version: '2.1' services: traefik: container_name: traefik image: "traefik" restart: unless-stopped network_mode: host depends_on: - radarr - sonarr command: # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.useBindPortIP=true" - "--providers.file=true" - "--providers.file.directory=/configuration/" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.secureweb.address=:443" - "--metrics" - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" ports: - "80:80" - "443:443" - "8080:8080" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/srv/docker/container/traefik/:/configuration" - "/srv/docker/container/letsencrypt/etc:/letsencrypt" labels: - "traefik.http.routers.myth.rule=PathPrefix(`/mythweb/`)" - "traefik.http.services.myth.loadbalancer.server.port=5678" - "traefik.http.routers.myth.entrypoints=web" sonarr: container_name: sonarr image: linuxserver/sonarr restart: unless-stopped environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.depaoli.id.au`)" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.entrypoints=secureweb" volumes: - /srv/docker/container/sonarr/config:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/series:/tv radarr: container_name: radarr image: linuxserver/radarr restart: unless-stopped environment: - TZ=Australia/Melbourne - PUID=500 - PGID=500 labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.depaoli.id.au`)" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.entrypoints=secureweb" volumes: - /srv/docker/container/radarr/config:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/movies:/movies emby: container_name: emby image: emby/embyserver restart: unless-stopped network_mode: host environment: - UID=500 - GID=500 # 44 is video for nvidia driver support / transcoding - GIDLIST=44 - TZ=Australia/Melbourne volumes: - /srv/docker/container/emby/config:/config - /srv/docker/container/emby/transcode:/transcode - /export/docker/storage:/data - /export/myth/tv:/myth-recordings ports: - "8096:8096" - "8920:8920" - "7359:7359/udp" - "1900:1900/udp" # labels: # - "traefik.enable=true" # - "traefik.http.routers.emby.rule=Host(`emby.depaoli.id.au`)" # - "traefik.http.services.emby.loadbalancer.server.port=8096" # - "traefik.http.routers.emby.tls=true" # - "traefik.http.routers.emby.entrypoints=secureweb" devices: - /dev/dri:/dev/dri mail: image: tvial/docker-mailserver:latest hostname: mail domainname: depaoli.id.au container_name: mail ports: - "25:25" - "465:465" - "993:993" volumes: - /srv/docker/container/mail/data:/var/mail - /srv/docker/container/mail/state:/var/mail-state - /srv/docker/container/mail/log:/var/log/mail - /srv/docker/container/mail/config/:/tmp/docker-mailserver/ - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt environment: - ENABLE_SPAMASSASSIN=1 - ENABLE_CLAMAV=1 - ENABLE_FAIL2BAN=0 - ENABLE_POSTGREY=0 - SPOOF_PROTECTION=1 - ONE_DIR=1 - DMS_DEBUG=0 - ENABLE_LDAP=1 - LDAP_SERVER_HOST=openldap # your ldap container/IP/ServerName - LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au - LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - LDAP_BIND_PW=a_real_admin_pass_word_for_2o20 - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s) - LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward))) - DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) - DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) - ENABLE_SASLAUTHD=1 - SASLAUTHD_MECHANISMS=ldap - SASLAUTHD_LDAP_SERVER=openldap - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20 - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person)) - POSTMASTER_ADDRESS=postmaster@depaoli.id.au - POSTFIX_MESSAGE_SIZE_LIMIT=100000000 - SSL_TYPE=letsencrypt cap_add: - NET_ADMIN - SYS_PTRACE openldap: image: osixia/openldap:latest container_name: openldap # command: "--loglevel debug" environment: LDAP_LOG_LEVEL: "256" LDAP_ORGANISATION: "Depaoli home ldap" LDAP_DOMAIN: "depaoli.id.au" LDAP_BASE_DN: "" LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20" LDAP_CONFIG_PASSWORD: "config" LDAP_READONLY_USER: "false" LDAP_RFC2307BIS_SCHEMA: "false" LDAP_BACKEND: "mdb" LDAP_TLS: "true" LDAP_TLS_CRT_FILENAME: "cert.pem" LDAP_TLS_KEY_FILENAME: "privkey.pem" LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem" LDAP_TLS_CA_CRT_FILENAME: "fullchain.pem" LDAP_TLS_ENFORCE: "false" LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC" LDAP_TLS_PROTOCOL_MIN: "3.1" LDAP_TLS_VERIFY_CLIENT: "try" LDAP_REPLICATION: "false" KEEP_EXISTING_CONFIG: "false" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_SSL_HELPER_PREFIX: "ldap" tty: true stdin_open: true volumes: - /srv/docker/container/ldap/var/lib/ldap:/var/lib/ldap - /srv/docker/container/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d - /srv/docker/container/ldap/certs/:/container/service/slapd/assets/certs - /srv/docker/container/ldap/ldifs/:/ldifs/ ports: - "389:389" - "636:636" phpldapadmin: image: osixia/phpldapadmin:latest container_name: phpldapadmin environment: PHPLDAPADMIN_LDAP_HOSTS: "openldap" PHPLDAPADMIN_HTTPS: "false" ports: - "38900:80" depends_on: - openldap # webmail (server) isotope-server: image: marcnuri/isotope:server-latest container_name: isotope-server labels: - "traefik.enable=true" - "traefik.http.routers.isotope-server.rule=PathPrefix(`/api/`)" - "traefik.http.middlewares.stripprefix-isotope-server.stripprefix.prefixes=/api" - "traefik.http.routers.isotope-server.middlewares=stripprefix-isotope-server@docker" - "traefik.http.routers.isotope-server.entrypoints=secureweb" - "traefik.http.routers.isotope-server.tls=true" # webmail (client) isotope-client: image: marcnuri/isotope:client-latest container_name: isotope-client labels: - "traefik.enable=true" - "traefik.http.routers.isotope-client.rule=Host(`webmail.depaoli.id.au`)" - "traefik.http.routers.isotope-client.rule=PathPrefix(`/`)" - "traefik.http.routers.isotope-client.entrypoints=secureweb" - "traefik.http.routers.isotope-client.tls=true" portainer: container_name: portainer image: portainer/portainer restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock - /srv/docker/container/portainer/data:/data labels: - "traefik.enable=true" - "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)" - "traefik.http.middlewares.stripprefix-portainer.stripprefix.prefixes=/portainer" - "traefik.http.routers.portainer.middlewares=stripprefix-portainer@docker" - "traefik.http.routers.portainer.entrypoints=web" plex: container_name: plex image: plexinc/pms-docker restart: unless-stopped environment: - TZ=Australia/Melbourne - PLEX_CLAIM= - PLEX_UID=500 - PLEX_GID=500 hostname: plex_dp volumes: - /myth/opt/plex/config:/config - /myth/opt/plex/transcode:/transcode - /myth/opt/storage:/data ports: - "32400:32400" # - "1900:1900" - "3005:3005" - "5353:5353" - "8324:8324" - "32410:32410" - "32412:32412" - "32413:32413" - "32414:32414" - "32469:32469" # auto-update docker images watchtower: image: containrrr/watchtower container_name: watchtower # should use --cleanup as well... command: --schedule "0 0 3 * * *" --debug --stop-timeout 60s restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock hassio: image: homeassistant/amd64-hassio-supervisor container_name: hassio_supervisor privileged: true entrypoint: ["/bin/bash", "-c", "/scripts/start_hassio.sh"] security_opt: - seccomp:unconfined environment: - HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant - SUPERVISOR_SHARE=/srv/docker/container/hassio - SUPERVISOR_NAME=hassio_supervisor - DBUS_SYSTEM_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket volumes: - /srv/docker/container/hassio:/data - /srv/docker/container/hassio/scripts:/scripts - /var/run/docker.sock:/var/run/docker.sock - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket # labels: # - "traefik.enable=true" # - "traefik.http.routers.hass.rule=PathPrefix(`/hass/`)" # - "traefik.http.middlewares.stripprefix-hass.stripprefix.prefixes=/hass" # - "traefik.http.routers.hass.middlewares=stripprefix-hass@docker" # - "traefik.http.services.hass.loadbalancer.server.port=8123" # - "traefik.http.routers.hass.entrypoints=web" sabnzbd: image: linuxserver/sabnzbd container_name: sabnzbd restart: unless-stopped environment: - PUID=500 - PGID=500 - TZ=Australia/Melbourne volumes: - /srv/docker/container/sabnzbd/:/config - /export/docker/storage/downloads:/downloads - /export/docker/storage/incomplete-downloads:/incomplete-downloads labels: - "traefik.enable=true" - "traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd/`)" - "traefik.http.routers.sabnzbd.entrypoints=web" # Monitoring speedtest-exporter: image: jraviles/prometheus_speedtest:latest container_name: speedtest-exporter ports: - 9516:9516 restart: unless-stopped prometheus: image: prom/prometheus:latest container_name: prometheus volumes: - /srv/docker/container/prometheus/:/etc/prometheus/ - /srv/docker/container/prometheus/data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/usr/share/prometheus/console_libraries' - '--web.console.templates=/usr/share/prometheus/consoles' - '--web.enable-lifecycle' links: - cadvisor:cadvisor # - alertmanager:alertmanager - node-exporter:node-exporter depends_on: - cadvisor restart: always ports: - 9090:9090 node-exporter: image: prom/node-exporter:latest container_name: node-exporter volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro - /srv/docker/container/node-exporter/textfile_collector:/var/lib/node_exporter/textfile_collector command: - '--path.procfs=/host/proc' - '--path.sysfs=/host/sys' - --collector.filesystem.ignored-mount-points - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" - --collector.textfile.directory - "/var/lib/node_exporter/textfile_collector" restart: always # alertmanager: # image: prom/alertmanager:latest # container_name: alertmanager # ports: # - 19093:9093 # volumes: # - /srv/docker/container/alertmanager/:/etc/alertmanager/ # restart: always # command: # - '--config.file=/etc/alertmanager/config.yml' # - '--storage.path=/alertmanager' cadvisor: image: google/cadvisor:latest container_name: cadvisor privileged: true command: - '--disable_metrics=udp' volumes: - /:/rootfs:ro - /var/run:/var/run:rw - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro restart: always blackbox_exporter: image: prom/blackbox-exporter # ports: # - 9115:9115 command: - '--config.file=/etc/blackboxexporter/config.yml' volumes: - /srv/docker/container/blackboxexporter/:/etc/blackboxexporter/ restart: always grafana: image: grafana/grafana:latest container_name: grafana depends_on: - prometheus volumes: - /srv/docker/container/grafana/grafana.ini:/etc/grafana/grafana.ini - /srv/docker/container/grafana/data:/var/lib/grafana - /srv/docker/container/grafana/dashboards:/var/lib/grafana/dashboards - /srv/docker/container/grafana/grafana/provisioning:/etc/grafana/provisioning env_file: - /srv/docker/container/grafana/config.monitoring labels: - "traefik.enable=true" - "traefik.http.routers.grafana.rule=PathPrefix(`/grafana/`)" - "traefik.http.routers.grafana.entrypoints=web"