ddp/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
49f68974f24abee722d8b2e418b5bf89cc31bcae
docker-compose/docker-compose.yml

1002 lines
34 KiB
YAML
Raw Blame History

version: '3.7'
services:
traefik:
container_name: traefik
image: "traefik"
restart: always
network_mode: host
command:
# - "--log.level=DEBUG"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.useBindPortIP=true"
- "--providers.file=true"
- "--providers.file.directory=/configuration/"
- "--providers.file.watch=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.secureweb.address=:443"
- "--metrics"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=PathPrefix(`/traefik`) || PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.middlewares.dashboard.replacepathregex.regex=^/traefik/(.*)"
- "traefik.http.middlewares.dashboard.replacepathregex.replacement=/dashboard/$$1"
- "traefik.http.routers.dashboard.middlewares=dashboard"
- "traefik.http.routers.dashboard.entrypoints=web"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
- "traefik.http.routers.dashboard.service=api@internal"
depends_on:
- pihole
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /srv/docker/container/traefik/:/configuration
- /srv/docker/container/letsencrypt/etc:/letsencrypt
- /etc/localtime:/etc/localtime:ro
sonarr:
container_name: sonarr
image: linuxserver/sonarr
restart: always
environment:
- TZ=Australia/Melbourne
- PUID=500
- PGID=500
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.sonarr.rule=Host(`son.depaoli.id.au`)"
- "traefik.http.routers.sonarr.tls=true"
- "traefik.http.routers.sonarr.entrypoints=secureweb"
depends_on:
- pihole
volumes:
- /srv/docker/container/sonarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/series:/tv
- /etc/localtime:/etc/localtime:ro
lidarr:
container_name: lidarr
image: linuxserver/lidarr
restart: always
environment:
- TZ=Australia/Melbourne
- PUID=500
- PGID=500
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.lidarr.rule=PathPrefix(`/lidarr/`)"
- "traefik.http.routers.lidarr.entrypoints=web"
ports:
- "8686:8686"
depends_on:
- pihole
volumes:
- /srv/docker/container/lidarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/music:/music
- /etc/localtime:/etc/localtime:ro
radarr:
container_name: radarr
image: linuxserver/radarr
restart: always
environment:
- TZ=Australia/Melbourne
- PUID=500
- PGID=500
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.radarr.rule=Host(`rad.depaoli.id.au`)"
- "traefik.http.routers.radarr.tls=true"
- "traefik.http.routers.radarr.entrypoints=secureweb"
depends_on:
- pihole
volumes:
- /srv/docker/container/radarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/movies:/movies
- /etc/localtime:/etc/localtime:ro
readarr:
container_name: readarr
image: linuxserver/readarr:nightly
restart: always
environment:
- TZ=Australia/Melbourne
- PUID=500
- PGID=500
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.readarr.rule=PathPrefix(`/readarr/`)"
- "traefik.http.routers.readarr.entrypoints=web"
depends_on:
- pihole
volumes:
- /srv/docker/container/readarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/books:/books
- /etc/localtime:/etc/localtime:ro
calibre:
container_name: calibre
image: linuxserver/calibre
restart: always
environment:
- TZ=Australia/Melbourne
- PUID=500
- PGID=500
ports:
- 18080:8080
- 18081:8081
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
# - "traefik.http.routers.calibre.rule=PathPrefix(`/calibre/`)"
# - "traefik.http.services.calibre.loadbalancer.server.port=8080"
# - "traefik.http.middlewares.stripprefix-calibre.stripprefix.prefixes=/calibre"
# - "traefik.http.routers.calibre.entrypoints=web"
# - "traefik.http.routers.calibreweb.rule=PathPrefix(`/calibreweb/`)"
# - "traefik.http.services.calibreweb.loadbalancer.server.port=8081"
# - "traefik.http.middlewares.stripprefix-calibreweb.stripprefix.prefixes=/calibreweb"
# - "traefik.http.routers.calibreweb.entrypoints=web"
depends_on:
- pihole
volumes:
- /srv/docker/container/calibre/config:/config
- /etc/localtime:/etc/localtime:ro
# this is running network_mode: host to be on 192.168.0/24 subnet, so that
# direct play on tv works (from memory)
emby:
container_name: emby
image: emby/embyserver
restart: always
network_mode: host
environment:
- UID=500
- GID=500
# 44 is video for nvidia driver support / transcoding
- GIDLIST=44
- TZ=Australia/Melbourne
volumes:
- /srv/docker/container/emby/config:/config
- /export/docker/storage/transcode:/transcode
- /export/docker/storage:/data
- /export/myth/tv:/myth-recordings
- /etc/localtime:/etc/localtime:ro
depends_on:
- pihole
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.emby.rule=Host(`emby.depaoli.id.au`)"
- "traefik.http.services.emby.loadbalancer.server.port=8096"
- "traefik.http.routers.emby.tls=true"
- "traefik.http.routers.emby.entrypoints=secureweb"
#
# fail2ban is a bit jumpy from memory, so I've added a whitelist
# but its not going to survive a pull... and it seems if I mount
# the docker container before its initialised it ends up empty
# (timing?) so I have done this by hand
# for now, until I work out a solution:
## sudo docker exec -it mail bash
## root@mail:/etc/fail2ban/jail.d# cat > whitelist.conf
## [DEFAULT]
## ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
# sudo docker-compose restart mail
#
mail:
image: docker.io/mailserver/docker-mailserver:12.1.0
hostname: mail
domainname: depaoli.id.au
container_name: mail
restart: always
ports:
- "25:25"
- "465:465"
- "587:587"
- "993:993"
labels:
- "com.centurylinklabs.watchtower.enable=true"
depends_on:
- pihole
- openldap
volumes:
- /srv/docker/container/mail/data:/var/mail
- /srv/docker/container/mail/state:/var/mail-state
- /srv/docker/container/mail/log:/var/log/mail
- /srv/docker/container/mail/config/:/tmp/docker-mailserver/
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
- /etc/localtime:/etc/localtime:ro
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_SPAMASSASSIN_KAM=1
- SPAMASSASIN_SPAM_TO_INBOX=1
- MOVE_SPAM_TO_JUNK=1
- SA_SPAM_SUBJECT=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=0
- SPOOF_PROTECTION=1
- ONE_DIR=1
- DMS_DEBUG=0
- LOG_LEVEL=warn
- AMAVIS_LOGLEVEL=-1
# in theory these next 2 being empty disables them, but that does not seem to work
- ENABLE_POP3
- ENABLE_MANAGESIEVE
- ACCOUNT_PROVISIONER=LDAP
- LDAP_SERVER_HOST=192.168.0.2 # your ldap container/IP/ServerName
- LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
- LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
- LDAP_BIND_PW=a_real_admin_pass_word_for_2o20
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s)
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
- DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
- DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
# - ENABLE_SASLAUTHD=1
- ENABLE_SASLAUTHD=0
# - SASLAUTHD_MECHANISMS=ldap
# - SASLAUTHD_LDAP_SERVER=openldap
# - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
# - SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20
# - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
# - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
- POSTMASTER_ADDRESS=postmaster@depaoli.id.au
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
- SSL_TYPE=letsencrypt
cap_add:
- NET_ADMIN
- SYS_PTRACE
openldap:
image: bitnami/openldap
user: "2000"
container_name: openldap
restart: always
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
BITNAMI_DEBUG: "true"
LDAP_ROOT: "dc=depaoli,dc=id,dc=au"
LDAP_ADMIN_USERNAME: "admin"
LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20"
LDAP_SKIP_DEFAULT_TREE: "yes"
LDAP_CUSTOM_SCHEMA_FILE: "/schema/postfix-book.ldif"
LDAP_CUSTOM_LDIF_DIR: "/ldifs"
LDAP_LOGLEVEL: "256"
# below not validated
LDAP_ENABLE_TLS: "yes"
LDAP_TLS_CERT_FILE: "/opt/bitnami/openldap/certs/cert.pem"
LDAP_TLS_KEY_FILE: "/opt/bitnami/openldap/certs/privkey.pem"
LDAP_TLS_CA_FILE: "/opt/bitnami/openldap/certs/fullchain.pem"
LDAP_TLS_DH_PARAMS_FILE: "/opt/bitnami/openldap/certs/dhparam.pem"
# LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
# LDAP_TLS_PROTOCOL_MIN: "3.1"
# LDAP_TLS_VERIFY_CLIENT: "try"
tty: true
stdin_open: true
depends_on:
- pihole
volumes:
- /srv/docker/container/ldap/:/bitnami/openldap/
- /srv/docker/container/ldap/certs:/opt/bitnami/openldap/certs/
- /srv/docker/container/ldap/bootstrap-schema:/schema
- /srv/docker/container/ldap/bootstrap-ldifs:/ldifs
- /etc/localtime:/etc/localtime:ro
ports:
- "389:1389"
# - "1636:1636"
phpldapadmin:
image: ghcr.io/colibris-xyz/phpldapadmin
container_name: phpldapadmin
restart: always
environment:
LDAP_HOST: "openldap"
LDAP_USE_TLS: "false"
LDAP_BASE: "dc=depaoli,dc=id,dc=au"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.phpldapadmin.rule=PathPrefix(`/phpldapadmin/`)"
- "traefik.http.middlewares.stripprefix-phpldapadmin.stripprefix.prefixes=/phpldapadmin"
- "traefik.http.routers.phpldapadmin.middlewares=stripprefix-phpldapadmin@docker"
- "traefik.http.routers.phpldapadmin.entrypoints=web"
depends_on:
- pihole
- openldap
volumes:
- /srv/docker/container/phpldapadmin/var/www/phpldapadmin:/var/www/html
- /etc/localtime:/etc/localtime:ro
# webmail
roundcubemail:
image: roundcube/roundcubemail
container_name: roundcubemail
restart: always
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.roundcube.rule=Host(`webmail.depaoli.id.au`)"
- "traefik.http.routers.roundcube.entrypoints=secureweb"
- "traefik.http.routers.roundcube.tls=true"
volumes:
- /srv/docker/container/roundcubemail/www:/var/www/html
- /srv/docker/container/roundcubemail/db/sqlite:/var/roundcube/db
- /srv/docker/container/roundcubemail/tmp/roundcube-temp:/tmp/roundcube-temp
- /srv/docker/container/roundcubemail/var/roundcube/config:/var/roundcube/config
- /etc/localtime:/etc/localtime:ro
depends_on:
- pihole
- mail
- openldap
environment:
- ROUNDCUBEMAIL_DB_TYPE=sqlite
- ROUNDCUBEMAIL_SKIN=elastic
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail.depaoli.id.au
- ROUNDCUBEMAIL_DEFAULT_PORT=993
- ROUNDCUBEMAIL_SMTP_SERVER=ssl://mail.depaoli.id.au
- ROUNDCUBEMAIL_SMTP_PORT=465
portainer:
container_name: portainer
image: portainer/portainer-ce
restart: always
depends_on:
- pihole
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /srv/docker/container/portainer/data:/data
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)"
- "traefik.http.middlewares.stripprefix-portainer.stripprefix.prefixes=/portainer"
- "traefik.http.routers.portainer.middlewares=stripprefix-portainer@docker"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
# this is running network_mode: host so it is on the same subnet as the IoT
# devices and can see/discover them
hass:
image: ghcr.io/home-assistant/home-assistant:stable
container_name: hass
privileged: true
network_mode: host
restart: always
security_opt:
- seccomp:unconfined
depends_on:
- pihole
- openldap
volumes:
- /srv/docker/container/hass:/config
# this line adds known hosts file to /root's .ssh so the 'command line authenticaion' works on login on every new container
- /srv/docker/container/hass/ssh/known_hosts:/root/.ssh/known_hosts
- /var/run/docker.sock:/var/run/docker.sock
- /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
- /etc/localtime:/etc/localtime:ro
- /run/dbus:/run/dbus:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
# this runs in network_most host so that it can find the players automatically
mass:
image: ghcr.io/music-assistant/server
container_name: mass
restart: always
network_mode: host
depends_on:
- pihole
volumes:
- /srv/docker/container/mass/data:/data
- /export/docker/storage/music:/music
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.mass.rule=Host(`hass.depaoli.id.au`) && PathPrefix(`/mass/`)"
- "traefik.http.routers.mass.tls=true"
- "traefik.http.routers.mass.entrypoints=secureweb"
- "traefik.http.middlewares.stripprefix-mass.stripprefix.prefixes=/mass"
- "traefik.http.routers.mass.middlewares=stripprefix-mass@docker"
- "traefik.http.services.mass.loadbalancer.server.port=8095"
mosquitto:
container_name: mosquitto
image: eclipse-mosquitto
restart: always
volumes:
- /srv/docker/container/mosquitto:/mosquitto
- /srv/docker/container/mosquitto/data:/mosquitto/data
- /srv/docker/container/mosquitto/log:/mosquitto/log
labels:
- "com.centurylinklabs.watchtower.enable=true"
ports:
- "1883:1883"
esphome:
container_name: esphome
image: esphome/esphome
environment:
- ESPHOME_DASHBOARD_USE_PING=true
volumes:
- /srv/docker/container/esphome/config:/config
- /dev:/dev
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.esphome.rule=Host(`hass.depaoli.id.au`) && PathPrefix(`/esphome/`)"
- "traefik.http.routers.esphome.tls=true"
- "traefik.http.routers.esphome.entrypoints=secureweb"
- "traefik.http.middlewares.stripprefix-esphome.stripprefix.prefixes=/esphome"
- "traefik.http.routers.esphome.middlewares=stripprefix-esphome@docker"
restart: always
privileged: true
ports:
- "6052:6052"
sabnzbd:
image: linuxserver/sabnzbd
container_name: sabnzbd
restart: always
environment:
- PUID=500
- PGID=500
- TZ=Australia/Melbourne
depends_on:
- pihole
volumes:
- /srv/docker/container/sabnzbd/:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/incomplete-downloads:/incomplete-downloads
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd/`)"
- "traefik.http.routers.sabnzbd.entrypoints=web"
# Monitoring
speedtest-exporter:
image: miguelndecarvalho/speedtest-exporter
container_name: speedtest-exporter
labels:
- "com.centurylinklabs.watchtower.enable=true"
depends_on:
- pihole
volumes:
- /etc/localtime:/etc/localtime:ro
restart: always
prometheus:
image: prom/prometheus
container_name: prometheus
depends_on:
- pihole
volumes:
- /srv/docker/container/prometheus/:/etc/prometheus/
- /srv/docker/container/prometheus/data:/prometheus
- /etc/localtime:/etc/localtime:ro
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
- '--web.enable-lifecycle'
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=PathPrefix(`/prometheus/`)"
- "traefik.http.routers.prometheus.entrypoints=web"
links:
- cadvisor:cadvisor
- node-exporter:node-exporter
- blackbox_exporter:blackbox_exporter
ports:
- 9090:9090
restart: always
node-exporter:
image: prom/node-exporter
container_name: node-exporter
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /srv/docker/container/node-exporter/textfile_collector:/var/lib/node_exporter/textfile_collector
- /etc/localtime:/etc/localtime:ro
- /export:/export:ro
- /boot:/boot:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
command:
- '--path.rootfs=/rootfs'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- --collector.textfile.directory
- "/var/lib/node_exporter/textfile_collector"
restart: always
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.47.2
# seems latest is way older than the above
# image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
privileged: true
command:
- '--disable_metrics=udp'
- '-v=2'
- '--housekeeping_interval=30s'
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
- /etc/localtime:/etc/localtime:ro
devices:
- "/dev/kmsg"
restart: always
blackbox_exporter:
image: prom/blackbox-exporter
container_name: blackbox-exporter
command:
- '--config.file=/etc/blackboxexporter/config.yml'
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /srv/docker/container/blackboxexporter/:/etc/blackboxexporter/
restart: always
grafana:
image: grafana/grafana
container_name: grafana
restart: always
depends_on:
- prometheus
volumes:
- /srv/docker/container/grafana/grafana.ini:/etc/grafana/grafana.ini
- /srv/docker/container/grafana/data:/var/lib/grafana
- /srv/docker/container/grafana/dashboards:/var/lib/grafana/dashboards
- /srv/docker/container/grafana/grafana/provisioning:/etc/grafana/provisioning
- /etc/localtime:/etc/localtime:ro
env_file:
- /srv/docker/container/grafana/config.monitoring
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.grafana_ssl.rule=Host(`graf.depaoli.id.au`)"
- "traefik.http.routers.grafana_ssl.tls=true"
- "traefik.http.routers.grafana_ssl.entrypoints=secureweb"
- "traefik.http.routers.grafana.rule=PathPrefix(`/grafana/`)"
- "traefik.http.routers.grafana.entrypoints=web"
pihole:
container_name: pihole
image: pihole/pihole
ports:
- "192.168.0.2:53:53/tcp"
- "192.168.0.2:53:53/udp"
- "9999:80"
environment:
TZ: 'Australia/Melbourne'
WEBPASSWORD: 'O701JH&%fDqIw836eTiw1LxzlGw!sn%c'
PIHOLE_DNS_: '208.67.222.222;208.67.220.220'
volumes:
- /srv/docker/container/pihole/etc/:/etc/pihole/
- /srv/docker/container/pihole/dnsmasq.d/:/etc/dnsmasq.d/
- /etc/localtime:/etc/localtime:ro
restart: always
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=PathPrefix(`/pihole/`) || PathPrefix(`/admin/`)"
- "traefik.http.routers.pihole.entrypoints=web"
- "traefik.http.middlewares.replaceprefix-pihole.replacepathregex.regex=^/admin/$$"
- "traefik.http.middlewares.replaceprefix-pihole.replacepathregex.replacement=/pihole/admin/"
- "traefik.http.middlewares.stripprefix-pihole.stripprefix.prefixes=/pihole"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.http.routers.pihole.middlewares=replaceprefix-pihole@docker,stripprefix-pihole@docker"
bookdb_dev:
container_name: bookdb_dev
image: postgres
restart: always
environment:
POSTGRES_PASSWORD: blahdeblah
POSTGRES_USER: ddp
POSTGRES_DB: library
PGPASSWORD: NWNlfa01
depends_on:
- pihole
labels:
- "com.centurylinklabs.watchtower.enable=true"
ports:
- '55432:5432'
volumes:
- /srv/docker/container/bookdb_dev/data:/var/lib/postgresql/data
- /srv/docker/container/bookdb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /etc/localtime:/etc/localtime:ro
bookdb:
container_name: bookdb
image: postgres:16
restart: always
environment:
POSTGRES_PASSWORD: blahdeblah
POSTGRES_USER: ddp
POSTGRES_DB: library
PGPASSWORD: NWNlfa01
depends_on:
- pihole
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /srv/docker/container/bookdb/data:/var/lib/postgresql/data
- /srv/docker/container/bookdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /etc/localtime:/etc/localtime:ro
bookdb_webdev:
container_name: bookdb_webdev
restart: always
environment:
FLASK_ENV: "container"
build:
context: '/home/ddp/src/pybook'
depends_on:
- bookdb_dev
- pihole
ports:
- '5001:5000'
volumes:
- /etc/localtime:/etc/localtime:ro
- /home/ddp/src/pybook/:/pybook_mapped_volume
labels:
- "com.centurylinklabs.watchtower.enable=false"
bookdb_web:
container_name: bookdb_web
restart: always
environment:
FLASK_ENV: "production"
build:
context: '/home/ddp/src/pybook'
depends_on:
- bookdb
- pihole
volumes:
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "traefik.enable=true"
- "traefik.tcp.routers.bookdb_web-tcp.rule=HostSNI(`book.depaoli.id.au`)"
- "traefik.tcp.routers.bookdb_web-tcp.tls.passthrough=true"
- "traefik.tcp.routers.bookdb_web-tcp.entrypoints=secureweb"
padb_dev:
container_name: padb_dev
build:
context: '/home/ddp/src/photoassistant/db-container'
restart: always
environment:
POSTGRES_PASSWORD: for_now_pa
POSTGRES_USER: pa
POSTGRES_DB: pa
PGPASSWORD: for_now_overall_pg_pass
ports:
- '65432:5432'
depends_on:
- pihole
volumes:
- /srv/docker/container/padb_dev/data:/var/lib/postgresql/data
- /srv/docker/container/padb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /etc/localtime:/etc/localtime:ro
padb:
container_name: padb
build:
context: '/home/ddp/src/photoassistant/db-container'
restart: always
environment:
POSTGRES_PASSWORD: for_now_pa
POSTGRES_USER: pa
POSTGRES_DB: pa
PGPASSWORD: for_now_overall_pg_pass
depends_on:
- pihole
volumes:
- /srv/docker/container/padb/data:/var/lib/postgresql/data
- /srv/docker/container/padb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /etc/localtime:/etc/localtime:ro
paweb:
container_name: paweb
restart: always
build:
context: '/home/ddp/src/photoassistant'
args:
PJM_UID: 500
PJM_GID: 500
depends_on:
- padb
volumes:
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
- /export/docker/storage:/export/docker/storage
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "traefik.enable=true"
- "traefik.tcp.routers.paweb-tcp.rule=HostSNI(`pa.depaoli.id.au`)"
- "traefik.tcp.routers.paweb-tcp.tls.passthrough=true"
- "traefik.tcp.routers.paweb-tcp.entrypoints=secureweb"
tix:
container_name: tix
restart: always
environment:
ENV: "production"
build:
context: '/home/ddp/src/snow-ticket-analysis'
args:
PJM_UID: 500
PJM_GID: 500
volumes:
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
- /home/ddp/src/snow-ticket-analysis/stats.db:/stats.db
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "traefik.enable=true"
- "traefik.tcp.routers.tix-tcp.rule=HostSNI(`tix.depaoli.id.au`)"
- "traefik.tcp.routers.tix-tcp.tls.passthrough=true"
- "traefik.tcp.routers.tix-tcp.entrypoints=secureweb"
vaultwarden:
container_name: bitwarden
restart: always
image: vaultwarden/server
depends_on:
- pihole
- openldap
volumes:
- /srv/docker/container/bitwarden_rs/data:/data
- /etc/localtime:/etc/localtime:ro
environment:
- "ORG_EVENTS_ENABLED=true"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.bitwarden_rs.rule=Host(`bw.depaoli.id.au`) || Host(`ddphome.asuscomm.com`)"
- "traefik.http.routers.bitwarden_rs.tls=true"
- "traefik.http.routers.bitwarden_rs.tls.options=tls12@file"
- "traefik.http.routers.bitwarden_rs.entrypoints=secureweb"
# auto-update docker images
watchtower:
container_name: watchtower
image: containrrr/watchtower:latest-dev
command: --schedule "0 0 3 * * *" --debug --stop-timeout 60s --label-enable --cleanup
restart: always
depends_on:
- pihole
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/etc/localtime:/etc/localtime:ro"
wikidb:
image: postgres:16
container_name: wikidb
environment:
POSTGRES_DB: wiki
POSTGRES_PASSWORD: NOE82KzuLOr46EvJOJEmSXr4WW8Lt79Gdmr4n6eD765UHjaD22bvgs1cnU9x4RCn
POSTGRES_USER: wikijs
logging:
driver: "none"
restart: always
depends_on:
- openldap
- pihole
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- "/srv/docker/container/wikidb/data:/var/lib/postgresql/data"
- "/srv/docker/container/wikidb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d"
- "/etc/localtime:/etc/localtime:ro"
wiki:
image: requarks/wiki:2
container_name: wiki
depends_on:
- openldap
- wikidb
environment:
DB_TYPE: postgres
DB_HOST: wikidb
DB_PORT: 5432
DB_USER: wikijs
DB_PASS: NOE82KzuLOr46EvJOJEmSXr4WW8Lt79Gdmr4n6eD765UHjaD22bvgs1cnU9x4RCn
DB_NAME: wiki
restart: always
volumes:
- "/srv/docker/container/wiki/data/content:/wiki/data/content"
- "/etc/localtime:/etc/localtime:ro"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.wiki.rule=Host(`wiki.depaoli.id.au`)"
- "traefik.http.routers.wiki.tls=true"
- "traefik.http.routers.wiki.entrypoints=secureweb"
# used for hass (eufy) to get notifications from camera
eufy_security_ws:
image: bropat/eufy-security-ws
container_name: eufy_security_ws
restart: always
environment:
- "USERNAME=eufy_hass@depaoli.id.au"
- "PASSWORD=JUkoCuA!wH*f9Jeg^w*d"
- "COUNTRY=AU"
- "DEBUG=-v"
- "TRUSTED_DEVICE_NAME=Pixel Pro 7"
ports:
- "3000:3000"
labels:
- "com.centurylinklabs.watchtower.enable=true"
depends_on:
- pihole
volumes:
- "/srv/docker/container/eufy_security_ws/data:/data"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
# used for hass (eufy) to stream from camera
rtsp_simple_server:
image: aler9/rtsp-simple-server
container_name: rtsp_simple_server
restart: always
environment:
- "RTSP_PROTOCOLS=tcp"
ports:
- "1935:1935"
- "8554:8554"
labels:
- "com.centurylinklabs.watchtower.enable=true"
depends_on:
- pihole
volumes:
- "/etc/localtime:/etc/localtime:ro"
# autodiscover:
# image: monogramm/autodiscover-email-settings:latest
# container_name: autodiscover
# environment:
# - COMPANY_NAME=depaoli
# - SUPPORT_URL=https://autodiscover.depaoli.id.au
# - DOMAIN=depaoli.id.au
# # IMAP configuration (host mandatory to enable)
# - IMAP_HOST=mail.depaoli.id.au
# - IMAP_PORT=993
# - IMAP_SOCKET=SSL
# # POP configuration (host mandatory to enable)
# #- POP_HOST=pop3.example.com
# #- POP_PORT=995
# #- POP_SOCKET=SSL
# # SMTP configuration (host mandatory to enable)
# - SMTP_HOST=mail.depaoli.id.au
# - SMTP_PORT=587
# - SMTP_SOCKET=STARTTLS
# # MobileSync/ActiveSync configuration (url mandatory to enable)
# #- MOBILESYNC_URL=https://sync.example.com
# #- MOBILESYNC_NAME=sync.example.com
# # LDAP configuration (host mandatory to enable)
# #- LDAP_HOST=ldap.example.com
# #- LDAP_PORT=636
# #- LDAP_SOCKET=SSL
# #- LDAP_BASE=dc=ldap,dc=example,dc=com
# #- LDAP_USER_FIELD=uid
# #- LDAP_USER_BASE=ou=People,dc=ldap,dc=example,dc=com
# #- LDAP_SEARCH=(|(objectClass=PostfixBookMailAccount))
# # Apple mobile config identifiers (identifier mandatory to enable)
# - PROFILE_IDENTIFIER=au.id.depaoli.autodiscover
# - PROFILE_UUID=92943D26-CAB3-4086-897D-DC6C0D8B1E86
# - MAIL_UUID=7A981A9E-D5D0-4EF8-87FE-39FD6A506FAC
# - LDAP_UUID=6ECB6BA9-2208-4ABF-9E60-4E9F4CD7309E
# labels:
# - "com.centurylinklabs.watchtower.enable=true"
# - "traefik.enable=true"
# - "traefik.http.routers.radarr.rule=Host(`autodiscover.depaoli.id.au`)"
# - "traefik.http.routers.radarr.tls=true"
# - "traefik.http.routers.radarr.entrypoints=secureweb"
ark-server:
restart: always
image: hermsi/ark-server
container_name: ark-server
volumes:
- /srv/docker/container/ark-server:/app
- /srv/docker/container/ark-server-backups:/home/steam/ARK-Backups
environment:
- "SESSION_NAME=The Island - ARK"
- "SERVER_MAP=TheIsland"
- "SERVER_PASSWORD=bagrid"
- "ADMIN_PASSWORD=arkadminpassword"
- "MAX_PLAYERS=5"
- "UPDATE_ON_START=false"
- "BACKUP_ON_STOP=true"
- "PRE_UPDATE_BACKUP=true"
- "WARN_ON_STOP=true"
- "GAME_MOD_IDS=1404697612,1428596566,772235118,895711211"
ports:
# Port for connections from ARK game client
- "7777:7777/udp"
# Raw UDP socket port (always Game client port +1)
- "7778:7778/udp"
# RCON management port
- "27020:27020/tcp"
# Steam's server-list port
- "27015:27015/udp"
kuma:
image: louislam/uptime-kuma
container_name: kuma
volumes:
- /srv/docker/container/kuma:/app/data
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 3001:3001 # <Host Port>:<Container Port>
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.kuma.rule=Host(`mon.depaoli.id.au`)"
- "traefik.http.routers.kuma.tls=true"
- "traefik.http.routers.kuma.entrypoints=secureweb"
restart: always
sshwifty:
image: niruix/sshwifty:latest
container_name: sshwifty
user: "nobody:nobody"
restart: always
ports:
- "8182:8182/tcp"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.sshwifty.rule=Host(`ssh.depaoli.id.au`)"
- "traefik.http.routers.sshwifty.tls=true"
stdin_open: true
tty: true
volumes:
- "/srv/docker/container/sshwifty/:/etc/"
- "/etc/localtime:/etc/localtime:ro"
# myth?
# this: https://github.com/delnaught/mythtv-containers/blob/main/compose-mythtv/docker-compose.yml
# in this link, there is also up a dir, docker/* that proivide Docker files, rather than compose to this guys repo?
# OR: https://hub.docker.com/r/instantlinux/mythtv-backend/tags
# should probably create 3 containers, mysql for mythtv, shepherd and then mythtv-backend
Reference in New Issue View Git Blame Copy Permalink