Trez/rinoa-docker
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions 1 Activity
Files
stable-diffusion-deployment
rinoa-docker/docker-compose.yml
T
Trez.One 01d5afe81c
Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 4m35s
Details
Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Successful in 11m19s
Details
Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Successful in 1m7s
Details
Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Successful in 5m39s
Details
Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Successful in 1m47s
Details
Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Successful in 26m56s
Details
Adding Stable-Diffusion service for LibreChat.
2025-03-01 17:27:34 -05:00

5524 lines
164 KiB
YAML
Raw Permalink Blame History

name: compose
x-bw-ui-env: &bw-ui-env
# We anchor the environment variables to avoid duplication
AUTOCONF_MODE: yes
DATABASE_URI: "mariadb+pymysql://bunkerweb:${BUNKERWEB_DB_PASSWORD}@mariadb:3306/bunkerweb" # Remember to set a stronger password for the database
USE_REAL_IP: yes
REAL_IP_FROM: 172.18.0.0/16
REAL_IP_HEADER: 'X-Forwarded-For'
networks:
bitmagnet:
driver: bridge
ipam:
config:
- gateway: 192.168.55.1
subnet: 192.168.55.0/27
driver: default
name: compose_bitmagnet
default:
name: compose_default
nextcloud-aio:
external: true
services:
actual_server:
container_name: actualbudget
environment:
ACTUAL_LOGIN_METHOD: "pass"
ACTUAL_PORT: 5006
# - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
# - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
# - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
# See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
# !! If you are not using any of these options, remove the 'environment:' tag entirely.
image: docker.io/actualbudget/actual-server:latest
labels:
swag: enable
swag_port: 5006
swag_proto: http
swag_url: fin.${MY_TLD}
homepage.group: Lifestyle
homepage.name: Actual Budget
homepage.icon: actual-budget.svg
homepage.href: https://fin.${MY_TLD}
homepage.description: Privacy-focused app for managing finances
ports:
- 5006:5006
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/actual-budget:/data
adguard:
container_name: adguard
environment:
TZ: ${TZ}
hostname: Rinoa
image: adguard/adguardhome:latest
labels:
swag: enable
swag_proto: http
swag_url: adgh.${MY_TLD}
homepage.group: System Administration
homepage.name: AdGuard Home
homepage.icon: adguard-home.png
homepage.href: https://adgh.${MY_TLD}
homepage.description: Ad-blocking/DNS
homepage.widget.type: adguard
homepage.widget.url: http://adguard:80
homepage.widget.username: admin
homepage.widget.password: ${ADGUARD_PASSWORD}
networks:
default: null
ports:
- 3001:3000
- 446:443
- 8008:80
- 853:853
- 67:67
- 688:68
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/adguard/work
target: /opt/adguardhome/work
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/adguard/conf
target: /opt/adguardhome/conf
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- source: ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/archive/trez.wtf
target: /etc/ssl/certs
type: bind
bind:
create_host_path: true
archivebox:
container_name: archivebox
dns:
- adguard
environment:
ADMIN_USERNAME: admin # creates an admin user on first run with the given user/pass combo
ADMIN_PASSWORD: ${ARCHIVEBOX_ADMIN_PASSWORD}
ALLOWED_HOSTS: '*' # set this to the hostname(s) you're going to serve the site from!
CSRF_TRUSTED_ORIGINS: http://localhost:8000 # you MUST set this to the server's URL for admin login and the REST API to work
PUBLIC_INDEX: false # set to False to prevent anonymous users from viewing snapshot list
PUBLIC_SNAPSHOTS: false # set to False to prevent anonymous users from viewing snapshot content
PUBLIC_ADD_VIEW: false # set to True to allow anonymous users to submit new URLs to archive
SEARCH_BACKEND_ENGINE: ripgrep # tells ArchiveBox to use sonic container below for fast full-text search
image: archivebox/archivebox:latest
labels:
homepage.group: Personal Services
homepage.name: ArchiveBox
homepage.href: https://archive.${MY_TLD}
homepage.icon: archivebox.png
homepage.description: Podcasts, eBooks, & Audiobooks
swag: enable
swag_port: 8000
swag_proto: http
swag_url: archive.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://archive.${MY_TLD}
ports:
- 21324:8000
volumes:
- ${DOCKER_VOLUME_CONFIG}/archivebox:/data
# ./data/personas/Default/chrome_profile/Default:/data/personas/Default/chrome_profile/Default
audiobookshelf:
container_name: audiobookshelf
environment:
CONFIG_PATH: /config
HOME: /config/.home
LOG_LEVEL: info
METADATA_PATH: /metadata
TZ: America/New_York
hostname: Rinoa
image: ghcr.io/advplyr/audiobookshelf:latest
labels:
homepage.group: Media Library
homepage.name: Audiobookshelf
homepage.href: https://abs.${MY_TLD}
homepage.icon: audiobookshelf.png
homepage.description: Podcasts, eBooks, & Audiobooks
homepage.widget.type: audiobookshelf
homepage.widget.url: http://audiobookshelf:80
homepage.widget.key: ${AUDIOBOOKSHELF_ROOT_API_KEY}
swag: enable
swag_address: audiobookshelf
swag_proto: http
swag_url: abs.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://abs.${MY_TLD}
networks:
default: null
ports:
- 13378:80
restart: unless-stopped
user: 1000:1000
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf
target: /config
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata
target: /metadata
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
authelia:
container_name: authelia
depends_on:
authelia-pg:
condition: service_started
required: true
lldap:
condition: service_started
required: true
environment:
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${AUTHELIA_AUTH_BIND_LDAP_PASSWORD}
AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
AUTHELIA_NOTIFIER_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
AUTHELIA_NOTIFIER_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
GUID: ${PGID}
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
expose:
- 9091
image: authelia/authelia:master
labels:
homepage.group: Privacy/Security
homepage.name: Authelia
homepage.href: https://auth.${MY_TLD}
homepage.icon: authelia.svg
homepage.description: Authentication/authorization server with MFA & SSO
swag: enable
swag_proto: http
swag_port: 9091
swag_url: auth.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://auth.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/authelia/
target: /config
type: bind
bind:
create_host_path: true
authelia-pg:
container_name: authelia-pg
environment:
POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
POSTGRES_USER: authelia
POSTGRES_DB: authelia
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: unless-stopped
volumes:
- source: authelia-pg-db
target: /var/lib/postgresql/data
type: volume
bind:
create_host_path: true
bazarr:
container_name: bazarr
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
DOCKER_MODS: ghcr.io/gilbn/theme.park:bazarr
hostname: Rinoa
image: lscr.io/linuxserver/bazarr:latest
labels:
homepage.group: Servarr Stack
homepage.name: Bazarr
homepage.href: https://bazarr.${MY_TLD}
homepage.icon: bazarr.png
homepage.description: Subtitle automation for TV shows/movies
homepage.widget.type: bazarr
homepage.widget.url: http://bazarr:6767
homepage.widget.key: ${BAZARR_API_KEY}
swag: enable
swag_proto: http
swag_port: 6767
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 6767:6767
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/bazarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
beszel:
container_name: beszel
extra_hosts:
- host.docker.internal:host-gateway
image: henrygd/beszel:latest
labels:
homepage.group: Infrastructure/App Performance Monitoring
homepage.name: Beszel
homepage.href: https://beszel.${MY_TLD}
homepage.icon: beszel.svg
homepage.description: Lightweight server monitoring hub
homepage.widget.type: beszel
homepage.widget.url: http://beszel:8090
homepage.widget.username: ${SWAG_ENVIRONMENT_EMAIL}
homepage.widget.password: ${BESZEL_ADMIN_PASSWORD}
homepage.widget.version: 2
swag: enable
swag_proto: http
swag_port: 8090
swag_url: beszel.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://beszel.${MY_TLD}
ports:
- 22220:8090
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/beszel:/beszel_data
beszel-agent:
container_name: beszel-agent
depends_on:
- beszel
environment:
DOCKER_HOST: tcp://dockerproxy:2375
PORT: 45876
# Do not remove quotes around the key
KEY: '${BESZEL_RINOA_AGENT_KEY}'
expose:
- 45876
image: henrygd/beszel-agent:latest
network_mode: host
restart: unless-stopped
volumes:
- /rinoa-storage:/extra-filesystems/rinoa-storage:ro
- /dev/nvme0n1:/extra-filesystems/nvme0n1:ro
bitmagnet:
command:
- worker
- run
- --keys=http_server
- --keys=queue_server
- --keys=dht_crawler
container_name: bitmagnet
depends_on:
bitmagnet-pg-db:
condition: service_healthy
required: true
gluetun:
condition: service_started
required: true
restart: true
environment:
LOG_FILE_ROTATION_ENABLED: true
POSTGRES_HOST: bitmagnet-pg-db
POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD}
POSTGRES_USER: bitmagnet
image: ghcr.io/bitmagnet-io/bitmagnet:latest
labels:
homepage.group: Downloaders
homepage.name: Bitmagnet
homepage.href: https://btmag.${MY_TLD}
homepage.icon: sh-bitmagnet.png
homepage.description: Torrent indexer, DHT crawler, search engine, & content classifier
homepage.widget.type: gluetun
homepage.widget.url: http://gluetun:8000
swag: enable
swag_proto: http
swag_address: gluetun
swag_auth: authelia
swag_auth_bypass: /v1
swag_port: 3333
swag_url: btmag.${MY_TLD}
network_mode: service:gluetun
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/bitmagnet
target: /root/.local/share/bitmagnet
type: bind
bind:
create_host_path: true
bitmagnet-pg-db:
container_name: bitmagnet-pg-db
environment:
POSTGRES_DB: bitmagnet
POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD}
POSTGRES_USER: bitmagnet
expose:
- 5432
healthcheck:
interval: 10s
start_period: 20s
test:
- CMD-SHELL
- pg_isready
image: postgres:17-alpine
networks:
bitmagnet:
ipv4_address: 192.168.55.8
default: null
restart: unless-stopped
shm_size: 1g
volumes:
- source: bitmagnet-pg-db
target: /var/lib/postgresql/data
type: volume
volume: {}
bitwarden:
container_name: bitwarden
environment:
ADMIN_TOKEN: ${BITWARDEN_ENVIRONMENT_ADMIN_TOKEN}
DATABASE_URL: data/db.sqlite3
DISABLE_ADMIN_TOKEN: "false"
DOMAIN: https://bitwarden.${MY_TLD}
ENABLE_DB_WAL: "true"
INVITATIONS_ALLOWED: "false"
SHOW_PASSWORD_HINT: "false"
SIGNUPS_ALLOWED: "true"
SIGNUPS_VERIFY: "true"
TZ: America/New_York
WEBSOCKET_ENABLED: "true"
hostname: Rinoa
image: vaultwarden/server:latest
labels:
homepage.group: Privacy/Security
homepage.name: Bitwarden
homepage.icon: bitwarden.png
homepage.href: https://bitwarden.${MY_TLD}
homepage.description: Credential/Information Vault
swag: enable
swag_url: bitwarden.${MY_TLD}
swag_proto: http
swag_port: 80
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 3012:3012
- 8013:80
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/bitwarden
target: /data
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
bluesky-pds:
container_name: bluesky-pds
environment:
PDS_ADMIN_EMAIL: charish.patel@trez.wtf
PDS_HOSTNAME: bsky.trez.wtf
PDS_JWT_SECRET: ${BLUESKY_PDS_JWT_SECRET}
PDS_ADMIN_PASSWORD: ${BLUESKY_PDS_ADMIN_PASSWORD}
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${BLUESKY_PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}
PDS_DATA_DIRECTORY: /pds
PDS_EMAIL_SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
PDS_EMAIL_FROM_ADDRESS: noreply@trez.wtf
PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks
PDS_BLOB_UPLOAD_LIMIT: 52428800
PDS_DID_PLC_URL: ${PDS_DID_PLC_URL}
PDS_BSKY_APP_VIEW_URL: ${PDS_BSKY_APP_VIEW_URL}
PDS_BSKY_APP_VIEW_DID: ${PDS_BSKY_APP_VIEW_DID}
PDS_REPORT_SERVICE_URL: ${PDS_REPORT_SERVICE_URL}
PDS_REPORT_SERVICE_DID: ${PDS_REPORT_SERVICE_DID}
PDS_CRAWLERS: ${PDS_CRAWLERS}
LOG_ENABLED: true
expose:
- 3000
image: ghcr.io/bluesky-social/pds:latest
labels:
swag: enable
swag_port: 3000
swag_url: bsky.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://bsky.${MY_TLD}
restart: unless-stopped
volumes:
- type: bind
source: ${DOCKER_VOLUME_CONFIG}/bluesky-pds
target: /pds
browserless:
container_name: browserless
environment:
ALLOW_FILE_PROTOCOL: true
CONCURRENT: 20
HEALTH: false
PROXY_HOST: swag
PROXY_PORT: 443
PROXY_SSL: true
QUEUED: 20
TIMEOUT: 300000
TOKEN: ${CHROMIUM_TOKEN}
TZ: ${TZ}
expose:
- 3000
image: ghcr.io/browserless/chromium:latest
labels:
swag: enable
swag_proto: http
swag_port: 3000
swag_url: browse.${MY_TLD}
networks:
default: null
restart: unless-stopped
bunkerweb:
container_name: bunkerweb
image: bunkerity/bunkerweb:1.6.0
environment:
AUTOCONF_MODE: yes
API_WHITELIST_IP: 127.0.0.0/8 172.18.0.0/16
labels:
bunkerweb.INSTANCE: yes
ports:
- 27002:8080
- 63824:8443
restart: unless-stopped
bunkerweb-scheduler:
container_name: bunkerweb-scheduler
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: bunkerweb
SERVER_NAME: bunker.trez.wtf
API_WHITELIST_IP: 127.0.0.0/8 172.18.0.0/16
MULTISITE: yes
UI_HOST: http://bunkerweb-ui:7000 # Change it if needed
SERVE_FILES: no
DISABLE_DEFAULT_SERVER: yes
USE_CLIENT_CACHE: yes
USE_GZIP: yes
USE_REVERSE_PROXY: yes
REVERSE_PROXY_URL: /
REVERSE_PROXY_HOST: http://swag:80
image: bunkerity/bunkerweb-scheduler:1.6.0
restart: unless-stopped
volumes:
- bunkerweb-storage:/data # This is used to persist the cache and other data like the backups
bunkerweb-autoconf:
container_name: bunkerweb-autoconf
depends_on:
- docker-socket-proxy
environment:
<<: *bw-ui-env
DOCKER_HOST: tcp://dockerproxy:2375
image: bunkerity/bunkerweb-autoconf:1.6.0
restart: unless-stopped
bunkerweb-ui:
container_name: bunkerweb-ui
environment:
<<: *bw-ui-env
TOTP_SECRETS: ${BUNKERWEB_TOTP_SECRETS}
expose:
- 7000
image: bunkerity/bunkerweb-ui:1.6.0
labels:
homepage.group: Privacy/Security
homepage.name: Bunker Web
homepage.href: https://bunker.${MY_TLD}
homepage.icon: bunkerweb.svg
homepage.description: Next-gen WAF
swag: enable
swag_port: 7000
swag_url: bunker.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://bunker.${MY_TLD}
restart: unless-stopped
bytestash:
container_name: bytestash
environment:
BASE_PATH:
JWT_SECRET: ${BYTESTASH_JWT_SECRET}
TOKEN_EXPIRY: 24h
ALLOW_NEW_ACCOUNTS: true
DEBUG: true
DISABLE_ACCOUNTS: false
DISABLE_INTERNAL_ACCOUNTS: false
image: ghcr.io/jordan-dalby/bytestash:latest
labels:
homepage.description: Code Gists/Snippets
homepage.group: Code/DevOps
homepage.href: https://gist.trez.wtf
homepage.icon: bytestash.svg
homepage.name: Bytestash
swag: enable
swag_port: 5000
swag_proto: http
swag_url: gist.trez.wtf
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://gist.trez.wtf
ports:
- 62139:5000
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/bytestash:/data/snippets
castopod:
container_name: castopod
depends_on:
mariadb:
condition: service_started
required: true
restart: true
environment:
MYSQL_DATABASE: castopod
MYSQL_USER: castopod
MYSQL_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD}
CP_DATABASE_HOSTNAME: mariadb
CP_DATABASE_NAME: castopod
CP_DATABASE_USERNAME: castopod
CP_DATABASE_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD}
CP_BASEURL: "https://pod.trez.wtf"
CP_ANALYTICS_SALT: ${CASTOPOD_ANALYTICS_SALT}
CP_CACHE_HANDLER: redis
CP_DISABLE_HTTPS: 0
CP_REDIS_HOST: redis
CP_EMAIL_SMTP_HOST: postal-smtp
CP_EMAIL_FROM: noreply@trez.wtf
CP_EMAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
CP_EMAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
expose:
- 8000
image: castopod/castopod:latest
labels:
homepage.group: Social
homepage.name: Castopod
homepage.href: https://pod.${MY_TLD}
homepage.icon: castopod.png
homepage.description: Podcast self-hosting
swag: enable
swag_address: castopod
swag_port: 8000
swag_url: pod.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://pod.${MY_TLD}
restart: unless-stopped
volumes:
- castopod-media:/var/www/castopod/public/media
cloudflared:
command: ['tunnel', '--no-autoupdate', 'run', '--token', '${CLOUDFLARED_TUNNEL_TOKEN}']
container_name: cloudflared
environment:
CLOUDFLARED_TUNNEL_KEY: ${CLOUDFLARED_TUNNEL_TOKEN}
image: 'cloudflare/cloudflared:latest'
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/cloudflared:/etc/cloudflared
cloudflareddns:
container_name: cloudflareddns
environment:
ARGS: --dns-cloudflare-propagation-seconds 60
CF_APIKEY: ${CLOUDFLAREDDNS_ENVIRONMENT_APIKEY}
CF_APITOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN}
CF_HOSTS: trez.wtf
CF_RECORDTYPES: A
CF_USER: charish.patel@trez.wtf
CF_ZONES: trez.wtf
DETECTION_MODE: dig-google.com
INTERVAL: "300"
LOG_LEVEL: "3"
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: ghcr.io/hotio/cloudflareddns:latest
networks:
default: null
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/cloudflareddns
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
convertx:
container_name: convertx
environment:
JWT_SECRET: ${CONVERTX_JWT_SECRET}
image: ghcr.io/c4illin/convertx
labels:
homepage.group: System Administration
homepage.name: ConvertX
homepage.href: https://convert.${MY_TLD}
homepage.icon: sh-convertx.png
homepage.description: Online file converter
swag: enable
swag_port: 3000
swag_proto: http
swag_url: convert.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://convert.${MY_TLD}
ports:
- 38946:3000
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/convertx:/app/data
cronicle:
container_name: cronicle
entrypoint: manager
environment:
CRONICLE_manager: 1
CRONICLE_secret_key: "${CRONICLE_SECRET_KEY}"
DOCKER_HOST: tcp://dockerproxy:2375
hostname: cronicle
image: elestio/cronicle:latest
labels:
homepage.group: Automation
homepage.name: Cronicle
homepage.href: https://cron.${MY_TLD}
homepage.icon: sh-cronicle.png
homepage.description: Multi-server task schedule with a web interface
swag: enable
swag_port: 3012
swag_proto: http
swag_url: cron.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://cron.${MY_TLD}
ports:
- 31037:3012
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/cronicle/data:/opt/cronicle/data
- ${DOCKER_VOLUME_CONFIG}/cronicle/logs:/opt/cronicle/logs
- ${DOCKER_VOLUME_CONFIG}/cronicle/plugins:/opt/cronicle/plugins
- ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app
crowdsec:
container_name: crowdsec
environment:
DOCKER_HOST: tcp://dockerproxy:2375
GID: 1000
BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables
image: crowdsecurity/crowdsec:latest
networks:
default: null
ports:
- 8101:8080
restart: unless-stopped
security_opt:
- no-new-privileges=true
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local
target: /etc/crowdsec/config.yaml.local
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local
target: /etc/crowdsec/local_api_credentials.yaml.local
type: bind
bind:
create_host_path: true
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx
target: /var/log/swag
type: bind
bind:
create_host_path: true
- source: crowdsec-config
target: /etc/crowdsec
type: volume
volume: {}
- source: crowdsec-db
target: /var/lib/crowdsec/data
type: volume
volume: {}
- bind:
create_host_path: true
read_only: true
source: /var/log/journal
target: /var/log/host
type: bind
crowdsec-dashboard:
container_name: crowdsec-dashboard
depends_on:
crowdsec:
condition: service_started
required: true
environment:
MB_DB_FILE: /data/metabase.db
MGID: ${GID-1000}
image: metabase/metabase
labels:
com.centurylinklabs.watchtower.enable: false
homepage.group: Privacy/Security
homepage.name: CrowdSec Dashboard
homepage.href: https://csec.${MY_TLD}
homepage.icon: crowdsec.svg
homepage.description: Real-time & crowdsourced protection against aggressive IPs
homepage.widget.type: crowdsec
homepage.widget.url: http://crowdsec:8080
homepage.widget.username: localhost
homepage.widget.password: ${CROWDSEC_LOCAL_API_KEY}
swag: enable
swag_port: 3000
swag_proto: http
swag_url: csec.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://csec.${MY_TLD}
networks:
default: null
ports:
- 8908:3000
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
- source: crowdsec-db
target: /data/
type: volume
volume: {}
cyber-chef:
container_name: cyber-chef
image: mpepping/cyberchef:latest
labels:
homepage.description: Web app for encryption, encoding, compression, and data analysis
homepage.group: Code/DevOps
homepage.href: https://cchef.trez.wtf
homepage.icon: cyberchef.svg
homepage.name: CyberChef
swag: enable
swag_port: 8000
swag_proto: http
swag_url: cchef.trez.wtf
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://gist.trez.wtf
ports:
- 20992:8000
restart: unless-stopped
czkawka:
container_name: czkawka
environment:
KEEP_APP_RUNNING: 1
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
UMASK: 1
WEB_LISTENING_PORT: 5800
image: jlesage/czkawka
labels:
homepage.group: System Administration
homepage.name: Czkawka
homepage.href: https://czkawka.${MY_TLD}
homepage.icon: sh-czkawka.svg
homepage.description: Smart file management
swag: enable
swag_port: 5800
swag_proto: http
swag_url: czkawka.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://czkawka.${MY_TLD}
networks:
default: null
ports:
- 5800:5800
privileged: true
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/czkawka
target: /config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}
target: /storage
type: bind
bind:
create_host_path: true
dawarich-app:
command: ['bin/rails', 'server', '-p', '3000', '-b', '::']
container_name: dawarich-app
depends_on:
dawarich-pg-db:
condition: service_healthy
restart: true
redis:
condition: service_started
restart: true
deploy:
resources:
limits:
cpus: '0.50' # Limit CPU usage to 50% of one core
memory: '4G' # Limit memory usage to 4GB
entrypoint: web-entrypoint.sh
environment:
RAILS_ENV: development
REDIS_URL: redis://redis:6379/
DATABASE_HOST: dawarich-pg-db
DATABASE_USERNAME: dawarich
DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
DATABASE_NAME: dawarich
MIN_MINUTES_SPENT_IN_CITY: 60
APPLICATION_HOSTS: localhost,loc.trez.wtf,192.168.1.254
TIME_ZONE: ${TZ}
APPLICATION_PROTOCOL: http
DISTANCE_UNIT: km
PROMETHEUS_EXPORTER_ENABLED: false
PROMETHEUS_EXPORTER_HOST: 0.0.0.0
PROMETHEUS_EXPORTER_PORT: 9394
ENABLE_TELEMETRY: false # More on telemetry: https://dawarich.app/docs/tutorials/telemetry
healthcheck:
test: [ "CMD-SHELL", "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'" ]
interval: 10s
retries: 30
start_period: 30s
timeout: 10s
image: freikin/dawarich:latest
labels:
homepage.group: Personal Services
homepage.name: Dawarich
homepage.href: https://loc.${MY_TLD}
homepage.icon: dawarich.svg
homepage.description: Self-hosted alternative to Google Location History
swag: enable
swag_port: 3000
swag_proto: http
swag_url: loc.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://loc.${MY_TLD}
ports:
- 63561:3000
# - 9394:9394 # Prometheus exporter, uncomment if needed
restart: on-failure
stdin_open: true
tty: true
volumes:
- dawarich_public:/var/app/public
- dawarich_watched:/var/app/tmp/imports/watched
- ${DOCKER_VOLUME_CONFIG}/dawarich/web-entrypoint.sh:/usr/local/bin/web-entrypoint.sh
dawarich-pg-db:
container_name: dawarich-pg-db
environment:
POSTGRES_DB: dawarich
POSTGRES_USER: dawarich
POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD}
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres -d dawarich_development" ]
interval: 10s
retries: 5
start_period: 30s
timeout: 10s
image: postgis/postgis:17-3.5-alpine
restart: always
shm_size: 1G
volumes:
- dawarich_db_data:/var/lib/postgresql/data
- dawarich_shared:/var/shared
dawarich-sidekiq:
command: ['sidekiq']
container_name: dawarich-sidekiq
entrypoint: sidekiq-entrypoint.sh
environment:
RAILS_ENV: development
REDIS_URL: redis://redis:6379/
DATABASE_HOST: dawarich-pg-db
DATABASE_USERNAME: dawarich
DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
DATABASE_NAME: dawarich
APPLICATION_HOSTS: localhost,loc.trez.wtf
BACKGROUND_PROCESSING_CONCURRENCY: 10
APPLICATION_PROTOCOL: http
DISTANCE_UNIT: km
PROMETHEUS_EXPORTER_ENABLED: false
PROMETHEUS_EXPORTER_HOST: dawarich-app
PROMETHEUS_EXPORTER_PORT: 9394
ENABLE_TELEMETRY: false # More on telemetry: https://dawarich.app/docs/tutorials/telemetry
depends_on:
dawarich-app:
condition: service_healthy
restart: true
dawarich-pg-db:
condition: service_healthy
restart: true
redis:
condition: service_started
restart: true
deploy:
resources:
limits:
cpus: '0.50' # Limit CPU usage to 50% of one core
memory: '4G' # Limit memory usage to 4GB
healthcheck:
test: [ "CMD-SHELL", "bundle exec sidekiqmon processes | grep $${HOSTNAME}" ]
interval: 10s
retries: 30
start_period: 30s
timeout: 10s
image: freikin/dawarich:latest
restart: on-failure
stdin_open: true
tty: true
volumes:
- dawarich_public:/var/app/public
- dawarich_watched:/var/app/tmp/imports/watched
- ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
dbgate:
container_name: dbgate
environment:
CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,mariadb,mastodon-pg-db,mongodb,pgbackweb,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,traccar-pg,zitadel-pg-db
LOGIN: TrezOne
PASSWORD: ${DBGATE_LOGIN_PASSWORD}
LABEL_mariadb: mariadb
SERVER_mariadb: mariadb
USER_mariadb: root
PASSWORD_mariadb: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
PORT_mariadb: 3306
ENGINE_mariadb: mariadb@dbgate-plugin-mysql
LABEL_authelia-pg: authelia-pg
SERVER_authelia-pg: authelia-pg
USER_authelia-pg: authelia
DATABASE_authelia-pg: authelia
PASSWORD_authelia-pg: ${BITMAGNET_POSTGRESQL_PASSWORD}
PORT_authelia-pg: 5432
ENGINE_authelia-pg: postgres@dbgate-plugin-postgres
LABEL_bitmagnet-pg-db: bitmagnet-pg-db
SERVER_bitmagnet-pg-db: bitmagnet-pg-db
USER_bitmagnet-pg-db: bitmagnet-pg
DATABASE_bitmagnet-pg-db: bitmagnet
PASSWORD_bitmagnet-pg-db: ${BITMAGNET_POSTGRESQL_PASSWORD}
PORT_bitmagnet-pg-db: 5432
ENGINE_bitmagnet-pg-db: postgres@dbgate-plugin-postgres
LABEL_gitea-db: gitea-db
SERVER_gitea-db: gitea-db
USER_gitea-db: gitea
PASSWORD_gitea-db: ${GITEA_PG_DB_PASSWORD}
DATABASE_gitea-db: gitea
PORT_gitea-db: 5432
ENGINE_gitea-db: postgres@dbgate-plugin-postgres
LABEL_invidious-db: invidious-db
SERVER_invidious-db: invidious-db
USER_invidious-db: kemal
PASSWORD_invidious-db: ${INVID_PG_DB_PASSWORD}
PORT_invidious-db: 5432
DATABASE_invidious-db: invidious
ENGINE_invidious-db: postgres@dbgate-plugin-postgres
LABEL_joplin-db: joplin-db
SERVER_joplin-db: joplin-db
USER_joplin-db: ${JOPLIN_POSTGRES_USER}
PASSWORD_joplin-db: ${JOPLIN_POSTGRES_DATABASE}
DATABASE_joplin-db: joplin
PORT_joplin-db: 5432
ENGINE_joplin-db: postgres@dbgate-plugin-postgres
LABEL_mastodon-pg-db: mastodon-pg-db
SERVER_mastodon-pg-db: mastodon-pg-db
USER_mastodon-pg-db: mastodon
PASSWORD_mastodon-pg-db: ${MASTODON_PG_DB_PASSWORD}
DATABASE_mastodon-pg-db: mastodon
PORT_mastodon-pg-db: 5432
ENGINE_mastodon-pg-db: postgres@dbgate-plugin-postgres
LABEL_mongodb: mongodb
SERVER_mongodb: mongodb
USER_mongodb: root
PASSWORD_mongodb: ${MONGO_INITDB_ROOT_PASSWORD}
PORT_mongodb: 27017
DATABSE_mongodb: admin
# URI_mongodb: mongodb://root:${MONGO_INITDB_ROOT_PASSWORD}@mongodb:27017/admin?replicaSet=rinoa
ENGINE_mongodb: mongo@dbgate-plugin-mongo-v2
LABEL_pgbackweb-db: pgbackweb-db
SERVER_pgbackweb-db: pgbackweb-db
USER_pgbackweb-db: pgbackweb
PASSWORD_pgbackweb-db: ${PGBACKWEB_PG_DB_PASSWD}
PORT_pgbackweb-db: 5432
ENGINE_pgbackweb-db: postgres@dbgate-plugin-postgres
LABEL_plausible-db: plausible-db
SERVER_plausible-db: plausible-db
USER_plausible-db: plausible
PASSWORD_plausible-db: ${PLAUSIBLE_PG_PASSWORD}
PORT_plausible-db: 5432
ENGINE_plausible-db: postgres@dbgate-plugin-postgres
LABEL_reactive-resume-pg: reactive-resume-pg
SERVER_reactive-resume-pg: reactive-resume-pg
USER_reactive-resume-pg: reactiveresume
PASSWORD_reactive-resume-pg: ${REACTIVE_RESUME_PGSQL_PASSWORD}
PORT_reactive-resume-pg: 5432
ENGINE_reactive-resume-pg: postgres@dbgate-plugin-postgres
LABEL_sonarqube-pg-db: sonarqube-pg-db
SERVER_sonarqube-pg-db: sonarqube-pg-db
USER_sonarqube-pg-db: sonar
PASSWORD_sonarqube-pg-db: ${SONARQUBE_POSTGRES_PASSWORD}
PORT_sonarqube-pg-db: 5432
ENGINE_sonarqube-pg-db: postgres@dbgate-plugin-postgres
LABEL_tandoor-pg: tandoor-pg
SERVER_tandoor-pg: tandoor-pg
USER_tandoor-pg: tandoor
PASSWORD_tandoor-pg: ${TANDOOR_POSTGRES_PASSWORD}
PORT_tandoor-pg: 5432
ENGINE_tandoor-pg: postgres@dbgate-plugin-postgres
LABEL_traccar-pg: traccar-pg
SERVER_traccar-pg: traccar-pg
USER_traccar-pg: ${TRACCAR_POSTGRES_USER}
PASSWORD_traccar-pg: ${TRACCAR_POSTGRES_PASSWORD}
PORT_traccar-pg: 5432
ENGINE_traccar-pg: postgres@dbgate-plugin-postgres
LABEL_zitadel-pg-db: zitadel-pg-db
SERVER_zitadel-pg-db: zitadel-pg-db
USER_zitadel-pg-db: root
PASSWORD_zitadel-pg-db: ${ZITADEL_DB_ADMIN_PASSWORD}
PORT_zitadel-pg-db: 5432
ENGINE_zitadel-pg-db: postgres@dbgate-plugin-postgres
image: dbgate/dbgate:alpine
labels:
homepage.group: System Administration
homepage.name: DbGate
homepage.href: https://dbs.${MY_TLD}
homepage.icon: sh-dbgate.png
homepage.description: Cross-platform database manager
swag: enable
swag_port: 3000
swag_proto: http
swag_url: dbs.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
ports:
- 49054:3000
restart: unless-stopped
volumes:
- dbgate-data:/root/.dbgate
delugevpn:
cap_add:
- NET_ADMIN
- SYS_MODULE
container_name: delugevpn
environment:
ENABLE_PRIVOXY: "no"
LAN_NETWORK: 192.168.1.0/24
NAME_SERVERS: 192.168.1.254,1.1.1.1
PGID: "1000"
PUID: "1000"
TZ: America/New_York
VPN_CLIENT: openvpn
VPN_ENABLED: "yes"
VPN_INPUT_PORTS: ""
VPN_OPTIONS: ""
VPN_OUTPUT_PORTS: ""
VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA
VPN_PROV: pia
VPN_USER: p3120278
hostname: Rinoa
image: ghcr.io/binhex/arch-delugevpn:latest
labels:
homepage.group: Downloaders
homepage.name: DelugeVPN
homepage.href: https://deluge.${MY_TLD}
homepage.icon: deluge.png
homepage.description: Torrent over VPN
homepage.widget.type: deluge
homepage.widget.url: http://delugevpn:8112
homepage.widget.password: ${DELUGEVPN_PASSWORD}
swag: enable
swag_port: 8112
swag_proto: http
swag_url: deluge.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://deluge.${MY_TLD}
networks:
default: null
ports:
- 58846:58846
- 58946:58946
- 6881:6881
- 8112:8112
- 8118:8118
privileged: true
restart: unless-stopped
sysctls:
net.ipv4.conf.all.src_valid_mark: "1"
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/delugevpn
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
docker-socket-proxy:
container_name: dockerproxy
environment:
AUTH: 1
BUILD: 1
COMMIT: 1
CONFIGS: 1
CONTAINERS: 1
DISTRIBUTION: 1
EVENTS: 1
EXEC: 1
GPRC: 1
IMAGES: 1
INFO: 1
NETWORKS: 1
NODES: 1
POST: 1
PLUGINS: 1
SERVICES: 1
SESSION: 1
SYSTEM: 1
TASKS: 1
VOLUMES: 1
LOG_LEVEL: debug
image: ghcr.io/tecnativa/docker-socket-proxy:latest
labels:
komodo.skip: s
networks:
default: null
ports:
- 2375:2375
privileged: true
restart: unless-stopped
volumes:
- bind:
create_host_path: true
source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
docker-volume-backup:
container_name: docker-volume-backup
image: offen/docker-volume-backup:v2
environment:
BACKUP_ARCHIVE: /archive
BACKUP_CRON_EXPRESSION: '@weekly'
BACKUP_COMPRESSION: zst
BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}
BACKUP_FILENAME_EXPAND: true
BACKUP_RETENTION_DAYS: 14
DOCKER_HOST: tcp://dockerproxy:2375
NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN}
restart: always
volumes:
- docker-volume-bkup-data:/backup/my-app-backup:ro
- ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
docuseal:
container_name: docuseal
image: docuseal/docuseal:latest
labels:
homepage.group: Personal Services
homepage.name: Docuseal
homepage.href: https://docs.${MY_TLD}
homepage.description: OSS Document Signing & Verification
homepage.icon: docuseal.png
swag: enable
swag_proto: http
swag_port: 3000
swag_url: sign.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://sign.${MY_TLD}
networks:
default: null
ports:
- 3002:3000
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/docuseal
target: /data
type: bind
bind:
create_host_path: true
duplicati:
container_name: duplicati
environment:
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: lscr.io/linuxserver/duplicati:latest
labels:
swag: enable
swag_port: 8200
swag_proto: http
swag_url: dup.${MY_TLD}
homepage.group: Automation
homepage.name: Duplicati
homepage.href: https://dup.${MY_TLD}
homepage.icon: duplicati.png
homepage.description: Data backup
networks:
default: null
ports:
- 8282:8200
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/duplicati
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
source: /home/charish/.config/appdata/backups
target: /backups
type: bind
- bind:
create_host_path: true
source: /home/charish/.config/appdata
target: /source
type: bind
fastenhealth:
container_name: fastenhealth
image: ghcr.io/fastenhealth/fasten-onprem:main
labels:
homepage.group: Lifestyle
homepage.name: Fasten
homepage.icon: sh-fasten-health.svg
homepage.href: http://health.${MY_TLD}
homepage.description: Open-source, self-hosted, personal/family electronic medical record aggregator
swag: enable
swag_proto: http
swag_port: 8080
swag_url: health.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://health.${MY_TLD}
networks:
default: null
ports:
- 8105:8080
restart: unless-stopped
volumes:
- source: fastenhealth-cache
target: /opt/fasten/cache
type: volume
volume: {}
- source: fastenhealth-db
target: /opt/fasten/db
type: volume
volume: {}
flaresolverr:
container_name: flaresolverr
environment:
CAPTCHA_SOLVER: none
LOG_HTML: false
LOG_LEVEL: info
PORT: 8191
TZ: America/New_York
BROWSER_TIMEOUT: 40000
TEST_URL: https://duckduckgo.com
hostname: Rinoa
image: ghcr.io/flaresolverr/flaresolverr:latest
networks:
default: null
ports:
- 8191:8191
restart: unless-stopped
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
ghost:
container_name: ghost_blog
depends_on:
mariadb:
condition: service_started
required: true
restart: true
environment:
database__client: mysql
database__connection__host: mariadb
database__connection__port: 3306
database__connection__user: ${GHOST_DB_USER}
database__connection__password: ${GHOST_DB_PASSWORD}
database__connection__database: ghost_db
mail__transport: SMTP
mail__options__host: postal-smtp
mail__options__port: 25
mail__options__secure: false
mail__options__auth__user: ${POSTAL_SMTP_AUTH_USER}
mail__options__auth__pass: ${POSTAL_SMTP_AUTH_PASSWORD}
mail__from: "noreply@trez.wtf"
url: https://blog.${MY_TLD}
image: ghost:latest
labels:
homepage.group: Lifestyle
homepage.name: Ghost
homepage.href: https://blog.${MY_TLD}
homepage.icon: ghost.png
homepage.description: Personal blog
swag: enable
swag_port: 2368
swag_proto: http
swag_url: blog.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://blog.${MY_TLD}
links:
- mariadb
networks:
default: null
restart: always
gitea:
container_name: gitea
depends_on:
gitea-db:
condition: service_healthy
required: true
environment:
USER_UID: ${PUID}
USER_GID: ${PGID}
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: gitea-db:5432
GITEA__database__NAME: gitea
GITEA__database__USER: gitea
GITEA__database__PASSWD: ${GITEA_PG_DB_PASSWORD}
GITEA__mailer__ENABLED: true
GITEA__mailer__FROM: '"Gitea" <noreply@trez.wtf>'
GITEA__mailer__PROTOCOL: smtp
GITEA__mailer__SMTP_ADDR: postal-smtp
GITEA__mailer__SMTP_PORT: 25
GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
image: gitea/gitea:1.23.1
labels:
homepage.group: Code/DevOps
homepage.name: Gitea
homepage.href: https://git.${MY_TLD}
homepage.icon: gitea.svg
homepage.description: Private Code Repo
homepage.widget.type: gitea
homepage.widget.url: http://gitea:3000
homepage.widget.key: ${GITEA_HOMEPAGE_API_KEY}
swag: enable
swag_url: git.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://git.${MY_TLD}
networks:
default: null
ports:
- 3013:3000
- 222:22
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/gitea
target: /data/gitea
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/timezone
target: /etc/timezone
type: bind
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
gitea-db:
container_name: gitea-db
environment:
POSTGRES_USER: gitea
POSTGRES_PASSWORD: ${GITEA_PG_DB_PASSWORD}
POSTGRES_DB: gitea
expose:
- 5432
healthcheck:
interval: 10s
start_period: 20s
test:
- CMD-SHELL
- pg_isready
image: postgres:14
networks:
default: null
restart: always
volumes:
- source: gitea-pg-db
target: /var/lib/postgresql/data
type: volume
volume: {}
gitea-runner:
container_name: gitea-runner
depends_on:
gitea:
condition: service_started
environment:
CONFIG_FILE: /config.yaml
DOCKER_HOST: tcp://dockerproxy:2375
GITEA_INSTANCE_URL: https://git.trez.wtf
GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
GITEA_RUNNER_NAME: "gitea-runner-1"
image: gitea/act_runner:latest
ports:
- 63604:63604
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml
gitea-sonarqube-bot:
container_name: gitea-sonarqube-bot
depends_on:
gitea:
condition: service_started
sonarqube:
condition: service_started
image: justusbunsi/gitea-sonarqube-bot:v0.4.0
environment:
GITEA_SQ_BOT_PORT: 58525
GITEA_SQ_BOT_CONFIG_PATH: /home/bot/config/config.yaml
ports:
- 58525:58525
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/
gluetun:
cap_add:
- NET_ADMIN
container_name: gluetun
environment:
OPENVPN_PASSWORD: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
OPENVPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
PORT_FORWARD_ONLY: true
SERVER_REGIONS: Bahamas,Belgium,Cyprus,Estonia,FI Helsinki,Iceland,Latvia,Lithuania,Luxembourg,Montenegro,Netherlands,Portugal,DK Copenhagen,Ukraine,Uruguay
VPN_SERVICE_PROVIDER: private internet access
expose:
- 8000
extra_hosts:
- bitmagnet-pg-db:192.168.55.8
image: qmcgaw/gluetun:latest
networks:
bitmagnet:
ipv4_address: 192.168.55.7
default: null
ports:
- 3333:3333
- 3334:3334
- 5030:5030
- 5031:5031
- 50300:50300
restart: always
gotify:
container_name: gotify
environment:
GOTIFY_SERVER_PORT: 80
GOTIFY_SERVER_KEEPALIVEPERIODSECONDS: 0
GOTIFY_SERVER_LISTENADDR:
GOTIFY_SERVER_SSL_ENABLED: false
GOTIFY_SERVER_SSL_REDIRECTTOHTTPS: true
GOTIFY_SERVER_SSL_LISTENADDR:
GOTIFY_SERVER_SSL_PORT: 443
GOTIFY_SERVER_SSL_CERTFILE:
GOTIFY_SERVER_SSL_CERTKEY:
GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED: false
GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS: false
GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE: certs
GOTIFY_SERVER_STREAM_PINGPERIODSECONDS: 45
GOTIFY_DATABASE_DIALECT: sqlite3
GOTIFY_DATABASE_CONNECTION: data/gotify.db
GOTIFY_DEFAULTUSER_NAME: admin
GOTIFY_DEFAULTUSER_PASS: ${GOTIFY_PASSWORD}
GOTIFY_PASSSTRENGTH: 10
GOTIFY_UPLOADEDIMAGESDIR: data/images
GOTIFY_PLUGINSDIR: data/plugins
GOTIFY_REGISTRATION: false
image: gotify/server
labels:
homepage.group: Infrastructure/App Performance Monitoring
homepage.name: Gotify
homepage.href: https://gotify.${MY_TLD}
homepage.icon: gotify.png
homepage.description: Notification System
homepage.widget.type: gotify
homepage.widget.url: http://gotify
homepage.widget.key: ${GOTIFY_HOMEPAGE_CLIENT_KEY}
swag: enable
swag_proto: http
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 8097:80
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/gotify
target: /app/data
type: bind
bind:
create_host_path: true
guacamole:
container_name: guacamole
environment:
DOCKER_HOST: tcp://dockerproxy:2375
EXTENSIONS: 'auth-totp'
TZ: ${TZ}
image: flcontainers/guacamole:latest
labels:
homepage.group: System Administration
homepage.name: Guacamole
homepage.description: Client-less remote desktop gateway
homepage.href: https://guac.trez.wtf
homepage.icon: guacamole.svg
swag: enable
swag_proto: http
swag_port: 8080
swag_url: guac.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://guac.${MY_TLD}
ports:
- 62173:8080
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/guacamole/:/config
- /etc/localtime:/etc/localtime:ro
homepage:
container_name: homepage
image: ghcr.io/gethomepage/homepage:latest
labels:
swag_server_custom_directive: access_log /config/log/$$host_access.log ; error_log /config/log/$$host_error.log ;
networks:
default: null
ports:
- 3004:3000
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/homepage
target: /app/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/homepage/images
target: /app/public/images
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/homepage/icons
target: /app/public/icons
type: bind
bind:
create_host_path: true
- read_only: true
source: ${DOCKER_VOLUME_STORAGE}
target: /rinoa-storage
type: bind
bind:
create_host_path: true
hortusfox:
container_name: hortusfox
depends_on:
mariadb:
condition: service_started
required: true
restart: true
environment:
APP_ADMIN_EMAIL: charish.patel@trez.wtf
APP_ADMIN_PASSWORD: ${HORTUSFOX_ADMIN_PASSWORD}
DB_CHARSET: utf8mb4
DB_DATABASE: hortusfox
DB_HOST: mariadb
DB_PASSWORD: ${HORTUSFOX_DB_PASSWORD}
DB_PORT: 3306
DB_USERNAME: hortusfox
image: ghcr.io/danielbrendel/hortusfox-web:latest
labels:
swag: enable
swag_proto: http
swag_url: plants.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://plants.${MY_TLD}
homepage.group: Lifestyle
homepage.name: HortusFox
homepage.href: https://plants.${MY_TLD}
homepage.icon: hortusfox.png
homepage.description: Plant management system
networks:
default: null
ports:
- 8006:80
restart: unless-stopped
volumes:
- source: hortusfox_app_images
target: /var/www/html/public/img
type: volume
volume: {}
- source: hortusfox_app_logs
target: /var/www/html/app/logs
type: volume
volume: {}
- source: hortusfox_app_backup
target: /var/www/html/public/backup
type: volume
volume: {}
- source: hortusfox_app_themes
target: /var/www/html/public/themes
type: volume
volume: {}
- source: hortusfox_app_migrate
target: /var/www/html/app/migrations
type: volume
volume: {}
hugo:
command: hugo server --baseURL "it-services.trez.wtf" --bind 0.0.0.0 --appendPort=false --source=/src/it-services --configDir=/src/it-services/config/ -e production --logLevel debug
container_name: hugo
image: hugomods/hugo:exts
labels:
swag: enable
swag_proto: http
swag_port: 1313
swag_url: it-services.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://it-services.${MY_TLD}
homepage.group: Professional Services
homepage.name: Hugo
homepage.href: https://it-services.${MY_TLD}
homepage.icon: hugo.svg
homepage.description: Static site
networks:
default: null
ports:
- 1313:1313
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/hugo/
target: /src
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/hugo/cache
target: /tmp/hugo_cache
type: bind
bind:
create_host_path: true
immich-server:
container_name: immich-server
depends_on:
redis:
condition: service_started
required: true
immich-pg-db:
condition: service_started
required: true
environment:
DB_DATABASE_NAME: immich
DB_HOSTNAME: immich-pg-db
DB_PORT: 5432
DB_USERNAME: immich
DB_PASSWORD: ${IMMICH_DB_PASSWORD}
IMMICH_LOG_LEVEL: error
IMMICH_TELEMETRY_INCLUDE: all
healthcheck:
disable: false
image: ghcr.io/immich-app/immich-server:release
labels:
swag: enable
swag_proto: http
swag_port: 2283
swag_url: pics.${MY_TLD}
swag_server_custom_directive: |
location /share {
proxy_pass http://immich-public-proxy:3000;
}
location /tools {
proxy_pass http://immich-power-tools:3000;
}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://pics.${MY_TLD}
homepage.group: Media Library
homepage.name: Immich
homepage.href: https://pics.${MY_TLD}
homepage.icon: immich.svg
homepage.description: High performance self-hosted photo and video management solution
homepage.widget.type: immich
homepage.widget.url: http://immich-server:2283
homepage.widget.key: ${IMMICH_POWER_TOOLS_KEY}
homepage.widget.version: 2
ports:
- 2283:2283
restart: always
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${DOCKER_VOLUME_STORAGE}/Pics:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
immich-machine-learning:
container_name: immich-machine-learning
depends_on:
immich-server:
condition: service_started
required: true
healthcheck:
disable: false
image: ghcr.io/immich-app/immich-machine-learning:release
restart: always
volumes:
- immich-model-cache:/cache
immich-pg-db:
command: >-
postgres
-c shared_preload_libraries=vectors.so
-c 'search_path="$$user", public, vectors'
-c logging_collector=on
-c max_wal_size=2GB
-c shared_buffers=512MB
-c wal_compression=on
container_name: immich-pg-db
environment:
POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD}
POSTGRES_USER: immich
POSTGRES_DB: immich
expose:
- 5432
healthcheck:
test: >-
pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
--command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
echo "checksum failure count is $$Chksum";
[ "$$Chksum" = '0' ] || exit 1
interval: 5m
start_interval: 30s
start_period: 5m
image: tensorchord/pgvecto-rs:pg14-v0.2.1
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/immich/db:/var/lib/postgresql/data
immich-public-proxy:
container_name: immich-public-proxy
depends_on:
immich-server:
condition: service_healthy
required: true
environment:
IMMICH_URL: http://immich-server:2283
expose:
- 3000
healthcheck:
test: wget -q --spider http://localhost:3000/share/healthcheck || exit 1
start_period: 10s
timeout: 5s
image: alangrainger/immich-public-proxy:latest
labels:
homepage.group: Lifestyle
homepage.name: Immich Public Proxy
homepage.href: https://pics.${MY_TLD}/share
homepage.icon: sh-immich-public-proxy.svg
homepage.description: Immich Proxy for public sharing
homepage.widget.type: immich
homepage.widget.url: http://immich-server:2283
homepage.widget.key: ${IMMICH_POWER_TOOLS_KEY}
homepage.widget.version: 2
restart: always
immich-power-tools:
container_name: immich-power-tools
environment:
DB_DATABASE_NAME: immich
DB_HOSTNAME: immich-pg-db
DB_PORT: 5432
DB_USERNAME: immich
DB_PASSWORD: ${IMMICH_DB_PASSWORD}
EXTERNAL_IMMICH_URL: https://pics.trez.wtf
IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY}
IMMICH_URL: http://immich-server:2283
image: ghcr.io/varun-raj/immich-power-tools:latest
labels:
homepage.group: Lifestyle
homepage.name: Immich Power Tools
homepage.href: https://pics.${MY_TLD}/tools
homepage.icon: sh-immich-power-tools.png
homepage.description: Tools for Immich
ports:
- 54018:3000
restart: unless-stopped
influxdb2:
container_name: influxdb2
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: admin
DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB2_ADMIN_PASSWORD}
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: /run/secrets/influxdb2-admin-token
DOCKER_INFLUXDB_INIT_ORG: rinoa
DOCKER_INFLUXDB_INIT_BUCKET: rinoa
image: influxdb:2-alpine
labels:
swag: enable
swag_proto: http
swag_port: 8086
swag_url: influxdb.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://influxdb.${MY_TLD}
homepage.group: System Administration
homepage.name: InfluxDBv2
homepage.href: https://influxdb.${MY_TLD}
homepage.icon: influxdb.svg
homepage.description: Scalable datastore for metrics, events, and real-time analytics
ports:
- 8086:8086
restart: unless-stopped
volumes:
- influxdb2-data:/var/lib/influxdb2
- influxdb2-config:/etc/influxdb2
invidious:
container_name: invidious
depends_on:
invidious-db:
condition: service_started
required: true
environment:
INVIDIOUS_CONFIG_FILE: /config.yml
healthcheck:
interval: 30s
retries: 2
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1
timeout: 5s
image: quay.io/invidious/invidious:latest
labels:
swag: enable
swag_proto: http
swag_port: 3000
swag_url: invid.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://invid.${MY_TLD}
homepage.group: Social
homepage.name: Invidious
homepage.href: https://invid.${MY_TLD}
homepage.icon: invidious.svg
homepage.description: Alternative YouTube frontend (privacy-focused, ad-blocking)
networks:
default: null
ports:
- 3007:3000
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/invidious/config.yml:/config.yml
invidious-sig-helper:
cap_drop:
- ALL
command: ["--tcp", "0.0.0.0:12999"]
container_name: invidious-sig-helper
image: quay.io/invidious/inv-sig-helper:latest
init: true
environment:
RUST_LOG: info
expose:
- 12999
restart: unless-stopped
read_only: true
security_opt:
- no-new-privileges:true
invidious-db:
container_name: invidious-db
environment:
POSTGRES_DB: invidious
POSTGRES_PASSWORD: ${INVID_PG_DB_PASSWORD}
POSTGRES_USER: kemal
healthcheck:
test:
- CMD-SHELL
- pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB
image: docker.io/library/postgres:14
networks:
default: null
restart: unless-stopped
volumes:
- source: invidious-postgres
target: /var/lib/postgresql/data
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/invidious/sql
target: /config/sql
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/invidious/entrypoint/init-invidious-db.sh
target: /docker-entrypoint-initdb.d/init-invidious-db.sh
type: bind
bind:
create_host_path: true
invoice-ninja:
container_name: invoice-ninja
depends_on:
mariadb:
condition: service_started
required: true
restart: true
environment:
APP_DEBUG: true
APP_KEY: ${IN_APP_KEY}
APP_URL: http://invoice_ninja:8003
APP_ENV: /var/www/html/.env
DB_DATABASE: invoice_ninja
DB_HOST: mariadb
DB_PASSWORD: ${IN_MYSQL_PASSWORD}
DB_PORT: 3306
DB_USERNAME: ininja
IN_PASSWORD: ${IN_PASSWORD}
IN_USER_EMAIL: charish.patel@trez.wtf
MAIL_ENCRYPTION: null
MAIL_FROM_ADDRESS: noreply@trez.wtf
MAIL_FROM_NAME: null
MAIL_HOST: postal-smtp
MAIL_MAILER: log
MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
MAIL_PORT: 25
MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
MYSQL_DATABASE: invoice_ninja
MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
MYSQL_USER: ininja
PDF_GENERATOR: snappdf
PHANTOMJS_PDF_GENERATION: false
QUEUE_CONNECTION: database
REQUIRE_HTTPS: false
TRUSTED_PROXIES: 172.18.0.0/16
expose:
- 9000
image: invoiceninja/invoiceninja-debian:5
networks:
default: null
ports:
- 8003:8003
restart: always
volumes:
- invoice-ninja_cache:/var/www/html/bootstrap/cache
- invoice-ninja_public:/var/www/html/public
- invoice-ninja_storage:/var/www/html/storage
invoice-ninja_proxy:
container_name: invoice-ninja_proxy
depends_on:
invoice-ninja:
condition: service_started
required: true
restart: true
environment:
APP_DEBUG: true
APP_KEY: ${IN_APP_KEY}
APP_URL: http://invoice_ninja:9000
DB_DATABASE: invoice_ninja
DB_HOST: mariadb
DB_PASSWORD: ${IN_MYSQL_PASSWORD}
DB_PORT: 3306
DB_USERNAME: ininja
IN_PASSWORD: ${IN_PASSWORD}
IN_USER_EMAIL: charish.patel@trez.wtf
MAIL_ENCRYPTION: null
MAIL_FROM_ADDRESS: noreply@trez.wtf
MAIL_FROM_NAME: null
MAIL_HOST: postal-smtp
MAIL_MAILER: log
MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
MAIL_PORT: 25
MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
MYSQL_DATABASE: invoice_ninja
MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
MYSQL_USER: ininja
PDF_GENERATOR: snappdf
PHANTOMJS_PDF_GENERATION: false
QUEUE_CONNECTION: database
REQUIRE_HTTPS: false
TRUSTED_PROXIES: 172.18.0.0/16
image: nginx
labels:
swag: enable
swag_proto: http
swag_url: biz.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
homepage.group: Professional Services
homepage.name: Invoice Ninja
homepage.href: https://biz.${MY_TLD}
homepage.icon: invoice-ninja.svg
homepage.description: Simple invoicing, multiple payment options, expense and vendor management, and more!
networks:
default: null
ports:
- 8005:80
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/invoice-ninja/nginx:/etc/nginx/conf.d:ro
- invoice-ninja_public:/var/www/html/public
- invoice-ninja_storage:/var/www/html/storage
it-tools:
container_name: it-tools
image: ghcr.io/corentinth/it-tools:latest
labels:
swag: enable
swag_proto: http
swag_url: itt.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://itt.${MY_TLD}
homepage.group: Code/DevOps
homepage.name: IT-Tools
homepage.href: https://itt.${MY_TLD}
homepage.icon: it-tools.svg
homepage.description: Useful tools for developers and people working in IT
networks:
default: null
ports:
- 8104:80
restart: unless-stopped
jellyfin:
container_name: jellyfin
environment:
JELLYFIN_PublishedServerUrl: https://jf.trez.wtf
image: jellyfin/jellyfin
labels:
homepage.group: Media Library
homepage.name: Jellyfin
homepage.icon: jellyfin.svg
homepage.href: https://jf.${MY_TLD}
homepage.description: Movie/TV Streaming
homepage.widget.type: jellyfin
homepage.widget.url: http://jellyfin:8096
homepage.widget.key: ${JELLYFIN_API_KEY}
homepage.widget.enableBlocks: true
homepage.widget.enableNowPlaying: true
homepage.widget.enableUser: true
homepage.widget.showEpisodeNumber: true
homepage.widget.expandOneStreamToTwoRows: false
swag: enable
swag_url: jf.${MY_TLD}
swag_port: 8096
swag_proto: http
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://jf.${MY_TLD}
ports:
- 8487:8096
- 7359:7359
- 1900:1900
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/jellyfin:/config
- ${DOCKER_VOLUME_CONFIG}/jellyfin/cache:/cache
- ${DOCKER_VOLUME_STORAGE}/TV_Shows:/storage/tv
- ${DOCKER_VOLUME_STORAGE}/Movies:/storage/movies
- /etc/localtime:/etc/localtime
- /usr/share/fonts:/usr/local/share/fonts/custom
jitsi-etherpad:
container_name: jitsi-etherpad
environment:
TITLE: ${JITSI__ETHERPAD_TITLE}
DEFAULT_PAD_TEXT: ${JITSI__ETHERPAD_DEFAULT_PAD_TEXT}
SKIN_NAME: ${JITSI__ETHERPAD_SKIN_NAME}
SKIN_VARIANTS: ${JITSI__ETHERPAD_SKIN_VARIANTS}
SUPPRESS_ERRORS_IN_PAD_TEXT: true
image: etherpad/etherpad:1.8.6
networks:
default: null
restart: unless-stopped
jitsi-jibri:
cap_add:
- SYS_ADMIN
container_name: jitsi-jibri
depends_on:
jitsi-jicofo:
condition: service_started
required: true
environment:
AUTOSCALER_SIDECAR_KEY_FILE:
AUTOSCALER_SIDECAR_KEY_ID:
AUTOSCALER_SIDECAR_GROUP_NAME:
AUTOSCALER_SIDECAR_HOST_ID:
AUTOSCALER_SIDECAR_INSTANCE_ID:
AUTOSCALER_SIDECAR_PORT:
AUTOSCALER_SIDECAR_REGION:
AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL:
AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL:
AUTOSCALER_URL:
CHROMIUM_FLAGS:
DISPLAY: :0
ENABLE_STATS_D:
JIBRI_WEBHOOK_SUBSCRIBERS:
JIBRI_HTTP_API_EXTERNAL_PORT:
JIBRI_HTTP_API_INTERNAL_PORT:
JIBRI_RECORDING_RESOLUTION:
JIBRI_RECORDING_VIDEO_ENCODE_PRESET:
JIBRI_RECORDING_CONSTANT_RATE_FACTOR:
JIBRI_RECORDING_FRAMERATE:
JIBRI_RECORDING_QUEUE_SIZE:
JIBRI_RECORDING_STREAMING_MAX_BITRATE:
JIBRI_USAGE_TIMEOUT:
JIBRI_XMPP_USER:
JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD}
JIBRI_BREWERY_MUC:
JIBRI_RECORDER_USER: jibri-recorder
JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD}
JIBRI_RECORDING_DIR:
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH:
JIBRI_STRIP_DOMAIN_JID:
JIBRI_STATSD_HOST:
JIBRI_STATSD_PORT:
LOCAL_ADDRESS:
PUBLIC_URL: ${JITSI__PUBLIC_URL}
TZ: ${JITSI__TZ}
XMPP_AUTH_DOMAIN:
XMPP_DOMAIN:
XMPP_INTERNAL_MUC_DOMAIN:
XMPP_MUC_DOMAIN:
XMPP_RECORDER_DOMAIN:
XMPP_SERVER:
XMPP_PORT:
XMPP_TRUST_ALL_CERTS:
image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
restart: unless-stopped
shm_size: 2gb
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri
target: /config
type: bind
bind:
create_host_path: true
jitsi-jicofo:
container_name: focus.meet.jitsi
depends_on:
jitsi-prosody:
condition: service_started
required: true
environment:
AUTH_TYPE:
BRIDGE_AVG_PARTICIPANT_STRESS:
BRIDGE_STRESS_THRESHOLD:
ENABLE_AUTH:
ENABLE_AUTO_OWNER:
ENABLE_CODEC_VP8:
ENABLE_CODEC_VP9:
ENABLE_CODEC_H264:
ENABLE_CODEC_OPUS_RED:
ENABLE_JVB_XMPP_SERVER:
ENABLE_OCTO:
ENABLE_RECORDING: 1
ENABLE_SCTP:
ENABLE_AUTO_LOGIN:
JICOFO_AUTH_LIFETIME:
JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD}
JICOFO_AUTH_TYPE:
JICOFO_BRIDGE_REGION_GROUPS:
JICOFO_ENABLE_AUTH:
JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS:
JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT:
JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT:
JICOFO_CONF_SOURCE_SIGNALING_DELAYS:
JICOFO_CONF_MAX_AUDIO_SENDERS:
JICOFO_CONF_MAX_VIDEO_SENDERS:
JICOFO_CONF_STRIP_SIMULCAST:
JICOFO_CONF_SSRC_REWRITING:
JICOFO_ENABLE_HEALTH_CHECKS:
JICOFO_ENABLE_REST:
JICOFO_HEALTH_CHECKS_USE_PRESENCE:
JICOFO_MULTI_STREAM_BACKWARD_COMPAT:
JICOFO_OCTO_REGION:
JIBRI_BREWERY_MUC:
JIBRI_REQUEST_RETRIES:
JIBRI_PENDING_TIMEOUT:
JIGASI_BREWERY_MUC:
JIGASI_SIP_URI:
JVB_BREWERY_MUC:
JVB_XMPP_AUTH_DOMAIN:
JVB_XMPP_INTERNAL_MUC_DOMAIN:
JVB_XMPP_PORT:
JVB_XMPP_SERVER:
MAX_BRIDGE_PARTICIPANTS:
OCTO_BRIDGE_SELECTION_STRATEGY:
SENTRY_DSN: "${JICOFO_SENTRY_DSN:-0}"
SENTRY_ENVIRONMENT:
SENTRY_RELEASE:
TZ: ${JITSI__JIGAGI_SIP_SERVER}
XMPP_DOMAIN:
XMPP_AUTH_DOMAIN:
XMPP_INTERNAL_MUC_DOMAIN:
XMPP_MUC_DOMAIN:
XMPP_RECORDER_DOMAIN:
XMPP_SERVER:
XMPP_PORT:
image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
ports:
- 8889:8888
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo
target: /config
type: bind
jitsi-jigasi:
container_name: jitsi-jigasi
depends_on:
jitsi-prosody:
condition: service_started
required: true
environment:
ENABLE_AUTH: 1
ENABLE_GUESTS: 1
XMPP_AUTH_DOMAIN:
XMPP_GUEST_DOMAIN:
XMPP_MUC_DOMAIN:
XMPP_INTERNAL_MUC_DOMAIN:
XMPP_SERVER:
XMPP_PORT:
XMPP_DOMAIN:
PUBLIC_URL: ${JITSI__PUBLIC_URL}
JIGASI_DISABLE_SIP:
JIGASI_SIP_URI: ${JITSI__SIP_URI}
JIGASI_SIP_PASSWORD: ${JITSI__JIGAGI_SIP_PASSWORD}
JIGASI_SIP_SERVER: ${JITSI__JIGAGI_SIP_SERVER}
JIGASI_SIP_PORT: ${JITSI__JIGAGI_SIP_PORT}
JIGASI_SIP_TRANSPORT: ${JITSI__JIGAGI_SIP_TRANSPORT}
JIGASI_SIP_DEFAULT_ROOM:
JIGASI_XMPP_USER:
JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD}
JIGASI_BREWERY_MUC:
JIGASI_PORT_MIN:
JIGASI_PORT_MAX:
JIGASI_HEALTH_CHECK_SIP_URI:
JIGASI_HEALTH_CHECK_INTERVAL:
JIGASI_SIP_KEEP_ALIVE_METHOD:
JIGASI_ENABLE_SDES_SRTP:
ENABLE_TRANSCRIPTIONS:
JIGASI_TRANSCRIBER_ADVERTISE_URL:
JIGASI_TRANSCRIBER_RECORD_AUDIO:
JIGASI_TRANSCRIBER_SEND_TXT:
GC_PROJECT_ID:
GC_PRIVATE_KEY_ID:
GC_PRIVATE_KEY:
GC_CLIENT_EMAIL:
GC_CLIENT_ID:
GC_CLIENT_CERT_URL:
SHUTDOWN_REST_ENABLED:
SENTRY_DSN: "${JIGASI_SENTRY_DSN:-0}"
SENTRY_ENVIRONMENT:
SENTRY_RELEASE:
TZ: ${JITSI__TZ}
image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
ports:
- 20000-20050:20000-20050/udp
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi
target: /config
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
target: /tmp/transcripts
type: bind
jitsi-jvb:
container_name: video.meet.jitsi
depends_on:
jitsi-prosody:
condition: service_started
required: true
environment:
DOCKER_HOST_ADDRESS:
ENABLE_COLIBRI_WEBSOCKET:
ENABLE_JVB_XMPP_SERVER:
ENABLE_OCTO:
JVB_ADVERTISE_IPS:
JVB_ADVERTISE_PRIVATE_CANDIDATES:
JVB_AUTH_USER:
JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
JVB_BREWERY_MUC:
JVB_DISABLE_STUN:
JVB_PORT:
JVB_MUC_NICKNAME:
JVB_STUN_SERVERS:
JVB_OCTO_BIND_ADDRESS:
JVB_OCTO_REGION:
JVB_OCTO_RELAY_ID:
JVB_WS_DOMAIN:
JVB_WS_SERVER_ID:
JVB_XMPP_AUTH_DOMAIN:
JVB_XMPP_INTERNAL_MUC_DOMAIN:
JVB_XMPP_PORT:
JVB_XMPP_SERVER:
PUBLIC_URL: ${JITSI__PUBLIC_URL}
SENTRY_DSN: "${JVB_SENTRY_DSN:-0}"
SENTRY_ENVIRONMENT:
SENTRY_RELEASE:
COLIBRI_REST_ENABLED:
SHUTDOWN_REST_ENABLED:
TZ: ${JITSI__JIGAGI_SIP_SERVER}
XMPP_AUTH_DOMAIN:
XMPP_INTERNAL_MUC_DOMAIN:
XMPP_SERVER:
XMPP_PORT:
image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
ports:
- 10000:10000/udp
- 8091:8080
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb
target: /config
type: bind
jitsi-prosody:
container_name: xmpp.meet.jitsi
environment:
AUTH_TYPE:
DISABLE_POLLS:
ENABLE_AUTH:
ENABLE_AV_MODERATION:
ENABLE_BREAKOUT_ROOMS:
ENABLE_END_CONFERENCE:
ENABLE_GUESTS: 1
ENABLE_IPV6:
ENABLE_LOBBY:
ENABLE_RECORDING: 1
ENABLE_XMPP_WEBSOCKET:
ENABLE_JAAS_COMPONENTS:
GC_TYPE:
GC_INC_TH:
GC_INC_SPEED:
GC_INC_STEP_SIZE:
GC_GEN_MIN_TH:
GC_GEN_MAX_TH:
GLOBAL_CONFIG:
GLOBAL_MODULES:
JIBRI_RECORDER_USER:
JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD}
JIBRI_XMPP_USER:
JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD}
JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD}
JICOFO_COMPONENT_SECRET:
JIGASI_XMPP_USER:
JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD}
JVB_AUTH_USER:
JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
JWT_APP_ID:
JWT_APP_SECRET:
JWT_ACCEPTED_ISSUERS:
JWT_ACCEPTED_AUDIENCES:
JWT_ASAP_KEYSERVER:
JWT_ALLOW_EMPTY:
JWT_AUTH_TYPE:
JWT_ENABLE_DOMAIN_VERIFICATION:
JWT_TOKEN_AUTH_MODULE:
MATRIX_UVS_URL:
MATRIX_UVS_ISSUER:
MATRIX_UVS_AUTH_TOKEN:
MATRIX_UVS_SYNC_POWER_LEVELS:
LOG_LEVEL:
LDAP_AUTH_METHOD:
LDAP_BASE:
LDAP_BINDDN:
LDAP_BINDPW:
LDAP_FILTER:
LDAP_VERSION:
LDAP_TLS_CIPHERS:
LDAP_TLS_CHECK_PEER:
LDAP_TLS_CACERT_FILE:
LDAP_TLS_CACERT_DIR:
LDAP_START_TLS:
LDAP_URL:
LDAP_USE_TLS:
MAX_PARTICIPANTS:
PROSODY_AUTH_TYPE:
PROSODY_RESERVATION_ENABLED:
PROSODY_RESERVATION_REST_BASE_URL:
PROSODY_ENABLE_RATE_LIMITS:
PROSODY_RATE_LIMIT_LOGIN_RATE:
PROSODY_RATE_LIMIT_SESSION_RATE:
PROSODY_RATE_LIMIT_TIMEOUT:
PROSODY_RATE_LIMIT_ALLOW_RANGES:
PROSODY_RATE_LIMIT_CACHE_SIZE:
PUBLIC_URL: ${JITSI__PUBLIC_URL}
TURN_CREDENTIALS:
TURN_HOST:
TURNS_HOST:
TURN_PORT:
TURNS_PORT:
TURN_TRANSPORT:
TZ: ${JITSI__JIGAGI_SIP_SERVER}
XMPP_DOMAIN:
XMPP_AUTH_DOMAIN:
XMPP_GUEST_DOMAIN:
XMPP_MUC_DOMAIN:
XMPP_INTERNAL_MUC_DOMAIN:
XMPP_MODULES:
XMPP_MUC_MODULES:
XMPP_MUC_CONFIGURATION:
XMPP_INTERNAL_MUC_MODULES:
XMPP_RECORDER_DOMAIN:
XMPP_PORT:
expose:
- 5222
- "5347"
- "5280"
image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config
target: /config
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom
target: /prosody-plugins-custom
type: bind
jitsi-web:
container_name: meet.jitsi
environment:
AMPLITUDE_ID:
ANALYTICS_SCRIPT_URLS:
ANALYTICS_WHITELISTED_EVENTS:
AUDIO_QUALITY_OPUS_BITRATE:
AUTO_CAPTION_ON_RECORD:
BRANDING_DATA_URL:
CALLSTATS_CUSTOM_SCRIPT_URL:
CALLSTATS_ID:
CALLSTATS_SECRET:
CHROME_EXTENSION_BANNER_JSON:
COLIBRI_WEBSOCKET_PORT:
CONFCODE_URL:
CONFIG_EXTERNAL_CONNECT:
DEFAULT_LANGUAGE:
DEPLOYMENTINFO_ENVIRONMENT:
DEPLOYMENTINFO_ENVIRONMENT_TYPE:
DEPLOYMENTINFO_REGION:
DEPLOYMENTINFO_SHARD:
DEPLOYMENTINFO_USERREGION:
DESKTOP_SHARING_FRAMERATE_MIN:
DESKTOP_SHARING_FRAMERATE_MAX:
DIALIN_NUMBERS_URL:
DIALOUT_AUTH_URL:
DIALOUT_CODES_URL:
DISABLE_AUDIO_LEVELS:
DISABLE_DEEP_LINKING:
DISABLE_GRANT_MODERATOR:
DISABLE_HTTPS:
DISABLE_KICKOUT:
DISABLE_LOCAL_RECORDING:
DISABLE_POLLS:
DISABLE_PRIVATE_CHAT:
DISABLE_PROFILE:
DISABLE_REACTIONS:
DISABLE_REMOTE_VIDEO_MENU:
DISABLE_START_FOR_ALL:
DROPBOX_APPKEY:
DROPBOX_REDIRECT_URI:
DYNAMIC_BRANDING_URL:
ENABLE_AUDIO_PROCESSING:
ENABLE_AUTH:
ENABLE_BREAKOUT_ROOMS:
ENABLE_CALENDAR:
ENABLE_COLIBRI_WEBSOCKET:
ENABLE_E2EPING:
ENABLE_FILE_RECORDING_SHARING:
ENABLE_GUESTS: 1
ENABLE_HSTS:
ENABLE_HTTP_REDIRECT:
ENABLE_IPV6:
ENABLE_LETSENCRYPT:
ENABLE_LIPSYNC:
ENABLE_NO_AUDIO_DETECTION:
ENABLE_NOISY_MIC_DETECTION:
ENABLE_OCTO:
ENABLE_OPUS_RED:
ENABLE_PREJOIN_PAGE:
ENABLE_P2P:
ENABLE_WELCOME_PAGE:
ENABLE_CLOSE_PAGE:
ENABLE_LIVESTREAMING:
ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK:
ENABLE_LIVESTREAMING_HELP_LINK:
ENABLE_LIVESTREAMING_TERMS_LINK:
ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING:
ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT:
ENABLE_LOCAL_RECORDING_SELF_START:
ENABLE_RECORDING: 1
ENABLE_REMB:
ENABLE_REQUIRE_DISPLAY_NAME:
ENABLE_SERVICE_RECORDING:
ENABLE_SIMULCAST:
ENABLE_STATS_ID:
ENABLE_STEREO:
ENABLE_SUBDOMAINS:
ENABLE_TALK_WHILE_MUTED:
ENABLE_TCC:
ENABLE_TRANSCRIPTIONS:
ENABLE_XMPP_WEBSOCKET:
ENABLE_JAAS_COMPONENTS:
ETHERPAD_PUBLIC_URL:
ETHERPAD_URL_BASE: ${JITSI__ETHERPAD_URL_BASE}
E2EPING_NUM_REQUESTS:
E2EPING_MAX_CONFERENCE_SIZE:
E2EPING_MAX_MESSAGE_PER_SECOND:
GOOGLE_ANALYTICS_ID:
GOOGLE_API_APP_CLIENT_ID:
HIDE_PREMEETING_BUTTONS:
HIDE_PREJOIN_DISPLAY_NAME:
HIDE_PREJOIN_EXTRA_BUTTONS:
INVITE_SERVICE_URL:
LETSENCRYPT_DOMAIN:
LETSENCRYPT_EMAIL:
LETSENCRYPT_USE_STAGING:
MATOMO_ENDPOINT:
MATOMO_SITE_ID:
MICROSOFT_API_APP_CLIENT_ID:
NGINX_RESOLVER:
NGINX_WORKER_PROCESSES:
NGINX_WORKER_CONNECTIONS:
PEOPLE_SEARCH_URL:
PREFERRED_LANGUAGE:
PUBLIC_URL: ${JITSI__PUBLIC_URL}
P2P_PREFERRED_CODEC:
RESOLUTION:
RESOLUTION_MIN:
RESOLUTION_WIDTH:
RESOLUTION_WIDTH_MIN:
START_AUDIO_MUTED:
START_AUDIO_ONLY:
START_BITRATE:
START_SILENT:
START_WITH_AUDIO_MUTED:
START_VIDEO_MUTED:
START_WITH_VIDEO_MUTED:
TESTING_CAP_SCREENSHARE_BITRATE:
TESTING_OCTO_PROBABILITY:
TOKEN_AUTH_URL:
TOOLBAR_BUTTONS:
TRANSLATION_LANGUAGES:
TRANSLATION_LANGUAGES_HEAD:
TZ: ${JITSI__JIGAGI_SIP_SERVER}
USE_APP_LANGUAGE:
VIDEOQUALITY_BITRATE_H264_LOW:
VIDEOQUALITY_BITRATE_H264_STANDARD:
VIDEOQUALITY_BITRATE_H264_HIGH:
VIDEOQUALITY_BITRATE_VP8_LOW:
VIDEOQUALITY_BITRATE_VP8_STANDARD:
VIDEOQUALITY_BITRATE_VP8_HIGH:
VIDEOQUALITY_BITRATE_VP9_LOW:
VIDEOQUALITY_BITRATE_VP9_STANDARD:
VIDEOQUALITY_BITRATE_VP9_HIGH:
VIDEOQUALITY_ENFORCE_PREFERRED_CODEC:
VIDEOQUALITY_PREFERRED_CODEC:
XMPP_AUTH_DOMAIN:
XMPP_BOSH_URL_BASE:
XMPP_DOMAIN:
XMPP_GUEST_DOMAIN:
XMPP_MUC_DOMAIN:
XMPP_RECORDER_DOMAIN:
XMPP_PORT:
WHITEBOARD_ENABLED:
WHITEBOARD_COLLAB_SERVER_PUBLIC_URL:
image: jitsi/web:${JITSI_IMAGE_VERSION:-stable}
labels:
swag: enable
swag_proto: https
swag_url: meet.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://meet.${MY_TLD}
homepage.group: Social
homepage.name: Jitsi
homepage.href: https://meet.${MY_TLD}
homepage.icon: jitsi.png
homepage.description: Web Conferencing
networks:
default: null
ports:
- 8001:80
- 8002:443
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/web
target: /config
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs
target: /var/spool/cron/crontabs
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
target: /usr/share/jitsi-meet/transcripts
type: bind
joplin-db:
container_name: joplin-db
environment:
POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD}
POSTGRES_USER: ${JOPLIN_POSTGRES_USER}
POSTGRES_DB: ${JOPLIN_POSTGRES_DATABASE}
expose:
- 5432
image: postgres:17-alpine
networks:
default: null
restart: unless-stopped
volumes:
- source: joplin_data
target: /var/lib/postgresql/data
type: volume
volume: {}
joplin:
container_name: joplin
environment:
ACCOUNT_TYPES_ENABLED: true
APP_PORT: ${JOPLIN_APP_PORT}
APP_BASE_URL: ${JOPLIN_APP_BASE_URL}
DB_CLIENT: pg
INSTANCE_NAME: 'Joplin @ Rinoa'
IS_ADMIN_INSTANCE: true
MAILER_ENABLED: 1
MAILER_HOST: postal-SMTP
MAILER_PORT: 25
MAILER_SECURITY: none
MAILER_AUTH_USER: ${POSTAL_SMTP_AUTH_USER}
MAILER_AUTH_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
MAILER_NOREPLY_NAME: Joplin @ Rinoa
MAILER_NOREPLY_EMAIL: noreply@trez.wtf
POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD}
POSTGRES_DATABASE: ${JOPLIN_POSTGRES_DATABASE}
POSTGRES_USER: ${JOPLIN_POSTGRES_USER}
POSTGRES_PORT: 5432
POSTGRES_HOST: joplin-db
image: joplin/server:latest
labels:
homepage.group: Personal Services
homepage.name: Joplin
homepage.href: https://notes.${MY_TLD}
homepage.icon: joplin.svg
homepage.description: Open-source note taking & to-do
swag: enable
swag_url: notes.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://notes.${MY_TLD}
networks:
default: null
ports:
- 22300:22300
restart: unless-stopped
librechat-api:
container_name: librechat-api
depends_on:
- mongodb
- librechat-rag-api
environment:
CONFIG_PATH: /app/librechat.yaml
HOST: 0.0.0.0
MONGO_URI: mongodb://librechat:${LIBRECHAT_MONGODB_PASSWORD}@mongodb:27017/librechat?replicaSet=rinoa
MEILI_HOST: http://meilisearch:7700
RAG_PORT: 8000
RAG_API_URL: http://librechat-rag-api:8000
image: ghcr.io/danny-avila/librechat-dev:latest
labels:
homepage.group: Personal Services
homepage.name: LibreChat
homepage.href: https://ai.${MY_TLD}
homepage.icon: sh-librechat.svg
homepage.description: Local AI chat
swag: enable
swag_port: 3080
swag_proto: http
swag_url: ai.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://ai.${MY_TLD}
ports:
- 3080:3080
restart: always
user: ${PUID}:${PGID}
volumes:
- ${DOCKER_VOLUME_CONFIG}/librechat/librechat.env:/app/.env
- ${DOCKER_VOLUME_CONFIG}/librechat/librechat.yaml:/app/librechat.yaml
- ${DOCKER_VOLUME_CONFIG}/librechat/images:/app/client/public/images
- ${DOCKER_VOLUME_CONFIG}/librechat/uploads:/app/uploads
- ${DOCKER_VOLUME_CONFIG}/librechat/logs:/app/api/logs
librechat-vectordb:
container_name: librechat-vectordb
environment:
POSTGRES_DB: librechat
POSTGRES_USER: librechat
POSTGRES_PASSWORD: ${LIBRECHAT_PG_DB_PASSWD}
expose:
- 5432
image: ankane/pgvector:latest
restart: always
volumes:
- librechat-pg-data:/var/lib/postgresql/data
librechat-rag-api:
container_name: librechat-rag-api
depends_on:
- librechat-vectordb
environment:
DB_HOST: librechat-vectordb
POSTGRES_DB: librechat
POSTGRES_USER: librechat
POSTGRES_PASSWORD: ${LIBRECHAT_PG_DB_PASSWD}
RAG_PORT: 8000
image: ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest
restart: always
# env_file:
# - ${DOCKER_VOLUME_CONFIG}/librechat/librechat.env
libretranslate:
container_name: libretranslate
# command: --ssl --ga-id MY-GA-ID --req-limit 100 --char-limit 500
image: libretranslate/libretranslate
healthcheck:
test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
environment:
LT_UPDATE_MODELS: true
labels:
homepage.group: Personal Services
homepage.name: LibreTranslate
homepage.href: https://translate.${MY_TLD}
homepage.icon: sh-libretranslate.svg
homepage.description: Open-source language translation
swag: enable
swag_port: 5000
swag_url: translate.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
ports:
- 5000:5000
restart: unless-stopped
volumes:
# - libretranslate_api_keys:/app/db
- libretranslate_models:/home/libretranslate/.local:rw
lidarr:
container_name: lidarr
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: America/New_York
DOCKER_MODS: ghcr.io/gilbn/theme.park:lidarr
hostname: Rinoa
image: lscr.io/linuxserver/lidarr:latest
labels:
homepage.group: Servarr Stack
homepage.name: Lidarr
homepage.href: https://lidarr.${MY_TLD}
homepage.icon: lidarr.png
homepage.description: Music Automation
homepage.widget.type: lidarr
homepage.widget.url: http://lidarr:8686
homepage.widget.key: ${LIDARR_API_KEY}
swag: enable
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 8686:8686
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/lidarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
lidify:
container_name: lidify
environment:
app_name: lidify
app_rev: 0.09
app_url: lidify.${MY_TLD}
dry_run_adding_to_lidarr: true
fallback_to_top_result: false
last_fm_api_key: ${LASTFM_API_KEY}
last_fm_api_secret: ${LASTFM_API_SECRET}
lidarr_address: http://lidarr:8686
lidarr_api_key: ${LIDARR_API_KEY}
lidarr_api_timeout: 120
metadata_profile_id: 1
mode: LastFM
quality_profile_id: 1
root_folder_path: /data/media/music
search_for_missing_albums: false
spotify_client_id: ${YOUR_SPOTIFY_ID}
spotify_client_secret: ${YOUR_SPOTIFY_SECRET}
expose:
- 5000
image: thewicklowwolf/lidify:latest
labels:
homepage.group: Servarr Stack
homepage.name: Lidify
homepage.href: https://lidify.${MY_TLD}
homepage.icon: sh-lidify.png
homepage.description: Music Discovery a la Last.fm, Spotify, Pandora, etc.
swag: enable
swag_auth: authelia
swag_proto: http
swag_port: 5000
swag_url: lidify.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://lidify.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/lidify
target: /lidify/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
target: /data/media/music
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
lldap:
container_name: lldap
environment:
UID: ${PUID}
GID: ${PGID}
TZ: ${TZ}
LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
LLDAP_LDAP_BASE_DN: dc=trez,dc=wtf
image: lldap/lldap:stable
labels:
homepage.group: System Administration
homepage.name: LLDAP
homepage.href: https://ldap.${MY_TLD}
homepage.icon: /icons/lldap.png
homepage.description: LDAP made easy
swag: enable
swag_proto: http
swag_port: 17170
swag_url: ldap.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://ldap.${MY_TLD}
networks:
default: null
ports:
- 17170:17170
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/lldap
target: /data
type: bind
bind:
create_host_path: true
maloja:
container_name: maloja
environment:
MALOJA_CLEAN_OUTPUT: true
MALOJA_DEV_MODE: false
MALOJA_FORCE_PASSWORD: ${MALOJA_FORCE_PASSWORD}
MALOJA_LASTFM_API_KEY: ${LASTFM_API_KEY}
MALOJA_LASTFM_API_SECRET: ${LASTFM_API_SECRET}
MALOJA_LASTFM_PASSWORD: ${LASTFM_PASSWORD}
MALOJA_LASTFM_USERNAME: ${LASTFM_USERNAME}
MALOJA_LOGGING: true
MALOJA_PARSE_REMIX_ARTISTS: true
MALOJA_SCROBBLE_LASTFM: true
MALOJA_SKIP_SETUP: true
MALOJA_SPOTIFY_API_ID: ${YOUR_SPOTIFY_ID}
MALOJA_SPOTIFY_API_SECRET: ${YOUR_SPOTIFY_SECRET}
MALOJA_TIMEZONE: ${TZ}
image: krateng/maloja:latest
labels:
homepage.group: Media Library
homepage.name: Maloja
homepage.href: https://scrobble.${MY_TLD}
homepage.icon: maloja.png
homepage.description: Simple self-hosted music scrobble database to create personal listening statistics
swag: enable
swag_proto: http
swag_port: 42010
swag_url: scrobble.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://scrobble.${MY_TLD}
networks:
default: null
ports:
- 42010:42010
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/maloja/config
target: /etc/maloja
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/maloja/data
target: /var/lib/maloja
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/maloja/logs
target: /var/log/maloja
type: bind
bind:
create_host_path: true
manyfold:
container_name: manyfold
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
DATABASE_URL: sqlite3:/config/manyfold.sqlite3
REDIS_URL: redis://redis:6379/2
SECRET_KEY_BASE: ${MANYFOLD_SECRET_KEY_BASE}
image: lscr.io/linuxserver/manyfold:latest
labels:
homepage.group: Lifestyle
homepage.name: Manyfold
homepage.href: https://3dprint.${MY_TLD}
homepage.icon: manyfold.svg
homepage.description: Self-hosted digital asset manager for 3D print files
swag: enable
swag_proto: http
swag_port: 3214
swag_url: 3dprint.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://3dprint.${MY_TLD}
ports:
- 3214:3214
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/manyfold/config:/config
- ${DOCKER_VOLUME_CONFIG}/manyfold/library:/libraries #optional
mariadb:
container_name: mariadb
environment:
MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
PGID: 1000
PUID: 1000
TZ: America/New_York
hostname: Rinoa
image: linuxserver/mariadb
networks:
default: null
ports:
- 3306:3306
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/mariadb
target: /config
type: bind
- source: ${DOCKER_VOLUME_STORAGE}
target: /storage
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/mariadb
target: /var/lib/mysql
type: bind
bind:
create_host_path: true
mastodon:
container_name: mastodon
depends_on:
mastodon-pg-db:
condition: service_healthy
required: true
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
LOCAL_DOMAIN: mastodon.${MY_TLD}
WEB_DOMAIN: mastodon.${MY_TLD}
REDIS_HOST: redis
REDIS_PORT: 6379
DB_HOST: mastodon-pg-db
DB_USER: mastodon
DB_NAME: mastodon
DB_PASS: ${MASTODON_PG_DB_PASSWORD}
DB_PORT: 5432
ES_ENABLED: false
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
SECRET_KEY_BASE: ${MASTODON_SECRET_KEY_BASE}
OTP_SECRET: ${MASTODON_OTP_SECRET}
VAPID_PRIVATE_KEY: ${MASTODON_VAPID_PRIVATE_KEY}
VAPID_PUBLIC_KEY: ${MASTODON_VAPID_PUBLIC_KEY}
SMTP_SERVER: postal-smtp
SMTP_PORT: 25
SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER}
SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
SMTP_FROM_ADDRESS: noreply@trez.wtf
S3_ENABLED: true
S3_BUCKET: mastodon
AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY}
AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY}
expose:
- 3000
image: lscr.io/linuxserver/mastodon:latest
labels:
swag: enable
swag_proto: http
swag_port: 80
swag_url: mastodon.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD}
homepage.group: Social
homepage.name: Mastodon
homepage.href: https://mastodon.${MY_TLD}
homepage.icon: mastodon.svg
homepage.description: Open-source social network
homepage.widget.type: mastodon
homepage.widget.url: http://mastodon
ports:
- 9044:80
- 3444:443
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/mastodon:/config
mastodon-pg-db:
container_name: mastodon-pg-db
environment:
POSTGRES_USER: mastodon
POSTGRES_PASSWORD: ${MASTODON_PG_DB_PASSWORD}
POSTGRES_DB: mastodon
expose:
- 5432
healthcheck:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
start_period: 20s
timeout: 30s
interval: 10s
retries: 5
image: postgres:17-alpine
restart: always
volumes:
- mastodon-pg-db:/var/lib/postgresql/data
meilisearch:
container_name: meilisearch
environment:
MEILI_HOST: http://meilisearch:7700
MEILI_NO_ANALYTICS: true
MEILI_MASTER_KEY: ${MEILISEARCH_MASTER_KEY}
image: getmeili/meilisearch:v1.12.3
restart: always
user: ${PUID}:${PGID}
volumes:
- ${DOCKER_VOLUME_CONFIG}/meilisearch:/meili_data
minio:
command: server --console-address ":9090" /mnt/data
container_name: minio
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
MINIO_ACCESS_KEY: ${MINIO_MIMIR_STORAGE_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_MIMIR_STORAGE_SECRET_KEY}
hostname: minio
image: minio/minio
labels:
swag: enable
swag_proto: http
swag_port: 9090
swag_url: s3.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://s3.${MY_TLD}
homepage.group: System Administration
homepage.name: MinIO
homepage.href: https://s3.${MY_TLD}
homepage.icon: minio.png
homepage.description: S3-compatible storage backend
networks:
default: null
ports:
- 9001:9000
- 9092:9090
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/minio/data
target: /mnt/data
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/minio/minio
target: /etc/config.env
type: bind
bind:
create_host_path: true
mongodb:
container_name: mongodb
environment:
MONGODB_ADVERTISED_HOSTNAME: mongodb
MONGODB_ENABLE_DIRECTORY_PER_DB: true
MONGODB_SYSTEM_LOG_VERBOSITY: 1
MONGODB_ROOT_USER: ${MONGO_INITDB_ROOT_USERNAME}
MONGODB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
ALLOW_EMPTY_PASSWORD: yes
MONGODB_REPLICA_SET_MODE: primary
MONGODB_REPLICA_SET_NAME: rinoa
MONGODB_REPLICA_SET_KEY: ${MONGODB_REPLICA_SET_KEY}
image: bitnami/mongodb:7.0
ports:
- 27017:27017
restart: unless-stopped
volumes:
- mongodb_data:/data/db
- mongodb_config:/data/configdb
multi-scrobbler:
container_name: multi-scrobbler
environment:
TZ: ${TZ}
PUID: ${PUID}
PGID: ${PGID}
MALOJA_URL: http://maloja:42010
MALOJA_API_KEY: ${MALOJA_API_KEY}
LASTFM_API_KEY: ${LASTFM_API_KEY}
LASTFM_API_SECRET: ${LASTFM_API_SECRET}
LZ_USER: Trez.on
LZ_TOKEN: ${MALOJA_LISTENBRAINZ_TOKEN}
SPOTIFY_CLIENT_ID: ${YOUR_SPOTIFY_ID}
SPOTIFY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET}
image: foxxmd/multi-scrobbler
labels:
homepage.group: Media Library
homepage.name: Multi-Scrobbler
homepage.href: http://192.168.1.254:9078
homepage.icon: sh-multi-scrobbler.svg
homepage.description: JS App for scrobbling/recording play history from/to multiple sources
networks:
default: null
ports:
- 9078:9078
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/multi-scrobbler
target: /config
type: bind
bind:
create_host_path: true
n8n:
container_name: n8n
environment:
N8N_HOST: n8n.${MY_TLD}
N8N_PORT: 5678
N8N_PROTOCOL: https
NODE_ENV: production
WEBHOOK_URL: https://n8n.${MY_TLD}/
GENERIC_TIMEZONE: ${TZ}
image: docker.n8n.io/n8nio/n8n
labels:
swag: enable
swag_proto: http
swag_port: 5678
swag_url: n8n.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://n8n.${MY_TLD}
homepage.group: Automation
homepage.name: n8n
homepage.href: https://n8n.${MY_TLD}
homepage.icon: n8n.svg
homepage.description: Extendable workflow automation tool to easily automate tasks
ports:
- 5678:5678
restart: unless-stopped
volumes:
- n8n-data:/home/node/.n8n
navidrome:
container_name: navidrome
environment:
ND_AUTOIMPORTPLAYLISTS: false
ND_BASEURL: ""
ND_LASTFM_APIKEY: ${LASTFM_API_KEY}
ND_LASTFM_ENABLED: true
ND_LASTFM_SECRET: ${LASTFM_API_SECRET}
ND_LOGLEVEL: info
ND_MUSICFOLDER: /music
ND_SCANNER_GROUPALBUMRELEASES: true
ND_SCANSCHEDULE: '@every 6h'
ND_SESSIONTIMEOUT: 24h
ND_SPOTIFY_ID: ${YOUR_SPOTIFY_ID}
ND_SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET}
ND_SUBSONICARTISTPARTICIPATIONS: true
image: deluan/navidrome:latest
labels:
homepage.group: Media Library
homepage.name: Navidrome
homepage.href: https://navi.${MY_TLD}
homepage.icon: navidrome.png
homepage.description: Music Streaming
homepage.widget.type: navidrome
homepage.widget.url: http://navidrome:4533
homepage.widget.user: admin
homepage.widget.token: e8a9e97b29aa963fa4729c633289d232
homepage.widget.salt: v5Z93Z
swag: enable
swag_port: 4533
swag_proto: http
swag_url: navi.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://navi.${MY_TLD}
networks:
default: null
ports:
- 4533:4533
restart: unless-stopped
user: 1000:1000
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/navidrome
target: /data
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
target: /music
type: bind
bind:
create_host_path: true
netalertx:
container_name: netalertx
environment:
TZ: ${TZ}
PORT: 20211
image: jokobsk/netalertx:latest
labels:
homepage.group: Infrastructure/App Performance Monitoring
homepage.name: NetAlertX
homepage.href: http://192.168.1.254:20211
homepage.icon: netalertx.svg
homepage.description: Network Monitoring
homepage.widget.type: netalertx
homepage.widget.url: http://192.168.1.254:20211
homepage.widget.key: ${NETALERTX_API_TOKEN}
network_mode: host
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/netalertx/config:/app/config
- ${DOCKER_VOLUME_CONFIG}/netalertx/db:/app/db
# (optional) useful for debugging if you have issues setting up the container
# - ${DOCKER_VOLUME_CONFIG}/netalertx/logs:/app/log
# (API: OPTION 1) use for performance
- type: tmpfs
target: /app/api
# (API: OPTION 2) use when debugging issues
# - ${DOCKER_VOLUME_CONFIG}/netalertx/api:/app/api
netbird-dashboard:
container_name: netbird-dashboard
environment:
# Endpoints
NETBIRD_MGMT_API_ENDPOINT: https://netbird.${MY_TLD}:33073
NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.${MY_TLD}:33073
# OIDC
AUTH_AUDIENCE: ${NETBIRD_ZITADEL_CLIENT_ID}
AUTH_CLIENT_ID: ${NETBIRD_ZITADEL_CLIENT_ID}
AUTH_CLIENT_SECRET: ${NETBIRD_ZITADEL_CLIENT_SECRET}
AUTH_AUTHORITY: https://id.${MY_TLD}
USE_AUTH0: false
AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
AUTH_REDIRECT_URI: /auth
AUTH_SILENT_REDIRECT_URI: /silent-auth
NETBIRD_TOKEN_SOURCE: accessToken
# SSL
NGINX_SSL_PORT: 443
# Letsencrypt
LETSENCRYPT_DOMAIN:
LETSENCRYPT_EMAIL:
image: netbirdio/dashboard:latest
labels:
homepage.group: Privacy/Security
homepage.name: Netbird
homepage.href: https://netbird.${MY_TLD}
homepage.icon: netbird.svg
homepage.description: Peer-to-peer private network and centralized access control system
swag: enable
swag_proto: http
swag_port: 80
swag_auth: authelia
swag_url: netbird.${MY_TLD}
swag_server_custom_directive: |
location /signalexchange.SignalExchange/ {
grpc_pass grpc://netbird-signal:80;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
# Proxy Management http endpoint
location /api {
proxy_pass http://netbird-management:443;
}
# Proxy Management grpc endpoint
location /management.ManagementService/ {
grpc_pass grpc://netbird-management:443;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://netbird.${MY_TLD}
ports:
- 32908:80
- 36610:443
restart: unless-stopped
volumes:
- netbird-letsencrypt:/etc/letsencrypt/
netbird-signal:
container_name: netbird-signal
image: netbirdio/signal:latest
ports:
- 10001:80
restart: unless-stopped
volumes:
- netbird-signal:/var/lib/netbird
netbird-relay:
container_name: netbird-relay
image: netbirdio/relay:latest
restart: unless-stopped
environment:
NB_LOG_LEVEL: info
NB_LISTEN_ADDRESS: :33080
NB_EXPOSED_ADDRESS: netbird.${MY_TLD}:33080
# todo: change to a secure secret
NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET}
ports:
- 33080:33080
netbird-management:
command: [
"--port", "443",
"--log-file", "console",
"--log-level", "info",
"--disable-anonymous-metrics=false",
"--single-account-mode-domain=netbird.${MY_TLD}",
"--dns-domain=netbird.selfhosted"
]
container_name: netbird-management
depends_on:
netbird-dashboard:
condition: service_started
environment:
NETBIRD_STORE_ENGINE_POSTGRES_DSN:
NETBIRD_STORE_ENGINE_MYSQL_DSN:
image: netbirdio/management:latest
restart: unless-stopped
volumes:
- netbird-mgmt:/var/lib/netbird
- netbird-letsencrypt:/etc/letsencrypt:ro
- ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json
ports:
- 23833:443 #API port
netbird-coturn:
command:
- -c /etc/turnserver.conf
container_name: netbird-coturn
image: coturn/coturn:latest
restart: unless-stopped
#domainname: netbird.${MY_TLD} # only needed when TLS is enabled
volumes:
- ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro
# - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro
# - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro
network_mode: host
nextcloud:
container_name: nextcloud-aio-mastercontainer
environment:
SKIP_DOMAIN_VALIDATION: false
APACHE_ADDITIONAL_NETWORK: compose_default
APACHE_IP_BINDING: 0.0.0.0
APACHE_PORT: 11000
expose:
- 11000
image: nextcloud/all-in-one:latest
labels:
homepage.group: Personal Services
homepage.name: NextCloud
homepage.href: https://cloud.${MY_TLD}
homepage.icon: nextcloud.svg
homepage.description: Private Cloud
homepage.widget.type: nextcloud
homepage.widget.url: http://nextcloud-aio-apache:11000
homepage.widget.key: ${NEXTCLOUD_HOMEPAGE_TOKEN}
swag: enable
swag_port: 11000
swag_proto: http
swag_address: nextcloud-aio-apache
swag_url: cloud.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://cloud.${MY_TLD}
ports:
- 56713:8080
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
ollama:
container_name: ollama
image: ollama/ollama
ports:
- 11434:11434
restart: unless-stopped
volumes:
- ollama:/root/.ollama
ombi:
container_name: ombi
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: America/New_York
hostname: Rinoa
image: lscr.io/linuxserver/ombi:latest
labels:
homepage.group: Media Library
homepage.name: Ombi
homepage.href: https://ombi.${MY_TLD}
homepage.icon: ombi.png
homepage.description: Media Requests
homepage.widget.type: ombi
homepage.widget.url: http://ombi:3579
homepage.widget.key: ${OMBI_API_KEY}
swag: enable
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 3579:3579
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/ombi
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
paperless-ngx:
container_name: paperless-ngx
depends_on:
mariadb:
condition: service_started
required: true
restart: true
environment:
PAPERLESS_DBENGINE: mariadb
PAPERLESS_DBHOST: mariadb
PAPERLESS_DBPASS: ${PAPERLESS_DBPASS}
PAPERLESS_DBPORT: 3306
PAPERLESS_DBUSER: paperless
PAPERLESS_OCR_LANGUAGE: eng
PAPERLESS_OCR_LANGUAGES: all
PAPERLESS_REDIS: redis://redis:6379
PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY}
PAPERLESS_TIME_ZONE: ${TZ}
PAPERLESS_URL: https://docs.${MY_TLD}
USERMAP_GID: ${PGID}
USERMAP_UID: ${PUID}
image: ghcr.io/paperless-ngx/paperless-ngx:latest
labels:
swag: enable
swag_proto: http
swag_port: 8000
swag_url: docs.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://docs.${MY_TLD}
homepage.group: Personal Services
homepage.name: Paperless-ngx
homepage.href: https://docs.${MY_TLD}
homepage.icon: paperless-ngx.svg
homepage.description: Document indexer & archiver with OCR
networks:
default: null
ports:
- 8004:8000
restart: unless-stopped
volumes:
- source: paperless-ngx-data
target: /usr/src/paperless/data
type: volume
volume: {}
- source: paperless-ngx-media
target: /usr/src/paperless/media
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/export
target: /usr/src/paperless/export
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/consume
target: /usr/src/paperless/consume
type: bind
bind:
create_host_path: true
parseable:
container_name: parseable
command: [ "parseable", "s3-store" ]
depends_on:
- minio
environment:
P_STAGING_DIR: /staging
P_ADDR: 0.0.0.0:8000
P_USERNAME: admin
P_PASSWORD: ${PARSEABLE_PASSWORD}
P_S3_URL: http://minio:9000
P_S3_BUCKET: parseable
P_S3_ACCESS_KEY: ${PARSEABLE_S3_ACCESS_KEY}
P_S3_SECRET_KEY: ${PARSEABLE_S3_SECRET_KEY}
P_S3_REGION: us-east-fh-pln
image: containers.parseable.com/parseable/parseable:latest
labels:
homepage.group: Infrastructure/App Performance Monitoring
homepage.name: Parseable
homepage.href: https://logs.${MY_TLD}
homepage.icon: parseable.svg
homepage.description: Log analytics system for high throughput log ingestion
swag: enable
swag_proto: http
swag_port: 8000
swag_url: logs.${MY_TLD}
ports:
- 14453:8000
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
peppermint:
container_name: peppermint
depends_on:
peppermint-pg-db:
condition: service_started
required: true
environment:
BASE_URL: https://support.trez.wtf
DB_USERNAME: peppermint
DB_PASSWORD: ${PEPPERMINT_PG_PASSWORD}
DB_HOST: peppermint-pg-db
SECRET: ${PEPPERMINT_SECRET_KEY}
image: pepperlabs/peppermint:latest
labels:
swag: enable
swag_proto: http
swag_port: 3000
swag_url: support.${MY_TLD}
swag_server_custom_directive: |
location /api {
proxy_pass http://peppermint:5003;
}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
homepage.group: Professional Services
homepage.name: Peppermint
homepage.href: https://support.${MY_TLD}
homepage.icon: peppermint.svg
homepage.description: Open-source ticket management and help desk solution
ports:
- 3000:3000
- 5003:5003
restart: always
peppermint-pg-db:
container_name: peppermint-pg-db
environment:
POSTGRES_USER: peppermint
POSTGRES_PASSWORD: ${PEPPERMINT_PG_PASSWORD}
POSTGRES_DB: peppermint
expose:
- 5432
image: postgres:17-alpine
restart: always
volumes:
- peppermint-pg-data:/var/lib/postgresql/data
pgbackweb:
container_name: pgbackweb
depends_on:
pgbackweb-db:
condition: service_healthy
environment:
PBW_ENCRYPTION_KEY: ${PGBACKWEB_ENCRYPTION_KEY}
PBW_POSTGRES_CONN_STRING: "postgresql://pgbackweb:${PGBACKWEB_PG_DB_PASSWD}@pgbackweb-db:5432/pgbackweb?sslmode=disable"
TZ: ${TZ}
image: eduardolat/pgbackweb:latest
labels:
homepage.group: System Administration
homepage.name: PG Back Web
homepage.href: https://pg.${MY_TLD}
homepage.icon: sh-pg-back-web.svg
homepage.description: Backups for PostgreSQL
swag: enable
swag_proto: http
swag_port: 8085
swag_url: pg.${MY_TLD}
ports:
- "8085:8085" # Access the web interface at http://localhost:8085
restart: unless-stopped
pgbackweb-db:
container_name: pgbackweb-db
environment:
POSTGRES_USER: pgbackweb
POSTGRES_DB: pgbackweb
POSTGRES_PASSWORD: ${PGBACKWEB_PG_DB_PASSWD}
expose:
- 5432
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 5s
retries: 5
image: postgres:16-alpine
restart: unless-stopped
volumes:
- pgbackweb-data:/var/lib/postgresql/data
plantuml-server:
container_name: plantuml-server
expose:
- 8080
image: 'plantuml/plantuml-server:jetty'
restart: unless-stopped
plausible:
command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
container_name: plausible
depends_on:
plausible_db:
condition: service_started
required: true
plausible_events_db:
condition: service_started
required: true
environment:
BASE_URL: https://analytics.${MY_TLD}
CLICKHOUSE_DATABASE_URL: http://plausible-events-db:8123/plausible_events_db
DATABASE_URL: postgres://plausible:${PLAUSIBLE_PG_PASSWORD}@plausible-db:5432/plausible_db
DISABLE_REGISTRATION: invite_only
ENABLE_EMAIL_VERIFICATION: true
MAILER_ADAPTER: Bamboo.Mua
MAILER_EMAIL: noreply@trez.wtf
MAILER_NAME: Plausible
MAXMINDDB_LICENSE_KEY: ${SWAG_MAXMINDDB_LICENSE_KEY}
SECRET_KEY_BASE: ${PLAUSIBLE_SECRET_KEY_BASE}
SMTP_HOST_ADDR: postal-smtp
SMTP_HOST_PORT: 25
SMTP_USER_NAME: ${POSTAL_SMTP_AUTH_USER}
SMTP_USER_PWD: ${POSTAL_SMTP_AUTH_PASSWORD}
TOTP_VAULT_KEY: ${PLAUSIBLE_TOTP_VAULT_KEY}
image: ghcr.io/plausible/community-edition:v2.1.0
labels:
swag: enable
swag_proto: http
swag_port: 8000
swag_url: analytics.${MY_TLD}
homepage.group: Professional Services
homepage.name: Plausible
homepage.href: https://analytics.${MY_TLD}
homepage.icon: plausible.svg
homepage.description: Open-source web analytics
networks:
default: null
ports:
- 8107:8000
restart: always
plausible_db:
container_name: plausible-db
environment:
POSTGRES_DB: plausible_db
POSTGRES_PASSWORD: ${PLAUSIBLE_PG_PASSWORD}
POSTGRES_USER: plausible
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: always
volumes:
- plausible-db-data:/var/lib/postgresql/data
plausible_events_db:
container_name: plausible-events-db
expose:
- 8123
image: clickhouse/clickhouse-server:24.3.3.102-alpine
networks:
default: null
restart: always
ulimits:
nofile:
hard: 262144
soft: 262144
volumes:
- plausible-event-data:/var/lib/clickhouse
- plausible-event-logs:/var/log/clickhouse-server
- ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
- ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
portainer:
command: -H tcp://dockerproxy:2375
container_name: portainer
depends_on:
docker-socket-proxy:
condition: service_started
required: true
environment:
DOCKER_HOST: tcp://dockerproxy:2375
expose:
- 9000
- 9443
image: portainer/portainer-ce:2.27.0-alpine
labels:
swag: enable
swag_proto: http
swag_port: 9000
swag_url: portainer.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://portainer.${MY_TLD}
homepage.group: System Administration
homepage.name: Portainer
homepage.href: https://portainer.${MY_TLD}
homepage.icon: portainer.svg
homepage.description: Service delivery platform for containerized applications
homepage.widget.type: portainer
homepage.widget.url: http://portainer:9000
homepage.widget.env: 20
homepage.widget.key: ${PORTAINER_HOMEPAGE_TOKEN}
restart: unless-stopped
volumes:
- portainer-data:/data
portall:
container_name: portall
image: need4swede/portall:latest
environment:
SECRET_KEY: ${PORTALL_SECRET_KEY}
labels:
swag: enable
swag_auth: authelia
swag_proto: http
swag_port: 8080
swag_url: portall.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://portall.${MY_TLD}
homepage.group: System Administration
homepage.name: Portall
homepage.href: https://portall.${MY_TLD}
homepage.icon: sh-portall.png
homepage.description: Management for container ports
ports:
- 8000:8080
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/portall:/app/instance
postal-smtp:
cap_add:
- NET_BIND_SERVICE
command: postal smtp-server
container_name: postal-smtp
image: ghcr.io/postalserver/postal:latest
networks:
default: null
ports:
- 25:25
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/postal:/config
- ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/live/trez.wtf:/config/certs
postal-web:
command: postal web-server
container_name: postal-web
image: ghcr.io/postalserver/postal:latest
labels:
swag: enable
swag_proto: http
swag_port: 5000
swag_address: postal-web
swag_url: post.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://post.${MY_TLD}
homepage.group: System Administration
homepage.name: Postal
homepage.href: https://post.${MY_TLD}
homepage.icon: sh-postal.svg
homepage.description: OSS Mail delivery platform
networks:
default: null
ports:
- 5001:5000
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/postal
target: /config
type: bind
bind:
create_host_path: true
postal-worker:
command: postal worker
container_name: postal-worker
environment:
LOG_LEVEL: debug
image: ghcr.io/postalserver/postal:latest
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/postal
target: /config
type: bind
bind:
create_host_path: true
prowlarr:
container_name: prowlarr
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: America/New_York
DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr
TP_DOMAIN: trez.wtf\/themepark
TP_COMMUNITY_THEME: false
TP_THEME: space-gray
hostname: Rinoa
image: lscr.io/linuxserver/prowlarr:latest
labels:
homepage.group: Servarr Stack
homepage.name: Prowlarr
homepage.href: https://prowlarr.${MY_TLD}
homepage.icon: prowlarr.png
homepage.description: Index aggregator
homepage.widget.type: prowlarr
homepage.widget.url: http://prowlarr:9696
homepage.widget.key: ${PROWLARR_API_KEY}
swag: enable
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 9696:9696
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/prowlarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
radarec:
container_name: radarec
environment:
auto_start: true
auto_start_delay: 60
dry_run_adding_to_radarr: false
fallback_to_top_result: false
language_choice: all
metadata_profile_id: 1
minimum_rating: 4.5
minimum_votes: 50
quality_profile_id: 1
radarr_address: http://radarr:7878
radarr_api_key: ${RADARR_API_KEY}
radarr_api_timeout: 120
root_folder_path: /data/media/movies
search_for_movie: true
tmdb_api_key: ${TMDB_API_KEY}
expose:
- 5000
image: thewicklowwolf/radarec:latest
labels:
homepage.group: Servarr Stack
homepage.name: RadaRec
homepage.href: https://radarec.${MY_TLD}
homepage.icon: sh-radarec.png
homepage.description: Movie discovery based on library/tastes
swag: enable
swag_proto: http
swag_port: 5000
swag_auth: authelia
swag_url: radarec.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://radarec.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_STORAGE}/Movies
target: /data/media/movies
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/radarec
target: /radarec/config
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
radarr:
container_name: radarr
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
hostname: Rinoa
image: lscr.io/linuxserver/radarr:latest
labels:
homepage.group: Servarr Stack
homepage.name: Radarr
homepage.href: https://radarr.${MY_TLD}
homepage.icon: radarr.png
homepage.description: Movie Automation
homepage.widget.type: radarr
homepage.widget.url: http://radarr:7878
homepage.widget.key: ${RADARR_API_KEY}
swag: enable
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 7878:7878
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/radarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
reactive-resume:
container_name: reactive-resume
depends_on:
browserless:
condition: service_started
required: true
minio:
condition: service_started
required: true
reactive-resume-pg:
condition: service_started
required: true
environment:
ACCESS_TOKEN_SECRET: ${REACTIVE_RESUME_ACCESS_TOKEN_SECRET}
CHROME_PORT: 443
CHROME_TOKEN: ${CHROMIUM_TOKEN}
CHROME_URL: wss://browse.${MY_TLD}
DATABASE_URL: postgresql://reactiveresume:${REACTIVE_RESUME_PGSQL_PASSWORD}@reactive-resume-pg:5432/reactiveresume
MAIL_FROM: noreply@trez.wtf
NODE_ENV: production
PORT: 3000
PUBLIC_URL: https://resume.${MY_TLD}
REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET}
SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY}
STORAGE_BUCKET: reactive-resume
STORAGE_ENDPOINT: minio
STORAGE_PORT: 9000
STORAGE_REGION: us-east-fh-pln
STORAGE_SECRET_KEY: ${REACTIVE_RESUME_S3_SECRET_KEY}
STORAGE_URL: https://s3.trez.wtf/reactive-resume
STORAGE_USE_SSL: false
TZ: ${TZ}
image: amruthpillai/reactive-resume:latest
labels:
homepage.group: Professional Services
homepage.name: Reactive Resume
homepage.href: https://resume.${MY_TLD}
homepage.icon: reactive-resume.svg
homepage.description: Open-source resume builder
swag: enable
swag_proto: http
swag_port: 3000
swag_url: resume.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://resume.${MY_TLD}
networks:
default: null
ports:
- 3011:3000
restart: unless-stopped
reactive-resume-pg:
container_name: reactive-resume-pg
environment:
TZ: ${TZ}
POSTGRES_DB: reactiveresume
POSTGRES_USER: reactiveresume
POSTGRES_PASSWORD: ${REACTIVE_RESUME_PGSQL_PASSWORD}
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: unless-stopped
volumes:
- reactive-resume-pg:/var/lib/postgresql/data
readarr:
container_name: readarr
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: America/New_York
DOCKER_MODS: ghcr.io/gilbn/theme.park:readnarr
hostname: Rinoa
image: lscr.io/linuxserver/readarr:develop
labels:
homepage.group: Servarr Stack
homepage.name: Readarr
homepage.href: https://readarr.${MY_TLD}
homepage.icon: readarr.png
homepage.description: eBook/Audiobook Automation
homepage.widget.type: readarr
homepage.widget.url: http://readarr:8787
homepage.widget.key: ${READARR_API_KEY}
swag: enable
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 8787:8787
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/readarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
redis:
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
cap_drop:
- ALL
command: redis-server --save "" --appendonly "no"
container_name: redis
expose:
- 6379
# healthcheck:
# test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
# interval: 10s
# retries: 5
# start_period: 30s
# timeout: 10s
image: redis:alpine
networks:
default: null
restart: unless-stopped
tmpfs:
- /var/lib/redis
redlib:
cap_drop:
- ALL
container_name: redlib
environment:
REDLIB_SFW_ONLY: off
REDLIB_BANNER:
REDLIB_ROBOTS_DISABLE_INDEXING: off
REDLIB_PUSHSHIFT_FRONTEND: undelete.pullpush.io
REDLIB_DEFAULT_THEME: nord
REDLIB_DEFAULT_FRONT_PAGE: default
REDLIB_DEFAULT_LAYOUT: clean
REDLIB_DEFAULT_WIDE: on
REDLIB_DEFAULT_POST_SORT: hot
REDLIB_DEFAULT_COMMENT_SORT: confidence
REDLIB_DEFAULT_SHOW_NSFW: off
REDLIB_DEFAULT_BLUR_NSFW: on
REDLIB_DEFAULT_USE_HLS: off
REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION: off
REDLIB_DEFAULT_AUTOPLAY_VIDEOS: off
REDLIB_DEFAULT_SUBSCRIPTIONS:
REDLIB_DEFAULT_HIDE_AWARDS: off
REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION: off
REDLIB_DEFAULT_HIDE_SCORE: off
REDLIB_DEFAULT_FIXED_NAVBAR: on
image: quay.io/redlib/redlib:latest
labels:
homepage.group: Social
homepage.name: Redlib
homepage.href: https://rlib.${MY_TLD}
homepage.icon: libreddit.svg
homepage.description: Redlib is a private front-end like Invidious but for Reddit
swag: enable
swag_auth: authelia
swag_proto: http
swag_port: 8080
swag_url: rlib.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://rlib.${MY_TLD}
networks:
default: null
ports:
- 8103:8080
read_only: true
restart: always
security_opt:
- no-new-privileges=true
user: nobody
rocketchat:
container_name: rocketchat
depends_on:
mongodb:
condition: service_started
required: true
environment:
ADMIN_USERNAME: Trez.One
ADMIN_NAME: Charish Patel
ADMIN_PASS: ${ROCKETCHAT_ADMIN_PASSWORD}
ADMIN_EMAIL: charish.patel@trez.wtf
MONGO_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/rocketchat?replicaSet=rinoa
MONGO_OPLOG_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/local?replicaSet=rinoa
ROOT_URL: https://chat.trez.wtf
PORT: 3000
DEPLOY_METHOD: docker
DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-}
REG_TOKEN: ${REG_TOKEN:-}
expose:
- 3000
image: ${IMAGE:-registry.rocket.chat/rocketchat/rocket.chat}:${RELEASE:-latest}
labels:
homepage.group: Social
homepage.name: Rocket.Chat
homepage.href: https://chat.${MY_TLD}
homepage.icon: rocket-chat.svg
homepage.description: Fully customizable communications platform with high standards of data protection
swag: enable
swag_proto: http
swag_port: 3000
swag_url: chat.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://chat.${MY_TLD}
restart: always
sabnzbdvpn:
cap_add:
- NET_ADMIN
- SYS_MODULE
container_name: sabnzbdvpn
environment:
ENABLE_PRIVOXY: no
LAN_NETWORK: 192.168.1.0/24
NAME_SERVERS: 192.168.1.254,1.1.1.1
PGID: 1000
PUID: 1000
TZ: America/New_York
VPN_CLIENT: openvpn
VPN_ENABLED: yes
VPN_INPUT_PORTS:
VPN_OPTIONS:
VPN_OUTPUT_PORTS:
VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA
VPN_PROV: pia
VPN_USER: p3120278
DEBUG: true
hostname: Rinoa
image: ghcr.io/binhex/arch-sabnzbdvpn:latest
labels:
homepage.group: Downloaders
homepage.name: SABnzbd
homepage.href: https://sabnzbd.${MY_TLD}
homepage.icon: sabnzbd.png
homepage.description: NZB Downloader over VPN
homepage.widget.type: sabnzbd
homepage.widget.url: http://sabnzbdvpn:8080
homepage.widget.env: 1
homepage.widget.key: ${SABNZBDVPN_API_KEY}
swag: enable
swag_proto: http
swag_url: sabnzbd.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://sabnzbd.${MY_TLD}
networks:
default: null
ports:
- 8080:8080
- 8090:8090
- 8119:8118
privileged: true
restart: unless-stopped
sysctls:
net.ipv4.conf.all.src_valid_mark: "1"
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/sabnzbdvpn
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
scraperr:
command:
- npm
- run
- start
container_name: scraperr
expose:
- 3000
image: jpyles0524/scraperr:latest
labels:
homepage.group: Personal Services
homepage.name: Scraperr
homepage.href: https://scrape.${MY_TLD}
homepage.icon: /icons/scraperr.png
homepage.description: Web scraper
swag: enable
swag_proto: http
swag_port: 3000
swag_url: scrape.${MY_TLD}
swag_server_custom_directive: |
location /api {
proxy_pass http://scraperr-api:8000;
}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://scrape.${MY_TLD}
networks:
default: null
restart: unless-stopped
scraperr-api:
container_name: scraperr-api
environment:
LOG_LEVEL: DEBUG
OLLAMA_URL: http://ollama:11434
OLLAMA_MODEL: phi3
MONGODB_URI: mongodb://mongodb:27017/scrapper
SECRET_KEY: ${SCRAPERR_SECRET_KEY}
ALGORITHM: HS256
ACCESS_TOKEN_EXPIRE_MINUTES: 600
DOCKER_HOST: tcp://dockerproxy:2375
expose:
- 8000
image: jpyles0524/scraperr_api:latest
networks:
default: null
restart: unless-stopped
scrutiny:
cap_add:
- SYS_RAWIO
container_name: scrutiny
devices:
- "/dev/nvme0n1:/dev/nvme0n1:rwm"
- "/dev/sda:/dev/sda:rwm"
- "/dev/sdb:/dev/sdb:rwm"
- "/dev/sdc:/dev/sdc:rwm"
- "/dev/sdd:/dev/sdd:rwm"
- "/dev/sde:/dev/sde:rwm"
- "/dev/sdf:/dev/sdf:rwm"
image: ghcr.io/analogj/scrutiny:master-omnibus
labels:
homepage.group: Infrastructure/App Performance Monitoring
homepage.name: Scrutiny
homepage.href: http://192.168.1.254:8909
homepage.icon: scrutiny.png
homepage.description: WebUI for smartd S.M.A.R.T monitoring
homepage.widget.type: scrutiny
homepage.widget.url: http://scrutiny:8080
networks:
default: null
ports:
- 8909:8080
- 8910:8086
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /run/udev
target: /run/udev
type: bind
- source: ${DOCKER_VOLUME_CONFIG}/scrutiny/config
target: /opt/scrutiny/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/scrutiny/influxdb
target: /opt/scrutiny/influxdb
type: bind
bind:
create_host_path: true
searxng:
cap_add:
- CHOWN
- SETGID
- SETUID
cap_drop:
- ALL
container_name: searxng
environment:
SEARXNG_BASE_URL: https://${SEARXNG_BASE_URL:-localhost}/
image: searxng/searxng:latest
labels:
homepage.group: Personal Services
homepage.name: SearxNG
homepage.href: https://search.${MY_TLD}
homepage.icon: searxng.png
homepage.description: Anonymized Meta-Search Engine
swag: enable
swag_address: searxng
swag_proto: http
swag_url: search.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://search.${MY_TLD}
logging:
driver: json-file
options:
max-file: "1"
max-size: 1m
networks:
default: null
ports:
- 8095:8080
privileged: true
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/searxng
target: /etc/searxng
type: bind
bind:
create_host_path: true
semaphore:
container_name: semaphore
environment:
ANSIBLE_HOST_KEY_CHECKING: false
SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD}
SEMAPHORE_ADMIN_NAME: admin
SEMAPHORE_ADMIN_EMAIL: charish.patel@trez.wtf
SEMAPHORE_ADMIN: admin
SEMAPHORE_DB_DIALECT: bolt
SEMAPHORE_EMAIL_ALERT: true
SEMAPHORE_EMAIL_SENDER: noreply@trez.wtf
SEMAPHORE_EMAIL_HOST: postal-smtp
SEMAPHORE_EMAIL_PORT: 25
SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
SEMAPHORE_EMAIL_SECURE: false
SEMAPHORE_USE_REMOTE_RUNNER: true
image: semaphoreui/semaphore:v2.12.14
labels:
homepage.group: Code/DevOps
homepage.name: Semaphore
homepage.href: https://devops.${MY_TLD}
homepage.icon: semaphore.svg
homepage.description: Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools
swag: enable
swag_port: 3000
swag_proto: http
swag_url: devops.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://devops.${MY_TLD}
ports:
- 3015:3000
restart: unless-stopped
volumes:
- semaphore_config:/etc/semaphore
- semaphore_data:/var/lib/semaphore
- semaphore_tmp:/tmp/semaphore
sonarqube:
container_name: sonarqube
depends_on:
sonarqube-pg-db:
condition: service_healthy
environment:
SONAR_JDBC_URL: jdbc:postgresql://sonarqube-pg-db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD}
SONAR_SECURITY_REALM: LDAP
LDAP_URL: ldap://lldap:3890
LDAP_BINDDN: cn=sonarqube,ou=people,dc=trez,dc=wtf
LDAP_BINDPASSWORD: ${SONARQUBE_LDAP_BIND_PASSWORD}
LDAP_AUTHENTICATION: simple
LDAP_USER_BASEDN: ou=people,dc=trez,dc=wtf
LDAP_USER_REQUEST: (&(objectClass=inetOrgPerson)(uid={login})(memberof=cn=sonarqube_users,ou=groups,dc=example,dc=com))
LDAP_USER_REALNAMEATTRIBUTE: cn
LDAP_USER_EMAILATTRIBUTE: mail
hostname: sonarqube
image: mc1arke/sonarqube-with-community-branch-plugin:lts
labels:
homepage.group: Code/DevOps
homepage.name: Sonarqube
homepage.href: https://sqube.trez.wtf
homepage.icon: sonarqube.svg
homepage.description: Code/DevOps quality/security
swag: enable
swag_proto: http
swag_port: 9000
swag_url: sqube.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://sqube.${MY_TLD}
volumes:
- sonarqube-data:/opt/sonarqube/data
- sonarqube-extensions:/opt/sonarqube/extensions
- sonarqube-logs:/opt/sonarqube/logs
- sonarqube-temp:/opt/sonarqube/temp
ports:
- 9003:9000
read_only: true
restart: unless-stopped
sonarqube-pg-db:
container_name: sonarqube-pg-db
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD}
POSTGRES_DB: sonar
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
image: postgres:17-alpine
restart: unless-stopped
volumes:
- sonarqube-db:/var/lib/postgresql
- sonarqube-db-data:/var/lib/postgresql/data
sonarr:
container_name: sonarr
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr
hostname: Rinoa
image: lscr.io/linuxserver/sonarr:latest
labels:
homepage.group: Servarr Stack
homepage.name: Sonarr
homepage.href: https://sonarr.${MY_TLD}
homepage.icon: sonarr.png
homepage.description: TV Show Automation
homepage.widget.type: sonarr
homepage.widget.url: http://sonarr:8989
homepage.widget.key: ${SONARR_API_KEY}
swag: enable
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 8989:8989
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/sonarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
sonashow:
container_name: sonashow
environment:
auto_start: true
auto_start_delay: 60
dry_run_adding_to_sonarr: false
fallback_to_top_result: false
language_choice: all
metadata_profile_id: 1
minimum_rating: 4.5
minimum_votes: 50
quality_profile_id: 1
radarr_address: http://sonarr:8989
radarr_api_key: ${SONARR_API_KEY}
root_folder_path: /data/media/shows
search_for_missing_episodes: true
sonarr_api_timeout: 120
tmdb_api_key: ${TMDB_API_KEY}
expose:
- 5000
image: thewicklowwolf/sonashow:latest
labels:
homepage.group: Servarr Stack
homepage.name: Sonashow
homepage.href: https://sonashow.${MY_TLD}
homepage.icon: sh-sonashow.png
homepage.description: TV show discovery based on library/tastes
swag: enable
swag_auth: authelia
swag_proto: http
swag_port: 5000
swag_url: sonashow.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://sonashow.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_STORAGE}/TV_Shows
target: /data/media/shows
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/sonashow
target: /sonashow/config
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
soularr:
container_name: soularr
depends_on:
- lidarr
- soulseek
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
#Script interval in seconds
SCRIPT_INTERVAL: 300
image: mrusse08/soularr:latest
restart: unless-stopped
volumes:
#"You can set /downloads to whatever you want but will then need to change the Slskd download dir in your config file"
- ${DOCKER_VOLUME_STORAGE}/downloads:/downloads
#Select where you are storing your config file. Leave "/data" since thats where the script expects the config file to be
- ${DOCKER_VOLUME_CONFIG}/soularr:/data
soularr-dashboard:
container_name: soularr-dashboard
depends_on:
soularr:
condition: service_started
required: true
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
labels:
homepage.name: Soularr
homepage.group: Downloaders
homepage.description: Dashboard for monitoring Soularr
homepage.href: https://slsk.${MY_TLD}
homepage.icon: /icons/soularr.png
image: git.trez.wtf/trez.one/soularr-dashboard:v0.1
ports:
- 18364:8080
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/soularr/dashboard:/app
- ${DOCKER_VOLUME_CONFIG}/soularr:/data
- ${DOCKER_VOLUME_CONFIG}/soularr/logs:/data/logs
- /var/run/docker.sock:/var/run/docker.sock:ro
working_dir: /app
soulseek:
container_name: soulseek
depends_on:
gluetun:
condition: service_started
required: true
restart: true
image: slskd/slskd
labels:
homepage.name: Soulseek
homepage.group: Downloaders
homepage.description: Modern client-server application for the Soulseek file-sharing network.
homepage.href: https://slsk.${MY_TLD}
homepage.icon: slskd.svg
swag: enable
swag_proto: http
swag_url: slsk.${MY_TLD}
swag_address: gluetun
swag_port: 5030
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://slsk.${MY_TLD}
network_mode: service:gluetun
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/soulseek:/app
- ${DOCKER_VOLUME_STORAGE}/Audio/Music:/music
- ${DOCKER_VOLUME_STORAGE}/downloads/completed/slsk:/app/downloads/
- ${DOCKER_VOLUME_STORAGE}/downloads/incomplete/slsk:/app/incomplete
sourcebot:
container_name: sourcebot
environment:
CONFIG_PATH: /data/config.json
image: ghcr.io/sourcebot-dev/sourcebot:latest
labels:
homepage.name: Sourcebot
homepage.group: Code/DevOps
homepage.description: Self-hosted internet performance tracking
homepage.href: https://source.${MY_TLD}
homepage.icon: /icons/sourcebot.png
swag: enable
swag_proto: http
swag_port: 3000
swag_url: source.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://source.${MY_TLD}
ports:
- 45251:3000
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/sourcebot:/data
speedtest-tracker:
container_name: speedtest-tracker
image: lscr.io/linuxserver/speedtest-tracker:latest
environment:
PUID: ${PUID}
PGID: ${PGID}
APP_KEY: ${SPEEDTEST_TRACKER_APP_KEY}
DB_CONNECTION: sqlite
SPEEDTEST_SCHEDULE: 15 */3 * * *
labels:
homepage.name: Speedtest Tracker
homepage.group: System Administration
homepage.description: Self-hosted internet performance tracking
homepage.href: https://speed.${MY_TLD}
homepage.icon: speedtest-tracker.png
homepage.widget.type: speedtest
homepage.widget.url: http://speedtest-tracker
swag: enable
swag_proto: http
swag_url: speed.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://speed.${MY_TLD}
ports:
- 47512:80
- 62777:443
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/speedtest-tracker:/config
spotisub:
container_name: spotisub
environment:
SPOTIPY_CLIENT_ID: ${YOUR_SPOTIFY_ID}
SPOTIPY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET}
SPOTIPY_REDIRECT_URI: http://127.0.0.1:8080/
SUBSONIC_API_HOST: http://navidrome
SUBSONIC_API_PORT: 4533
SUBSONIC_API_USER: ${NAVIDROME_USERNAME}
SUBSONIC_API_PASS: ${NAVIDROME_PASSWORD}
healthcheck:
test: curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!' || exit 1
interval: 30s
retries: 20
start_period: 30s
image: blastbeng/spotisub:latest
ports:
- 5183:5183
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/spotisub:/home/user/spotisub/cache
stable-diffusion-download:
container_name: stable-diffusion-download
image: git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
stable-diffusion-webui:
container_name: stable-diffusion-webui
image: git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.0
environment:
- CLI_ARGS=--allow-code --medvram --xformers --enable-insecure-extension-access --api
labels:
homepage.name: Stable-Diffusion WebUI
homepage.group: Personal Services
homepage.description: Deep learning, text-to-image model
homepage.href: https://sd.${MY_TLD}
homepage.icon: /icons/stable-diffusion.png
swag: enable
swag_port: 7860
swag_proto: http
swag_url: sd.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://sd.${MY_TLD}
ports:
- 7860:7860
restart: unless-stopped
tty: true
volumes:
- ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
- ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/output:/output
swag:
cap_add:
- NET_ADMIN
container_name: swag
environment:
DNSPLUGIN: cloudflare
EMAIL: charish.patel@trez.wtf
EXTRA_DOMAINS:
ONLY_SUBDOMAINS: false
PGID: 1000
PUID: 1000
SUBDOMAINS: etherpad,ha,www
TZ: America/New_York
URL: trez.wtf
VALIDATION: dns
CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
CROWDSEC_LAPI_URL: http://crowdsec:8080
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-auto-uptime-kuma
PROPAGATION: 30
UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
UPTIME_KUMA_URL: http://uptimekuma:3001
UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME}
hostname: Rinoa
image: lscr.io/linuxserver/swag:latest
labels:
swag: enable
swag_proto: http
swag_port: 81
swag_url: swag.${MY_TLD}
swag_auth: authelia
komodo.skip: a
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://swag.${MY_TLD}
homepage.group: Infrastructure/App Performance Monitoring
homepage.name: SWAG Dashboard
homepage.href: https://swag.${MY_TLD}
homepage.icon: linuxserver-io.png
homepage.description: SWAG Dashboard for proxies
homepage.widget.type: swagdashboard
homepage.widget.url: http://swag:81
networks:
- default
- nextcloud-aio
ports:
- 443:443
- 80:80
- 81:81
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/swag
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
read_only: true
source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
tandoor:
container_name: tandoor-recipes
depends_on:
tandoor-pg:
condition: service_started
required: true
environment:
DB_ENGINE: django.db.backends.postgresql
GID: 1000
POSTGRES_DB: tandoor
POSTGRES_HOST: tandoor-pg
POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
POSTGRES_USER: tandoor
SECRET_KEY: ${TANDOOR_SECRET_KEY}
TZ: ${TZ}
UID: 1000
image: vabene1111/recipes
labels:
homepage.group: Lifestyle
homepage.name: Tandoor Recipes
homepage.href: https://recipes.${MY_TLD}
homepage.icon: tandoor-recipes.svg
homepage.description: Recipes, cookbooks, meal-planning, & grocery lists
homepage.widget.type: tandoor
homepage.widget.url: http://tandoor-recipes:8080
homepage.widget.key: ${TANDOOR_API_TOKEN}
swag: enable
swag_proto: http
swag_url: recipes.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://recipes.${MY_TLD}
networks:
default: null
ports:
- 8106:8080
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/tandoor/static
target: /opt/recipes/staticfiles
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/tandoor/media
target: /opt/recipes/mediafiles
type: bind
bind:
create_host_path: true
tandoor-pg:
container_name: tandoor-pg
environment:
POSTGRES_DB: tandoor
POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
POSTGRES_USER: tandoor
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: always
volumes:
- source: tandoor-pg
target: /var/lib/postgresql/data
type: volume
volume: {}
unmanic:
container_name: unmanic
environment:
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:universal-stdout-logs
PUID: ${PUID}
PGID: ${PGID}
LOGS_TO_STDOUT: /config/.unmanic/logs/unmanic.log
image: josh5/unmanic:latest
labels:
homepage.group: Media Library
homepage.name: Unmanic
homepage.href: https://unmanic.${MY_TLD}
homepage.icon: unmanic.png
homepage.description: Library Optimizer
homepage.widget.type: unmanic
homepage.widget.url: http://unmanic:8888
swag: enable
swag_port: 8888
swag_url: unmanic.${MY_TLD}
swag_proto: http
swag.uptime-kuma.enabled: true
networks:
default: null
ports:
- 8911:8888
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/unmanic
target: /config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}
target: /library
type: bind
bind:
create_host_path: true
- source: unmanic-cache
target: /tmp/unmanic
type: volume
volume: {}
uptimekuma:
container_name: uptimekuma
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME}
UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
DOCKER_HOST: tcp://dockerproxy:2375
hostname: Rinoa
image: louislam/uptime-kuma:latest
labels:
homepage.group: Infrastructure/App Performance Monitoring
homepage.name: Uptime Kuma
homepage.href: https://uptime.${MY_TLD}
homepage.icon: uptime-kuma.png
homepage.description: HTTP Endpoint Monitoring
homepage.widget.type: uptimekuma
homepage.widget.url: http://uptimekuma:3001
homepage.widget.slug: rinoa-services
swag: enable
swag_proto: http
swag_url: uptime.${MY_TLD}
networks:
default: null
ports:
- 3003:3001
restart: unless-stopped
volumes:
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/uptimekuma
target: /app/data
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
vault:
cap_add:
- IPC_LOCK
command:
- server
container_name: hc-vault
environment:
AWS_ACCESS_KEY_ID: ${VAULT_HASHICORP_AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY}
image: hashicorp/vault:latest
labels:
homepage.group: Code/DevOps
homepage.name: Vault
homepage.icon: vault.png
homepage.href: https://vault.${MY_TLD}
homepage.description: Hashicorp Vault for secrets, key/value stores, etc.
swag: enable
swag_proto: http
swag_port: 8200
swag_url: vault.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://vault.${MY_TLD}
ports:
- 8200:8200
- 8250:8250
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
- ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
vector:
image: timberio/vector:0.44.0-alpine
container_name: vector
environment:
DOCKER_HOST: tcp://dockerproxy:2375
ports:
- 60157:8686
restart: unless-stopped
volumes:
- ${DOCKER_VOLUME_CONFIG}/vector/vector.yaml:/etc/vector/vector.yaml:ro
wallabag:
container_name: wallabag
depends_on:
mariadb:
condition: service_started
required: true
restart: true
redis:
condition: service_started
required: true
environment:
SYMFONY__ENV__DATABASE_DRIVER: pdo_mysql
SYMFONY__ENV__DATABASE_HOST: mariadb
SYMFONY__ENV__DATABASE_PORT: 3306
SYMFONY__ENV__DATABASE_NAME: ${WALLABAG_DB}
SYMFONY__ENV__DATABASE_USER: ${WALLABAG_DB}
SYMFONY__ENV__DATABASE_PASSWORD: ${WALLABAG_DB_PASSWORD}
SYMFONY__ENV__DATABASE_CHARSET: utf8
SYMFONY__ENV__DATABASE_TABLE_PREFIX: "wallabag_"
SYMFONY__ENV__MAILER_DSN: smtp://postal-smtp
SYMFONY__ENV__FROM_EMAIL: noreply@trez.wtf
SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${MY_TLD}
SYMFONY__ENV__SERVER_NAME: "Wallabag @ Rinoa"
SYMFONY__ENV__REDIS_HOST: redis
SYMFONY__ENV__REDIS_PORT: 6379
healthcheck:
interval: 1m
test:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://localhost
timeout: 3s
image: wallabag/wallabag
labels:
swag: enable
swag_address: wallabag
swag_proto: http
swag.uptime-kuma.enabled: true
homepage.group: Lifestyle
homepage.name: Wallabag
homepage.href: https://wallabag.${MY_TLD}
homepage.icon: wallabag.png
homepage.description: Knowledge Store
networks:
default: null
ports:
- 32768:80
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/wallabag/images
target: /var/www/wallabag/web/assets/images
type: bind
bind:
create_host_path: true
wallos:
container_name: wallos
environment:
TZ: ${TZ}
image: bellamy/wallos:latest
labels:
homepage.group: Lifestyle
homepage.name: wallos
homepage.href: https://subs.${MY_TLD}
homepage.icon: wallos.png
homepage.description: Subscription Tracking
swag: enable
swag_proto: http
swag_url: subs.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://subs.${MY_TLD}
networks:
default: null
ports:
- 8283:80
restart: unless-stopped
volumes:
- wallos-db:/var/www/html/db
- wallos-logos:/var/www/html/images/uploads/logos
watchtower:
container_name: watchtower
environment:
REPO_PASS:
REPO_USER:
TZ: America/New_York
WATCHTOWER_CLEANUP: true
WATCHTOWER_INCLUDE_STOPPED: false
WATCHTOWER_MONITOR_ONLY: false
WATCHTOWER_NOTIFICATIONS: gotify
WATCHTOWER_NOTIFICATIONS_LEVEL: info
WATCHTOWER_NOTIFICATION_TEMPLATE: '{{range .}}{{.Message}}{{println}}{{end}}'
WATCHTOWER_NOTIFICATION_URL:
WATCHTOWER_SCHEDULE: 0 0 4 * * *
WATCHTOWER_TIMEOUT: 30s
WATCHTOWER_HTTP_API_METRICS: true
WATCHTOWER_HTTP_API_TOKEN: ${WATCHTOWER_HTTP_API_TOKEN}
WATCHTOWER_NOTIFICATION_GOTIFY_URL: ${WATCHTOWER_NOTIFICATION_GOTIFY_URL}
WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN: ${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN}
WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY: true
expose:
- 8080
hostname: Rinoa
image: ghcr.io/containrrr/watchtower:latest
labels:
homepage.group: Automation
homepage.name: Watchtower
homepage.icon: watchtower.svg
homepage.description: Container-based solution for automating Docker container base image updates
homepage.widget.type: watchtower
homepage.widget.url: http://watchtower:8080
homepage.widget.key: ${WATCHTOWER_HTTP_API_TOKEN}
networks:
default: null
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
web-check:
container_name: web-check
image: lissy93/web-check
labels:
homepage.group: Privacy/Security
homepage.name: Web-Check
homepage.icon: web-check.png
homepage.href: https://scan.${MY_TLD}
homepage.description: Site scanner for attack vectors, architecture, security configs, and more
swag: enable
swag_proto: http
swag_url: scan.${MY_TLD}
swag_port: 3000
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://scan.${MY_TLD}
networks:
default: null
ports:
- 3010:3000
restart: unless-stopped
your_spotify:
container_name: your_spotify
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
APP_URL: https://myspotify.${MY_TLD}
SPOTIFY_PUBLIC: ${YOUR_SPOTIFY_ID}
SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET}
CORS: all
MONGO_ENDPOINT: mongodb://mongodb:27017/your_spotify
LOG_LEVEL: debug
expose:
- 8080
image: lscr.io/linuxserver/your_spotify:latest
labels:
homepage.group: Media Library
homepage.name: Your Spotify
homepage.icon: your-spotify.svg
homepage.href: https://myspotify.${MY_TLD}
homepage.description: Personal Spotify Tracking
swag: enable
swag_proto: https
swag_url: myspotify.${MY_TLD}
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://myspotify.${MY_TLD}
networks:
default: null
ports:
- 8088:80
- 8098:443
restart: always
youtubedl:
container_name: youtubedl
environment:
PGID: ${PGID}
PUID: ${PUID}
TZ: America/New_York
YDL_CONFIG_PATH: /youtube-dl/config.yml
YDL_DEBUG: "false"
hostname: Rinoa
image: nbr23/youtube-dl-server:latest
labels:
homepage.group: Downloaders
homepage.name: YoutubeDL
homepage.icon: youtube-dl.svg
homepage.href: https://ytdl.${MY_TLD}
homepage.description: YouTube Downloader
swag: enable
swag_proto: http
swag_url: ytdl.${MY_TLD}
swag_port: 8080
swag.uptime-kuma.enabled: true
swag.uptime-kuma.monitor.url: https://ytdl.${MY_TLD}
networks:
default: null
ports:
- 8089:8080
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/youtubedl
target: /youtube-dl
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
volumes:
authelia-pg-db:
name: authelia-pg-db
bitmagnet-pg-db:
name: bitmagnet-pg-db
bunkerweb-storage:
name: bunkerweb-storage
castopod-media:
name: castopod-media
crowdsec-config:
name: crowdsec-config
crowdsec-db:
name: crowdsec-db
dawarich_db_data:
name: dawarich_db_data
dawarich_shared:
name: dawarich_shared
dawarich_public:
name: dawarich_public
dawarich_watched:
name: dawarich_watched
dbgate-data:
name: dbgate-data
docker-volume-bkup-data:
name: docker-volume-bkup-data
fastenhealth-cache:
name: fastenhealth-cache
fastenhealth-db:
name: fastenhealth-db
filebeat_etc:
name: filebeat_etc
filebeat_var:
name: filebeat_var
gitea-pg-db:
name: gitea-pg-db
hortusfox_app_backup:
name: hortusfox_app_backup
hortusfox_app_images:
name: hortusfox_app_images
hortusfox_app_logs:
name: hortusfox_app_logs
hortusfox_app_migrate:
name: hortusfox_app_migrate
hortusfox_app_themes:
name: hortusfox_app_themes
hortusfox_db_data:
name: hortusfox_db_data
immich-model-cache:
name: immich-model-cache
influxdb2-data:
name: influxdb2-data
influxdb2-config:
name: influxdb2-config
invidious-postgres:
name: invidious-postgres
invoice-ninja_cache:
name: invoice-ninja_cache
invoice-ninja_public:
name: invoice-ninja_public
invoice-ninja_storage:
name: invoice-ninja_storage
jitsi-web-admin-theme:
name: jitsi-web-admin-theme
jitsi-web-admin-upload:
name: jitsi-web-admin-upload
joplin_data:
name: joplin_data
librechat-pg-data:
name: librechat-pg-data
libretranslate_models:
name: libretranslate_models
lldap_data:
name: lldap_data
mastodon-pg-db:
name: mastodon-pg-db
mongodb_config:
name: mongodb_config
mongodb_data:
name: mongodb_data
n8n-data:
name: n8n-data
netbird-mgmt:
name: netbird-mgmt
netbird-signal:
name: netbird-signal
netbird-letsencrypt:
name: netbird-letsencrypt
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
ollama:
name: ollama
open-webui:
name: open-webui
paperless-ngx-data:
name: paperless-ngx-data
paperless-ngx-media:
name: paperless-ngx-media
paperless-ngx-pg:
name: paperless-ngx-pg
peppermint-pg-data:
name: peppermint-pg-data
pgbackweb-data:
name: pgbackweb-data
plausible-db-data:
name: plausible-db-data
plausible-event-data:
name: plausible-event-data
plausible-event-logs:
name: plausible-event-logs
portainer-data:
name: portainer-data
reactive-resume-pg:
name: reactive-resume-pg
semaphore_config:
name: semaphore_config
semaphore_data:
name: semaphore_data
semaphore_tmp:
name: semaphore_tmp
sonarqube-data:
name: sonarqube-data
sonarqube-db:
name: sonarqube-db
sonarqube-db-data:
name: sonarqube-db-data
sonarqube-extensions:
name: sonarqube-extensions
sonarqube-logs:
name: sonarqube-logs
sonarqube-temp:
name: sonarqube-temp
tandoor-pg:
name: tandoor-pg
unmanic-cache:
name: unmanic-cache
wallos-db:
name: wallos-db
wallos-logos:
name: wallos-logos
zitadel-pg-db:
name: zitadel-pg-db
Reference in New Issue View Git Blame Copy Permalink