andreas/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: andreas:Media_Server_Pt_3
Branches Tags
andreas:main
andreas:Document_Sharing
andreas:Media_Server_Pt_8
andreas:Aside_DNS
andreas:Media_Server_Pt_7
andreas:Media_Server_Pt_6
andreas:Media_Server_Pt_5
andreas:Media_Server_Pt_4
andreas:Dogfooding_it_Pt_7
andreas:Media_Server_Pt_3
andreas:Dogfooding_it_Pt_6
...
compare: andreas:main
Branches Tags
andreas:main
andreas:Document_Sharing
andreas:Media_Server_Pt_8
andreas:Aside_DNS
andreas:Media_Server_Pt_7
andreas:Media_Server_Pt_6
andreas:Media_Server_Pt_5
andreas:Media_Server_Pt_4
andreas:Dogfooding_it_Pt_7
andreas:Media_Server_Pt_3
andreas:Dogfooding_it_Pt_6

16 Commits
Media_Serv ... main

Author SHA1 Message Date
Andreas S. Turriff
be8d4a098d Document Sharing 2024-06-27 17:02:27 -07:00
Andreas S. Turriff
3ea3bc5e6e Added ddclient 2024-06-24 13:01:46 -07:00
Andreas S. Turriff
cac48b49a1 Media Server, Pt 8 2024-06-23 11:12:28 -07:00
Andreas S. Turriff
51c80a4e2c Media Server Pt 7 2024-06-19 09:50:11 -07:00
Andreas S. Turriff
5365a7ce48 Media Server, Pt 6 2024-06-17 19:56:03 -07:00
Andreas S. Turriff
8a3e78b58e UMASK fixes 2024-06-17 19:48:20 -07:00
Andreas S. Turriff
49219b0e88 Lidarr with Deemix integration 2024-06-16 06:50:53 -07:00
Andreas S. Turriff
eeef39f07d Prowlarr added 2024-06-16 04:40:43 -07:00
Andreas S. Turriff
1a1e89e050 Transmission 2024-06-16 02:21:56 -07:00
Andreas S. Turriff
07c1957760 Added transsmission 2024-06-16 02:20:59 -07:00
Andreas S. Turriff
e4daa2a261 Sabnzbd modified for general configuration 2024-06-14 16:03:49 -07:00
Andreas S. Turriff
4ba878ecb0 Sabnzbd included in stack 2024-06-14 16:02:32 -07:00
Andreas S. Turriff
e8611c7a25 Homelab is now internal. Made proper substitutions for names 2024-06-14 13:20:42 -07:00
Andreas S. Turriff
82775bd957 gitea fixes 2024-06-14 10:36:18 -07:00
Andreas S. Turriff
3c24863cb0 Fixes 2024-06-14 10:11:35 -07:00
Andreas TUrriff
6e0ab38fb4 Dogfooding it, Pt 7 2024-06-14 16:13:10 +00:00
24 changed files with 528 additions and 235 deletions
Show Stats Expand all files Collapse all files

31
aaa.yaml Normal file
View File

@ -0,0 +1,31 @@
networks:
homelab:
driver: overlay
ipam:
config:
- subnet: 10.64.0.0/16
internal: true
secrets:
percona-root:
file: /home/<your user>/secrets/percona-root
ghost:
file: /home/<your user>/secrets/ghost
postgres-root:
file: /home/<your user>/secrets/postgres-root
gitea:
file: /home/<your user>/secrets/gitea
authentik-postgres:
file: /home/<your user>/secrets/authentik-postgres
authentik-secret:
file: /home/<your user>/secrets/authentik-secret
configs:
ghost-config:
file: /home/<your user>/configs/config.production.json
traefik-config:
file: /home/<your user>/configs/traefik.toml
ddclient-config:
file: /home/<your user>/configs/ddclient.conf
services:

69
authentik.yaml Normal file
View File

@ -0,0 +1,69 @@
authentik-server:
command: server
depends_on:
- postgres
- redis
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.authentik-rtr.rule: 'Host(`authentik.your.domain`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.your.domain`) && PathPrefix(`/outpost.goauthentik.io/`)'
traefik.http.routers.authentik-rtr.service: "authentik"
traefik.http.services.authentik.loadbalancer.server.port: "9000"
traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true"
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
replicas: 1
environment:
AUTHENTIK_POSTGRESQL__HOST: "postgres"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__USER: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/authentik-postgres"
AUTHENTIK_REDIS__HOST: "valkey"
AUTHENTIK_SECRET_KEY: "file:///run/secrets/authentik-secret"
AUTHENTIK_EMAIL__HOST: "munin.your.domain"
AUTHENTIK_EMAIL__FROM: "authentik@your.domain"
hostname: "authentik-server"
image: "ghcr.io/goauthentik/server:2024.4"
logging:
driver: journald
networks:
- homelab
restart: on-failure
secrets:
- authentik-postgres
- authentik-secret
user: "10008:10008"
volumes:
- "/srv/data/docker/authentik/media:/media"
- "/srv/data/docker/authentik/custom-templates:/templates"
authentik-worker:
command: worker
depends_on:
- postgres
- redis
deploy:
replicas: 1
environment:
AUTHENTIK_POSTGRESQL__HOST: "postgres"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__USER: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/authentik-postgres"
AUTHENTIK_REDIS__HOST: "valkey"
AUTHENTIK_SECRET_KEY: "file:///run/secrets/authentik-secret"
AUTHENTIK_EMAIL__HOST: "munin.your.domain"
AUTHENTIK_EMAIL__FROM: "authentik@your.domain"
image: "ghcr.io/goauthentik/server:2024.4"
logging:
driver: journald
networks:
- homelab
restart: on-failure
secrets:
- authentik-postgres
- authentik-secret
user: "10008:10008"
volumes:
- "/srv/data/docker/authentik/media:/media"
- "/srv/data/docker/authentik/certs:/certs"
- "/srv/data/docker/authentik/custom-templates:/templates"

22
collabora.yaml Normal file
View File

@ -0,0 +1,22 @@
collabora:
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.routers.collabora-rtr.entrypoints: "websecure"
traefik.http.routers.collabora-rtr.rule: "Host(`collabora.your.domain`)"
traefik.http.routers.collabora-rtr.service: "collabora"
traefik.http.services.collabora.loadbalancer.server.port: "9980"
environment:
PUID: 10021
PGID: 10021
password: "<secret password that is never used>"
username: "admin"
domain: "[collabora\\.your\\.domain]"
extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
image: "collabora/code"
logging:
driver: journald
networks:
- homelab
restart: on-failure

15
configs/ddclient.conf Normal file
View File

@ -0,0 +1,15 @@
daemon=300 # check every 300 seconds
syslog=yes # log update msgs to syslog
mail=your@email.address # mail all msgs to root
mail-failure=your@email.address # mail failed update msgs to root
pid=/var/run/ddclient.pid # record PID in file.
ssl=yes # use ssl-support. Works with
# ssl-library
usev4q=webv4, \ # find IP address via web
webv4=ipify-ipv4 # Use IPify's IPv4 address. These two work analog for IPv6
protocol=godaddy, \
login=<godaddy API token>, \
password=<godaddy API secret>, \
zone=your.domain, \
your.domain

16
ddclient.yaml Normal file
View File

@ -0,0 +1,16 @@
ddclient:
configs:
- source: ddclient-config
target: /config/ddclient.conf
deploy:
replicas: 1
environment:
PUID: 10020
PGID: 10020
TZ: Etc/UTC
image: "linuxserver/ddclient"
logging:
driver: journald
networks:
- homelab
restart: on-failure

187
docker-compose-homelab-combined.yaml
View File

@ -1,187 +0,0 @@
networks:
homelab:
driver: overlay
ipam:
config:
- subnet: 10.64.0.0/16
internal: true
homelab-bridge:
driver: overlay
ipam:
config:
- subnet: 10.96.0.0/16
secrets:
percona-root:
file: /home/andreas/secrets/percona-root
ghost:
file: /home/andreas/secrets/ghost
postgres-root:
file: /home/andreas/secrets/postgres-root
gitea:
file: /home/andreas/secrets/gitea
configs:
ghost-config:
file: /home/andreas/configs/config.production.json
traefik-config:
file: /home/andreas/configs/traefik.toml
services:
traefik:
configs:
- source: traefik-config
target: /etc/traefik/traefik.toml
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.traefik-rtr.entrypoints: "websecure"
traefik.http.routers.traefik-rtr.middlewares: "traefik-allowlist@file"
traefik.http.routers.traefik-rtr.rule: "Host(`traefik.turriff.net`)"
traefik.http.routers.traefik-rtr.service: "api@internal"
traefik.http.services.dummy-svc.loadbalancer.server.port: "9999"
replicas: 1
healthcheck:
test: ["CMD","traefik","healthcheck"]
interval: 30s
timeout: 10s
image: "traefik:3.0"
logging:
driver: journald
networks:
- homelab
- homelab-bridge
ports:
- "80:10080"
- "443:10443"
- "10022:10022"
restart: on-failure
volumes:
- "/srv/data/docker/traefik/rules:/rules:ro"
- "/srv/data/docker/traefik/acme:/acme:rw"
- "/srv/data/docker/traefik/logs:/logs:rw"
- "/run/docker.sock:/run/docker.sock:ro"
percona:
deploy:
replicas: 1
environment:
MYSQL_ROOT_PASSWORD_FILE: "/run/secrets/percona-root"
PERCONA_TELEMETRY_DISABLE: 1
image: "percona:ps-8"
logging:
driver: journald
networks:
- homelab
restart: on-failure
secrets:
- percona-root
- ghost
volumes:
- "/srv/data/docker/percona/data:/var/lib/mysql:rw"
ghost:
configs:
- source: ghost-config
target: /var/lib/ghost/config.production.json
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.routers.ghost-rtr.entrypoints: "websecure"
traefik.http.routers.ghost-rtr.rule: "Host(`ghost.turriff.net`)"
traefik.http.routers.ghost-rtr.service: "ghost"
traefik.http.services.ghost.loadbalancer.server.port: "2368"
image: "ghost:5"
logging:
driver: journald
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/ghost/data:/var/lib/ghost/content:rw"
navidrome:
deploy:
replicas: 1
environment:
ND_BASEURL: "https://media.turriff.net"
ND_ENABLE_EXTERNAL_SERVICES: "false"
image: "deluan/navidrome:latest"
labels:
traefik.enable: "true"
traefik.http.routers.navidrome-rtr.entrypoint: websecure
traefik.http.routers.navidrome-rtr.rule: "Host(`media.turriff.net`)"
traefik.http.routers.navidrome-rtr.service: "navidrome"
traefix.http.services.navidrome.loadbalancer.server.port: "4533"
logging:
driver: journald
networks:
- homelab
restart: unless-stopped
user: "10002:10002"
volumes:
- "/srv/data/docker/navidrome/data:/data"
- "/srv/data/shared/media/music:/music:ro"
postgres:
deploy:
replicas: 1
environment:
POSTGRES_PASSWORD_FILE: "/run/secrets/postgres-root"
hostname: "postgres"
image: "postgres:16"
logging:
driver: journald
networks:
- homelab
restart: on-failure
secrets:
- postgres-root
- gitea
shm_size: 128mb
user: "10003:10003"
volumes:
- "/srv/data/docker/postgres/data:/var/lib/postgresql/data:rw"
- type: tmpfs
target: "/var/run/postgresql"
gitea:
depends_on:
- postgres
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.gitea-http-rtr.entrypoints: websecure
traefik.http.routers.gitea-http-rtr.rule: "Host(`gitea.turriff.net`)"
traefik.http.routers.gitea-http-rtr.service: "gitea"
traefik.http.services.gitea.loadbalancer.server.port: "3000"
traefik.tcp.routers.gitea-ssh-rtr.entrypoints: ssh
traefik.tcp.routers.gitea-ssh-rtr.rule: "Host(`gitea.turriff.net`)"
traefik.tcp.routers.gitea-ssh-rtr.service: "gitea-ssh"
traefik.tcp.services.gitea-ssh.loadbalancer.server.port: "2222"
replicas: 1
environment:
GITEA__database__DB_TYPE: "postgres"
GITEA__database__HOST: "postgres"
GITEA__database__NAME: "gitea"
GITEA__database__USER: "gitea"
GITEA__database__PASSWORD__FILE: "/run/secrets/gitea"
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: "gitea@turriff.net"
GITEA__mailer__PROTOCOL: "smtp+starttls"
GITEA__mailer__SMTP_ADDR: "munin.turriff.net"
GITEA__mailer__SMTP_PORT: "25"
GITEA__server__ROOT_URL: "https://gitea.turriff.net"
GITEA__cors__ENABLED: "true"
GITEA__cors__ALLOW_DOMAIN: "https://*.turriff.net"
GITEA__server__USE_PROXY_PROTOCOL: "true"
GITEA__server__DOMAIN: "gitea.turriff.net"
GITEA__server__SSH_SERVER_USE_PROXY_PROTOCOL: "true"
image: "gitea/gitea:1-rootless"
logging:
driver: journald
networks:
- homelab
- homelab-bridge
restart: on-failure
secrets:
- gitea
user: "10004:10004"
volumes:
- "/srv/data/docker/gitea/data:/var/lib/gitea:rw"
- "/srv/data/docker/gitea/config:/etc/gitea:rw"

28
docker-compose-homelab.yaml
View File

@ -1,28 +0,0 @@
networks:
homelab:
driver: overlay
ipam:
config:
- subnet: 10.64.0.0/16
internal: true
homelab-bridge:
driver: overlay
ipam:
config:
- subnet: 10.96.0.0/16
secrets:
percona-root:
file: /home/andreas/secrets/percona-root
ghost:
file: /home/andreas/secrets/ghost
postgres-root:
file: /home/andreas/secrets/postgres-root
gitea:
file: /home/andreas/secrets/gitea
configs:
ghost-config:
file: /home/andreas/configs/config.production.json
traefik-config:
file: /home/andreas/configs/traefik.toml

2
ghost.yaml
View File

@ -7,7 +7,7 @@
labels: labels:
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.ghost-rtr.entrypoints: "websecure" traefik.http.routers.ghost-rtr.entrypoints: "websecure"
traefik.http.routers.ghost-rtr.rule: "Host(`ghost.turriff.net`)" traefik.http.routers.ghost-rtr.rule: "Host(`ghost.your.domain`)"
traefik.http.routers.ghost-rtr.service: "ghost" traefik.http.routers.ghost-rtr.service: "ghost"
traefik.http.services.ghost.loadbalancer.server.port: "2368" traefik.http.services.ghost.loadbalancer.server.port: "2368"
image: "ghost:5" image: "ghost:5"

17
gitea.yaml
View File

@ -5,11 +5,11 @@
labels: labels:
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.gitea-http-rtr.entrypoints: websecure traefik.http.routers.gitea-http-rtr.entrypoints: websecure
traefik.http.routers.gitea-http-rtr.rule: "Host(`gitea.turriff.net`)" traefik.http.routers.gitea-http-rtr.rule: "Host(`gitea.your.domain`)"
traefik.http.routers.gitea-http-rtr.service: "gitea" traefik.http.routers.gitea-http-rtr.service: "gitea"
traefik.http.services.gitea.loadbalancer.server.port: "3000" traefik.http.services.gitea.loadbalancer.server.port: "3000"
traefik.tcp.routers.gitea-ssh-rtr.entrypoints: ssh traefik.tcp.routers.gitea-ssh-rtr.entrypoints: ssh
traefik.tcp.routers.gitea-ssh-rtr.rule: "Host(`gitea.turriff.net`)" traefik.tcp.routers.gitea-ssh-rtr.rule: 'HostSNI(`*`)'
traefik.tcp.routers.gitea-ssh-rtr.service: "gitea-ssh" traefik.tcp.routers.gitea-ssh-rtr.service: "gitea-ssh"
traefik.tcp.services.gitea-ssh.loadbalancer.server.port: "2222" traefik.tcp.services.gitea-ssh.loadbalancer.server.port: "2222"
replicas: 1 replicas: 1
@ -20,22 +20,19 @@
GITEA__database__USER: "gitea" GITEA__database__USER: "gitea"
GITEA__database__PASSWORD__FILE: "/run/secrets/gitea" GITEA__database__PASSWORD__FILE: "/run/secrets/gitea"
GITEA__mailer__ENABLED: "true" GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: "gitea@turriff.net" GITEA__mailer__FROM: "gitea@your.domain"
GITEA__mailer__PROTOCOL: "smtp+starttls" GITEA__mailer__PROTOCOL: "smtp+starttls"
GITEA__mailer__SMTP_ADDR: "munin.turriff.net" GITEA__mailer__SMTP_ADDR: "munin.your.domain"
GITEA__mailer__SMTP_PORT: "25" GITEA__mailer__SMTP_PORT: "25"
GITEA__server__ROOT_URL: "https://gitea.turriff.net" GITEA__server__ROOT_URL: "https://gitea.your.domain"
GITEA__cors__ENABLED: "true" GITEA__cors__ENABLED: "true"
GITEA__cors__ALLOW_DOMAIN: "https://*.turriff.net" GITEA__cors__ALLOW_DOMAIN: "https://*.your.domain"
GITEA__server__USE_PROXY_PROTOCOL: "true" GITEA__server__DOMAIN: "gitea.your.domain"
GITEA__server__DOMAIN: "gitea.turriff.net"
GITEA__server__SSH_SERVER_USE_PROXY_PROTOCOL: "true"
image: "gitea/gitea:1-rootless" image: "gitea/gitea:1-rootless"
logging: logging:
driver: journald driver: journald
networks: networks:
- homelab - homelab
- homelab-bridge
restart: on-failure restart: on-failure
secrets: secrets:
- gitea - gitea

29
jellyfin.yaml Normal file
View File

@ -0,0 +1,29 @@
jellyfin:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.jellyfin-rtr.entrypoints: "websecure"
traefik.http.routers.jellyfin-rtr.rule: "Host(`jellyfin.your.domain`)"
traefik.http.routers.jellyfin-rtr.service: "jellyfin"
traefik.http.services.jellyfin.loadbalancer.server.port: "8096"
replicas: 1
devices:
- "/dev/dri:/dev/dri"
environment:
DOCKER_MODS: "linuxserver/mods:jellyfin-opencl-intel"
PUID: 10012
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
JELLYFIN_PublishedServerUrl: "https://jellyfin.your.domain"
hostname: "jellyfin"
image: "linuxserver/jellyfin:latest"
logging:
driver: journald
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/jellyfin/cache:/cache"
- "/srv/data/docker/jellyfin/config:/config"
- "/srv/data/shared/media:/media"

33
lidarr.yaml Normal file
View File

@ -0,0 +1,33 @@
lidarr:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.lidarr-rtr.entrypoints: "websecure"
traefik.http.routers.lidarr-rtr.middlewares: "authentik@swarm"
traefik.http.routers.lidarr-rtr.rule: "Host(`lidarr.your.domain`)"
traefik.http.routers.lidarr-rtr.service: "lidarr"
traefik.http.services.lidarr.loadbalancer.server.port: "8686"
replicas: 1
environment:
PUID: 10010
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http://localhost:8686"
interval: 2m
timeout: 5s
start_period: 20s
hostname: "lidarr"
image: "linuxserver/lidarr"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/lidarr/config:/config"
- "/srv/data/shared/deemix:/data/deemix"
- "/srv/data/shared/usenet:/data/usenet"
- "/srv/data/shared/torrent:/data/torrent"
- "/srv/data/shared/media:/data/media"
- "/srv/data/docker/lidarr/custom-services.d:/custom-services.d"
- "/srv/data/docker/lidarr/custom-cont-init.d:/custom-cont-init.d"

31
mylar3.yaml Normal file
View File

@ -0,0 +1,31 @@
mylar3:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.mylar3-rtr.entrypoints: "websecure"
traefik.http.routers.mylar3-rtr.middlewares: "authentik@swarm"
traefik.http.routers.mylar3-rtr.rule: "Host(`mylar3.your.domain`)"
traefik.http.routers.mylar3-rtr.service: "mylar3"
traefik.http.services.mylar3.loadbalancer.server.port: "8090"
replicas: 1
environment:
PUID: 10019
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http://mylar3:8090"
interval: 2m
timeout: 5s
start_period: 20s
hostname: "mylar3"
image: "linuxserver/mylar3"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/mylar3/config:/config"
- "/srv/data/shared/usenet:/data/usenet"
- "/srv/data/shared/torrent:/data/torrent"
- "/srv/data/shared/media:/data/media"
- "/srv/data/docker/mylar3/custom-cont-init.d:/custom-cont-init.d"

6
navidrome.yaml
View File

@ -2,13 +2,13 @@
deploy: deploy:
replicas: 1 replicas: 1
environment: environment:
ND_BASEURL: "https://media.turriff.net" ND_BASEURL: "https://media.your.domain"
ND_ENABLE_EXTERNAL_SERVICES: "false" ND_ENABLEEXTERNALSERVICES: "false"
image: "deluan/navidrome:latest" image: "deluan/navidrome:latest"
labels: labels:
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.navidrome-rtr.entrypoint: websecure traefik.http.routers.navidrome-rtr.entrypoint: websecure
traefik.http.routers.navidrome-rtr.rule: "Host(`media.turriff.net`)" traefik.http.routers.navidrome-rtr.rule: "Host(`media.your.domain`)"
traefik.http.routers.navidrome-rtr.service: "navidrome" traefik.http.routers.navidrome-rtr.service: "navidrome"
traefix.http.services.navidrome.loadbalancer.server.port: "4533" traefix.http.services.navidrome.loadbalancer.server.port: "4533"
logging: logging:

47
nextcloud.yaml Normal file
View File

@ -0,0 +1,47 @@
nextcloud:
container_name: "nextcloud"
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.nextcloud-rtr.entrypoints: websecure
traefik.http.routers.nextcloud-rtr.middlewares: "nextcloud-dav@swarm, nextcloud-index@swarm"
traefik.http.routers.nextcloud-rtr.rule: "Host(`nextcloud.your.domain`)"
traefik.http.routers.nextcloud-rtr.service: "nextcloud"
traefik.http.services.nextcloud.loadbalancer.server.port: "80"
traefik.http.middlewares.nextcloud-dav.redirectregex.regex: "https://(.*t)/.well-known/(card|cal)dav"
traefik.http.middlewares.nextcloud-dav.redirectregex.replacement: "https://$$1/remote.php/dav/"
traefik.http.middlewares.nextcloud-dav.redirectregex.permanent: "true"
traefik.http.middlewares.nextcloud-index.redirectregex.regex: "https://(.*t)/.well-known/(webfinger|nodeinfo)"
traefik.http.middlewares.nextcloud-index.redirectregex.replacement: "https://$$1/index.php/.well-known/$$2"
traefik.http.middlewares.nextcloud-index.redirectregex.permanent: "true"
replicas: 1
environment:
POSTGRES_DB: "nextcloud"
POSTGRES_USER: "nextcloud"
POSTGRES_PASSWORD_FILE: "/run/secrets/nextcloud"
POSTGRES_HOST: "postgres"
NEXTCLOUD_ADMIN_USER: "admin"
NEXTCLOUD_ADMIN_PASSWORD_FILE: "/run/secrets/nextcloud-admin"
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.your.domain"
REDIS_HOST: "valkey"
SMTP_HOST: "your.mail.server"
SMTP_SECURE: "starttls"
SMTP_PORT: "25"
SMTP_AUTHTYPE: "PLAIN"
MAIL_FROM_ADDRESS: "nextcloud@your.domain"
MAIL_DOAIN: "your.domain"
TRUSTED_PROXIES: "10.64.0.0/16"
APACHE_DISABLE_REWRITE_IP: 1
image: "nextcloud:production"
logging:
driver: journald
networks:
- homelab
ports:
- "8080:80"
restart: on-failure
secrets:
- nextcloud
- nextcloud-admin
volumes:
- "/srv/data/docker/nextcloud/data:/var/www/html"

7
postgres.yaml
View File

@ -3,6 +3,12 @@
replicas: 1 replicas: 1
environment: environment:
POSTGRES_PASSWORD_FILE: "/run/secrets/postgres-root" POSTGRES_PASSWORD_FILE: "/run/secrets/postgres-root"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
hostname: "postgres" hostname: "postgres"
image: "postgres:16" image: "postgres:16"
logging: logging:
@ -13,6 +19,7 @@
secrets: secrets:
- postgres-root - postgres-root
- gitea - gitea
- authentik-postgres
shm_size: 128mb shm_size: 128mb
user: "10003:10003" user: "10003:10003"
volumes: volumes:

27
prowlarr.yaml Normal file
View File

@ -0,0 +1,27 @@
prowlarr:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.prowlarr-rtr.entrypoints: "websecure"
traefik.http.routers.prowlarr-rtr.middlewares: "authentik@swarm"
traefik.http.routers.prowlarr-rtr.rule: "Host(`prowlarr.your.domain`)"
traefik.http.routers.prowlarr-rtr.service: "prowlarr"
traefik.http.services.prowlarr.loadbalancer.server.port: "9696"
replicas: 1
environment:
PUID: 10009
PGID: 10009
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http://localhost:9696"
interval: 2m
timeout: 5s
start_period: 20s
hostname: "prowlarr"
image: "linuxserver/prowlarr:latest"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/prowlarr/config:/config"

32
radarr.yaml Normal file
View File

@ -0,0 +1,32 @@
radarr:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.radarr-rtr.entrypoints: "websecure"
traefik.http.routers.radarr-rtr.middlewares: "authentik@swarm"
traefik.http.routers.radarr-rtr.rule: "Host(`radarr.your.domain`)"
traefik.http.routers.radarr-rtr.service: "radarr"
traefik.http.services.radarr.loadbalancer.server.port: "7878"
replicas: 1
environment:
PUID: 10014
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http://localhost:7878"
interval: 2m
timeout: 5s
start_period: 20s
hostname: "radarr"
image: "linuxserver/radarr:latest"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/radarr/config:/config"
- "/srv/data/shared/usenet:/data/usenet"
- "/srv/data/shared/torrent:/data/torrent"
- "/srv/data/shared/media:/data/media"
- "/srv/data/docker/radarr/custom-cont-init.d:/custom-cont-init.d"
- "/srv/data/docker/radarr/custom-services.d:/custom-services.d"

32
readarr.yaml Normal file
View File

@ -0,0 +1,32 @@
readarr:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.readarr-rtr.entrypoints: "websecure"
traefik.http.routers.readarr-rtr.middlewares: "authentik@swarm"
traefik.http.routers.readarr-rtr.rule: "Host(`readarr.your.domain`)"
traefik.http.routers.readarr-rtr.service: "readarr"
traefik.http.services.readarr.loadbalancer.server.port: "8787"
replicas: 1
environment:
PUID: 10017
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http://localhost:8787"
interval: 2m
timeout: 5s
start_period: 20s
hostname: "readarr"
image: "linuxserver/readarr:develop"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/readarr/config:/config"
- "/srv/data/shared/usenet:/data/usenet"
- "/srv/data/shared/torrent:/data/torrent"
- "/srv/data/shared/media:/data/media"
- "/srv/data/docker/readarr/custom-cont-init.d:/custom-cont-init.d"
- "/srv/data/docker/readarr/custom-services.d:/custom-services.d"

29
sabnzbd.yaml Normal file
View File

@ -0,0 +1,29 @@
sabnzbd:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.sabnzbd-rtr.entrypoints: "websecure"
traefik.http.routers.sabnzbd-rtr.middlewares: "authentik@swarm"
traefik.http.routers.sabnzbd-rtr.rule: "Host(`sabnzbd.your.domain`)"
traefik.http.routers.sabnzbd-rtr.service: "sabnzbd"
traefik.http.services.sabnzbd.loadbalancer.server.port: "8080"
replicas: 1
environment:
PUID: 10005
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http:///localhost:8080"
interval: 2m
timeout: 5s
start_period: 1m
hostname: "sabnzbd"
image: "hotio/sabnzbd:release"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/sabnzbd/config:/config"
- "/srv/data/docker/sabnzbd/incomplete:/data/usenet/incomplete"
- "/srv/data/shared/usenet:/data/usenet"

5
scripts/mylar3/custom-cont-init.d/mylar3-listen.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
export LOCAL_IP=$(ip addr | grep -E 'inet 10\.64\..*/16' | sed -e 's|.*\(10\.64\..*\..*\)/16.*|\1|')
sed -i -e "/http_host/s| = .*\..*\..*\..*| = ${LOCAL_IP}|" /config/mylar/config.ini

32
sonarr.yaml Normal file
View File

@ -0,0 +1,32 @@
sonarr:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.sonarr-rtr.entrypoints: "websecure"
traefik.http.routers.sonarr-rtr.middlewares: "authentik@swarm"
traefik.http.routers.sonarr-rtr.rule: "Host(`sonarr.your.domain`)"
traefik.http.routers.sonarr-rtr.service: "sonarr"
traefik.http.services.sonarr.loadbalancer.server.port: "8989"
replicas: 1
environment:
PUID: 10013
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http://localhost:8989"
interval: 2m
timeout: 5s
start_period: 20s
hostname: "sonarr"
image: "linuxserver/sonarr:latest"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/sonarr/config:/config"
- "/srv/data/shared/usenet:/data/usenet"
- "/srv/data/shared/torrent:/data/torrent"
- "/srv/data/shared/media:/data/media"
- "/srv/data/docker/radarr/custom-cont-init.d:/custom-cont-init.d"
- "/srv/data/docker/radarr/custom-services.d:/custom-services.d"

19
traefik.yaml
View File

@ -1,4 +1,3 @@
services:
traefik: traefik:
configs: configs:
- source: traefik-config - source: traefik-config
@ -8,7 +7,7 @@ services:
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.traefik-rtr.entrypoints: "websecure" traefik.http.routers.traefik-rtr.entrypoints: "websecure"
traefik.http.routers.traefik-rtr.middlewares: "traefik-allowlist@file" traefik.http.routers.traefik-rtr.middlewares: "traefik-allowlist@file"
traefik.http.routers.traefik-rtr.rule: "Host(`traefik.turriff.net`)" traefik.http.routers.traefik-rtr.rule: "Host(`traefik.your.domain`)"
traefik.http.routers.traefik-rtr.service: "api@internal" traefik.http.routers.traefik-rtr.service: "api@internal"
traefik.http.services.dummy-svc.loadbalancer.server.port: "9999" traefik.http.services.dummy-svc.loadbalancer.server.port: "9999"
replicas: 1 replicas: 1
@ -21,11 +20,19 @@ services:
driver: journald driver: journald
networks: networks:
- homelab - homelab
- homelab-bridge
ports: ports:
- "80:10080" - published: 80
- "443:10443" target: 10080
- "10022:10022" protocol: "tcp"
mode: "host"
- published: 443
target: 10443
protocol: "tcp"
mode: "host"
- published: 10022
target: 10022
protocol: "tcp"
mode: "host"
restart: on-failure restart: on-failure
volumes: volumes:
- "/srv/data/docker/traefik/rules:/rules:ro" - "/srv/data/docker/traefik/rules:/rules:ro"

28
transmission.yaml Normal file
View File

@ -0,0 +1,28 @@
transmission:
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.transmission-rtr.entrypoints: "websecure"
traefik.http.routers.transmission-rtr.middlewares: "authentik@swarm"
traefik.http.routers.transmission-rtr.rule: "Host(`transmission.<your.domain>`)"
traefik.http.routers.transmission-rtr.service: "transmission"
traefik.http.services.transmission.loadbalancer.server.port: "9091"
replicas: 1
environment:
PUID: 10006
PGID: 10002
UMASK: 0002
TZ: "Etc/UTC"
healthcheck:
test: "curl -f http://localhost:9091"
interval: 2m
timeout: 5s
start_period: 1m
hostname: "transmission"
image: "linuxserver/transmission:latest"
networks:
- homelab
restart: on-failure
volumes:
- "/srv/data/docker/transmission/config:/config"
- "/srv/data/shared/torrent:/download"

19
valkey.yaml Normal file
View File

@ -0,0 +1,19 @@
valkey:
command: "valkey-server --save 30 1"
deploy:
replicas: 1
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
timeout: 3s
hostname: "valkey"
image: "valkey/valkey:7.2-alpine"
logging:
driver: journald
networks:
- homelab
restart: unless-stopped
user: "10007:10007"
volumes:
- "/srv/data/docker/valkey/data:/data"