Document Sharing

Added ddclient
Media Server, Pt 8
2024-06-27 17:02:27 -07:00 · 2024-06-24 13:01:46 -07:00 · 2024-06-23 11:12:28 -07:00 · 2024-06-19 09:50:11 -07:00 · 2024-06-17 19:56:03 -07:00 · 2024-06-17 19:48:20 -07:00
24 changed files with 528 additions and 235 deletions
--- a/aaa.yaml
+++ b/aaa.yaml
@ -0,0 +1,31 @@
+networks:
+  homelab:
+    driver: overlay
+    ipam:
+      config:
+        - subnet: 10.64.0.0/16
+    internal: true
+
+secrets:
+  percona-root:
+    file: /home/<your user>/secrets/percona-root
+  ghost:
+    file: /home/<your user>/secrets/ghost
+  postgres-root:
+    file: /home/<your user>/secrets/postgres-root
+  gitea:
+    file: /home/<your user>/secrets/gitea
+  authentik-postgres:
+    file: /home/<your user>/secrets/authentik-postgres
+  authentik-secret:
+    file: /home/<your user>/secrets/authentik-secret
+
+configs:
+  ghost-config:
+    file: /home/<your user>/configs/config.production.json
+  traefik-config:
+    file: /home/<your user>/configs/traefik.toml
+  ddclient-config:
+    file: /home/<your user>/configs/ddclient.conf
+
+services:
--- a/authentik.yaml
+++ b/authentik.yaml
@ -0,0 +1,69 @@
+  authentik-server:
+    command: server
+    depends_on:
+      - postgres
+      - redis
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.authentik-rtr.rule: 'Host(`authentik.your.domain`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.your.domain`) && PathPrefix(`/outpost.goauthentik.io/`)'
+        traefik.http.routers.authentik-rtr.service: "authentik"
+        traefik.http.services.authentik.loadbalancer.server.port: "9000"
+        traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
+        traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true"
+        traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
+      replicas: 1
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: "postgres"
+      AUTHENTIK_POSTGRESQL__NAME: "authentik"
+      AUTHENTIK_POSTGRESQL__USER: "authentik"
+      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/authentik-postgres"
+      AUTHENTIK_REDIS__HOST: "valkey"
+      AUTHENTIK_SECRET_KEY: "file:///run/secrets/authentik-secret"
+      AUTHENTIK_EMAIL__HOST: "munin.your.domain"
+      AUTHENTIK_EMAIL__FROM: "authentik@your.domain"
+    hostname: "authentik-server"
+    image: "ghcr.io/goauthentik/server:2024.4"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure
+    secrets:
+      - authentik-postgres
+      - authentik-secret
+    user: "10008:10008"
+    volumes:
+      - "/srv/data/docker/authentik/media:/media"
+      - "/srv/data/docker/authentik/custom-templates:/templates"
+
+  authentik-worker:
+    command: worker
+    depends_on:
+      - postgres
+      - redis
+    deploy:
+      replicas: 1
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: "postgres"
+      AUTHENTIK_POSTGRESQL__NAME: "authentik"
+      AUTHENTIK_POSTGRESQL__USER: "authentik"
+      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/authentik-postgres"
+      AUTHENTIK_REDIS__HOST: "valkey"
+      AUTHENTIK_SECRET_KEY: "file:///run/secrets/authentik-secret"
+      AUTHENTIK_EMAIL__HOST: "munin.your.domain"
+      AUTHENTIK_EMAIL__FROM: "authentik@your.domain"
+    image: "ghcr.io/goauthentik/server:2024.4"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure
+    secrets:
+      - authentik-postgres
+      - authentik-secret
+    user: "10008:10008"
+    volumes:
+      - "/srv/data/docker/authentik/media:/media"
+      - "/srv/data/docker/authentik/certs:/certs"
+      - "/srv/data/docker/authentik/custom-templates:/templates"
--- a/collabora.yaml
+++ b/collabora.yaml
@ -0,0 +1,22 @@
+  collabora:
+    deploy:
+      replicas: 1
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.collabora-rtr.entrypoints: "websecure"
+        traefik.http.routers.collabora-rtr.rule: "Host(`collabora.your.domain`)"
+        traefik.http.routers.collabora-rtr.service: "collabora"
+        traefik.http.services.collabora.loadbalancer.server.port: "9980"
+    environment:
+      PUID: 10021
+      PGID: 10021
+      password: "<secret password that is never used>"
+      username: "admin"
+      domain: "[collabora\\.your\\.domain]"
+      extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
+    image: "collabora/code"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure
--- a/configs/ddclient.conf
+++ b/configs/ddclient.conf
@ -0,0 +1,15 @@
+daemon=300				# check every 300 seconds
+syslog=yes				# log update msgs to syslog
+mail=your@email.address			# mail all msgs to root
+mail-failure=your@email.address		# mail failed update msgs to root
+pid=/var/run/ddclient.pid		# record PID in file.
+ssl=yes					# use ssl-support.  Works with
+					# ssl-library
+usev4q=webv4, \				# find IP address via web
+webv4=ipify-ipv4			# Use IPify's IPv4 address. These two work analog for IPv6
+
+protocol=godaddy, \
+login=<godaddy API token>, \
+password=<godaddy API secret>, \
+zone=your.domain, \
+your.domain
--- a/ddclient.yaml
+++ b/ddclient.yaml
@ -0,0 +1,16 @@
+  ddclient:
+    configs:
+      - source: ddclient-config
+        target: /config/ddclient.conf
+    deploy:
+      replicas: 1
+    environment:
+      PUID: 10020
+      PGID: 10020
+      TZ: Etc/UTC
+    image: "linuxserver/ddclient"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure
--- a/docker-compose-homelab-combined.yaml
+++ b/docker-compose-homelab-combined.yaml
@ -1,187 +0,0 @@
-networks:
-  homelab:
-    driver: overlay
-    ipam:
-      config:
-        - subnet: 10.64.0.0/16
-    internal: true
-  homelab-bridge:
-    driver: overlay
-    ipam:
-      config:
-        - subnet: 10.96.0.0/16
-
-secrets:
-  percona-root:
-    file: /home/andreas/secrets/percona-root
-  ghost:
-    file: /home/andreas/secrets/ghost
-  postgres-root:
-    file: /home/andreas/secrets/postgres-root
-  gitea:
-    file: /home/andreas/secrets/gitea
-
-configs:
-  ghost-config:
-    file: /home/andreas/configs/config.production.json
-  traefik-config:
-    file: /home/andreas/configs/traefik.toml
-services:
-  traefik:
-    configs:
-      - source: traefik-config
-        target: /etc/traefik/traefik.toml
-    deploy:
-      labels:
-        traefik.enable: "true"
-        traefik.http.routers.traefik-rtr.entrypoints: "websecure"
-        traefik.http.routers.traefik-rtr.middlewares: "traefik-allowlist@file"
-        traefik.http.routers.traefik-rtr.rule: "Host(`traefik.turriff.net`)"
-        traefik.http.routers.traefik-rtr.service: "api@internal"
-        traefik.http.services.dummy-svc.loadbalancer.server.port: "9999"
-      replicas: 1
-    healthcheck:
-      test: ["CMD","traefik","healthcheck"]
-      interval: 30s
-      timeout: 10s
-    image: "traefik:3.0"
-    logging:
-      driver: journald
-    networks:
-      - homelab
-      - homelab-bridge
-    ports:
-      - "80:10080"
-      - "443:10443"
-      - "10022:10022"
-    restart: on-failure
-    volumes:
-      - "/srv/data/docker/traefik/rules:/rules:ro"
-      - "/srv/data/docker/traefik/acme:/acme:rw"
-      - "/srv/data/docker/traefik/logs:/logs:rw"
-      - "/run/docker.sock:/run/docker.sock:ro"
-  percona:
-    deploy:
-      replicas: 1
-    environment:
-      MYSQL_ROOT_PASSWORD_FILE: "/run/secrets/percona-root"
-      PERCONA_TELEMETRY_DISABLE: 1
-    image: "percona:ps-8"
-    logging:
-      driver: journald
-    networks:
-      - homelab
-    restart: on-failure
-    secrets:
-      - percona-root
-      - ghost
-    volumes:
-      - "/srv/data/docker/percona/data:/var/lib/mysql:rw"
-  ghost:
-    configs:
-      - source: ghost-config
-        target: /var/lib/ghost/config.production.json
-    deploy:
-      replicas: 1
-      labels:
-        traefik.enable: "true"
-        traefik.http.routers.ghost-rtr.entrypoints: "websecure"
-        traefik.http.routers.ghost-rtr.rule: "Host(`ghost.turriff.net`)"
-        traefik.http.routers.ghost-rtr.service: "ghost"
-        traefik.http.services.ghost.loadbalancer.server.port: "2368"
-    image: "ghost:5"
-    logging:
-      driver: journald
-    networks:
-      - homelab
-    restart: on-failure
-    volumes:
-      - "/srv/data/docker/ghost/data:/var/lib/ghost/content:rw"
-  navidrome:
-    deploy:
-      replicas: 1
-    environment:
-      ND_BASEURL: "https://media.turriff.net"
-      ND_ENABLE_EXTERNAL_SERVICES: "false"
-    image: "deluan/navidrome:latest"
-    labels:
-      traefik.enable: "true"
-      traefik.http.routers.navidrome-rtr.entrypoint: websecure
-      traefik.http.routers.navidrome-rtr.rule: "Host(`media.turriff.net`)"
-      traefik.http.routers.navidrome-rtr.service: "navidrome"
-      traefix.http.services.navidrome.loadbalancer.server.port: "4533"
-    logging:
-      driver: journald
-    networks:
-      - homelab
-    restart: unless-stopped 
-    user: "10002:10002"
-    volumes:
-      - "/srv/data/docker/navidrome/data:/data"
-      - "/srv/data/shared/media/music:/music:ro"
-  postgres:
-    deploy:
-      replicas: 1
-    environment:
-      POSTGRES_PASSWORD_FILE: "/run/secrets/postgres-root"
-    hostname: "postgres"
-    image: "postgres:16"
-    logging:
-      driver: journald
-    networks:
-      - homelab
-    restart: on-failure
-    secrets:
-      - postgres-root
-      - gitea
-    shm_size: 128mb
-    user: "10003:10003"
-    volumes:
-      - "/srv/data/docker/postgres/data:/var/lib/postgresql/data:rw"
-      - type: tmpfs
-        target: "/var/run/postgresql"
-  gitea:
-    depends_on:
-      - postgres
-    deploy:
-      labels:
-        traefik.enable: "true"
-        traefik.http.routers.gitea-http-rtr.entrypoints: websecure
-        traefik.http.routers.gitea-http-rtr.rule: "Host(`gitea.turriff.net`)"
-        traefik.http.routers.gitea-http-rtr.service: "gitea"
-        traefik.http.services.gitea.loadbalancer.server.port: "3000"
-        traefik.tcp.routers.gitea-ssh-rtr.entrypoints: ssh
-        traefik.tcp.routers.gitea-ssh-rtr.rule: "Host(`gitea.turriff.net`)"
-        traefik.tcp.routers.gitea-ssh-rtr.service: "gitea-ssh"
-        traefik.tcp.services.gitea-ssh.loadbalancer.server.port: "2222"
-      replicas: 1
-    environment:
-      GITEA__database__DB_TYPE: "postgres"
-      GITEA__database__HOST: "postgres"
-      GITEA__database__NAME: "gitea"
-      GITEA__database__USER: "gitea"
-      GITEA__database__PASSWORD__FILE: "/run/secrets/gitea"
-      GITEA__mailer__ENABLED: "true"
-      GITEA__mailer__FROM: "gitea@turriff.net"
-      GITEA__mailer__PROTOCOL: "smtp+starttls"
-      GITEA__mailer__SMTP_ADDR: "munin.turriff.net"
-      GITEA__mailer__SMTP_PORT: "25"
-      GITEA__server__ROOT_URL: "https://gitea.turriff.net"
-      GITEA__cors__ENABLED: "true"
-      GITEA__cors__ALLOW_DOMAIN: "https://*.turriff.net"
-      GITEA__server__USE_PROXY_PROTOCOL: "true"
-      GITEA__server__DOMAIN: "gitea.turriff.net"
-      GITEA__server__SSH_SERVER_USE_PROXY_PROTOCOL: "true"
-    image: "gitea/gitea:1-rootless"
-    logging:
-      driver: journald
-    networks:
-      - homelab
-      - homelab-bridge
-    restart: on-failure
-    secrets:
-      - gitea
-    user: "10004:10004"
-    volumes:
-      - "/srv/data/docker/gitea/data:/var/lib/gitea:rw"
-      - "/srv/data/docker/gitea/config:/etc/gitea:rw"
--- a/docker-compose-homelab.yaml
+++ b/docker-compose-homelab.yaml
@ -1,28 +0,0 @@
-networks:
-  homelab:
-    driver: overlay
-    ipam:
-      config:
-        - subnet: 10.64.0.0/16
-    internal: true
-  homelab-bridge:
-    driver: overlay
-    ipam:
-      config:
-        - subnet: 10.96.0.0/16
-
-secrets:
-  percona-root:
-    file: /home/andreas/secrets/percona-root
-  ghost:
-    file: /home/andreas/secrets/ghost
-  postgres-root:
-    file: /home/andreas/secrets/postgres-root
-  gitea:
-    file: /home/andreas/secrets/gitea
-
-configs:
-  ghost-config:
-    file: /home/andreas/configs/config.production.json
-  traefik-config:
-    file: /home/andreas/configs/traefik.toml
--- a/ghost.yaml
+++ b/ghost.yaml
@ -7,7 +7,7 @@
      labels:
        traefik.enable: "true"
        traefik.http.routers.ghost-rtr.entrypoints: "websecure"
-        traefik.http.routers.ghost-rtr.rule: "Host(`ghost.turriff.net`)"
+        traefik.http.routers.ghost-rtr.rule: "Host(`ghost.your.domain`)"
        traefik.http.routers.ghost-rtr.service: "ghost"
        traefik.http.services.ghost.loadbalancer.server.port: "2368"
    image: "ghost:5"
--- a/gitea.yaml
+++ b/gitea.yaml
@ -5,11 +5,11 @@
      labels:
        traefik.enable: "true"
        traefik.http.routers.gitea-http-rtr.entrypoints: websecure
-        traefik.http.routers.gitea-http-rtr.rule: "Host(`gitea.turriff.net`)"
+        traefik.http.routers.gitea-http-rtr.rule: "Host(`gitea.your.domain`)"
        traefik.http.routers.gitea-http-rtr.service: "gitea"
        traefik.http.services.gitea.loadbalancer.server.port: "3000"
        traefik.tcp.routers.gitea-ssh-rtr.entrypoints: ssh
-        traefik.tcp.routers.gitea-ssh-rtr.rule: "Host(`gitea.turriff.net`)"
+        traefik.tcp.routers.gitea-ssh-rtr.rule: 'HostSNI(`*`)'
        traefik.tcp.routers.gitea-ssh-rtr.service: "gitea-ssh"
        traefik.tcp.services.gitea-ssh.loadbalancer.server.port: "2222"
      replicas: 1
@ -20,22 +20,19 @@
      GITEA__database__USER: "gitea"
      GITEA__database__PASSWORD__FILE: "/run/secrets/gitea"
      GITEA__mailer__ENABLED: "true"
-      GITEA__mailer__FROM: "gitea@turriff.net"
+      GITEA__mailer__FROM: "gitea@your.domain"
      GITEA__mailer__PROTOCOL: "smtp+starttls"
-      GITEA__mailer__SMTP_ADDR: "munin.turriff.net"
+      GITEA__mailer__SMTP_ADDR: "munin.your.domain"
      GITEA__mailer__SMTP_PORT: "25"
-      GITEA__server__ROOT_URL: "https://gitea.turriff.net"
+      GITEA__server__ROOT_URL: "https://gitea.your.domain"
      GITEA__cors__ENABLED: "true"
-      GITEA__cors__ALLOW_DOMAIN: "https://*.turriff.net"
-      GITEA__server__USE_PROXY_PROTOCOL: "true"
-      GITEA__server__DOMAIN: "gitea.turriff.net"
-      GITEA__server__SSH_SERVER_USE_PROXY_PROTOCOL: "true"
+      GITEA__cors__ALLOW_DOMAIN: "https://*.your.domain"
+      GITEA__server__DOMAIN: "gitea.your.domain"
    image: "gitea/gitea:1-rootless"
    logging:
      driver: journald
    networks:
      - homelab
-      - homelab-bridge
    restart: on-failure
    secrets:
      - gitea
--- a/jellyfin.yaml
+++ b/jellyfin.yaml
@ -0,0 +1,29 @@
+  jellyfin:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.jellyfin-rtr.entrypoints: "websecure"
+        traefik.http.routers.jellyfin-rtr.rule: "Host(`jellyfin.your.domain`)"
+        traefik.http.routers.jellyfin-rtr.service: "jellyfin"
+        traefik.http.services.jellyfin.loadbalancer.server.port: "8096"
+      replicas: 1
+    devices:
+      - "/dev/dri:/dev/dri"
+    environment:
+      DOCKER_MODS: "linuxserver/mods:jellyfin-opencl-intel"
+      PUID: 10012
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+      JELLYFIN_PublishedServerUrl: "https://jellyfin.your.domain"
+    hostname: "jellyfin"
+    image: "linuxserver/jellyfin:latest"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/jellyfin/cache:/cache"
+      - "/srv/data/docker/jellyfin/config:/config"
+      - "/srv/data/shared/media:/media"
--- a/lidarr.yaml
+++ b/lidarr.yaml
@ -0,0 +1,33 @@
+  lidarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.lidarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.lidarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.lidarr-rtr.rule: "Host(`lidarr.your.domain`)"
+        traefik.http.routers.lidarr-rtr.service: "lidarr"
+        traefik.http.services.lidarr.loadbalancer.server.port: "8686"
+      replicas: 1
+    environment:
+      PUID: 10010
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:8686"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "lidarr"
+    image: "linuxserver/lidarr"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/lidarr/config:/config"
+      - "/srv/data/shared/deemix:/data/deemix"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/lidarr/custom-services.d:/custom-services.d"
+      - "/srv/data/docker/lidarr/custom-cont-init.d:/custom-cont-init.d"
--- a/mylar3.yaml
+++ b/mylar3.yaml
@ -0,0 +1,31 @@
+  mylar3:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.mylar3-rtr.entrypoints: "websecure"
+        traefik.http.routers.mylar3-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.mylar3-rtr.rule: "Host(`mylar3.your.domain`)"
+        traefik.http.routers.mylar3-rtr.service: "mylar3"
+        traefik.http.services.mylar3.loadbalancer.server.port: "8090"
+      replicas: 1
+    environment:
+      PUID: 10019
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://mylar3:8090"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "mylar3"
+    image: "linuxserver/mylar3"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/mylar3/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/mylar3/custom-cont-init.d:/custom-cont-init.d"
--- a/navidrome.yaml
+++ b/navidrome.yaml
@ -2,13 +2,13 @@
    deploy:
      replicas: 1
    environment:
-      ND_BASEURL: "https://media.turriff.net"
-      ND_ENABLE_EXTERNAL_SERVICES: "false"
+      ND_BASEURL: "https://media.your.domain"
+      ND_ENABLEEXTERNALSERVICES: "false"
    image: "deluan/navidrome:latest"
    labels:
      traefik.enable: "true"
      traefik.http.routers.navidrome-rtr.entrypoint: websecure
-      traefik.http.routers.navidrome-rtr.rule: "Host(`media.turriff.net`)"
+      traefik.http.routers.navidrome-rtr.rule: "Host(`media.your.domain`)"
      traefik.http.routers.navidrome-rtr.service: "navidrome"
      traefix.http.services.navidrome.loadbalancer.server.port: "4533"
    logging:
--- a/nextcloud.yaml
+++ b/nextcloud.yaml
@ -0,0 +1,47 @@
+  nextcloud:
+    container_name: "nextcloud"
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.nextcloud-rtr.entrypoints: websecure
+        traefik.http.routers.nextcloud-rtr.middlewares: "nextcloud-dav@swarm, nextcloud-index@swarm"
+        traefik.http.routers.nextcloud-rtr.rule: "Host(`nextcloud.your.domain`)"
+        traefik.http.routers.nextcloud-rtr.service: "nextcloud"
+        traefik.http.services.nextcloud.loadbalancer.server.port: "80"
+        traefik.http.middlewares.nextcloud-dav.redirectregex.regex: "https://(.*t)/.well-known/(card|cal)dav"
+        traefik.http.middlewares.nextcloud-dav.redirectregex.replacement: "https://$$1/remote.php/dav/"
+        traefik.http.middlewares.nextcloud-dav.redirectregex.permanent: "true"
+        traefik.http.middlewares.nextcloud-index.redirectregex.regex: "https://(.*t)/.well-known/(webfinger|nodeinfo)"
+        traefik.http.middlewares.nextcloud-index.redirectregex.replacement: "https://$$1/index.php/.well-known/$$2"
+        traefik.http.middlewares.nextcloud-index.redirectregex.permanent: "true"
+      replicas: 1
+    environment:
+      POSTGRES_DB: "nextcloud"
+      POSTGRES_USER: "nextcloud"
+      POSTGRES_PASSWORD_FILE: "/run/secrets/nextcloud"
+      POSTGRES_HOST: "postgres"
+      NEXTCLOUD_ADMIN_USER: "admin"
+      NEXTCLOUD_ADMIN_PASSWORD_FILE: "/run/secrets/nextcloud-admin"
+      NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.your.domain"
+      REDIS_HOST: "valkey"
+      SMTP_HOST: "your.mail.server"
+      SMTP_SECURE: "starttls"
+      SMTP_PORT: "25"
+      SMTP_AUTHTYPE: "PLAIN"
+      MAIL_FROM_ADDRESS: "nextcloud@your.domain"
+      MAIL_DOAIN: "your.domain"
+      TRUSTED_PROXIES: "10.64.0.0/16"
+      APACHE_DISABLE_REWRITE_IP: 1
+    image: "nextcloud:production"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    ports:
+      - "8080:80"
+    restart: on-failure
+    secrets:
+      - nextcloud
+      - nextcloud-admin
+    volumes:
+      - "/srv/data/docker/nextcloud/data:/var/www/html"
--- a/postgres.yaml
+++ b/postgres.yaml
@ -3,6 +3,12 @@
      replicas: 1
    environment:
      POSTGRES_PASSWORD_FILE: "/run/secrets/postgres-root"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
    hostname: "postgres"
    image: "postgres:16"
    logging:
@ -13,6 +19,7 @@
    secrets:
      - postgres-root
      - gitea
+      - authentik-postgres
    shm_size: 128mb
    user: "10003:10003"
    volumes:
--- a/prowlarr.yaml
+++ b/prowlarr.yaml
@ -0,0 +1,27 @@
+  prowlarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.prowlarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.prowlarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.prowlarr-rtr.rule: "Host(`prowlarr.your.domain`)"
+        traefik.http.routers.prowlarr-rtr.service: "prowlarr"
+        traefik.http.services.prowlarr.loadbalancer.server.port: "9696"
+        replicas: 1
+    environment:
+      PUID: 10009
+      PGID: 10009
+      UMASK: 0002 
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:9696"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "prowlarr"
+    image: "linuxserver/prowlarr:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/prowlarr/config:/config"
--- a/radarr.yaml
+++ b/radarr.yaml
@ -0,0 +1,32 @@
+  radarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.radarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.radarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.radarr-rtr.rule: "Host(`radarr.your.domain`)"
+        traefik.http.routers.radarr-rtr.service: "radarr"
+        traefik.http.services.radarr.loadbalancer.server.port: "7878"
+      replicas: 1
+    environment:
+      PUID: 10014
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:7878"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "radarr"
+    image: "linuxserver/radarr:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/radarr/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/radarr/custom-cont-init.d:/custom-cont-init.d"
+      - "/srv/data/docker/radarr/custom-services.d:/custom-services.d"
--- a/readarr.yaml
+++ b/readarr.yaml
@ -0,0 +1,32 @@
+  readarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.readarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.readarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.readarr-rtr.rule: "Host(`readarr.your.domain`)"
+        traefik.http.routers.readarr-rtr.service: "readarr"
+        traefik.http.services.readarr.loadbalancer.server.port: "8787"
+      replicas: 1
+    environment:
+      PUID: 10017
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:8787"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "readarr"
+    image: "linuxserver/readarr:develop"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/readarr/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/readarr/custom-cont-init.d:/custom-cont-init.d"
+      - "/srv/data/docker/readarr/custom-services.d:/custom-services.d"
--- a/sabnzbd.yaml
+++ b/sabnzbd.yaml
@ -0,0 +1,29 @@
+  sabnzbd:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.sabnzbd-rtr.entrypoints: "websecure"
+        traefik.http.routers.sabnzbd-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.sabnzbd-rtr.rule: "Host(`sabnzbd.your.domain`)"
+        traefik.http.routers.sabnzbd-rtr.service: "sabnzbd"
+        traefik.http.services.sabnzbd.loadbalancer.server.port: "8080"
+      replicas: 1
+    environment:
+      PUID: 10005
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http:///localhost:8080"
+      interval: 2m
+      timeout: 5s
+      start_period: 1m
+    hostname: "sabnzbd"
+    image: "hotio/sabnzbd:release"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/sabnzbd/config:/config"
+      - "/srv/data/docker/sabnzbd/incomplete:/data/usenet/incomplete"
+      - "/srv/data/shared/usenet:/data/usenet"
--- a/scripts/mylar3/custom-cont-init.d/mylar3-listen.sh
+++ b/scripts/mylar3/custom-cont-init.d/mylar3-listen.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+export LOCAL_IP=$(ip addr | grep -E 'inet 10\.64\..*/16' | sed -e 's|.*\(10\.64\..*\..*\)/16.*|\1|')
+
+sed -i -e "/http_host/s| = .*\..*\..*\..*| = ${LOCAL_IP}|" /config/mylar/config.ini 
--- a/sonarr.yaml
+++ b/sonarr.yaml
@ -0,0 +1,32 @@
+  sonarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.sonarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.sonarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.sonarr-rtr.rule: "Host(`sonarr.your.domain`)"
+        traefik.http.routers.sonarr-rtr.service: "sonarr"
+        traefik.http.services.sonarr.loadbalancer.server.port: "8989"
+      replicas: 1
+    environment:
+      PUID: 10013
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:8989"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "sonarr"
+    image: "linuxserver/sonarr:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/sonarr/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/radarr/custom-cont-init.d:/custom-cont-init.d"
+      - "/srv/data/docker/radarr/custom-services.d:/custom-services.d"
--- a/traefik.yaml
+++ b/traefik.yaml
@ -1,4 +1,3 @@
-services:
  traefik:
    configs:
      - source: traefik-config
@ -8,7 +7,7 @@ services:
        traefik.enable: "true"
        traefik.http.routers.traefik-rtr.entrypoints: "websecure"
        traefik.http.routers.traefik-rtr.middlewares: "traefik-allowlist@file"
-        traefik.http.routers.traefik-rtr.rule: "Host(`traefik.turriff.net`)"
+        traefik.http.routers.traefik-rtr.rule: "Host(`traefik.your.domain`)"
        traefik.http.routers.traefik-rtr.service: "api@internal"
        traefik.http.services.dummy-svc.loadbalancer.server.port: "9999"
      replicas: 1
@ -21,11 +20,19 @@ services:
      driver: journald
    networks:
      - homelab
-      - homelab-bridge
    ports:
-      - "80:10080"
-      - "443:10443"
-      - "10022:10022"
+      - published: 80
+        target: 10080
+        protocol: "tcp"
+        mode: "host"
+      - published: 443
+        target: 10443
+        protocol: "tcp"
+        mode: "host"
+      - published: 10022
+        target: 10022
+        protocol: "tcp"
+        mode: "host"
    restart: on-failure
    volumes:
      - "/srv/data/docker/traefik/rules:/rules:ro"
--- a/transmission.yaml
+++ b/transmission.yaml
@ -0,0 +1,28 @@
+  transmission:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.transmission-rtr.entrypoints: "websecure"
+        traefik.http.routers.transmission-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.transmission-rtr.rule: "Host(`transmission.<your.domain>`)"
+        traefik.http.routers.transmission-rtr.service: "transmission"
+        traefik.http.services.transmission.loadbalancer.server.port: "9091"
+      replicas: 1
+    environment:
+      PUID: 10006
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:9091"
+      interval: 2m
+      timeout: 5s
+      start_period: 1m
+    hostname: "transmission"
+    image: "linuxserver/transmission:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/transmission/config:/config"
+      - "/srv/data/shared/torrent:/download"
--- a/valkey.yaml
+++ b/valkey.yaml
@ -0,0 +1,19 @@
+  valkey:
+    command: "valkey-server --save 30 1"
+    deploy:
+      replicas: 1
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      timeout: 3s
+    hostname: "valkey"
+    image: "valkey/valkey:7.2-alpine"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: unless-stopped
+    user: "10007:10007"
+    volumes:
+      - "/srv/data/docker/valkey/data:/data"
Author	SHA1	Message	Date
Andreas S. Turriff	be8d4a098d	Document Sharing	2024-06-27 17:02:27 -07:00
Andreas S. Turriff	3ea3bc5e6e	Added ddclient	2024-06-24 13:01:46 -07:00
Andreas S. Turriff	cac48b49a1	Media Server, Pt 8	2024-06-23 11:12:28 -07:00
Andreas S. Turriff	51c80a4e2c	Media Server Pt 7	2024-06-19 09:50:11 -07:00
Andreas S. Turriff	5365a7ce48	Media Server, Pt 6	2024-06-17 19:56:03 -07:00
Andreas S. Turriff	8a3e78b58e	UMASK fixes	2024-06-17 19:48:20 -07:00
Andreas S. Turriff	49219b0e88	Lidarr with Deemix integration	2024-06-16 06:50:53 -07:00
Andreas S. Turriff	eeef39f07d	Prowlarr added	2024-06-16 04:40:43 -07:00
Andreas S. Turriff	1a1e89e050	Transmission	2024-06-16 02:21:56 -07:00
Andreas S. Turriff	07c1957760	Added transsmission	2024-06-16 02:20:59 -07:00
Andreas S. Turriff	e4daa2a261	Sabnzbd modified for general configuration	2024-06-14 16:03:49 -07:00
Andreas S. Turriff	4ba878ecb0	Sabnzbd included in stack	2024-06-14 16:02:32 -07:00
Andreas S. Turriff	e8611c7a25	Homelab is now internal. Made proper substitutions for names	2024-06-14 13:20:42 -07:00
Andreas S. Turriff	82775bd957	gitea fixes	2024-06-14 10:36:18 -07:00
Andreas S. Turriff	3c24863cb0	Fixes	2024-06-14 10:11:35 -07:00
Andreas TUrriff	6e0ab38fb4	Dogfooding it, Pt 7	2024-06-14 16:13:10 +00:00