1104 lines
38 KiB
YAML
1104 lines
38 KiB
YAML
# To note, if I am using an env_file to /srv/docker/config/secrets/*, then I have taken the ENV variable with a password for that
|
|
# container and put it into a separate file (1 place for common pwds like for ldap, but also so this file can be shared safely)
|
|
version: '3.7'
|
|
services:
|
|
traefik:
|
|
container_name: traefik
|
|
image: "traefik"
|
|
restart: always
|
|
network_mode: host
|
|
command:
|
|
# - "--log.level=DEBUG"
|
|
- "--api.dashboard=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.docker.useBindPortIP=true"
|
|
- "--providers.file=true"
|
|
- "--providers.file.directory=/configuration/"
|
|
- "--providers.file.watch=true"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.secureweb.address=:443"
|
|
- "--accessLog"
|
|
- "--accessLog.filePath=/var/log/access.log"
|
|
- "--accesslog.fields.names.StartUTC=drop"
|
|
- "--accesslog.filters.statuscodes=400-599"
|
|
- "--accesslog.filters.minduration=50ms"
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.dashboard.rule=PathPrefix(`/traefik`) || PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
|
- "traefik.http.middlewares.dashboard.replacepathregex.regex=^/traefik/(.*)"
|
|
- "traefik.http.middlewares.dashboard.replacepathregex.replacement=/dashboard/$$1"
|
|
- "traefik.http.routers.dashboard.middlewares=dashboard"
|
|
- "traefik.http.routers.dashboard.entrypoints=web"
|
|
# need to ensure incoming traffic for traefik goes to port 8080 inside
|
|
# the container, too many other ports (80, 443) so we have to be explicit
|
|
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.dashboard.service=api@internal"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /srv/docker/container/traefik/:/configuration
|
|
- /srv/docker/container/traefik/var/log/:/var/log/
|
|
- /srv/docker/container/letsencrypt/etc:/letsencrypt
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
sonarr:
|
|
container_name: sonarr
|
|
image: linuxserver/sonarr
|
|
restart: always
|
|
environment:
|
|
- TZ=Australia/Melbourne
|
|
- PUID=500
|
|
- PGID=500
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.sonarr.rule=Host(`son.depaoli.id.au`)"
|
|
- "traefik.http.routers.sonarr.tls=true"
|
|
- "traefik.http.routers.sonarr.entrypoints=secureweb"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/sonarr/config:/config
|
|
- /export/docker/storage/downloads:/downloads
|
|
- /export/docker/storage/series:/tv
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
lidarr:
|
|
container_name: lidarr
|
|
image: linuxserver/lidarr
|
|
restart: always
|
|
environment:
|
|
- TZ=Australia/Melbourne
|
|
- PUID=500
|
|
- PGID=500
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.lidarr.rule=PathPrefix(`/lidarr/`)"
|
|
- "traefik.http.routers.lidarr.entrypoints=web"
|
|
ports:
|
|
- "8686:8686"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/lidarr/config:/config
|
|
- /export/docker/storage/downloads:/downloads
|
|
- /export/docker/storage/music:/music
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
radarr:
|
|
container_name: radarr
|
|
image: linuxserver/radarr
|
|
restart: always
|
|
environment:
|
|
- TZ=Australia/Melbourne
|
|
- PUID=500
|
|
- PGID=500
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.radarr.rule=Host(`rad.depaoli.id.au`)"
|
|
- "traefik.http.routers.radarr.tls=true"
|
|
- "traefik.http.routers.radarr.entrypoints=secureweb"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/radarr/config:/config
|
|
- /export/docker/storage/downloads:/downloads
|
|
- /export/docker/storage/movies:/movies
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
readarr:
|
|
container_name: readarr
|
|
image: linuxserver/readarr:nightly
|
|
restart: always
|
|
environment:
|
|
- TZ=Australia/Melbourne
|
|
- PUID=500
|
|
- PGID=500
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.readarr.rule=PathPrefix(`/readarr/`)"
|
|
- "traefik.http.routers.readarr.entrypoints=web"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/readarr/config:/config
|
|
- /export/docker/storage/downloads:/downloads
|
|
- /export/docker/storage/books:/books
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
calibre:
|
|
container_name: calibre
|
|
image: linuxserver/calibre
|
|
restart: always
|
|
environment:
|
|
- TZ=Australia/Melbourne
|
|
- PUID=500
|
|
- PGID=500
|
|
ports:
|
|
- 18080:8080
|
|
- 18081:8081
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
# - "traefik.http.routers.calibre.rule=PathPrefix(`/calibre/`)"
|
|
# - "traefik.http.services.calibre.loadbalancer.server.port=8080"
|
|
# - "traefik.http.middlewares.stripprefix-calibre.stripprefix.prefixes=/calibre"
|
|
# - "traefik.http.routers.calibre.entrypoints=web"
|
|
# - "traefik.http.routers.calibreweb.rule=PathPrefix(`/calibreweb/`)"
|
|
# - "traefik.http.services.calibreweb.loadbalancer.server.port=8081"
|
|
# - "traefik.http.middlewares.stripprefix-calibreweb.stripprefix.prefixes=/calibreweb"
|
|
# - "traefik.http.routers.calibreweb.entrypoints=web"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/calibre/config:/config
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
# plex:
|
|
# container_name: plex
|
|
# image: plexinc/pms-docker
|
|
# restart: always
|
|
# environment:
|
|
# - TZ=Australia/Melbourne
|
|
# - PLEX_CLAIM=claim-Mgs3KDD_zM-rheXvz6FJ
|
|
# - PLEX_UID=500
|
|
# - PLEX_GID=500
|
|
# hostname: plex_dp
|
|
# labels:
|
|
# - "com.centurylinklabs.watchtower.enable=true"
|
|
# depends_on:
|
|
# - pihole
|
|
# volumes:
|
|
# - /srv/docker/container/plex/config:/config
|
|
# - /srv/docker/container/plex/transcode:/transcode
|
|
# - /srv/docker/container/plex/storage:/data
|
|
# - /etc/localtime:/etc/localtime:ro
|
|
# ports:
|
|
# - "32400:32400"
|
|
|
|
# this is running network_mode: host to be on 192.168.0/24 subnet, so that
|
|
# direct play on tv works (from memory)
|
|
emby:
|
|
container_name: emby
|
|
image: emby/embyserver
|
|
restart: always
|
|
network_mode: host
|
|
environment:
|
|
- UID=500
|
|
- GID=500
|
|
# 44 is video for nvidia driver support / transcoding
|
|
- GIDLIST=44
|
|
- TZ=Australia/Melbourne
|
|
volumes:
|
|
- /srv/docker/container/emby/config:/config
|
|
- /export/docker/storage/transcode:/transcode
|
|
- /export/docker/storage:/data
|
|
- /export/myth/tv:/myth-recordings
|
|
- /etc/localtime:/etc/localtime:ro
|
|
depends_on:
|
|
- pihole
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.emby.rule=Host(`emby.depaoli.id.au`)"
|
|
# to note with network_mode: host, this only works via ipv6! --> traefik routes this to http://[::]:8096"
|
|
- "traefik.http.services.emby.loadbalancer.server.port=8096"
|
|
- "traefik.http.routers.emby.tls=true"
|
|
- "traefik.http.routers.emby.entrypoints=secureweb"
|
|
|
|
# fail2ban might need a better whitelist? (I had internal docker ips in my quick fudge as well?)
|
|
mail:
|
|
image: docker.io/mailserver/docker-mailserver:latest
|
|
hostname: depaoli.id.au
|
|
domainname: depaoli.id.au
|
|
container_name: mail
|
|
restart: always
|
|
ports:
|
|
- "25:25"
|
|
- "465:465"
|
|
- "587:587"
|
|
- "993:993"
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.mail.rule=PathPrefix(`/rspamd/`)"
|
|
- "traefik.http.middlewares.stripprefix-mail.stripprefix.prefixes=/rspamd"
|
|
- "traefik.http.routers.mail.middlewares=stripprefix-mail@docker"
|
|
- "traefik.http.services.mail.loadbalancer.server.port=11334"
|
|
- "traefik.http.routers.mail.entrypoints=web"
|
|
depends_on:
|
|
- pihole
|
|
- openldap
|
|
volumes:
|
|
- /srv/docker/container/mail/data:/var/mail
|
|
- /srv/docker/container/mail/state:/var/mail-state
|
|
- /srv/docker/container/mail/log:/var/log/mail
|
|
- /srv/docker/container/mail/config/:/tmp/docker-mailserver/
|
|
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
|
|
- /etc/localtime:/etc/localtime:ro
|
|
# used (via .../mail/config/user-patches.sh) to insert a cron job running from .../mara-bin, and writing to .../monitoring-results)
|
|
- /srv/docker/container/mail/mara-bin:/root/bin
|
|
- /srv/docker/container/mail/monitoring-results:/monitoring-results
|
|
environment:
|
|
- ENABLE_CLAMAV=1
|
|
- ENABLE_FAIL2BAN=1
|
|
- ENABLE_POSTGREY=0
|
|
- ENABLE_UPDATE_CHECK=1
|
|
- ENABLE_POP3=0
|
|
# this allows users to manage their own sieves, not something we use at present
|
|
- ENABLE_MANAGESIEVE=0
|
|
# don't know if this can go to 1 or not, seems more for postscreen than rspamd, so not sure if it has always been off?
|
|
- ENABLE_DNSBL=0
|
|
# as per doco, enabling rspamd and disabling unneeded services (up to spamassassin)
|
|
- ENABLE_RSPAMD=1
|
|
- ENABLE_OPENDKIM=0
|
|
- ENABLE_OPENDMARC=0
|
|
- ENABLE_POLICYD_SPF=0
|
|
- ENABLE_AMAVIS=0
|
|
- ENABLE_SPAMASSASSIN=0
|
|
- MOVE_SPAM_TO_JUNK=1
|
|
# only greylist spammy emails
|
|
- RSPAMD_GREYLISTING=1
|
|
# if ppl move mail to junk -> inbox (spam) or reverse (ham), learn from it
|
|
- RSPAMD_LEARN=1
|
|
# some hostname heuristics for dodgy mailservers using wrong syntax - adds header only at the moment, test and drop when we trust
|
|
- RSPAMD_HFILTER=1
|
|
# spoof prot stops anyone sending with an email address that doesn't match what they connected with
|
|
- SPOOF_PROTECTION=1
|
|
- ONE_DIR=1
|
|
- DMS_DEBUG=0
|
|
- LOG_LEVEL=warn
|
|
- ACCOUNT_PROVISIONER=LDAP
|
|
- LDAP_SERVER_HOST=ldap://openldap:1389 # using IP, as we changed over container names (openldap->openldapnew)
|
|
- LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
|
|
- LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
|
|
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
|
|
- LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
|
|
- LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s)
|
|
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
|
|
- DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
|
|
- DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
|
|
- ENABLE_SASLAUTHD=1
|
|
- SASLAUTHD_MECHANISMS=ldap
|
|
- SASLAUTHD_LDAP_SERVER=ldap://openldap:1389
|
|
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
|
|
- SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
|
|
- SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
|
|
- POSTMASTER_ADDRESS=postmaster@depaoli.id.au
|
|
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
|
|
- SSL_TYPE=letsencrypt
|
|
env_file:
|
|
- /srv/docker/config/secrets/ldap-mail-common
|
|
cap_add:
|
|
- NET_ADMIN
|
|
|
|
openldap:
|
|
image: bitnami/openldap
|
|
user: "2000"
|
|
container_name: openldap
|
|
restart: always
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
environment:
|
|
BITNAMI_DEBUG: "true"
|
|
LDAP_ROOT: "dc=depaoli,dc=id,dc=au"
|
|
LDAP_ADMIN_USERNAME: "admin"
|
|
LDAP_SKIP_DEFAULT_TREE: "yes"
|
|
LDAP_CUSTOM_SCHEMA_FILE: "/schema/postfix-book.ldif"
|
|
LDAP_CUSTOM_LDIF_DIR: "/ldifs"
|
|
LDAP_LOGLEVEL: "256"
|
|
# below not validated
|
|
LDAP_ENABLE_TLS: "yes"
|
|
LDAP_TLS_CERT_FILE: "/opt/bitnami/openldap/certs/cert.pem"
|
|
LDAP_TLS_KEY_FILE: "/opt/bitnami/openldap/certs/privkey.pem"
|
|
LDAP_TLS_CA_FILE: "/opt/bitnami/openldap/certs/fullchain.pem"
|
|
LDAP_TLS_DH_PARAMS_FILE: "/opt/bitnami/openldap/certs/dhparam.pem"
|
|
# these options were from osixia's container, doesn't seem to be an equiv in bitnami, not critical for now as no SASL anyway
|
|
# LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
|
|
# LDAP_TLS_PROTOCOL_MIN: "3.1"
|
|
# LDAP_TLS_VERIFY_CLIENT: "try"
|
|
env_file:
|
|
- /srv/docker/config/secrets/ldap-mail-common
|
|
tty: true
|
|
stdin_open: true
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/ldap/:/bitnami/openldap/
|
|
- /srv/docker/container/ldap/certs:/opt/bitnami/openldap/certs/
|
|
- /srv/docker/container/ldap/bootstrap-schema:/schema
|
|
- /srv/docker/container/ldap/bootstrap-ldifs:/ldifs
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- "389:1389"
|
|
|
|
# webmail
|
|
roundcubemail:
|
|
image: roundcube/roundcubemail
|
|
container_name: roundcubemail
|
|
restart: always
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.roundcube.rule=Host(`webmail.depaoli.id.au`)"
|
|
- "traefik.http.routers.roundcube.entrypoints=secureweb"
|
|
- "traefik.http.routers.roundcube.tls=true"
|
|
volumes:
|
|
- /srv/docker/container/roundcubemail/www:/var/www/html
|
|
- /srv/docker/container/roundcubemail/db/sqlite:/var/roundcube/db
|
|
- /srv/docker/container/roundcubemail/tmp/roundcube-temp:/tmp/roundcube-temp
|
|
- /srv/docker/container/roundcubemail/var/roundcube/config:/var/roundcube/config
|
|
- /etc/localtime:/etc/localtime:ro
|
|
depends_on:
|
|
- pihole
|
|
- mail
|
|
- openldap
|
|
environment:
|
|
- ROUNDCUBEMAIL_DB_TYPE=sqlite
|
|
- ROUNDCUBEMAIL_SKIN=elastic
|
|
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://depaoli.id.au
|
|
- ROUNDCUBEMAIL_DEFAULT_PORT=993
|
|
- ROUNDCUBEMAIL_SMTP_SERVER=ssl://depaoli.id.au
|
|
- ROUNDCUBEMAIL_SMTP_PORT=465
|
|
|
|
|
|
portainer:
|
|
container_name: portainer
|
|
image: portainer/portainer-ce
|
|
restart: always
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /srv/docker/container/portainer/data:/data
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)"
|
|
- "traefik.http.middlewares.stripprefix-portainer.stripprefix.prefixes=/portainer"
|
|
- "traefik.http.routers.portainer.middlewares=stripprefix-portainer@docker"
|
|
- "traefik.http.routers.portainer.entrypoints=web"
|
|
# need to be explicit, as it also runs API ports, SSL ports, etc
|
|
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
|
|
|
# this is running network_mode: host so it is on the same subnet as the IoT
|
|
# devices and can see/discover them
|
|
hass:
|
|
image: ghcr.io/home-assistant/home-assistant:stable
|
|
container_name: hass
|
|
privileged: true
|
|
network_mode: host
|
|
restart: always
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
depends_on:
|
|
- pihole
|
|
- openldap
|
|
volumes:
|
|
- /srv/docker/container/hass:/config
|
|
# this line adds known hosts file to /root's .ssh so the 'command line authenticaion' works on login on every new container
|
|
- /srv/docker/container/hass/ssh/known_hosts:/root/.ssh/known_hosts
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /run/dbus:/run/dbus:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=false"
|
|
# to note traefik is used here, but handled via files due to use of "network_mode: host"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.hass.rule=Host(`hass.depaoli.id.au`)"
|
|
# to note with network_mode: host, this only works via ipv6! --> traefik routes this to http://[::]:8123"
|
|
- "traefik.http.services.hass.loadbalancer.server.port=8123"
|
|
- "traefik.http.routers.hass.tls=true"
|
|
- "traefik.http.routers.hass.entrypoints=secureweb"
|
|
|
|
# this runs in network_most host so that it can find the players automatically
|
|
mass:
|
|
image: ghcr.io/music-assistant/server
|
|
container_name: mass
|
|
restart: always
|
|
network_mode: host
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/mass/data:/data
|
|
- /export/docker/storage/music:/music
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.mass.rule=Host(`hass.depaoli.id.au`) && PathPrefix(`/mass/`)"
|
|
- "traefik.http.routers.mass.tls=true"
|
|
- "traefik.http.routers.mass.entrypoints=secureweb"
|
|
- "traefik.http.middlewares.stripprefix-mass.stripprefix.prefixes=/mass"
|
|
- "traefik.http.routers.mass.middlewares=stripprefix-mass@docker"
|
|
# to note with network_mode: host, this only works via ipv6! --> traefik routes this to http://[::]:8095"
|
|
- "traefik.http.services.mass.loadbalancer.server.port=8095"
|
|
|
|
mosquitto:
|
|
container_name: mosquitto
|
|
image: eclipse-mosquitto
|
|
restart: always
|
|
volumes:
|
|
- /srv/docker/container/mosquitto:/mosquitto
|
|
- /srv/docker/container/mosquitto/data:/mosquitto/data
|
|
- /srv/docker/container/mosquitto/log:/mosquitto/log
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
ports:
|
|
- "1883:1883"
|
|
|
|
esphome:
|
|
container_name: esphome
|
|
image: esphome/esphome
|
|
environment:
|
|
- ESPHOME_DASHBOARD_USE_PING=true
|
|
volumes:
|
|
- /srv/docker/container/esphome/config:/config
|
|
- /dev:/dev
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.esphome.rule=Host(`hass.depaoli.id.au`) && PathPrefix(`/esphome/`)"
|
|
- "traefik.http.routers.esphome.tls=true"
|
|
- "traefik.http.routers.esphome.entrypoints=secureweb"
|
|
- "traefik.http.middlewares.stripprefix-esphome.stripprefix.prefixes=/esphome"
|
|
- "traefik.http.routers.esphome.middlewares=stripprefix-esphome@docker"
|
|
restart: always
|
|
privileged: true
|
|
ports:
|
|
- "6052:6052"
|
|
|
|
sabnzbd:
|
|
image: linuxserver/sabnzbd
|
|
container_name: sabnzbd
|
|
restart: always
|
|
environment:
|
|
- PUID=500
|
|
- PGID=500
|
|
- TZ=Australia/Melbourne
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/sabnzbd/:/config
|
|
- /export/docker/storage/downloads:/downloads
|
|
- /export/docker/storage/incomplete-downloads:/incomplete-downloads
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd/`)"
|
|
- "traefik.http.routers.sabnzbd.entrypoints=web"
|
|
|
|
influxdb:
|
|
image: influxdb:latest
|
|
container_name: influxdb
|
|
ports:
|
|
- "8086:8086"
|
|
environment:
|
|
- DOCKER_INFLUXDB_INIT_MODE=setup
|
|
- DOCKER_INFLUXDB_INIT_ORG=mara
|
|
- DOCKER_INFLUXDB_INIT_USERNAME=telegraf
|
|
- DOCKER_INFLUXDB_INIT_BUCKET=telegraf
|
|
- DOCKER_INFLUXDB_INIT_RETENTION=2w
|
|
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=3qBckkybwMWoyZ16dqVD9gufoYYLwKkX_i296J30wekVpwxuCQe8p
|
|
env_file:
|
|
- /srv/docker/config/secrets/influxdb
|
|
volumes:
|
|
- /srv/docker/container/influxdb/data:/var/lib/influxdb2
|
|
- /srv/docker/container/influxdb/config:/etc/influxdb2
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
restart: always
|
|
|
|
telegraf:
|
|
image: telegraf:latest
|
|
container_name: telegraf
|
|
# needs to be 0 / root to run smartmontools / nvme
|
|
user: 0:139
|
|
entrypoint: /entrypoint-wrapper.sh
|
|
volumes:
|
|
- /srv/docker/container/telegraf:/etc/telegraf
|
|
- /srv/docker/container/telegraf/sudoers/smart:/etc/sudoers.d/smart
|
|
- /srv/docker/container/telegraf/entrypoint-wrapper.sh:/root/entrypoint-wrapper.sh
|
|
- /srv/docker/container/telegraf/monitoring-results:/usr/local/external-results/mara
|
|
- /srv/docker/container/telegraf/entrypoint-wrapper.sh:/entrypoint-wrapper.sh
|
|
# for telegraf to get external script output
|
|
- /srv/docker/container/mythtv/monitoring-results:/usr/local/external-results/myth
|
|
- /srv/docker/container/mail/monitoring-results:/usr/local/external-results/mail
|
|
# for telegraf to see host details
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /:/host:ro
|
|
- /run/udev:/run/udev:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
privileged: true
|
|
devices:
|
|
- /dev:ro
|
|
environment:
|
|
- HOST_MOUNT_PREFIX=/host
|
|
- HOST_PROC=/host/proc
|
|
- HOST_SYS=/host/sys
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
depends_on:
|
|
- influxdb
|
|
restart: always
|
|
|
|
grafana:
|
|
image: grafana/grafana
|
|
container_name: grafana
|
|
restart: always
|
|
depends_on:
|
|
- influxdb
|
|
volumes:
|
|
- /srv/docker/container/grafana/grafana.ini:/etc/grafana/grafana.ini
|
|
- /srv/docker/container/grafana/data:/var/lib/grafana
|
|
- /srv/docker/container/grafana/dashboards:/var/lib/grafana/dashboards
|
|
- /srv/docker/container/grafana/grafana/provisioning:/etc/grafana/provisioning
|
|
- /etc/localtime:/etc/localtime:ro
|
|
env_file:
|
|
- /srv/docker/container/grafana/config.monitoring
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.grafana_ssl.rule=Host(`graf.depaoli.id.au`)"
|
|
- "traefik.http.routers.grafana_ssl.tls=true"
|
|
- "traefik.http.routers.grafana_ssl.entrypoints=secureweb"
|
|
- "traefik.http.routers.grafana.rule=PathPrefix(`/grafana/`)"
|
|
- "traefik.http.routers.grafana.entrypoints=web"
|
|
|
|
pihole:
|
|
container_name: pihole
|
|
image: pihole/pihole
|
|
ports:
|
|
- "192.168.0.2:53:53/tcp"
|
|
- "192.168.0.2:53:53/udp"
|
|
- "9999:80"
|
|
environment:
|
|
TZ: 'Australia/Melbourne'
|
|
PIHOLE_DNS_: '208.67.222.222;208.67.220.220'
|
|
env_file:
|
|
- /srv/docker/config/secrets/pihole
|
|
volumes:
|
|
- /srv/docker/container/pihole/etc/:/etc/pihole/
|
|
- /srv/docker/container/pihole/dnsmasq.d/:/etc/dnsmasq.d/
|
|
- /etc/localtime:/etc/localtime:ro
|
|
restart: always
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.pihole.rule=PathPrefix(`/pihole/`) || PathPrefix(`/admin/`)"
|
|
- "traefik.http.routers.pihole.entrypoints=web"
|
|
- "traefik.http.middlewares.replaceprefix-pihole.replacepathregex.regex=^/admin/$$"
|
|
- "traefik.http.middlewares.replaceprefix-pihole.replacepathregex.replacement=/pihole/admin/"
|
|
- "traefik.http.middlewares.stripprefix-pihole.stripprefix.prefixes=/pihole"
|
|
# we set this to port 80, pihole has many open ports (e.g. 53), so have to tell traefik which port to send http traffic too
|
|
- "traefik.http.services.pihole.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.pihole.middlewares=replaceprefix-pihole@docker,stripprefix-pihole@docker"
|
|
|
|
bookdb_dev:
|
|
container_name: bookdb_dev
|
|
image: postgres
|
|
restart: always
|
|
environment:
|
|
POSTGRES_USER: ddp
|
|
POSTGRES_DB: library
|
|
env_file:
|
|
- /srv/docker/config/secrets/bookdb-common
|
|
depends_on:
|
|
- pihole
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
ports:
|
|
- '55432:5432'
|
|
volumes:
|
|
- /srv/docker/container/bookdb_dev/data:/var/lib/postgresql/data
|
|
- /srv/docker/container/bookdb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
bookdb:
|
|
container_name: bookdb
|
|
image: postgres:16
|
|
restart: always
|
|
environment:
|
|
POSTGRES_USER: ddp
|
|
POSTGRES_DB: library
|
|
env_file:
|
|
- /srv/docker/config/secrets/bookdb-common
|
|
depends_on:
|
|
- pihole
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
volumes:
|
|
- /srv/docker/container/bookdb/data:/var/lib/postgresql/data
|
|
- /srv/docker/container/bookdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
bookdb_webdev:
|
|
container_name: bookdb_webdev
|
|
restart: always
|
|
environment:
|
|
FLASK_ENV: "container"
|
|
build:
|
|
context: '/home/ddp/src/pybook'
|
|
depends_on:
|
|
- bookdb_dev
|
|
- pihole
|
|
ports:
|
|
- '5001:5000'
|
|
volumes:
|
|
- /home/ddp/src/pybook/:/pybook_mapped_volume
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=false"
|
|
|
|
bookdb_web:
|
|
container_name: bookdb_web
|
|
restart: always
|
|
environment:
|
|
FLASK_ENV: "production"
|
|
build:
|
|
context: '/home/ddp/src/pybook'
|
|
depends_on:
|
|
- bookdb
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=false"
|
|
- "traefik.enable=true"
|
|
- "traefik.tcp.routers.bookdb_web-tcp.rule=HostSNI(`book.depaoli.id.au`)"
|
|
- "traefik.tcp.routers.bookdb_web-tcp.tls.passthrough=true"
|
|
- "traefik.tcp.routers.bookdb_web-tcp.entrypoints=secureweb"
|
|
|
|
padb_dev:
|
|
container_name: padb_dev
|
|
image: postgres
|
|
restart: always
|
|
# replace entrypoint to install cron and a cron job to backup users so we can rebuild the content from sqls
|
|
entrypoint: /root/init/entrypoint-wrapper.sh
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
environment:
|
|
POSTGRES_USER: pa
|
|
POSTGRES_DB: pa
|
|
env_file:
|
|
- /srv/docker/config/secrets/padb-common
|
|
ports:
|
|
- '65432:5432'
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/padb_dev/data:/var/lib/postgresql/data
|
|
- /srv/docker/container/padb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
|
|
- /srv/docker/container/padb_dev/init:/root/init
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
padb:
|
|
container_name: padb
|
|
image: postgres:16
|
|
restart: always
|
|
# replace entrypoint to install cron and a cron job to backup users so we can rebuild the content from sqls
|
|
entrypoint: /root/init/entrypoint-wrapper.sh
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
environment:
|
|
POSTGRES_USER: pa
|
|
POSTGRES_DB: pa
|
|
env_file:
|
|
- /srv/docker/config/secrets/padb-common
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- /srv/docker/container/padb/data:/var/lib/postgresql/data
|
|
- /srv/docker/container/padb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
|
|
- /srv/docker/container/padb/init:/root/init
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
paweb:
|
|
container_name: paweb
|
|
restart: always
|
|
build:
|
|
context: '/home/ddp/src/photoassistant'
|
|
args:
|
|
PJM_UID: 500
|
|
PJM_GID: 500
|
|
depends_on:
|
|
- padb
|
|
volumes:
|
|
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
|
|
- /export/docker/storage:/export/docker/storage
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=false"
|
|
- "traefik.enable=true"
|
|
- "traefik.tcp.routers.paweb-tcp.rule=HostSNI(`pa.depaoli.id.au`)"
|
|
- "traefik.tcp.routers.paweb-tcp.tls.passthrough=true"
|
|
- "traefik.tcp.routers.paweb-tcp.entrypoints=secureweb"
|
|
|
|
tix:
|
|
container_name: tix
|
|
restart: always
|
|
environment:
|
|
ENV: "production"
|
|
build:
|
|
context: '/home/ddp/src/snow-ticket-analysis'
|
|
volumes:
|
|
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
|
|
- /home/ddp/src/snow-ticket-analysis/stats.db:/stats.db
|
|
- /etc/localtime:/etc/localtime:ro
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=false"
|
|
- "traefik.enable=true"
|
|
- "traefik.tcp.routers.tix-tcp.rule=HostSNI(`tix.depaoli.id.au`)"
|
|
- "traefik.tcp.routers.tix-tcp.tls.passthrough=true"
|
|
- "traefik.tcp.routers.tix-tcp.entrypoints=secureweb"
|
|
|
|
vaultwarden:
|
|
container_name: vaultwarden
|
|
restart: always
|
|
image: vaultwarden/server
|
|
depends_on:
|
|
- pihole
|
|
- openldap
|
|
volumes:
|
|
- /srv/docker/container/vaultwarden:/data
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
- "ORG_EVENTS_ENABLED=true"
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.vaultwarden.rule=Host(`bw.depaoli.id.au`)"
|
|
- "traefik.http.routers.vaultwarden.tls=true"
|
|
- "traefik.http.routers.vaultwarden.tls.options=tls12@file"
|
|
- "traefik.http.routers.vaultwarden.entrypoints=secureweb"
|
|
|
|
# auto-update docker images
|
|
watchtower:
|
|
container_name: watchtower
|
|
image: containrrr/watchtower:latest-dev
|
|
command: --schedule "0 0 3 * * *" --debug --stop-timeout 60s --label-enable --cleanup
|
|
restart: always
|
|
depends_on:
|
|
- pihole
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
|
|
# wikidb_old:
|
|
# image: postgres:16
|
|
# container_name: wikidb_old
|
|
# environment:
|
|
# POSTGRES_DB: wiki
|
|
# POSTGRES_USER: wikijs
|
|
# env_file:
|
|
# - /srv/docker/config/secrets/wiki-common_old
|
|
# logging:
|
|
# driver: "none"
|
|
# restart: always
|
|
# depends_on:
|
|
# - openldap
|
|
# - pihole
|
|
# labels:
|
|
# - "com.centurylinklabs.watchtower.enable=true"
|
|
# volumes:
|
|
# - "/srv/docker/container/wikidb_old/data:/var/lib/postgresql/data"
|
|
# - "/srv/docker/container/wikidb_old/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d"
|
|
# - "/etc/localtime:/etc/localtime:ro"
|
|
#
|
|
# wiki_old:
|
|
# image: requarks/wiki:latest
|
|
# container_name: wiki_old
|
|
# depends_on:
|
|
# - openldap
|
|
# - wikidb_old
|
|
# environment:
|
|
# DB_TYPE: postgres
|
|
# DB_HOST: wikidb_old
|
|
# DB_PORT: 5432
|
|
# DB_USER: wikijs
|
|
# DB_NAME: wiki
|
|
# env_file:
|
|
# - /srv/docker/config/secrets/wiki-common_old
|
|
# restart: always
|
|
# volumes:
|
|
# - "/srv/docker/container/wiki_old/data/content:/wiki/data/content"
|
|
# - "/etc/localtime:/etc/localtime:ro"
|
|
# labels:
|
|
# - "com.centurylinklabs.watchtower.enable=true"
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.wiki.rule=Host(`wikitst.depaoli.id.au`)"
|
|
# - "traefik.http.routers.wiki.tls=true"
|
|
# - "traefik.http.routers.wiki.entrypoints=secureweb"
|
|
|
|
# used for hass (eufy) to get notifications from camera
|
|
eufy_security_ws:
|
|
image: bropat/eufy-security-ws
|
|
container_name: eufy_security_ws
|
|
restart: always
|
|
environment:
|
|
- "USERNAME=eufy_hass@depaoli.id.au"
|
|
- "COUNTRY=AU"
|
|
- "DEBUG=-v"
|
|
- "TRUSTED_DEVICE_NAME=Pixel Pro 7"
|
|
env_file:
|
|
- /srv/docker/config/secrets/eufy_security_ws
|
|
ports:
|
|
- "3000:3000"
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- "/srv/docker/container/eufy_security_ws/data:/data"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/etc/timezone:/etc/timezone:ro"
|
|
|
|
# used for hass (eufy) to stream from camera
|
|
rtsp_simple_server:
|
|
image: aler9/rtsp-simple-server
|
|
container_name: rtsp_simple_server
|
|
restart: always
|
|
environment:
|
|
- "RTSP_PROTOCOLS=tcp"
|
|
ports:
|
|
- "1935:1935"
|
|
- "8554:8554"
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
depends_on:
|
|
- pihole
|
|
volumes:
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
|
|
# autodiscover:
|
|
# image: monogramm/autodiscover-email-settings:latest
|
|
# container_name: autodiscover
|
|
# environment:
|
|
# - COMPANY_NAME=depaoli
|
|
# - SUPPORT_URL=https://autodiscover.depaoli.id.au
|
|
# - DOMAIN=depaoli.id.au
|
|
# - IMAP_HOST=depaoli.id.au
|
|
# - IMAP_PORT=993
|
|
# - IMAP_SOCKET=SSL
|
|
# - SMTP_HOST=depaoli.id.au
|
|
# - SMTP_PORT=587
|
|
# - SMTP_SOCKET=STARTTLS
|
|
# labels:
|
|
# - "com.centurylinklabs.watchtower.enable=true"
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.autodiscover.rule=Host(`autodiscover.depaoli.id.au`)"
|
|
# - "traefik.http.routers.autodiscover.tls=true"
|
|
# - "traefik.http.routers.autodiscover.entrypoints=secureweb"
|
|
|
|
# ark-server:
|
|
# restart: always
|
|
# image: hermsi/ark-server
|
|
# container_name: ark-server
|
|
# volumes:
|
|
# - /srv/docker/container/ark-server:/app
|
|
# - /srv/docker/container/ark-server-backups:/home/steam/ARK-Backups
|
|
# environment:
|
|
# - "SESSION_NAME=The Island - ARK"
|
|
# - "SERVER_MAP=TheIsland"
|
|
# - "SERVER_PASSWORD=bagrid"
|
|
# - "ADMIN_PASSWORD=arkadminpassword"
|
|
# - "MAX_PLAYERS=5"
|
|
# - "UPDATE_ON_START=false"
|
|
# - "BACKUP_ON_STOP=true"
|
|
# - "PRE_UPDATE_BACKUP=true"
|
|
# - "WARN_ON_STOP=true"
|
|
# - "GAME_MOD_IDS=1404697612,1428596566,772235118,895711211"
|
|
# ports:
|
|
# # Port for connections from ARK game client
|
|
# - "7777:7777/udp"
|
|
# # Raw UDP socket port (always Game client port +1)
|
|
# - "7778:7778/udp"
|
|
# # RCON management port
|
|
# - "27020:27020/tcp"
|
|
# # Steam's server-list port
|
|
# - "27015:27015/udp"
|
|
|
|
kuma:
|
|
image: louislam/uptime-kuma
|
|
container_name: kuma
|
|
volumes:
|
|
- /srv/docker/container/kuma:/app/data
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- 3001:3001 # leave these in case mon.depaoli.id.au is inaccessible
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.kuma.rule=Host(`mon.depaoli.id.au`)"
|
|
- "traefik.http.routers.kuma.tls=true"
|
|
- "traefik.http.routers.kuma.entrypoints=secureweb"
|
|
restart: always
|
|
|
|
sshwifty:
|
|
image: niruix/sshwifty:latest
|
|
container_name: sshwifty
|
|
user: "nobody:nobody"
|
|
restart: always
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.sshwifty.rule=Host(`ssh.depaoli.id.au`)"
|
|
- "traefik.http.routers.sshwifty.tls=true"
|
|
- "traefik.http.routers.sshwifty.entrypoints=secureweb"
|
|
stdin_open: true
|
|
tty: true
|
|
volumes:
|
|
- "/srv/docker/container/sshwifty/:/etc/"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
|
|
mythdb:
|
|
container_name: mythdb
|
|
image: mysql:latest
|
|
restart: always
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
environment:
|
|
MYSQL_DATABASE: 'mythconverg'
|
|
MYSQL_USER: 'mythtv'
|
|
MYSQL_PASSWORD: 'mythtv'
|
|
MYSQL_UID: 133
|
|
MYSQL_GID: 140
|
|
MYSQL_ROOT_PASSWORD: 'NWNlfa01'
|
|
ports:
|
|
- '3306:3306'
|
|
volumes:
|
|
- /srv/docker/container/mythtv/db/sql:/docker-entrypoint-initdb.d
|
|
- /srv/docker/container/mythtv/db/data:/var/lib/mysql
|
|
- /srv/docker/container/mythtv/db/log:/var/log/mysql
|
|
- /srv/docker/container/mythtv/db/mythtv.cnf:/etc/mysql/conf.d/mythtv.cnf
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
# hacked entrypoint to 'add' to this container so it works as mara needs
|
|
myth:
|
|
container_name: myth
|
|
image: instantlinux/mythtv-backend:latest
|
|
hostname: ${HOSTNAME_MYTHTV:-mythtv}
|
|
restart: always
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
# needed to renice / ionice just the mythbackend process inside this container
|
|
# (it also runs cron, shepherd and various binaries out of /usr/local/bin)
|
|
cap_add:
|
|
- sys_nice
|
|
- sys_admin
|
|
environment:
|
|
APACHE_LOG_DIR: /var/log/apache2
|
|
DBNAME: mythconverg
|
|
# needs to be ip not container name as the host network_mode and DNS dont work together
|
|
# test this as mythdb and remove network_mode host when I can
|
|
DBSERVER: mythdb
|
|
LANG: en_US.UTF-8
|
|
LANGUAGE: en_US.UTF-8
|
|
LOCALHOSTNAME: mara
|
|
TZ: Australia/Melbourne
|
|
# network_mode: host
|
|
ports:
|
|
- "6543:6543"
|
|
- "6544:6544"
|
|
- "6549:6549"
|
|
- "6744:6744"
|
|
entrypoint: >
|
|
/bin/bash -c "
|
|
/root/mara-init/fix_uids.sh
|
|
/root/mara-init/fix_apache2.sh
|
|
/root/mara-init/install_shepherd.sh
|
|
/root/mara-init/install_cron.sh
|
|
/root/entrypoint.sh"
|
|
volumes:
|
|
- /srv/docker/container/mythtv/apache2:/var/log/apache2
|
|
- /srv/docker/container/mythtv/data:/var/mythdata
|
|
- /srv/docker/container/mythtv/home:/home/mythtv
|
|
- /srv/docker/container/mythtv/ssh-config:/etc/ssh
|
|
- /srv/docker/container/mythtv/var/log:/var/log/mythtv
|
|
- /srv/docker/container/mythtv/mara-init:/root/mara-init
|
|
- /srv/docker/container/mythtv/mara-bin:/usr/local/bin
|
|
- /srv/docker/container/mythtv/db/sql:/db-container/sql
|
|
- /srv/docker/container/mythtv/db/backups:/db-container/backups
|
|
- /srv/docker/container/mythtv/monitoring-results:/monitoring-results
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /export/myth:/export/myth
|
|
- /export/docker/storage/other-videos:/export/myth/videos
|
|
devices:
|
|
- /dev/dvb:/dev/dvb
|
|
env_file:
|
|
- /srv/docker/config/secrets/mythtv
|
|
depends_on:
|
|
- mythdb
|
|
|
|
wiki:
|
|
image: lscr.io/linuxserver/bookstack
|
|
container_name: wiki
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- APP_URL=https://wiki.depaoli.id.au
|
|
- DB_HOST=wikidb
|
|
- DB_PORT=3306
|
|
env_file:
|
|
- /srv/docker/config/secrets/wiki
|
|
volumes:
|
|
- /srv/docker/container/wiki:/config
|
|
- /etc/localtime:/etc/localtime:ro
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- wikidb
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.wikitst.rule=Host(`wiki.depaoli.id.au`)"
|
|
- "traefik.http.routers.wikitst.tls=true"
|
|
- "traefik.http.routers.wikitst.entrypoints=secureweb"
|
|
|
|
wikidb:
|
|
image: lscr.io/linuxserver/mariadb
|
|
container_name: wikidb
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Australia/Melbourne
|
|
env_file:
|
|
- /srv/docker/config/secrets/wiki
|
|
volumes:
|
|
- /srv/docker/container/wikidb/config:/config
|
|
- /srv/docker/container/wikidb/data:/var/lib/mysql
|
|
- /etc/localtime:/etc/localtime:ro
|
|
restart: unless-stopped
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
|
|
web:
|
|
image: php:apache
|
|
container_name: web
|
|
volumes:
|
|
- /srv/docker/container/web/data:/var/www/html
|
|
- /srv/docker/container/web/mara-init:/root/mara-init
|
|
- /etc/localtime:/etc/localtime:ro
|
|
restart: unless-stopped
|
|
entrypoint: "/root/mara-init/entrypoint-wrapper.sh"
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.web.rule=Host(`mara.ddp.net`) && ( Path(`/`) || PathPrefix(`/images` ) || PathPrefix(`/mythweb`) )"
|
|
- "traefik.http.routers.web.entrypoints=web"
|