version: '3.7' services: traefik: container_name: traefik image: "traefik" restart: always network_mode: host command: # - "--log.level=DEBUG" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.useBindPortIP=true" - "--providers.file=true" - "--providers.file.directory=/configuration/" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.secureweb.address=:443" - "--metrics" - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=PathPrefix(`/traefik`) || PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - "traefik.http.middlewares.dashboard.replacepathregex.regex=^/traefik/(.*)" - "traefik.http.middlewares.dashboard.replacepathregex.replacement=/dashboard/$$1" - "traefik.http.routers.dashboard.middlewares=dashboard" - "traefik.http.routers.dashboard.entrypoints=web" - "traefik.http.services.dashboard.loadbalancer.server.port=8080" - "traefik.http.routers.dashboard.service=api@internal" depends_on: - pihole volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /srv/docker/container/traefik/:/configuration - /srv/docker/container/letsencrypt/etc:/letsencrypt - /etc/localtime:/etc/localtime:ro sonarr: container_name: sonarr image: linuxserver/sonarr restart: always environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`son.depaoli.id.au`)" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.entrypoints=secureweb" depends_on: - pihole volumes: - /srv/docker/container/sonarr/config:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/series:/tv - /etc/localtime:/etc/localtime:ro lidarr: container_name: lidarr image: linuxserver/lidarr restart: always environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.lidarr.rule=PathPrefix(`/lidarr/`)" - "traefik.http.routers.lidarr.entrypoints=web" ports: - "8686:8686" depends_on: - pihole volumes: - /srv/docker/container/lidarr/config:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/music:/music - /etc/localtime:/etc/localtime:ro radarr: container_name: radarr image: linuxserver/radarr restart: always environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`rad.depaoli.id.au`)" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.entrypoints=secureweb" depends_on: - pihole volumes: - /srv/docker/container/radarr/config:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/movies:/movies - /etc/localtime:/etc/localtime:ro readarr: container_name: readarr image: linuxserver/readarr:nightly restart: always environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.readarr.rule=PathPrefix(`/readarr/`)" - "traefik.http.routers.readarr.entrypoints=web" depends_on: - pihole volumes: - /srv/docker/container/readarr/config:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/books:/books - /etc/localtime:/etc/localtime:ro calibre: container_name: calibre image: linuxserver/calibre restart: always environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 ports: - 18080:8080 - 18081:8081 labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" # - "traefik.http.routers.calibre.rule=PathPrefix(`/calibre/`)" # - "traefik.http.services.calibre.loadbalancer.server.port=8080" # - "traefik.http.middlewares.stripprefix-calibre.stripprefix.prefixes=/calibre" # - "traefik.http.routers.calibre.entrypoints=web" # - "traefik.http.routers.calibreweb.rule=PathPrefix(`/calibreweb/`)" # - "traefik.http.services.calibreweb.loadbalancer.server.port=8081" # - "traefik.http.middlewares.stripprefix-calibreweb.stripprefix.prefixes=/calibreweb" # - "traefik.http.routers.calibreweb.entrypoints=web" depends_on: - pihole volumes: - /srv/docker/container/calibre/config:/config - /etc/localtime:/etc/localtime:ro emby: container_name: emby image: emby/embyserver restart: always network_mode: host environment: - UID=500 - GID=500 # 44 is video for nvidia driver support / transcoding - GIDLIST=44 - TZ=Australia/Melbourne volumes: - /srv/docker/container/emby/config:/config - /export/docker/storage/transcode:/transcode - /export/docker/storage:/data - /export/myth/tv:/myth-recordings - /etc/localtime:/etc/localtime:ro depends_on: - pihole labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.emby.rule=Host(`emby.depaoli.id.au`)" - "traefik.http.services.emby.loadbalancer.server.port=8096" - "traefik.http.routers.emby.tls=true" - "traefik.http.routers.emby.entrypoints=secureweb" # # fail2ban is a bit jumpy from memory, so I've added a whitelist # but its not going to survive a pull... and it seems if I mount # the docker container before its initialised it ends up empty # (timing?) so I have done this by hand # for now, until I work out a solution: ## sudo docker exec -it mail bash ## root@mail:/etc/fail2ban/jail.d# cat > whitelist.conf ## [DEFAULT] ## ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 # sudo docker-compose restart mail # mail: image: docker.io/mailserver/docker-mailserver:latest hostname: mail domainname: depaoli.id.au container_name: mail restart: always ports: - "25:25" - "465:465" - "587:587" - "993:993" labels: - "com.centurylinklabs.watchtower.enable=true" depends_on: - pihole - openldap volumes: - /srv/docker/container/mail/data:/var/mail - /srv/docker/container/mail/state:/var/mail-state - /srv/docker/container/mail/log:/var/log/mail - /srv/docker/container/mail/config/:/tmp/docker-mailserver/ - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt - /etc/localtime:/etc/localtime:ro environment: - ENABLE_SPAMASSASSIN=1 - ENABLE_SPAMASSASSIN_KAM=1 - SPAMASSASIN_SPAM_TO_INBOX=1 - MOVE_SPAM_TO_JUNK=1 - SA_SPAM_SUBJECT=1 - ENABLE_CLAMAV=1 - ENABLE_FAIL2BAN=1 - ENABLE_POSTGREY=0 - SPOOF_PROTECTION=1 - ONE_DIR=1 - DMS_DEBUG=0 - LOG_LEVEL=warn - AMAVIS_LOGLEVEL=-1 # in theory these next 2 being empty disables them, but that does not seem to work - ENABLE_POP3 - ENABLE_MANAGESIEVE - ENABLE_LDAP=1 - LDAP_SERVER_HOST=openldap # your ldap container/IP/ServerName - LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au - LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - LDAP_BIND_PW=a_real_admin_pass_word_for_2o20 - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s) - LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward))) - DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) - DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) - ENABLE_SASLAUTHD=1 - SASLAUTHD_MECHANISMS=ldap - SASLAUTHD_LDAP_SERVER=openldap - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20 - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person)) - POSTMASTER_ADDRESS=postmaster@depaoli.id.au - POSTFIX_MESSAGE_SIZE_LIMIT=100000000 - SSL_TYPE=letsencrypt cap_add: - NET_ADMIN - SYS_PTRACE openldap: image: osixia/openldap:latest container_name: openldap # command: "--loglevel debug" restart: always labels: - "com.centurylinklabs.watchtower.enable=true" environment: LDAP_LOG_LEVEL: "32768" LDAP_ORGANISATION: "Depaoli home ldap" LDAP_DOMAIN: "depaoli.id.au" LDAP_BASE_DN: "" LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20" LDAP_CONFIG_PASSWORD: "in_2021_yet_another_real_pwd_for_adm" LDAP_READONLY_USER: "false" LDAP_RFC2307BIS_SCHEMA: "false" LDAP_BACKEND: "mdb" LDAP_TLS: "true" LDAP_TLS_CRT_FILENAME: "cert.pem" LDAP_TLS_KEY_FILENAME: "privkey.pem" LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem" LDAP_TLS_CA_CRT_FILENAME: "fullchain.pem" LDAP_TLS_ENFORCE: "false" LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC" LDAP_TLS_PROTOCOL_MIN: "3.1" LDAP_TLS_VERIFY_CLIENT: "try" LDAP_REPLICATION: "false" KEEP_EXISTING_CONFIG: "false" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_SSL_HELPER_PREFIX: "ldap" # get an ldap.depaoli.id.au cert, and put it into /srv/docker/container/ldap/certs # hostname: "ldap" # domainname: "depaoli.id.au" tty: true stdin_open: true depends_on: - pihole volumes: - /srv/docker/container/ldap/var/lib/ldap:/var/lib/ldap - /srv/docker/container/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d - /srv/docker/container/ldap/certs/:/container/service/slapd/assets/certs - /srv/docker/container/ldap/ldifs/:/ldifs/ - /etc/localtime:/etc/localtime:ro ports: - "389:389" - "636:636" phpldapadmin: image: ghcr.io/colibris-xyz/phpldapadmin:latest container_name: phpldapadmin restart: always environment: LDAP_HOST: "openldap" LDAP_USE_TLS: "false" LDAP_BASE: "dc=depaoli,dc=id,dc=au" labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.phpldapadmin.rule=PathPrefix(`/phpldapadmin/`)" - "traefik.http.middlewares.stripprefix-phpldapadmin.stripprefix.prefixes=/phpldapadmin" - "traefik.http.routers.phpldapadmin.middlewares=stripprefix-phpldapadmin@docker" - "traefik.http.routers.phpldapadmin.entrypoints=web" depends_on: - pihole - openldap volumes: - /srv/docker/container/phpldapadmin/var/www/phpldapadmin:/var/www/html - /etc/localtime:/etc/localtime:ro # webmail roundcubemail: image: roundcube/roundcubemail:latest container_name: roundcubemail restart: always labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.roundcube.rule=Host(`webmail.depaoli.id.au`)" - "traefik.http.routers.roundcube.entrypoints=secureweb" - "traefik.http.routers.roundcube.tls=true" volumes: - /srv/docker/container/roundcubemail/www:/var/www/html - /srv/docker/container/roundcubemail/db/sqlite:/var/roundcube/db - /srv/docker/container/roundcubemail/tmp/roundcube-temp:/tmp/roundcube-temp - /srv/docker/container/roundcubemail/var/roundcube/config:/var/roundcube/config - /etc/localtime:/etc/localtime:ro depends_on: - pihole - mail - openldap environment: - ROUNDCUBEMAIL_DB_TYPE=sqlite - ROUNDCUBEMAIL_SKIN=elastic - ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail.depaoli.id.au - ROUNDCUBEMAIL_DEFAULT_PORT=993 - ROUNDCUBEMAIL_SMTP_SERVER=ssl://mail.depaoli.id.au - ROUNDCUBEMAIL_SMTP_PORT=465 portainer: container_name: portainer image: portainer/portainer-ce:latest restart: always depends_on: - pihole volumes: - /var/run/docker.sock:/var/run/docker.sock - /srv/docker/container/portainer/data:/data - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)" - "traefik.http.middlewares.stripprefix-portainer.stripprefix.prefixes=/portainer" - "traefik.http.routers.portainer.middlewares=stripprefix-portainer@docker" - "traefik.http.routers.portainer.entrypoints=web" - "traefik.http.services.portainer.loadbalancer.server.port=9000" plex: container_name: plex image: plexinc/pms-docker restart: always environment: - TZ=Australia/Melbourne - PLEX_CLAIM=claim-Mgs3KDD_zM-rheXvz6FJ - PLEX_UID=500 - PLEX_GID=500 hostname: plex_dp labels: - "com.centurylinklabs.watchtower.enable=true" depends_on: - pihole volumes: - /myth/opt/plex/config:/config - /myth/opt/plex/transcode:/transcode - /myth/opt/storage:/data - /etc/localtime:/etc/localtime:ro ports: - "32400:32400" hass: image: ghcr.io/home-assistant/home-assistant:stable container_name: hass privileged: true network_mode: host restart: always security_opt: - seccomp:unconfined depends_on: - pihole - openldap volumes: - /srv/docker/container/hass:/config # this line adds known hosts file to /root's .ssh so the 'command line authenticaion' works on login on every new container - /srv/docker/container/hass/ssh/known_hosts:/root/.ssh/known_hosts - /var/run/docker.sock:/var/run/docker.sock - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket - /etc/localtime:/etc/localtime:ro - /run/dbus:/run/dbus:ro labels: - "com.centurylinklabs.watchtower.enable=false" mass: image: ghcr.io/music-assistant/server container_name: mass restart: always network_mode: host depends_on: - pihole volumes: - /srv/docker/container/mass/data:/data - /export/docker/storage/music:/music - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.mass.rule=Host(`hass.depaoli.id.au`) && PathPrefix(`/mass/`)" - "traefik.http.routers.mass.tls=true" - "traefik.http.routers.mass.entrypoints=secureweb" - "traefik.http.middlewares.stripprefix-mass.stripprefix.prefixes=/mass" - "traefik.http.routers.mass.middlewares=stripprefix-mass@docker" - "traefik.http.services.mass.loadbalancer.server.port=8095" mosquitto: container_name: mosquitto image: eclipse-mosquitto:latest restart: always volumes: - /srv/docker/container/mosquitto:/mosquitto - /srv/docker/container/mosquitto/data:/mosquitto/data - /srv/docker/container/mosquitto/log:/mosquitto/log labels: - "com.centurylinklabs.watchtower.enable=true" ports: - "1883:1883" esphome: container_name: esphome image: esphome/esphome volumes: - /srv/docker/container/esphome/config:/config - /dev:/dev - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.esphome.rule=Host(`hass.depaoli.id.au`) && PathPrefix(`/esphome/`)" - "traefik.http.routers.esphome.tls=true" - "traefik.http.routers.esphome.entrypoints=secureweb" - "traefik.http.middlewares.stripprefix-esphome.stripprefix.prefixes=/esphome" - "traefik.http.routers.esphome.middlewares=stripprefix-esphome@docker" restart: always privileged: true ports: - "6052:6052" sabnzbd: image: linuxserver/sabnzbd container_name: sabnzbd restart: always environment: - PUID=500 - PGID=500 - TZ=Australia/Melbourne depends_on: - pihole volumes: - /srv/docker/container/sabnzbd/:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/incomplete-downloads:/incomplete-downloads - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd/`)" - "traefik.http.routers.sabnzbd.entrypoints=web" # Monitoring speedtest-exporter: image: jraviles/prometheus_speedtest:latest container_name: speedtest-exporter labels: - "com.centurylinklabs.watchtower.enable=true" depends_on: - pihole volumes: - /etc/localtime:/etc/localtime:ro restart: always prometheus: image: prom/prometheus:latest container_name: prometheus depends_on: - pihole volumes: - /srv/docker/container/prometheus/:/etc/prometheus/ - /srv/docker/container/prometheus/data:/prometheus - /etc/localtime:/etc/localtime:ro command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/usr/share/prometheus/console_libraries' - '--web.console.templates=/usr/share/prometheus/consoles' - '--web.enable-lifecycle' labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.prometheus.rule=PathPrefix(`/prometheus/`)" - "traefik.http.routers.prometheus.entrypoints=web" links: - cadvisor:cadvisor - node-exporter:node-exporter - blackbox_exporter:blackbox_exporter ports: - 9090:9090 restart: always node-exporter: image: prom/node-exporter:latest container_name: node-exporter volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro - /srv/docker/container/node-exporter/textfile_collector:/var/lib/node_exporter/textfile_collector - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" command: - '--path.procfs=/host/proc' - '--path.sysfs=/host/sys' - --collector.filesystem.ignored-mount-points - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" - --collector.textfile.directory - "/var/lib/node_exporter/textfile_collector" restart: always cadvisor: image: gcr.io/cadvisor/cadvisor:latest container_name: cadvisor privileged: true command: - '--disable_metrics=udp' - '-v=2' - '--housekeeping_interval=30s' labels: - "com.centurylinklabs.watchtower.enable=true" volumes: - /:/rootfs:ro - /var/run:/var/run:rw - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro - /etc/localtime:/etc/localtime:ro restart: always blackbox_exporter: image: prom/blackbox-exporter container_name: blackbox-exporter:latest command: - '--config.file=/etc/blackboxexporter/config.yml' labels: - "com.centurylinklabs.watchtower.enable=true" volumes: - /srv/docker/container/blackboxexporter/:/etc/blackboxexporter/ restart: always grafana: image: grafana/grafana:latest container_name: grafana restart: always depends_on: - prometheus volumes: - /srv/docker/container/grafana/grafana.ini:/etc/grafana/grafana.ini - /srv/docker/container/grafana/data:/var/lib/grafana - /srv/docker/container/grafana/dashboards:/var/lib/grafana/dashboards - /srv/docker/container/grafana/grafana/provisioning:/etc/grafana/provisioning - /etc/localtime:/etc/localtime:ro env_file: - /srv/docker/container/grafana/config.monitoring labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.grafana_ssl.rule=Host(`graf.depaoli.id.au`)" - "traefik.http.routers.grafana_ssl.tls=true" - "traefik.http.routers.grafana_ssl.entrypoints=secureweb" - "traefik.http.routers.grafana.rule=PathPrefix(`/grafana/`)" - "traefik.http.routers.grafana.entrypoints=web" pihole: container_name: pihole image: pihole/pihole:latest ports: - "192.168.0.2:53:53/tcp" - "192.168.0.2:53:53/udp" - "9999:80" environment: TZ: 'Australia/Melbourne' WEBPASSWORD: 'O701JH&%fDqIw836eTiw1LxzlGw!sn%c' DNS1: '192.168.0.2' DNS2: '208.67.222.222' volumes: - /srv/docker/container/pihole/etc/:/etc/pihole/ - /srv/docker/container/pihole/dnsmasq.d/:/etc/dnsmasq.d/ - /etc/localtime:/etc/localtime:ro restart: always labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.pihole.rule=PathPrefix(`/pihole/`)" - "traefik.http.routers.pihole.entrypoints=web" - "traefik.http.middlewares.stripprefix-pihole.stripprefix.prefixes=/pihole" - "traefik.http.services.pihole.loadbalancer.server.port=80" - "traefik.http.routers.pihole.middlewares=stripprefix-pihole@docker" bookdb_dev: container_name: bookdb_dev image: postgres:latest restart: always environment: POSTGRES_PASSWORD: blahdeblah POSTGRES_USER: ddp POSTGRES_DB: library PGPASSWORD: NWNlfa01 depends_on: - pihole ports: - '55432:5432' volumes: - /srv/docker/container/bookdb_dev/data:/var/lib/postgresql/data - /srv/docker/container/bookdb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /etc/localtime:/etc/localtime:ro bookdb: container_name: bookdb image: postgres:latest restart: always environment: POSTGRES_PASSWORD: blahdeblah POSTGRES_USER: ddp POSTGRES_DB: library PGPASSWORD: NWNlfa01 depends_on: - pihole volumes: - /srv/docker/container/bookdb/data:/var/lib/postgresql/data - /srv/docker/container/bookdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /etc/localtime:/etc/localtime:ro bookdb_webdev: container_name: bookdb_webdev restart: always environment: FLASK_ENV: "container" build: context: '/home/ddp/src/pybook' depends_on: - bookdb_dev - pihole ports: - '5001:5000' volumes: - /etc/localtime:/etc/localtime:ro - /home/ddp/src/pybook/:/pybook_mapped_volume labels: - "com.centurylinklabs.watchtower.enable=false" bookdb_web: container_name: bookdb_web restart: always environment: FLASK_ENV: "production" build: context: '/home/ddp/src/pybook' depends_on: - bookdb - pihole volumes: - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" - "traefik.enable=true" - "traefik.tcp.routers.bookdb_web-tcp.rule=HostSNI(`book.depaoli.id.au`)" - "traefik.tcp.routers.bookdb_web-tcp.tls.passthrough=true" - "traefik.tcp.routers.bookdb_web-tcp.entrypoints=secureweb" padb_dev: container_name: padb_dev build: context: '/home/ddp/src/photoassistant/db-container' restart: always environment: POSTGRES_PASSWORD: for_now_pa POSTGRES_USER: pa POSTGRES_DB: pa PGPASSWORD: for_now_overall_pg_pass ports: - '65432:5432' depends_on: - pihole volumes: - /srv/docker/container/padb_dev/data:/var/lib/postgresql/data - /srv/docker/container/padb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /etc/localtime:/etc/localtime:ro padb: container_name: padb build: context: '/home/ddp/src/photoassistant/db-container' restart: always environment: POSTGRES_PASSWORD: for_now_pa POSTGRES_USER: pa POSTGRES_DB: pa PGPASSWORD: for_now_overall_pg_pass depends_on: - pihole volumes: - /srv/docker/container/padb/data:/var/lib/postgresql/data - /srv/docker/container/padb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /etc/localtime:/etc/localtime:ro paweb: container_name: paweb restart: always build: context: '/home/ddp/src/photoassistant' args: PJM_UID: 500 PJM_GID: 500 depends_on: - padb volumes: - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt - /export/docker/storage:/export/docker/storage - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" - "traefik.enable=true" - "traefik.tcp.routers.paweb-tcp.rule=HostSNI(`pa.depaoli.id.au`)" - "traefik.tcp.routers.paweb-tcp.tls.passthrough=true" - "traefik.tcp.routers.paweb-tcp.entrypoints=secureweb" tix: container_name: tix restart: always environment: ENV: "production" build: context: '/home/ddp/src/snow-ticket-analysis' args: PJM_UID: 500 PJM_GID: 500 volumes: - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt - /home/ddp/src/snow-ticket-analysis/stats.db:/stats.db - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" - "traefik.enable=true" - "traefik.tcp.routers.tix-tcp.rule=HostSNI(`tix.depaoli.id.au`)" - "traefik.tcp.routers.tix-tcp.tls.passthrough=true" - "traefik.tcp.routers.tix-tcp.entrypoints=secureweb" vaultwarden: container_name: bitwarden restart: always image: vaultwarden/server:latest depends_on: - pihole - openldap volumes: - /srv/docker/container/bitwarden_rs/data:/data - /etc/localtime:/etc/localtime:ro environment: - "ORG_EVENTS_ENABLED=true" labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.bitwarden_rs.rule=Host(`bw.depaoli.id.au`) || Host(`ddphome.asuscomm.com`)" - "traefik.http.routers.bitwarden_rs.tls=true" - "traefik.http.routers.bitwarden_rs.tls.options=tls12@file" - "traefik.http.routers.bitwarden_rs.entrypoints=secureweb" # auto-update docker images watchtower: container_name: watchtower image: containrrr/watchtower:latest command: --schedule "0 0 3 * * *" --debug --stop-timeout 60s --label-enable --cleanup restart: always depends_on: - pihole labels: - "com.centurylinklabs.watchtower.enable=true" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "/etc/localtime:/etc/localtime:ro" wikidb: image: postgres:latest container_name: wikidb environment: POSTGRES_DB: wiki POSTGRES_PASSWORD: NOE82KzuLOr46EvJOJEmSXr4WW8Lt79Gdmr4n6eD765UHjaD22bvgs1cnU9x4RCn POSTGRES_USER: wikijs logging: driver: "none" restart: always depends_on: - openldap - pihole labels: - "com.centurylinklabs.watchtower.enable=true" volumes: - "/srv/docker/container/wikidb/data:/var/lib/postgresql/data" - "/srv/docker/container/wikidb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d" - "/etc/localtime:/etc/localtime:ro" wiki: image: requarks/wiki:2 container_name: wiki depends_on: - openldap - wikidb environment: DB_TYPE: postgres DB_HOST: wikidb DB_PORT: 5432 DB_USER: wikijs DB_PASS: NOE82KzuLOr46EvJOJEmSXr4WW8Lt79Gdmr4n6eD765UHjaD22bvgs1cnU9x4RCn DB_NAME: wiki restart: always volumes: - "/srv/docker/container/wiki/data/content:/wiki/data/content" - "/etc/localtime:/etc/localtime:ro" labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.wiki.rule=Host(`wiki.depaoli.id.au`)" - "traefik.http.routers.wiki.tls=true" - "traefik.http.routers.wiki.entrypoints=secureweb" wetty: image: wettyoss/wetty container_name: wetty restart: always command: - --base=/ - --ssh-host=192.168.0.2 labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.wetty.rule=Host(`ssh.depaoli.id.au`)" - "traefik.http.routers.wetty.tls=true" - "traefik.http.routers.wetty.entrypoints=secureweb" depends_on: - pihole - openldap volumes: - "/etc/localtime:/etc/localtime:ro" # used for hass (eufy) to get notifications from camera eufy_security_ws: image: bropat/eufy-security-ws:latest container_name: eufy_security_ws restart: always environment: - "USERNAME=eufy_hass@depaoli.id.au" - "PASSWORD=JUkoCuA!wH*f9Jeg^w*d" - "COUNTRY=AU" - "DEBUG=-v" - "TRUSTED_DEVICE_NAME=Pixel Pro 7" ports: - "3000:3000" labels: - "com.centurylinklabs.watchtower.enable=true" depends_on: - pihole volumes: - "/srv/docker/container/eufy_security_ws/data:/data" - "/etc/localtime:/etc/localtime:ro" - "/etc/timezone:/etc/timezone:ro" # used for hass (eufy) to stream from camera rtsp_simple_server: image: aler9/rtsp-simple-server container_name: rtsp_simple_server restart: always environment: - "RTSP_PROTOCOLS=tcp" ports: - "1935:1935" - "8554:8554" labels: - "com.centurylinklabs.watchtower.enable=true" depends_on: - pihole volumes: - "/etc/localtime:/etc/localtime:ro" # autodiscover: # image: monogramm/autodiscover-email-settings:latest # container_name: autodiscover # environment: # - COMPANY_NAME=depaoli # - SUPPORT_URL=https://autodiscover.depaoli.id.au # - DOMAIN=depaoli.id.au # # IMAP configuration (host mandatory to enable) # - IMAP_HOST=mail.depaoli.id.au # - IMAP_PORT=993 # - IMAP_SOCKET=SSL # # POP configuration (host mandatory to enable) # #- POP_HOST=pop3.example.com # #- POP_PORT=995 # #- POP_SOCKET=SSL # # SMTP configuration (host mandatory to enable) # - SMTP_HOST=mail.depaoli.id.au # - SMTP_PORT=587 # - SMTP_SOCKET=STARTTLS # # MobileSync/ActiveSync configuration (url mandatory to enable) # #- MOBILESYNC_URL=https://sync.example.com # #- MOBILESYNC_NAME=sync.example.com # # LDAP configuration (host mandatory to enable) # #- LDAP_HOST=ldap.example.com # #- LDAP_PORT=636 # #- LDAP_SOCKET=SSL # #- LDAP_BASE=dc=ldap,dc=example,dc=com # #- LDAP_USER_FIELD=uid # #- LDAP_USER_BASE=ou=People,dc=ldap,dc=example,dc=com # #- LDAP_SEARCH=(|(objectClass=PostfixBookMailAccount)) # # Apple mobile config identifiers (identifier mandatory to enable) # - PROFILE_IDENTIFIER=au.id.depaoli.autodiscover # - PROFILE_UUID=92943D26-CAB3-4086-897D-DC6C0D8B1E86 # - MAIL_UUID=7A981A9E-D5D0-4EF8-87FE-39FD6A506FAC # - LDAP_UUID=6ECB6BA9-2208-4ABF-9E60-4E9F4CD7309E # labels: # - "com.centurylinklabs.watchtower.enable=true" # - "traefik.enable=true" # - "traefik.http.routers.radarr.rule=Host(`autodiscover.depaoli.id.au`)" # - "traefik.http.routers.radarr.tls=true" # - "traefik.http.routers.radarr.entrypoints=secureweb" ark-server: restart: always image: hermsi/ark-server:latest container_name: ark-server volumes: - /srv/docker/container/ark-server:/app - /srv/docker/container/ark-server-backups:/home/steam/ARK-Backups environment: - "SESSION_NAME=The Island - ARK" - "SERVER_MAP=TheIsland" - "SERVER_PASSWORD=bagrid" - "ADMIN_PASSWORD=arkadminpassword" - "MAX_PLAYERS=5" - "UPDATE_ON_START=false" - "BACKUP_ON_STOP=true" - "PRE_UPDATE_BACKUP=true" - "WARN_ON_STOP=true" - "GAME_MOD_IDS=1404697612,1428596566,772235118,895711211" ports: # Port for connections from ARK game client - "7777:7777/udp" # Raw UDP socket port (always Game client port +1) - "7778:7778/udp" # RCON management port - "27020:27020/tcp" # Steam's server-list port - "27015:27015/udp" # php wordpress (use traefik for https ssl offload) # mimosa-clinic: # restart: always # container_name: mimosa-clinic # image: wordpress:latest # links: # - mimosa-db:mysql # environment: # - WORDPRESS_DB_PASSWORD=badf)gaklsdjf77@(6234a # - WORDPRESS_DB_USER=root # ports: # - "8787:80" # volumes: # - /srv/docker/container/mimosa-clinic/www-data:/var/www/html # labels: # - "com.centurylinklabs.watchtower.enable=true" # - "traefik.enable=true" # - "traefik.http.routers.mimosa.entrypoints=secureweb" # - "traefik.http.routers.mimosa.rule=Host(`mimosa.depaoli.id.au`)" # - "traefik.http.routers.mimosa.tls=true" # - "traefik.http.routers.mimosa-http.entrypoints=web" # - "traefik.http.routers.mimosa-http.rule=Host(`mimosa.depaoli.id.au`)" # - "traefik.http.middlewares.mimosa-http-redirect.redirectscheme.scheme=https" # - "traefik.http.middlewares.mimosa-http-redirect.redirectscheme.permanent=true" # - "traefik.http.routers.mimosa-http.middlewares=mimosa-http-redirect@docker" # mimosa-db: # restart: always # container_name: mimosa-db # image: mariadb:latest # environment: # - MYSQL_ROOT_PASSWORD=badf)gaklsdjf77@(6234a # - MYSQL_DATABASE=wordpress # labels: # - "com.centurylinklabs.watchtower.enable=true" # volumes: # - /srv/docker/container/mimosa-clinic/database:/var/lib/mysql kuma: image: louislam/uptime-kuma:latest container_name: kuma volumes: - /srv/docker/container/kuma:/app/data - /var/run/docker.sock:/var/run/docker.sock:ro ports: - 3001:3001 # : labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.kuma.rule=Host(`mon.depaoli.id.au`)" - "traefik.http.routers.kuma.tls=true" - "traefik.http.routers.kuma.entrypoints=secureweb" restart: always # myth? # this: https://github.com/delnaught/mythtv-containers/blob/main/compose-mythtv/docker-compose.yml # in this link, there is also up a dir, docker/* that proivide Docker files, rather than compose to this guys repo? # OR: https://hub.docker.com/r/instantlinux/mythtv-backend/tags # should probably create 3 containers, mysql for mythtv, shepherd and then mythtv-backend