Document Sharing

aaa.yaml

@@ -25,5 +25,7 @@ configs:
     file: /home/<your user>/configs/config.production.json
   traefik-config:
     file: /home/<your user>/configs/traefik.toml
+  ddclient-config:
+    file: /home/<your user>/configs/ddclient.conf
 
 services:

authentik.yaml

@@ -21,7 +21,7 @@
       AUTHENTIK_REDIS__HOST: "valkey"
       AUTHENTIK_SECRET_KEY: "file:///run/secrets/authentik-secret"
       AUTHENTIK_EMAIL__HOST: "munin.your.domain"
-      AUTHENTIK_EMAIL__FROM: "authentik@turriff.net"
+      AUTHENTIK_EMAIL__FROM: "authentik@your.domain"
     hostname: "authentik-server"
     image: "ghcr.io/goauthentik/server:2024.4"
     logging:
@@ -52,7 +52,7 @@
       AUTHENTIK_REDIS__HOST: "valkey"
       AUTHENTIK_SECRET_KEY: "file:///run/secrets/authentik-secret"
       AUTHENTIK_EMAIL__HOST: "munin.your.domain"
-      AUTHENTIK_EMAIL__FROM: "authentik@turriff.net"
+      AUTHENTIK_EMAIL__FROM: "authentik@your.domain"
     image: "ghcr.io/goauthentik/server:2024.4"
     logging:
       driver: journald

collabora.yaml

@@ -0,0 +1,22 @@
+  collabora:
+    deploy:
+      replicas: 1
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.collabora-rtr.entrypoints: "websecure"
+        traefik.http.routers.collabora-rtr.rule: "Host(`collabora.your.domain`)"
+        traefik.http.routers.collabora-rtr.service: "collabora"
+        traefik.http.services.collabora.loadbalancer.server.port: "9980"
+    environment:
+      PUID: 10021
+      PGID: 10021
+      password: "<secret password that is never used>"
+      username: "admin"
+      domain: "[collabora\\.your\\.domain]"
+      extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
+    image: "collabora/code"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure

configs/ddclient.conf

@@ -0,0 +1,15 @@
+daemon=300				# check every 300 seconds
+syslog=yes				# log update msgs to syslog
+mail=your@email.address			# mail all msgs to root
+mail-failure=your@email.address		# mail failed update msgs to root
+pid=/var/run/ddclient.pid		# record PID in file.
+ssl=yes					# use ssl-support.  Works with
+					# ssl-library
+usev4q=webv4, \				# find IP address via web
+webv4=ipify-ipv4			# Use IPify's IPv4 address. These two work analog for IPv6
+
+protocol=godaddy, \
+login=<godaddy API token>, \
+password=<godaddy API secret>, \
+zone=your.domain, \
+your.domain

ddclient.yaml

@@ -0,0 +1,16 @@
+  ddclient:
+    configs:
+      - source: ddclient-config
+        target: /config/ddclient.conf
+    deploy:
+      replicas: 1
+    environment:
+      PUID: 10020
+      PGID: 10020
+      TZ: Etc/UTC
+    image: "linuxserver/ddclient"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure

gitea.yaml

@@ -20,7 +20,7 @@
       GITEA__database__USER: "gitea"
       GITEA__database__PASSWORD__FILE: "/run/secrets/gitea"
       GITEA__mailer__ENABLED: "true"
-      GITEA__mailer__FROM: "gitea@turriff.net"
+      GITEA__mailer__FROM: "gitea@your.domain"
       GITEA__mailer__PROTOCOL: "smtp+starttls"
       GITEA__mailer__SMTP_ADDR: "munin.your.domain"
       GITEA__mailer__SMTP_PORT: "25"

jellyfin.yaml

@@ -0,0 +1,29 @@
+  jellyfin:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.jellyfin-rtr.entrypoints: "websecure"
+        traefik.http.routers.jellyfin-rtr.rule: "Host(`jellyfin.your.domain`)"
+        traefik.http.routers.jellyfin-rtr.service: "jellyfin"
+        traefik.http.services.jellyfin.loadbalancer.server.port: "8096"
+      replicas: 1
+    devices:
+      - "/dev/dri:/dev/dri"
+    environment:
+      DOCKER_MODS: "linuxserver/mods:jellyfin-opencl-intel"
+      PUID: 10012
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+      JELLYFIN_PublishedServerUrl: "https://jellyfin.your.domain"
+    hostname: "jellyfin"
+    image: "linuxserver/jellyfin:latest"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/jellyfin/cache:/cache"
+      - "/srv/data/docker/jellyfin/config:/config"
+      - "/srv/data/shared/media:/media"

lidarr.yaml

@@ -0,0 +1,33 @@
+  lidarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.lidarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.lidarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.lidarr-rtr.rule: "Host(`lidarr.your.domain`)"
+        traefik.http.routers.lidarr-rtr.service: "lidarr"
+        traefik.http.services.lidarr.loadbalancer.server.port: "8686"
+      replicas: 1
+    environment:
+      PUID: 10010
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:8686"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "lidarr"
+    image: "linuxserver/lidarr"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/lidarr/config:/config"
+      - "/srv/data/shared/deemix:/data/deemix"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/lidarr/custom-services.d:/custom-services.d"
+      - "/srv/data/docker/lidarr/custom-cont-init.d:/custom-cont-init.d"

mylar3.yaml

@@ -0,0 +1,31 @@
+  mylar3:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.mylar3-rtr.entrypoints: "websecure"
+        traefik.http.routers.mylar3-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.mylar3-rtr.rule: "Host(`mylar3.your.domain`)"
+        traefik.http.routers.mylar3-rtr.service: "mylar3"
+        traefik.http.services.mylar3.loadbalancer.server.port: "8090"
+      replicas: 1
+    environment:
+      PUID: 10019
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://mylar3:8090"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "mylar3"
+    image: "linuxserver/mylar3"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/mylar3/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/mylar3/custom-cont-init.d:/custom-cont-init.d"

nextcloud.yaml

@@ -0,0 +1,47 @@
+  nextcloud:
+    container_name: "nextcloud"
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.nextcloud-rtr.entrypoints: websecure
+        traefik.http.routers.nextcloud-rtr.middlewares: "nextcloud-dav@swarm, nextcloud-index@swarm"
+        traefik.http.routers.nextcloud-rtr.rule: "Host(`nextcloud.your.domain`)"
+        traefik.http.routers.nextcloud-rtr.service: "nextcloud"
+        traefik.http.services.nextcloud.loadbalancer.server.port: "80"
+        traefik.http.middlewares.nextcloud-dav.redirectregex.regex: "https://(.*t)/.well-known/(card|cal)dav"
+        traefik.http.middlewares.nextcloud-dav.redirectregex.replacement: "https://$$1/remote.php/dav/"
+        traefik.http.middlewares.nextcloud-dav.redirectregex.permanent: "true"
+        traefik.http.middlewares.nextcloud-index.redirectregex.regex: "https://(.*t)/.well-known/(webfinger|nodeinfo)"
+        traefik.http.middlewares.nextcloud-index.redirectregex.replacement: "https://$$1/index.php/.well-known/$$2"
+        traefik.http.middlewares.nextcloud-index.redirectregex.permanent: "true"
+      replicas: 1
+    environment:
+      POSTGRES_DB: "nextcloud"
+      POSTGRES_USER: "nextcloud"
+      POSTGRES_PASSWORD_FILE: "/run/secrets/nextcloud"
+      POSTGRES_HOST: "postgres"
+      NEXTCLOUD_ADMIN_USER: "admin"
+      NEXTCLOUD_ADMIN_PASSWORD_FILE: "/run/secrets/nextcloud-admin"
+      NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.your.domain"
+      REDIS_HOST: "valkey"
+      SMTP_HOST: "your.mail.server"
+      SMTP_SECURE: "starttls"
+      SMTP_PORT: "25"
+      SMTP_AUTHTYPE: "PLAIN"
+      MAIL_FROM_ADDRESS: "nextcloud@your.domain"
+      MAIL_DOAIN: "your.domain"
+      TRUSTED_PROXIES: "10.64.0.0/16"
+      APACHE_DISABLE_REWRITE_IP: 1
+    image: "nextcloud:production"
+    logging:
+      driver: journald
+    networks:
+      - homelab
+    ports:
+      - "8080:80"
+    restart: on-failure
+    secrets:
+      - nextcloud
+      - nextcloud-admin
+    volumes:
+      - "/srv/data/docker/nextcloud/data:/var/www/html"

prowlarr.yaml

@@ -0,0 +1,27 @@
+  prowlarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.prowlarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.prowlarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.prowlarr-rtr.rule: "Host(`prowlarr.your.domain`)"
+        traefik.http.routers.prowlarr-rtr.service: "prowlarr"
+        traefik.http.services.prowlarr.loadbalancer.server.port: "9696"
+        replicas: 1
+    environment:
+      PUID: 10009
+      PGID: 10009
+      UMASK: 0002 
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:9696"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "prowlarr"
+    image: "linuxserver/prowlarr:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/prowlarr/config:/config"

radarr.yaml

@@ -0,0 +1,32 @@
+  radarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.radarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.radarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.radarr-rtr.rule: "Host(`radarr.your.domain`)"
+        traefik.http.routers.radarr-rtr.service: "radarr"
+        traefik.http.services.radarr.loadbalancer.server.port: "7878"
+      replicas: 1
+    environment:
+      PUID: 10014
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:7878"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "radarr"
+    image: "linuxserver/radarr:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/radarr/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/radarr/custom-cont-init.d:/custom-cont-init.d"
+      - "/srv/data/docker/radarr/custom-services.d:/custom-services.d"

readarr.yaml

@@ -0,0 +1,32 @@
+  readarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.readarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.readarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.readarr-rtr.rule: "Host(`readarr.your.domain`)"
+        traefik.http.routers.readarr-rtr.service: "readarr"
+        traefik.http.services.readarr.loadbalancer.server.port: "8787"
+      replicas: 1
+    environment:
+      PUID: 10017
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:8787"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "readarr"
+    image: "linuxserver/readarr:develop"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/readarr/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/readarr/custom-cont-init.d:/custom-cont-init.d"
+      - "/srv/data/docker/readarr/custom-services.d:/custom-services.d"

sabnzbd.yaml

@@ -11,7 +11,7 @@
     environment:
       PUID: 10005
       PGID: 10002
-      UMASK: 002
+      UMASK: 0002
       TZ: "Etc/UTC"
     healthcheck:
       test: "curl -f http:///localhost:8080"

scripts/mylar3/custom-cont-init.d/mylar3-listen.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+export LOCAL_IP=$(ip addr | grep -E 'inet 10\.64\..*/16' | sed -e 's|.*\(10\.64\..*\..*\)/16.*|\1|')
+
+sed -i -e "/http_host/s| = .*\..*\..*\..*| = ${LOCAL_IP}|" /config/mylar/config.ini 

sonarr.yaml

@@ -0,0 +1,32 @@
+  sonarr:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.sonarr-rtr.entrypoints: "websecure"
+        traefik.http.routers.sonarr-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.sonarr-rtr.rule: "Host(`sonarr.your.domain`)"
+        traefik.http.routers.sonarr-rtr.service: "sonarr"
+        traefik.http.services.sonarr.loadbalancer.server.port: "8989"
+      replicas: 1
+    environment:
+      PUID: 10013
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:8989"
+      interval: 2m
+      timeout: 5s
+      start_period: 20s
+    hostname: "sonarr"
+    image: "linuxserver/sonarr:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/sonarr/config:/config"
+      - "/srv/data/shared/usenet:/data/usenet"
+      - "/srv/data/shared/torrent:/data/torrent"
+      - "/srv/data/shared/media:/data/media"
+      - "/srv/data/docker/radarr/custom-cont-init.d:/custom-cont-init.d"
+      - "/srv/data/docker/radarr/custom-services.d:/custom-services.d"

transmission.yaml

@@ -0,0 +1,28 @@
+  transmission:
+    deploy:
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.transmission-rtr.entrypoints: "websecure"
+        traefik.http.routers.transmission-rtr.middlewares: "authentik@swarm"
+        traefik.http.routers.transmission-rtr.rule: "Host(`transmission.<your.domain>`)"
+        traefik.http.routers.transmission-rtr.service: "transmission"
+        traefik.http.services.transmission.loadbalancer.server.port: "9091"
+      replicas: 1
+    environment:
+      PUID: 10006
+      PGID: 10002
+      UMASK: 0002
+      TZ: "Etc/UTC"
+    healthcheck:
+      test: "curl -f http://localhost:9091"
+      interval: 2m
+      timeout: 5s
+      start_period: 1m
+    hostname: "transmission"
+    image: "linuxserver/transmission:latest"
+    networks:
+      - homelab
+    restart: on-failure
+    volumes:
+      - "/srv/data/docker/transmission/config:/config"
+      - "/srv/data/shared/torrent:/download"