS_IN_PAD_TEXT: true image: etherpad/etherpad:1.8.6 networks: default: null restart: unless-stopped jitsi-jibri: cap_add: - SYS_ADMIN container_name: jitsi-jibri depends_on: jitsi-jicofo: condition: service_started required: true environment: AUTOSCALER_SIDECAR_KEY_FILE: AUTOSCALER_SIDECAR_KEY_ID: AUTOSCALER_SIDECAR_GROUP_NAME: AUTOSCALER_SIDECAR_HOST_ID: AUTOSCALER_SIDECAR_INSTANCE_ID: AUTOSCALER_SIDECAR_PORT: AUTOSCALER_SIDECAR_REGION: AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL: AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL: AUTOSCALER_URL: CHROMIUM_FLAGS: DISPLAY: :0 ENABLE_STATS_D: JIBRI_WEBHOOK_SUBSCRIBERS: JIBRI_HTTP_API_EXTERNAL_PORT: JIBRI_HTTP_API_INTERNAL_PORT: JIBRI_RECORDING_RESOLUTION: JIBRI_RECORDING_VIDEO_ENCODE_PRESET: JIBRI_RECORDING_CONSTANT_RATE_FACTOR: JIBRI_RECORDING_FRAMERATE: JIBRI_RECORDING_QUEUE_SIZE: JIBRI_RECORDING_STREAMING_MAX_BITRATE: JIBRI_USAGE_TIMEOUT: JIBRI_XMPP_USER: JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD} JIBRI_BREWERY_MUC: JIBRI_RECORDER_USER: jibri-recorder JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD} JIBRI_RECORDING_DIR: JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: JIBRI_STRIP_DOMAIN_JID: JIBRI_STATSD_HOST: JIBRI_STATSD_PORT: LOCAL_ADDRESS: PUBLIC_URL: ${JITSI__PUBLIC_URL} TZ: ${JITSI__TZ} XMPP_AUTH_DOMAIN: XMPP_DOMAIN: XMPP_INTERNAL_MUC_DOMAIN: XMPP_MUC_DOMAIN: XMPP_RECORDER_DOMAIN: XMPP_SERVER: XMPP_PORT: XMPP_TRUST_ALL_CERTS: image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable} networks: default: null restart: unless-stopped shm_size: 2gb volumes: - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri target: /config type: bind bind: create_host_path: true jitsi-jicofo: container_name: focus.meet.jitsi depends_on: jitsi-prosody: condition: service_started required: true environment: AUTH_TYPE: BRIDGE_AVG_PARTICIPANT_STRESS: BRIDGE_STRESS_THRESHOLD: ENABLE_AUTH: ENABLE_AUTO_OWNER: ENABLE_CODEC_VP8: ENABLE_CODEC_VP9: ENABLE_CODEC_H264: ENABLE_CODEC_OPUS_RED: ENABLE_JVB_XMPP_SERVER: ENABLE_OCTO: ENABLE_RECORDING: 1 ENABLE_SCTP: ENABLE_AUTO_LOGIN: JICOFO_AUTH_LIFETIME: JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD} JICOFO_AUTH_TYPE: JICOFO_BRIDGE_REGION_GROUPS: JICOFO_ENABLE_AUTH: JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS: JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT: JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT: JICOFO_CONF_SOURCE_SIGNALING_DELAYS: JICOFO_CONF_MAX_AUDIO_SENDERS: JICOFO_CONF_MAX_VIDEO_SENDERS: JICOFO_CONF_STRIP_SIMULCAST: JICOFO_CONF_SSRC_REWRITING: JICOFO_ENABLE_HEALTH_CHECKS: JICOFO_ENABLE_REST: JICOFO_HEALTH_CHECKS_USE_PRESENCE: JICOFO_MULTI_STREAM_BACKWARD_COMPAT: JICOFO_OCTO_REGION: JIBRI_BREWERY_MUC: JIBRI_REQUEST_RETRIES: JIBRI_PENDING_TIMEOUT: JIGASI_BREWERY_MUC: JIGASI_SIP_URI: JVB_BREWERY_MUC: JVB_XMPP_AUTH_DOMAIN: JVB_XMPP_INTERNAL_MUC_DOMAIN: JVB_XMPP_PORT: JVB_XMPP_SERVER: MAX_BRIDGE_PARTICIPANTS: OCTO_BRIDGE_SELECTION_STRATEGY: SENTRY_DSN: "${JICOFO_SENTRY_DSN:-0}" SENTRY_ENVIRONMENT: SENTRY_RELEASE: TZ: ${JITSI__JIGAGI_SIP_SERVER} XMPP_DOMAIN: XMPP_AUTH_DOMAIN: XMPP_INTERNAL_MUC_DOMAIN: XMPP_MUC_DOMAIN: XMPP_RECORDER_DOMAIN: XMPP_SERVER: XMPP_PORT: image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable} networks: default: null ports: - 8889:8888 restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo target: /config type: bind jitsi-jigasi: container_name: jitsi-jigasi depends_on: jitsi-prosody: condition: service_started required: true environment: ENABLE_AUTH: 1 ENABLE_GUESTS: 1 XMPP_AUTH_DOMAIN: XMPP_GUEST_DOMAIN: XMPP_MUC_DOMAIN: XMPP_INTERNAL_MUC_DOMAIN: XMPP_SERVER: XMPP_PORT: XMPP_DOMAIN: PUBLIC_URL: ${JITSI__PUBLIC_URL} JIGASI_DISABLE_SIP: JIGASI_SIP_URI: ${JITSI__SIP_URI} JIGASI_SIP_PASSWORD: ${JITSI__JIGAGI_SIP_PASSWORD} JIGASI_SIP_SERVER: ${JITSI__JIGAGI_SIP_SERVER} JIGASI_SIP_PORT: ${JITSI__JIGAGI_SIP_PORT} JIGASI_SIP_TRANSPORT: ${JITSI__JIGAGI_SIP_TRANSPORT} JIGASI_SIP_DEFAULT_ROOM: JIGASI_XMPP_USER: JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD} JIGASI_BREWERY_MUC: JIGASI_PORT_MIN: JIGASI_PORT_MAX: JIGASI_HEALTH_CHECK_SIP_URI: JIGASI_HEALTH_CHECK_INTERVAL: JIGASI_SIP_KEEP_ALIVE_METHOD: JIGASI_ENABLE_SDES_SRTP: ENABLE_TRANSCRIPTIONS: JIGASI_TRANSCRIBER_ADVERTISE_URL: JIGASI_TRANSCRIBER_RECORD_AUDIO: JIGASI_TRANSCRIBER_SEND_TXT: GC_PROJECT_ID: GC_PRIVATE_KEY_ID: GC_PRIVATE_KEY: GC_CLIENT_EMAIL: GC_CLIENT_ID: GC_CLIENT_CERT_URL: SHUTDOWN_REST_ENABLED: SENTRY_DSN: "${JIGASI_SENTRY_DSN:-0}" SENTRY_ENVIRONMENT: SENTRY_RELEASE: TZ: ${JITSI__TZ} image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable} networks: default: null ports: - 20000-20050:20000-20050/udp restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi target: /config type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts target: /tmp/transcripts type: bind jitsi-jvb: container_name: video.meet.jitsi depends_on: jitsi-prosody: condition: service_started required: true environment: DOCKER_HOST_ADDRESS: ENABLE_COLIBRI_WEBSOCKET: ENABLE_JVB_XMPP_SERVER: ENABLE_OCTO: JVB_ADVERTISE_IPS: JVB_ADVERTISE_PRIVATE_CANDIDATES: JVB_AUTH_USER: JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD} JVB_BREWERY_MUC: JVB_DISABLE_STUN: JVB_PORT: JVB_MUC_NICKNAME: JVB_STUN_SERVERS: JVB_OCTO_BIND_ADDRESS: JVB_OCTO_REGION: JVB_OCTO_RELAY_ID: JVB_WS_DOMAIN: JVB_WS_SERVER_ID: JVB_XMPP_AUTH_DOMAIN: JVB_XMPP_INTERNAL_MUC_DOMAIN: JVB_XMPP_PORT: JVB_XMPP_SERVER: PUBLIC_URL: ${JITSI__PUBLIC_URL} SENTRY_DSN: "${JVB_SENTRY_DSN:-0}" SENTRY_ENVIRONMENT: SENTRY_RELEASE: COLIBRI_REST_ENABLED: SHUTDOWN_REST_ENABLED: TZ: ${JITSI__JIGAGI_SIP_SERVER} XMPP_AUTH_DOMAIN: XMPP_INTERNAL_MUC_DOMAIN: XMPP_SERVER: XMPP_PORT: image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable} networks: default: null ports: - 10000:10000/udp - 8091:8080 restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb target: /config type: bind jitsi-prosody: container_name: xmpp.meet.jitsi environment: AUTH_TYPE: DISABLE_POLLS: ENABLE_AUTH: ENABLE_AV_MODERATION: ENABLE_BREAKOUT_ROOMS: ENABLE_END_CONFERENCE: ENABLE_GUESTS: 1 ENABLE_IPV6: ENABLE_LOBBY: ENABLE_RECORDING: 1 ENABLE_XMPP_WEBSOCKET: ENABLE_JAAS_COMPONENTS: GC_TYPE: GC_INC_TH: GC_INC_SPEED: GC_INC_STEP_SIZE: GC_GEN_MIN_TH: GC_GEN_MAX_TH: GLOBAL_CONFIG: GLOBAL_MODULES: JIBRI_RECORDER_USER: JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD} JIBRI_XMPP_USER: JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD} JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD} JICOFO_COMPONENT_SECRET: JIGASI_XMPP_USER: JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD} JVB_AUTH_USER: JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD} JWT_APP_ID: JWT_APP_SECRET: JWT_ACCEPTED_ISSUERS: JWT_ACCEPTED_AUDIENCES: JWT_ASAP_KEYSERVER: JWT_ALLOW_EMPTY: JWT_AUTH_TYPE: JWT_ENABLE_DOMAIN_VERIFICATION: JWT_TOKEN_AUTH_MODULE: MATRIX_UVS_URL: MATRIX_UVS_ISSUER: MATRIX_UVS_AUTH_TOKEN: MATRIX_UVS_SYNC_POWER_LEVELS: LOG_LEVEL: LDAP_AUTH_METHOD: LDAP_BASE: LDAP_BINDDN: LDAP_BINDPW: LDAP_FILTER: LDAP_VERSION: LDAP_TLS_CIPHERS: LDAP_TLS_CHECK_PEER: LDAP_TLS_CACERT_FILE: LDAP_TLS_CACERT_DIR: LDAP_START_TLS: LDAP_URL: LDAP_USE_TLS: MAX_PARTICIPANTS: PROSODY_AUTH_TYPE: PROSODY_RESERVATION_ENABLED: PROSODY_RESERVATION_REST_BASE_URL: PROSODY_ENABLE_RATE_LIMITS: PROSODY_RATE_LIMIT_LOGIN_RATE: PROSODY_RATE_LIMIT_SESSION_RATE: PROSODY_RATE_LIMIT_TIMEOUT: PROSODY_RATE_LIMIT_ALLOW_RANGES: PROSODY_RATE_LIMIT_CACHE_SIZE: PUBLIC_URL: ${JITSI__PUBLIC_URL} TURN_CREDENTIALS: TURN_HOST: TURNS_HOST: TURN_PORT: TURNS_PORT: TURN_TRANSPORT: TZ: ${JITSI__JIGAGI_SIP_SERVER} XMPP_DOMAIN: XMPP_AUTH_DOMAIN: XMPP_GUEST_DOMAIN: XMPP_MUC_DOMAIN: XMPP_INTERNAL_MUC_DOMAIN: XMPP_MODULES: XMPP_MUC_MODULES: XMPP_MUC_CONFIGURATION: XMPP_INTERNAL_MUC_MODULES: XMPP_RECORDER_DOMAIN: XMPP_PORT: expose: - 5222 - "5347" - "5280" image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable} networks: default: null restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config target: /config type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom target: /prosody-plugins-custom type: bind jitsi-web: container_name: meet.jitsi environment: AMPLITUDE_ID: ANALYTICS_SCRIPT_URLS: ANALYTICS_WHITELISTED_EVENTS: AUDIO_QUALITY_OPUS_BITRATE: AUTO_CAPTION_ON_RECORD: BRANDING_DATA_URL: CALLSTATS_CUSTOM_SCRIPT_URL: CALLSTATS_ID: CALLSTATS_SECRET: CHROME_EXTENSION_BANNER_JSON: COLIBRI_WEBSOCKET_PORT: CONFCODE_URL: CONFIG_EXTERNAL_CONNECT: DEFAULT_LANGUAGE: DEPLOYMENTINFO_ENVIRONMENT: DEPLOYMENTINFO_ENVIRONMENT_TYPE: DEPLOYMENTINFO_REGION: DEPLOYMENTINFO_SHARD: DEPLOYMENTINFO_USERREGION: DESKTOP_SHARING_FRAMERATE_MIN: DESKTOP_SHARING_FRAMERATE_MAX: DIALIN_NUMBERS_URL: DIALOUT_AUTH_URL: DIALOUT_CODES_URL: DISABLE_AUDIO_LEVELS: DISABLE_DEEP_LINKING: DISABLE_GRANT_MODERATOR: DISABLE_HTTPS: DISABLE_KICKOUT: DISABLE_LOCAL_RECORDING: DISABLE_POLLS: DISABLE_PRIVATE_CHAT: DISABLE_PROFILE: DISABLE_REACTIONS: DISABLE_REMOTE_VIDEO_MENU: DISABLE_START_FOR_ALL: DROPBOX_APPKEY: DROPBOX_REDIRECT_URI: DYNAMIC_BRANDING_URL: ENABLE_AUDIO_PROCESSING: ENABLE_AUTH: ENABLE_BREAKOUT_ROOMS: ENABLE_CALENDAR: ENABLE_COLIBRI_WEBSOCKET: ENABLE_E2EPING: ENABLE_FILE_RECORDING_SHARING: ENABLE_GUESTS: 1 ENABLE_HSTS: ENABLE_HTTP_REDIRECT: ENABLE_IPV6: ENABLE_LETSENCRYPT: ENABLE_LIPSYNC: ENABLE_NO_AUDIO_DETECTION: ENABLE_NOISY_MIC_DETECTION: ENABLE_OCTO: ENABLE_OPUS_RED: ENABLE_PREJOIN_PAGE: ENABLE_P2P: ENABLE_WELCOME_PAGE: ENABLE_CLOSE_PAGE: ENABLE_LIVESTREAMING: ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK: ENABLE_LIVESTREAMING_HELP_LINK: ENABLE_LIVESTREAMING_TERMS_LINK: ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING: ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT: ENABLE_LOCAL_RECORDING_SELF_START: ENABLE_RECORDING: 1 ENABLE_REMB: ENABLE_REQUIRE_DISPLAY_NAME: ENABLE_SERVICE_RECORDING: ENABLE_SIMULCAST: ENABLE_STATS_ID: ENABLE_STEREO: ENABLE_SUBDOMAINS: ENABLE_TALK_WHILE_MUTED: ENABLE_TCC: ENABLE_TRANSCRIPTIONS: ENABLE_XMPP_WEBSOCKET: ENABLE_JAAS_COMPONENTS: ETHERPAD_PUBLIC_URL: ETHERPAD_URL_BASE: ${JITSI__ETHERPAD_URL_BASE} E2EPING_NUM_REQUESTS: E2EPING_MAX_CONFERENCE_SIZE: E2EPING_MAX_MESSAGE_PER_SECOND: GOOGLE_ANALYTICS_ID: GOOGLE_API_APP_CLIENT_ID: HIDE_PREMEETING_BUTTONS: HIDE_PREJOIN_DISPLAY_NAME: HIDE_PREJOIN_EXTRA_BUTTONS: INVITE_SERVICE_URL: LETSENCRYPT_DOMAIN: LETSENCRYPT_EMAIL: LETSENCRYPT_USE_STAGING: MATOMO_ENDPOINT: MATOMO_SITE_ID: MICROSOFT_API_APP_CLIENT_ID: NGINX_RESOLVER: NGINX_WORKER_PROCESSES: NGINX_WORKER_CONNECTIONS: PEOPLE_SEARCH_URL: PREFERRED_LANGUAGE: PUBLIC_URL: ${JITSI__PUBLIC_URL} P2P_PREFERRED_CODEC: RESOLUTION: RESOLUTION_MIN: RESOLUTION_WIDTH: RESOLUTION_WIDTH_MIN: START_AUDIO_MUTED: START_AUDIO_ONLY: START_BITRATE: START_SILENT: START_WITH_AUDIO_MUTED: START_VIDEO_MUTED: START_WITH_VIDEO_MUTED: TESTING_CAP_SCREENSHARE_BITRATE: TESTING_OCTO_PROBABILITY: TOKEN_AUTH_URL: TOOLBAR_BUTTONS: TRANSLATION_LANGUAGES: TRANSLATION_LANGUAGES_HEAD: TZ: ${JITSI__JIGAGI_SIP_SERVER} USE_APP_LANGUAGE: VIDEOQUALITY_BITRATE_H264_LOW: VIDEOQUALITY_BITRATE_H264_STANDARD: VIDEOQUALITY_BITRATE_H264_HIGH: VIDEOQUALITY_BITRATE_VP8_LOW: VIDEOQUALITY_BITRATE_VP8_STANDARD: VIDEOQUALITY_BITRATE_VP8_HIGH: VIDEOQUALITY_BITRATE_VP9_LOW: VIDEOQUALITY_BITRATE_VP9_STANDARD: VIDEOQUALITY_BITRATE_VP9_HIGH: VIDEOQUALITY_ENFORCE_PREFERRED_CODEC: VIDEOQUALITY_PREFERRED_CODEC: XMPP_AUTH_DOMAIN: XMPP_BOSH_URL_BASE: XMPP_DOMAIN: XMPP_GUEST_DOMAIN: XMPP_MUC_DOMAIN: XMPP_RECORDER_DOMAIN: XMPP_PORT: WHITEBOARD_ENABLED: WHITEBOARD_COLLAB_SERVER_PUBLIC_URL: image: jitsi/web:${JITSI_IMAGE_VERSION:-stable} labels: swag: enable swag_proto: https swag_url: meet.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://meet.${MY_TLD} homepage.group: Social homepage.name: Jitsi homepage.href: https://meet.${MY_TLD} homepage.icon: jitsi.png homepage.description: Web Conferencing networks: default: null ports: - 8001:80 - 8002:443 restart: unless-stopped volumes: - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/web target: /config type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs target: /var/spool/cron/crontabs type: bind - bind: create_host_path: true selinux: Z source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts target: /usr/share/jitsi-meet/transcripts type: bind joplin-db: container_name: joplin-db environment: POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD} POSTGRES_USER: ${JOPLIN_POSTGRES_USER} POSTGRES_DB: ${JOPLIN_POSTGRES_DATABASE} expose: - 5432 image: postgres:17-alpine networks: default: null restart: unless-stopped volumes: - source: joplin_data target: /var/lib/postgresql/data type: volume volume: {} joplin: container_name: joplin environment: ACCOUNT_TYPES_ENABLED: true APP_PORT: ${JOPLIN_APP_PORT} APP_BASE_URL: ${JOPLIN_APP_BASE_URL} DB_CLIENT: pg INSTANCE_NAME: 'Joplin @ Rinoa' IS_ADMIN_INSTANCE: true MAILER_ENABLED: 1 MAILER_HOST: postal-SMTP MAILER_PORT: 25 MAILER_SECURITY: none MAILER_AUTH_USER: ${POSTAL_SMTP_AUTH_USER} MAILER_AUTH_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} MAILER_NOREPLY_NAME: Joplin @ Rinoa MAILER_NOREPLY_EMAIL: noreply@trez.wtf POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD} POSTGRES_DATABASE: ${JOPLIN_POSTGRES_DATABASE} POSTGRES_USER: ${JOPLIN_POSTGRES_USER} POSTGRES_PORT: 5432 POSTGRES_HOST: joplin-db image: joplin/server:latest labels: homepage.group: Personal Services homepage.name: Joplin homepage.href: https://notes.${MY_TLD} homepage.icon: joplin.svg homepage.description: Open-source note taking & to-do swag: enable swag_url: notes.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://notes.${MY_TLD} networks: default: null ports: - 22300:22300 restart: unless-stopped libretranslate: container_name: libretranslate # command: --ssl --ga-id MY-GA-ID --req-limit 100 --char-limit 500 image: libretranslate/libretranslate healthcheck: test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py'] environment: LT_UPDATE_MODELS: true labels: homepage.group: Personal Services homepage.name: LibreTranslate homepage.href: https://translate.${MY_TLD} homepage.icon: sh-libretranslate.svg homepage.description: Open-source language translation swag: enable swag_port: 5000 swag_url: translate.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://translate.${MY_TLD} ports: - 5000:5000 restart: unless-stopped volumes: # - libretranslate_api_keys:/app/db - libretranslate_models:/home/libretranslate/.local:rw lidarr: container_name: lidarr environment: PGID: ${PGID} PUID: ${PUID} TZ: America/New_York DOCKER_MODS: ghcr.io/gilbn/theme.park:lidarr hostname: Rinoa image: lscr.io/linuxserver/lidarr:latest labels: homepage.group: Servarr Stack homepage.name: Lidarr homepage.href: https://lidarr.${MY_TLD} homepage.icon: lidarr.png homepage.description: Music Automation homepage.widget.type: lidarr homepage.widget.url: http://lidarr:8686 homepage.widget.key: ${LIDARR_API_KEY} swag: enable swag.uptime-kuma.enabled: true networks: default: null ports: - 8686:8686 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/lidarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind lidify: container_name: lidify environment: app_name: lidify app_rev: 0.09 app_url: lidify.${MY_TLD} dry_run_adding_to_lidarr: true fallback_to_top_result: false last_fm_api_key: ${LASTFM_API_KEY} last_fm_api_secret: ${LASTFM_API_SECRET} lidarr_address: http://lidarr:8686 lidarr_api_key: ${LIDARR_API_KEY} lidarr_api_timeout: 120 metadata_profile_id: 1 mode: LastFM quality_profile_id: 1 root_folder_path: /data/media/music search_for_missing_albums: false spotify_client_id: ${YOUR_SPOTIFY_ID} spotify_client_secret: ${YOUR_SPOTIFY_SECRET} expose: - 5000 image: thewicklowwolf/lidify:latest labels: homepage.group: Servarr Stack homepage.name: Lidify homepage.href: https://lidify.${MY_TLD} homepage.icon: sh-lidify.png homepage.description: Music Discovery a la Last.fm, Spotify, Pandora, etc. swag: enable swag_auth: authelia swag_proto: http swag_port: 5000 swag_url: lidify.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://lidify.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/lidify target: /lidify/config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music target: /data/media/music type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind lldap: container_name: lldap environment: UID: ${PUID} GID: ${PGID} TZ: ${TZ} LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET} LLDAP_KEY_SEED: ${LLDAP_KEY_SEED} LLDAP_LDAP_BASE_DN: dc=trez,dc=wtf image: lldap/lldap:stable labels: homepage.group: System Administration homepage.name: LLDAP homepage.href: https://ldap.${MY_TLD} homepage.icon: /icons/lldap.png homepage.description: LDAP made easy swag: enable swag_proto: http swag_port: 17170 swag_url: ldap.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://ldap.${MY_TLD} networks: default: null ports: - 17170:17170 restart: always volumes: - source: ${DOCKER_VOLUME_CONFIG}/lldap target: /data type: bind bind: create_host_path: true maloja: container_name: maloja environment: MALOJA_CLEAN_OUTPUT: true MALOJA_DEV_MODE: false MALOJA_FORCE_PASSWORD: ${MALOJA_FORCE_PASSWORD} MALOJA_LASTFM_API_KEY: ${LASTFM_API_KEY} MALOJA_LASTFM_API_SECRET: ${LASTFM_API_SECRET} MALOJA_LASTFM_PASSWORD: ${LASTFM_PASSWORD} MALOJA_LASTFM_USERNAME: ${LASTFM_USERNAME} MALOJA_LOGGING: true MALOJA_PARSE_REMIX_ARTISTS: true MALOJA_SCROBBLE_LASTFM: true MALOJA_SKIP_SETUP: true MALOJA_SPOTIFY_API_ID: ${YOUR_SPOTIFY_ID} MALOJA_SPOTIFY_API_SECRET: ${YOUR_SPOTIFY_SECRET} MALOJA_TIMEZONE: ${TZ} image: krateng/maloja:latest labels: homepage.group: Media Library homepage.name: Maloja homepage.href: https://scrobble.${MY_TLD} homepage.icon: maloja.png homepage.description: Simple self-hosted music scrobble database to create personal listening statistics swag: enable swag_proto: http swag_port: 42010 swag_url: scrobble.${MY_TLD} networks: default: null ports: - 42010:42010 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/maloja/config target: /etc/maloja type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/maloja/data target: /var/lib/maloja type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/maloja/logs target: /var/log/maloja type: bind bind: create_host_path: true mariadb: container_name: mariadb environment: MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD} PGID: 1000 PUID: 1000 TZ: America/New_York hostname: Rinoa image: linuxserver/mariadb networks: default: null ports: - 3306:3306 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/mariadb target: /config type: bind - source: ${DOCKER_VOLUME_STORAGE} target: /storage type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/mariadb target: /var/lib/mysql type: bind bind: create_host_path: true mastodon: container_name: mastodon depends_on: mastodon-pg-db: condition: service_healthy required: true environment: PUID: ${PUID} PGID: ${PGID} TZ: ${TZ} LOCAL_DOMAIN: mastodon.${MY_TLD} WEB_DOMAIN: mastodon.${MY_TLD} REDIS_HOST: redis REDIS_PORT: 6379 DB_HOST: mastodon-pg-db DB_USER: mastodon DB_NAME: mastodon DB_PASS: ${MASTODON_PG_DB_PASSWORD} DB_PORT: 5432 ES_ENABLED: false ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY} ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY} ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT} SECRET_KEY_BASE: ${MASTODON_SECRET_KEY_BASE} OTP_SECRET: ${MASTODON_OTP_SECRET} VAPID_PRIVATE_KEY: ${MASTODON_VAPID_PRIVATE_KEY} VAPID_PUBLIC_KEY: ${MASTODON_VAPID_PUBLIC_KEY} SMTP_SERVER: postal-smtp SMTP_PORT: 25 SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER} SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD} SMTP_FROM_ADDRESS: noreply@trez.wtf S3_ENABLED: true S3_BUCKET: mastodon AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY} AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY} expose: - 3000 image: lscr.io/linuxserver/mastodon:latest labels: swag: enable swag_proto: http swag_port: 80 swag_url: mastodon.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD} homepage.group: Social homepage.name: Mastodon homepage.href: https://mastodon.${MY_TLD} homepage.icon: mastodon.svg homepage.description: Open-source social network homepage.widget.type: mastodon homepage.widget.url: http://mastodon ports: - 9044:80 - 3444:443 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/mastodon:/config mastodon-pg-db: container_name: mastodon-pg-db environment: POSTGRES_USER: mastodon POSTGRES_PASSWORD: ${MASTODON_PG_DB_PASSWORD} POSTGRES_DB: mastodon expose: - 5432 healthcheck: test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER start_period: 20s timeout: 30s interval: 10s retries: 5 image: postgres:17-alpine restart: always volumes: - mastodon-pg-db:/var/lib/postgresql/data minio: command: server --console-address ":9090" /mnt/data container_name: minio environment: MINIO_ROOT_USER: minioadmin MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} MINIO_ACCESS_KEY: ${MINIO_MIMIR_STORAGE_ACCESS_KEY} MINIO_SECRET_KEY: ${MINIO_MIMIR_STORAGE_SECRET_KEY} hostname: minio image: minio/minio labels: swag: enable swag_proto: http swag_port: 9090 swag_url: s3.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://s3.${MY_TLD} homepage.group: System Administration homepage.name: MinIO homepage.href: https://s3.${MY_TLD} homepage.icon: minio.png homepage.description: S3-compatible storage backend networks: default: null ports: - 9001:9000 - 9092:9090 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/minio/data target: /mnt/data type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/minio/minio target: /etc/config.env type: bind bind: create_host_path: true mongodb: container_name: mongodb environment: MONGODB_ADVERTISED_HOSTNAME: mongodb MONGODB_ENABLE_DIRECTORY_PER_DB: true MONGODB_SYSTEM_LOG_VERBOSITY: 1 MONGODB_ROOT_USER: ${MONGO_INITDB_ROOT_USERNAME} MONGODB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD} ALLOW_EMPTY_PASSWORD: yes MONGODB_REPLICA_SET_MODE: primary MONGODB_REPLICA_SET_NAME: rinoa MONGODB_REPLICA_SET_KEY: ${MONGODB_REPLICA_SET_KEY} image: bitnami/mongodb:7.0 ports: - 27017:27017 restart: unless-stopped volumes: - mongodb_data:/data/db - mongodb_config:/data/configdb multi-scrobbler: container_name: multi-scrobbler environment: TZ: ${TZ} PUID: ${PUID} PGID: ${PGID} MALOJA_URL: http://maloja:42010 MALOJA_API_KEY: ${MALOJA_API_KEY} LASTFM_API_KEY: ${LASTFM_API_KEY} LASTFM_API_SECRET: ${LASTFM_API_SECRET} LZ_USER: Trez.on LZ_TOKEN: ${MALOJA_LISTENBRAINZ_TOKEN} SPOTIFY_CLIENT_ID: ${YOUR_SPOTIFY_ID} SPOTIFY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET} image: foxxmd/multi-scrobbler labels: homepage.group: Media Library homepage.name: Multi-Scrobbler homepage.href: http://192.168.1.254:9078 homepage.icon: sh-multi-scrobbler.svg homepage.description: JS App for scrobbling/recording play history from/to multiple sources networks: default: null ports: - 9078:9078 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/multi-scrobbler target: /config type: bind bind: create_host_path: true n8n: container_name: n8n environment: N8N_HOST: n8n.${MY_TLD} N8N_PORT: 5678 N8N_PROTOCOL: https NODE_ENV: production WEBHOOK_URL: https://n8n.${MY_TLD}/ GENERIC_TIMEZONE: ${TZ} image: docker.n8n.io/n8nio/n8n labels: swag: enable swag_proto: http swag_port: 5678 swag_url: n8n.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://n8n.${MY_TLD} homepage.group: Automation homepage.name: n8n homepage.href: https://n8n.${MY_TLD} homepage.icon: n8n.svg homepage.description: Extendable workflow automation tool to easily automate tasks ports: - 5678:5678 restart: unless-stopped volumes: - n8n-data:/home/node/.n8n navidrome: container_name: navidrome environment: ND_AUTOIMPORTPLAYLISTS: false ND_BASEURL: "" ND_LASTFM_APIKEY: ${LASTFM_API_KEY} ND_LASTFM_ENABLED: true ND_LASTFM_SECRET: ${LASTFM_API_SECRET} ND_LOGLEVEL: info ND_MUSICFOLDER: /music ND_SCANNER_GROUPALBUMRELEASES: true ND_SCANSCHEDULE: '@every 6h' ND_SESSIONTIMEOUT: 24h ND_SPOTIFY_ID: ${YOUR_SPOTIFY_ID} ND_SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET} ND_SUBSONICARTISTPARTICIPATIONS: true image: deluan/navidrome:latest labels: homepage.group: Media Library homepage.name: Navidrome homepage.href: https://navi.${MY_TLD} homepage.icon: navidrome.png homepage.description: Music Streaming homepage.widget.type: navidrome homepage.widget.url: http://navidrome:4533 homepage.widget.user: admin homepage.widget.token: e8a9e97b29aa963fa4729c633289d232 homepage.widget.salt: v5Z93Z swag: enable swag_port: 4533 swag_proto: http swag_url: navi.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://navi.${MY_TLD} networks: default: null ports: - 4533:4533 restart: unless-stopped user: 1000:1000 volumes: - source: ${DOCKER_VOLUME_CONFIG}/navidrome target: /data type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music target: /music type: bind bind: create_host_path: true netalertx: container_name: netalertx environment: TZ: ${TZ} PORT: 20211 image: jokobsk/netalertx:latest labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: NetAlertX homepage.href: http://192.168.1.254:20211 homepage.icon: netalertx.svg homepage.description: Network Monitoring homepage.widget.type: netalertx homepage.widget.url: http://192.168.1.254:20211 homepage.widget.key: ${NETALERTX_API_TOKEN} network_mode: host restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/netalertx/config:/app/config - ${DOCKER_VOLUME_CONFIG}/netalertx/db:/app/db # (optional) useful for debugging if you have issues setting up the container # - ${DOCKER_VOLUME_CONFIG}/netalertx/logs:/app/log # (API: OPTION 1) use for performance - type: tmpfs target: /app/api # (API: OPTION 2) use when debugging issues # - ${DOCKER_VOLUME_CONFIG}/netalertx/api:/app/api netbird-dashboard: container_name: netbird-dashboard environment: # Endpoints NETBIRD_MGMT_API_ENDPOINT: https://netbird.${MY_TLD}:33073 NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.${MY_TLD}:33073 # OIDC AUTH_AUDIENCE: ${NETBIRD_ZITADEL_CLIENT_ID} AUTH_CLIENT_ID: ${NETBIRD_ZITADEL_CLIENT_ID} AUTH_CLIENT_SECRET: ${NETBIRD_ZITADEL_CLIENT_SECRET} AUTH_AUTHORITY: https://id.${MY_TLD} USE_AUTH0: false AUTH_SUPPORTED_SCOPES: openid profile email offline_access api AUTH_REDIRECT_URI: /auth AUTH_SILENT_REDIRECT_URI: /silent-auth NETBIRD_TOKEN_SOURCE: accessToken # SSL NGINX_SSL_PORT: 443 # Letsencrypt LETSENCRYPT_DOMAIN: LETSENCRYPT_EMAIL: image: netbirdio/dashboard:latest labels: homepage.group: Privacy/Security homepage.name: Netbird homepage.href: https://netbird.${MY_TLD} homepage.icon: netbird.svg homepage.description: Peer-to-peer private network and centralized access control system swag: enable swag_proto: http swag_port: 80 swag_auth: authelia swag_url: netbird.${MY_TLD} swag_server_custom_directive: | location /signalexchange.SignalExchange/ { grpc_pass grpc://netbird-signal:80; #grpc_ssl_verify off; grpc_read_timeout 1d; grpc_send_timeout 1d; grpc_socket_keepalive on; } # Proxy Management http endpoint location /api { proxy_pass http://netbird-management:443; } # Proxy Management grpc endpoint location /management.ManagementService/ { grpc_pass grpc://netbird-management:443; #grpc_ssl_verify off; grpc_read_timeout 1d; grpc_send_timeout 1d; grpc_socket_keepalive on; } swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://netbird.${MY_TLD} ports: - 32908:80 - 36610:443 restart: unless-stopped volumes: - netbird-letsencrypt:/etc/letsencrypt/ netbird-signal: container_name: netbird-signal image: netbirdio/signal:latest ports: - 10001:80 restart: unless-stopped volumes: - netbird-signal:/var/lib/netbird netbird-relay: container_name: netbird-relay image: netbirdio/relay:latest restart: unless-stopped environment: NB_LOG_LEVEL: info NB_LISTEN_ADDRESS: :33080 NB_EXPOSED_ADDRESS: netbird.${MY_TLD}:33080 # todo: change to a secure secret NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET} ports: - 33080:33080 netbird-management: command: [ "--port", "443", "--log-file", "console", "--log-level", "info", "--disable-anonymous-metrics=false", "--single-account-mode-domain=netbird.${MY_TLD}", "--dns-domain=netbird.selfhosted" ] container_name: netbird-management depends_on: netbird-dashboard: condition: service_started environment: NETBIRD_STORE_ENGINE_POSTGRES_DSN: NETBIRD_STORE_ENGINE_MYSQL_DSN: image: netbirdio/management:latest restart: unless-stopped volumes: - netbird-mgmt:/var/lib/netbird - netbird-letsencrypt:/etc/letsencrypt:ro - ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json ports: - 23833:443 #API port netbird-coturn: command: - -c /etc/turnserver.conf container_name: netbird-coturn image: coturn/coturn:latest restart: unless-stopped #domainname: netbird.${MY_TLD} # only needed when TLS is enabled volumes: - ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro # - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro # - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro network_mode: host nextcloud: container_name: nextcloud-aio-mastercontainer environment: SKIP_DOMAIN_VALIDATION: false APACHE_ADDITIONAL_NETWORK: compose_default APACHE_IP_BINDING: 0.0.0.0 APACHE_PORT: 11000 expose: - 11000 image: nextcloud/all-in-one:latest labels: homepage.group: Personal Services homepage.name: NextCloud homepage.href: https://cloud.${MY_TLD} homepage.icon: nextcloud.svg homepage.description: Private Cloud homepage.widget.type: nextcloud homepage.widget.url: http://nextcloud-aio-apache:11000 homepage.widget.key: ${NEXTCLOUD_HOMEPAGE_TOKEN} swag: enable swag_port: 11000 swag_proto: http swag_address: nextcloud-aio-apache swag_url: cloud.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://cloud.${MY_TLD} ports: - 56713:8080 restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock - nextcloud_aio_mastercontainer:/mnt/docker-aio-config ollama: container_name: ollama image: ollama/ollama ports: - 11434:11434 restart: unless-stopped volumes: - ollama:/root/.ollama ombi: container_name: ombi environment: PGID: ${PGID} PUID: ${PUID} TZ: America/New_York hostname: Rinoa image: lscr.io/linuxserver/ombi:latest labels: homepage.group: Media Library homepage.name: Ombi homepage.href: https://ombi.${MY_TLD} homepage.icon: ombi.png homepage.description: Media Requests homepage.widget.type: ombi homepage.widget.url: http://ombi:3579 homepage.widget.key: ${OMBI_API_KEY} swag: enable swag.uptime-kuma.enabled: true networks: default: null ports: - 3579:3579 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/ombi target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind open-webui: container_name: open-webui depends_on: ollama: condition: service_started required: true restart: true environment: ENABLE_SIGNUP: true ENABLE_LOGIN_FORM: true ENABLE_OLLAMA_API: true OLLAMA_BASE_URLS: http://ollama:11434 image: ghcr.io/open-webui/open-webui:main labels: homepage.group: Personal Services homepage.name: Open-WebUI homepage.href: https://ai.${MY_TLD} homepage.icon: open-webui.png homepage.description: Local AI chat using Ollama-downloaded models swag: enable swag_port: 8080 swag_proto: http swag_url: ai.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://ai.${MY_TLD} ports: - 10863:8080 restart: unless-stopped volumes: - open-webui:/app/backend/data paperless-ngx: container_name: paperless-ngx depends_on: mariadb: condition: service_started required: true restart: true environment: PAPERLESS_DBENGINE: mariadb PAPERLESS_DBHOST: mariadb PAPERLESS_DBPASS: ${PAPERLESS_DBPASS} PAPERLESS_DBPORT: 3306 PAPERLESS_DBUSER: paperless PAPERLESS_OCR_LANGUAGE: eng PAPERLESS_OCR_LANGUAGES: all PAPERLESS_REDIS: redis://redis:6379 PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} PAPERLESS_TIME_ZONE: ${TZ} PAPERLESS_URL: https://docs.${MY_TLD} USERMAP_GID: ${PGID} USERMAP_UID: ${PUID} image: ghcr.io/paperless-ngx/paperless-ngx:latest labels: swag: enable swag_proto: http swag_port: 8000 swag_url: docs.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://docs.${MY_TLD} homepage.group: Personal Services homepage.name: Paperless-ngx homepage.href: https://docs.${MY_TLD} homepage.icon: paperless-ngx.svg homepage.description: Document indexer & archiver with OCR networks: default: null ports: - 8004:8000 restart: unless-stopped volumes: - source: paperless-ngx-data target: /usr/src/paperless/data type: volume volume: {} - source: paperless-ngx-media target: /usr/src/paperless/media type: volume volume: {} - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/export target: /usr/src/paperless/export type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/consume target: /usr/src/paperless/consume type: bind bind: create_host_path: true parseable: container_name: parseable command: [ "parseable", "s3-store" ] depends_on: - minio environment: P_STAGING_DIR: /staging P_ADDR: 0.0.0.0:8000 P_USERNAME: admin P_PASSWORD: ${PARSEABLE_PASSWORD} P_S3_URL: http://minio:9000 P_S3_BUCKET: parseable P_S3_ACCESS_KEY: ${PARSEABLE_S3_ACCESS_KEY} P_S3_SECRET_KEY: ${PARSEABLE_S3_SECRET_KEY} P_S3_REGION: us-east-fh-pln image: containers.parseable.com/parseable/parseable:latest labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: Parseable homepage.href: https://logs.${MY_TLD} homepage.icon: parseable.svg homepage.description: Log analytics system for high throughput log ingestion swag: enable swag_proto: http swag_port: 8000 swag_url: logs.${MY_TLD} volumes: - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging ports: - 14453:8000 peppermint: container_name: peppermint depends_on: peppermint-pg-db: condition: service_started required: true environment: BASE_URL: https://support.trez.wtf DB_USERNAME: peppermint DB_PASSWORD: ${PEPPERMINT_PG_PASSWORD} DB_HOST: peppermint-pg-db SECRET: ${PEPPERMINT_SECRET_KEY} image: pepperlabs/peppermint:latest labels: swag: enable swag_proto: http swag_port: 3000 swag_url: support.${MY_TLD} swag_server_custom_directive: | location /api { proxy_pass http://peppermint:5003; } swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://support.${MY_TLD} homepage.group: Professional Services homepage.name: Peppermint homepage.href: https://support.${MY_TLD} homepage.icon: peppermint.svg homepage.description: Open-source ticket management and help desk solution ports: - 3000:3000 - 5003:5003 restart: always peppermint-pg-db: container_name: peppermint-pg-db environment: POSTGRES_USER: peppermint POSTGRES_PASSWORD: ${PEPPERMINT_PG_PASSWORD} POSTGRES_DB: peppermint expose: - 5432 image: postgres:17-alpine restart: always volumes: - peppermint-pg-data:/var/lib/postgresql/data pgbackweb: container_name: pgbackweb depends_on: pgbackweb-db: condition: service_healthy environment: PBW_ENCRYPTION_KEY: ${PGBACKWEB_ENCRYPTION_KEY} PBW_POSTGRES_CONN_STRING: "postgresql://pgbackweb:${PGBACKWEB_PG_DB_PASSWD}@pgbackweb-db:5432/pgbackweb?sslmode=disable" TZ: ${TZ} image: eduardolat/pgbackweb:latest labels: homepage.group: System Administration homepage.name: PG Back Web homepage.href: https://pg.${MY_TLD} homepage.icon: sh-pg-back-web.svg homepage.description: Backups for PostgreSQL swag: enable swag_proto: http swag_port: 8085 swag_url: pg.${MY_TLD} ports: - "8085:8085" # Access the web interface at http://localhost:8085 restart: unless-stopped pgbackweb-db: container_name: pgbackweb-db environment: POSTGRES_USER: pgbackweb POSTGRES_DB: pgbackweb POSTGRES_PASSWORD: ${PGBACKWEB_PG_DB_PASSWD} expose: - 5432 healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 5s timeout: 5s retries: 5 image: postgres:16-alpine restart: unless-stopped volumes: - pgbackweb-data:/var/lib/postgresql/data plantuml-server: container_name: plantuml-server expose: - 8080 image: 'plantuml/plantuml-server:jetty' restart: unless-stopped plausible: command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" container_name: plausible depends_on: plausible_db: condition: service_started required: true plausible_events_db: condition: service_started required: true environment: BASE_URL: https://analytics.${MY_TLD} CLICKHOUSE_DATABASE_URL: http://plausible-events-db:8123/plausible_events_db DATABASE_URL: postgres://plausible:${PLAUSIBLE_PG_PASSWORD}@plausible-db:5432/plausible_db DISABLE_REGISTRATION: invite_only ENABLE_EMAIL_VERIFICATION: true MAILER_ADAPTER: Bamboo.Mua MAILER_EMAIL: noreply@trez.wtf MAILER_NAME: Plausible MAXMINDDB_LICENSE_KEY: ${SWAG_MAXMINDDB_LICENSE_KEY} SECRET_KEY_BASE: ${PLAUSIBLE_SECRET_KEY_BASE} SMTP_HOST_ADDR: postal-smtp SMTP_HOST_PORT: 25 SMTP_USER_NAME: ${POSTAL_SMTP_AUTH_USER} SMTP_USER_PWD: ${POSTAL_SMTP_AUTH_PASSWORD} TOTP_VAULT_KEY: ${PLAUSIBLE_TOTP_VAULT_KEY} image: ghcr.io/plausible/community-edition:v2.1.0 labels: swag: enable swag_proto: http swag_port: 8000 swag_url: analytics.${MY_TLD} homepage.group: Professional Services homepage.name: Plausible homepage.href: https://analytics.${MY_TLD} homepage.icon: plausible.svg homepage.description: Open-source web analytics networks: default: null ports: - 8107:8000 restart: always plausible_db: container_name: plausible-db environment: POSTGRES_DB: plausible_db POSTGRES_PASSWORD: ${PLAUSIBLE_PG_PASSWORD} POSTGRES_USER: plausible expose: - 5432 image: postgres:16-alpine networks: default: null restart: always volumes: - plausible-db-data:/var/lib/postgresql/data plausible_events_db: container_name: plausible-events-db expose: - 8123 image: clickhouse/clickhouse-server:24.3.3.102-alpine networks: default: null restart: always ulimits: nofile: hard: 262144 soft: 262144 volumes: - plausible-event-data:/var/lib/clickhouse - plausible-event-logs:/var/log/clickhouse-server - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro portainer: command: -H tcp://dockerproxy:2375 container_name: portainer depends_on: docker-socket-proxy: condition: service_started required: true environment: DOCKER_HOST: tcp://dockerproxy:2375 expose: - 9000 - 9443 image: portainer/portainer-ce:alpine-sts labels: swag: enable swag_proto: http swag_port: 9000 swag_url: portainer.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://portainer.${MY_TLD} homepage.group: System Administration homepage.name: Portainer homepage.href: https://portainer.${MY_TLD} homepage.icon: portainer.svg homepage.description: Service delivery platform for containerized applications homepage.widget.type: portainer homepage.widget.url: http://portainer:9000 homepage.widget.env: 20 homepage.widget.key: ${PORTAINER_HOMEPAGE_TOKEN} restart: unless-stopped volumes: - portainer-data:/data portall: container_name: portall image: need4swede/portall:latest environment: SECRET_KEY: ${PORTALL_SECRET_KEY} labels: swag: enable swag_auth: authelia swag_proto: http swag_port: 8080 swag_url: portall.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://portall.${MY_TLD} homepage.group: System Administration homepage.name: Portall homepage.href: https://portall.${MY_TLD} homepage.icon: sh-portall.png homepage.description: Management for container ports ports: - 8000:8080 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/portall:/app/instance postal-smtp: cap_add: - NET_BIND_SERVICE command: postal smtp-server container_name: postal-smtp image: ghcr.io/postalserver/postal:latest networks: default: null ports: - 25:25 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/postal target: /config type: bind bind: create_host_path: true postal-web: command: postal web-server container_name: postal-web image: ghcr.io/postalserver/postal:latest labels: swag: enable swag_proto: http swag_port: 5000 swag_address: postal-web swag_url: post.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://post.${MY_TLD} homepage.group: System Administration homepage.name: Postal homepage.href: https://post.${MY_TLD} homepage.icon: sh-postal.svg homepage.description: OSS Mail delivery platform networks: default: null ports: - 5001:5000 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/postal target: /config type: bind bind: create_host_path: true postal-worker: command: postal worker container_name: postal-worker environment: LOG_LEVEL: debug image: ghcr.io/postalserver/postal:latest networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/postal target: /config type: bind bind: create_host_path: true prowlarr: container_name: prowlarr environment: PGID: ${PGID} PUID: ${PUID} TZ: America/New_York DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr TP_DOMAIN: trez.wtf\/themepark TP_COMMUNITY_THEME: false TP_THEME: space-gray hostname: Rinoa image: lscr.io/linuxserver/prowlarr:latest labels: homepage.group: Servarr Stack homepage.name: Prowlarr homepage.href: https://prowlarr.${MY_TLD} homepage.icon: prowlarr.png homepage.description: Index aggregator homepage.widget.type: prowlarr homepage.widget.url: http://prowlarr:9696 homepage.widget.key: ${PROWLARR_API_KEY} swag: enable swag.uptime-kuma.enabled: true networks: default: null ports: - 9696:9696 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/prowlarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind radarec: container_name: radarec environment: auto_start: true auto_start_delay: 60 dry_run_adding_to_radarr: false fallback_to_top_result: false language_choice: all metadata_profile_id: 1 minimum_rating: 4.5 minimum_votes: 50 quality_profile_id: 1 radarr_address: http://radarr:7878 radarr_api_key: ${RADARR_API_KEY} radarr_api_timeout: 120 root_folder_path: /data/media/movies search_for_movie: true tmdb_api_key: ${TMDB_API_KEY} expose: - 5000 image: thewicklowwolf/radarec:latest labels: homepage.group: Servarr Stack homepage.name: RadaRec homepage.href: https://radarec.${MY_TLD} homepage.icon: sh-radarec.png homepage.description: Movie discovery based on library/tastes swag: enable swag_proto: http swag_port: 5000 swag_auth: authelia swag_url: radarec.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://radarec.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_STORAGE}/Movies target: /data/media/movies type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/radarec target: /radarec/config type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind radarr: container_name: radarr environment: PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} hostname: Rinoa image: lscr.io/linuxserver/radarr:latest labels: homepage.group: Servarr Stack homepage.name: Radarr homepage.href: https://radarr.${MY_TLD} homepage.icon: radarr.png homepage.description: Movie Automation homepage.widget.type: radarr homepage.widget.url: http://radarr:7878 homepage.widget.key: ${RADARR_API_KEY} swag: enable swag.uptime-kuma.enabled: true networks: default: null ports: - 7878:7878 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/radarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind reactive-resume: container_name: reactive-resume depends_on: browserless: condition: service_started required: true minio: condition: service_started required: true reactive-resume-pg: condition: service_started required: true environment: ACCESS_TOKEN_SECRET: ${REACTIVE_RESUME_ACCESS_TOKEN_SECRET} CHROME_PORT: 443 CHROME_TOKEN: ${CHROMIUM_TOKEN} CHROME_URL: wss://browse.${MY_TLD} DATABASE_URL: postgresql://reactiveresume:${REACTIVE_RESUME_PGSQL_PASSWORD}@reactive-resume-pg:5432/reactiveresume MAIL_FROM: noreply@trez.wtf NODE_ENV: production PORT: 3000 PUBLIC_URL: https://resume.${MY_TLD} REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET} SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25 STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY} STORAGE_BUCKET: reactive-resume STORAGE_ENDPOINT: minio STORAGE_PORT: 9000 STORAGE_REGION: us-east-fh-pln STORAGE_SECRET_KEY: ${REACTIVE_RESUME_S3_SECRET_KEY} STORAGE_URL: https://s3.trez.wtf/reactive-resume STORAGE_USE_SSL: false TZ: ${TZ} image: amruthpillai/reactive-resume:latest labels: homepage.group: Professional Services homepage.name: Reactive Resume homepage.href: https://resume.${MY_TLD} homepage.icon: reactive-resume.svg homepage.description: Open-source resume builder swag: enable swag_proto: http swag_port: 3000 swag_url: resume.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://resume.${MY_TLD} networks: default: null ports: - 3011:3000 restart: unless-stopped reactive-resume-pg: container_name: reactive-resume-pg environment: TZ: ${TZ} POSTGRES_DB: reactiveresume POSTGRES_USER: reactiveresume POSTGRES_PASSWORD: ${REACTIVE_RESUME_PGSQL_PASSWORD} expose: - 5432 image: postgres:16-alpine networks: default: null restart: unless-stopped volumes: - reactive-resume-pg:/var/lib/postgresql/data readarr: container_name: readarr environment: PGID: ${PGID} PUID: ${PUID} TZ: America/New_York DOCKER_MODS: ghcr.io/gilbn/theme.park:readnarr hostname: Rinoa image: lscr.io/linuxserver/readarr:develop labels: homepage.group: Servarr Stack homepage.name: Readarr homepage.href: https://readarr.${MY_TLD} homepage.icon: readarr.png homepage.description: eBook/Audiobook Automation homepage.widget.type: readarr homepage.widget.url: http://readarr:8787 homepage.widget.key: ${READARR_API_KEY} swag: enable swag.uptime-kuma.enabled: true networks: default: null ports: - 8787:8787 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/readarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind redis: cap_add: - SETGID - SETUID - DAC_OVERRIDE cap_drop: - ALL command: redis-server --save "" --appendonly "no" container_name: redis expose: - 6379 # healthcheck: # test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ] # interval: 10s # retries: 5 # start_period: 30s # timeout: 10s image: redis:alpine networks: default: null restart: unless-stopped tmpfs: - /var/lib/redis redlib: cap_drop: - ALL container_name: redlib environment: REDLIB_SFW_ONLY: off REDLIB_BANNER: REDLIB_ROBOTS_DISABLE_INDEXING: off REDLIB_PUSHSHIFT_FRONTEND: undelete.pullpush.io REDLIB_DEFAULT_THEME: nord REDLIB_DEFAULT_FRONT_PAGE: default REDLIB_DEFAULT_LAYOUT: clean REDLIB_DEFAULT_WIDE: on REDLIB_DEFAULT_POST_SORT: hot REDLIB_DEFAULT_COMMENT_SORT: confidence REDLIB_DEFAULT_SHOW_NSFW: off REDLIB_DEFAULT_BLUR_NSFW: on REDLIB_DEFAULT_USE_HLS: off REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION: off REDLIB_DEFAULT_AUTOPLAY_VIDEOS: off REDLIB_DEFAULT_SUBSCRIPTIONS: REDLIB_DEFAULT_HIDE_AWARDS: off REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION: off REDLIB_DEFAULT_HIDE_SCORE: off REDLIB_DEFAULT_FIXED_NAVBAR: on image: quay.io/redlib/redlib:latest labels: homepage.group: Social homepage.name: Redlib homepage.href: https://rlib.${MY_TLD} homepage.icon: libreddit.svg homepage.description: Redlib is a private front-end like Invidious but for Reddit swag: enable swag_auth: authelia swag_proto: http swag_port: 8080 swag_url: rlib.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://rlib.${MY_TLD} networks: default: null ports: - 8103:8080 read_only: true restart: always security_opt: - no-new-privileges=true user: nobody rocketchat: container_name: rocketchat depends_on: mongodb: condition: service_started required: true environment: ADMIN_USERNAME: Trez.One ADMIN_NAME: Charish Patel ADMIN_PASS: ${ROCKETCHAT_ADMIN_PASSWORD} ADMIN_EMAIL: charish.patel@trez.wtf MONGO_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/rocketchat?replicaSet=rinoa MONGO_OPLOG_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/local?replicaSet=rinoa ROOT_URL: https://chat.trez.wtf PORT: 3000 DEPLOY_METHOD: docker DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-} REG_TOKEN: ${REG_TOKEN:-} expose: - 3000 image: ${IMAGE:-registry.rocket.chat/rocketchat/rocket.chat}:${RELEASE:-latest} labels: homepage.group: Social homepage.name: Rocket.Chat homepage.href: https://chat.${MY_TLD} homepage.icon: rocket-chat.svg homepage.description: Fully customizable communications platform with high standards of data protection swag: enable swag_proto: http swag_port: 3000 swag_url: chat.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://chat.${MY_TLD} restart: always sabnzbdvpn: cap_add: - NET_ADMIN - SYS_MODULE container_name: sabnzbdvpn environment: ENABLE_PRIVOXY: no LAN_NETWORK: 192.168.1.0/24 NAME_SERVERS: 192.168.1.254,1.1.1.1 PGID: 1000 PUID: 1000 TZ: America/New_York VPN_CLIENT: openvpn VPN_ENABLED: yes VPN_INPUT_PORTS: VPN_OPTIONS: VPN_OUTPUT_PORTS: VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA VPN_PROV: pia VPN_USER: p3120278 DEBUG: true hostname: Rinoa image: ghcr.io/binhex/arch-sabnzbdvpn:latest labels: homepage.group: Downloaders homepage.name: SABnzbd homepage.href: https://sabnzbd.${MY_TLD} homepage.icon: sabnzbd.png homepage.description: NZB Downloader over VPN homepage.widget.type: sabnzbd homepage.widget.url: http://sabnzbdvpn:8080 homepage.widget.env: 1 homepage.widget.key: ${SABNZBDVPN_API_KEY} swag: enable swag_proto: http swag_url: sabnzbd.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://sabnzbd.${MY_TLD} networks: default: null ports: - 8080:8080 - 8090:8090 - 8119:8118 privileged: true restart: unless-stopped sysctls: net.ipv4.conf.all.src_valid_mark: "1" volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/sabnzbdvpn target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind scraperr: command: - npm - run - start container_name: scraperr expose: - 3000 image: jpyles0524/scraperr:latest labels: homepage.group: Personal Services homepage.name: Scraperr homepage.href: https://scrape.${MY_TLD} homepage.icon: /icons/scraperr.png homepage.description: Web scraper swag: enable swag_proto: http swag_port: 3000 swag_url: scrape.${MY_TLD} swag_server_custom_directive: | location /api { proxy_pass http://scraperr-api:8000; } swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://scrape.${MY_TLD} networks: default: null restart: unless-stopped scraperr-api: container_name: scraperr-api environment: LOG_LEVEL: DEBUG OLLAMA_URL: http://ollama:11434 OLLAMA_MODEL: phi3 MONGODB_URI: mongodb://mongodb:27017/scrapper SECRET_KEY: ${SCRAPERR_SECRET_KEY} ALGORITHM: HS256 ACCESS_TOKEN_EXPIRE_MINUTES: 600 DOCKER_HOST: tcp://dockerproxy:2375 expose: - 8000 image: jpyles0524/scraperr_api:latest networks: default: null restart: unless-stopped scrutiny: cap_add: - SYS_RAWIO container_name: scrutiny devices: - "/dev/nvme0n1:/dev/nvme0n1:rwm" - "/dev/sda:/dev/sda:rwm" - "/dev/sdb:/dev/sdb:rwm" - "/dev/sdc:/dev/sdc:rwm" - "/dev/sdd:/dev/sdd:rwm" - "/dev/sde:/dev/sde:rwm" - "/dev/sdf:/dev/sdf:rwm" image: ghcr.io/analogj/scrutiny:master-omnibus labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: Scrutiny homepage.href: http://192.168.1.254:8909 homepage.icon: scrutiny.png homepage.description: WebUI for smartd S.M.A.R.T monitoring homepage.widget.type: scrutiny homepage.widget.url: http://scrutiny:8080 networks: default: null ports: - 8909:8080 - 8910:8086 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /run/udev target: /run/udev type: bind - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/config target: /opt/scrutiny/config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/influxdb target: /opt/scrutiny/influxdb type: bind bind: create_host_path: true searxng: cap_add: - CHOWN - SETGID - SETUID cap_drop: - ALL container_name: searxng environment: SEARXNG_BASE_URL: https://${SEARXNG_BASE_URL:-localhost}/ image: searxng/searxng:latest labels: homepage.group: Personal Services homepage.name: SearxNG homepage.href: https://search.${MY_TLD} homepage.icon: searxng.png homepage.description: Anonymized Meta-Search Engine swag: enable swag_address: searxng swag_proto: http swag_url: search.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://search.${MY_TLD} logging: driver: json-file options: max-file: "1" max-size: 1m networks: default: null ports: - 8095:8080 privileged: true restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/searxng target: /etc/searxng type: bind bind: create_host_path: true sonarqube: container_name: sonarqube depends_on: sonarqube-pg-db: condition: service_healthy environment: SONAR_JDBC_URL: jdbc:postgresql://sonarqube-pg-db:5432/sonar SONAR_JDBC_USERNAME: sonar SONAR_JDBC_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} SONAR_SECURITY_REALM: LDAP LDAP_URL: ldap://lldap:3890 LDAP_BINDDN: cn=sonarqube,ou=people,dc=trez,dc=wtf LDAP_BINDPASSWORD: ${SONARQUBE_LDAP_BIND_PASSWORD} LDAP_AUTHENTICATION: simple LDAP_USER_BASEDN: ou=people,dc=trez,dc=wtf LDAP_USER_REQUEST: (&(objectClass=inetOrgPerson)(uid={login})(memberof=cn=sonarqube_users,ou=groups,dc=example,dc=com)) LDAP_USER_REALNAMEATTRIBUTE: cn LDAP_USER_EMAILATTRIBUTE: mail hostname: sonarqube image: mc1arke/sonarqube-with-community-branch-plugin:lts labels: homepage.group: Code/DevOps homepage.name: Sonarqube homepage.href: https://sqube.trez.wtf homepage.icon: sonarqube.svg homepage.description: Code/DevOps quality/security swag: enable swag_proto: http swag_port: 9000 swag_url: sqube.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://sqube.${MY_TLD} volumes: - sonarqube-data:/opt/sonarqube/data - sonarqube-extensions:/opt/sonarqube/extensions - sonarqube-logs:/opt/sonarqube/logs - sonarqube-temp:/opt/sonarqube/temp ports: - 9003:9000 read_only: true restart: unless-stopped sonarqube-pg-db: container_name: sonarqube-pg-db environment: POSTGRES_USER: sonar POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD} POSTGRES_DB: sonar healthcheck: test: ["CMD-SHELL", "pg_isready"] interval: 10s timeout: 5s retries: 5 image: postgres:17-alpine restart: unless-stopped volumes: - sonarqube-db:/var/lib/postgresql - sonarqube-db-data:/var/lib/postgresql/data sonarr: container_name: sonarr environment: PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr hostname: Rinoa image: lscr.io/linuxserver/sonarr:latest labels: homepage.group: Servarr Stack homepage.name: Sonarr homepage.href: https://sonarr.${MY_TLD} homepage.icon: sonarr.png homepage.description: TV Show Automation homepage.widget.type: sonarr homepage.widget.url: http://sonarr:8989 homepage.widget.key: ${SONARR_API_KEY} swag: enable swag.uptime-kuma.enabled: true networks: default: null ports: - 8989:8989 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/sonarr target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind sonashow: container_name: sonashow environment: auto_start: true auto_start_delay: 60 dry_run_adding_to_sonarr: false fallback_to_top_result: false language_choice: all metadata_profile_id: 1 minimum_rating: 4.5 minimum_votes: 50 quality_profile_id: 1 radarr_address: http://sonarr:8989 radarr_api_key: ${SONARR_API_KEY} root_folder_path: /data/media/shows search_for_missing_episodes: true sonarr_api_timeout: 120 tmdb_api_key: ${TMDB_API_KEY} expose: - 5000 image: thewicklowwolf/sonashow:latest labels: homepage.group: Servarr Stack homepage.name: Sonashow homepage.href: https://sonashow.${MY_TLD} homepage.icon: sh-sonashow.png homepage.description: TV show discovery based on library/tastes swag: enable swag_auth: authelia swag_proto: http swag_port: 5000 swag_url: sonashow.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://sonashow.${MY_TLD} networks: default: null restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_STORAGE}/TV_Shows target: /data/media/shows type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/sonashow target: /sonashow/config type: bind bind: create_host_path: true - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind soularr: container_name: soularr depends_on: - lidarr - soulseek environment: PUID: ${PUID} PGID: ${PGID} TZ: ${TZ} #Script interval in seconds SCRIPT_INTERVAL: 300 image: mrusse08/soularr:latest restart: unless-stopped volumes: #"You can set /downloads to whatever you want but will then need to change the Slskd download dir in your config file" - ${DOCKER_VOLUME_STORAGE}/downloads:/downloads #Select where you are storing your config file. Leave "/data" since thats where the script expects the config file to be - ${DOCKER_VOLUME_CONFIG}/soularr:/data soularr-dashboard: container_name: soularr-dashboard depends_on: - soularr environment: PUID: ${PUID} PGID: ${PGID} TZ: ${TZ} labels: homepage.name: Soularr homepage.group: Downloaders homepage.description: Dashboard for monitoring Soularr homepage.href: https://slsk.${MY_TLD} homepage.icon: /icons/soularr.png image: git.trez.wtf/trez.one/soularr-dashboard:v0.1 ports: - 18364:8080 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/soularr/dashboard:/app - ${DOCKER_VOLUME_CONFIG}/soularr:/data - ${DOCKER_VOLUME_CONFIG}/soularr/logs:/data/logs - /var/run/docker.sock:/var/run/docker.sock:ro working_dir: /app soulseek: container_name: soulseek depends_on: gluetun: condition: service_started required: true restart: true image: slskd/slskd labels: homepage.name: Soulseek homepage.group: Downloaders homepage.description: Modern client-server application for the Soulseek file-sharing network. homepage.href: https://slsk.${MY_TLD} homepage.icon: slskd.svg swag: enable swag_proto: http swag_url: slsk.${MY_TLD} swag_address: gluetun swag_port: 5030 swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://slsk.${MY_TLD} network_mode: service:gluetun restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/soulseek:/app - ${DOCKER_VOLUME_STORAGE}/Audio/Music:/music - ${DOCKER_VOLUME_STORAGE}/downloads/completed/slsk:/app/downloads/ - ${DOCKER_VOLUME_STORAGE}/downloads/incomplete/slsk:/app/incomplete sourcebot: container_name: sourcebot environment: CONFIG_PATH: /data/config.json image: ghcr.io/sourcebot-dev/sourcebot:latest labels: homepage.name: Sourcebot homepage.group: Code/DevOps homepage.description: Self-hosted internet performance tracking homepage.href: https://source.${MY_TLD} homepage.icon: /icons/sourcebot.png swag: enable swag_proto: http swag_port: 3000 swag_url: source.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://source.${MY_TLD} ports: - 45251:3000 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/sourcebot:/data speedtest-tracker: container_name: speedtest-tracker image: lscr.io/linuxserver/speedtest-tracker:latest environment: PUID: ${PUID} PGID: ${PGID} APP_KEY: ${SPEEDTEST_TRACKER_APP_KEY} DB_CONNECTION: sqlite SPEEDTEST_SCHEDULE: 15 */3 * * * labels: homepage.name: Speedtest Tracker homepage.group: System Administration homepage.description: Self-hosted internet performance tracking homepage.href: https://speed.${MY_TLD} homepage.icon: speedtest-tracker.png homepage.widget.type: speedtest homepage.widget.url: http://speedtest-tracker swag: enable swag_proto: http swag_url: speed.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://speed.${MY_TLD} ports: - 47512:80 - 62777:443 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/speedtest-tracker:/config spotisub: container_name: spotisub environment: SPOTIPY_CLIENT_ID: ${YOUR_SPOTIFY_ID} SPOTIPY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET} SPOTIPY_REDIRECT_URI: http://127.0.0.1:8080/ SUBSONIC_API_HOST: http://navidrome SUBSONIC_API_PORT: 4533 SUBSONIC_API_USER: ${NAVIDROME_USERNAME} SUBSONIC_API_PASS: ${NAVIDROME_PASSWORD} healthcheck: test: curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!' || exit 1 interval: 30s retries: 20 start_period: 30s image: blastbeng/spotisub:latest ports: - 5183:5183 restart: always volumes: - ${DOCKER_VOLUME_CONFIG}/spotisub:/home/user/spotisub/cache swag: cap_add: - NET_ADMIN container_name: swag environment: DNSPLUGIN: cloudflare EMAIL: charish.patel@trez.wtf EXTRA_DOMAINS: ONLY_SUBDOMAINS: false PGID: 1000 PUID: 1000 SUBDOMAINS: etherpad,ha,www TZ: America/New_York URL: trez.wtf VALIDATION: dns CROWDSEC_API_KEY: ${CROWDSEC_API_KEY} CROWDSEC_LAPI_URL: http://crowdsec:8080 DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-auto-uptime-kuma PROPAGATION: 30 UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD} UPTIME_KUMA_URL: http://uptimekuma:3001 UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME} hostname: Rinoa image: lscr.io/linuxserver/swag:latest labels: swag: enable swag_proto: http swag_port: 81 swag_url: swag.${MY_TLD} swag_auth: authelia komodo.skip: a swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://swag.${MY_TLD} homepage.group: Infrastructure/App Performance Monitoring homepage.name: SWAG Dashboard homepage.href: https://swag.${MY_TLD} homepage.icon: linuxserver-io.png homepage.description: SWAG Dashboard for proxies homepage.widget.type: swagdashboard homepage.widget.url: http://swag:81 networks: - default - nextcloud-aio ports: - 443:443 - 80:80 - 81:81 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/swag target: /config type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true read_only: true source: /var/run/docker.sock target: /var/run/docker.sock type: bind tandoor: container_name: tandoor-recipes depends_on: tandoor-pg: condition: service_started required: true environment: DB_ENGINE: django.db.backends.postgresql GID: 1000 POSTGRES_DB: tandoor POSTGRES_HOST: tandoor-pg POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} POSTGRES_USER: tandoor SECRET_KEY: ${TANDOOR_SECRET_KEY} TZ: ${TZ} UID: 1000 image: vabene1111/recipes labels: homepage.group: Lifestyle homepage.name: Tandoor Recipes homepage.href: https://recipes.${MY_TLD} homepage.icon: tandoor-recipes.svg homepage.description: Recipes, cookbooks, meal-planning, & grocery lists homepage.widget.type: tandoor homepage.widget.url: http://tandoor-recipes:8080 homepage.widget.key: ${TANDOOR_API_TOKEN} swag: enable swag_proto: http swag_url: recipes.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://recipes.${MY_TLD} networks: default: null ports: - 8106:8080 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/tandoor/static target: /opt/recipes/staticfiles type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_CONFIG}/tandoor/media target: /opt/recipes/mediafiles type: bind bind: create_host_path: true tandoor-pg: container_name: tandoor-pg environment: POSTGRES_DB: tandoor POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD} POSTGRES_USER: tandoor expose: - 5432 image: postgres:16-alpine networks: default: null restart: always volumes: - source: tandoor-pg target: /var/lib/postgresql/data type: volume volume: {} unmanic: container_name: unmanic environment: DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:universal-stdout-logs PUID: ${PUID} PGID: ${PGID} LOGS_TO_STDOUT: /config/.unmanic/logs/unmanic.log image: josh5/unmanic:latest labels: homepage.group: Media Library homepage.name: Unmanic homepage.href: https://unmanic.${MY_TLD} homepage.icon: unmanic.png homepage.description: Library Optimizer homepage.widget.type: unmanic homepage.widget.url: http://unmanic:8888 swag: enable swag_port: 8888 swag_url: unmanic.${MY_TLD} swag_proto: http swag.uptime-kuma.enabled: true networks: default: null ports: - 8911:8888 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/unmanic target: /config type: bind bind: create_host_path: true - source: ${DOCKER_VOLUME_STORAGE} target: /library type: bind bind: create_host_path: true - source: unmanic-cache target: /tmp/unmanic type: volume volume: {} uptimekuma: container_name: uptimekuma environment: PGID: ${PGID} PUID: ${PUID} TZ: ${TZ} UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME} UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD} DOCKER_HOST: tcp://dockerproxy:2375 hostname: Rinoa image: louislam/uptime-kuma:latest labels: homepage.group: Infrastructure/App Performance Monitoring homepage.name: Uptime Kuma homepage.href: https://uptime.${MY_TLD} homepage.icon: uptime-kuma.png homepage.description: HTTP Endpoint Monitoring homepage.widget.type: uptimekuma homepage.widget.url: http://uptimekuma:3001 homepage.widget.slug: rinoa-services swag: enable swag_proto: http swag_url: uptime.${MY_TLD} networks: default: null ports: - 3003:3001 restart: unless-stopped volumes: - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/uptimekuma target: /app/data type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind vault: cap_add: - IPC_LOCK command: - server container_name: hc-vault environment: AWS_ACCESS_KEY_ID: ${VAULT_HASHICORP_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY} image: hashicorp/vault:latest labels: homepage.group: Code/DevOps homepage.name: Vault homepage.icon: vault.png homepage.href: https://vault.${MY_TLD} homepage.description: Hashicorp Vault for secrets, key/value stores, etc. swag: enable swag_proto: http swag_port: 8200 swag_url: vault.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://vault.${MY_TLD} ports: - 8200:8200 - 8250:8250 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs vector: image: timberio/vector:0.44.0-alpine container_name: vector environment: DOCKER_HOST: tcp://dockerproxy:2375 ports: - 60157:8686 restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/vector/vector.yaml:/etc/vector/vector.yaml:ro wallabag: container_name: wallabag depends_on: mariadb: condition: service_started required: true restart: true redis: condition: service_started required: true environment: SYMFONY__ENV__DATABASE_DRIVER: pdo_mysql SYMFONY__ENV__DATABASE_HOST: mariadb SYMFONY__ENV__DATABASE_PORT: 3306 SYMFONY__ENV__DATABASE_NAME: ${WALLABAG_DB} SYMFONY__ENV__DATABASE_USER: ${WALLABAG_DB} SYMFONY__ENV__DATABASE_PASSWORD: ${WALLABAG_DB_PASSWORD} SYMFONY__ENV__DATABASE_CHARSET: utf8 SYMFONY__ENV__DATABASE_TABLE_PREFIX: "wallabag_" SYMFONY__ENV__MAILER_DSN: smtp://postal-smtp SYMFONY__ENV__FROM_EMAIL: noreply@trez.wtf SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${MY_TLD} SYMFONY__ENV__SERVER_NAME: "Wallabag @ Rinoa" SYMFONY__ENV__REDIS_HOST: redis SYMFONY__ENV__REDIS_PORT: 6379 healthcheck: interval: 1m test: - CMD - wget - --no-verbose - --tries=1 - --spider - http://localhost timeout: 3s image: wallabag/wallabag labels: swag: enable swag_address: wallabag swag_proto: http swag.uptime-kuma.enabled: true homepage.group: Lifestyle homepage.name: Wallabag homepage.href: https://wallabag.${MY_TLD} homepage.icon: wallabag.png homepage.description: Knowledge Store networks: default: null ports: - 32768:80 restart: unless-stopped volumes: - source: ${DOCKER_VOLUME_CONFIG}/wallabag/images target: /var/www/wallabag/web/assets/images type: bind bind: create_host_path: true wallos: container_name: wallos environment: TZ: ${TZ} image: bellamy/wallos:latest labels: homepage.group: Lifestyle homepage.name: wallos homepage.href: https://subs.${MY_TLD} homepage.icon: wallos.png homepage.description: Subscription Tracking swag: enable swag_proto: http swag_url: subs.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://subs.${MY_TLD} networks: default: null ports: - 8283:80 restart: unless-stopped volumes: - wallos-db:/var/www/html/db - wallos-logos:/var/www/html/images/uploads/logos watchtower: container_name: watchtower environment: REPO_PASS: REPO_USER: TZ: America/New_York WATCHTOWER_CLEANUP: true WATCHTOWER_INCLUDE_STOPPED: false WATCHTOWER_MONITOR_ONLY: false WATCHTOWER_NOTIFICATIONS: gotify WATCHTOWER_NOTIFICATIONS_LEVEL: info WATCHTOWER_NOTIFICATION_TEMPLATE: '{{range .}}{{.Message}}{{println}}{{end}}' WATCHTOWER_NOTIFICATION_URL: WATCHTOWER_SCHEDULE: 0 0 4 * * * WATCHTOWER_TIMEOUT: 30s WATCHTOWER_HTTP_API_METRICS: true WATCHTOWER_HTTP_API_TOKEN: ${WATCHTOWER_HTTP_API_TOKEN} WATCHTOWER_NOTIFICATION_GOTIFY_URL: ${WATCHTOWER_NOTIFICATION_GOTIFY_URL} WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN: ${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN} WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY: true expose: - 8080 hostname: Rinoa image: ghcr.io/containrrr/watchtower:latest labels: homepage.group: Automation homepage.name: Watchtower homepage.icon: watchtower.svg homepage.description: Container-based solution for automating Docker container base image updates homepage.widget.type: watchtower homepage.widget.url: http://watchtower:8080 homepage.widget.key: ${WATCHTOWER_HTTP_API_TOKEN} networks: default: null restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind - bind: create_host_path: true source: /var/run/docker.sock target: /var/run/docker.sock type: bind web-check: container_name: web-check image: lissy93/web-check labels: homepage.group: Privacy/Security homepage.name: Web-Check homepage.icon: web-check.png homepage.href: https://scan.${MY_TLD} homepage.description: Site scanner for attack vectors, architecture, security configs, and more swag: enable swag_proto: http swag_url: scan.${MY_TLD} swag_port: 3000 swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://scan.${MY_TLD} networks: default: null ports: - 3010:3000 restart: unless-stopped your_spotify: container_name: your_spotify environment: PUID: ${PUID} PGID: ${PGID} TZ: ${TZ} APP_URL: https://myspotify.${MY_TLD} SPOTIFY_PUBLIC: ${YOUR_SPOTIFY_ID} SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET} CORS: all MONGO_ENDPOINT: mongodb://mongodb:27017/your_spotify LOG_LEVEL: debug expose: - 8080 image: lscr.io/linuxserver/your_spotify:latest labels: homepage.group: Media Library homepage.name: Your Spotify homepage.icon: your-spotify.svg homepage.href: https://myspotify.${MY_TLD} homepage.description: Personal Spotify Tracking swag: enable swag_proto: https swag_url: myspotify.${MY_TLD} swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://myspotify.${MY_TLD} networks: default: null ports: - 8088:80 - 8098:443 restart: always youtubedl: container_name: youtubedl environment: PGID: ${PGID} PUID: ${PUID} TZ: America/New_York YDL_CONFIG_PATH: /youtube-dl/config.yml YDL_DEBUG: "false" hostname: Rinoa image: nbr23/youtube-dl-server:latest labels: homepage.group: Downloaders homepage.name: YoutubeDL homepage.icon: youtube-dl.svg homepage.href: https://ytdl.${MY_TLD} homepage.description: YouTube Downloader swag: enable swag_proto: http swag_url: ytdl.${MY_TLD} swag_port: 8080 swag.uptime-kuma.enabled: true swag.uptime-kuma.monitor.url: https://ytdl.${MY_TLD} networks: default: null ports: - 8089:8080 restart: unless-stopped volumes: - bind: create_host_path: true read_only: true source: /etc/localtime target: /etc/localtime type: bind - bind: create_host_path: true source: ${DOCKER_VOLUME_CONFIG}/youtubedl target: /youtube-dl type: bind - bind: create_host_path: true source: /rinoa-storage target: /storage type: bind zitadel: container_name: zitadel image: ghcr.io/zitadel/zitadel:latest command: 'start-from-init --masterkeyFromEnv --config /config.yaml --config /secrets.yaml --config /init-steps.yaml --tlsMode external' depends_on: zitadel-pg-db: condition: 'service_started' environment: ZITADEL_MASTERKEY: ${ZITADEL_MASTER_KEY} expose: - 8080 labels: swag: enable swag_proto: http swag_port: 8080 swag_url: id.${MY_TLD} swag_server_custom_directive: http2 on; homepage.group: System Administration homepage.name: Zitadel homepage.href: https://id.${MY_TLD} homepage.icon: zitadel.svg homepage.description: Centralized authentication management restart: unless-stopped volumes: - ${DOCKER_VOLUME_CONFIG}/zitadel/config.yaml:/config.yaml - ${DOCKER_VOLUME_CONFIG}/zitadel/init-steps.yaml:/init-steps.yaml - ${DOCKER_VOLUME_CONFIG}/zitadel/secrets.yaml:/secrets.yaml zitadel-pg-db: container_name: zitadel-pg-db environment: POSTGRES_USER: root POSTGRES_PASSWORD: ${ZITADEL_DB_ADMIN_PASSWORD} expose: - 5432 healthcheck: test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "root" ] interval: '10s' timeout: '30s' retries: 5 start_period: '20s' image: postgres:16-alpine restart: unless-stopped volumes: - zitadel-pg-db:/var/lib/postgresql/data volumes: authelia-pg-db: name: authelia-pg-db bitmagnet-pg-db: name: bitmagnet-pg-db bunkerweb-data: name: bunkerweb-data castopod-media: name: castopod-media crowdsec-config: name: crowdsec-config crowdsec-db: name: crowdsec-db dawarich_db_data: name: dawarich_db_data dawarich_shared: name: dawarich_shared dawarich_public: name: dawarich_public dawarich_watched: name: dawarich_watched dbgate-data: name: dbgate-data fastenhealth-cache: name: fastenhealth-cache fastenhealth-db: name: fastenhealth-db filebeat_etc: name: filebeat_etc filebeat_var: name: filebeat_var gitea-pg-db: name: gitea-pg-db hortusfox_app_backup: name: hortusfox_app_backup hortusfox_app_images: name: hortusfox_app_images hortusfox_app_logs: name: hortusfox_app_logs hortusfox_app_migrate: name: hortusfox_app_migrate hortusfox_app_themes: name: hortusfox_app_themes hortusfox_db_data: name: hortusfox_db_data immich-model-cache: name: immich-model-cache influxdb2-data: name: influxdb2-data influxdb2-config: name: influxdb2-config invidious-postgres: name: invidious-postgres invoice-ninja_cache: name: invoice-ninja_cache invoice-ninja_public: name: invoice-ninja_public invoice-ninja_storage: name: invoice-ninja_storage jitsi-web-admin-theme: name: jitsi-web-admin-theme jitsi-web-admin-upload: name: jitsi-web-admin-upload joplin_data: name: joplin_data libretranslate_models: name: libretranslate_models lldap_data: name: lldap_data mastodon-pg-db: name: mastodon-pg-db mongodb_config: name: mongodb_config mongodb_data: name: mongodb_data n8n-data: name: n8n-data netbird-mgmt: name: netbird-mgmt netbird-signal: name: netbird-signal netbird-letsencrypt: name: netbird-letsencrypt nextcloud_aio_mastercontainer: name: nextcloud_aio_mastercontainer ollama: name: ollama open-webui: name: open-webui paperless-ngx-data: name: paperless-ngx-data paperless-ngx-media: name: paperless-ngx-media paperless-ngx-pg: name: paperless-ngx-pg peppermint-pg-data: name: peppermint-pg-data pgbackweb-data: name: pgbackweb-data plausible-db-data: name: plausible-db-data plausible-event-data: name: plausible-event-data plausible-event-logs: name: plausible-event-logs portainer-data: name: portainer-data reactive-resume-pg: name: reactive-resume-pg sonarqube-data: name: sonarqube-data sonarqube-db: name: sonarqube-db sonarqube-db-data: name: sonarqube-db-data sonarqube-extensions: name: sonarqube-extensions sonarqube-logs: name: sonarqube-logs sonarqube-temp: name: sonarqube-temp tandoor-pg: name: tandoor-pg unmanic-cache: name: unmanic-cache wallos-db: name: wallos-db wallos-logos: name: wallos-logos zitadel-pg-db: name: zitadel-pg-db