Trez/rinoa-docker
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Activity
Files
83a2da684c904dc910e1de84f71185d4e1ca31da
rinoa-docker/docker/rinoa-docker-compose.yml
T

7228 lines
199 KiB
YAML
Raw Blame History

name: compose
networks:
bitmagnet:
driver: bridge
ipam:
config:
- gateway: 192.168.55.1
subnet: 192.168.55.0/27
driver: default
name: compose_bitmagnet
default:
name: compose_default
services:
addy:
container_name: addy
depends_on:
mariadb:
condition: service_started
required: true
redis:
condition: service_started
required: true
environment:
ANONADDY_ADDITIONAL_USERNAME_LIMIT: ${ADDY_ANONADDY_ADDITIONAL_USERNAME_LIMIT}
ANONADDY_ADMIN_USERNAME: ${ADDY_ANONADDY_ADMIN_USERNAME}
ANONADDY_ALL_DOMAINS: ${ADDY_ANONADDY_ALL_DOMAINS}
ANONADDY_BANDWIDTH_LIMIT: ${ADDY_ANONADDY_BANDWIDTH_LIMIT}
ANONADDY_DOMAIN: ${ADDY_ANONADDY_DOMAIN}
ANONADDY_ENABLE_REGISTRATION: true
ANONADDY_HOSTNAME: ${ADDY_ANONADDY_HOSTNAME}
ANONADDY_LIMIT: ${ADDY_ANONADDY_LIMIT}
ANONADDY_NEW_ALIAS_LIMIT: ${ADDY_ANONADDY_NEW_ALIAS_LIMIT}
ANONADDY_RETURN_PATH: null
ANONADDY_SECRET: ${ADDY_ANONADDY_SECRET}
APP_DEBUG: false
APP_KEY: ${ADDY_APP_KEY}
APP_NAME: addy-rinoa
APP_URL: ${ADDY_APP_URL}
DB_DATABASE: anonaddy
DB_HOST: mariadb
DB_PASSWORD: ${ADDY_DB_PASSWORD}
DB_PORT: 3306
DB_TIMEOUT: 120
DB_USERNAME: addy
MAIL_ENCRYPTION: null
MAIL_FROM_ADDRESS: null
MAIL_FROM_NAME: addy@Rinoa
PGID: ${PGID}
POSTFIX_DEBUG: false
POSTFIX_MESSAGE_SIZE_LIMIT: 26214400
POSTFIX_RELAYHOST: postal-smtp
POSTFIX_RELAYHOST_AUTH_ENABLE: true
POSTFIX_RELAYHOST_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
POSTFIX_RELAYHOST_USERNAME: ${POSTAL_SMTP_AUTH_USER}
POSTFIX_SMTP_TLS: false
POSTFIX_SMTPD_TLS: false
POSTFIX_SMTPD_TLS_CERT_FILE: null
POSTFIX_SMTPD_TLS_KEY_FILE: null
POSTFIX_SPAMHAUS_DQS_KEY: null
PUID: ${PUID}
REDIS_HOST: redis
REDIS_PASSWORD: null
REDIS_PORT: 6379
RSPAMD_ENABLE: true
RSPAMD_NO_LOCAL_ADDRS: null
RSPAMD_WEB_PASSWORD: null
TZ: ${TZ}
image: anonaddy/anonaddy:latest
labels:
- swag=enable
- swag_proto=http
- swag_port=8000
- swag_url=addy.${MY_TLD}
- homepage.group=Privacy/Security
- homepage.name=Addy
- homepage.icon=/icons/addy.png
- homepage.href=https://addy.${MY_TLD}
- homepage.description=Anonymous email forwarding
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: 8009
target: 8000
- mode: ingress
protocol: tcp
published: 11334
target: 11334
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/anonaddy
target: /data
type: bind
bind:
create_host_path: true
adguard:
container_name: adguard
environment:
TZ: America/New_York
hostname: Rinoa
image: adguard/adguardhome:latest
labels:
- swag=enable
- swag_proto=http
- swag_url=adgh.${MY_TLD}
- homepage.group=System Administration
- homepage.name=AdGuard Home
- homepage.icon=adguard-home.png
- homepage.href=https://adgh.${MY_TLD}
- homepage.description=Ad-blocking/DNS
- homepage.widget.type=adguard
- homepage.widget.url=http://adguard:80
- homepage.widget.username=admin
- homepage.widget.password=${ADGUARD_PASSWORD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3001"
target: 3000
- mode: ingress
protocol: tcp
published: "446"
target: 443
- mode: ingress
protocol: tcp
published: "8008"
target: 80
- mode: ingress
protocol: tcp
published: "853"
target: 853
- host_ip: 0.0.0.0
mode: ingress
protocol: tcp
published: "53"
target: 53
- host_ip: 0.0.0.0
mode: ingress
protocol: udp
published: "53"
target: 53
- host_ip: 0.0.0.0
mode: ingress
protocol: udp
published: "67"
target: 67
- host_ip: 0.0.0.0
mode: ingress
protocol: tcp
published: "688"
target: 68
- host_ip: 0.0.0.0
mode: ingress
protocol: udp
published: "688"
target: 68
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/adguard/work
target: /opt/adguardhome/work
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/adguard/conf
target: /opt/adguardhome/conf
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- source: ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/archive/trez.wtf
target: /etc/ssl/certs
type: bind
bind:
create_host_path: true
apprise:
container_name: apprise
environment:
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: lscr.io/linuxserver/apprise-api:latest
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Apprise
- homepage.icon=apprise.png
- homepage.href=http://192.168.1.254:8000
- homepage.description=Cemtralized, multi-channel notification API
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8000"
target: 8000
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/apprise
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
audiobookshelf:
container_name: audiobookshelf
environment:
CONFIG_PATH: /config
HOME: /config/.home
LOG_LEVEL: info
METADATA_PATH: /metadata
TZ: America/New_York
hostname: Rinoa
image: ghcr.io/advplyr/audiobookshelf:latest
labels:
- homepage.group=Media Library
- homepage.name=Audiobookshelf
- homepage.href=https://abs.${MY_TLD}
- homepage.icon=audiobookshelf.png
- homepage.description=Podcasts, eBooks, & Audiobooks
- homepage.widget.type=audiobookshelf
- homepage.widget.url=http://audiobookshelf:80
- homepage.widget.key=${AUDIOBOOKSHELF_ROOT_API_KEY}
- swag=enable
- swag_address=audiobookshelf
- swag_proto=http
- swag_url=abs.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://abs.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "13378"
target: 80
restart: unless-stopped
user: 1000:1000
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf
target: /config
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata
target: /metadata
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
authelia:
container_name: authelia
environment:
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${AUTHELIA_AUTH_BIND_LDAP_PASSWORD}
AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
AUTHELIA_NOTIFIER_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
AUTHELIA_NOTIFIER_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
GUID: ${PGID}
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
expose:
- 9091
image: authelia/authelia:master
labels:
- homepage.group=Privacy/Security
- homepage.name=Authelia
- homepage.href=https://auth.${MY_TLD}
- homepage.icon=authelia.svg
- homepage.description=Authentication/authorization server with MFA & SSO
- swag=enable
- swag_proto=http
- swag_port=9091
- swag_url=auth.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://auth.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/authelia/
target: /config
type: bind
bind:
create_host_path: true
authelia-pg:
container_name: authelia-pg
environment:
- POSTGRES_PASSWORD=${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
- POSTGRES_USER=authelia
- POSTGRES_DB=authelia
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: unless-stopped
volumes:
- source: authelia-pg-db
target: /var/lib/postgresql/data
type: volume
bind:
create_host_path: true
bazarr:
container_name: bazarr
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/gilbn/theme.park:bazarr
hostname: Rinoa
image: lscr.io/linuxserver/bazarr:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=Bazarr
- homepage.href=https://bazarr.${MY_TLD}
- homepage.icon=bazarr.png
- homepage.description=Subtitle automation for TV shows/movies
- homepage.widget.type=bazarr
- homepage.widget.url=http://bazarr:6767
- homepage.widget.key=${BAZARR_API_KEY}
- swag=enable
- swag_proto=http
- swag_port=6767
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "6767"
target: 6767
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/bazarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
bitmagnet:
command:
- worker
- run
- --keys=http_server
- --keys=queue_server
- --keys=dht_crawler
container_name: bitmagnet
depends_on:
bitmagnet-pgsql:
condition: service_healthy
required: true
gluetun:
condition: service_started
required: true
restart: true
environment:
LOG_FILE_ROTATION_ENABLED: true
POSTGRES_HOST: bitmagnet-pgsql
POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD}
POSTGRES_USER: bitmagnet
image: ghcr.io/bitmagnet-io/bitmagnet:latest
labels:
- homepage.group=Downloaders
- homepage.name=Bitmagnet
- homepage.href=https://btmag.${MY_TLD}
- homepage.icon=/icons/bitmagnet.svg
- homepage.description=Torrent indexer, DHT crawler, search engine, & content classifier
- homepage.widget.type=gluetun
- homepage.widget.url=http://gluetun:8000
- swag=enable
- swag_proto=http
- swag_address=gluetun
- swag_auth=authelia
- swag_auth_bypass=/v1
- swag_port=3333
- swag_url=btmag.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://btmag.${MY_TLD}
network_mode: service:gluetun
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/bitmagnet
target: /root/.local/share/bitmagnet
type: bind
bind:
create_host_path: true
bitmagnet-pgsql:
container_name: bitmagnet-pgsql
environment:
POSTGRES_DB: bitmagnet
POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD}
POSTGRES_USER: bitmagnet
expose:
- 5432
healthcheck:
interval: 10s
start_period: 20s
test:
- CMD-SHELL
- pg_isready
image: postgres:16-alpine
networks:
bitmagnet:
ipv4_address: 192.168.55.8
default: null
restart: unless-stopped
shm_size: 1g
volumes:
- source: bitmagnet-pgsql
target: /var/lib/postgresql/data
type: volume
volume: {}
bitwarden:
container_name: bitwarden
environment:
ADMIN_TOKEN: ${BITWARDEN_ENVIRONMENT_ADMIN_TOKEN}
DATABASE_URL: data/db.sqlite3
DISABLE_ADMIN_TOKEN: "false"
DOMAIN: https://bitwarden.${MY_TLD}
ENABLE_DB_WAL: "true"
INVITATIONS_ALLOWED: "false"
SHOW_PASSWORD_HINT: "false"
SIGNUPS_ALLOWED: "true"
SIGNUPS_VERIFY: "true"
TZ: America/New_York
WEBSOCKET_ENABLED: "true"
hostname: Rinoa
image: vaultwarden/server:latest
labels:
- homepage.group=Privacy/Security
- homepage.name=Bitwarden
- homepage.icon=bitwarden.png
- homepage.href=https://bitwarden.${MY_TLD}
- homepage.description=Credential/Information Vault
- swag=enable
- swag_url=bitwarden.${MY_TLD}
- swag_proto=http
- swag_port=80
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3012"
target: 3012
- mode: ingress
protocol: tcp
published: "8013"
target: 80
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/bitwarden
target: /data
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
browserless:
container_name: browserless
environment:
ALLOW_FILE_PROTOCOL: true
CONCURRENT: 20
HEALTH: false
PROXY_HOST: swag
PROXY_PORT: 443
PROXY_SSL: true
QUEUED: 20
TIMEOUT: 300000
TOKEN: ${CHROMIUM_TOKEN}
TZ: ${TZ}
expose:
- 3000
image: ghcr.io/browserless/chromium:latest
labels:
- swag=enable
- swag_proto=http
- swag_port=3000
- swag_url=browse.${MY_TLD}
networks:
default: null
restart: unless-stopped
cloudflareddns:
container_name: cloudflareddns
environment:
ARGS: --dns-cloudflare-propagation-seconds 60
CF_APIKEY: ${CLOUDFLAREDDNS_ENVIRONMENT_APIKEY}
CF_APITOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN}
CF_HOSTS: trez.wtf
CF_RECORDTYPES: A
CF_USER: charish.patel@trez.wtf
CF_ZONES: trez.wtf
DETECTION_MODE: dig-google.com
INTERVAL: "300"
LOG_LEVEL: "3"
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: ghcr.io/hotio/cloudflareddns:latest
networks:
default: null
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/cloudflareddns
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
crowdsec:
container_name: crowdsec
environment:
- DOCKER_HOST=tcp://dockerproxy:2375
- GID=1000
- BOUNCER_KEY_SWAG=${CROWDSEC_API_KEY}
- COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables
image: crowdsecurity/crowdsec:latest
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8101"
target: 8080
restart: unless-stopped
security_opt:
- no-new-privileges=true
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local
target: /etc/crowdsec/config.yaml.local
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local
target: /etc/crowdsec/local_api_credentials.yaml.local
type: bind
bind:
create_host_path: true
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx
target: /var/log/swag
type: bind
bind:
create_host_path: true
- source: crowdsec-config
target: /etc/crowdsec
type: volume
volume: {}
- source: crowdsec-db
target: /var/lib/crowdsec/data
type: volume
volume: {}
- bind:
create_host_path: true
read_only: true
source: /var/log/journal
target: /var/log/host
type: bind
crowdsec-dashboard:
container_name: crowdsec-dashboard
depends_on:
crowdsec:
condition: service_started
required: true
environment:
MB_DB_FILE: /data/metabase.db
MGID: ${GID-1000}
image: metabase/metabase
labels:
- com.centurylinklabs.watchtower.enable=false
- homepage.group=Privacy/Security
- homepage.name=CrowdSec Dashboard
- homepage.href=https://csec.${MY_TLD}
- homepage.icon=crowdsec.svg
- homepage.description=Real-time & crowdsourced protection against aggressive IPs
- homepage.widget.type=crowdsec
- homepage.widget.url=http://crowdsec:8080
- homepage.widget.username=localhost
- homepage.widget.password=${CROWDSEC_LOCAL_API_KEY}
- swag=enable
- swag_port=3000
- swag_proto=http
- swag_url=csec.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://csec.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8908"
target: 3000
restart: always
volumes:
- source: crowdsec-db
target: /metabase-data
type: volume
volume: {}
czkawka:
container_name: czkawka
environment:
KEEP_APP_RUNNING: 1
PGID: ${PGID}
PUID: ${PUID}
TZ: ${TZ}
UMASK: 1
WEB_LISTENING_PORT: 5800
image: jlesage/czkawka
labels:
- homepage.group=System Administration
- homepage.name=Czkawka
- homepage.href=https://czkawka.${MY_TLD}
- homepage.icon=/icons/czkawka.png
- homepage.description=Smart file management
- swag=enable
- swag_port=5800
- swag_proto=http
- swag_url=czkawka.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://czkawka.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "5800"
target: 5800
privileged: true
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/czkawka
target: /config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}
target: /storage
type: bind
bind:
create_host_path: true
dagu-scheduler:
command: dagu scheduler
container_name: dagu-scheduler
image: ghcr.io/dagu-org/dagu:latest
networks:
default: null
restart: unless-stopped
volumes:
- source: dagu_config
target: /home/dagu/.config/dagu
type: volume
volume: {}
- source: dagu_data
target: /home/dagu/.local/share
type: volume
volume: {}
dagu-server:
container_name: dagu-server
environment:
DAGU_PORT: 8080
image: ghcr.io/dagu-org/dagu:latest
labels:
- homepage.group=System Administration
- homepage.name=Dagu
- homepage.href=https://cron.${MY_TLD}
- homepage.icon=/icons/dagu.png
- homepage.description=Cron alternative using DAGs (Directed Acyclic Graphs)
- swag=enable
- swag_port=8080
- swag_proto=http
- swag_url=cron.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://cron.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8108"
target: 8080
restart: unless-stopped
volumes:
- source: dagu_config
target: /home/dagu/.config/dagu
type: volume
bind:
create_host_path: true
- source: dagu_data
target: /home/dagu/.local/share
type: volume
bind:
create_host_path: true
delugevpn:
cap_add:
- NET_ADMIN
- SYS_MODULE
container_name: delugevpn
environment:
ENABLE_PRIVOXY: "no"
LAN_NETWORK: 192.168.1.0/24
NAME_SERVERS: 192.168.1.254,1.1.1.1
PGID: "1000"
PUID: "1000"
TZ: America/New_York
VPN_CLIENT: openvpn
VPN_ENABLED: "yes"
VPN_INPUT_PORTS: ""
VPN_OPTIONS: ""
VPN_OUTPUT_PORTS: ""
VPN_PASS: QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA
VPN_PROV: pia
VPN_USER: p3120278
hostname: Rinoa
image: ghcr.io/binhex/arch-delugevpn:latest
labels:
- homepage.group=Downloaders
- homepage.name=DelugeVPN
- homepage.href=https://deluge.${MY_TLD}
- homepage.icon=deluge.png
- homepage.description=Torrent over VPN
- homepage.widget.type=deluge
- homepage.widget.url=http://delugevpn:8112
- homepage.widget.password=${DELUGEVPN_PASSWORD}
- swag=enable
- swag_port=8112
- swag_proto=http
- swag_url=deluge.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://deluge.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "58846"
target: 58846
- mode: ingress
protocol: tcp
published: "58946"
target: 58946
- mode: ingress
protocol: tcp
published: "6881"
target: 6881
- mode: ingress
protocol: tcp
published: "8112"
target: 8112
- mode: ingress
protocol: tcp
published: "8118"
target: 8118
privileged: true
restart: unless-stopped
sysctls:
net.ipv4.conf.all.src_valid_mark: "1"
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/delugevpn
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
docker-socket-proxy:
container_name: dockerproxy
environment:
- BUILD=1
- COMMIT=1
- CONFIGS=1
- CONTAINERS=1
- DISTRIBUTION=1
- EVENTS=1
- EXEC=1
- GPRC=1
- IMAGES=1
- INFO=1
- NETWORKS=1
- NODES=1
- POST=1
- PLUGINS=1
- SERVICES=1
- SESSION=1
- SYSTEM=1
- TASKS=1
- VOLUMES=1
- LOG_LEVEL=debug
image: ghcr.io/tecnativa/docker-socket-proxy:latest
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "2375"
target: 2375
privileged: true
restart: unless-stopped
volumes:
- bind:
create_host_path: true
source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
docuseal:
container_name: docuseal
image: docuseal/docuseal:latest
labels:
- homepage.group=Personal Services
- homepage.name=Docuseal
- homepage.href=https://docs.${MY_TLD}
- homepage.description=OSS Document Signing & Verification
- homepage.icon=docuseal.png
- swag=enable
- swag_proto=http
- swag_port=3000
- swag_url=sign.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://sign.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3002"
target: 3000
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/docuseal
target: /data
type: bind
bind:
create_host_path: true
duplicati:
container_name: duplicati
environment:
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: lscr.io/linuxserver/duplicati:latest
labels:
- swag=enable
- swag_port=8200
- swag_proto=http
- swag_url=dup.${MY_TLD}
- homepage.group=Automation
- homepage.name=Duplicati
- homepage.href=https://dup.${MY_TLD}
- homepage.icon=duplicati.png
- homepage.description=Data backup
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8282"
target: 8200
- ${DUPLICATI_PORT_8200}:8200
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/duplicati
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
source: /home/charish/.config/appdata/backups
target: /backups
type: bind
- bind:
create_host_path: true
source: /home/charish/.config/appdata
target: /source
type: bind
emby:
container_name: emby
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:emby
hostname: Rinoa
image: emby/embyserver
labels:
- homepage.group=Media Library
- homepage.name=Emby
- homepage.icon=emby.png
- homepage.href=http://emby.${MY_TLD}
- homepage.description=Movie/TV Streaming
- homepage.widget.type=emby
- homepage.widget.url=http://emby:8096
- homepage.widget.key=${EMBY_HOMEPAGE_API_KEY}
- homepage.widget.enableBlocks=true
- homepage.widget.enableNowPlaying=true
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8096"
target: 8096
- mode: ingress
protocol: tcp
published: "8920"
target: 8920
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/emby
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
source: /tmp
target: /transcode
type: bind
fastenhealth:
container_name: fastenhealth
image: ghcr.io/fastenhealth/fasten-onprem:main
labels:
- homepage.group=Lifestyle
- homepage.name=Fasten
- homepage.icon=/icons/fastenhealth.png
- homepage.href=http://health.${MY_TLD}
- homepage.description=Open-source, self-hosted, personal/family electronic medical record aggregator
- swag=enable
- swag_proto=http
- swag_port=8080
- swag_url=health.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://health.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8105"
target: 8080
restart: unless-stopped
volumes:
- source: fastenhealth-cache
target: /opt/fasten/cache
type: volume
volume: {}
- source: fastenhealth-db
target: /opt/fasten/db
type: volume
volume: {}
flaresolverr:
container_name: flaresolverr
environment:
- CAPTCHA_SOLVER=none
- LOG_HTML=false
- LOG_LEVEL=info
- PORT=8191
- TZ=America/New_York
- BROWSER_TIMEOUT=40000
- TEST_URL=https://duckduckgo.com
hostname: Rinoa
image: ghcr.io/flaresolverr/flaresolverr:latest
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8191"
target: 8191
restart: unless-stopped
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
ghost:
container_name: ghost_blog
depends_on:
mariadb:
condition: service_started
required: true
restart: true
environment:
- database__client=mysql
- database__connection__host=mariadb
- database__connection__port=3306
- database__connection__user=${GHOST_DB_USER}
- database__connection__password=${GHOST_DB_PASSWORD}
- database__connection__database=ghost_db
- mail__transport=SMTP
- mail__options__host=postal-smtp
- mail__options__port=25
- mail__options__secure=false
- mail__options__auth__user=${POSTAL_SMTP_AUTH_USER}
- mail__options__auth__pass=${POSTAL_SMTP_AUTH_PASSWORD}
- mail__from="noreply@trez.wtf"
- url=https://blog.${MY_TLD}
image: ghost:latest
labels:
- homepage.group=Lifestyle
- homepage.name=Ghost
- homepage.href=https://blog.${MY_TLD}
- homepage.icon=ghost.png
- homepage.description=Personal blog
- swag=enable
- swag_port=2368
- swag_proto=http
- swag_url=blog.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://blog.${MY_TLD}
links:
- mariadb
networks:
default: null
restart: always
git-opengist:
container_name: gitea-gist
environment:
OG_LOG_LEVEL: warn
OG_EXTERNAL_URL: https://gist.trez.wtf
OG_GIT_DEFAULT_BRANCH: "main"
OG_GITEA_CLIENT_KEY: ${OPENGIST_GITEA_CLIENT_KEY}
OG_GITEA_SECRET: ${OPENGIST_GITEA_SECRET}
OG_GITEA_URL: http://gitea:3000
OG_GITEA_NAME: "Gitea @ Rinoa"
image: ghcr.io/thomiceli/opengist:latest
labels:
homepage.description: Private Code Gists
homepage.group: Code
homepage.href: https://gist.trez.wtf
homepage.icon: /icons/opengist.svg
homepage.name: Opengist
swag: enable
swag.uptime-kuma.enabled: "true"
swag.uptime-kuma.monitor.url: https://gist.trez.wtf
swag_port: "6157"
swag_proto: http
swag_url: gist.trez.wtf
ports:
- "6157:6157" # HTTP port
- "2222:2222" # SSH port, can be removed if you don't use SSH
restart: always
volumes:
- ${DOCKER_VOLUME_CONFIG}/gitea/opengist:/opengist
gitea:
container_name: gitea
environment:
- USER_UID=${PUID}
- USER_GID=${PGID}
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=gitea-db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=${GITEA_PG_DB_PASSWORD}
- GITEA__mailer__ENABLED=true
- GITEA__mailer__FROM='"Gitea" <noreply@trez.wtf>'
- GITEA__mailer__PROTOCOL=smtp
- GITEA__mailer__SMTP_ADDR=postal-smtp
- GITEA__mailer__SMTP_PORT=25
- GITEA__mailer__IS_TLS_ENABLED=faLse
- GITEA__mailer__USER=${POSTAL_SMTP_AUTH_USER}
- GITEA__mailer__PASSWD=${POSTAL_SMTP_AUTH_PASSWORD}
image: gitea/gitea:1.22.2
labels:
- homepage.group=Code
- homepage.name=Gitea
- homepage.href=https://git.${MY_TLD}
- homepage.icon=gitea.svg
- homepage.description=Private Code Repo
- homepage.widget.type=gitea
- homepage.widget.url=http://gitea:3000
- homepage.widget.key=${GITEA_HOMEPAGE_API_KEY}
- swag=enable
- swag_port=3000
- swag_proto=http
- swag_url=git.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://git.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3013"
target: 3000
- mode: ingress
protocol: tcp
published: "222"
target: 22
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/gitea
target: /data
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/timezone
target: /etc/timezone
type: bind
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
gitea-db:
container_name: gitea-db
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=${GITEA_PG_DB_PASSWORD}
- POSTGRES_DB=gitea
expose:
- 5432
image: postgres:14
networks:
default: null
restart: always
volumes:
- source: gitea-pg-db
target: /var/lib/postgresql/data
type: volume
volume: {}
gluetun:
cap_add:
- NET_ADMIN
container_name: gluetun
environment:
OPENVPN_PASSWORD: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
OPENVPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
PORT_FORWARD_ONLY: true
SERVER_REGIONS: Bahamas,Belgium,Cyprus,Estonia,FI Helsinki,Iceland,Latvia,Lithuania,Luxembourg,Montenegro,Netherlands,Portugal,DK Copenhagen,Ukraine,Uruguay
VPN_SERVICE_PROVIDER: private internet access
expose:
- 8000
extra_hosts:
- bitmagnet-pgsql:192.168.55.8
image: qmcgaw/gluetun:latest
networks:
bitmagnet:
ipv4_address: 192.168.55.7
default: null
ports:
- mode: ingress
protocol: tcp
published: "3333"
target: 3333
- mode: ingress
protocol: tcp
published: "3334"
target: 3334
- mode: ingress
protocol: udp
published: "3334"
target: 3334
- mode: ingress
protocol: tcp
published: "5030"
target: 5030
- mode: ingress
protocol: tcp
published: "5031"
target: 5031
- mode: ingress
protocol: tcp
published: "50300"
target: 50300
restart: always
gotify:
container_name: gotify
environment:
- GOTIFY_SERVER_PORT=80
- GOTIFY_SERVER_KEEPALIVEPERIODSECONDS=0
- GOTIFY_SERVER_LISTENADDR=
- GOTIFY_SERVER_SSL_ENABLED=false
- GOTIFY_SERVER_SSL_REDIRECTTOHTTPS=true
- GOTIFY_SERVER_SSL_LISTENADDR=
- GOTIFY_SERVER_SSL_PORT=443
- GOTIFY_SERVER_SSL_CERTFILE=
- GOTIFY_SERVER_SSL_CERTKEY=
- GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED=false
- GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS=false
- GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE=certs
- GOTIFY_SERVER_STREAM_PINGPERIODSECONDS=45
- GOTIFY_DATABASE_DIALECT=sqlite3
- GOTIFY_DATABASE_CONNECTION=data/gotify.db
- GOTIFY_DEFAULTUSER_NAME=admin
- GOTIFY_DEFAULTUSER_PASS=${GOTIFY_PASSWORD}
- GOTIFY_PASSSTRENGTH=10
- GOTIFY_UPLOADEDIMAGESDIR=data/images
- GOTIFY_PLUGINSDIR=data/plugins
- GOTIFY_REGISTRATION=false
image: gotify/server
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Gotify
- homepage.href=https://gotify.${MY_TLD}
- homepage.icon=gotify.png
- homepage.description=Notification System
- homepage.widget.type=gotify
- homepage.widget.url=http://gotify
- homepage.widget.key=${GOTIFY_HOMEPAGE_CLIENT_KEY}
- swag=enable
- swag_proto=http
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8097"
target: 80
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/gotify
target: /app/data
type: bind
bind:
create_host_path: true
grafana:
container_name: grafana
depends_on:
grafana-alloy:
condition: service_started
required: true
environment:
GF_INSTALL_PLUGINS: grafana-piechart-panel
TZ: America/New_York
hostname: Rinoa
image: grafana/grafana-enterprise:latest
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Grafana (LGTM)
- homepage.href=https://mon.${MY_TLD}
- homepage.description=Monitoring Dashboard for metrics, logs, traces, & profiles
- homepage.icon=grafana.png
- homepage.widget.type=grafana
- homepage.widget.url=http://grafana:3000
- homepage.widget.username=admin
- homepage.widget.password=${GRAFANA_ADMIN_PASSWORD}
- swag=enable
- swag_proto=http
- swag_url=mon.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://mon.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3006"
target: 3000
restart: unless-stopped
user: 1000:1000
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- source: ${DOCKER_VOLUME_CONFIG}/grafana/data
target: /var/lib/grafana
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
grafana-alloy:
cap_add:
- SYS_ADMIN
- SYS_TIME
- BPF
- SYSLOG
command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy
container_name: grafana-alloy
environment:
- DOCKER_HOST=tcp://dockerproxy:2375
image: grafana/alloy:latest
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Grafana Alloy
- homepage.description=Agent for metric/log/trace/profile collection and writing
- homepage.href=http://192.168.1.254:12345
- homepage.icon=/icons/grafana-alloy.svg
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "12345"
target: 12345
privileged: true
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy
target: /etc/alloy/config.alloy
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json
target: /etc/alloy/endpoints.json
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /proc
target: /host/proc
type: bind
- bind:
create_host_path: true
read_only: true
source: /sys
target: /host/sys
type: bind
- bind:
create_host_path: true
read_only: true
source: /
target: /rootfs
type: bind
grafana-loki:
command: -config.file=/etc/loki/loki-config.yaml
container_name: grafana-loki
depends_on:
grafana-alloy:
condition: service_started
required: true
image: grafana/loki:latest
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3100"
target: 3100
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml
target: /etc/loki/loki-config.yaml
type: bind
bind:
create_host_path: true
grafana-mimir:
command:
- -ingester.native-histograms-ingestion-enabled=true
- -config.file=/etc/mimir.yaml
container_name: grafana-mimir
depends_on:
grafana-alloy:
condition: service_started
required: true
image: grafana/mimir:latest
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Grafana Mimir
- homepage.href=http://192.168.1.254:9009
- homepage.description=Long-term metrics storage
- homepage.icon=/icons/grafana-mimir.png
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "9009"
target: 9009
restart: unless-stopped
volumes:
- source: grafana-mimir-data
target: /data
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml
target: /etc/mimir.yaml
type: bind
bind:
create_host_path: true
grafana-mimir-memcached:
container_name: grafana-mimir-memcached
depends_on:
grafana-alloy:
condition: service_started
required: true
environment:
- MEMCACHED_MEMORY_LIMIT=1g
- MEMCACHED_THREADS=4
- MEMCACHED_MAX_CONNECTIONS=2048
- MEMCACHED_TCP_PORT=11211
- MEMCACHED_UDP_PORT=11211
image: memcached
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "11211"
target: 11211
restart: unless-stopped
grafana-pyroscope:
command:
- -config.file=/etc/pyroscope.yml
container_name: grafana-pyroscope
depends_on:
grafana-alloy:
condition: service_started
required: true
image: grafana/pyroscope:latest
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Grafana Pyroscope
- homepage.description=Profiling for applications
- homepage.href=http://192.168.1.254:4040
- homepage.icon=/icons/grafana-pyroscope.svg
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "4040"
target: 4040
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml
target: /etc/pyroscope.yml
type: bind
bind:
create_host_path: true
grafana-tempo:
command:
- -config.file=/etc/tempo.yaml
container_name: grafana-tempo
depends_on:
grafana-alloy:
condition: service_started
required: true
image: grafana/tempo:latest
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "14268"
target: 14268
- mode: ingress
protocol: tcp
published: "3200"
target: 3200
- mode: ingress
protocol: tcp
published: "9095"
target: 9095
- mode: ingress
protocol: tcp
published: "4317"
target: 4317
- mode: ingress
protocol: tcp
published: "4318"
target: 4318
- mode: ingress
protocol: tcp
published: "9411"
target: 9411
restart: unless-stopped
volumes:
- source: grafana-tempo-data
target: /var/tempo
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml
target: /etc/tempo.yaml
type: bind
bind:
create_host_path: true
homepage:
container_name: homepage
image: ghcr.io/gethomepage/homepage:latest
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3004"
target: 3000
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/homepage
target: /app/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/homepage/images
target: /app/public/images
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/homepage/icons
target: /app/public/icons
type: bind
bind:
create_host_path: true
- read_only: true
source: ${DOCKER_VOLUME_STORAGE}
target: /rinoa-storage
type: bind
bind:
create_host_path: true
hortusfox:
container_name: hortusfox
depends_on:
mariadb:
condition: service_started
required: true
environment:
APP_ADMIN_EMAIL: charish.patel@trez.wtf
APP_ADMIN_PASSWORD: ${HORTUSFOX_ADMIN_PASSWORD}
DB_CHARSET: utf8mb4
DB_DATABASE: hortusfox
DB_HOST: mariadb
DB_PASSWORD: ${HORTUSFOX_DB_PASSWORD}
DB_PORT: 3306
DB_USERNAME: hortusfox
image: ghcr.io/danielbrendel/hortusfox-web:latest
labels:
- swag=enable
- swag_proto=http
- swag_url=plants.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://plants.${MY_TLD}
- homepage.group=Lifestyle
- homepage.name=HortusFox
- homepage.href=https://plants.${MY_TLD}
- homepage.icon=hortusfox.png
- homepage.description=Plant management system
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8006"
target: 80
restart: unless-stopped
volumes:
- source: hortusfox_app_images
target: /var/www/html/public/img
type: volume
volume: {}
- source: hortusfox_app_logs
target: /var/www/html/app/logs
type: volume
volume: {}
- source: hortusfox_app_backup
target: /var/www/html/public/backup
type: volume
volume: {}
- source: hortusfox_app_themes
target: /var/www/html/public/themes
type: volume
volume: {}
- source: hortusfox_app_migrate
target: /var/www/html/app/migrations
type: volume
volume: {}
huginn:
container_name: huginn
environment:
HUGINN_DATABASE_HOST: mariadb
HUGINN_DATABASE_NAME: huginn
HUGINN_DATABASE_PASSWORD: MLbKPT3j9TYcguYevFRcfEcrXtL4kcxujtrNdrq9eCig4WhUbxkyLoAiCPpm4zob
HUGINN_DATABASE_PORT: "3306"
HUGINN_DATABASE_USERNAME: huginn
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: ghcr.io/huginn/huginn
labels:
- homepage.group=Automation
- homepage.name=Huginn
- homepage.href=https://huginn.${MY_TLD}
- homepage.icon=huginn
- homepage.description=Agent/Web Automation
- swag=enable
- swag_port=3000
- swag_proto=http
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3005"
target: 3000
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
hugo:
command: hugo server --baseURL "it-services.trez.wtf" --bind 0.0.0.0 --appendPort=false --source=/src/it-services --configDir=/src/it-services/config/ -e production --logLevel debug
container_name: hugo
image: hugomods/hugo:exts
labels:
- swag=enable
- swag_proto=http
- swag_port=1313
- swag_url=it-services.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://it-services.${MY_TLD}
- homepage.group=Professional Services
- homepage.name=Hugo
- homepage.href=https://it-services.${MY_TLD}
- homepage.icon=hugo.svg
- homepage.description=Static site
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "1313"
target: 1313
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/hugo/
target: /src
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/hugo/cache
target: /tmp/hugo_cache
type: bind
bind:
create_host_path: true
invidious:
container_name: invidious
depends_on:
invidious-db:
condition: service_started
required: true
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemal
host: invidious-db
port: 5432
check_tables: true
# external_port:
# domain:
# https_only: false
# statistics_enabled: false
hmac_key: "8Qyuvl9TWYdkvVo8BJ14qM4HBshKieR3KvDc3vsECx1L4OR51i-EtW2K74MmAVHeNPmJetM67T0M-9FIm7b-MA"
healthcheck:
interval: 30s
retries: 2
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1
timeout: 5s
image: quay.io/invidious/invidious:latest
labels:
- swag=enable
- swag_proto=http
- swag_port=3000
- swag_url=invid.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://invid.${MY_TLD}
- homepage.group=Social
- homepage.name=Invidious
- homepage.href=https://invid.${MY_TLD}
- homepage.icon=invidious.svg
- homepage.description=Alternative YouTube frontend (privacy-focused, ad-blocking)
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3007"
target: 3000
restart: unless-stopped
invidious-db:
container_name: invidious-db
environment:
POSTGRES_DB: invidious
POSTGRES_PASSWORD: kemal
POSTGRES_USER: kemal
healthcheck:
test:
- CMD-SHELL
- pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB
image: docker.io/library/postgres:14
networks:
default: null
restart: unless-stopped
volumes:
- source: invidious-postgres
target: /var/lib/postgresql/data
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/invidious/sql
target: /config/sql
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/invidious/entrypoint/init-invidious-db.sh
target: /docker-entrypoint-initdb.d/init-invidious-db.sh
type: bind
bind:
create_host_path: true
invoice_ninja:
container_name: invoice_ninja
environment:
APP_DEBUG: true
APP_KEY: ${IN_APP_KEY}
APP_URL: http://invoice_ninja:8003
DB_DATABASE: invoice_ninja
DB_HOST: mariadb
DB_PASSWORD: ${IN_MYSQL_PASSWORD}
DB_PORT: 3306
DB_USERNAME: ininja
IN_PASSWORD: ${IN_PASSWORD}
IN_USER_EMAIL: charish.patel@trez.wtf
MAIL_ENCRYPTION: null
MAIL_FROM_ADDRESS: noreply@trez.wtf
MAIL_FROM_NAME: null
MAIL_HOST: postal-smtp
MAIL_MAILER: log
MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
MAIL_PORT: 25
MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
MYSQL_DATABASE: invoice_ninja
MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
MYSQL_USER: ininja
PDF_GENERATOR: snappdf
PHANTOMJS_PDF_GENERATION: false
QUEUE_CONNECTION: database
REQUIRE_HTTPS: false
TRUSTED_PROXIES: 172.18.0.0/16
expose:
- 9000
image: invoiceninja/invoiceninja:5
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8003"
target: 8003
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public
target: /var/www/app/public
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/storage
target: /var/www/app/storage
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php.ini
target: /usr/local/etc/php/php.ini
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php-cli.ini
target: /usr/local/etc/php/php-cli.ini
type: bind
bind:
create_host_path: true
invoice_ninja_proxy:
container_name: invoice_ninja_proxy
depends_on:
invoice_ninja:
condition: service_started
required: true
environment:
APP_DEBUG: true
APP_KEY: ${IN_APP_KEY}
APP_URL: http://invoice_ninja:9000
DB_DATABASE: invoice_ninja
DB_HOST: mariadb
DB_PASSWORD: ${IN_MYSQL_PASSWORD}
DB_PORT: 3306
DB_USERNAME: ininja
IN_PASSWORD: ${IN_PASSWORD}
IN_USER_EMAIL: charish.patel@trez.wtf
MAIL_ENCRYPTION: null
MAIL_FROM_ADDRESS: noreply@trez.wtf
MAIL_FROM_NAME: null
MAIL_HOST: postal-smtp
MAIL_MAILER: log
MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
MAIL_PORT: 25
MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
MYSQL_DATABASE: invoice_ninja
MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
MYSQL_USER: ininja
PDF_GENERATOR: snappdf
PHANTOMJS_PDF_GENERATION: false
QUEUE_CONNECTION: database
REQUIRE_HTTPS: false
TRUSTED_PROXIES: 172.18.0.0/16
image: nginx
labels:
- swag=enable
- swag_proto=http
- swag_url=biz.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://biz.${MY_TLD}
- homepage.group=Professional Services
- homepage.name=Invoice Ninja
- homepage.href=https://biz.${MY_TLD}
- homepage.icon=invoiceninja.svg
- homepage.description=Simple invoicing, multiple payment options, expense and vendor management, and more!
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8005"
target: 80
restart: always
volumes:
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/proxy/invoice_ninja.conf
target: /etc/nginx/conf.d/in-vhost.conf
type: bind
bind:
create_host_path: true
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public
target: /var/www/app/public
type: bind
bind:
create_host_path: true
it-tools:
container_name: it-tools
image: ghcr.io/corentinth/it-tools:latest
labels:
- swag=enable
- swag_proto=http
- swag_url=itt.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://itt.${MY_TLD}
- homepage.group=Code
- homepage.name=IT-Tools
- homepage.href=https://itt.${MY_TLD}
- homepage.icon=it-tools.svg
- homepage.description=Useful tools for developers and people working in IT
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8104"
target: 80
restart: unless-stopped
jitsi-admin:
container_name: jitsi-admin
environment:
DATABASE_URL: mysql://jitsiadmin:${JITSI__ADMIN_DB_PASSWORD}@mariadb:3306/jitsiadmin
HTTP_METHOD: http
MAILER_DSN: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
MERCURE_JWT_SECRET: ${JITSI__ADMIN_JWT_SECRET}
MERCURE_PUBLIC_URL: https://meet-admin.${MY_TLD}
MERCURE_URL: http://jitsi-admin-websocket
OAUTH_KEYCLOAK_CLIENT_ID: null
OAUTH_KEYCLOAK_CLIENT_REALM: null
OAUTH_KEYCLOAK_CLIENT_SECRET: null
OAUTH_KEYCLOAK_CLIENT_SERVER: null
PUBLIC_URL: https://meet-admin.${MY_TLD}
VICH_BASE: https://meet-admin.${MY_TLD}
laF_baseUrl: https://meet-admin.${MY_TLD}
registerEmailAdress: noreply@trez.wtf
image: h2invent/jitsi-admin-main
networks:
default: null
restart: unless-stopped
jitsi-admin-keycloak:
command:
- start-dev
- --import-realm
container_name: jitsi-admin-keycloak
environment:
KC_RUN_IN_CONTAINER: true
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KEYCLOAK_BIND_ADDRESS: 0.0.0.0
KEYCLOAK_CACHE_TYPE: ispn
KEYCLOAK_DAEMON_GROUP: keycloak
KEYCLOAK_DAEMON_USER: keycloak
KEYCLOAK_DATABASE_HOST: postgresql
KEYCLOAK_DATABASE_NAME: bitnami_keycloak
KEYCLOAK_DATABASE_PASSWORD: nil
KEYCLOAK_DATABASE_PORT: 5432
KEYCLOAK_DATABASE_SCHEMA: public
KEYCLOAK_DATABASE_USER: bn_keycloak
KEYCLOAK_DATABASE_VENDOR: postgresql
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS: false
KEYCLOAK_ENABLE_HTTPS: false
KEYCLOAK_ENABLE_STATISTICS: false
KEYCLOAK_HOSTNAME: null
KEYCLOAK_HTTP_PORT: 8080
KEYCLOAK_HTTP_RELATIVE_PATH: /
KEYCLOAK_HTTPS_PORT: 8443
KEYCLOAK_HTTPS_USE_PEM: false
KEYCLOAK_INIT_MAX_RETRIES: 10
KEYCLOAK_JDBC_DRIVER: postgresql
KEYCLOAK_JDBC_PARAMS: nil
KEYCLOAK_LOG_LEVEL: info
KEYCLOAK_LOG_OUTPUT: default
KEYCLOAK_MOUNTED_CONF_DIR: /opt/keycloak/conf
KEYCLOAK_PRODUCTION: false
KEYCLOAK_PROXY: passthrough
KEYCLOAK_ROOT_LOG_LEVEL: INFO
expose:
- 8080
- 8443
image: keycloak/keycloak
labels:
- homepage.group=Privacy/Security
- homepage.name=Keycloak
- homepage.href=https://cloak.${MY_TLD}
- homepage.icon=keycloak.svg
- homepage.description=Open-source IAM
- swag=enable
- swag_proto=http
- swag_port=8080
- swag_url=cloak.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://cloak.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/keycloak
target: /opt/keycloak
type: bind
bind:
create_host_path: true
jitsi-admin-websocket:
container_name: jitsi-admin-websocket
environment:
WEBSOCKET_SECRET: ${JITSI__ADMIN_JWT_SECRET}
expose:
- 3000
image: h2invent/jitsi-admin-websocket
labels:
- swag=enable
- swag_proto=http
- swag_url=meet-admin.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://meet-admin.${MY_TLD}
- homepage.group=System Administration
- homepage.name=Jitsi Admin
- homepage.href=https://meet-admin.${MY_TLD}
- homepage.icon=/icons/jitsi-admin.png
- homepage.description=Web Conferencing
networks:
default: null
restart: unless-stopped
jitsi-etherpad:
container_name: jitsi-etherpad
environment:
- TITLE=${JITSI__ETHERPAD_TITLE}
- DEFAULT_PAD_TEXT=${JITSI__ETHERPAD_DEFAULT_PAD_TEXT}
- SKIN_NAME=${JITSI__ETHERPAD_SKIN_NAME}
- SKIN_VARIANTS=${JITSI__ETHERPAD_SKIN_VARIANTS}
- SUPPRESS_ERRORS_IN_PAD_TEXT=true
image: etherpad/etherpad:1.8.6
networks:
default: null
restart: unless-stopped
jitsi-jibri:
cap_add:
- SYS_ADMIN
container_name: jitsi-jibri
depends_on:
jitsi-jicofo:
condition: service_started
required: true
environment:
- AUTOSCALER_SIDECAR_KEY_FILE
- AUTOSCALER_SIDECAR_KEY_ID
- AUTOSCALER_SIDECAR_GROUP_NAME
- AUTOSCALER_SIDECAR_HOST_ID
- AUTOSCALER_SIDECAR_INSTANCE_ID
- AUTOSCALER_SIDECAR_PORT
- AUTOSCALER_SIDECAR_REGION
- AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
- AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
- AUTOSCALER_URL
- CHROMIUM_FLAGS
- DISPLAY=:0
- ENABLE_STATS_D
- JIBRI_WEBHOOK_SUBSCRIBERS
- JIBRI_HTTP_API_EXTERNAL_PORT
- JIBRI_HTTP_API_INTERNAL_PORT
- JIBRI_RECORDING_RESOLUTION
- JIBRI_RECORDING_VIDEO_ENCODE_PRESET
- JIBRI_RECORDING_CONSTANT_RATE_FACTOR
- JIBRI_RECORDING_FRAMERATE
- JIBRI_RECORDING_QUEUE_SIZE
- JIBRI_RECORDING_STREAMING_MAX_BITRATE
- JIBRI_USAGE_TIMEOUT
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD=${JITSI__JIBRI_XMPP_PASSWORD}
- JIBRI_BREWERY_MUC
- JIBRI_RECORDER_USER=jibri-recorder
- JIBRI_RECORDER_PASSWORD=${JITSI__JIBRI_RECORDER_PASSWORD}
- JIBRI_RECORDING_DIR
- JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
- JIBRI_STRIP_DOMAIN_JID
- JIBRI_STATSD_HOST
- JIBRI_STATSD_PORT
- LOCAL_ADDRESS
- PUBLIC_URL=${JITSI__PUBLIC_URL}
- TZ=${JITSI__TZ}
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER=
- XMPP_PORT
- XMPP_TRUST_ALL_CERTS
image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
restart: unless-stopped
shm_size: 2gb
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri
target: /config
type: bind
bind:
create_host_path: true
jitsi-jicofo:
container_name: focus.meet.jitsi
depends_on:
jitsi-prosody:
condition: service_started
required: true
environment:
- AUTH_TYPE
- BRIDGE_AVG_PARTICIPANT_STRESS
- BRIDGE_STRESS_THRESHOLD
- ENABLE_AUTH
- ENABLE_AUTO_OWNER
- ENABLE_CODEC_VP8
- ENABLE_CODEC_VP9
- ENABLE_CODEC_H264
- ENABLE_CODEC_OPUS_RED
- ENABLE_JVB_XMPP_SERVER
- ENABLE_OCTO
- ENABLE_RECORDING=1
- ENABLE_SCTP
- ENABLE_AUTO_LOGIN
- JICOFO_AUTH_LIFETIME
- JICOFO_AUTH_PASSWORD=${JITSI__JICOFO_AUTH_PASSWORD}
- JICOFO_AUTH_TYPE
- JICOFO_BRIDGE_REGION_GROUPS
- JICOFO_ENABLE_AUTH
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
- JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_CONF_SOURCE_SIGNALING_DELAYS
- JICOFO_CONF_MAX_AUDIO_SENDERS
- JICOFO_CONF_MAX_VIDEO_SENDERS
- JICOFO_CONF_STRIP_SIMULCAST
- JICOFO_CONF_SSRC_REWRITING
- JICOFO_ENABLE_HEALTH_CHECKS
- JICOFO_ENABLE_REST
- JICOFO_HEALTH_CHECKS_USE_PRESENCE
- JICOFO_MULTI_STREAM_BACKWARD_COMPAT
- JICOFO_OCTO_REGION
- JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT
- JIGASI_BREWERY_MUC
- JIGASI_SIP_URI
- JVB_BREWERY_MUC
- JVB_XMPP_AUTH_DOMAIN
- JVB_XMPP_INTERNAL_MUC_DOMAIN
- JVB_XMPP_PORT
- JVB_XMPP_SERVER
- MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY
- SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ=${JITSI__JIGAGI_SIP_SERVER}
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER=
- XMPP_PORT
image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
ports:
- 127.0.0.1:${JICOFO_REST_PORT:-8889}:8888
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo
target: /config
type: bind
jitsi-jigasi:
container_name: jitsi-jigasi
depends_on:
jitsi-prosody:
condition: service_started
required: true
environment:
- ENABLE_AUTH=1
- ENABLE_GUESTS=1
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
- XMPP_DOMAIN
- PUBLIC_URL=${JITSI__PUBLIC_URL}
- JIGASI_DISABLE_SIP
- JIGASI_SIP_URI=${JITSI__SIP_URI}
- JIGASI_SIP_PASSWORD=${JITSI__JIGAGI_SIP_PASSWORD}
- JIGASI_SIP_SERVER=${JITSI__JIGAGI_SIP_SERVER}
- JIGASI_SIP_PORT=${JITSI__JIGAGI_SIP_PORT}
- JIGASI_SIP_TRANSPORT=${JITSI__JIGAGI_SIP_TRANSPORT}
- JIGASI_SIP_DEFAULT_ROOM
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD=${JITSI__JIGASI_XMPP_PASSWORD}
- JIGASI_BREWERY_MUC
- JIGASI_PORT_MIN
- JIGASI_PORT_MAX
- JIGASI_HEALTH_CHECK_SIP_URI
- JIGASI_HEALTH_CHECK_INTERVAL
- JIGASI_SIP_KEEP_ALIVE_METHOD
- JIGASI_ENABLE_SDES_SRTP
- ENABLE_TRANSCRIPTIONS
- JIGASI_TRANSCRIBER_ADVERTISE_URL
- JIGASI_TRANSCRIBER_RECORD_AUDIO
- JIGASI_TRANSCRIBER_SEND_TXT
- GC_PROJECT_ID
- GC_PRIVATE_KEY_ID
- GC_PRIVATE_KEY
- GC_CLIENT_EMAIL
- GC_CLIENT_ID
- GC_CLIENT_CERT_URL
- SHUTDOWN_REST_ENABLED
- SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ=${JITSI__TZ}
image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
ports:
- ${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi
target: /config
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
target: /tmp/transcripts
type: bind
jitsi-jvb:
container_name: video.meet.jitsi
depends_on:
jitsi-prosody:
condition: service_started
required: true
environment:
- DOCKER_HOST_ADDRESS
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_JVB_XMPP_SERVER
- ENABLE_OCTO
- JVB_ADVERTISE_IPS
- JVB_ADVERTISE_PRIVATE_CANDIDATES
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD=${JITSI__JVB_AUTH_PASSWORD}
- JVB_BREWERY_MUC
- JVB_DISABLE_STUN
- JVB_PORT
- JVB_MUC_NICKNAME
- JVB_STUN_SERVERS
- JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- JVB_XMPP_AUTH_DOMAIN
- JVB_XMPP_INTERNAL_MUC_DOMAIN
- JVB_XMPP_PORT
- JVB_XMPP_SERVER
- PUBLIC_URL=${JITSI__PUBLIC_URL}
- SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- COLIBRI_REST_ENABLED
- SHUTDOWN_REST_ENABLED
- TZ=${JITSI__JIGAGI_SIP_SERVER}
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER=
- XMPP_PORT
image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
ports:
- ${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp
- 127.0.0.1:${JVB_COLIBRI_PORT:-8091}:8080
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb
target: /config
type: bind
jitsi-prosody:
container_name: xmpp.meet.jitsi
environment:
- AUTH_TYPE
- DISABLE_POLLS
- ENABLE_AUTH
- ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS
- ENABLE_END_CONFERENCE
- ENABLE_GUESTS=1
- ENABLE_IPV6
- ENABLE_LOBBY
- ENABLE_RECORDING=1
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- GC_TYPE
- GC_INC_TH
- GC_INC_SPEED
- GC_INC_STEP_SIZE
- GC_GEN_MIN_TH
- GC_GEN_MAX_TH
- GLOBAL_CONFIG
- GLOBAL_MODULES
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD=${JITSI__JIBRI_RECORDER_PASSWORD}
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD=${JITSI__JIBRI_XMPP_PASSWORD}
- JICOFO_AUTH_PASSWORD=${JITSI__JICOFO_AUTH_PASSWORD}
- JICOFO_COMPONENT_SECRET
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD=${JITSI__JIGASI_XMPP_PASSWORD}
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD=${JITSI__JVB_AUTH_PASSWORD}
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS
- JWT_ACCEPTED_AUDIENCES
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_ENABLE_DOMAIN_VERIFICATION
- JWT_TOKEN_AUTH_MODULE
- MATRIX_UVS_URL
- MATRIX_UVS_ISSUER
- MATRIX_UVS_AUTH_TOKEN
- MATRIX_UVS_SYNC_POWER_LEVELS
- LOG_LEVEL
- LDAP_AUTH_METHOD
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_VERSION
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- LDAP_URL
- LDAP_USE_TLS
- MAX_PARTICIPANTS
- PROSODY_AUTH_TYPE
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PROSODY_ENABLE_RATE_LIMITS
- PROSODY_RATE_LIMIT_LOGIN_RATE
- PROSODY_RATE_LIMIT_SESSION_RATE
- PROSODY_RATE_LIMIT_TIMEOUT
- PROSODY_RATE_LIMIT_ALLOW_RANGES
- PROSODY_RATE_LIMIT_CACHE_SIZE
- PUBLIC_URL=${JITSI__PUBLIC_URL}
- TURN_CREDENTIALS
- TURN_HOST
- TURNS_HOST
- TURN_PORT
- TURNS_PORT
- TURN_TRANSPORT
- TZ=${JITSI__JIGAGI_SIP_SERVER}
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_MUC_CONFIGURATION
- XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN
- XMPP_PORT
expose:
- ${XMPP_PORT:-5222}
- "5347"
- "5280"
image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable}
networks:
default: null
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config
target: /config
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom
target: /prosody-plugins-custom
type: bind
jitsi-web:
container_name: meet.jitsi
environment:
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS
- AUDIO_QUALITY_OPUS_BITRATE
- AUTO_CAPTION_ON_RECORD
- BRANDING_DATA_URL
- CALLSTATS_CUSTOM_SCRIPT_URL
- CALLSTATS_ID
- CALLSTATS_SECRET
- CHROME_EXTENSION_BANNER_JSON
- COLIBRI_WEBSOCKET_PORT
- CONFCODE_URL
- CONFIG_EXTERNAL_CONNECT
- DEFAULT_LANGUAGE
- DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE
- DEPLOYMENTINFO_REGION
- DEPLOYMENTINFO_SHARD
- DEPLOYMENTINFO_USERREGION
- DESKTOP_SHARING_FRAMERATE_MIN
- DESKTOP_SHARING_FRAMERATE_MAX
- DIALIN_NUMBERS_URL
- DIALOUT_AUTH_URL
- DIALOUT_CODES_URL
- DISABLE_AUDIO_LEVELS
- DISABLE_DEEP_LINKING
- DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS
- DISABLE_KICKOUT
- DISABLE_LOCAL_RECORDING
- DISABLE_POLLS
- DISABLE_PRIVATE_CHAT
- DISABLE_PROFILE
- DISABLE_REACTIONS
- DISABLE_REMOTE_VIDEO_MENU
- DISABLE_START_FOR_ALL
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL
- ENABLE_AUDIO_PROCESSING
- ENABLE_AUTH
- ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_E2EPING
- ENABLE_FILE_RECORDING_SHARING
- ENABLE_GUESTS=1
- ENABLE_HSTS
- ENABLE_HTTP_REDIRECT
- ENABLE_IPV6
- ENABLE_LETSENCRYPT
- ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE
- ENABLE_P2P
- ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE
- ENABLE_LIVESTREAMING
- ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK
- ENABLE_LIVESTREAMING_HELP_LINK
- ENABLE_LIVESTREAMING_TERMS_LINK
- ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING
- ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
- ENABLE_LOCAL_RECORDING_SELF_START
- ENABLE_RECORDING=1
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SERVICE_RECORDING
- ENABLE_SIMULCAST
- ENABLE_STATS_ID
- ENABLE_STEREO
- ENABLE_SUBDOMAINS
- ENABLE_TALK_WHILE_MUTED
- ENABLE_TCC
- ENABLE_TRANSCRIPTIONS
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE=${JITSI__ETHERPAD_URL_BASE}
- E2EPING_NUM_REQUESTS
- E2EPING_MAX_CONFERENCE_SIZE
- E2EPING_MAX_MESSAGE_PER_SECOND
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS
- HIDE_PREJOIN_DISPLAY_NAME
- HIDE_PREJOIN_EXTRA_BUTTONS
- INVITE_SERVICE_URL
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- LETSENCRYPT_USE_STAGING
- MATOMO_ENDPOINT
- MATOMO_SITE_ID
- MICROSOFT_API_APP_CLIENT_ID
- NGINX_RESOLVER
- NGINX_WORKER_PROCESSES
- NGINX_WORKER_CONNECTIONS
- PEOPLE_SEARCH_URL
- PREFERRED_LANGUAGE
- PUBLIC_URL=${JITSI__PUBLIC_URL}
- P2P_PREFERRED_CODEC
- RESOLUTION
- RESOLUTION_MIN
- RESOLUTION_WIDTH
- RESOLUTION_WIDTH_MIN
- START_AUDIO_MUTED
- START_AUDIO_ONLY
- START_BITRATE
- START_SILENT
- START_WITH_AUDIO_MUTED
- START_VIDEO_MUTED
- START_WITH_VIDEO_MUTED
- TESTING_CAP_SCREENSHARE_BITRATE
- TESTING_OCTO_PROBABILITY
- TOKEN_AUTH_URL
- TOOLBAR_BUTTONS
- TRANSLATION_LANGUAGES
- TRANSLATION_LANGUAGES_HEAD
- TZ=${JITSI__JIGAGI_SIP_SERVER}
- USE_APP_LANGUAGE
- VIDEOQUALITY_BITRATE_H264_LOW
- VIDEOQUALITY_BITRATE_H264_STANDARD
- VIDEOQUALITY_BITRATE_H264_HIGH
- VIDEOQUALITY_BITRATE_VP8_LOW
- VIDEOQUALITY_BITRATE_VP8_STANDARD
- VIDEOQUALITY_BITRATE_VP8_HIGH
- VIDEOQUALITY_BITRATE_VP9_LOW
- VIDEOQUALITY_BITRATE_VP9_STANDARD
- VIDEOQUALITY_BITRATE_VP9_HIGH
- VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
- VIDEOQUALITY_PREFERRED_CODEC
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_PORT
- WHITEBOARD_ENABLED
- WHITEBOARD_COLLAB_SERVER_PUBLIC_URL
image: jitsi/web:${JITSI_IMAGE_VERSION:-stable}
labels:
- swag=enable
- swag_proto=https
- swag_url=meet.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://meet.${MY_TLD}
- homepage.group=Social
- homepage.name=Jitsi
- homepage.href=https://meet.${MY_TLD}
- homepage.icon=jitsi.png
- homepage.description=Web Conferencing
networks:
default: null
ports:
- ${JITSI__HTTP_PORT}:80
- ${JITSI__HTTPS_PORT}:443
restart: unless-stopped
volumes:
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/web
target: /config
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs
target: /var/spool/cron/crontabs
type: bind
- bind:
create_host_path: true
selinux: Z
source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
target: /usr/share/jitsi-meet/transcripts
type: bind
joplin-db:
container_name: joplin-db
environment:
- POSTGRES_PASSWORD=${JOPLIN_POSTGRES_PASSWORD}
- POSTGRES_USER=${JOPLIN_POSTGRES_USER}
- POSTGRES_DB=${JOPLIN_POSTGRES_DATABASE}
expose:
- 5432
image: postgres:17-alpine
networks:
default: null
restart: unless-stopped
volumes:
- source: joplin_data
target: /var/lib/postgresql/data
type: volume
volume: {}
joplin-server:
container_name: joplin-server
environment:
- ACCOUNT_TYPES_ENABLED=true
- APP_PORT=${JOPLIN_APP_PORT}
- APP_BASE_URL=${JOPLIN_APP_BASE_URL}
- DB_CLIENT=pg
- INSTANCE_NAME='Joplin @ Rinoa'
- IS_ADMIN_INSTANCE=true
- MAILER_ENABLED=1
- MAILER_HOST=postal-SMTP
- MAILER_PORT=25
- MAILER_SECURITY=none
- MAILER_AUTH_USER=${POSTAL_SMTP_AUTH_USER}
- MAILER_AUTH_PASSWORD=${POSTAL_SMTP_AUTH_PASSWORD}
- MAILER_NOREPLY_NAME=Joplin @ Rinoa
- MAILER_NOREPLY_EMAIL=noreply@trez.wtf
- POSTGRES_PASSWORD=${JOPLIN_POSTGRES_PASSWORD}
- POSTGRES_DATABASE=${JOPLIN_POSTGRES_DATABASE}
- POSTGRES_USER=${JOPLIN_POSTGRES_USER}
- POSTGRES_PORT=5432
- POSTGRES_HOST=joplin-db
image: joplin/server:latest
labels:
- homepage.group=Personal Services
- homepage.name=Joplin
- homepage.href=https://notes.${MY_TLD}
- homepage.icon=joplin.svg
- homepage.description=Open-source note taking & to-do
- swag=enable
- swag_proto=http
- swag_port=22300
- swag_url=notes.${MY_TLD}
- swag_server_custom_directive="proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;"
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://notes.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "22300"
target: 22300
restart: unless-stopped
librespeed:
container_name: librespeed
environment:
- DB_HOSTNAME=
- DB_NAME=
- DB_PASSWORD=
- DB_TYPE=sqlite
- DB_USERNAME=
- PASSWORD=
- PGID=1000
- PUID=1000
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:librespeed
hostname: Rinoa
image: lscr.io/linuxserver/librespeed:latest
labels:
- homepage.group=System Administration
- homepage.name=LibreSpeed
- homepage.href=https://speed.${MY_TLD}
- homepage.icon=librespeed.png
- homepage.description=Speed test
- swag=enable
- swag_proto=http
- swag_url=speed.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://speed.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8014"
target: 80
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/librespeed
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
lidarr:
container_name: lidarr
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/gilbn/theme.park:lidarr
hostname: Rinoa
image: lscr.io/linuxserver/lidarr:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=Lidarr
- homepage.href=https://lidarr.${MY_TLD}
- homepage.icon=lidarr.png
- homepage.description=Music Automation
- homepage.widget.type=lidarr
- homepage.widget.url=http://lidarr:8686
- homepage.widget.key=${LIDARR_API_KEY}
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8686"
target: 8686
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/lidarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
lidify:
container_name: lidify
environment:
app_name: lidify
app_rev: 0.09
app_url: lidify.${MY_TLD}
dry_run_adding_to_lidarr: true
fallback_to_top_result: false
last_fm_api_key: ${LASTFM_API_KEY}
last_fm_api_secret: ${LASTFM_API_SECRET}
lidarr_address: http://lidarr:8686
lidarr_api_key: ${LIDARR_API_KEY}
lidarr_api_timeout: 120
metadata_profile_id: 1
mode: LastFM
quality_profile_id: 1
root_folder_path: /data/media/music
search_for_missing_albums: false
spotify_client_id: ${YOUR_SPOTIFY_ID}
spotify_client_secret: ${YOUR_SPOTIFY_SECRET}
expose:
- 5000
image: thewicklowwolf/lidify:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=Lidify
- homepage.href=https://lidify.${MY_TLD}
- homepage.icon=/icons/lidify.png
- homepage.description=Music Discovery a la Last.fm, Spotify, Pandora, etc.
- swag=enable
- swag_auth=authelia
- swag_proto=http
- swag_port=5000
- swag_url=lidify.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://lidify.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/lidify
target: /lidify/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
target: /data/media/music
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
lldap:
container_name: lldap
environment:
- UID=${PUID}
- GID=${GUID}
- TZ=${TZ}
- LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET}
- LLDAP_KEY_SEED=${LLDAP_KEY_SEED}
- LLDAP_LDAP_BASE_DN=dc=trez,dc=wtf
image: lldap/lldap:stable
labels:
- homepage.group=System Administration
- homepage.name=LLDAP
- homepage.href=https://ldap.${MY_TLD}
- homepage.icon=/icons/lldap.png
- homepage.description=LDAP made easy
- swag=enable
- swag_proto=http
- swag_port=17170
- swag_url=ldap.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://ldap.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "17170"
target: 17170
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/lldap
target: /data
type: bind
bind:
create_host_path: true
localai:
container_name: localai
environment:
- DEBUG=true
healthcheck:
interval: 1m
retries: 5
test:
- CMD
- curl
- -f
- http://localhost:8080/readyz
timeout: 20m
image: localai/localai:latest-aio-cpu
labels:
- homepage.group=Personal Services
- homepage.name=LocalAI
- homepage.href=https://ai.${MY_TLD}
- homepage.icon=/icons/localai.png
- homepage.description=Open source OpenAI alternative
- swag=enable
- swag_proto=http
- swag_port=8080
- swag_url=ai.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8109"
target: 8080
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/localai/models
target: /build/models
type: bind
bind:
create_host_path: true
maloja:
container_name: maloja
environment:
MALOJA_CLEAN_OUTPUT: true
MALOJA_DEV_MODE: false
MALOJA_FORCE_PASSWORD: ${MALOJA_FORCE_PASSWORD}
MALOJA_LASTFM_API_KEY: ${LASTFM_API_KEY}
MALOJA_LASTFM_API_SECRET: ${LASTFM_API_SECRET}
MALOJA_LASTFM_PASSWORD: ${LASTFM_PASSWORD}
MALOJA_LASTFM_USERNAME: ${LASTFM_USERNAME}
MALOJA_LOGGING: true
MALOJA_PARSE_REMIX_ARTISTS: true
MALOJA_SCROBBLE_LASTFM: true
MALOJA_SKIP_SETUP: true
MALOJA_SPOTIFY_API_ID: ${YOUR_SPOTIFY_ID}
MALOJA_SPOTIFY_API_SECRET: ${YOUR_SPOTIFY_SECRET}
MALOJA_TIMEZONE: ${TZ}
image: krateng/maloja:latest
labels:
- homepage.group=Media Library
- homepage.name=Maloja
- homepage.href=https://scrobble.${MY_TLD}
- homepage.icon=maloja.png
- homepage.description=Simple self-hosted music scrobble database to create personal listening statistics
- swag=enable
- swag_proto=http
- swag_port=42010
- swag_url=scrobble.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "42010"
target: 42010
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/maloja/config
target: /etc/maloja
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/maloja/data
target: /var/lib/maloja
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/maloja/logs
target: /var/log/maloja
type: bind
bind:
create_host_path: true
mariadb:
container_name: mariadb
environment:
- MYSQL_ROOT_PASSWORD=${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
- PGID=1000
- PUID=1000
- TZ=America/New_York
- MYSQL_PASSWORD=VQU23wHKRNmfpAPt5E9BxMaSGJdWjLuz
hostname: Rinoa
image: ghcr.io/linuxserver/mariadb
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3306"
target: 3306
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/mariadb
target: /config
type: bind
- source: ${DOCKER_VOLUME_STORAGE}
target: /storage
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/mariadb
target: /var/lib/mysql
type: bind
bind:
create_host_path: true
mattermost:
container_name: mattermost
depends_on:
mattermost-db:
condition: service_started
required: true
environment:
MM_EMAILSETTINGS_ENABLESMTPAUTH: true
MM_EMAILSETTINGS_SMTPPASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
MM_EMAILSETTINGS_SMTPPORT: 25
MM_EMAILSETTINGS_SMTPSERVER: postal-smtp
MM_EMAILSETTINGS_SMTPUSERNAME: ${POSTAL_SMTP_AUTH_USER}
MM_FILESETTINGS_AMAZONS3ACCESSKEYID: ${MATTERMOST_AWS_S3_ACCESSKEY}
MM_FILESETTINGS_AMAZONS3BUCKET: mattermost
MM_FILESETTINGS_AMAZONS3ENDPOINT: minio:9000
MM_FILESETTINGS_AMAZONS3REGION: us-east-fh-pln
MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: ${MATTERMOST_AWS_S3_SECRETKEY}
MM_FILESETTINGS_AMAZONS3SSL: false
MM_FILESETTINGS_ARCHIVERECURSION: true
MM_FILESETTINGS_DRIVERNAME: amazons3
MM_FILESETTINGS_MAXFILESIZE: 104857600
MM_LOGSETTINGS_CONSOLELEVEL: info
MM_LOGSETTINGS_ENABLECOLOR: true
MM_METRICSSETTINGS_ENABLE: true
MM_PLUGINSETTINGS_ENABLEUPLOADS: true
MM_SERVICESETTINGS_FORWARD80TO443: false
MM_SERVICESETTINGS_LISTENADDRESS: :8065
MM_SERVICESETTINGS_SITEURL: https://mm.${MY_TLD}
MM_SQLSETTINGS_DATASOURCE: ${MATTERMOST_POSTGRES_CONNECTION_URI}
MM_SQLSETTINGS_DRIVERNAME: postgres
TZ: ${TZ}
expose:
- 8067
image: mattermost/mattermost-team-edition:latest
labels:
- homepage.group=Social
- homepage.name=Mattermost
- homepage.href=https://mm.${MY_TLD}
- homepage.icon=mattermost.svg
- homepage.description=Team collaboration and technical workflows (Slack alternative)
- swag=enable
- swag_custom_directive=client_max_body_size 0;
- swag_proto=http
- swag_port=8065
- swag_url=mm.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://mm.${MY_TLD}
networks:
default: null
pids_limit: 200
ports:
- mode: ingress
protocol: tcp
published: "8065"
target: 8065
restart: unless-stopped
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/mattermost/config
target: /mattermost/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/mattermost/data
target: /mattermost/data
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/mattermost/logs
target: /mattermost/logs
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/mattermost/plugins
target: /mattermost/plugins
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/mattermost/client/plugins
target: /mattermost/client/plugins
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/mattermost/bleve-indexes
target: /mattermost/bleve-indexes
type: bind
bind:
create_host_path: true
mattermost-db:
container_name: mattermost-db
environment:
- TZ=${TZ}
- POSTGRES_DB=mattermost
- POSTGRES_USER=mattermost
- POSTGRES_PASSWORD=${MATTERMOST_POSTGRES_PASSWORD}
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: unless-stopped
security_opt:
- no-new-privileges=true
tmpfs:
- /tmp
- /var/run/postgresql
volumes:
- source: mattermost-postgres
target: /var/lib/postgresql/data
type: volume
volume: {}
maybe-app:
container_name: maybe-app
depends_on:
maybe-pg:
condition: service_healthy
required: true
environment:
DB_HOST: maybe-pg
GOOD_JOB_EXECUTION_MODE: async
POSTGRES_DB: maybe
POSTGRES_PASSWORD: ${MAYBE_POSTGRES_PASSWORD}
POSTGRES_USER: maybe
RAILS_ASSUME_SSL: "false"
RAILS_FORCE_SSL: "false"
SECRET_KEY_BASE: ${MAYBE_SECRET_KEY_BASE}
SELF_HOSTED: "true"
image: ghcr.io/maybe-finance/maybe:latest
labels:
- homepage.group=Lifestyle
- homepage.name=Maybe
- homepage.href=https://finance.${MY_TLD}
- homepage.icon=/icons/maybe.png
- homepage.description=Personal finance app
- swag=enable
- swag_proto=http
- swag_port=3000
- swag_url=finance.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://finance.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3014"
target: 3000
restart: unless-stopped
volumes:
- source: maybe-app
target: /rails/storage
type: volume
volume: {}
maybe-pg:
container_name: maybe-pg
environment:
POSTGRES_DB: maybe
POSTGRES_PASSWORD: ${MAYBE_POSTGRES_PASSWORD}
POSTGRES_USER: maybe
healthcheck:
interval: 5s
retries: 5
test:
- CMD-SHELL
- pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB
timeout: 5s
image: postgres:16-alpine
networks:
default: null
restart: unless-stopped
volumes:
- source: maybe-pg-db
target: /var/lib/postgresql/data
type: volume
volume: {}
minio:
command: server --console-address ":9090" /mnt/data
container_name: minio
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}
- MINIO_ACCESS_KEY=${MINIO_MIMIR_STORAGE_ACCESS_KEY}
- MINIO_SECRET_KEY=${MINIO_MIMIR_STORAGE_SECRET_KEY}
hostname: minio
image: minio/minio
labels:
- swag=enable
- swag_proto=http
- swag_port=9090
- swag_url=s3.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://s3.${MY_TLD}
- homepage.group=System Administration
- homepage.name=MinIO
- homepage.href=https://s3.${MY_TLD}
- homepage.icon=minio.png
- homepage.description=S3-compatible storage backend
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "9001"
target: 9000
- mode: ingress
protocol: tcp
published: "9092"
target: 9090
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/minio/data
target: /mnt/data
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/minio/minio
target: /etc/config.env
type: bind
bind:
create_host_path: true
mongodb1:
command:
- --replSet
- rinoa-rs0
- --bind_ip_all
- --port
- "27017"
container_name: mongodb1
extra_hosts:
- host.docker.internal:host-gateway
healthcheck:
interval: 5s
retries: 30
start_interval: 1s
start_period: 0s
test: echo "try { rs.status() } catch (err) { rs.initiate({_id:'rinoa-rs0',members:[{_id:0,host:'host.docker.internal:27017',priority:1},{_id:1,host:'host.docker.internal:27018',priority:0.5},{_id:2,host:'host.docker.internal:27019',priority:0.5}]}) }" | mongosh --port 27017 --quiet
timeout: 30s
image: mongo:7.0
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "27017"
target: 27017
restart: unless-stopped
volumes:
- source: mongo1_data
target: /data/db
type: bind
bind:
create_host_path: true
- source: mongo1_config
target: /data/configdb
type: bind
bind:
create_host_path: true
mongodb2:
command:
- --replSet
- rinoa-rs0
- --bind_ip_all
- --port
- "27018"
container_name: mongodb2
extra_hosts:
- host.docker.internal:host-gateway
image: mongo:7.0
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "27018"
target: 27018
restart: unless-stopped
volumes:
- source: mongo2_data
target: /data/db
type: bind
bind:
create_host_path: true
- source: mongo2_config
target: /data/configdb
type: bind
bind:
create_host_path: true
mongodb3:
command:
- --replSet
- rinoa-rs0
- --bind_ip_all
- --port
- "27019"
container_name: mongodb3
extra_hosts:
- host.docker.internal:host-gateway
image: mongo:7.0
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "27019"
target: 27019
restart: unless-stopped
volumes:
- source: mongo3_data
target: /data/db
type: volume
volume: {}
- source: mongo3_config
target: /data/configdb
type: volume
volume: {}
multi-scrobbler:
container_name: multi-scrobbler
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
image: foxxmd/multi-scrobbler
labels:
- homepage.group=Media Library
- homepage.name=Multi-Scrobbler
- homepage.href=http://192.168.1.254:9078
- homepage.icon=/icons/multi-scrobbler.png
- homepage.description=JS App for scrobbling/recording play history from/to multiple sources
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "9078"
target: 9078
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/multi-scrobbler
target: /config
type: bind
bind:
create_host_path: true
navidrome:
container_name: navidrome
environment:
ND_AUTOIMPORTPLAYLISTS: false
ND_BASEURL: ""
ND_LASTFM_APIKEY: ${LASTFM_API_KEY}
ND_LASTFM_ENABLED: true
ND_LASTFM_SECRET: ${LASTFM_API_SECRET}
ND_LOGLEVEL: info
ND_MUSICFOLDER: /music
ND_SCANNER_GROUPALBUMRELEASES: true
ND_SCANSCHEDULE: '@every 6h'
ND_SESSIONTIMEOUT: 24h
ND_SPOTIFY_ID: ${YOUR_SPOTIFY_ID}
ND_SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET}
ND_SUBSONICARTISTPARTICIPATIONS: true
image: deluan/navidrome:latest
labels:
- homepage.group=Media Library
- homepage.name=Navidrome
- homepage.href=https://navi.${MY_TLD}
- homepage.icon=navidrome.png
- homepage.description=Music Streaming
- homepage.widget.type=navidrome
- homepage.widget.url=http://navidrome:4533
- homepage.widget.user=admin
- homepage.widget.token=e8a9e97b29aa963fa4729c633289d232
- homepage.widget.salt=v5Z93Z
- swag=enable
- swag_port=4533
- swag_proto=http
- swag_url=navi.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://navi.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "4533"
target: 4533
restart: unless-stopped
user: 1000:1000
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/navidrome
target: /data
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
target: /music
type: bind
bind:
create_host_path: true
nextcloud:
container_name: nextcloud
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- LOG_LEVEL=debug
hostname: Rinoa
image: lscr.io/linuxserver/nextcloud:latest
labels:
- homepage.group=Personal Services
- homepage.name=NextCloud
- homepage.href=https://cloud.${MY_TLD}
- homepage.icon=nextcloud.png
- homepage.description=Private Cloud
- swag=enable
- swag_proto=https
- swag_url=cloud.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://cloud.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "444"
target: 443
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/nextcloud
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/nextcloud
target: /data
type: bind
ollama:
container_name: ollama
extra_hosts:
- host.docker.internal:host-gateway
image: ollama/ollama
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "11434"
target: 11434
restart: always
volumes:
- source: ollama
target: /root/.ollama
type: volume
volume: {}
ombi:
container_name: ombi
environment:
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: lscr.io/linuxserver/ombi:latest
labels:
- homepage.group=Media Library
- homepage.name=Ombi
- homepage.href=https://ombi.${MY_TLD}
- homepage.icon=ombi.png
- homepage.description=Media Requests
- homepage.widget.type=ombi
- homepage.widget.url=http://ombi:3579
- homepage.widget.key=${OMBI_API_KEY}
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3579"
target: 3579
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/ombi
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
paperless-ngx:
container_name: paperless-ngx
environment:
PAPERLESS_DBENGINE: mariadb
PAPERLESS_DBHOST: mariadb
PAPERLESS_DBPASS: ${PAPERLESS_DBPASS}
PAPERLESS_DBPORT: 3306
PAPERLESS_DBUSER: paperless
PAPERLESS_OCR_LANGUAGE: eng
PAPERLESS_OCR_LANGUAGES: all
PAPERLESS_REDIS: redis://redis:6379
PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY}
PAPERLESS_TIME_ZONE: ${TZ}
PAPERLESS_URL: https://docs.${MY_TLD}
USERMAP_GID: ${PGID}
USERMAP_UID: ${PUID}
image: ghcr.io/paperless-ngx/paperless-ngx:latest
labels:
- swag=enable
- swag_proto=http
- swag_port=8000
- swag_url=docs.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://docs.${MY_TLD}
- homepage.group=Personal Services
- homepage.name=Paperless-ngx
- homepage.href=https://docs.${MY_TLD}
- homepage.icon=paperless-ngx.svg
- homepage.description=Document indexer & archiver with OCR
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8004"
target: 8000
restart: unless-stopped
volumes:
- source: paperless-ngx-data
target: /usr/src/paperless/data
type: volume
volume: {}
- source: paperless-ngx-media
target: /usr/src/paperless/media
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/export
target: /usr/src/paperless/export
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/consume
target: /usr/src/paperless/consume
type: bind
bind:
create_host_path: true
plausible:
command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
container_name: plausible
depends_on:
plausible_db:
condition: service_started
required: true
plausible_events_db:
condition: service_started
required: true
environment:
BASE_URL: https://analytics.${MY_TLD}
CLICKHOUSE_DATABASE_URL: http://plausible-events-db:8123/plausible_events_db
DATABASE_URL: postgres://plausible:${PLAUSIBLE_PG_PASSWORD}@plausible-db:5432/plausible_db
DISABLE_REGISTRATION: invite_only
ENABLE_EMAIL_VERIFICATION: true
MAILER_ADAPTER: Bamboo.Mua
MAILER_EMAIL: noreply@trez.wtf
MAILER_NAME: Plausible
MAXMINDDB_LICENSE_KEY: ${SWAG_MAXMINDDB_LICENSE_KEY}
SECRET_KEY_BASE: ${PLAUSIBLE_SECRET_KEY_BASE}
SMTP_HOST_ADDR: postal-smtp
SMTP_HOST_PORT: 25
SMTP_USER_NAME: ${POSTAL_SMTP_AUTH_USER}
SMTP_USER_PWD: ${POSTAL_SMTP_AUTH_PASSWORD}
TOTP_VAULT_KEY: ${PLAUSIBLE_TOTP_VAULT_KEY}
image: ghcr.io/plausible/community-edition:v2.1.0
labels:
- swag=enable
- swag_proto=http
- swag_port=8000
- swag_url=analytics.${MY_TLD}
- homepage.group=Professional Services
- homepage.name=Plausible
- homepage.href=https://analytics.${MY_TLD}
- homepage.icon=plausible.svg
- homepage.description=Open-source web analytics
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8107"
target: 8000
restart: always
plausible_db:
container_name: plausible-db
environment:
POSTGRES_DB: plausible_db
POSTGRES_PASSWORD: ${PLAUSIBLE_PG_PASSWORD}
POSTGRES_USER: plausible
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: always
volumes:
- source: plausible-db-data
target: /var/lib/postgresql/data
type: bind
bind:
create_host_path: true
plausible_events_db:
container_name: plausible-events-db
expose:
- 8123
image: clickhouse/clickhouse-server:24.3.3.102-alpine
networks:
default: null
restart: always
ulimits:
nofile:
hard: 262144
soft: 262144
volumes:
- source: plausible-event-data
target: /var/lib/clickhouse
type: bind
bind:
create_host_path: true
- source: plausible-event-logs
target: /var/log/clickhouse-server
type: bind
bind:
create_host_path: true
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-config.xml
target: /etc/clickhouse-server/config.d/logging.xml
type: bind
bind:
create_host_path: true
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-user-config.xml
target: /etc/clickhouse-server/users.d/logging.xml
type: bind
bind:
create_host_path: true
portainer:
command:
- -H
- unix:///var/run/docker.sock
container_name: portainer
environment:
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:portainer
hostname: Rinoa
image: portainer/portainer-ce:latest
labels:
- homepage.group=System Administration
- homepage.name=Portainer
- homepage.href=https://portainer.${MY_TLD}
- homepage.icon=portainer.png
- homepage.description=Docker container management
- homepage.widget.type=portainer
- homepage.widget.url=http://portainer:9000
- homepage.widget.env=1
- homepage.widget.key=${PORTAINER_API_KEY}
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "9000"
target: 9000
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/portainer
target: /data
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
postal-smtp:
cap_add:
- NET_BIND_SERVICE
command: postal smtp-server
container_name: postal-smtp
image: ghcr.io/postalserver/postal:latest
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "25"
target: 25
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/postal
target: /config
type: bind
bind:
create_host_path: true
postal-web:
command: postal web-server
container_name: postal-web
image: ghcr.io/postalserver/postal:latest
labels:
- swag=enable
- swag_proto=http
- swag_port=5000
- swag_address=postal-web
- swag_url=post.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://post.${MY_TLD}
- homepage.group=System Administration
- homepage.name=Postal
- homepage.href=https://post.${MY_TLD}
- homepage.icon=/icons/postal.png
- homepage.description=OSS Mail delivery platform
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "5001"
target: 5000
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/postal
target: /config
type: bind
bind:
create_host_path: true
postal-worker:
command: postal worker
container_name: postal-worker
environment:
- LOG_LEVEL=debug
image: ghcr.io/postalserver/postal:latest
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/postal
target: /config
type: bind
bind:
create_host_path: true
prowlarr:
container_name: prowlarr
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/gilbn/theme.park:sonarr
- TP_DOMAIN=trez.wtf\/themepark
- TP_COMMUNITY_THEME=false
- TP_THEME=space-gray
hostname: Rinoa
image: lscr.io/linuxserver/prowlarr:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=Prowlarr
- homepage.href=https://prowlarr.${MY_TLD}
- homepage.icon=prowlarr.png
- homepage.description=Index aggregator
- homepage.widget.type=prowlarr
- homepage.widget.url=http://prowlarr:9696
- homepage.widget.key=${PROWLARR_API_KEY}
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "9696"
target: 9696
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/prowlarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
radarec:
container_name: radarec
environment:
auto_start: true
auto_start_delay: 60
dry_run_adding_to_radarr: false
fallback_to_top_result: false
language_choice: all
metadata_profile_id: 1
minimum_rating: 4.5
minimum_votes: 50
quality_profile_id: 1
radarr_address: http://radarr:7878
radarr_api_key: ${RADARR_API_KEY}
radarr_api_timeout: 120
root_folder_path: /data/media/movies
search_for_movie: true
tmdb_api_key: ${TMDB_API_KEY}
expose:
- 5000
image: thewicklowwolf/radarec:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=RadaRec
- homepage.href=https://radarec.${MY_TLD}
- homepage.icon=/icons/radarec.png
- homepage.description=Movie discovery based on library/tastes
- swag=enable
- swag_proto=http
- swag_port=5000
- swag_auth=authelia
- swag_url=radarec.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://radarec.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_STORAGE}/Movies
target: /data/media/movies
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/radarec
target: /radarec/config
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
radarr:
container_name: radarr
environment:
PGID: "1000"
PUID: "1000"
TZ: America/New_York
hostname: Rinoa
image: lscr.io/linuxserver/radarr:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=Radarr
- homepage.href=https://radarr.${MY_TLD}
- homepage.icon=radarr.png
- homepage.description=Movie Automation
- homepage.widget.type=radarr
- homepage.widget.url=http://radarr:7878
- homepage.widget.key=${RADARR_API_KEY}
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "7878"
target: 7878
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/radarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
reactive-resume:
container_name: reactive-resume
depends_on:
browserless:
condition: service_started
required: true
minio:
condition: service_started
required: true
reactive-resume-pg:
condition: service_started
required: true
environment:
ACCESS_TOKEN_SECRET: ${REACTIVE_RESUME_ACCESS_TOKEN_SECRET}
CHROME_PORT: 443
CHROME_TOKEN: ${CHROMIUM_TOKEN}
CHROME_URL: wss://browse.${MY_TLD}
DATABASE_URL: postgresql://reactiveresume:${REACTIVE_RESUME_PGSQL_PASSWORD}@reactive-resume-pg:5432/reactiveresume
MAIL_FROM: noreply@trez.wtf
NODE_ENV: production
PORT: 3000
PUBLIC_URL: https://resume.${MY_TLD}
REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET}
SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY}
STORAGE_BUCKET: reactive-resume
STORAGE_ENDPOINT: minio
STORAGE_PORT: 9000
STORAGE_REGION: us-east-fh-pln
STORAGE_SECRET_KEY: ${REACTIVE_RESUME_S3_SECRET_KEY}
STORAGE_URL: https://s3.trez.wtf/reactive-resume
STORAGE_USE_SSL: false
TZ: ${TZ}
image: amruthpillai/reactive-resume:latest
labels:
- homepage.group=Professional Services
- homepage.name=Reactive Resume
- homepage.href=https://resume.${MY_TLD}
- homepage.icon=reactive-resume.svg
- homepage.description=Open-source resume builder
- swag=enable
- swag_proto=http
- swag_port=3000
- swag_url=resume.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://resume.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3011"
target: 3000
restart: unless-stopped
reactive-resume-pg:
container_name: reactive-resume-pg
environment:
- TZ=${TZ}
- POSTGRES_DB=reactiveresume
- POSTGRES_USER=reactiveresume
- POSTGRES_PASSWORD=${REACTIVE_RESUME_PGSQL_PASSWORD}
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: unless-stopped
volumes:
- source: reactive-resume-pg
target: /var/lib/postgresql/data
type: bind
bind:
create_host_path: true
readarr:
container_name: readarr
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/gilbn/theme.park:readnarr
hostname: Rinoa
image: lscr.io/linuxserver/readarr:develop
labels:
- homepage.group=Servarr Stack
- homepage.name=Readarr
- homepage.href=https://readarr.${MY_TLD}
- homepage.icon=readarr.png
- homepage.description=eBook/Audiobook Automation
- homepage.widget.type=readarr
- homepage.widget.url=http://readarr:8787
- homepage.widget.key=${READARR_API_KEY}
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8787"
target: 8787
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/readarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
redis:
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
cap_drop:
- ALL
command: redis-server --save "" --appendonly "no"
container_name: redis
expose:
- 6379
image: redis:alpine
networks:
default: null
restart: unless-stopped
tmpfs:
- /var/lib/redis
redlib:
cap_drop:
- ALL
container_name: redlib
environment:
- REDLIB_SFW_ONLY=off
- REDLIB_BANNER=
- REDLIB_ROBOTS_DISABLE_INDEXING=off
- REDLIB_PUSHSHIFT_FRONTEND=undelete.pullpush.io
- REDLIB_DEFAULT_THEME=nord
- REDLIB_DEFAULT_FRONT_PAGE=default
- REDLIB_DEFAULT_LAYOUT=clean
- REDLIB_DEFAULT_WIDE=on
- REDLIB_DEFAULT_POST_SORT=hot
- REDLIB_DEFAULT_COMMENT_SORT=confidence
- REDLIB_DEFAULT_SHOW_NSFW=off
- REDLIB_DEFAULT_BLUR_NSFW=on
- REDLIB_DEFAULT_USE_HLS=off
- REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION=off
- REDLIB_DEFAULT_AUTOPLAY_VIDEOS=off
- REDLIB_DEFAULT_SUBSCRIPTIONS=
- REDLIB_DEFAULT_HIDE_AWARDS=off
- REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION=off
- REDLIB_DEFAULT_HIDE_SCORE=off
- REDLIB_DEFAULT_FIXED_NAVBAR=on
image: quay.io/redlib/redlib:latest
labels:
- homepage.group=Social
- homepage.name=Redlib
- homepage.href=https://rlib.${MY_TLD}
- homepage.icon=libreddit.svg
- homepage.description=Redlib is a private front-end like Invidious but for Reddit
- swag=enable
- swag_proto=http
- swag_port=8080
- swag_url=rlib.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://rlib.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8103"
target: 8080
read_only: true
restart: always
security_opt:
- no-new-privileges=true
user: nobody
remmina:
container_name: remmina
environment:
CF_ACCOUNT_ID: ${CLOUDFLARE_ACCOUNT_ID}
CF_API_TOKEN: ${CLOUDFLARE_DNS_API_TOKEN}
CF_TUNNEL_CONFIG: |
ingress:
- hostname: rem.${MY_TLD}
service: http://192.168.1.254:3008
- service: http_status:404
CF_TUNNEL_NAME: remmina
CF_TUNNEL_PASSWORD: ${REMMINA_CF_TUNNEL_PASSWORD}
CF_ZONE_ID: ${CLOUDFLARE_ZONE_ID}
CUSTOM_HTTPS_PORT: 3009
CUSTOM_PORT: 3008
CUSTOM_USER: trez-one
DOCKER_HOST: tcp://dockerproxy:2375
DOCKER_MODS: linuxserver/mods:universal-cloudflared
PASSWORD: ${REMMINA_USER_PASSWORD}
PGID: 1000
PUID: 1000
TITLE: Remmina @ Rinoa
TZ: ${TZ}
image: lscr.io/linuxserver/remmina:latest
labels:
- swag=enable
- swag_url=rem.${MY_TLD}
- swag_port=3008
- homepage.group=System Administration
- homepage.name=Remmina
- homepage.href=https://rem.${MY_TLD}
- homepage.icon=/icons/remmina.svg
- homepage.description=GTK Remote desktop client (EXEC, SPICE, SSH, RDP, & VNC)
- homepage.widget.type=cloudflared
- homepage.widget.accountid=${CLOUDFLARE_ACCOUNT_ID}
- homepage.widget.tunnelid=${REMMINA_CF_TUNNEL_ID}
- homepage.widget.key=${CLOUDFLARE_DNS_API_TOKEN}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3008"
target: 3008
- mode: ingress
protocol: tcp
published: "3009"
target: 3009
privileged: true
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/remmina
target: /config
type: bind
bind:
create_host_path: true
sabnzbdvpn:
cap_add:
- NET_ADMIN
- SYS_MODULE
container_name: sabnzbdvpn
environment:
- ENABLE_PRIVOXY=no
- LAN_NETWORK=192.168.1.0/24
- NAME_SERVERS=192.168.1.254,1.1.1.1
- PGID=1000
- PUID=1000
- TZ=America/New_York
- VPN_CLIENT=openvpn
- VPN_ENABLED=yes
- VPN_INPUT_PORTS=
- VPN_OPTIONS=
- VPN_OUTPUT_PORTS=
- VPN_PASS=QGXRAYAwzVv9X84MAK2gPYq2Mt6ztdoA
- VPN_PROV=pia
- VPN_USER=p3120278
- DEBUG=true
hostname: Rinoa
image: ghcr.io/binhex/arch-sabnzbdvpn:latest
labels:
- homepage.group=Downloaders
- homepage.name=SABnzbd
- homepage.href=https://sabnzbd.${MY_TLD}
- homepage.icon=sabnzbd.png
- homepage.description=NZB Downloader over VPN
- homepage.widget.type=sabnzbd
- homepage.widget.url=http://sabnzbdvpn:8080
- homepage.widget.env=1
- homepage.widget.key=${SABNZBDVPN_API_KEY}
- swag=enable
- swag_proto=http
- swag_url=sabnzbd.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://sabnzbd.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8080"
target: 8080
- mode: ingress
protocol: tcp
published: "8090"
target: 8090
- mode: ingress
protocol: tcp
published: "8119"
target: 8118
privileged: true
restart: unless-stopped
sysctls:
net.ipv4.conf.all.src_valid_mark: "1"
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/sabnzbdvpn
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
scraperr:
command:
- npm
- run
- start
container_name: scraperr
expose:
- 3000
image: jpyles0524/scraperr:latest
labels:
- homepage.group=Personal Services
- homepage.name=Scraperr
- homepage.href=https://scrape.${MY_TLD}
- homepage.icon=/icons/scraperr.png
- homepage.description=Web scraper
- swag=enable
- swag_proto=http
- swag_port=3000
- swag_url=scrape.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://scrape.${MY_TLD}
networks:
default: null
restart: unless-stopped
scraperr-api:
container_name: scraperr-api
environment:
- LOG_LEVEL=DEBUG
- OLLAMA_URL=http://ollama:11434
- OLLAMA_MODEL=phi3
- MONGODB_URI=mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/scrapper
- SECRET_KEY=${SCRAPERR_SECRET_KEY}
- ALGORITHM=HS256
- ACCESS_TOKEN_EXPIRE_MINUTES=600
- DOCKER_HOST=tcp://dockerproxy:2375
expose:
- 8000
extra_hosts:
- host.docker.internal:host-gateway
image: jpyles0524/scraperr_api:latest
labels:
- swag=enable
- swag_proto=http
- swag_port=3000
- swag_server_custom_directive="location /api/ { rewrite ^/api(/.*)$ /$1 break ; proxy_pass http://scraperr:3000; }"
networks:
default: null
restart: unless-stopped
scrutiny:
cap_add:
- SYS_RAWIO
container_name: scrutiny
devices:
- permissions: rwm
source: /dev/sda
target: /dev/sda
- permissions: rwm
source: /dev/sdb
target: /dev/sdb
- permissions: rwm
source: /dev/sdd
target: /dev/sdd
- permissions: rwm
source: /dev/sde
target: /dev/sde
- permissions: rwm
source: /dev/sdc
target: /dev/sdc
- permissions: rwm
source: /dev/sdf
target: /dev/sdf
image: ghcr.io/analogj/scrutiny:master-omnibus
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Scrutiny
- homepage.href=http://192.168.1.254:8909
- homepage.icon=scrutiny.png
- homepage.description=WebUI for smartd S.M.A.R.T monitoring
- homepage.widget.type=scrutiny
- homepage.widget.url=http://scrutiny:8080
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8909"
target: 8080
- mode: ingress
protocol: tcp
published: "8910"
target: 8086
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /run/udev
target: /run/udev
type: bind
- source: ${DOCKER_VOLUME_CONFIG}/scrutiny/config
target: /opt/scrutiny/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/scrutiny/influxdb
target: /opt/scrutiny/influxdb
type: bind
bind:
create_host_path: true
searxng:
cap_add:
- CHOWN
- SETGID
- SETUID
cap_drop:
- ALL
container_name: searxng
environment:
- SEARXNG_BASE_URL=https://${SEARXNG_BASE_URL:-localhost}/
image: searxng/searxng:latest
labels:
- homepage.group=Personal Services
- homepage.name=SearxNG
- homepage.href=https://search.${MY_TLD}
- homepage.icon=searxng.png
- homepage.description=Anonymized Meta-Search Engine
- swag=enable
- swag_address=searxng
- swag_proto=http
- swag_url=search.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://search.${MY_TLD}
logging:
driver: json-file
options:
max-file: "1"
max-size: 1m
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8095"
target: 8080
privileged: true
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/searxng
target: /etc/searxng
type: bind
bind:
create_host_path: true
sonarr:
container_name: sonarr
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- DOCKER_MODS=ghcr.io/gilbn/theme.park:sonarr
hostname: Rinoa
image: lscr.io/linuxserver/sonarr:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=Sonarr
- homepage.href=https://sonarr.${MY_TLD}
- homepage.icon=sonarr.png
- homepage.description=TV Show Automation
- homepage.widget.type=sonarr
- homepage.widget.url=http://sonarr:8989
- homepage.widget.key=${SONARR_API_KEY}
- swag=enable
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8989"
target: 8989
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/sonarr
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
sonashow:
container_name: sonashow
environment:
auto_start: true
auto_start_delay: 60
dry_run_adding_to_sonarr: false
fallback_to_top_result: false
language_choice: all
metadata_profile_id: 1
minimum_rating: 4.5
minimum_votes: 50
quality_profile_id: 1
radarr_address: http://sonarr:8989
radarr_api_key: ${SONARR_API_KEY}
root_folder_path: /data/media/shows
search_for_missing_episodes: true
sonarr_api_timeout: 120
tmdb_api_key: ${TMDB_API_KEY}
expose:
- 5000
image: thewicklowwolf/sonashow:latest
labels:
- homepage.group=Servarr Stack
- homepage.name=Sonashow
- homepage.href=https://sonashow.${MY_TLD}
- homepage.icon=/icons/sonashow.png
- homepage.description=TV show discovery based on library/tastes
- swag=enable
- swag_auth=authelia
- swag_proto=http
- swag_port=5000
- swag_url=sonashow.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://sonashow.${MY_TLD}
networks:
default: null
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_STORAGE}/TV_Shows
target: /data/media/shows
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/sonashow
target: /sonashow/config
type: bind
bind:
create_host_path: true
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
soulseek:
container_name: soulseek
depends_on:
gluetun:
condition: service_started
required: true
restart: true
environment:
SLSKD_PASSWORD: ${SLSKD_PASSWORD}
SLSKD_REMOTE_CONFIGURATION: true
SLSKD_SHARED_DIR: /music
SLSKD_USERNAME: slsk
image: slskd/slskd
labels:
- homepage.name=Soulseek
- homepage.group=Downloaders
- homepage.description=Modern client-server application for the Soulseek file-sharing network.
- homepage.href=https://slsk.${MY_TLD}
- homepage.icon=/icons/slskd.png
- swag=enable
- swag_proto=http
- swag_url=slsk.${MY_TLD}
- swag_address=gluetun
- swag_port=5030
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://slsk.${MY_TLD}
network_mode: service:gluetun
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/soulseek
target: /app
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
target: /music
type: bind
bind:
create_host_path: true
swag:
cap_add:
- NET_ADMIN
container_name: swag
environment:
- DNSPLUGIN=cloudflare
- EMAIL=charish.patel@trez.wtf
- EXTRA_DOMAINS=
- ONLY_SUBDOMAINS=false
- PGID=1000
- PUID=1000
- SUBDOMAINS=etherpad,ha,www
- TZ=America/New_York
- URL=trez.wtf
- VALIDATION=dns
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
- CROWDSEC_LAPI_URL=http://crowdsec:8080
- DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec
- PROPAGATION=30
- UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD}
- UPTIME_KUMA_URL=http://uptimekuma:3001
- UPTIME_KUMA_USERNAME=${UPTIME_KUMA_USERNAME}
hostname: Rinoa
image: lscr.io/linuxserver/swag:latest
labels:
- swag=enable
- swag_proto=http
- swag_port=81
- swag_url=swag.${MY_TLD}
- swag_auth=authelia
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://trac.${MY_TLD}
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=SWAG Dashboard
- homepage.href=https://swag.${MY_TLD}
- homepage.icon=linuxserver-io.png
- homepage.description=SWAG Dashboard for proxies
- homepage.widget.type=swagdashboard
- homepage.widget.url=http://swag:81
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "443"
target: 443
- mode: ingress
protocol: tcp
published: "80"
target: 80
- mode: ingress
protocol: tcp
published: "81"
target: 81
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/swag
target: /config
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
read_only: true
source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
tandoor:
container_name: tandoor-recipes
depends_on:
tandoor-pg:
condition: service_started
required: true
environment:
DB_ENGINE: django.db.backends.postgresql
GID: 1000
POSTGRES_DB: tandoor
POSTGRES_HOST: tandoor-pg
POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
POSTGRES_USER: tandoor
SECRET_KEY: ${TANDOOR_SECRET_KEY}
TZ: ${TZ}
UID: 1000
image: vabene1111/recipes
labels:
- homepage.group=Lifestyle
- homepage.name=Tandoor Recipes
- homepage.href=https://recipes.${MY_TLD}
- homepage.icon=tandoor.svg
- homepage.description=Recipes, cookbooks, meal-planning, & grocery lists
- homepage.widget.type=tandoor
- homepage.widget.url=http://tandoor-recipes:8080
- homepage.widget.key=${TANDOOR_API_TOKEN}
- swag=enable
- swag_server_custom_directive="proxy_set_header X-Forwarded-Host $$http_host; proxy_set_header Host $$http_host;"
- swag_proto=http
- swag_url=recipes.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://trac.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8106"
target: 8080
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/tandoor/static
target: /opt/recipes/staticfiles
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/tandoor/media
target: /opt/recipes/mediafiles
type: bind
bind:
create_host_path: true
tandoor-pg:
container_name: tandoor-pg
environment:
POSTGRES_DB: tandoor
POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
POSTGRES_USER: tandoor
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: always
volumes:
- source: tandoor-pg
target: /var/lib/postgresql/data
type: volume
volume: {}
traccar:
container_name: traccar
image: traccar/traccar:latest
labels:
- homepage.group=Personal Services
- homepage.name=Traccar
- homepage.href=https://trac.${MY_TLD}
- homepage.icon=traccar.svg
- homepage.description=Open-source GPS tracking system
- swag=enable
- swag_proto=http
- swag_port=8082
- swag_url=trac.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://trac.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: udp
published: "6000"
target: 5000
- mode: ingress
protocol: udp
published: "6001"
target: 5001
- mode: ingress
protocol: udp
published: "6002"
target: 5002
- mode: ingress
protocol: udp
published: "6003"
target: 5003
- mode: ingress
protocol: udp
published: "6004"
target: 5004
- mode: ingress
protocol: udp
published: "6005"
target: 5005
- mode: ingress
protocol: udp
published: "6006"
target: 5006
- mode: ingress
protocol: udp
published: "6007"
target: 5007
- mode: ingress
protocol: udp
published: "6008"
target: 5008
- mode: ingress
protocol: udp
published: "6009"
target: 5009
- mode: ingress
protocol: udp
published: "6010"
target: 5010
- mode: ingress
protocol: udp
published: "6011"
target: 5011
- mode: ingress
protocol: udp
published: "6012"
target: 5012
- mode: ingress
protocol: udp
published: "6013"
target: 5013
- mode: ingress
protocol: udp
published: "6014"
target: 5014
- mode: ingress
protocol: udp
published: "6015"
target: 5015
- mode: ingress
protocol: udp
published: "6016"
target: 5016
- mode: ingress
protocol: udp
published: "6017"
target: 5017
- mode: ingress
protocol: udp
published: "6018"
target: 5018
- mode: ingress
protocol: udp
published: "6019"
target: 5019
- mode: ingress
protocol: udp
published: "6020"
target: 5020
- mode: ingress
protocol: udp
published: "6021"
target: 5021
- mode: ingress
protocol: udp
published: "6022"
target: 5022
- mode: ingress
protocol: udp
published: "6023"
target: 5023
- mode: ingress
protocol: udp
published: "6024"
target: 5024
- mode: ingress
protocol: udp
published: "6025"
target: 5025
- mode: ingress
protocol: udp
published: "6026"
target: 5026
- mode: ingress
protocol: udp
published: "6027"
target: 5027
- mode: ingress
protocol: udp
published: "6028"
target: 5028
- mode: ingress
protocol: udp
published: "6029"
target: 5029
- mode: ingress
protocol: udp
published: "6030"
target: 5030
- mode: ingress
protocol: udp
published: "6031"
target: 5031
- mode: ingress
protocol: udp
published: "6032"
target: 5032
- mode: ingress
protocol: udp
published: "6033"
target: 5033
- mode: ingress
protocol: udp
published: "6034"
target: 5034
- mode: ingress
protocol: udp
published: "6035"
target: 5035
- mode: ingress
protocol: udp
published: "6036"
target: 5036
- mode: ingress
protocol: udp
published: "6037"
target: 5037
- mode: ingress
protocol: udp
published: "6038"
target: 5038
- mode: ingress
protocol: udp
published: "6039"
target: 5039
- mode: ingress
protocol: udp
published: "6040"
target: 5040
- mode: ingress
protocol: udp
published: "6041"
target: 5041
- mode: ingress
protocol: udp
published: "6042"
target: 5042
- mode: ingress
protocol: udp
published: "6043"
target: 5043
- mode: ingress
protocol: udp
published: "6044"
target: 5044
- mode: ingress
protocol: udp
published: "6045"
target: 5045
- mode: ingress
protocol: udp
published: "6046"
target: 5046
- mode: ingress
protocol: udp
published: "6047"
target: 5047
- mode: ingress
protocol: udp
published: "6048"
target: 5048
- mode: ingress
protocol: udp
published: "6049"
target: 5049
- mode: ingress
protocol: udp
published: "6050"
target: 5050
- mode: ingress
protocol: udp
published: "6051"
target: 5051
- mode: ingress
protocol: udp
published: "6052"
target: 5052
- mode: ingress
protocol: udp
published: "6053"
target: 5053
- mode: ingress
protocol: udp
published: "6054"
target: 5054
- mode: ingress
protocol: udp
published: "6055"
target: 5055
- mode: ingress
protocol: udp
published: "6056"
target: 5056
- mode: ingress
protocol: udp
published: "6057"
target: 5057
- mode: ingress
protocol: udp
published: "6058"
target: 5058
- mode: ingress
protocol: udp
published: "6059"
target: 5059
- mode: ingress
protocol: udp
published: "6060"
target: 5060
- mode: ingress
protocol: udp
published: "6061"
target: 5061
- mode: ingress
protocol: udp
published: "6062"
target: 5062
- mode: ingress
protocol: udp
published: "6063"
target: 5063
- mode: ingress
protocol: udp
published: "6064"
target: 5064
- mode: ingress
protocol: udp
published: "6065"
target: 5065
- mode: ingress
protocol: udp
published: "6066"
target: 5066
- mode: ingress
protocol: udp
published: "6067"
target: 5067
- mode: ingress
protocol: udp
published: "6068"
target: 5068
- mode: ingress
protocol: udp
published: "6069"
target: 5069
- mode: ingress
protocol: udp
published: "6070"
target: 5070
- mode: ingress
protocol: udp
published: "6071"
target: 5071
- mode: ingress
protocol: udp
published: "6072"
target: 5072
- mode: ingress
protocol: udp
published: "6073"
target: 5073
- mode: ingress
protocol: udp
published: "6074"
target: 5074
- mode: ingress
protocol: udp
published: "6075"
target: 5075
- mode: ingress
protocol: udp
published: "6076"
target: 5076
- mode: ingress
protocol: udp
published: "6077"
target: 5077
- mode: ingress
protocol: udp
published: "6078"
target: 5078
- mode: ingress
protocol: udp
published: "6079"
target: 5079
- mode: ingress
protocol: udp
published: "6080"
target: 5080
- mode: ingress
protocol: udp
published: "6081"
target: 5081
- mode: ingress
protocol: udp
published: "6082"
target: 5082
- mode: ingress
protocol: udp
published: "6083"
target: 5083
- mode: ingress
protocol: udp
published: "6084"
target: 5084
- mode: ingress
protocol: udp
published: "6085"
target: 5085
- mode: ingress
protocol: udp
published: "6086"
target: 5086
- mode: ingress
protocol: udp
published: "6087"
target: 5087
- mode: ingress
protocol: udp
published: "6088"
target: 5088
- mode: ingress
protocol: udp
published: "6089"
target: 5089
- mode: ingress
protocol: udp
published: "6090"
target: 5090
- mode: ingress
protocol: udp
published: "6091"
target: 5091
- mode: ingress
protocol: udp
published: "6092"
target: 5092
- mode: ingress
protocol: udp
published: "6093"
target: 5093
- mode: ingress
protocol: udp
published: "6094"
target: 5094
- mode: ingress
protocol: udp
published: "6095"
target: 5095
- mode: ingress
protocol: udp
published: "6096"
target: 5096
- mode: ingress
protocol: udp
published: "6097"
target: 5097
- mode: ingress
protocol: udp
published: "6098"
target: 5098
- mode: ingress
protocol: udp
published: "6099"
target: 5099
- mode: ingress
protocol: udp
published: "6100"
target: 5100
- mode: ingress
protocol: udp
published: "6101"
target: 5101
- mode: ingress
protocol: udp
published: "6102"
target: 5102
- mode: ingress
protocol: udp
published: "6103"
target: 5103
- mode: ingress
protocol: udp
published: "6104"
target: 5104
- mode: ingress
protocol: udp
published: "6105"
target: 5105
- mode: ingress
protocol: udp
published: "6106"
target: 5106
- mode: ingress
protocol: udp
published: "6107"
target: 5107
- mode: ingress
protocol: udp
published: "6108"
target: 5108
- mode: ingress
protocol: udp
published: "6109"
target: 5109
- mode: ingress
protocol: udp
published: "6110"
target: 5110
- mode: ingress
protocol: udp
published: "6111"
target: 5111
- mode: ingress
protocol: udp
published: "6112"
target: 5112
- mode: ingress
protocol: udp
published: "6113"
target: 5113
- mode: ingress
protocol: udp
published: "6114"
target: 5114
- mode: ingress
protocol: udp
published: "6115"
target: 5115
- mode: ingress
protocol: udp
published: "6116"
target: 5116
- mode: ingress
protocol: udp
published: "6117"
target: 5117
- mode: ingress
protocol: udp
published: "6118"
target: 5118
- mode: ingress
protocol: udp
published: "6119"
target: 5119
- mode: ingress
protocol: udp
published: "6120"
target: 5120
- mode: ingress
protocol: udp
published: "6121"
target: 5121
- mode: ingress
protocol: udp
published: "6122"
target: 5122
- mode: ingress
protocol: udp
published: "6123"
target: 5123
- mode: ingress
protocol: udp
published: "6124"
target: 5124
- mode: ingress
protocol: udp
published: "6125"
target: 5125
- mode: ingress
protocol: udp
published: "6126"
target: 5126
- mode: ingress
protocol: udp
published: "6127"
target: 5127
- mode: ingress
protocol: udp
published: "6128"
target: 5128
- mode: ingress
protocol: udp
published: "6129"
target: 5129
- mode: ingress
protocol: udp
published: "6130"
target: 5130
- mode: ingress
protocol: udp
published: "6131"
target: 5131
- mode: ingress
protocol: udp
published: "6132"
target: 5132
- mode: ingress
protocol: udp
published: "6133"
target: 5133
- mode: ingress
protocol: udp
published: "6134"
target: 5134
- mode: ingress
protocol: udp
published: "6135"
target: 5135
- mode: ingress
protocol: udp
published: "6136"
target: 5136
- mode: ingress
protocol: udp
published: "6137"
target: 5137
- mode: ingress
protocol: udp
published: "6138"
target: 5138
- mode: ingress
protocol: udp
published: "6139"
target: 5139
- mode: ingress
protocol: udp
published: "6140"
target: 5140
- mode: ingress
protocol: udp
published: "6141"
target: 5141
- mode: ingress
protocol: udp
published: "6142"
target: 5142
- mode: ingress
protocol: udp
published: "6143"
target: 5143
- mode: ingress
protocol: udp
published: "6144"
target: 5144
- mode: ingress
protocol: udp
published: "6145"
target: 5145
- mode: ingress
protocol: udp
published: "6146"
target: 5146
- mode: ingress
protocol: udp
published: "6147"
target: 5147
- mode: ingress
protocol: udp
published: "6148"
target: 5148
- mode: ingress
protocol: udp
published: "6149"
target: 5149
- mode: ingress
protocol: udp
published: "6150"
target: 5150
- mode: ingress
protocol: tcp
published: "6000"
target: 5000
- mode: ingress
protocol: tcp
published: "6001"
target: 5001
- mode: ingress
protocol: tcp
published: "6002"
target: 5002
- mode: ingress
protocol: tcp
published: "6003"
target: 5003
- mode: ingress
protocol: tcp
published: "6004"
target: 5004
- mode: ingress
protocol: tcp
published: "6005"
target: 5005
- mode: ingress
protocol: tcp
published: "6006"
target: 5006
- mode: ingress
protocol: tcp
published: "6007"
target: 5007
- mode: ingress
protocol: tcp
published: "6008"
target: 5008
- mode: ingress
protocol: tcp
published: "6009"
target: 5009
- mode: ingress
protocol: tcp
published: "6010"
target: 5010
- mode: ingress
protocol: tcp
published: "6011"
target: 5011
- mode: ingress
protocol: tcp
published: "6012"
target: 5012
- mode: ingress
protocol: tcp
published: "6013"
target: 5013
- mode: ingress
protocol: tcp
published: "6014"
target: 5014
- mode: ingress
protocol: tcp
published: "6015"
target: 5015
- mode: ingress
protocol: tcp
published: "6016"
target: 5016
- mode: ingress
protocol: tcp
published: "6017"
target: 5017
- mode: ingress
protocol: tcp
published: "6018"
target: 5018
- mode: ingress
protocol: tcp
published: "6019"
target: 5019
- mode: ingress
protocol: tcp
published: "6020"
target: 5020
- mode: ingress
protocol: tcp
published: "6021"
target: 5021
- mode: ingress
protocol: tcp
published: "6022"
target: 5022
- mode: ingress
protocol: tcp
published: "6023"
target: 5023
- mode: ingress
protocol: tcp
published: "6024"
target: 5024
- mode: ingress
protocol: tcp
published: "6025"
target: 5025
- mode: ingress
protocol: tcp
published: "6026"
target: 5026
- mode: ingress
protocol: tcp
published: "6027"
target: 5027
- mode: ingress
protocol: tcp
published: "6028"
target: 5028
- mode: ingress
protocol: tcp
published: "6029"
target: 5029
- mode: ingress
protocol: tcp
published: "6030"
target: 5030
- mode: ingress
protocol: tcp
published: "6031"
target: 5031
- mode: ingress
protocol: tcp
published: "6032"
target: 5032
- mode: ingress
protocol: tcp
published: "6033"
target: 5033
- mode: ingress
protocol: tcp
published: "6034"
target: 5034
- mode: ingress
protocol: tcp
published: "6035"
target: 5035
- mode: ingress
protocol: tcp
published: "6036"
target: 5036
- mode: ingress
protocol: tcp
published: "6037"
target: 5037
- mode: ingress
protocol: tcp
published: "6038"
target: 5038
- mode: ingress
protocol: tcp
published: "6039"
target: 5039
- mode: ingress
protocol: tcp
published: "6040"
target: 5040
- mode: ingress
protocol: tcp
published: "6041"
target: 5041
- mode: ingress
protocol: tcp
published: "6042"
target: 5042
- mode: ingress
protocol: tcp
published: "6043"
target: 5043
- mode: ingress
protocol: tcp
published: "6044"
target: 5044
- mode: ingress
protocol: tcp
published: "6045"
target: 5045
- mode: ingress
protocol: tcp
published: "6046"
target: 5046
- mode: ingress
protocol: tcp
published: "6047"
target: 5047
- mode: ingress
protocol: tcp
published: "6048"
target: 5048
- mode: ingress
protocol: tcp
published: "6049"
target: 5049
- mode: ingress
protocol: tcp
published: "6050"
target: 5050
- mode: ingress
protocol: tcp
published: "6051"
target: 5051
- mode: ingress
protocol: tcp
published: "6052"
target: 5052
- mode: ingress
protocol: tcp
published: "6053"
target: 5053
- mode: ingress
protocol: tcp
published: "6054"
target: 5054
- mode: ingress
protocol: tcp
published: "6055"
target: 5055
- mode: ingress
protocol: tcp
published: "6056"
target: 5056
- mode: ingress
protocol: tcp
published: "6057"
target: 5057
- mode: ingress
protocol: tcp
published: "6058"
target: 5058
- mode: ingress
protocol: tcp
published: "6059"
target: 5059
- mode: ingress
protocol: tcp
published: "6060"
target: 5060
- mode: ingress
protocol: tcp
published: "6061"
target: 5061
- mode: ingress
protocol: tcp
published: "6062"
target: 5062
- mode: ingress
protocol: tcp
published: "6063"
target: 5063
- mode: ingress
protocol: tcp
published: "6064"
target: 5064
- mode: ingress
protocol: tcp
published: "6065"
target: 5065
- mode: ingress
protocol: tcp
published: "6066"
target: 5066
- mode: ingress
protocol: tcp
published: "6067"
target: 5067
- mode: ingress
protocol: tcp
published: "6068"
target: 5068
- mode: ingress
protocol: tcp
published: "6069"
target: 5069
- mode: ingress
protocol: tcp
published: "6070"
target: 5070
- mode: ingress
protocol: tcp
published: "6071"
target: 5071
- mode: ingress
protocol: tcp
published: "6072"
target: 5072
- mode: ingress
protocol: tcp
published: "6073"
target: 5073
- mode: ingress
protocol: tcp
published: "6074"
target: 5074
- mode: ingress
protocol: tcp
published: "6075"
target: 5075
- mode: ingress
protocol: tcp
published: "6076"
target: 5076
- mode: ingress
protocol: tcp
published: "6077"
target: 5077
- mode: ingress
protocol: tcp
published: "6078"
target: 5078
- mode: ingress
protocol: tcp
published: "6079"
target: 5079
- mode: ingress
protocol: tcp
published: "6080"
target: 5080
- mode: ingress
protocol: tcp
published: "6081"
target: 5081
- mode: ingress
protocol: tcp
published: "6082"
target: 5082
- mode: ingress
protocol: tcp
published: "6083"
target: 5083
- mode: ingress
protocol: tcp
published: "6084"
target: 5084
- mode: ingress
protocol: tcp
published: "6085"
target: 5085
- mode: ingress
protocol: tcp
published: "6086"
target: 5086
- mode: ingress
protocol: tcp
published: "6087"
target: 5087
- mode: ingress
protocol: tcp
published: "6088"
target: 5088
- mode: ingress
protocol: tcp
published: "6089"
target: 5089
- mode: ingress
protocol: tcp
published: "6090"
target: 5090
- mode: ingress
protocol: tcp
published: "6091"
target: 5091
- mode: ingress
protocol: tcp
published: "6092"
target: 5092
- mode: ingress
protocol: tcp
published: "6093"
target: 5093
- mode: ingress
protocol: tcp
published: "6094"
target: 5094
- mode: ingress
protocol: tcp
published: "6095"
target: 5095
- mode: ingress
protocol: tcp
published: "6096"
target: 5096
- mode: ingress
protocol: tcp
published: "6097"
target: 5097
- mode: ingress
protocol: tcp
published: "6098"
target: 5098
- mode: ingress
protocol: tcp
published: "6099"
target: 5099
- mode: ingress
protocol: tcp
published: "6100"
target: 5100
- mode: ingress
protocol: tcp
published: "6101"
target: 5101
- mode: ingress
protocol: tcp
published: "6102"
target: 5102
- mode: ingress
protocol: tcp
published: "6103"
target: 5103
- mode: ingress
protocol: tcp
published: "6104"
target: 5104
- mode: ingress
protocol: tcp
published: "6105"
target: 5105
- mode: ingress
protocol: tcp
published: "6106"
target: 5106
- mode: ingress
protocol: tcp
published: "6107"
target: 5107
- mode: ingress
protocol: tcp
published: "6108"
target: 5108
- mode: ingress
protocol: tcp
published: "6109"
target: 5109
- mode: ingress
protocol: tcp
published: "6110"
target: 5110
- mode: ingress
protocol: tcp
published: "6111"
target: 5111
- mode: ingress
protocol: tcp
published: "6112"
target: 5112
- mode: ingress
protocol: tcp
published: "6113"
target: 5113
- mode: ingress
protocol: tcp
published: "6114"
target: 5114
- mode: ingress
protocol: tcp
published: "6115"
target: 5115
- mode: ingress
protocol: tcp
published: "6116"
target: 5116
- mode: ingress
protocol: tcp
published: "6117"
target: 5117
- mode: ingress
protocol: tcp
published: "6118"
target: 5118
- mode: ingress
protocol: tcp
published: "6119"
target: 5119
- mode: ingress
protocol: tcp
published: "6120"
target: 5120
- mode: ingress
protocol: tcp
published: "6121"
target: 5121
- mode: ingress
protocol: tcp
published: "6122"
target: 5122
- mode: ingress
protocol: tcp
published: "6123"
target: 5123
- mode: ingress
protocol: tcp
published: "6124"
target: 5124
- mode: ingress
protocol: tcp
published: "6125"
target: 5125
- mode: ingress
protocol: tcp
published: "6126"
target: 5126
- mode: ingress
protocol: tcp
published: "6127"
target: 5127
- mode: ingress
protocol: tcp
published: "6128"
target: 5128
- mode: ingress
protocol: tcp
published: "6129"
target: 5129
- mode: ingress
protocol: tcp
published: "6130"
target: 5130
- mode: ingress
protocol: tcp
published: "6131"
target: 5131
- mode: ingress
protocol: tcp
published: "6132"
target: 5132
- mode: ingress
protocol: tcp
published: "6133"
target: 5133
- mode: ingress
protocol: tcp
published: "6134"
target: 5134
- mode: ingress
protocol: tcp
published: "6135"
target: 5135
- mode: ingress
protocol: tcp
published: "6136"
target: 5136
- mode: ingress
protocol: tcp
published: "6137"
target: 5137
- mode: ingress
protocol: tcp
published: "6138"
target: 5138
- mode: ingress
protocol: tcp
published: "6139"
target: 5139
- mode: ingress
protocol: tcp
published: "6140"
target: 5140
- mode: ingress
protocol: tcp
published: "6141"
target: 5141
- mode: ingress
protocol: tcp
published: "6142"
target: 5142
- mode: ingress
protocol: tcp
published: "6143"
target: 5143
- mode: ingress
protocol: tcp
published: "6144"
target: 5144
- mode: ingress
protocol: tcp
published: "6145"
target: 5145
- mode: ingress
protocol: tcp
published: "6146"
target: 5146
- mode: ingress
protocol: tcp
published: "6147"
target: 5147
- mode: ingress
protocol: tcp
published: "6148"
target: 5148
- mode: ingress
protocol: tcp
published: "6149"
target: 5149
- mode: ingress
protocol: tcp
published: "6150"
target: 5150
- mode: ingress
protocol: tcp
published: "8082"
target: 8082
restart: unless-stopped
volumes:
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/traccar/traccar.xml
target: /opt/traccar/conf/traccar.xml
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/traccar/logs
target: /opt/traccar/logs
type: bind
bind:
create_host_path: true
traccar-pg:
container_name: traccar-pg
environment:
- POSTGRES_PASSWORD=${TRACCAR_POSTGRES_PASSWORD}
- POSTGRES_USER=${TRACCAR_POSTGRES_USER}
- POSTGRES_DB=${TRACCAR_POSTGRES_DATABASE}
expose:
- 5432
image: postgres:16-alpine
networks:
default: null
restart: unless-stopped
volumes:
- source: traccar-pg
target: /var/lib/postgresql/data
type: bind
bind:
create_host_path: true
unmanic:
container_name: unmanic
environment:
- DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:universal-stdout-logs
- PUID=${PUID}
- PGID=${PGID}
- LOGS_TO_STDOUT=/config/.unmanic/logs/unmanic.log
image: josh5/unmanic:latest
labels:
- homepage.group=Media Library
- homepage.name=Unmanic
- homepage.href=https://unmanic.${MY_TLD}
- homepage.icon=unmanic.png
- homepage.description=Library Optimizer
- homepage.widget.type=unmanic
- homepage.widget.url=http://unmanic:8888
- swag=enable
- swag_port=8888
- swag_url=unmanic.${MY_TLD}
- swag_proto=http
- swag.uptime-kuma.enabled=true
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8911"
target: 8888
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/unmanic
target: /config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_STORAGE}
target: /library
type: bind
bind:
create_host_path: true
- source: unmanic-cache
target: /tmp/unmanic
type: volume
volume: {}
uptimekuma:
container_name: uptimekuma
environment:
- PGID=1000
- PUID=1000
- TZ=America/New_York
- UPTIME_KUMA_USERNAME=${UPTIME_KUMA_USERNAME}
- UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD}
- DOCKER_HOST=http://dockerproxy:2375
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:uptime-kuma
hostname: Rinoa
image: louislam/uptime-kuma:latest
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=Uptime Kuma
- homepage.href=https://uptime.${MY_TLD}
- homepage.icon=uptime-kuma.png
- homepage.description=HTTP Endpoint Monitoring
- swag=enable
- swag_proto=http
- swag_url=uptime.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3003"
target: 3001
restart: unless-stopped
volumes:
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/uptimekuma
target: /app/data
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
vault:
cap_add:
- IPC_LOCK
command:
- server
container_name: hc-vault
environment:
- AWS_ACCESS_KEY_ID=${VAULT_HASHICORP_AWS_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY}
image: hashicorp/vault:latest
labels:
- homepage.group=Code
- homepage.name=Vault
- homepage.icon=vault.png
- homepage.href=https://vault.${MY_TLD}
- homepage.description=Hashicorp Vault for secrets, key/value stores, etc.
- swag=enable
- swag_proto=http
- swag_port=8200
- swag_address=hc-vault
- swag_url=vault.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://vault.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8200"
target: 8200
- mode: ingress
protocol: tcp
published: "8250"
target: 8250
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/
target: /vault/config
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/
target: /vault/logs
type: bind
bind:
create_host_path: true
wallabag:
container_name: wallabag
depends_on:
mariadb:
condition: service_started
required: true
redis:
condition: service_started
required: true
environment:
- SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
- SYMFONY__ENV__DATABASE_HOST=mariadb
- SYMFONY__ENV__DATABASE_PORT=3306
- SYMFONY__ENV__DATABASE_NAME=${WALLABAG_DB}
- SYMFONY__ENV__DATABASE_USER=${WALLABAG_DB}
- SYMFONY__ENV__DATABASE_PASSWORD=${WALLABAG_DB_PASSWORD}
- SYMFONY__ENV__DATABASE_CHARSET=utf8
- SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_"
- SYMFONY__ENV__MAILER_DSN=smtp://postal-smtp
- SYMFONY__ENV__FROM_EMAIL=noreply@trez.wtf
- SYMFONY__ENV__DOMAIN_NAME=https://wallabag.${MY_TLD}
- SYMFONY__ENV__SERVER_NAME="Wallabag @ Rinoa"
- SYMFONY__ENV__REDIS_HOST=redis
- SYMFONY__ENV__REDIS_PORT=6379
healthcheck:
interval: 1m
test:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://localhost
timeout: 3s
image: wallabag/wallabag
labels:
- swag=enable
- swag_address=wallabag
- swag_proto=http
- swag.uptime-kuma.enabled=true
- homepage.group=Lifestyle
- homepage.name=Wallabag
- homepage.href=https://wallabag.${MY_TLD}
- homepage.icon=wallabag.png
- homepage.description=Knowledge Store
networks:
default: null
ports:
- mode: ingress
protocol: tcp
target: 80
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/wallabag/images
target: /var/www/wallabag/web/assets/images
type: bind
bind:
create_host_path: true
wallos:
container_name: wallos
environment:
TZ: ${TZ}
image: bellamy/wallos:latest
labels:
- homepage.group=Lifestyle
- homepage.name=wallos
- homepage.href=https://subs.${MY_TLD}
- homepage.icon=wallos.png
- homepage.description=Subscription Tracking
- swag=enable
- swag_proto=http
- swag_url=subs.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://trac.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8283"
target: 80
restart: unless-stopped
volumes:
- source: wallos-db
target: /var/www/html/db
type: bind
bind:
create_host_path: true
- source: wallos-logos
target: /var/www/html/images/uploads/logos
type: bind
bind:
create_host_path: true
watchtower:
container_name: watchtower
environment:
- REPO_PASS=
- REPO_USER=
- TZ=America/New_York
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_INCLUDE_STOPPED=false
- WATCHTOWER_MONITOR_ONLY=false
- WATCHTOWER_NOTIFICATIONS=gotify
- WATCHTOWER_NOTIFICATIONS_LEVEL=info
- WATCHTOWER_NOTIFICATION_TEMPLATE={{range .}}{{.Message}}{{println}}{{end}}
- WATCHTOWER_NOTIFICATION_URL=
- WATCHTOWER_SCHEDULE=0 0 4 * * *
- WATCHTOWER_TIMEOUT=30s
- WATCHTOWER_HTTP_API_METRICS=true
- WATCHTOWER_HTTP_API_TOKEN=${WATCHTOWER_HTTP_API_TOKEN}
- WATCHTOWER_NOTIFICATION_GOTIFY_URL=${WATCHTOWER_NOTIFICATION_GOTIFY_URL}
- WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN}
- WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true
expose:
- 8080
hostname: Rinoa
image: ghcr.io/containrrr/watchtower:latest
labels:
- homepage.group=Automation
- homepage.name=Watchtower
- homepage.icon=watchtower.svg
- homepage.description=Container-based solution for automating Docker container base image updates
- homepage.widget.type=watchtower
- homepage.widget.url=http://watchtower:8080
- homepage.widget.key=${WATCHTOWER_HTTP_API_TOKEN}
networks:
default: null
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
- bind:
create_host_path: true
source: /var/run/docker.sock
target: /var/run/docker.sock
type: bind
watchyourlan:
container_name: watchyourlan
environment:
DBPATH: /data/db.sqlite
GUIIP: 0.0.0.0
GUIPORT: "8840"
IFACE: eno4
IGNOREIP: "no"
SHOUTRRR_URL: ""
THEME: darkly
TIMEOUT: "120"
TZ: America/New_York
image: aceberg/watchyourlan
labels:
- homepage.group=Infrastructure/App Performance Monitoring
- homepage.name=WatchYourLAN
- homepage.href=https://wyl.${MY_TLD}
- homepage.icon=watchyourlan.png
- homepage.description=Lightweight network IP scanner
- swag=enable
- swag_proto=http
- swag_url=wyl.trez
- swag_port=8840
network_mode: host
ports:
- mode: ingress
protocol: tcp
published: "8840"
target: 8840
restart: unless-stopped
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/watchyourlan
target: /data
type: bind
bind:
create_host_path: true
wazuh.agent:
container_name: wazuh.agent
environment:
- JOIN_MANAGER_PROTOCOL=https
- JOIN_MANAGER_MASTER_HOST=wazuh.manager
- JOIN_MANAGER_WORKER_HOST=wazuh.manager
- JOIN_MANAGER_USER=wazuh-wui
- JOIN_MANAGER_PASSWORD=${WAZUH_API_PASSWORD}
- JOIN_MANAGER_API_PORT=55000
- JOIN_MANAGER_PORT=1514
- VIRUS_TOTAL_KEY=${VIRUS_TOTAL_API_KEY}
- DOCKER_HOST=tcp://dockerproxy:2375
hostname: wazuh.agent
image: opennix/wazuh-agent:latest
networks:
default: null
restart: unless-stopped
wazuh.dashboard:
container_name: wazuh.dashboard
depends_on:
wazuh.indexer:
condition: service_started
required: true
wazuh.manager:
condition: service_started
required: true
restart: true
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=${WAZUH_INDEXER_PASSWORD}
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=${WAZUH_KIBANA_PASSWORD}
- API_USERNAME=wazuh-wui
- API_PASSWORD=${WAZUH_API_PASSWORD}
hostname: wazuh.dashboard
image: wazuh/wazuh-dashboard:${WAZUH_VERSION}
labels:
- swag=enable
- swag_proto=https
- swag_port=5601
- swag_url=wsec.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://wsec.${MY_TLD}
- homepage.group=Privacy/Security
- homepage.name=Wazuh
- homepage.href=https://wsec.${MY_TLD}
- homepage.icon=wazuh-opaque.png
- homepage.description=OSS Security Platform for XDR/SIEM
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "5601"
target: 5601
restart: always
volumes:
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/wazuh.dashboard.pem
target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/wazuh.dashboard-key.pem
target: /usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/certs/root-ca.pem
target: /usr/share/wazuh-dashboard/certs/root-ca.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/config/opensearch_dashboards.yml
target: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/config/wazuh.yml
target: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
type: bind
bind:
create_host_path: true
- source: wazuh-dashboard-config
target: /usr/share/wazuh-dashboard/data/wazuh/config
type: volume
volume: {}
- source: wazuh-dashboard-custom
target: /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
type: volume
volume: {}
wazuh.indexer:
container_name: wazuh.indexer
environment:
- OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m
hostname: wazuh.indexer
image: wazuh/wazuh-indexer:${WAZUH_VERSION}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "9200"
target: 9200
restart: always
ulimits:
memlock:
hard: -1
soft: -1
nofile:
hard: 65536
soft: 65536
volumes:
- source: wazuh-indexer-data
target: /var/lib/wazuh-indexer
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/root-ca.pem
target: /usr/share/wazuh-indexer/certs/root-ca.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/wazuh.indexer-key.pem
target: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/wazuh.indexer.pem
target: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/admin.pem
target: /usr/share/wazuh-indexer/certs/admin.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/certs/admin-key.pem
target: /usr/share/wazuh-indexer/certs/admin-key.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/config/wazuh.indexer.yml
target: /usr/share/wazuh-indexer/opensearch.yml
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/config/internal_users.yml
target: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
type: bind
bind:
create_host_path: true
wazuh.manager:
container_name: wazuh.manager
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=${WAZUH_INDEXER_PASSWORD}
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=${WAZUH_API_PASSWORD}
hostname: wazuh.manager
image: wazuh/wazuh-manager:${WAZUH_VERSION}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "1514"
target: 1514
- mode: ingress
protocol: tcp
published: "1515"
target: 1515
- mode: ingress
protocol: udp
published: "514"
target: 514
- mode: ingress
protocol: tcp
published: "55000"
target: 55000
restart: always
ulimits:
memlock:
hard: -1
soft: -1
nofile:
hard: 655360
soft: 655360
volumes:
- source: wazuh_api_configuration
target: /var/ossec/api/configuration
type: volume
volume: {}
- source: wazuh_etc
target: /var/ossec/etc
type: volume
volume: {}
- source: wazuh_logs
target: /var/ossec/logs
type: volume
volume: {}
- source: wazuh_queue
target: /var/ossec/queue
type: volume
volume: {}
- source: wazuh_var_multigroups
target: /var/ossec/var/multigroups
type: volume
volume: {}
- source: wazuh_integrations
target: /var/ossec/integrations
type: volume
volume: {}
- source: wazuh_active_response
target: /var/ossec/active-response/bin
type: volume
volume: {}
- source: wazuh_agentless
target: /var/ossec/agentless
type: volume
volume: {}
- source: wazuh_wodles
target: /var/ossec/wodles
type: volume
volume: {}
- source: filebeat_etc
target: /etc/filebeat
type: volume
volume: {}
- source: filebeat_var
target: /var/lib/filebeat
type: volume
volume: {}
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/root-ca.pem
target: /etc/ssl/root-ca.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/wazuh.manager.pem
target: /etc/ssl/filebeat.pem
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/certs/wazuh.manager-key.pem
target: /etc/ssl/filebeat.key
type: bind
bind:
create_host_path: true
- source: ${DOCKER_VOLUME_CONFIG}/wazuh/manager/config/wazuh_manager.conf
target: /wazuh-config-mount/etc/ossec.conf
type: bind
bind:
create_host_path: true
web-check:
container_name: web-check
image: lissy93/web-check
labels:
- homepage.group=Privacy/Security
- homepage.name=Web-Check
- homepage.icon=web-check.png
- homepage.href=https://scan.${MY_TLD}
- homepage.description=Site scanner for attack vectors, architecture, security configs, and more
- swag=enable
- swag_proto=http
- swag_url=scan.${MY_TLD}
- swag_port=3000
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://scan.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "3010"
target: 3000
restart: unless-stopped
whodb:
container_name: whodb
environment:
WHODB_MONGODB_1: null
WHODB_MYSQL_1: null
image: clidey/whodb
labels:
- homepage.group=System Administration
- homepage.name=WhoDB
- homepage.href=https://dbs.${MY_TLD}
- homepage.icon=/icons/whodb.png
- homepage.description=Web-based DB management
- swag=enable
- swag_proto=http
- swag_port=8080
- swag_url=dbs.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://dbs.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8900"
target: 8080
restart: unless-stopped
your_spotify:
container_name: your_spotify
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
- APP_URL=https://myspotify.${MY_TLD}
- SPOTIFY_PUBLIC=${YOUR_SPOTIFY_ID}
- SPOTIFY_SECRET=${YOUR_SPOTIFY_SECRET}
- CORS=all
- MONGO_ENDPOINT=mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/your_spotify
- LOG_LEVEL=debug
expose:
- 8080
extra_hosts:
- host.docker.internal:host-gateway
image: lscr.io/linuxserver/your_spotify:latest
labels:
- homepage.group=Media Library
- homepage.name=Your Spotify
- homepage.icon=your-spotify.svg
- homepage.href=https://myspotify.${MY_TLD}
- homepage.description=Personal Spotify Tracking
- swag=enable
- swag_proto=https
- swag_url=myspotify.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://myspotify.${MY_TLD}
networks:
default: null
ports:
- ${YOUR_SPOTIFY_PORT_80}:80
- ${YOUR_SPOTIFY_PORT_443}:443
restart: always
youtubedl:
container_name: youtubedl
environment:
PGID: "1000"
PUID: "1000"
TZ: America/New_York
YDL_CONFIG_PATH: /youtube-dl/config.yml
YDL_DEBUG: "false"
hostname: Rinoa
image: nbr23/youtube-dl-server:latest
labels:
- homepage.group=Downloaders
- homepage.name=YoutubeDL
- homepage.icon=youtubedl.png
- homepage.href=https://ytdl.${MY_TLD}
- homepage.description=YouTube Downloader
- swag=enable
- swag_proto=http
- swag_url=ytdl.${MY_TLD}
- swag_port=8080
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://ytdl.${MY_TLD}
networks:
default: null
ports:
- mode: ingress
protocol: tcp
published: "8089"
target: 8080
restart: unless-stopped
volumes:
- bind:
create_host_path: true
read_only: true
source: /etc/localtime
target: /etc/localtime
type: bind
- bind:
create_host_path: true
source: ${DOCKER_VOLUME_CONFIG}/youtubedl
target: /youtube-dl
type: bind
- bind:
create_host_path: true
source: /rinoa-storage
target: /storage
type: bind
zammad-backup:
command:
- zammad-backup
container_name: zammad-backup
depends_on:
zammad-postgresql:
condition: service_started
required: true
zammad-railsserver:
condition: service_started
required: true
entrypoint: /usr/local/bin/backup.sh
environment:
AUTOWIZARD_JSON: null
AUTOWIZARD_RELATIVE_PATH: null
BACKUP_TIME: "03:00"
ELASTICSEARCH_ENABLED: true
ELASTICSEARCH_HOST: zammad-elasticsearch
ELASTICSEARCH_NAMESPACE: trez_it
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_REINDEX: true
ELASTICSEARCH_SCHEMA: http
ELASTICSEARCH_SSL_VERIFY: false
HOLD_DAYS: "10"
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRESQL_DB_CREATE: true
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
RAILS_LOG_TO_STDOUT: true
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
REDIS_URL: ${ZAMMAD_REDIS_URL}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
TZ: Europe/Berlin
ZAMMAD_BIND_IP: 0.0.0.0
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
ZAMMAD_PROCESS_SCHEDULED: null
ZAMMAD_SESSION_JOBS: null
ZAMMAD_WEB_CONCURRENCY: null
image: postgres:${ZAMMAD_POSTGRES_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-backup
target: /var/tmp/zammad
type: volume
volume: {}
- read_only: true
source: zammad-storage
target: /opt/zammad/storage
type: volume
volume: {}
- read_only: true
source: ${DOCKER_VOLUME_CONFIG}/zammad/scripts/backup.sh
target: /usr/local/bin/backup.sh
type: bind
volume: {}
zammad-elasticsearch:
container_name: zammad-elasticsearch
expose:
- 9200
image: bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-es-data
target: /bitnami/elasticsearch/data
type: volume
volume: {}
zammad-init:
command:
- zammad-init
container_name: zammad-init
depends_on:
zammad-postgresql:
condition: service_started
required: true
environment:
AUTOWIZARD_JSON: null
AUTOWIZARD_RELATIVE_PATH: null
ELASTICSEARCH_ENABLED: true
ELASTICSEARCH_HOST: zammad-elasticsearch
ELASTICSEARCH_NAMESPACE: trez_it
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_REINDEX: true
ELASTICSEARCH_SCHEMA: http
ELASTICSEARCH_SSL_VERIFY: false
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRESQL_DB_CREATE: true
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
RAILS_LOG_TO_STDOUT: true
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
REDIS_URL: ${ZAMMAD_REDIS_URL}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
ZAMMAD_BIND_IP: 0.0.0.0
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
ZAMMAD_PROCESS_SCHEDULED: null
ZAMMAD_SESSION_JOBS: null
ZAMMAD_WEB_CONCURRENCY: null
hostname: init
image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
networks:
default: null
restart: on-failure
user: "0:0"
volumes:
- source: zammad-storage
target: /opt/zammad/storage
type: volume
bind:
create_host_path: true
zammad-memcached:
command: memcached -m 256M
container_name: zammad-memcached
image: memcached:${ZAMMAD_MEMCACHE_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
zammad-nginx:
command:
- zammad-nginx
container_name: zammad-nginx
depends_on:
zammad-railsserver:
condition: service_started
required: true
environment:
AUTOWIZARD_JSON: null
AUTOWIZARD_RELATIVE_PATH: null
ELASTICSEARCH_ENABLED: true
ELASTICSEARCH_HOST: zammad-elasticsearch
ELASTICSEARCH_NAMESPACE: trez_it
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_REINDEX: true
ELASTICSEARCH_SCHEMA: http
ELASTICSEARCH_SSL_VERIFY: false
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRESQL_DB_CREATE: true
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
RAILS_LOG_TO_STDOUT: true
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
REDIS_URL: ${ZAMMAD_REDIS_URL}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
ZAMMAD_BIND_IP: 0.0.0.0
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
ZAMMAD_PROCESS_SCHEDULED: null
ZAMMAD_SESSION_JOBS: null
ZAMMAD_WEB_CONCURRENCY: null
expose:
- "8080"
image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
labels:
- swag=enable
- swag_proto=http
- swag_port=8080
- swag_url=support.${MY_TLD}
- swag.uptime-kuma.enabled=true
- swag.uptime-kuma.monitor.url=https://support.${MY_TLD}
- homepage.group=Professional Services
- homepage.name=Zammad
- homepage.href=https://support.${MY_TLD}
- homepage.icon=zammad.svg
- homepage.description=Open-source helpdesk/customer support system
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-storage
target: /opt/zammad/storage
type: bind
bind:
create_host_path: true
zammad-postgresql:
container_name: zammad-postgresql
environment:
POSTGRES_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS}
POSTGRES_USER: ${ZAMMAD_POSTGRES_USER}
hostname: postgresql
image: postgres:${ZAMMAD_POSTGRES_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-pg-data
target: /var/lib/postgresql/data
type: volume
volume: {}
zammad-railsserver:
command:
- zammad-railsserver
container_name: zammad-railserver
depends_on:
zammad-memcached:
condition: service_started
required: true
zammad-postgresql:
condition: service_started
required: true
zammad-redis:
condition: service_started
required: true
environment:
AUTOWIZARD_JSON: null
AUTOWIZARD_RELATIVE_PATH: null
ELASTICSEARCH_ENABLED: true
ELASTICSEARCH_HOST: zammad-elasticsearch
ELASTICSEARCH_NAMESPACE: trez_it
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_REINDEX: true
ELASTICSEARCH_SCHEMA: http
ELASTICSEARCH_SSL_VERIFY: false
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRESQL_DB_CREATE: true
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
RAILS_LOG_TO_STDOUT: true
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
REDIS_URL: ${ZAMMAD_REDIS_URL}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
ZAMMAD_BIND_IP: 0.0.0.0
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
ZAMMAD_PROCESS_SCHEDULED: null
ZAMMAD_SESSION_JOBS: null
ZAMMAD_WEB_CONCURRENCY: null
image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-storage
target: /opt/zammad/storage
type: volume
volume: {}
zammad-redis:
container_name: zammad-redis
image: redis:${ZAMMAD_REDIS_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-redis-data
target: /data
type: volume
volume: {}
zammad-scheduler:
command:
- zammad-scheduler
container_name: zammad-scheduler
depends_on:
zammad-memcached:
condition: service_started
required: true
zammad-postgresql:
condition: service_started
required: true
zammad-redis:
condition: service_started
required: true
environment:
AUTOWIZARD_JSON: null
AUTOWIZARD_RELATIVE_PATH: null
ELASTICSEARCH_ENABLED: true
ELASTICSEARCH_HOST: zammad-elasticsearch
ELASTICSEARCH_NAMESPACE: trez_it
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_REINDEX: true
ELASTICSEARCH_SCHEMA: http
ELASTICSEARCH_SSL_VERIFY: false
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRESQL_DB_CREATE: true
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
RAILS_LOG_TO_STDOUT: true
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
REDIS_URL: ${ZAMMAD_REDIS_URL}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
ZAMMAD_BIND_IP: 0.0.0.0
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
ZAMMAD_PROCESS_SCHEDULED: null
ZAMMAD_SESSION_JOBS: null
ZAMMAD_WEB_CONCURRENCY: null
image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-storage
target: /opt/zammad/storage
type: volume
volume: {}
zammad-websocket:
command:
- zammad-websocket
container_name: zammad-websocket
depends_on:
zammad-memcached:
condition: service_started
required: true
zammad-postgresql:
condition: service_started
required: true
zammad-redis:
condition: service_started
required: true
environment:
AUTOWIZARD_JSON: null
AUTOWIZARD_RELATIVE_PATH: null
ELASTICSEARCH_ENABLED: true
ELASTICSEARCH_HOST: zammad-elasticsearch
ELASTICSEARCH_NAMESPACE: trez_it
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_REINDEX: true
ELASTICSEARCH_SCHEMA: http
ELASTICSEARCH_SSL_VERIFY: false
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRESQL_DB_CREATE: true
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
RAILS_LOG_TO_STDOUT: true
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
REDIS_URL: ${ZAMMAD_REDIS_URL}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
ZAMMAD_BIND_IP: 0.0.0.0
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
ZAMMAD_PROCESS_SCHEDULED: null
ZAMMAD_SESSION_JOBS: null
ZAMMAD_WEB_CONCURRENCY: null
image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
networks:
default: null
restart: ${ZAMMAD_RESTART}
volumes:
- source: zammad-storage
target: /opt/zammad/storage
type: volume
volume: {}
volumes:
authelia-pg-db:
name: compose_authelia-pg-db
bitmagnet-pgsql:
name: compose_bitmagnet-pgsql
crowdsec-config:
name: compose_crowdsec-config
crowdsec-db:
name: compose_crowdsec-db
dagu_config:
name: compose_dagu_config
dagu_data:
name: compose_dagu_data
fastenhealth-cache:
name: compose_fastenhealth-cache
fastenhealth-db:
name: compose_fastenhealth-db
filebeat_etc:
name: compose_filebeat_etc
filebeat_var:
name: compose_filebeat_var
gitea-pg-db:
name: compose_gitea-pg-db
grafana-mimir-data:
name: compose_grafana-mimir-data
grafana-tempo-data:
name: compose_grafana-tempo-data
hortusfox_app_backup:
name: compose_hortusfox_app_backup
hortusfox_app_images:
name: compose_hortusfox_app_images
hortusfox_app_logs:
name: compose_hortusfox_app_logs
hortusfox_app_migrate:
name: compose_hortusfox_app_migrate
hortusfox_app_themes:
name: compose_hortusfox_app_themes
hortusfox_db_data:
name: compose_hortusfox_db_data
invidious-postgres:
name: compose_invidious-postgres
invoice_ninja_public:
name: compose_invoice_ninja_public
jitsi-web-admin-theme:
name: compose_jitsi-web-admin-theme
jitsi-web-admin-upload:
name: compose_jitsi-web-admin-upload
joplin_data:
name: compose_joplin_data
lldap_data:
name: compose_lldap_data
localai_data:
name: compose_localai_data
mattermost-postgres:
name: compose_mattermost-postgres
maybe-app:
name: compose_maybe-app
maybe-pg-db:
name: compose_maybe-pg-db
medusajs_backend_node_modules:
name: compose_medusajs_backend_node_modules
medusajs_postgres_data:
name: compose_medusajs_postgres_data
medusajs_redis_data:
name: compose_medusajs_redis_data
medusajs_storefront_node_modules:
name: compose_medusajs_storefront_node_modules
mongo1_config:
name: compose_mongo1_config
mongo1_data:
name: compose_mongo1_data
mongo2_config:
name: compose_mongo2_config
mongo2_data:
name: compose_mongo2_data
mongo3_config:
name: compose_mongo3_config
mongo3_data:
name: compose_mongo3_data
ollama:
name: compose_ollama
paperless-ngx-data:
name: compose_paperless-ngx-data
paperless-ngx-media:
name: compose_paperless-ngx-media
paperless-ngx-pg:
name: compose_paperless-ngx-pg
plausible-db-data:
name: compose_plausible-db-data
plausible-event-data:
name: compose_plausible-event-data
plausible-event-logs:
name: compose_plausible-event-logs
reactive-resume-pg:
name: compose_reactive-resume-pg
rustdesk-data:
name: compose_rustdesk-data
tandoor-pg:
name: compose_tandoor-pg
traccar-pg:
name: compose_traccar-pg
unmanic-cache:
name: compose_unmanic-cache
wallos-db:
name: compose_wallos-db
wallos-logos:
name: compose_wallos-logos
wazuh-dashboard-config:
name: compose_wazuh-dashboard-config
wazuh-dashboard-custom:
name: compose_wazuh-dashboard-custom
wazuh-indexer-data:
name: compose_wazuh-indexer-data
wazuh_active_response:
name: compose_wazuh_active_response
wazuh_agentless:
name: compose_wazuh_agentless
wazuh_api_configuration:
name: compose_wazuh_api_configuration
wazuh_etc:
name: compose_wazuh_etc
wazuh_integrations:
name: compose_wazuh_integrations
wazuh_logs:
name: compose_wazuh_logs
wazuh_queue:
name: compose_wazuh_queue
wazuh_var_multigroups:
name: compose_wazuh_var_multigroups
wazuh_wodles:
name: compose_wazuh_wodles
zammad-backup:
driver: local
name: compose_zammad-backup
zammad-es-data:
driver: local
name: compose_zammad-es-data
zammad-pg-data:
driver: local
name: compose_zammad-pg-data
zammad-redis-data:
driver: local
name: compose_zammad-redis-data
zammad-storage:
driver: local
name: compose_zammad-storage
x-shared:
zammad-service:
depends_on:
- zammad-memcached
- zammad-postgresql
- zammad-redis
environment:
AUTOWIZARD_JSON: null
AUTOWIZARD_RELATIVE_PATH: null
ELASTICSEARCH_ENABLED: true
ELASTICSEARCH_HOST: zammad-elasticsearch
ELASTICSEARCH_NAMESPACE: trez_it
ELASTICSEARCH_PORT: 9200
ELASTICSEARCH_REINDEX: true
ELASTICSEARCH_SCHEMA: http
ELASTICSEARCH_SSL_VERIFY: false
MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
POSTGRESQL_DB_CREATE: true
POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
RAILS_LOG_TO_STDOUT: true
RAILS_TRUSTED_PROXIES: 172.18.0.0/16
REDIS_URL: ${ZAMMAD_REDIS_URL}
S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
ZAMMAD_BIND_IP: 0.0.0.0
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
ZAMMAD_PROCESS_SCHEDULED: null
ZAMMAD_SESSION_JOBS: null
ZAMMAD_WEB_CONCURRENCY: null
image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
restart: ${ZAMMAD_RESTART}
volumes:
- zammad-storage:/opt/zammad/storage
Reference in New Issue View Git Blame Copy Permalink