ddp/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b1b97f2c75d035e45dfe86587d572b537706a5d8
docker-compose/docker-compose.yml

397 lines
13 KiB
YAML
Raw Blame History

version: '2.1'
services:
traefik:
container_name: traefik
image: "traefik"
restart: unless-stopped
network_mode: host
depends_on:
- radarr
- sonarr
command:
# - "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.useBindPortIP=true"
- "--providers.file=true"
- "--providers.file.directory=/configuration/"
- "--providers.file.watch=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.secureweb.address=:443"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/export/docker/container/traefik/:/configuration"
- "/export/docker/container/letsencrypt/etc:/letsencrypt"
labels:
- "traefik.http.routers.myth.rule=PathPrefix(`/mythweb/`)"
- "traefik.http.services.myth.loadbalancer.server.port=5678"
- "traefik.http.routers.myth.entrypoints=web"
sonarr:
container_name: sonarr
image: linuxserver/sonarr
restart: unless-stopped
environment:
- TZ=Australia/Melbourne
- PUID=500
- PGID=500
labels:
- "traefik.enable=true"
- "traefik.http.routers.sonarr.rule=Host(`sonarr.depaoli.id.au`)"
- "traefik.http.routers.sonarr.tls=true"
- "traefik.http.routers.sonarr.entrypoints=secureweb"
volumes:
- /export/docker/container/sonarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/series:/tv
radarr:
container_name: radarr
image: linuxserver/radarr
restart: unless-stopped
environment:
- TZ=Australia/Melbourne
- PUID=500
- PGID=500
labels:
- "traefik.enable=true"
- "traefik.http.routers.radarr.rule=Host(`radarr.depaoli.id.au`)"
- "traefik.http.routers.radarr.tls=true"
- "traefik.http.routers.radarr.entrypoints=secureweb"
volumes:
- /export/docker/container/radarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/movies:/movies
emby:
container_name: emby
image: emby/embyserver
restart: unless-stopped
network_mode: host
environment:
- UID=500
- GID=500
# 44 is video for nvidia driver support / transcoding
- GIDLIST=44
- TZ=Australia/Melbourne
volumes:
- /export/docker/container/emby/config:/config
- /export/docker/container/emby/transcode:/transcode
- /export/docker/storage:/data
- /export/myth/tv:/myth-recordings
ports:
- "8096:8096"
- "8920:8920"
- "7359:7359/udp"
- "1900:1900/udp"
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.emby.rule=Host(`emby.depaoli.id.au`)"
# - "traefik.http.services.emby.loadbalancer.server.port=8096"
# - "traefik.http.routers.emby.tls=true"
# - "traefik.http.routers.emby.entrypoints=secureweb"
devices:
- /dev/dri:/dev/dri
mail:
image: tvial/docker-mailserver:latest
hostname: mail
domainname: depaoli.id.au
container_name: mail
ports:
- "25:25"
- "465:465"
- "993:993"
volumes:
- /export/docker/container/mail/data:/var/mail
- /export/docker/container/mail/state:/var/mail-state
- /export/docker/container/mail/log:/var/log/mail
- /export/docker/container/mail/config/:/tmp/docker-mailserver/
- /export/docker/container/letsencrypt/etc:/etc/letsencrypt
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=0
- SPOOF_PROTECTION=1
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=openldap # your ldap container/IP/ServerName
- LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
- LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
- LDAP_BIND_PW=a_real_admin_pass_word_for_2o20
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s)
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
- DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
- DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=openldap
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
- SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20
- SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
- SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
- POSTMASTER_ADDRESS=postmaster@depaoli.id.au
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
- SSL_TYPE=letsencrypt
cap_add:
- NET_ADMIN
- SYS_PTRACE
openldap:
image: osixia/openldap:latest
container_name: openldap
# command: "--loglevel debug"
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "Depaoli home ldap"
LDAP_DOMAIN: "depaoli.id.au"
LDAP_BASE_DN: ""
LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20"
LDAP_CONFIG_PASSWORD: "config"
LDAP_READONLY_USER: "false"
LDAP_RFC2307BIS_SCHEMA: "false"
LDAP_BACKEND: "mdb"
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "cert.pem"
LDAP_TLS_KEY_FILENAME: "privkey.pem"
LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
LDAP_TLS_CA_CRT_FILENAME: "fullchain.pem"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
LDAP_TLS_PROTOCOL_MIN: "3.1"
LDAP_TLS_VERIFY_CLIENT: "try"
LDAP_REPLICATION: "false"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
LDAP_SSL_HELPER_PREFIX: "ldap"
tty: true
stdin_open: true
volumes:
- /export/docker/container/ldap/var/lib/ldap:/var/lib/ldap
- /export/docker/container/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
- /export/docker/container/ldap/certs/:/container/service/slapd/assets/certs
- /export/docker/container/ldap/ldifs/:/ldifs/
ports:
- "389:389"
- "636:636"
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "38900:80"
depends_on:
- openldap
# webmail (server)
isotope-server:
image: marcnuri/isotope:server-latest
container_name: isotope-server
labels:
- "traefik.enable=true"
- "traefik.http.routers.isotope-server.rule=PathPrefix(`/api/`)"
- "traefik.http.middlewares.stripprefix-isotope-server.stripprefix.prefixes=/api"
- "traefik.http.routers.isotope-server.middlewares=stripprefix-isotope-server@docker"
- "traefik.http.routers.isotope-server.entrypoints=secureweb"
- "traefik.http.routers.isotope-server.tls=true"
# webmail (client)
isotope-client:
image: marcnuri/isotope:client-latest
container_name: isotope-client
labels:
- "traefik.enable=true"
- "traefik.http.routers.isotope-client.rule=Host(`webmail.depaoli.id.au`)"
- "traefik.http.routers.isotope-client.rule=PathPrefix(`/`)"
- "traefik.http.routers.isotope-client.entrypoints=secureweb"
- "traefik.http.routers.isotope-client.tls=true"
portainer:
container_name: portainer
image: portainer/portainer
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /export/docker/container/portainer/data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)"
- "traefik.http.middlewares.stripprefix-portainer.stripprefix.prefixes=/portainer"
- "traefik.http.routers.portainer.middlewares=stripprefix-portainer@docker"
- "traefik.http.routers.portainer.entrypoints=web"
plex:
container_name: plex
image: plexinc/pms-docker
restart: unless-stopped
environment:
- TZ=Australia/Melbourne
- PLEX_CLAIM=
- PLEX_UID=500
- PLEX_GID=500
hostname: plex_dp
volumes:
- /myth/opt/plex/config:/config
- /myth/opt/plex/transcode:/transcode
- /myth/opt/storage:/data
ports:
- "32400:32400"
# - "1900:1900"
- "3005:3005"
- "5353:5353"
- "8324:8324"
- "32410:32410"
- "32412:32412"
- "32413:32413"
- "32414:32414"
- "32469:32469"
# auto-update docker images
watchtower:
image: containrrr/watchtower
container_name: watchtower
# should use --cleanup as well...
command: --schedule "0 0 3 * * *" --debug --stop-timeout 60s
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
hassio:
image: homeassistant/amd64-hassio-supervisor
container_name: hassio_supervisor
privileged: true
entrypoint: ["/bin/bash", "-c", "/scripts/start_hassio.sh"]
security_opt:
- seccomp:unconfined
environment:
- HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant
- SUPERVISOR_SHARE=/export/docker/container/hassio
- SUPERVISOR_NAME=hassio_supervisor
- DBUS_SYSTEM_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket
volumes:
- /export/docker/container/hassio:/data
- /export/docker/container/hassio/scripts:/scripts
- /var/run/docker.sock:/var/run/docker.sock
- /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
sabnzbd:
image: linuxserver/sabnzbd
container_name: sabnzbd
restart: unless-stopped
environment:
- PUID=500
- PGID=500
- TZ=Australia/Melbourne
volumes:
- /export/docker/container/sabnzbd/:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/incomplete-downloads:/incomplete-downloads
labels:
- "traefik.enable=true"
- "traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd/`)"
- "traefik.http.routers.sabnzbd.entrypoints=web"
# Monitoring
prometheus:
image: prom/prometheus:latest
container_name: prometheus
volumes:
- /export/docker/container/prometheus/:/etc/prometheus/
- /export/docker/container/prometheus/data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
- '--web.enable-lifecycle'
ports:
- 19090:9090
links:
- cadvisor:cadvisor
# - alertmanager:alertmanager
- node-exporter:node-exporter
depends_on:
- cadvisor
restart: always
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
ports:
- 19100:9100
restart: always
# alertmanager:
# image: prom/alertmanager:latest
# container_name: alertmanager
# ports:
# - 19093:9093
# volumes:
# - /export/docker/container/alertmanager/:/etc/alertmanager/
# restart: always
# command:
# - '--config.file=/etc/alertmanager/config.yml'
# - '--storage.path=/alertmanager'
cadvisor:
image: google/cadvisor:latest
container_name: cadvisor
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
ports:
- 18080:8080
restart: always
grafana:
image: grafana/grafana:latest
container_name: grafana
depends_on:
- prometheus
ports:
- 13000:3000
volumes:
- /export/docker/container/grafana/data:/var/lib/grafana
- /export/docker/container/grafana/dashboards:/var/lib/grafana/dashboards
- /export/docker/container/grafana/grafana/provisioning:/etc/grafana/provisioning
env_file:
- /export/docker/container/grafana/config.monitoring
# override the default network to use the "user-generated" plex-net
# weirdy, ONLY, user-generated networks allow DNS service discovery
# (e.g. comms between containers on the 'name', e.g. nzbget resolves to the
# internal ip on the bridged plex-net for the nzbget container)
# finally, this only worked when the host (mara) had a routable DNS server in
# /etc/resolv.conf -- It used to be a 127.0.0/24 addr, and this won't work in
# a docker network, so it was then rewritten to resolving off of 8.8.8.8 and no
# service discovery :(
networks:
default:
external:
name: media-net
Reference in New Issue View Git Blame Copy Permalink