-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcompose.yaml
More file actions
829 lines (798 loc) · 29.9 KB
/
compose.yaml
File metadata and controls
829 lines (798 loc) · 29.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
name: my-whole-server
services:
# ============================================================================ #
# ================================ AUTHELIA ================================== #
# ============================================================================ #
authelia-database:
image: postgres:16.1-alpine3.17@sha256:7e26cdee39d74f2f8cd527dc3bf8e675d008a2120fab3aded96d546ff12c9519
restart: unless-stopped
env_file:
- .env
environment:
POSTGRES_DB: authelia
POSTGRES_USER: authelia
POSTGRES_PASSWORD_FILE: /run/secrets/AUTHELIA_STORAGE_PASSWORD
volumes:
- authelia-database:/var/lib/postgresql/data
networks:
- authelia-backend
secrets:
- AUTHELIA_STORAGE_PASSWORD
authelia-redis:
image: redis:7.2-alpine3.18@sha256:3ce533b2b057f74b235d1d8697ae08b1b6ff0a5e16827ea6a377b6365693c7ed
restart: unless-stopped
networks:
- authelia-backend
authelia:
build: authelia
depends_on:
- authelia-database
- authelia-redis
- ldap
environment:
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN: ou=${LDAP_USER_DC}
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN: ou=${LDAP_GROUP_DC}
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN: ${LDAP_BASE_DN}
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: /run/secrets/LDAP_ADMIN_PASSWORD
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: ${AUTHELIA_LDAP_USER}
AUTHELIA_DEFAULT_REDIRECTION_URL: https://${BASE_DOMAIN}
AUTHELIA_JWT_SECRET_FILE: /run/secrets/AUTHELIA_JWT_SECRET
AUTHELIA_NOTIFIER_SMTP_USERNAME: ${SMTP_USERNAME}
AUTHELIA_NOTIFIER_SMTP_SENDER: "${AUTHELIA_SYSTEM_EMAIL_SENDER} <${AUTHELIA_SYSTEM_EMAIL}>"
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /run/secrets/SMTP_PASSWORD
AUTHELIA_NOTIFIER_SMTP_HOST: ${SMTP_HOST}
AUTHELIA_NOTIFIER_SMTP_TLS_SERVER_NAME: ${SMTP_HOST}
AUTHELIA_SESSION_DOMAIN: ${BASE_DOMAIN}
AUTHELIA_SESSION_SECRET_FILE: /run/secrets/AUTHELIA_SESSION_SECRET
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/AUTHELIA_STORAGE_PASSWORD
BASE_DOMAIN: ${BASE_DOMAIN}
HOST_IP: ${HOST_IP}
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY
networks:
- authelia-backend
- ldap-backend
- proxy
secrets:
- AUTHELIA_JWT_SECRET
- AUTHELIA_SESSION_SECRET
- AUTHELIA_STORAGE_PASSWORD
- AUTHELIA_STORAGE_ENCRYPTION_KEY
- LDAP_ADMIN_PASSWORD
- SMTP_PASSWORD
expose:
- 9091
labels:
traefik.http.routers.authelia.rule: Host(`auth.${BASE_DOMAIN}`)
traefik.http.routers.authelia.tls: true
traefik.http.routers.authelia.tls.certresolver: letsencrypt
traefik.http.services.authelia.loadbalancer.server.port: 9091
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# ================================= BORGMATIC ================================ #
# ============================================================================ #
borgmatic:
image: ghcr.io/borgmatic-collective/borgmatic:1.9.14@sha256:70bca87df9d84d45f50b4c56f55bb0f20e21341faacd0a07f89e43e3da50cd9e
environment:
BORG_PASSPHRASE_FILE: /run/secrets/BORGMATIC_ENCRYPTION_PASSPHRASE
CRON: "0 2 * * *"
TZ: Europe/Paris
env_file:
- ./borgmatic/envs/databases
- ./borgmatic/envs/borgbase
volumes:
- borg-config:/root/.config/borg
- borg-cache:/root/.cache/borg
- ./borgmatic/config:/etc/borgmatic.d
- ./borgmatic/scripts:/scripts:ro
- ./borgmatic/ssh:/root/.ssh
- adguard-conf:/volumes/adguard-conf
- nextcloud-data:/volumes/nextcloud-data
- plex-config:/volumes/plex-config
- synapse-data:/volumes/synapse-data
- vaultwarden-data:/volumes/vaultwarden-data
- /backup/local/borg/docker:/backup/local
- /var/run/docker.sock:/var/run/docker.sock
networks:
- authelia-backend
- nextcloud-backend
- synapse-backend
secrets:
- AUTHELIA_JWT_SECRET
- AUTHELIA_SESSION_SECRET
- AUTHELIA_STORAGE_ENCRYPTION_KEY
- AUTHELIA_STORAGE_PASSWORD
- BORGMATIC_ENCRYPTION_PASSPHRASE
- LDAP_ADMIN_PASSWORD
- NEXTCLOUD_STORAGE_PASSWORD
- SYNAPSE_STORAGE_PASSWORD
restart: unless-stopped
# ============================================================================ #
# ================================== GRAFANA ================================= #
# ============================================================================ #
prometheus:
build: prometheus
volumes:
- prometheus-data:/prometheus
networks:
- proxy #delete
- metrics
- seedbox-metrics
labels: # delete
traefik.http.routers.prom.rule: Host(`prom.${BASE_DOMAIN}`)
traefik.http.routers.prom.tls: true
traefik.http.routers.prom.tls.certresolver: letsencrypt
traefik.http.services.prom.loadbalancer.server.port: 9090
traefik.http.routers.prom.middlewares: authelia@docker
traefik.enable: true
restart: unless-stopped
grafana:
image: grafana/grafana-oss:10.4.19@sha256:a9043254ba16fb10945cc27333963dfd08eccbb43b51f1222d831cc564e3a1f4
depends_on:
- prometheus
volumes:
- grafana-data:/var/lib/grafana
networks:
- metrics
- proxy
restart: unless-stopped
labels:
traefik.http.routers.grafana.rule: Host(`metrics.${BASE_DOMAIN}`)
traefik.http.routers.grafana.tls: true
traefik.http.routers.grafana.tls.certresolver: letsencrypt
traefik.http.services.grafana.loadbalancer.server.port: 3000
traefik.enable: true
node-exporter:
image: prom/node-exporter:v1.7.0@sha256:4cb2b9019f1757be8482419002cb7afe028fdba35d47958829e4cfeaf6246d80
command:
- "--path.procfs=/host/proc"
- "--path.rootfs=/rootfs"
- "--path.sysfs=/host/sys"
- "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|run|tmp)($$|/)"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
networks:
- metrics
restart: unless-stopped
# ============================================================================ #
# =================================== LDAP =================================== #
# ============================================================================ #
ldap:
image: osixia/openldap:1.5.0@sha256:18742e9c449c9c1afe129d3f2f3ee15fb34cc43e5f940a20f3399728f41d7c28
networks:
- ldap-backend
environment:
LDAP_ORGANISATION: ${ORGANISATION_NAME}
LDAP_DOMAIN: ${BASE_DOMAIN}
LDAP_BASE_DN: ${LDAP_BASE_DN}
LDAP_ADMIN_PASSWORD_FILE: /run/secrets/LDAP_ADMIN_PASSWORD
volumes:
- ldap-database:/var/lib/ldap
- ldap-config:/etc/ldap/slapd.d
secrets:
- LDAP_ADMIN_PASSWORD
restart: unless-stopped
phpldapadmin:
image: osixia/phpldapadmin:0.9.0@sha256:d112b82be1336f91e028b0348755133fda333992355b533419355a65c32ff9ad
depends_on:
- ldap
environment:
PHPLDAPADMIN_LDAP_HOSTS: ldap
PHPLDAPADMIN_HTTPS: false
networks:
- ldap-backend
- proxy
labels:
traefik.http.routers.ldap.rule: Host(`ldap.${BASE_DOMAIN}`)
traefik.http.routers.ldap.tls: true
traefik.http.routers.ldap.tls.certresolver: letsencrypt
traefik.http.routers.ldap.middlewares: authelia@docker
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# ================================= NEXCTLOUD ================================ #
# ============================================================================ #
nextcloud-database:
image: mariadb:11.3-jammy@sha256:e101f9db31916a5d4d7d594dd0dd092fb23ab4f499f1d7a7425d1afd4162c4bc
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
volumes:
- nextcloud-database:/var/lib/mysql
environment:
MYSQL_RANDOM_ROOT_PASSWORD: 1
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD_FILE: /run/secrets/NEXTCLOUD_STORAGE_PASSWORD
networks:
- nextcloud-backend
secrets:
- NEXTCLOUD_STORAGE_PASSWORD
restart: unless-stopped
nextcloud-redis:
image: redis:7.2-alpine3.18@sha256:3ce533b2b057f74b235d1d8697ae08b1b6ff0a5e16827ea6a377b6365693c7ed
restart: unless-stopped
env_file:
- .env
networks:
- nextcloud-backend
nextcloud-app:
image: nextcloud:31.0.6-fpm@sha256:85b223e81f87ed79b0974532f694e2297e3ab372c6b858fe1848b3955747b08a
depends_on:
- nextcloud-database
- nextcloud-redis
volumes:
- nextcloud-data:/var/www/html
- /data/media:/media:ro
environment:
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_HOST: nextcloud-database
MYSQL_PASSWORD_FILE: /run/secrets/NEXTCLOUD_STORAGE_PASSWORD
REDIS_HOST: nextcloud-redis
NEXTCLOUD_TRUSTED_DOMAINS: cloud.${BASE_DOMAIN}
TRUSTED_PROXIES: reverse-proxy
networks:
- nextcloud-backend
secrets:
- NEXTCLOUD_STORAGE_PASSWORD
restart: unless-stopped
nextcloud-web:
build: nextcloud
depends_on:
- nextcloud-app
volumes:
- nextcloud-data:/var/www/html
- /data/media:/media:ro
networks:
- nextcloud-backend
- proxy
labels:
traefik.http.routers.nextcloud.rule: Host(`cloud.${BASE_DOMAIN}`)
traefik.http.routers.nextcloud.tls: true
traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
traefik.http.services.nextcloud.loadbalancer.server.port: 80
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# =================================== OTEL =================================== #
# ============================================================================ #
jaeger:
build:
context: otel
dockerfile: jaeger.Dockerfile
environment:
SPAN_STORAGE_TYPE: badger
BADGER_EPHEMERAL: false
BADGER_DIRECTORY_VALUE: /badger/data
BADGER_DIRECTORY_KEY: /badger/key
volumes:
- otel-data:/badger
networks:
- proxy
- seedbox-metrics
- traefik
labels:
traefik.http.routers.jaeger.rule: Host(`traces.${BASE_DOMAIN}`)
traefik.http.routers.jaeger.tls: true
traefik.http.routers.jaeger.tls.certresolver: letsencrypt
traefik.http.routers.jaeger.middlewares: authelia@docker
traefik.http.services.jaeger.loadbalancer.server.port: 16686
traefik.enable: true
restart: unless-stopped
otel-collector:
image: otel/opentelemetry-collector-contrib:0.111.0@sha256:a2a52e43c1a80aa94120ad78c2db68780eb90e6d11c8db5b3ce2f6a0cc6b5029
command: --config /etc/otelcol/otel-collector-config.yml
depends_on:
- jaeger
volumes:
- ./otel/collector/config.yml:/etc/otelcol/otel-collector-config.yml
networks:
- proxy
- seedbox-metrics
labels:
traefik.http.routers.jaeger-http-collector.rule: Host(`http.collector.traces.${BASE_DOMAIN}`)
traefik.http.routers.jaeger-http-collector.tls: true
traefik.http.routers.jaeger-http-collector.tls.certresolver: letsencrypt
traefik.http.routers.jaeger-http-collector.middlewares: authelia@docker
traefik.http.services.jaeger-http-collector.loadbalancer.server.port: 4318
traefik.enable: true
# ============================================================================ #
# ================================== SEEDBOX ================================= #
# ============================================================================ #
vpn:
image: dperson/openvpn-client@sha256:d174047b57d51734143325ad7395210643025e6516ba60a937e9319dbb462293
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
volumes:
- ./seedbox/openvpn:/vpn:ro
dns:
- "8.8.8.8"
- "8.8.4.4"
logging:
options:
max-size: "2m"
max-file: "3"
environment:
- FIREWALL
- TZ=Europe/Paris
networks:
- proxy
- seedbox-indexer
- seedbox-metrics
- seedbox-torrenting
labels:
traefik.http.routers.joal.rule: Host(`joal.${BASE_DOMAIN}`)
traefik.http.routers.joal.service: joal
traefik.http.routers.joal.tls: true
traefik.http.routers.joal.tls.certresolver: letsencrypt
traefik.http.routers.joal.middlewares: authelia@docker
traefik.http.services.joal.loadbalancer.server.port: 4494
traefik.http.routers.transmission.rule: Host(`transmission.${BASE_DOMAIN}`)
traefik.http.routers.transmission.service: transmission
traefik.http.routers.transmission.tls: true
traefik.http.routers.transmission.tls.certresolver: letsencrypt
traefik.http.services.transmission.loadbalancer.server.port: 9091
traefik.http.routers.transmission.middlewares: authelia@docker
traefik.http.routers.jackett.rule: Host(`jackett.${BASE_DOMAIN}`)
traefik.http.routers.jackett.service: jackett
traefik.http.services.jackett.loadbalancer.server.port: 9117
traefik.http.routers.jackett.tls: true
traefik.http.routers.jackett.tls.certresolver: letsencrypt
traefik.http.routers.jackett.middlewares: authelia@docker
traefik.enable: true
restart: unless-stopped
joal:
build: seedbox/joal
restart: unless-stopped
network_mode: "service:vpn"
volumes:
- ./seedbox/joal/data:/data
command: ["--joal-conf=/data", "--spring.main.web-environment=true", "--server.port=4494", "--joal.ui.path.prefix=${JOAL_PATH_PREFIX}", "--joal.ui.secret-token=${JOAL_SECRET_TOKEN}"]
transmission:
image: linuxserver/transmission:4.0.6@sha256:d74effa653514ed76047cf3b4c11e19faef1678769844782e0db3c9294701870
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
network_mode: "service:vpn"
volumes:
- /data/torrent:/downloads
- transmission-config:/config
restart: unless-stopped
flaresolverr:
image: alexfozor/flaresolverr:pr-1300-experimental@sha256:3e5e1335c31365b5b0d9a737097c6a719de0ba49fed7db65cd828d75ae1bbecb
environment:
- LOG_LEVEL=${LOG_LEVEL:-info}
- LOG_HTML=${LOG_HTML:-false}
- CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
- TZ=Europe/Paris
network_mode: "service:vpn"
restart: unless-stopped
fleischel:
image: ghcr.io/valfur03/fleischel@sha256:f0dc6fefd24e585744a22a15466f0564d071df3a8c590f649a684d75d4b194d7
networks:
- seedbox-torrenting
environment:
TRANSMISSION_HOST: vpn
LOG_LEVEL: debug
restart: unless-stopped
jackett:
image: lscr.io/linuxserver/jackett:0.22.1830@sha256:75db3257ae4b6c30d87a274488b4c8301ffd856039be2d51cb585e92fd3a2885
depends_on:
- flaresolverr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
volumes:
- jackett-config:/config
- jackett-downloads:/downloads
network_mode: "service:vpn"
restart: unless-stopped
sonarr:
image: lscr.io/linuxserver/sonarr:4.0.12@sha256:ca71add37a9cdbb914c7bd5b06f98bf5d2062848c8de6ac3ee09e69a4c170b27
environment:
- PUID=0
- PGID=0
- TZ=Europe/Paris
volumes:
- sonarr-config:/config
- /data:/data
networks:
- seedbox-indexer
- proxy
- seedbox-torrenting
labels:
traefik.http.routers.sonarr.rule: Host(`sonarr.${BASE_DOMAIN}`)
traefik.http.services.sonarr.loadbalancer.server.port: 8989
traefik.http.routers.sonarr.tls: true
traefik.http.routers.sonarr.tls.certresolver: letsencrypt
traefik.http.routers.sonarr.middlewares: authelia@docker, sonarr-auth-header@docker
traefik.enable: true
restart: unless-stopped
radarr:
image: lscr.io/linuxserver/radarr:4.7.5@sha256:a7e8acff3f429351d2dfa1c887d751d13b8e974cd423841ed52be4203a4b1941
environment:
- PUID=0
- PGID=0
- TZ=Europe/Paris
volumes:
- radarr-config:/config
- /data:/data
networks:
- seedbox-indexer
- proxy
- seedbox-torrenting
labels:
traefik.http.routers.radarr.rule: Host(`radarr.${BASE_DOMAIN}`)
traefik.http.services.radarr.loadbalancer.server.port: 7878
traefik.http.routers.radarr.tls: true
traefik.http.routers.radarr.tls.certresolver: letsencrypt
traefik.http.routers.radarr.middlewares: authelia@docker
traefik.enable: true
restart: unless-stopped
plex:
image: lscr.io/linuxserver/plex:1.41.3@sha256:ec54f85c19b3575c63929c260a0d8c360d57d41f3597ac9184cb134b6c634137
environment:
PUID: 1000
PGID: 1000
VERSION: docker
volumes:
- plex-config:/config
- /data:/data
networks:
- proxy
labels:
traefik.http.routers.plex.rule: Host(`plex.${BASE_DOMAIN}`)
traefik.http.services.plex.loadbalancer.server.port: 32400
traefik.http.routers.plex.tls: true
traefik.http.routers.plex.tls.certresolver: letsencrypt
traefik.enable: true
restart: unless-stopped
transmission-exporter:
build: transmission-exporter
restart: always
networks:
- seedbox-metrics
environment:
TRANSMISSION_ADDR: http://vpn:9091
# ============================================================================ #
# =================================== S-PDF ================================== #
# ============================================================================ #
s-pdf:
image: frooodle/s-pdf:0.41.0@sha256:a570b6f6522d49fbef616e4fef97f7aff35ce046daee16de4e2fa4699a042d33
networks:
- proxy
labels:
traefik.http.routers.s-pdf.rule: Host(`s-pdf.${BASE_DOMAIN}`)
traefik.http.services.s-pdf.loadbalancer.server.port: 8080
traefik.http.routers.s-pdf.tls: true
traefik.http.routers.s-pdf.tls.certresolver: letsencrypt
traefik.http.routers.s-pdf.middlewares: authelia@docker
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# ================================== SYNAPSE ================================= #
# ============================================================================ #
synapse-database:
image: postgres:16.1-alpine3.17@sha256:7e26cdee39d74f2f8cd527dc3bf8e675d008a2120fab3aded96d546ff12c9519
volumes:
- synapse-database:/var/lib/postgresql/data
networks:
- synapse-backend
environment:
POSTGRES_DB: synapse
POSTGRES_USER: synapse
POSTGRES_PASSWORD_FILE: /run/secrets/SYNAPSE_STORAGE_PASSWORD
POSTGRES_INITDB_ARGS: --encoding=UTF8 --locale=C
secrets:
- SYNAPSE_STORAGE_PASSWORD
restart: unless-stopped
# synapse-app:
# image: matrixdotorg/synapse:v1.98.0
# depends_on:
# - synapse-database
# volumes:
# - synapse-data:/data
# networks:
# - synapse-backend
# - proxy
# labels:
# traefik.http.routers.synapse.rule: Host(`matrix.${BASE_DOMAIN}`)
# traefik.http.services.synapse.loadbalancer.server.port: 8008
# traefik.http.routers.synapse.tls: true
# traefik.http.routers.synapse.tls.certresolver: letsencrypt
# traefik.enable: true
# restart: unless-stopped
synapse-syncv3-database:
image: postgres:16.1-alpine3.17@sha256:7e26cdee39d74f2f8cd527dc3bf8e675d008a2120fab3aded96d546ff12c9519
volumes:
- synapse-syncv3-database:/var/lib/postgresql/data
networks:
- synapse-backend
environment:
POSTGRES_DB: synapse-syncv3
POSTGRES_USER: synapse-syncv3
POSTGRES_PASSWORD: ${SYNAPSE_SYNCV3_STORAGE_PASSWORD}
POSTGRES_INITDB_ARGS: --encoding=UTF8 --locale=C
secrets:
- SYNAPSE_STORAGE_PASSWORD
restart: unless-stopped
# synapse-syncv3-proxy:
# image: ghcr.io/matrix-org/sliding-sync:latest # TODO use no latest
# depends_on:
# - synapse-app
# - synapse-syncv3-database
# environment:
# SYNCV3_SERVER: https://matrix.${BASE_DOMAIN}
# SYNCV3_SECRET: ${SYNAPSE_SYNCV3_SECRET} # TODO can it be set in Docker Secret?
# SYNCV3_DB: user=synapse-syncv3 dbname=synapse-syncv3 sslmode=disable host=synapse-syncv3-database password=${SYNAPSE_SYNCV3_STORAGE_PASSWORD} # TODO can it be set in Docker Secret?
# networks:
# - synapse-backend
# - proxy
# labels:
# traefik.http.routers.synapse-syncv3.rule: Host(`syncv3.matrix.${BASE_DOMAIN}`)
# traefik.http.services.synapse-syncv3.loadbalancer.server.port: 8008
# traefik.http.routers.synapse-syncv3.tls: true
# traefik.http.routers.synapse-syncv3.tls.certresolver: letsencrypt
# traefik.enable: true
# restart: unless-stopped
# ============================================================================ #
# ================================== TRAEFIK ================================= #
# ============================================================================ #
socket-proxy:
image: tecnativa/docker-socket-proxy@sha256:3400c429c5f9e1b21d62130fb93b16e2e772d4fb7695bd52fc2b743800b9fe9e
environment:
CONTAINERS: 1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
restart: unless-stopped
reverse-proxy:
build: traefik
depends_on:
- socket-proxy
- authelia
ports:
- 80:80
- 443:443
environment:
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: ${SYSTEM_EMAIL}
OVH_APPLICATION_KEY: ${OVH_APPLICATION_KEY}
OVH_APPLICATION_SECRET: ${OVH_APPLICATION_SECRET}
OVH_CONSUMER_KEY: ${OVH_CONSUMER_KEY}
OVH_ENDPOINT: ${OVH_ENDPOINT}
networks:
- proxy
- traefik
extra_hosts:
- host.docker.internal:172.17.0.1
volumes:
- traefik-acme:/etc/traefik/acme
labels:
traefik.http.middlewares.authelia.forwardAuth.address: http://authelia:9091/api/verify?rd=https%3A%2F%2Fauth.${BASE_DOMAIN}%2F
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
traefik.http.middlewares.sonarr-auth-header.headers.customrequestheaders.Authorization: Basic ${SONARR_BASIC_AUTH_TOKEN}
traefik.http.routers.traefik.rule: Host(`proxy.${BASE_DOMAIN}`)
traefik.http.routers.traefik.tls: true
traefik.http.routers.traefik.tls.certresolver: letsencrypt
traefik.http.routers.traefik.middlewares: authelia@docker
traefik.http.routers.traefik.service: api@internal
traefik.http.services.traefik.loadbalancer.server.port: 8080
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# ================================ VAULTWARDEN =============================== #
# ============================================================================ #
vaultwarden:
image: vaultwarden/server:1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664
environment:
ADMIN_TOKEN_FILE: /run/secrets/VAULTWARDEN_ADMIN_TOKEN
DOMAIN: "https://vault.${BASE_DOMAIN}"
SIGNUPS_ALLOWED: "false"
SMTP_HOST: ${SMTP_HOST}
SMTP_FROM: ${VAULTWARDEN_SYSTEM_EMAIL}
SMTP_PORT: 587
SMTP_SECURITY: starttls
SMTP_USERNAME: ${SMTP_USERNAME}
SMTP_PASSWORD_FILE: /run/secrets/SMTP_PASSWORD
WEBSOCKET_ENABLED: "true"
volumes:
- vaultwarden-data:/data
networks:
- proxy
secrets:
- SMTP_PASSWORD
- VAULTWARDEN_ADMIN_TOKEN
labels:
traefik.http.routers.vaultwarden.rule: Host(`vault.${BASE_DOMAIN}`)
traefik.http.routers.vaultwarden.service: vaultwarden
traefik.http.routers.vaultwarden.tls: true
traefik.http.routers.vaultwarden.tls.certresolver: letsencrypt
traefik.http.services.vaultwarden.loadbalancer.server.port: 80
traefik.http.routers.vaultwarden-ws.rule: Host(`vault.${BASE_DOMAIN}`) && Path(`/notifications/hub`)
traefik.http.routers.vaultwarden-ws.service: vaultwarden-ws
traefik.http.routers.vaultwarden-ws.tls: true
traefik.http.routers.vaultwarden-ws.tls.certresolver: letsencrypt
traefik.http.services.vaultwarden-ws.loadbalancer.server.port: 3012
traefik.http.routers.vaultwarden-admin.rule: Host(`vault.${BASE_DOMAIN}`) && (Path(`/admin`) || PathPrefix(`/admin/`))
traefik.http.routers.vaultwarden-admin.service: vaultwarden
traefik.http.routers.vaultwarden-admin.tls: true
traefik.http.routers.vaultwarden-admin.tls.certresolver: letsencrypt
traefik.http.routers.vaultwarden-admin.middlewares: authelia@docker
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# ================================= VIDLVERY ================================= #
# ============================================================================ #
vidlvery:
image: ghcr.io/valfur03/vidlvery:0.0.1-alpha.20@sha256:556833950553ef57fdd20d82c3f5d6ac6d1e4fe5ca77a970db131df764a4adc8
environment:
PUBLIC_DIRECTORY_PATH: /var/www/html
VIDEOS_BASE_URL: "https://${BASE_DOMAIN}/vid"
DISABLE_FFMPEG: false
SMTP_HOST: ${SMTP_HOST}
SMTP_PORT: 465
SMTP_SECURE: true
SMTP_FROM: "${VIDLVERY_SYSTEM_EMAIL_SENDER} <${VIDLVERY_SYSTEM_EMAIL}>"
SMTP_USER: ${SMTP_USERNAME}
SMTP_PASS_FILE: /run/secrets/SMTP_PASSWORD
volumes:
- vidlvery-public-directory:/var/www/html
networks:
- proxy
secrets:
- SMTP_PASSWORD
labels:
traefik.http.routers.vidlvery.rule: Host(`vid.${BASE_DOMAIN}`)
traefik.http.routers.vidlvery.tls: true
traefik.http.routers.vidlvery.tls.certresolver: letsencrypt
traefik.http.routers.vidlvery.middlewares: authelia@docker
traefik.http.services.vidlvery.loadbalancer.server.port: 3000
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# ==================================== WEB =================================== #
# ============================================================================ #
web:
build: web
volumes:
- vidlvery-public-directory:/usr/share/nginx/html/vid
networks:
- proxy
labels:
traefik.http.routers.web.rule: Host(`${BASE_DOMAIN}`)
traefik.http.routers.web.tls: true
traefik.http.routers.web.tls.domains[0].main: ${BASE_DOMAIN}
traefik.http.routers.web.tls.domains[0].sans: "*.${BASE_DOMAIN}"
traefik.http.routers.web.tls.certresolver: letsencrypt
traefik.enable: true
restart: unless-stopped
# ============================================================================ #
# ================================= WIREGUARD ================================ #
# ============================================================================ #
adguard:
image: adguard/adguardhome:v0.107.71@sha256:92929135ced2554aaf94706f766a98ad348f211df61b0704e2db7e8498cc00b7
volumes:
- adguard-work:/opt/adguardhome/work
- adguard-conf:/opt/adguardhome/conf
networks:
proxy:
AAA-vpn:
ipv4_address: "10.8.1.3"
labels:
traefik.http.routers.adguard.rule: Host(`adguard.${BASE_DOMAIN}`)
traefik.http.routers.adguard.tls: true
traefik.http.routers.adguard.tls.certresolver: letsencrypt
traefik.http.services.adguard.loadbalancer.server.port: 80
traefik.enable: true
restart: unless-stopped
wireguard:
image: ghcr.io/wg-easy/wg-easy:14@sha256:5f26407fd2ede54df76d63304ef184576a6c1bb73f934a58a11abdd852fab549
depends_on:
- reverse-proxy
ports:
- 51820:51820/udp
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
net.ipv4.conf.all.src_valid_mark: 1
net.ipv4.ip_forward: 1
env_file:
- .env
environment:
WG_HOST: "${HOST_IP}"
WG_DEFAULT_DNS: "10.8.1.3"
volumes:
- wireguard:/etc/wireguard
networks:
AAA-vpn:
ipv4_address: "10.8.1.2"
proxy:
labels:
traefik.http.routers.wireguard.rule: Host(`wireguard.${BASE_DOMAIN}`)
traefik.http.routers.wireguard.tls: true
traefik.http.routers.wireguard.tls.certresolver: letsencrypt
traefik.http.routers.wireguard.middlewares: authelia@docker
traefik.http.services.wireguard.loadbalancer.server.port: 51821
traefik.enable: true
restart: unless-stopped
volumes:
adguard-conf:
adguard-work:
authelia-database:
borg-cache:
borg-config:
grafana-data:
nextcloud-data:
nextcloud-database:
jackett-config:
jackett-downloads:
jellyfin-config:
ldap-config:
ldap-database:
otel-data:
plex-config:
prometheus-data:
sonarr-config:
radarr-config:
synapse-data:
synapse-database:
synapse-syncv3-database:
traefik-acme:
transmission-config:
vaultwarden-data:
vidlvery-public-directory:
wireguard:
networks:
authelia-backend:
ldap-backend:
metrics:
proxy:
ipam:
driver: default
config:
- subnet: 172.47.0.0/16
nextcloud-backend:
seedbox-indexer:
seedbox-metrics:
seedbox-torrenting:
synapse-backend:
traefik:
AAA-vpn:
# The network is named this way to ensure (as much as I have understood)
# that the interface used inside the container is eth0.
# The below issue offers another solution that is not well extensible
# according to me. Furthermore, it didn't work when I tried.
# https://github.com/wg-easy/wg-easy/issues/291
ipam:
driver: default
config:
- subnet: 10.8.1.0/24
secrets:
AUTHELIA_JWT_SECRET:
file: ./authelia/secrets/JWT_SECRET
AUTHELIA_SESSION_SECRET:
file: ./authelia/secrets/SESSION_SECRET
AUTHELIA_STORAGE_PASSWORD:
file: ./authelia/secrets/STORAGE_PASSWORD
AUTHELIA_STORAGE_ENCRYPTION_KEY:
file: ./authelia/secrets/STORAGE_ENCRYPTION_KEY
BORGMATIC_ENCRYPTION_PASSPHRASE:
file: ./borgmatic/secrets/ENCRYPTION_PASSPHRASE
LDAP_ADMIN_PASSWORD:
file: ./ldap/secrets/ADMIN_PASSWORD
NEXTCLOUD_STORAGE_PASSWORD:
file: ./nextcloud/secrets/STORAGE_PASSWORD
SMTP_PASSWORD:
file: ./secrets/SMTP_PASSWORD
SYNAPSE_STORAGE_PASSWORD:
file: ./synapse/secrets/STORAGE_PASSWORD
VAULTWARDEN_ADMIN_TOKEN:
file: ./vaultwarden/secrets/ADMIN_TOKEN