├── .gitignore ├── APPS.md ├── CHANGELOG.md ├── LICENSE ├── README.md ├── announcement ├── compose ├── adminer.yml ├── airsonic-advanced.yml ├── audiobookshelf.yml ├── authelia.yml ├── authentik-worker.yml ├── authentik.yml ├── baikal.yml ├── bazarr.yml ├── beets.yml ├── bookstack.yml ├── cadvisor.yml ├── calibre-web.yml ├── calibre.yml ├── change-detection.yml ├── chromium.yml ├── cloud-commander.yml ├── cloudflare-tunnel.yml ├── cloudflared.yml ├── crowdsec.yml ├── custom.yml ├── cyberchef.yml ├── dashy.yml ├── ddns-updater.yml ├── deployrr-dashboard.yml ├── deunhealth.yml ├── digikam.yml ├── docker-gc.yml ├── dockwatch.yml ├── dokuwiki.yml ├── double-commander.yml ├── dozzle-agent.yml ├── dozzle.yml ├── dweebui.yml ├── emby.yml ├── esphome.yml ├── filezilla.yml ├── flame.yml ├── flaresolverr.yml ├── flowise.yml ├── freshrss.yml ├── funkwhale.yml ├── gamevault.yml ├── glances.yml ├── gluetun.yml ├── gonic.yml ├── gotenberg.yml ├── gptwol.yml ├── grafana.yml ├── grocy.yml ├── guacamole.yml ├── guacd.yml ├── heimdall.yml ├── hemmelig.yml ├── homarr.yml ├── home-assistant.yml ├── homebridge.yml ├── homepage.yml ├── immich-db.yml ├── immich-ml.yml ├── immich.yml ├── influxdb.yml ├── it-tools.yml ├── jackett.yml ├── jellyfin.yml ├── jellyseerr.yml ├── kasm.yml ├── kavita.yml ├── kometa.yml ├── komga.yml ├── lidarr.yml ├── lollypop.yml ├── maintainerr.yml ├── mariadb.yml ├── mosquitto.yml ├── mqttx-web.yml ├── mylar3.yml ├── n8n.yml ├── navidrome.yml ├── netdata.yml ├── nextcloud.yml ├── node-exporter.yml ├── node-red.yml ├── notifiarr.yml ├── nzbget.yml ├── oauth.yml ├── ollama.yml ├── ombi.yml ├── open-webui.yml ├── openhands.yml ├── organizr.yml ├── overseerr.yml ├── paperless-ai.yml ├── paperless-ngx.yml ├── pdfding.yml ├── pgadmin.yml ├── photoshow.yml ├── phpmyadmin.yml ├── pihole.yml ├── piwigo.yml ├── plex.yml ├── portainer.yml ├── postgresql.yml ├── privatebin.yml ├── prometheus.yml ├── prowlarr.yml ├── qbittorrent-vpn.yml ├── qbittorrent.yml ├── qdrant.yml ├── radarr.yml ├── readarr.yml ├── redis-commander.yml ├── redis.yml ├── remmina.yml ├── resilio-sync.yml ├── sabnzbd.yml ├── scrutiny.yml ├── searxng.yml ├── smokeping.yml ├── socket-proxy.yml ├── sonarr.yml ├── speedtest-tracker.yml ├── sshwifty.yml ├── starter.yml ├── stirling-pdf.yml ├── tailscale.yml ├── tautulli.yml ├── thelounge.yml ├── theme-park.yml ├── tika.yml ├── tinyauth.yml ├── traefik-access-log.yml ├── traefik-certs-dumper.yml ├── traefik-error-log.yml ├── traefik.yml ├── transmission.yml ├── triliumnext.yml ├── uptime-kuma.yml ├── vaultwarden.yml ├── vikunja.yml ├── vscode.yml ├── wallos.yml ├── weaviate.yml ├── wg-easy.yml ├── wikidocs.yml ├── wud.yml ├── xpipe-webtop.yml └── zerotier.yml ├── deployrr_v5.8-arm.app ├── deployrr_v5.8.app ├── images ├── deployarr_logo.png ├── deployrr-logo.png ├── v4 │ ├── 01 Deployarr 4 - Spash.png │ ├── 02 Deployarr 4 - Main Menu.png │ ├── 03 Deployarr 4 - Disclaimers.png │ ├── 04 Deployarr 4 - System Prep Menu.png │ ├── 05 Deployarr 4 - Set Folders.png │ ├── 06 Deployarr 4 - Docker Sub Menu.png │ ├── 07 Deployarr 4 - Reverse Proxy Sub Menu.png │ ├── 08 Deployarr 4 - Security Sub Menu.png │ ├── 09 Deployarr 4 - Apps Sub Menu 1.png │ ├── 10 Deployarr 4 - App Install.png │ ├── 11 Deployarr 4 - App Uninstall.png │ ├── 12 Deployarr 4 - Tools Sub Menu.png │ ├── 13 Deployarr 4 - Stack Manager.png │ ├── 14 Deployarr 4 - Containers Status.png │ ├── 15 Deployarr 4 - Services Status.png │ ├── 16 Deployarr 4 - Backups Sub Menu.png │ ├── 17 Deployarr 4 - Restore Backups.png │ ├── 18 Deployarr 4 - Deployarr Settings Menu.png │ ├── 19 Deployarr 4 - About Sub Menu.png │ ├── 21 Deployarr 4 - Getting Support.png │ ├── Deployarr 4 - 40 plus Docker Apps.png │ ├── Deployarr 4 - 50 plus Docker Apps.png │ ├── Deployarr 4 - 60 plus Docker Apps.png │ ├── Deployarr 4 - 75 plus Docker Apps.png │ ├── Deployarr App Logos 50.png │ ├── Deployarr App Logos 75.png │ └── Deployarr App Logos.png └── v5 │ ├── 01 Deployarr v5 Splash Screen.png │ ├── 02 Deployarr v5 Main Menu.png │ ├── 02a local only setup.png │ ├── 02a system checks output.png │ ├── 02b hybrid setup.png │ ├── 03 Deployarr v5 Prerequisites.png │ ├── 04 Deployarr v5 System Preparation.png │ ├── 05 Deployarr v5 Rclone Options.png │ ├── 06 Deployarr v5 Set Folders.png │ ├── 07 Deployarr v5 Docker Options.png │ ├── 08 Deployarr v5 Reverse Proxy Options.png │ ├── 08a Traefik Error.png │ ├── 09 Deployarr v5 Security Options.png │ ├── 10 Deployarr 4 - App Install.png │ ├── 10 Deployarr v5 Manage Authentication.png │ ├── 11 Deployarr 4 - App Uninstall.png │ ├── 11 Deployarr v5 Apps Menu.png │ ├── 11a Deployarr v5 Deployarr Dashboard.png │ ├── 12 Deployarr v5 Tools Menu.png │ ├── 13 Deployarr v5 Stack Manager.png │ ├── 14 Deployarr 4 - Containers Status.png │ ├── 14 Deployarr v5 Backups Menu.png │ ├── 15 Deployarr 4 - Services Status.png │ ├── 15 Deployarr v5 Settings.png │ ├── 16 Deployarr v5 License Types.png │ ├── 17 Deployarr 4 - Restore Backups.png │ ├── 18 setup options.png │ ├── Deployarr App Logos 100 Supported Apps.png │ ├── Deployarr App Logos 100.png │ ├── Deployarr App Logos 115.png │ ├── Deployarr App Logos 135.png │ ├── Deployarr App Logos 140.png │ ├── Deployarr Version 5 Intro.png │ ├── Deployarr v5 with 75 Apps.png │ ├── Deployarr v5 with 90 Apps Thumbnail.png │ ├── Deployrr App Logos 140.png │ ├── deployarr stats dec 2024-2.png │ ├── deployarr stats dec 2024.png │ ├── deployarr stats jan 2025.png │ ├── deployarr stats march 2025.png │ ├── deployarr stats nov 2024.png │ ├── deployarr stats sep 2024.png │ └── deployrr stats apr 2025.png ├── includes ├── authelia │ ├── chain-authelia.yml │ ├── configuration.yml │ ├── duo.yml │ ├── middlewares-authelia.yml │ └── users.yml ├── authentik │ ├── chain-authentik.yml │ └── middlewares-authentik.yml ├── crowdsec │ ├── acquis-traefik.yaml │ ├── acquis.yaml │ ├── crowdsec-firewall-bouncer.yaml │ └── custom-whitelists.yaml ├── dashy │ └── starter-conf.yml ├── ddns-updater │ └── config.json ├── deployrr-dashboard │ ├── bookmarks.yaml │ ├── deployrr_icon.ico │ ├── deployrr_icon.png │ ├── docker.yaml │ ├── service-template-core.yaml │ ├── service-template-web-local.yaml │ ├── service-template-web-remote.yaml │ ├── services.yaml │ ├── settings.yaml │ └── widgets.yaml ├── devices_gpu.yml ├── docker-gc │ └── docker-gc-exclude ├── docker │ ├── custom.yml │ └── starter.yml ├── docker_aliases ├── docker_aliases_bashrc ├── glances │ └── glances.conf ├── guacamole │ └── app-guacamole.yml ├── home-assistant │ └── trusted_proxies.yaml ├── mariadb │ └── db_create.sql ├── mosquitto │ └── mosquitto.conf ├── oauth │ ├── chain-oauth.yml │ ├── middlewares-oauth.yml │ └── oauth-secrets-template ├── os │ ├── resolved.conf │ └── smb-mount-template ├── privatebin │ └── conf.php ├── prometheus │ └── prometheus.yml ├── qbittorrent │ └── qBittorrent.conf ├── rclone │ ├── rclone-mount-template.service │ ├── rclone-template.conf │ ├── start-media-after-boot.service │ └── start-media-after-boot.sh ├── scrutiny │ └── scrutiny.yaml ├── searxng │ └── limiter.toml ├── sshwifty │ └── sshwifty.conf.json ├── ssmtp │ └── ssmtp.conf ├── tinyauth │ ├── chain-tinyauth.yml │ ├── middlewares-tinyauth.yml │ └── users_file └── traefik │ ├── app-http-bypass-template.yml │ ├── app-http-template.yml │ ├── app-https-ssc-bypass-template.yml │ ├── app-https-ssc-template.yml │ ├── chain-basic-auth.yml │ ├── chain-nextcloud.yml │ ├── chain-no-auth.yml │ ├── domain-passthrough-template.yml │ ├── labels-auth-bypass-template.yml │ ├── labels-template.yml │ ├── middlewares-basic-auth.yml │ ├── middlewares-buffering.yml │ ├── middlewares-compress.yml │ ├── middlewares-nextcloud.yml │ ├── middlewares-rate-limit.yml │ ├── middlewares-secure-headers.yml │ ├── t2_proxy_network.yml │ ├── t3_proxy_network.yml │ ├── tls-opts.yml │ ├── traefik.yml │ └── traefik_global_secrets_template.yml ├── latest-version └── scripts └── iptables-reset.sh /.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | */ 3 | 4 | !deployrr_v5.8.app 5 | !deployrr_v5.8-arm.app 6 | 7 | !.gitignore 8 | !announcement 9 | !CHANGELOG.md 10 | !latest-version 11 | !LICENSE 12 | !README.md 13 | !APPS.md 14 | dpf* 15 | dpm* 16 | *.sh 17 | 18 | !compose 19 | compose/* 20 | !compose/*.yml 21 | 22 | !images 23 | !images/* 24 | !images/*/* 25 | 26 | !includes 27 | !includes/* 28 | !includes/*/* 29 | 30 | !scripts 31 | scripts/* 32 | !scripts/*.sh 33 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | # Deployrr License 2 | 3 | Copyright (c) 2025 SimpleHomelab. All rights reserved. 4 | 5 | TERMS AND CONDITIONS FOR USE OF DEPLOYRR BINARY 6 | 7 | 1. Definitions 8 | - "Software" refers to the compiled Deployrr application and its associated files 9 | - "License" refers to this document 10 | - "You" refers to the individual or entity exercising permissions under this License 11 | 12 | 2. Grant of License 13 | This License grants you the following rights: 14 | a) To install and use the Software 15 | b) To make backup copies of the Software for your own use 16 | c) To use the Software for both personal and commercial purposes within the terms of your subscription 17 | 18 | 3. Restrictions 19 | You may not: 20 | a) Modify, reverse engineer, decompile, or disassemble the Software 21 | b) Distribute, sell, lease, rent, or sublicense the Software 22 | c) Remove or alter any proprietary notices on the Software 23 | d) Use the Software in violation of applicable laws 24 | 25 | 4. Open Source Components 26 | All non-compiled resources available in the repository (including but not limited to): 27 | - Docker Compose files 28 | - Example configurations 29 | - Documentation 30 | - Scripts 31 | Are provided under the MIT License and can be freely used, modified, and distributed without restrictions. 32 | 33 | 5. Subscription and Updates 34 | - Access to the Software is governed by your subscription status 35 | - Updates and support are provided according to your subscription tier 36 | 37 | 6. Termination 38 | This License automatically terminates if you fail to comply with its terms and conditions 39 | 40 | 7. Disclaimer of Warranty 41 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED 42 | 43 | 8. Limitation of Liability 44 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY 45 | 46 | 9. Support and Documentation 47 | - Documentation and community resources may be provided under separate licenses 48 | - Support is provided according to your subscription tier 49 | 50 | For questions about this license, contact: [legal@simplehomelab.com](mailto:legal@simplehomelab.com) 51 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Deployrr 2 | 3 | > Transform your homelab setup from complex to click! Deployrr is your all-in-one solution for automated Docker-based homelab deployment. 4 | 5 | [![Apps Supported](images/v5/Deployrr%20App%20Logos%20140.png)](APPS.md) 6 | 7 | ## What is Deployrr? 8 | 9 | Deployrr revolutionizes homelab setup by automating the deployment and configuration of Docker and Docker Compose environments. Whether you're a homelab enthusiast or a professional sysadmin, Deployrr streamlines the process of setting up and managing your containerized applications. 10 | 11 | ### Key Features 12 | 13 | - **Extensive App Support**: 140+ pre-configured applications ready for deployment 14 | - **Intelligent Automation**: Automated environment setup with smart system checks 15 | - **Enterprise-Grade Security**: 16 | - Socket-Proxy protection 17 | - CrowdSec integration 18 | - Multiple authentication options (Authentik, Authelia, TinyAuth, Google OAuth) 19 | - **Professional Networking**: 20 | - Advanced Traefik reverse proxy configuration 21 | - Flexible exposure modes (Internal, External, or Hybrid) 22 | - Multi-server and multi-domain support 23 | - **Smart Management**: 24 | - Intuitive stack management interface 25 | - Automated backup and restoration 26 | - Comprehensive monitoring and logging 27 | - Remote share mounting (SMB, NFS, Rclone) 28 | 29 | ## Quick Start 30 | 31 | ```bash 32 | bash -c "$(curl -fsSL https://www.deployrr.app/install.sh)" 33 | ``` 34 | 35 | ## Impact & Growth 36 | ![Deployrr Stats](images/v5/deployrr%20stats%20apr%202025.png) 37 | 38 | # Supported Apps 39 | Deployrr can automatically setup Socket Proxy, Traefik (fetch LE SSL certificates), Authentik, Authelia, TinyAuth, Portainer, Plex, Jellyfin, Starr Apps, Gluetun, Dozzle, Uptime-Kuma, Homepage, CrowdSec, and other apps. 40 | 41 | [Full List of Apps](APPS.md) 42 | 43 | ## Learn More 44 | 45 | - [Official Documentation](https://www.simplehomelab.com/deployrr/) 46 | - [Quick Start Guide (20 min)](https://www.simplehomelab.com/go/deployarr-v5-intro/) 47 | - [Comprehensive Tutorial](https://www.simplehomelab.com/go/deployarr-v5-detailed-guide/) 48 | 49 | ## Supported Environments 50 | 51 | - **Primary Platform**: Ubuntu and Debian-based systems 52 | - **Deployment Options**: Baremetal, VM, Windows WSL, and LXC environments 53 | 54 | ## License Options 55 | 56 | Deployrr offers flexible licensing to suit different needs: 57 | 58 | - **Free Tier**: Essential features for basic setups 59 | - **Paid Tiers**: 60 | - Basic 61 | - Plus 62 | - Pro 63 | 64 | [View Detailed Comparison](https://www.simplehomelab.com/deployrr/pricing/) 65 | 66 | Note: Annual [website memberships](https://www.simplehomelab.com/membership-account/join-the-geek-army/) include full Deployrr access! 67 | 68 | ## Support & Community 69 | 70 | Join our thriving community: 71 | - [Deployrr Docs](https://docs.deployrr.app) - Answers to many common questions, fixes for issues, and improvement ideas 72 | - [Discord Community](https://www.simplehomelab.com/discord/) - Get help and share experiences 73 | - [YouTube Channel](https://www.youtube.com/@Simple-Homelab) - Tutorial videos and updates 74 | 75 | ## Project Vision 76 | 77 | Deployrr isn't just another container manager - it's your pathway to homelab mastery. Our goal is to: 78 | - Simplify complex deployments 79 | - Enable rapid testing and experimentation 80 | - Foster learning through hands-on experience 81 | - Provide quick recovery options when needed 82 | 83 | ## Feature Showcase 84 | 85 |
86 | Click to view screenshots 87 | 88 | #### Dashboard & Management 89 | ![Deployrr Dashboard](images/v5/11a%20Deployarr%20v5%20Deployarr%20Dashboard.png) 90 | ![Stack Manager](images/v5/13%20Deployarr%20v5%20Stack%20Manager.png) 91 | 92 | #### Setup & Configuration 93 | ![System Checks](images/v5/02a%20system%20checks%20output.png) 94 | ![Security Options](images/v5/09%20Deployarr%20v5%20Security%20Options.png) 95 | 96 | [View More Screenshots](#screenshots) 97 |
98 | 99 | ## Known Limitations 100 | 101 | - DNS Challenge Provider: Currently Cloudflare-only 102 | - Port forwarding requirements: 80/443 103 | - Specific database-dependent apps may require manual database removal 104 | 105 | ## Contributing to Open Source 106 | 107 | Part of Deployrr's revenue supports open-source projects through [OpenCollective](https://opencollective.com/deployrr). 108 | 109 | --- 110 | 111 |
112 | 113 | **Transform your homelab journey with Deployrr** 114 | 115 | [Get Started](https://www.simplehomelab.com/deployrr/) | [Join Discord](https://www.simplehomelab.com/discord/) | [Watch Tutorial](https://www.simplehomelab.com/go/deployarr-v5-intro/) 116 | 117 |
118 | 119 | -------------------------------------------------------------------------------- /announcement: -------------------------------------------------------------------------------- 1 | \Z7 Announcement: \Zn Deployarr is now Deployrr (finally got the spelling right!). -------------------------------------------------------------------------------- /compose/adminer.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Adminer - Frontend for Various Databases (MariaDB, PostgreSQL, etc.) 3 | adminer: 4 | image: adminer:latest 5 | container_name: adminer 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$ADMINER_PORT:8080" 14 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/airsonic-advanced.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Airsonic Advanced - Music Server 3 | airsonic-advanced: 4 | image: lscr.io/linuxserver/airsonic-advanced 5 | container_name: airsonic-advanced 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | volumes: 13 | - $DOCKERDIR/appdata/airsonic-advanced/podcasts:/data/podcasts 14 | - $DOCKERDIR/appdata/airsonic-advanced/playlists:/data/playlists 15 | - $DOCKERDIR/appdata/airsonic-advanced/config:/config 16 | # - $MEDIADIR1:/data/media1 17 | # - $MEDIADIR2:/data/media2 18 | # - $MEDIADIR3:/data/media3 19 | ports: 20 | - "$AIRSONICADVANCED_PORT:4040" 21 | environment: 22 | TZ: $TZ 23 | PUID: $PUID 24 | PGID: $PGID 25 | JAVA_OPTS: '-Dserver.forward-headers-strategy=native' # optional - if you use a reverse-proxy 26 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/audiobookshelf.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Audiobookshelf - Audiobook Server 3 | audiobookshelf: 4 | image: ghcr.io/advplyr/audiobookshelf:latest 5 | container_name: audiobookshelf 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "media", "all"] 10 | networks: 11 | - default 12 | user: $PUID:$PGID 13 | ports: 14 | - "$AUDIOBOOKSHELF_PORT:80" 15 | volumes: 16 | - $AUDIOBOOKSDIR:/audiobooks 17 | - $PODCASTSDIR:/podcasts 18 | - $DOCKERDIR/appdata/audiobookshelf/metadata:/metadata 19 | - $DOCKERDIR/appdata/audiobookshelf/config:/config 20 | # DOCKER-LABELS-PLACEHOLDER 21 | -------------------------------------------------------------------------------- /compose/authelia.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Authelia (Lite) - Self-Hosted Single Sign-On and Two-Factor Authentication 3 | authelia: 4 | container_name: authelia 5 | image: authelia/authelia:4.38.19 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | - t3_proxy 13 | depends_on: 14 | redis: 15 | condition: service_healthy 16 | # ports: 17 | # - "$AUTHELIA_PORT:9091" 18 | volumes: 19 | - $DOCKERDIR/appdata/authelia:/config 20 | environment: 21 | - TZ=$TZ 22 | - PUID=$PUID 23 | - PGID=$PGID 24 | - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret 25 | - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret 26 | - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/authelia_storage_encryption_key 27 | # - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/run/secrets/authelia_storage_mysql_password 28 | # - AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/run/secrets/authelia_session_redis_password 29 | # - AUTHELIA_DUO_API_INTEGRATION_KEY_FILE=/run/secrets/authelia_duo_api_integration_key 30 | # - AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key 31 | secrets: 32 | - authelia_jwt_secret 33 | - authelia_storage_encryption_key 34 | - authelia_session_secret 35 | labels: 36 | - "traefik.enable=true" 37 | ## HTTP Routers 38 | - "traefik.http.routers.authelia-rtr.entrypoints=websecure-internal,websecure-external" 39 | - "traefik.http.routers.authelia-rtr.rule=Host(`authelia.$DOMAINNAME_1`)" 40 | ## Middlewares 41 | - "traefik.http.routers.authelia-rtr.middlewares=chain-no-auth@file" # Should be chain-no-auth and not chain-authelia 42 | ## HTTP Services 43 | - "traefik.http.routers.authelia-rtr.service=authelia-svc" 44 | - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091" -------------------------------------------------------------------------------- /compose/authentik-worker.yml: -------------------------------------------------------------------------------- 1 | services: 2 | authentik-worker: 3 | image: ghcr.io/goauthentik/server:2025.2 4 | container_name: authentik-worker 5 | security_opt: 6 | - no-new-privileges:true 7 | restart: unless-stopped 8 | profiles: ["core", "all"] 9 | networks: 10 | - default 11 | - t3_proxy 12 | - socket_proxy 13 | command: worker 14 | user: ${PUID}:${PGID} 15 | depends_on: 16 | postgresql: 17 | condition: service_healthy 18 | redis: 19 | condition: service_healthy 20 | environment: 21 | - DOCKER_HOST 22 | - AUTHENTIK_REDIS__HOST 23 | - AUTHENTIK_POSTGRESQL__HOST 24 | - AUTHENTIK_POSTGRESQL__NAME 25 | - AUTHENTIK_POSTGRESQL__USER 26 | - AUTHENTIK_POSTGRESQL__PASSWORD 27 | - AUTHENTIK_SECRET_KEY 28 | - AUTHENTIK_LOG_LEVEL=info # debug, info, warning, error, trace 29 | - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true 30 | - AUTHENTIK_DISABLE_UPDATE_CHECK=false 31 | - AUTHENTIK_ERROR_REPORTING__ENABLED=false 32 | secrets: 33 | - authentik_postgresql_user 34 | - authentik_postgresql_password 35 | - authentik_secret_key 36 | volumes: 37 | - $DOCKERDIR/appdata/authentik/media:/media 38 | - $DOCKERDIR/appdata/authentik/custom-templates:/templates 39 | # - $DOCKERDIR/appdata/authentik/geoip/data:/geoip # requires geoipupdate 40 | # - /var/run/docker.sock:/var/run/docker.sock # Uncomment if NOT using socket-proxy 41 | # - $DOCKERDIR/appdata/traefik3/cert_export:/certs:ro # If NOT using reverse proxy, manually map in certificates -------------------------------------------------------------------------------- /compose/authentik.yml: -------------------------------------------------------------------------------- 1 | services: 2 | authentik: 3 | image: ghcr.io/goauthentik/server:2025.2 4 | container_name: authentik 5 | security_opt: 6 | - no-new-privileges:true 7 | restart: unless-stopped 8 | profiles: ["core", "all"] 9 | networks: 10 | - default 11 | - t3_proxy 12 | # ports: 13 | # - "$AUTHENTIK_PORT:9000" 14 | # # - "9443:9443" 15 | command: server 16 | user: ${PUID}:${PGID} 17 | depends_on: 18 | postgresql: 19 | condition: service_healthy 20 | redis: 21 | condition: service_healthy 22 | environment: 23 | - AUTHENTIK_REDIS__HOST 24 | - AUTHENTIK_POSTGRESQL__HOST 25 | - AUTHENTIK_POSTGRESQL__NAME 26 | - AUTHENTIK_POSTGRESQL__USER 27 | - AUTHENTIK_POSTGRESQL__PASSWORD 28 | - AUTHENTIK_SECRET_KEY 29 | - AUTHENTIK_LOG_LEVEL=info # debug, info, warning, error, trace 30 | - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true 31 | - AUTHENTIK_DISABLE_UPDATE_CHECK=false 32 | - AUTHENTIK_ERROR_REPORTING__ENABLED=false 33 | secrets: 34 | - authentik_postgresql_user 35 | - authentik_postgresql_password 36 | - authentik_secret_key 37 | volumes: 38 | - $DOCKERDIR/appdata/authentik/media:/media 39 | - $DOCKERDIR/appdata/authentik/custom-templates:/templates 40 | # - $DOCKERDIR/appdata/authentik/geoip/data:/geoip # requires geoipupdate 41 | labels: 42 | - "traefik.enable=true" 43 | # HTTP Routers 44 | - "traefik.http.routers.authentik-rtr.entrypoints=websecure-internal,websecure-external" 45 | - "traefik.http.routers.authentik-rtr.rule=Host(`authentik.$DOMAINNAME_1`)" 46 | # Middlewares 47 | - "traefik.http.routers.authentik-rtr.middlewares=chain-no-auth@file" 48 | # Individual Application forwardAuth regex (catch any subdomain using individual application forwardAuth) 49 | - "traefik.http.routers.authentik-output-rtr.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.${DOMAINNAME_1}`) && PathPrefix(`/outpost.goauthentik.io/`)" 50 | # HTTP Services 51 | - "traefik.http.routers.authentik-rtr.service=authentik-svc" 52 | - "traefik.http.services.authentik-svc.loadbalancer.server.port=9000" -------------------------------------------------------------------------------- /compose/baikal.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Baikal - Users, Address Books, Calendars 3 | baikal: 4 | image: ckulka/baikal:nginx 5 | container_name: baikal 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$BAIKAL_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/baikal/config:/var/www/baikal/config 16 | - $DOCKERDIR/appdata/baikal/data:/var/www/baikal/Specific 17 | # DOCKER-LABELS-PLACEHOLDER 18 | -------------------------------------------------------------------------------- /compose/bazarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Bazarr - Subtitle Management 3 | bazarr: 4 | image: lscr.io/linuxserver/bazarr 5 | container_name: bazarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "starr", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$BAZARR_PORT:6767" 14 | volumes: 15 | - $DOCKERDIR/appdata/bazarr:/config 16 | # - $MEDIADIR1:/data/media1 17 | # - $MEDIADIR2:/data/media2 18 | # - $MEDIADIR3:/data/media3 19 | environment: 20 | TZ: $TZ 21 | PUID: $PUID 22 | PGID: $PGID 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/beets.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Beets - Music Manager and MusicBrainz Tagger 3 | beets: 4 | image: lscr.io/linuxserver/beets:latest 5 | container_name: beets 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | volumes: 13 | - /path/to/beets/config:/config 14 | - $DOWNLOADSDIR:/downloads 15 | # - $MEDIADIR1:/data/media1 16 | # - $MEDIADIR2:/data/media2 17 | # - $MEDIADIR3:/data/media3 18 | ports: 19 | - "$BEETS_PORT:8337" 20 | environment: 21 | TZ: $TZ 22 | PUID: $PUID 23 | PGID: $PGID 24 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/bookstack.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Bookstack - Simple and Free Wiki Software 3 | bookstack: 4 | image: lscr.io/linuxserver/bookstack:latest 5 | container_name: bookstack 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | mariadb: 14 | condition: service_healthy 15 | ports: 16 | - "$BOOKSTACK_PORT:80" 17 | volumes: 18 | - $DOCKERDIR/appdata/bookstack:/config 19 | environment: 20 | - PUID=${PUID} 21 | - PGID=${PGID} 22 | - TZ=${TZ} 23 | - APP_URL=http://${SERVER_LAN_IP}:${BOOKSTACK_PORT} 24 | - FILE__APP_KEY=/run/secrets/bookstack_app_key 25 | - DB_HOST=mariadb 26 | - DB_PORT=${MARIADB_PORT} 27 | - FILE__DB_USERNAME=/run/secrets/bookstack_mariadb_username 28 | - FILE__DB_PASSWORD=/run/secrets/bookstack_mariadb_password 29 | - DB_DATABASE=bookstack 30 | - QUEUE_CONNECTION=database #optional 31 | secrets: 32 | - bookstack_mariadb_username 33 | - bookstack_mariadb_password 34 | - bookstack_app_key 35 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/cadvisor.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # cAdvisor - Container Advisor 3 | cadvisor: 4 | container_name: cadvisor 5 | image: gcr.io/cadvisor/cadvisor:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$CADVISOR_PORT:8080" 14 | # privileged: true # Only needed for CentOS, Fedora, Red Hat, etc. 15 | # devices: 16 | # - /dev/kmsg 17 | volumes: 18 | - /:/rootfs:ro 19 | - /var/run:/var/run:rw 20 | - /sys:/sys:ro 21 | - /var/lib/docker/:/var/lib/docker:ro 22 | - /dev/disk/:/dev/disk:ro 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/calibre-web.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Calibre-Web - Browse, Read and Download eBooks 3 | calibre-web: 4 | image: lscr.io/linuxserver/calibre-web:latest 5 | container_name: calibre-web 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$CALIBREWEB_PORT:8083" 14 | volumes: 15 | - $DOCKERDIR/appdata/calibre-web:/config 16 | - $BOOKSDIR:/data/books 17 | environment: 18 | PUID: $PUID 19 | PGID: $PGID 20 | TZ: $TZ 21 | DOCKER_MODS: linuxserver/mods:universal-calibre #optional 22 | OAUTHLIB_RELAX_TOKEN_SCOPE: 1 #optional 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/calibre.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Calibre - Ebook Manager 3 | calibre: 4 | image: lscr.io/linuxserver/calibre:latest 5 | container_name: calibre 6 | security_opt: 7 | - seccomp:unconfined #optional 8 | - no-new-privileges:true 9 | restart: "no" 10 | profiles: ["media", "all"] 11 | networks: 12 | - default 13 | ports: 14 | - "$CALIBRE_PORT:8080" # Desktop GUI HTTP 15 | # - "8181:8181" # Desktop GUI HTTPS 16 | - "$CALIBRE_WEBSERVER_PORT:8081" # Web Server GUI 17 | volumes: 18 | - $DOCKERDIR/appdata/calibre:/config 19 | - $BOOKSDIR:/data/books 20 | # - $COMICSDIR:/data/comics 21 | environment: 22 | PUID: $PUID 23 | PGID: $PGID 24 | TZ: $TZ 25 | # PASSWORD: $CALIBRE_PASSWORD #optional 26 | # CLI_ARGS: #optional 27 | # DOCKER-LABELS-PLACEHOLDER 28 | -------------------------------------------------------------------------------- /compose/change-detection.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Change-Detection - Webpage Change Monitoring and Notification 3 | change-detection: 4 | image: lscr.io/linuxserver/changedetection.io:latest 5 | container_name: change-detection 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$CHANGEDETECTION_PORT:5000" 14 | volumes: 15 | - $DOCKERDIR/appdata/change-detection:/config 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | TZ: $TZ 20 | BASE_URL: /change-detection #optional 21 | # PLAYWRIGHT_DRIVER_URL: #optional 22 | # DOCKER-LABELS-PLACEHOLDER 23 | -------------------------------------------------------------------------------- /compose/chromium.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Chromium - Web Browser 3 | chromium: 4 | image: lscr.io/linuxserver/chromium:latest 5 | container_name: chromium 6 | security_opt: 7 | - no-new-privileges:true 8 | - seccomp:unconfined #optional 9 | restart: "unless-stopped" 10 | profiles: ["apps", "all"] 11 | shm_size: "1gb" 12 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 13 | networks: 14 | - default 15 | ports: 16 | - "$CHROMIUM_PORT:3000" # HTTP 17 | # - 3001:3001 # HTTPS 18 | volumes: 19 | - $DOCKERDIR/appdata/chromium:/config 20 | environment: 21 | TZ: $TZ 22 | PUID: $PUID 23 | PGID: $PGID 24 | # CHROME_CLI: https://www.deployrr.app/ #optional 25 | # DOCKER-LABELS-PLACEHOLDER 26 | -------------------------------------------------------------------------------- /compose/cloud-commander.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Cloud Commander - web file manager 3 | cloud-commander: 4 | image: coderaiser/cloudcmd 5 | container_name: cloud-commander 6 | restart: unless-stopped 7 | security_opt: 8 | - no-new-privileges:true 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$CLOUDCOMMANDER_PORT:8000" 14 | volumes: 15 | - $DOCKERDIR/appdata/cloud-commander:/root 16 | - $USERDIR:/data/$PRIMARY_USERNAME 17 | # - $MEDIADIR1:/data/media1 18 | # - $MEDIADIR2:/data/media2 19 | # - $MEDIADIR3:/data/media3 20 | environment: 21 | PUID: $PUID 22 | PGID: $PGID 23 | TZ: $TZ 24 | # DOCKER-LABELS-PLACEHOLDER 25 | -------------------------------------------------------------------------------- /compose/cloudflare-tunnel.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Cloudflare Tunnel - Private Network over Internet 3 | cloudflare-tunnel: 4 | image: cloudflare/cloudflared:latest 5 | container_name: cloudflare-tunnel 6 | restart: unless-stopped 7 | profiles: ["core", "all"] 8 | network_mode: host 9 | cap_add: 10 | - NET_ADMIN 11 | - SYS_MODULE 12 | command: tunnel run 13 | healthcheck: 14 | test: ["CMD", "cloudflared", "--version"] 15 | interval: 30s 16 | timeout: 10s 17 | retries: 3 18 | start_period: 10s 19 | devices: 20 | - /dev/net/tun 21 | volumes: 22 | - $DOCKERDIR/appdata/cloudflare-tunnel/hosts:/etc/hosts # Mount hosts file from host to container 23 | - /etc/localtime:/etc/localtime:ro # Synchronize time with the host 24 | environment: 25 | - TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN} 26 | # DOCKER-LABELS-PLACEHOLDER 27 | -------------------------------------------------------------------------------- /compose/cloudflared.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Cloudflared - Cloudflare Tunnel 3 | cloudflared: 4 | image: cloudflare/cloudflared:latest 5 | container_name: cloudflared 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | network_mode: host 11 | command: tunnel run 12 | healthcheck: 13 | test: ["CMD", "cloudflared", "--version"] 14 | interval: 30s 15 | timeout: 10s 16 | retries: 3 17 | start_period: 10s 18 | volumes: 19 | - /etc/localtime:/etc/localtime:ro 20 | - $DOCKERDIR/appdata/cloudflared/hosts:/etc/hosts 21 | environment: 22 | - TUNNEL_TOKEN=$CLOUDFLARE_TUNNEL_TOKEN 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/crowdsec.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # CrowdSec - Open-source & Collaborative IPS 3 | crowdsec: 4 | image: crowdsecurity/crowdsec 5 | container_name: crowdsec 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | ports: 11 | - "$CROWDSEC_PORT:8080" # Local API port 12 | - "6060:6060" # Exposing metrics via Zerotier IP 13 | environment: 14 | COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux fulljackz/proxmox crowdsecurity/sshd" 15 | GID: $PGID 16 | CUSTOM_HOSTNAME: $HOSTNAME 17 | volumes: 18 | - $DOCKERDIR/logs/$HOSTNAME:/logs/$HOSTNAME:ro 19 | - /var/log:/var/log:ro 20 | - $DOCKERDIR/appdata/crowdsec/data:/var/lib/crowdsec/data 21 | - $DOCKERDIR/appdata/crowdsec/config:/etc/crowdsec -------------------------------------------------------------------------------- /compose/custom.yml: -------------------------------------------------------------------------------- 1 | # Add all your custom docker compose snippets here. Auto-Traefik will not modify this. 2 | # Uncomment services and the compose below it, following yaml syntax. 3 | 4 | # services: 5 | -------------------------------------------------------------------------------- /compose/cyberchef.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # CyberChef - Encryption, encoding, compression and data analysis 3 | cyberchef: 4 | image: mpepping/cyberchef:latest 5 | container_name: cyberchef 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$CYBERCHEF_PORT:8000" 14 | # DOCKER-LABELS-PLACEHOLDER 15 | -------------------------------------------------------------------------------- /compose/dashy.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Dashy - Application Dashboard 3 | dashy: 4 | container_name: dashy 5 | image: lissy93/dashy 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - $DASHY_PORT:8080 14 | healthcheck: 15 | test: ['CMD', 'node', '/app/services/healthcheck'] 16 | interval: 1m30s 17 | timeout: 10s 18 | retries: 3 19 | start_period: 40s 20 | volumes: 21 | - $DOCKERDIR/appdata/dashy/conf.yml:/app/public/conf.yml 22 | - $DOCKERDIR/appdata/dashy/item-icons:/app/public/item-icons 23 | environment: 24 | - NODE_ENV=production 25 | - UID=$PUID 26 | - GID=$PGID 27 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/ddns-updater.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Cloudflare DDNS - Dynamic DNS Updater 3 | ddns-updater: 4 | image: qmcgaw/ddns-updater 5 | container_name: ddns-updater 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$DDNSUPDATER_PORT:8000" 14 | volumes: 15 | - $DOCKERDIR/appdata/ddns-updater:/updater/data # Owned by UID 1000 16 | environment: 17 | TZ: $TZ 18 | PUID: $PUID 19 | PGID: $PGID 20 | PERIOD: 12h 21 | UPDATE_COOLDOWN_PERIOD: 5m 22 | PUBLICIP_DNS_TIMEOUT: 3s 23 | HTTP_TIMEOUT: 10s 24 | # Web UI 25 | LISTENING_PORT: 8000 26 | # Backup 27 | BACKUP_PERIOD: 96h # 0 to disable 28 | BACKUP_DIRECTORY: /updater/data/backups 29 | # Other 30 | LOG_LEVEL: info 31 | # SHOUTRRR_ADDRESSES: $DISCORD_SHOUTRRR_ADDRESS 32 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/deployrr-dashboard.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Deployrr Dashboard - Homepage based Dashboard for Deployrr 3 | deployrr-dashboard: 4 | image: ghcr.io/gethomepage/homepage:v1.2.0 #v0.9.13 5 | container_name: deployrr-dashboard 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | ports: 14 | - "$DEPLOYRRDASHBOARD_PORT:3000" 15 | volumes: 16 | - $DOCKERDIR/appdata/deployrr-dashboard/config:/app/config 17 | - $DOCKERDIR/appdata/deployrr-dashboard/images:/app/public/images 18 | environment: 19 | TZ: $TZ 20 | PUID: $PUID 21 | PGID: $PGID 22 | HOMEPAGE_ALLOWED_HOSTS: "*" 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/deunhealth.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # DeUnhealth - Restart your unhealthy containers safely (e.g. containers depending on VPN and VPN reconnects) 3 | deunhealth: 4 | image: qmcgaw/deunhealth 5 | container_name: deunhealth 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - socket_proxy 12 | environment: 13 | - LOG_LEVEL=info 14 | - HEALTH_SERVER_ADDRESS=127.0.0.1:9999 15 | - TZ=$TZ 16 | - DOCKER_HOST -------------------------------------------------------------------------------- /compose/digikam.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Digikam - Photo Management 3 | digikam: 4 | image: ghcr.io/linuxserver/digikam 5 | container_name: digikam 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "unless-stopped" 9 | profiles: ["apps", "all"] 10 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 11 | networks: 12 | - default 13 | ports: 14 | - "$DIGIKAM_PORT:3000" # HTTP 15 | # - 3001:3001 # HTTPS 16 | volumes: 17 | - $DOCKERDIR/appdata/digikam:/config 18 | - $PHOTOSDIR:/data/photos 19 | environment: 20 | TZ: $TZ 21 | PUID: $PUID 22 | PGID: $PGID 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/docker-gc.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Docker-GC - Automatic Docker Garbage Collection 3 | # Create docker-gc-exclude file 4 | docker-gc: 5 | image: clockworksoul/docker-gc-cron:latest 6 | container_name: docker-gc 7 | security_opt: 8 | - no-new-privileges:true 9 | restart: unless-stopped 10 | profiles: ["apps", "all"] 11 | networks: 12 | - socket_proxy 13 | volumes: 14 | # - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security 15 | - $DOCKERDIR/appdata/docker-gc/docker-gc-exclude:/etc/docker-gc-exclude 16 | environment: 17 | - CRON=0 0 0 * * ? # Everyday at midnight. Previously 0 0 * * * 18 | - FORCE_IMAGE_REMOVAL=1 19 | - FORCE_CONTAINER_REMOVAL=0 20 | - GRACE_PERIOD_SECONDS=604800 21 | - DRY_RUN=0 22 | - CLEAN_UP_VOLUMES=1 23 | - TZ=$TZ 24 | - DOCKER_HOST -------------------------------------------------------------------------------- /compose/dockwatch.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Dockwatch - Docker Management and Notification 3 | dockwatch: 4 | image: ghcr.io/notifiarr/dockwatch:main 5 | container_name: dockwatch 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | ports: 11 | - "$DOCKWATCH_PORT:80" 12 | networks: 13 | - socket_proxy 14 | environment: 15 | - DOCKER_HOST # Uncomment and adjust accordingly if you use a socket proxy 16 | - PUID=$PUID 17 | - PGID=$PGID 18 | - TZ=$TZ 19 | - ALLOW_START=1 20 | - ALLOW_STOP=1 21 | - ALLOW_RESTARTS=1 22 | - CONTAINERS=1 23 | - IMAGES=1 24 | - PORTS=1 25 | - NETWORKS=1 26 | - POST=1 27 | - VOLUMES=1 28 | volumes: 29 | - $DOCKERDIR/appdata/dockwatch/config:/config 30 | #- /var/run/docker.sock:/var/run/docker.sock # Comment this line if you use a socket proxy 31 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/dokuwiki.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # DokuWiki - Wiki Software 3 | dokuwiki: 4 | image: lscr.io/linuxserver/dokuwiki:latest 5 | container_name: dokuwiki 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$DOKUWIKI_PORT:80" 14 | # - "443:443" # optional HTTPS 15 | volumes: 16 | - $DOCKERDIR/appdata/dokuwiki:/config 17 | environment: 18 | PUID: $PUID 19 | PGID: $PGID 20 | TZ: $TZ 21 | # DOCKER-LABELS-PLACEHOLDER 22 | -------------------------------------------------------------------------------- /compose/double-commander.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Double Commander - File Manager 3 | double-commander: 4 | image: lscr.io/linuxserver/doublecommander:latest 5 | container_name: double-commander 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "unless-stopped" 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$DOUBLECOMMANDER_PORT:3000" # HTTP 14 | # - 3001:3001 # HTTPS 15 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 16 | volumes: 17 | - $DOCKERDIR/appdata/double-commander:/config 18 | - $USERDIR:/data/$PRIMARY_USERNAME 19 | # - $MEDIADIR1:/data/media1 20 | # - $MEDIADIR2:/data/media2 21 | # - $MEDIADIR3:/data/media3 22 | environment: 23 | TZ: $TZ 24 | PUID: $PUID 25 | PGID: $PGID 26 | # DOCKER-LABELS-PLACEHOLDER 27 | -------------------------------------------------------------------------------- /compose/dozzle-agent.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Dozzle Agent - Remote Docker Log Monitoring 3 | dozzle-agent: 4 | image: amir20/dozzle:latest 5 | container_name: dozzle-agent 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | ports: 14 | - "$DOZZLEAGENT_PORT:7007" 15 | command: agent 16 | healthcheck: 17 | test: ["CMD", "/dozzle", "healthcheck"] 18 | interval: 5s 19 | retries: 5 20 | start_period: 5s 21 | start_interval: 5s 22 | environment: 23 | - DOCKER_HOST 24 | # volumes: 25 | # - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security 26 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/dozzle.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Dozzle - Real-time Docker Log Viewer 3 | dozzle: 4 | image: amir20/dozzle:latest 5 | container_name: dozzle 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | ports: 14 | - "$DOZZLE_PORT:8080" 15 | environment: 16 | - DOZZLE_LEVEL=info 17 | - DOZZLE_TAILSIZE=300 18 | - DOZZLE_FILTER="status=running" 19 | # - DOZZLE_FILTER="label=log_me" # limits logs displayed to containers with this label 20 | - DOCKER_HOST 21 | # volumes: 22 | # - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/dweebui.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # DweebUI - WebUI for Docker Management 3 | dweebui: 4 | image: lllllllillllllillll/dweebui 5 | container_name: dweebui 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$DWEEBUI_PORT:8000" 14 | volumes: 15 | - $DOCKERDIR/appdata/dweebui:/app/config 16 | # Docker socket 17 | - /var/run/docker.sock:/var/run/docker.sock 18 | environment: 19 | PORT: 8000 # Leave it as-is 20 | SECRET: $DWEEBUI_SECRET 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/emby.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Emby - Media Server 3 | emby: 4 | image: emby/embyserver:latest 5 | container_name: emby 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$EMBY_PORT:8096/tcp" 14 | - "8920:8920/tcp" 15 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 16 | volumes: 17 | - $DOCKERDIR/appdata/emby:/config 18 | - $DOWNLOADSDIR:/data/downloads 19 | # - $MEDIADIR1:/data/media1 20 | # - $MEDIADIR2:/data/media2 21 | # - $MEDIADIR3:/data/media3 22 | - /dev/shm:/data/transcode 23 | - /etc/localtime:/etc/localtime:ro 24 | environment: 25 | TZ: $TZ 26 | HOSTNAME: "$EMBY_SERVER_NAME" 27 | UID: $PUID 28 | GID: $PGID 29 | # DOCKER-LABELS-PLACEHOLDER 30 | -------------------------------------------------------------------------------- /compose/esphome.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # ESPHome - Custom Smart Home with ESP Microcontrollers 3 | esphome: 4 | image: esphome/esphome 5 | container_name: esphome 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$ESPHOME_PORT:6052" 14 | volumes: 15 | - $DOCKERDIR/appdata/esphome/config:/config:rw 16 | - /etc/localtime:/etc/localtime:ro 17 | # environment: 18 | # - USERNAME=test 19 | # - PASSWORD=ChangeMe 20 | # DOCKER-LABELS-PLACEHOLDER 21 | -------------------------------------------------------------------------------- /compose/filezilla.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # FileZilla - FTP Client 3 | filezilla: 4 | image: lscr.io/linuxserver/filezilla:latest 5 | container_name: filezilla 6 | security_opt: 7 | - no-new-privileges:true 8 | - seccomp:unconfined #optional 9 | restart: "unless-stopped" 10 | profiles: ["apps", "all"] 11 | networks: 12 | - default 13 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 14 | ports: 15 | - "$FILEZILLA_PORT:3000" # HTTP 16 | # - 3001:3001 # HTTPS 17 | volumes: 18 | - $DOCKERDIR/appdata/filezilla:/config 19 | environment: 20 | TZ: $TZ 21 | PUID: $PUID 22 | PGID: $PGID 23 | # DOCKER-LABELS-PLACEHOLDER 24 | -------------------------------------------------------------------------------- /compose/flame.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Flame - Application Dashboard 3 | flame: 4 | image: pawelmalak/flame 5 | container_name: flame 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | ports: 14 | - $FLAME_PORT:5005 15 | volumes: 16 | - $DOCKERDIR/appdata/flame:/app/data 17 | # - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration 18 | environment: 19 | - PASSWORD=$FLAME_PASSWORD # optional but required for (1) 20 | - DOCKER_HOST 21 | # DOCKER-LABELS-PLACEHOLDER 22 | -------------------------------------------------------------------------------- /compose/flaresolverr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Flaresolverr - Proxy to Bypass Cloudflare Protection 3 | flaresolverr: 4 | image: ghcr.io/flaresolverr/flaresolverr:latest 5 | container_name: flaresolverr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | environment: 13 | - LOG_LEVEL=info 14 | - LOG_HTML=false 15 | - CAPTCHA_SOLVER=none 16 | - TZ=$TZ 17 | ports: 18 | - "$FLARESOLVERR_PORT:8191" 19 | -------------------------------------------------------------------------------- /compose/flowise.yml: -------------------------------------------------------------------------------- 1 | services: 2 | flowise: 3 | image: flowiseai/flowise:latest 4 | container_name: flowise 5 | restart: unless-stopped 6 | networks: 7 | - default 8 | ports: 9 | - ${FLOWISE_PORT}:${FLOWISE_PORT} # Default port is 5023 10 | depends_on: 11 | redis: 12 | condition: service_healthy 13 | postgresql: 14 | condition: service_healthy 15 | entrypoint: /bin/sh -c "sleep 3; flowise start" 16 | healthcheck: 17 | test: ["CMD", "curl", "-f", "http://localhost:${FLOWISE_PORT}/health"] 18 | interval: 30s 19 | timeout: 10s 20 | retries: 3 21 | volumes: 22 | - $DOCKERDIR/appdata/flowise:/root/.flowise 23 | environment: 24 | - PORT=${FLOWISE_PORT} 25 | - FLOWISE_USERNAME=${FLOWISE_USERNAME} 26 | - FLOWISE_PASSWORD=${FLOWISE_PASSWORD} 27 | - LOG_LEVEL=info 28 | - DATABASE_TYPE=postgres 29 | - DATABASE_HOST=postgresql 30 | - DATABASE_PORT=${POSTGRESQL_PORT} 31 | - DATABASE_NAME=flowise 32 | - DATABASE_USER=${FLOWISE_POSTGRESQL_USERNAME} 33 | - DATABASE_PASSWORD=${FLOWISE_POSTGRESQL_PASSWORD} 34 | - REDIS_HOST=redis 35 | - REDIS_PORT=${REDIS_PORT} 36 | - APIKEY_PATH=/root/.flowise 37 | - SECRETKEY_PATH=/root/.flowise 38 | - LOG_PATH=/root/.flowise/logs 39 | - STORAGE_TYPE=local 40 | - BLOB_STORAGE_PATH=/root/.flowise/storage 41 | - DEBUG=false 42 | # DOCKER-LABELS-PLACEHOLDER 43 | -------------------------------------------------------------------------------- /compose/freshrss.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # FreshRSS - RSS News Reader 3 | freshrss: 4 | image: lscr.io/linuxserver/freshrss:latest 5 | container_name: freshrss 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$FRESHRSS_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/freshrss:/config 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | TZ: $TZ 20 | # DOCKER-LABELS-PLACEHOLDER 21 | -------------------------------------------------------------------------------- /compose/funkwhale.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # FunkWhale - Music Server 3 | funkwhale: 4 | container_name: funkwhale 5 | image: thetarkus/funkwhale 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - $FUNKWHALE_PORT:80 14 | volumes: 15 | - $DOCKERDIR/appdata/funkwhale:/data 16 | # - $MEDIADIR1:/data/media1 17 | # - $MEDIADIR2:/data/media2 18 | # - $MEDIADIR3:/data/media3 19 | environment: 20 | - PUID=$PUID 21 | - PGID=$PGID 22 | # - FUNKWHALE_HOSTNAME=$FUNKWHALE_SUBDOMAIN.$DOMAINNAME1 23 | # - NESTED_PROXY=1 24 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/gamevault.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # GameVault - A simple game library manager 3 | gamevault: 4 | image: phalcode/gamevault-backend:latest 5 | container_name: gamevault 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | postgresql: 14 | condition: service_healthy 15 | ports: 16 | - $GAMEVAULT_PORT:8080/tcp 17 | volumes: 18 | # Mount the folder where your games are 19 | - $GAMESDIR:/files 20 | # Mount the folder where GameVault should store its media 21 | - $DOCKERDIR/appdata/gamevault:/media 22 | environment: 23 | DB_HOST: postgresql 24 | DB_USERNAME: $GAMEVAULT_POSTGRESQL_USERNAME 25 | DB_PASSWORD: $GAMEVAULT_POSTGRESQL_PASSWORD 26 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/glances.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Glances - System Information 3 | glances: 4 | image: nicolargo/glances:latest-full 5 | container_name: glances 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["monitoring", "all"] 10 | # privileged: true # Only for VM 11 | networks: 12 | - default 13 | - socket_proxy 14 | ports: 15 | - "$GLANCES_PORT:61208" 16 | pid: host 17 | volumes: 18 | - $DOCKERDIR/appdata/glances/glances.conf:/glances/conf/glances.conf # Use this if you want to add a glances.conf file 19 | - $DOCKERDIR:/data/docker:ro 20 | # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security 21 | environment: 22 | # - GLANCES_OPT="-C /glances/conf/glances.conf --quiet --export influxdb" 23 | # - GLANCES_OPT="--export influxdb" 24 | - "GLANCES_OPT=-w" 25 | - DOCKER_HOST 26 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/gluetun.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Gluetun - VPN Client for Docker Containers and More 3 | # Gluetun only for use by torrent clients + on demand lan devices. 4 | # Arr apps do not need VPN (not recommended), unless you have ISP/country restrictions. 5 | gluetun: 6 | image: qmcgaw/gluetun 7 | container_name: gluetun 8 | security_opt: 9 | - no-new-privileges:true 10 | restart: unless-stopped 11 | profiles: ["core", "all"] 12 | networks: 13 | - default 14 | cap_add: 15 | - NET_ADMIN 16 | devices: 17 | - /dev/net/tun 18 | # ports: 19 | # - $QBITTORRENTVPN_PORT:8080 # qBittorrent available at http://DOCKER-HOST-IP:$QBITTORRENTVPN_PORT 20 | # - 8888:8888/tcp # HTTP proxy 21 | # - 8388:8388/tcp # Shadowsocks 22 | # - 8388:8388/udp # Shadowsocks 23 | volumes: 24 | - $DOCKERDIR/appdata/gluetun:/gluetun 25 | environment: 26 | TZ: $TZ 27 | VPN_SERVICE_PROVIDER: $GLUETUN_VPN_SERVICE_PROVIDER 28 | VPN_TYPE: $GLUETUN_VPN_TYPE # wireguard / openvpn 29 | # WIREGUARD_PRIVATE_KEY: $GLUETUN_WIREGUARD_PRIVATE_KEY 30 | # WIREGUARD_ADDRESSES: $GLUETUN_WIREGUARD_ADDRESSES 31 | # OPENVPN_USER: $GLUETUN_OPENVPN_USERNAME 32 | # OPENVPN_PASSWORD: $GLUETUN_OPENVPN_PASSWORD 33 | # DOCKER-LABELS-PLACEHOLDER 34 | -------------------------------------------------------------------------------- /compose/gonic.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Gonic - Music Server 3 | gonic: 4 | container_name: gonic 5 | image: sentriz/gonic:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$GONIC_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/gonic/data:/data 16 | - $DOCKERDIR/appdata/gonic/podcasts:/podcasts 17 | - $DOCKERDIR/appdata/gonic/cache:/cache 18 | - $DOCKERDIR/appdata/gonic/playlists:/playlists 19 | # - $MEDIADIR1:/data/media1 20 | # - $MEDIADIR2:/data/media2 21 | # - $MEDIADIR3:/data/media3 22 | environment: 23 | - PUID=$PUID 24 | - PGID=$PGID 25 | - TZ=$TZ 26 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/gotenberg.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Gotenberg - Document conversion server for Paperless-NGX 3 | gotenberg: 4 | image: docker.io/gotenberg/gotenberg:8.7 5 | container_name: gotenberg 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | # The gotenberg chromium route is used to convert .eml files. We do not 13 | # want to allow external content like tracking pixels or even javascript. 14 | command: 15 | - "gotenberg" 16 | - "--chromium-disable-javascript=true" 17 | - "--chromium-allow-list=file:///tmp/.*" -------------------------------------------------------------------------------- /compose/gptwol.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # GPTWOL - Wake On LAN Docker GUI 3 | gptwol: 4 | container_name: gptwol 5 | image: misterbabou/gptwol:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | network_mode: host 11 | stdin_open: true 12 | tty: true 13 | environment: 14 | - PUID=$PUID 15 | - PGID=$PGID 16 | - TZ=$TZ 17 | - PORT=$GPTWOL_PORT # default port is 5000 18 | - REFRESH_PING=60 # in seconds 19 | # - PING_TIMEOUT=200 # in milliseconds 20 | volumes: 21 | - $DOCKERDIR/appdata/gptwol/computers.txt:/app/computers.txt 22 | - $DOCKERDIR/appdata/gptwol/cron:/etc/cron.d 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/grafana.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Grafana - Graphical data visualization for InfluxDB data 3 | grafana: 4 | image: grafana/grafana:latest 5 | container_name: grafana 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$GRAFANA_PORT:3000" 14 | user: $PUID 15 | volumes: 16 | - $DOCKERDIR/appdata/grafana:/var/lib/grafana 17 | environment: 18 | GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel,cloudflare-app" 19 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/grocy.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Grocy - ERP System for the Kitchen 3 | grocy: 4 | image: lscr.io/linuxserver/grocy:latest 5 | container_name: grocy 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$GROCY_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/grocy:/config 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | TZ: $TZ 20 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/guacamole.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Guacamole - Remote desktop, SSH, on Telnet on any HTML5 Browser 3 | guacamole: 4 | image: guacamole/guacamole:latest 5 | container_name: guacamole 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | mariadb: 14 | condition: service_healthy 15 | ports: 16 | - "$GUACAMOLE_PORT:8080" 17 | environment: 18 | GUACD_HOSTNAME: guacd 19 | MYSQL_HOSTNAME: mariadb 20 | MYSQL_PORT: 3306 21 | MYSQL_DATABASE: guacamole 22 | MYSQL_USER_FILE: /run/secrets/guac_mariadb_user 23 | MYSQL_PASSWORD_FILE: /run/secrets/guac_mariadb_password 24 | secrets: 25 | - guac_mariadb_user 26 | - guac_mariadb_password 27 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/guacd.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Guacamole Daemon - Needed for Guacamole 3 | guacd: 4 | image: guacamole/guacd 5 | container_name: guacd 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default -------------------------------------------------------------------------------- /compose/heimdall.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Heimdall - Application Dashboard 3 | heimdall: 4 | image: lscr.io/linuxserver/heimdall:latest 5 | container_name: heimdall 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$HEIMDALL_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/heimdall:/config 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | TZ: $TZ 20 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/hemmelig.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Hemmelig - Secret Sharing Application 3 | hemmelig: 4 | image: hemmeligapp/hemmelig 5 | hostname: hemmelig 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$HEMMELIG_PORT:3000" 14 | healthcheck: 15 | test: 'wget -O /dev/null localhost:3000/api/healthz || exit 1' 16 | timeout: 5s 17 | retries: 3 18 | stop_grace_period: 1m 19 | init: true 20 | volumes: 21 | - $DOCKERDIR/appdata/hemmelig/files:/var/tmp/hemmelig/upload/files 22 | - $DOCKERDIR/appdata/hemmelig/database:/home/node/hemmelig/database 23 | environment: 24 | - SECRET_LOCAL_HOSTNAME=0.0.0.0 # The local hostname for the fastify instance 25 | - SECRET_PORT=3000 # The port number for the fastify instance 26 | - SECRET_HOST=$DOMAINNAME_1 # Used for i.e. set cors/cookies to your domain name 27 | - SECRET_ROOT_USER=$HEMMELIG_ROOT_USER # User as the root admin user 28 | - SECRET_ROOT_PASSWORD=$HEMMELIG_ROOT_PASSWORD # The admin user password (change this after signed in) 29 | - SECRET_ROOT_EMAIL=$HEMMELIG_ROOT_EMAIL # The email for the admin user 30 | - SECRET_FILE_SIZE=4 # Set the total allowed upload file size in mb 31 | - SECRET_FORCED_LANGUAGE=en # Set the default language for the application 32 | - SECRET_JWT_SECRET=$HEMMELIG_JWT_SECRET # Override this for the secret signin JWT tokens for log in 33 | - SECRET_MAX_TEXT_SIZE=256 # The max text size for the secret. Is set in kb. i.e. 256 for 256kb 34 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/homarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Homarr - Application Dashboard 3 | homarr: 4 | image: ghcr.io/ajnart/homarr:latest 5 | container_name: homarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | ports: 14 | - "$HOMARR_PORT:7575" 15 | volumes: 16 | # - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration 17 | - $DOCKERDIR/appdata/homarr/configs:/app/data/configs 18 | - $DOCKERDIR/appdata/homarr/icons:/app/public/icons 19 | - $DOCKERDIR/appdata/homarr/data:/data 20 | environment: 21 | - DOCKER_HOST 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/home-assistant.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Home Assistant Core - Home Automation 3 | home-assistant: 4 | image: "ghcr.io/home-assistant/home-assistant:stable" 5 | container_name: home-assistant 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | network_mode: host 11 | # devices: 12 | # - /dev/ttyUSB0:/dev/ttyUSB0 # Uncomment if you have USB devices 13 | # - /dev/ttyUSB1:/dev/ttyUSB1 # Uncomment if you have USB devices 14 | # - /dev/ttyACM0:/dev/ttyACM0 # Uncomment if you have USB devices 15 | privileged: true 16 | volumes: 17 | - $DOCKERDIR/appdata/home-assistant:/config 18 | - /etc/localtime:/etc/localtime:ro 19 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/homebridge.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Homebridge - iOS HomeKit API 3 | homebridge: 4 | image: homebridge/homebridge:latest 5 | container_name: homebridge 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | network_mode: host 11 | volumes: 12 | - $DOCKERDIR/appdata/homebridge:/homebridge 13 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/homepage.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Homepage - Application Dashboard 3 | homepage: 4 | image: ghcr.io/gethomepage/homepage:latest 5 | container_name: homepage 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | ports: 14 | - "$HOMEPAGE_PORT:3000" 15 | volumes: 16 | - $DOCKERDIR/appdata/homepage:/app/config 17 | environment: 18 | TZ: $TZ 19 | PUID: $PUID 20 | PGID: $PGID 21 | HOMEPAGE_ALLOWED_HOSTS: "*" 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/immich-db.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Immich Database - PostgresQL Database for Immich 3 | immich-db: 4 | container_name: immich-db 5 | image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 6 | profiles: ["apps", "all"] 7 | restart: unless-stopped 8 | security_opt: 9 | - no-new-privileges:true 10 | networks: 11 | - default 12 | healthcheck: 13 | test: >- 14 | pg_isready --dbname="immich" --username="immich_db_user" || exit 1; 15 | Chksum="$$(psql --dbname="immich" --username="immich_db_user" --tuples-only --no-align 16 | --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; 17 | echo "checksum failure count is $$Chksum"; 18 | [ "$$Chksum" = '0' ] || exit 1 19 | interval: 5m 20 | start_interval: 30s 21 | start_period: 5m 22 | command: >- 23 | postgres 24 | -c shared_preload_libraries=vectors.so 25 | -c 'search_path="$$user", public, vectors' 26 | -c logging_collector=off 27 | -c max_wal_size=2GB 28 | -c shared_buffers=512MB 29 | -c wal_compression=on 30 | environment: 31 | POSTGRES_PASSWORD: $IMMICHDB_POSTGRESQL_PASSWORD 32 | POSTGRES_USER: immich_db_user 33 | POSTGRES_DB: immich 34 | POSTGRES_INITDB_ARGS: '--data-checksums' 35 | volumes: 36 | # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file 37 | - $DOCKERDIR/appdata/immich-db:/var/lib/postgresql/data 38 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/immich-ml.yml: -------------------------------------------------------------------------------- 1 | services: 2 | immich-ml: 3 | # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag. 4 | # Example tag: ${IMMICH_VERSION:-release}-cuda 5 | image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} 6 | container_name: immich-ml 7 | profiles: ["apps", "all"] 8 | restart: unless-stopped 9 | security_opt: 10 | - no-new-privileges:true 11 | networks: 12 | - default 13 | # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration 14 | # file: hwaccel.ml.yml 15 | # service: cuda # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable 16 | healthcheck: 17 | disable: false 18 | volumes: 19 | - $DOCKERDIR/appdata/immich-ml:/cache 20 | # DOCKER-LABELS-PLACEHOLDER 21 | -------------------------------------------------------------------------------- /compose/immich.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Immich - Photo/video server 3 | immich: 4 | container_name: immich 5 | image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} 6 | profiles: ["apps", "all"] 7 | restart: unless-stopped 8 | security_opt: 9 | - no-new-privileges:true 10 | networks: 11 | - default 12 | ports: 13 | - "${IMMICH_PORT}:2283" 14 | depends_on: 15 | - redis 16 | - immich-db 17 | healthcheck: 18 | disable: false 19 | # extends: 20 | # file: hwaccel.transcoding.yml 21 | # service: nvenc # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding 22 | volumes: 23 | # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file 24 | - ${IMMICH_FOLDER}:/usr/src/app/upload 25 | - /etc/localtime:/etc/localtime:ro 26 | environment: 27 | DB_PASSWORD: ${IMMICHDB_POSTGRESQL_PASSWORD} 28 | DB_HOSTNAME: immich-db 29 | DB_USERNAME: immich_db_user 30 | DB_DATABASE_NAME: immich 31 | REDIS_HOSTNAME: redis 32 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/influxdb.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # InfluxDB - Database for sensor data 3 | influxdb: 4 | image: influxdb:latest 5 | container_name: influxdb 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["dbs", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$INFLUXDB_PORT:8086" 14 | volumes: 15 | - $DOCKERDIR/appdata/influxdb2/config:/etc/influxdb2 16 | - $DOCKERDIR/appdata/influxdb2/db:/var/lib/influxdb2 17 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/it-tools.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # IT-Tools - Status Page & Monitoring Server 3 | it-tools: 4 | image: corentinth/it-tools 5 | container_name: it-tools 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$ITTOOLS_PORT:80" 14 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/jackett.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Jackett - Torrent proxy 3 | jackett: 4 | image: lscr.io/linuxserver/jackett:latest 5 | container_name: jackett 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$JACKETT_PORT:9117" 14 | volumes: 15 | - $DOCKERDIR/appdata/jackett:/config 16 | - $DOWNLOADSDIR:/data/downloads 17 | environment: 18 | TZ: $TZ 19 | PUID: $PUID 20 | PGID: $PGID 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/jellyfin.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Jellyfin - Media Server 3 | jellyfin: 4 | image: jellyfin/jellyfin:latest 5 | container_name: jellyfin 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | user: $PUID:$PGID 13 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 14 | ports: 15 | - "$JELLYFIN_PORT:8096" 16 | # - "8920:8920" # Emby also uses same port if running both 17 | environment: 18 | UMASK_SET: 022 19 | TZ: $TZ 20 | volumes: 21 | - $DOCKERDIR/appdata/jellyfin:/config 22 | - $DOWNLOADSDIR:/data/downloads 23 | # - $MEDIADIR1:/data/media1 24 | # - $MEDIADIR2:/data/media2 25 | # - $MEDIADIR3:/data/media3 26 | - /dev/shm:/data/transcode # Offload transcoding to RAM if you have enough RAM 27 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/jellyseerr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Jellyseerr - Media Requests and Discovery for Plex 3 | jellyseerr: 4 | image: fallenbagel/jellyseerr:latest 5 | container_name: jellyseerr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$JELLYSEERR_PORT:5055" 14 | volumes: 15 | - $DOCKERDIR/appdata/jellyseerr:/app/config 16 | environment: 17 | TZ: $TZ 18 | LOG_LEVEL: info 19 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/kasm.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Kasm - Remote Workspaces 3 | kasm: 4 | image: lscr.io/linuxserver/kasm:latest 5 | container_name: kasm 6 | privileged: true 7 | restart: unless-stopped 8 | profiles: ["apps", "all"] 9 | networks: 10 | - default 11 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 12 | ports: 13 | - "$KASM_INSTALLATION_PORT:3000" # Installation Wizard HTTPS 14 | - "$KASM_PORT:443" # Web HTTPS 15 | volumes: 16 | - $DOCKERDIR/appdata/kasm/data:/opt 17 | - $DOCKERDIR/appdata/kasm/profiles:/profiles #optional 18 | - /dev/input:/dev/input #optional 19 | - /run/udev/data:/run/udev/data #optional 20 | environment: 21 | TZ: $TZ 22 | KASM_PORT: 443 23 | # DOCKER_HUB_USERNAME: USER #optional 24 | # DOCKER_HUB_PASSWORD: PASS #optional 25 | # DOCKER_MTU: 1500 #optional 26 | UMASK: 022 27 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/kavita.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Kavita - Cross-platform Reading Server 3 | kavita: 4 | image: lscr.io/linuxserver/kavita:latest 5 | container_name: kavita 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$KAVITA_PORT:5000" 14 | volumes: 15 | - $DOCKERDIR/appdata/kavita:/config 16 | - $BOOKSDIR:/data/books 17 | environment: 18 | PUID: $PUID 19 | PGID: $PGID 20 | TZ: $TZ 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/kometa.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Kometa - Automatic Metadata Manager for Plex (formerly Plex Meta Mananger) 3 | kometa: 4 | image: lscr.io/linuxserver/kometa:latest 5 | container_name: kometa 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | volumes: 13 | - $DOCKERDIR/appdata/kometa:/config 14 | environment: 15 | TZ: $TZ 16 | PUID: $PUID 17 | PGID: $PGID 18 | KOMETA_CONFIG: /config/config.yml #optional 19 | KOMETA_TIME: 03:00 #optional 20 | KOMETA_RUN: False #optional 21 | KOMETA_TEST: False #optional 22 | KOMETA_NO_MISSING: False #optional 23 | 24 | -------------------------------------------------------------------------------- /compose/komga.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Komga - Media Server for Comics, eBooks, Magazines and Mangas 3 | komga: 4 | image: gotson/komga:latest 5 | container_name: komga 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | user: "$PUID:$PGID" 11 | networks: 12 | - default 13 | ports: 14 | - "$KOMGA_PORT:25600" 15 | volumes: 16 | - $DOCKERDIR/appdata/komga/data:/data 17 | - $DOCKERDIR/appdata/komga/config:/config 18 | - $BOOKSDIR:/data/books 19 | - $COMICSDIR:/data/comics 20 | environment: 21 | TZ: $TZ 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/lidarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Lidarr - Music Management 3 | lidarr: 4 | image: lscr.io/linuxserver/lidarr:latest 5 | container_name: lidarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "starr", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$LIDARR_PORT:8686" 14 | volumes: 15 | - $DOCKERDIR/appdata/lidarr:/config 16 | # - $MEDIADIR1:/data/media1 17 | # - $MEDIADIR2:/data/media2 18 | # - $MEDIADIR3:/data/media3 19 | - $DOWNLOADSDIR:/data/downloads 20 | - "/etc/localtime:/etc/localtime:ro" 21 | environment: 22 | TZ: $TZ 23 | PUID: $PUID 24 | PGID: $PGID 25 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/lollypop.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Lollypop - Music Player 3 | lollypop: 4 | image: lscr.io/linuxserver/lollypop:latest 5 | container_name: lollypop 6 | security_opt: 7 | - no-new-privileges:true 8 | - seccomp:unconfined #optional 9 | restart: "unless-stopped" 10 | profiles: ["apps", "media", "all"] 11 | networks: 12 | - default 13 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 14 | ports: 15 | - "$LOLLYPOP_PORT:3000" # HTTP 16 | # - 3001:3001 # HTTPS 17 | volumes: 18 | - $DOCKERDIR/appdata/lollypop:/config 19 | # - $MEDIADIR1:/data/media1 20 | # - $MEDIADIR2:/data/media2 21 | # - $MEDIADIR3:/data/media3 22 | environment: 23 | TZ: $TZ 24 | PUID: $PUID 25 | PGID: $PGID 26 | # DOCKER-LABELS-PLACEHOLDER 27 | -------------------------------------------------------------------------------- /compose/maintainerr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Maintainerr - Manage Plex Media 3 | maintainerr: 4 | image: ghcr.io/jorenn92/maintainerr:latest 5 | container_name: maintainerr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$MAINTAINERR_PORT:6246" 14 | user: $PUID:$PGID 15 | volumes: 16 | - $DOCKERDIR/appdata/maintainerr:/opt/data 17 | environment: 18 | TZ: $TZ 19 | DEBUG: true 20 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/mariadb.yml: -------------------------------------------------------------------------------- 1 | services: 2 | mariadb: 3 | container_name: mariadb 4 | image: mariadb:latest 5 | security_opt: 6 | - no-new-privileges:true 7 | restart: unless-stopped 8 | profiles: ["core", "all"] 9 | networks: 10 | - default 11 | ports: 12 | - "$MARIADB_PORT:3306" 13 | volumes: 14 | - $DOCKERDIR/appdata/mariadb/data:/var/lib/mysql 15 | - $DOCKERDIR/appdata/mariadb/config:/etc/mysql 16 | environment: 17 | MARIADB_ROOT_PASSWORD_FILE: /run/secrets/mariadb_root_password 18 | secrets: 19 | - mariadb_root_password 20 | healthcheck: 21 | test: [ "CMD", "healthcheck.sh", "--connect", "--innodb_initialized" ] 22 | start_period: 1m 23 | start_interval: 10s 24 | interval: 1m 25 | timeout: 5s 26 | retries: 3 -------------------------------------------------------------------------------- /compose/mosquitto.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Mosquitto - MQTT Broker 3 | # Create mosquitto.conf, passwd, mosquitto.log files and set permissions to 775 user:docker 4 | # dexec mosquitto /bin/sh -> mosquitto_passwd -b /mosquitto/config/passwd username passwd 5 | mosquitto: 6 | container_name: mosquitto 7 | image: eclipse-mosquitto:latest 8 | security_opt: 9 | - no-new-privileges:true 10 | restart: unless-stopped 11 | profiles: ["apps", "all"] 12 | networks: 13 | - default 14 | ports: 15 | - "1833:1883" #http 16 | - "9001:9001" #websockets 17 | volumes: 18 | - $DOCKERDIR/appdata/mosquitto/config:/mosquitto/config 19 | - $DOCKERDIR/appdata/mosquitto/data:/mosquitto/data 20 | - $DOCKERDIR/appdata/mosquitto/log:/mosquitto/log 21 | - $DOCKERDIR/appdata/mosquitto/config/mosquitto.conf:/mosquitto/config/mosquitto.conf 22 | - $DOCKERDIR/appdata/mosquitto/config/passwd:/mosquitto/config/passwd 23 | environment: 24 | PUID: $PUID 25 | PGID: $PGID 26 | TZ: $TZ 27 | -------------------------------------------------------------------------------- /compose/mqttx-web.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # MQTTX Web - Browser-based MQTT WebSocket client 3 | mqttx-web: 4 | image: emqx/mqttx-web:latest 5 | container_name: mqttx-web 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$MQTTXWEB_PORT:80" 14 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/mylar3.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Mylar3 - Automated Comic Book Downloader (cbr/cbz) 3 | mylar3: 4 | image: lscr.io/linuxserver/mylar3:latest 5 | container_name: mylar3 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$MYLAR3_PORT:8090" 14 | volumes: 15 | - $DOCKERDIR/appdata/mylar3:/config 16 | - $COMICSDIR:/comics 17 | - $DOWNLOADSDIR:/data/downloads 18 | environment: 19 | PUID: $PUID 20 | PGID: $PGID 21 | TZ: $TZ 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/n8n.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # n8n - Workflow Automation Tool 3 | n8n: 4 | image: docker.n8n.io/n8nio/n8n 5 | container_name: n8n 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | postgresql: 14 | condition: service_healthy 15 | ports: 16 | - $N8N_PORT:5678 17 | volumes: 18 | - $DOCKERDIR/appdata/n8n:/home/node/.n8n 19 | environment: 20 | - DB_TYPE=postgresdb 21 | - DB_POSTGRESDB_HOST=postgresql 22 | - DB_POSTGRESDB_PORT=5432 23 | - DB_POSTGRESDB_DATABASE=n8n 24 | - DB_POSTGRESDB_USER=${N8N_POSTGRESQL_USERNAME} 25 | - DB_POSTGRESDB_PASSWORD=${N8N_POSTGRESQL_PASSWORD} 26 | - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true 27 | - N8N_DIAGNOSTICS_ENABLED=false 28 | - N8N_PERSONALIZATION_ENABLED=false 29 | - N8N_EDITOR_BASE_URL=https://SUBDOMAIN-PLACEHOLDER.${DOMAINNAME_1} 30 | - WEBHOOK_URL=https://SUBDOMAIN-PLACEHOLDER.${DOMAINNAME_1} 31 | # DOCKER-LABELS-PLACEHOLDER 32 | -------------------------------------------------------------------------------- /compose/navidrome.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Navidrome - Music Server 3 | navidrome: 4 | image: deluan/navidrome:latest 5 | container_name: navidrome 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$NAVIDROME_PORT:4533" 14 | user: $PUID:$PGID 15 | volumes: 16 | - $DOCKERDIR/appdata/navidrome:/data 17 | # - $MEDIADIR1:/data/media1 18 | # - $MEDIADIR2:/data/media2 19 | # - $MEDIADIR3:/data/media3 20 | environment: 21 | - TZ=$TZ 22 | - ND_SCANSCHEDULE=1h 23 | - ND_LOGLEVEL=info 24 | - ND_SESSIONTIMEOUT=24h 25 | - ND_REVERSEPROXYWHITELIST="0.0.0.0/0" 26 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/netdata.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Netdata - System Monitoring 3 | netdata: 4 | image: netdata/netdata 5 | container_name: netdata 6 | pid: host 7 | network_mode: host 8 | restart: unless-stopped 9 | profiles: ["monitoring", "all"] 10 | cap_add: 11 | - SYS_PTRACE 12 | - SYS_ADMIN 13 | security_opt: 14 | - apparmor:unconfined 15 | volumes: 16 | - $DOCKERDIR/appdata/netdata/config:/etc/netdata 17 | - $DOCKERDIR/appdata/netdata/lib:/var/lib/netdata 18 | - $DOCKERDIR/appdata/netdata/cache:/var/cache/netdata 19 | - /:/host/root:ro,rslave 20 | - /etc/passwd:/host/etc/passwd:ro 21 | - /etc/group:/host/etc/group:ro 22 | - /etc/localtime:/etc/localtime:ro 23 | - /proc:/host/proc:ro 24 | - /sys:/host/sys:ro 25 | - /etc/os-release:/host/etc/os-release:ro 26 | - /var/log:/host/var/log:ro 27 | - /var/run/docker.sock:/var/run/docker.sock:ro -------------------------------------------------------------------------------- /compose/nextcloud.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Nextcloud - Content Collaboration 3 | nextcloud: 4 | image: nextcloud 5 | container_name: nextcloud 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | mariadb: 14 | condition: service_healthy 15 | redis: 16 | condition: service_healthy 17 | ports: 18 | - "$NEXTCLOUD_PORT:80" 19 | volumes: 20 | - $DOCKERDIR/appdata/nextcloud:/var/www/html 21 | - $NEXTCLOUD_FOLDER:/var/www/html/data 22 | environment: 23 | MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_mariadb_password 24 | MYSQL_DATABASE: nextcloud 25 | MYSQL_USER_FILE: /run/secrets/nextcloud_mariadb_user 26 | MYSQL_HOST: mariadb 27 | REDIS_HOST: redis 28 | # REDIS_HOST_PASSWORD: $REDIS_PASSWORD 29 | NEXTCLOUD_ADMIN_USER_FILE: /run/secrets/nextcloud_admin_user 30 | NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/nextcloud_admin_password 31 | # NEXTCLOUD_TRUSTED_DOMAINS: SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 32 | TRUSTED_PROXIES: 192.168.90.0/24 33 | # OVERWRITEHOST: SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 34 | OVERWRITEPROTOCOL: https 35 | secrets: 36 | - nextcloud_mariadb_password 37 | - nextcloud_mariadb_user 38 | - nextcloud_admin_user 39 | - nextcloud_admin_password 40 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/node-exporter.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Node Exporter - System Metrics to Prometheus 3 | node-exporter: 4 | container_name: node-exporter 5 | image: prom/node-exporter:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["monitoring", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$NODEEXPORTER_PORT:9100" 14 | volumes: 15 | - /proc:/host/proc:ro 16 | - /sys:/host/sys:ro 17 | - /:/rootfs:ro 18 | command: 19 | - '--path.procfs=/host/proc' 20 | - '--path.sysfs=/host/sys' 21 | - --collector.filesystem.ignored-mount-points 22 | - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/node-red.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Node-RED - Programming for event-driven applications 3 | node-red: 4 | image: nodered/node-red 5 | container_name: node-red 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$NODERED_PORT:1880" 14 | volumes: 15 | - $DOCKERDIR/appdata/node-red:/data 16 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/notifiarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Notifiarr - Client for Notifiarr.com 3 | notifiarr: 4 | image: golift/notifiarr 5 | container_name: notifiarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$NOTIFIARR_PORT:5454" 14 | volumes: 15 | - $DOCKERDIR/appdata/notifiarr:/config 16 | - /var/run/utmp:/var/run/utmp 17 | - /etc/machine-id:/etc/machine-id 18 | environment: 19 | DN_API_KEY: $NOTIFIARR_API_KEY 20 | #DN_AUTO_UPDATE: off 21 | TZ: $TZ 22 | PUID: $PUID 23 | PGID: $PGID 24 | # DOCKER-LABELS-PLACEHOLDER 25 | -------------------------------------------------------------------------------- /compose/nzbget.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # NZBGet - Binary newsgrabber (NZB downloader) 3 | nzbget: 4 | image: nzbgetcom/nzbget:latest 5 | container_name: nzbget 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "downloads", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$NZBGET_PORT:6789" 14 | volumes: 15 | - $DOCKERDIR/appdata/nzbget:/config 16 | - $DOWNLOADSDIR:/data/downloads 17 | environment: 18 | PUID: $PUID 19 | PGID: $PGID 20 | TZ: $TZ 21 | # NZBGET_USER: nzbget #optional 22 | # NZBGET_PASS: tegbzn6789 #optional 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/oauth.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Google OAuth - Single Sign On using OAuth 2.0 3 | oauth: 4 | container_name: oauth 5 | image: thomseddon/traefik-forward-auth:latest 6 | # image: thomseddon/traefik-forward-auth:2.1-arm # Use this image with Raspberry Pi 7 | security_opt: 8 | - no-new-privileges:true 9 | restart: unless-stopped 10 | profiles: ["core", "all"] 11 | networks: 12 | - t3_proxy 13 | # ports: 14 | # - "4181:4181" 15 | # Allow apps to bypass OAuth. Radarr example below will bypass OAuth if API key is present in the request (eg. from NZB360 mobile app). 16 | # While this is one way, the recommended way is to bypass authentication using Traefik labels shown in some of the apps later. 17 | # command: --rule.radarr.action=allow --rule.radarr.rule="Header(`X-Api-Key`, `$RADARR_API_KEY`)" 18 | # command: --rule.sabnzbd.action=allow --rule.sabnzbd.rule="HeaderRegexp(`X-Forwarded-Uri`, `$SABNZBD_API_KEY`)" 19 | environment: 20 | - CONFIG=/config 21 | - COOKIE_DOMAIN=$DOMAINNAME_1 22 | - INSECURE_COOKIE=false 23 | - AUTH_HOST=oauth.$DOMAINNAME_1 24 | - URL_PATH=/_oauth 25 | - LOG_LEVEL=info 26 | - LOG_FORMAT=text 27 | - LIFETIME=86400 # 1 day 28 | - DEFAULT_ACTION=auth 29 | - DEFAULT_PROVIDER=google 30 | secrets: 31 | - source: oauth_secrets 32 | target: /config 33 | labels: 34 | - "traefik.enable=true" 35 | # HTTP Routers 36 | - "traefik.http.routers.oauth-rtr.entrypoints=websecure-internal,websecure-external" 37 | - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME_1`)" 38 | # Middlewares 39 | - "traefik.http.routers.oauth-rtr.middlewares=chain-oauth@file" 40 | # HTTP Services 41 | - "traefik.http.routers.oauth-rtr.service=oauth-svc" 42 | - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" 43 | -------------------------------------------------------------------------------- /compose/ollama.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Ollama - Local Open-source AI Models 3 | ollama: 4 | image: ollama/ollama:latest 5 | container_name: ollama 6 | restart: unless-stopped 7 | profiles: ["apps", "all"] 8 | networks: 9 | - default 10 | ports: 11 | - "$OLLAMA_PORT:11434" 12 | volumes: 13 | - $DOCKERDIR/appdata/ollama:/root/.ollama 14 | # deploy: 15 | # resources: 16 | # reservations: 17 | # devices: 18 | # - driver: nvidia 19 | # device_ids: ['all'] 20 | # capabilities: [gpu] 21 | environment: 22 | - OLLAMA_KEEP_ALIVE=24h 23 | # DOCKER-LABELS-PLACEHOLDER 24 | -------------------------------------------------------------------------------- /compose/ombi.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Ombi - Media Requests for Plex and Emby 3 | ombi: 4 | image: lscr.io/linuxserver/ombi:latest 5 | container_name: ombi 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$OMBI_PORT:3579" 14 | volumes: 15 | - $DOCKERDIR/appdata/ombi:/config 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | TZ: $TZ 20 | BASE_URL: /ombi #optional 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/open-webui.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Open-WebUI - User-friendly AI Interface 3 | open-webui: 4 | image: ghcr.io/open-webui/open-webui:main 5 | container_name: open-webui 6 | restart: unless-stopped 7 | profiles: ["apps", "all"] 8 | networks: 9 | - default 10 | depends_on: 11 | - ollama 12 | ports: 13 | - "$OPENWEBUI_PORT:8080" 14 | environment: 15 | - OLLAMA_BASE_URL=http://$SERVER_LAN_IP:$OLLAMA_PORT 16 | - WEBUI_SECRET_KEY=$OPENWEBUI_SECRET_KEY 17 | # - CORS_ALLOW_ORIGIN= 18 | - USER_AGENT=Open-WebUI 19 | volumes: 20 | - $DOCKERDIR/appdata/open-webui:/app/backend/data 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/openhands.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # OpenHands - AI Powered Software Development 3 | openhands: 4 | image: docker.all-hands.dev/all-hands-ai/openhands:latest 5 | container_name: openhands 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$OPENHANDS_PORT:3000" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | - $DOCKERDIR/appdata/openhands:/.openhands-state 17 | environment: 18 | - SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.26-nikolaik 19 | - LOG_ALL_EVENTS=true 20 | extra_hosts: 21 | - "host.docker.internal:host-gateway" 22 | pull_policy: if_not_present 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/organizr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Organizr - Homelab Dashboard 3 | organizr: 4 | image: ghcr.io/organizr/organizr 5 | container_name: organizr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$ORGANIZR_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/organizr:/config 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/overseerr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Overseerr - Media Requests and Discovery for Plex 3 | overseerr: 4 | image: lscr.io/linuxserver/overseerr:latest 5 | container_name: overseerr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$OVERSEERR_PORT:5055" 14 | volumes: 15 | - $DOCKERDIR/appdata/overseerr:/config 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | TZ: $TZ 20 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/paperless-ai.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Paperless AI - Doc Analyzer for Paperless-NGX 3 | paperless-ai: 4 | image: clusterzx/paperless-ai 5 | container_name: paperless-ai 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$PAPERLESSAI_PORT:3000" 14 | volumes: 15 | - $DOCKERDIR/appdata/paperless-ai:/app/data 16 | # DOCKER-LABELS-PLACEHOLDER 17 | -------------------------------------------------------------------------------- /compose/paperless-ngx.yml: -------------------------------------------------------------------------------- 1 | 2 | services: 3 | # Paperless-NGX - Document Management System 4 | paperless-ngx: 5 | image: ghcr.io/paperless-ngx/paperless-ngx:latest 6 | container_name: paperless-ngx 7 | security_opt: 8 | - no-new-privileges:true 9 | restart: unless-stopped 10 | profiles: ["apps", "all"] 11 | depends_on: 12 | mariadb: 13 | condition: service_healthy 14 | redis: 15 | condition: service_healthy 16 | gotenberg: 17 | condition: service_started 18 | tika: 19 | condition: service_started 20 | networks: 21 | - default 22 | ports: 23 | - "$PAPERLESSNGX_PORT:8000" 24 | healthcheck: 25 | test: ["CMD", "curl", "-f", "http://localhost:8000"] 26 | interval: 30s 27 | timeout: 10s 28 | retries: 5 29 | volumes: 30 | - $DOCKERDIR/appdata/paperless-ngx/data:/usr/src/paperless/data # customize this 31 | - $DOCKERDIR/appdata/paperless-ngx/media:/usr/src/paperless/media # customize this 32 | - $DOCKERDIR/appdata/paperless-ngx/export:/usr/src/paperless/export # customize this 33 | - $DOCKERDIR/appdata/paperless-ngx/trash:/usr/src/paperless/trash # customize this 34 | - $DOCKERDIR/appdata/paperless-ngx/consume:/usr/src/paperless/consume # customize this 35 | environment: 36 | PAPERLESS_REDIS: redis://redis:6379 37 | PAPERLESS_DBENGINE: mariadb 38 | PAPERLESS_DBNAME: paperless 39 | PAPERLESS_DBHOST: mariadb 40 | PAPERLESS_DBUSER_FILE: /run/secrets/paperlessngx_mariadb_username 41 | PAPERLESS_DBPASS_FILE: /run/secrets/paperlessngx_mariadb_password 42 | PAPERLESS_DBPORT: 3306 43 | PAPERLESS_SECRET_KEY_FILE: /run/secrets/paperlessngx_secret_key 44 | PAPERLESS_TIKA_ENABLED: 1 45 | PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 46 | PAPERLESS_TIKA_ENDPOINT: http://tika:9998 47 | PAPERLESS_FILENAME_FORMAT: "{{created_year}}/{{created_month}}/{{correspondent}}/{{title}} {{asn}}" 48 | PAPERLESS_URL: https://PAPERLESS-NGX-SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 49 | PAPERLESS_TRUSTED_PROXIES: $SERVER_LAN_IP 50 | PAPERLESS_ADMIN_USER_FILE: /run/secrets/paperlessngx_admin_username 51 | PAPERLESS_ADMIN_PASSWORD_FILE: /run/secrets/paperlessngx_admin_password 52 | # PAPERLESS_CONSUMER_POLLING: 60 53 | secrets: 54 | - paperlessngx_mariadb_username 55 | - paperlessngx_mariadb_password 56 | - paperlessngx_secret_key 57 | - paperlessngx_admin_username 58 | - paperlessngx_admin_password 59 | # DOCKER-LABELS-PLACEHOLDER 60 | -------------------------------------------------------------------------------- /compose/pdfding.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # PdfDing - PDF Viewing/Editing Tool 3 | pdfding: 4 | container_name: pdfding 5 | image: mrmn/pdfding:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | networks: 10 | - default 11 | profiles: ["apps", "all"] 12 | depends_on: 13 | postgresql: 14 | condition: service_healthy 15 | ports: 16 | - "$PDFDING_PORT:8000" 17 | volumes: 18 | - $DOCKERDIR/appdata/pdfding:/home/nonroot/pdfding/media 19 | environment: 20 | DEFAULT_THEME: dark 21 | DEFAULT_THEME_COLOR: blue 22 | SECRET_KEY: $PDFDING_SECRET_KEY 23 | HOST_NAME: PDFDING-SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 24 | DATABASE_TYPE: POSTGRES 25 | POSTGRES_PASSWORD: $PDFDING_POSTGRESQL_PASSWORD 26 | POSTGRES_HOST: postgresql 27 | # In production set the following values to True 28 | CSRF_COOKIE_SECURE: 'TRUE' 29 | SESSION_COOKIE_SECURE: 'TRUE' 30 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/pgadmin.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # pgAdmin - PostgreSQL Administration 3 | pgadmin: 4 | image: dpage/pgadmin4 5 | container_name: pgadmin 6 | restart: unless-stopped 7 | profiles: ["apps", "all"] 8 | networks: 9 | - default 10 | ports: 11 | - "$PGADMIN_PORT:80" 12 | volumes: 13 | - $DOCKERDIR/appdata/pgadmin:/var/lib/pgadmin 14 | environment: 15 | PGADMIN_DEFAULT_EMAIL: $PGADMIN_ADMIN_EMAIL 16 | PGADMIN_DEFAULT_PASSWORD: $PGADMIN_ADMIN_PASSWORD 17 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/photoshow.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Photoshow - Simple Photo Viewer 3 | photoshow: 4 | image: lscr.io/linuxserver/photoshow 5 | container_name: photoshow 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$PHOTOSHOW_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/photoshow/config:/config 16 | - $DOCKERDIR/appdata/photoshow/thumbs:/Thumbs 17 | - $PHOTOSDIR:/Pictures 18 | environment: 19 | TZ: $TZ 20 | PUID: $PUID 21 | PGID: $PGID 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/phpmyadmin.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # phpMyAdmin - Database management 3 | # Create a new user with admin privileges. Cannot login as MySQL root for some reason. 4 | phpmyadmin: 5 | image: phpmyadmin/phpmyadmin:latest 6 | container_name: phpmyadmin 7 | security_opt: 8 | - no-new-privileges:true 9 | restart: unless-stopped 10 | profiles: ["apps", "all"] 11 | networks: 12 | - default 13 | ports: 14 | - "$PHPMYADMIN_PORT:80" 15 | environment: 16 | - PMA_HOST=mariadb 17 | - PMA_PORT=3306 18 | #- PMA_ARBITRARY=1 19 | - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mariadb_root_password 20 | secrets: 21 | - mariadb_root_password 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/pihole.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Pi-hole - DNS Server and AdBlocker 3 | pihole: 4 | image: pihole/pihole:latest 5 | container_name: pihole 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["all", "core"] 10 | networks: 11 | - default 12 | # cap_add: 13 | # # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities 14 | # # Required if you are using Pi-hole as your DHCP server, else not needed 15 | # - NET_ADMIN 16 | # # Required if you are using Pi-hole as your NTP client to be able to set the host's system time 17 | # - SYS_TIME 18 | # # Optional, if Pi-hole should get some more processing time 19 | # - SYS_NICE 20 | ports: 21 | - "53:53/tcp" 22 | - "53:53/udp" 23 | - "67:67/udp" # DHCP Server 24 | - "$PIHOLE_PORT:80/tcp" # HTTP 25 | # - "123:123/udp" # NTP 26 | # - "443:443" # HTTPS 27 | volumes: 28 | - "$DOCKERDIR/appdata/pihole/etc:/etc/pihole" 29 | # - "$DOCKERDIR/appdata/pihole/etc/dnsmasq.d:/etc/dnsmasq.d" 30 | - "$DOCKERDIR/appdata/pihole/log:/var/log/pihole" 31 | environment: 32 | # https://docs.pi-hole.net/docker/upgrading/v5-v6/?h=pihole_dns#misc Variables list for v6 33 | TZ: ${TZ} 34 | FTLCONF_webserver_api_password: ${PIHOLE_WEB_PASSWORD} 35 | FTLCONF_dns_listeningMode: 'all' 36 | FTLCONF_dns_upstreams: 1.1.1.1;1.0.0.1 37 | FTLCONF_dns_bogusPriv: "true" 38 | FTLCONF_dns_domainNeeded: "true" 39 | FTLCONF_dns_domain: ${PIHOLE_LOCAL_DOMAIN} 40 | FTLCONF_webserver_interface_theme: "default_dark" 41 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/piwigo.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Piwigo - Photo Management 3 | piwigo: 4 | image: lscr.io/linuxserver/piwigo:latest 5 | container_name: piwigo 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$PIWIGO_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/piwigo/config:/config 16 | - $DOCKERDIR/appdata/piwigo/gallery:/gallery 17 | - $PHOTOSDIR:/data/photos 18 | environment: 19 | TZ: $TZ 20 | PUID: $PUID 21 | PGID: $PGID 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/plex.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Plex - Media Server 3 | plex: 4 | image: plexinc/pms-docker:latest 5 | container_name: plex 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$PLEX_PORT:32400/tcp" 14 | - "3005:3005/tcp" 15 | - "8324:8324/tcp" 16 | - "32469:32469/tcp" 17 | - "1900:1900/udp" 18 | - "32410:32410/udp" 19 | - "32412:32412/udp" 20 | - "32413:32413/udp" 21 | - "32414:32414/udp" 22 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 23 | volumes: 24 | - $DOCKERDIR/appdata/plex:/config 25 | - $DOWNLOADSDIR:/data/downloads 26 | # - $MEDIADIR1:/data/media1 27 | # - $MEDIADIR2:/data/media2 28 | # - $MEDIADIR3:/data/media3 29 | - /dev/shm:/data/transcode 30 | environment: 31 | TZ: $TZ 32 | HOSTNAME: $PLEX_SERVER_NAME 33 | PLEX_CLAIM_FILE: /run/secrets/plex_claim 34 | PLEX_UID: $PUID 35 | PLEX_GID: $PGID 36 | ADVERTISE_IP: "http://$SERVER_LAN_IP:32400/,https://PLEX-SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1/" 37 | secrets: 38 | - plex_claim 39 | # DOCKER-LABELS-PLACEHOLDER 40 | -------------------------------------------------------------------------------- /compose/portainer.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Portainer - WebUI for Containers 3 | portainer: 4 | container_name: portainer 5 | image: portainer/portainer-ce:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | # command: -H unix:///var/run/docker.sock # Use Docker Socket Proxy instead for improved security 14 | command: -H tcp://socket-proxy:2375 15 | ports: 16 | - "$PORTAINER_PORT:9000" 17 | volumes: 18 | # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security 19 | - $DOCKERDIR/appdata/portainer/data:/data 20 | environment: 21 | - TZ=$TZ 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/postgresql.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # PostgreSQL - Database 3 | postgresql: 4 | container_name: postgresql 5 | image: postgres:16-alpine 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | healthcheck: 11 | test: ["CMD-SHELL", "pg_isready -d postgres -U $${POSTGRES_USER}"] 12 | start_period: 20s 13 | interval: 30s 14 | retries: 5 15 | timeout: 5s 16 | networks: 17 | - default 18 | ports: 19 | - "$POSTGRESQL_PORT:5432" 20 | volumes: 21 | - $DOCKERDIR/appdata/postgresql:/var/lib/postgresql/data 22 | environment: 23 | # - POSTGRES_DB=$POSTGRES_DB 24 | - POSTGRES_USER=$POSTGRES_USER 25 | - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_default_password 26 | secrets: 27 | - postgres_default_password 28 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/privatebin.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # PrivateBin - Self-hosted Pastebin 3 | privatebin: 4 | image: privatebin/nginx-fpm-alpine 5 | container_name: privatebin 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$PRIVATEBIN_PORT:8080" 14 | volumes: 15 | - $DOCKERDIR/appdata/privatebin/data:/srv/data # data volume for pastes allows pastes 16 | - $DOCKERDIR/appdata/privatebin/conf.php:/srv/cfg/conf.php:ro # second volume for custom configuration file 17 | environment: 18 | TZ: $TZ 19 | PHP_TZ: $TZ 20 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/prometheus.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Prometheus - Database for sensor data 3 | prometheus: 4 | image: prom/prometheus:latest 5 | container_name: prometheus 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["dbs", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$PROMETHEUS_PORT:9090" 14 | volumes: 15 | - $DOCKERDIR/appdata/prometheus/config:/etc/prometheus 16 | - $DOCKERDIR/appdata/prometheus/data:/prometheus 17 | user: $PUID:$PGID 18 | command: 19 | - '--config.file=/etc/prometheus/prometheus.yml' 20 | - '--storage.tsdb.path=/prometheus' 21 | - '--web.console.libraries=/usr/share/prometheus/console_libraries' 22 | - '--web.console.templates=/usr/share/prometheus/consoles' 23 | - '--web.enable-lifecycle' 24 | - '--web.enable-admin-api' 25 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/prowlarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Prowlarr - Index Manager 3 | prowlarr: 4 | image: ghcr.io/linuxserver/prowlarr:develop 5 | container_name: prowlarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "starr", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$PROWLARR_PORT:9696" 14 | volumes: 15 | - $DOCKERDIR/appdata/prowlarr:/config 16 | - $DOWNLOADSDIR:/data/downloads 17 | - "/etc/localtime:/etc/localtime:ro" 18 | environment: 19 | TZ: $TZ 20 | PUID: $PUID 21 | PGID: $PGID 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/qbittorrent-vpn.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # qBittorrent - Torrent downloader 3 | qbittorrent-vpn: 4 | image: lscr.io/linuxserver/qbittorrent:latest 5 | container_name: qbittorrent-vpn 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "downloads", "all"] 10 | network_mode: "service:gluetun" 11 | volumes: 12 | - $DOCKERDIR/appdata/qbittorrent-vpn:/config 13 | - $DOWNLOADSDIR:/data/downloads # Ensure that downloads folder is set to /data/downloads in qBittorrent 14 | environment: 15 | TZ: $TZ 16 | PUID: $PUID 17 | PGID: $PGID 18 | UMASK_SET: 002 19 | healthcheck: # https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220 20 | test: "curl -sf https://example.com || exit 1" 21 | interval: 1m 22 | timeout: 10s 23 | retries: 1 24 | labels: # Traefik labels added via file provider app-qbittorrent.yml in rules folder 25 | - "deunhealth.restart.on.unhealthy=true" -------------------------------------------------------------------------------- /compose/qbittorrent.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # qBittorrent - Torrent downloader 3 | qbittorrent: 4 | image: lscr.io/linuxserver/qbittorrent:latest 5 | container_name: qbittorrent 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "downloads", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$QBITTORRENT_PORT:8080" 14 | volumes: 15 | - $DOCKERDIR/appdata/qbittorrent:/config 16 | - $DOWNLOADSDIR:/data/downloads # Ensure that downloads folder is set to /data/downloads in qBittorrent 17 | environment: 18 | TZ: $TZ 19 | PUID: $PUID 20 | PGID: $PGID 21 | UMASK_SET: 002 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/qdrant.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Qdrant - A vector database and search engine 3 | qdrant: 4 | image: qdrant/qdrant 5 | container_name: qdrant 6 | restart: unless-stopped 7 | profiles: ["apps", "all"] 8 | networks: 9 | - default 10 | ports: 11 | - $QDRANT_PORT:6333 # HTTP API and dashboard 12 | - 6334:6334 # gRPC API 13 | volumes: 14 | - $DOCKERDIR/appdata/qdrant:/qdrant/storage 15 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/radarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Radarr - Movies Management 3 | radarr: 4 | image: lscr.io/linuxserver/radarr:latest 5 | container_name: radarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "starr", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$RADARR_PORT:7878" 14 | volumes: 15 | - $DOCKERDIR/appdata/radarr:/config 16 | # - $MEDIADIR1:/data/media1 17 | # - $MEDIADIR2:/data/media2 18 | # - $MEDIADIR3:/data/media3 19 | - $DOWNLOADSDIR:/data/downloads 20 | - "/etc/localtime:/etc/localtime:ro" 21 | environment: 22 | TZ: $TZ 23 | PUID: $PUID 24 | PGID: $PGID 25 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/readarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Readarr - eBooks Management 3 | readarr: 4 | image: lscr.io/linuxserver/readarr:develop 5 | container_name: readarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "starr", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$READARR_PORT:8787" 14 | volumes: 15 | - $DOCKERDIR/appdata/readarr:/config 16 | - $BOOKSDIR:/data 17 | - $DOWNLOADSDIR:/data/downloads 18 | - "/etc/localtime:/etc/localtime:ro" 19 | environment: 20 | TZ: $TZ 21 | PUID: $PUID 22 | PGID: $PGID 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/redis-commander.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Redis Commander - Redis Management Tool 3 | redis-commander: 4 | container_name: redis-commander 5 | image: rediscommander/redis-commander:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | redis: 14 | condition: service_healthy 15 | ports: 16 | - "$REDISCOMMANDER_PORT:8081" 17 | environment: 18 | - REDIS_HOST=redis 19 | # - REDIS_PASSWORD=$REDIS_PASSWORD 20 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/redis.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Redis - Key-value Store 3 | # Add vm.overcommit_memory = 1 to /etc/sysctl.conf 4 | redis: 5 | image: docker.io/library/redis:alpine 6 | container_name: redis 7 | security_opt: 8 | - no-new-privileges:true 9 | restart: unless-stopped 10 | profiles: ["core", "all"] 11 | command: --save 60 1 --loglevel warning 12 | healthcheck: 13 | test: ["CMD-SHELL", "redis-cli ping | grep PONG"] 14 | start_period: 20s 15 | interval: 30s 16 | retries: 5 17 | timeout: 3s 18 | networks: 19 | - default 20 | ports: 21 | - "$REDIS_PORT:6379" 22 | volumes: 23 | - $DOCKERDIR/appdata/redis:/data 24 | 25 | -------------------------------------------------------------------------------- /compose/remmina.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Remmina - Remote Desktop Client 3 | remmina: 4 | image: lscr.io/linuxserver/remmina:latest 5 | container_name: remmina 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 13 | ports: 14 | - "$REMMINA_PORT:3000" 15 | # - "3001:3001" # HTTPS 16 | volumes: 17 | - $DOCKERDIR/appdata/remmina:/config 18 | environment: 19 | PUID: $PUID 20 | PGID: $PGID 21 | TZ: $TZ 22 | # DRINODE: /dev/dri/renderD128 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/resilio-sync.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Resilio Sync - File Sync using BitTorrent Protocol 3 | resilio-sync: 4 | image: lscr.io/linuxserver/resilio-sync:latest 5 | container_name: resilio-sync 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - $RESILIOSYNC_PORT:8888 14 | - 55555:55555 15 | volumes: 16 | - $DOCKERDIR/appdata/resilio-sync/config:/config 17 | - $DOWNLOADSDIR:/downloads 18 | - $DOCKERDIR/appdata/resilio-sync/data:/sync # Change $DOCKERDIR/appdata/resilio-sync/data to your data folder 19 | environment: 20 | TZ: $TZ 21 | PUID: $PUID 22 | PGID: $PGID 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/sabnzbd.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # SABnzbd - Binary newsgrabber (NZB downloader) 3 | # Disable SABNnzbd's built-in HTTPS support for traefik proxy to work 4 | sabnzbd: 5 | image: lscr.io/linuxserver/sabnzbd:latest 6 | container_name: sabnzbd 7 | security_opt: 8 | - no-new-privileges:true 9 | restart: unless-stopped 10 | profiles: ["apps", "downloads", "all"] 11 | networks: 12 | - default 13 | ports: 14 | - "$SABNZBD_PORT:8080" 15 | volumes: 16 | - $DOCKERDIR/appdata/sabnzbd:/config 17 | - $DOWNLOADSDIR:/data/downloads 18 | environment: 19 | PUID: $PUID 20 | PGID: $PGID 21 | TZ: $TZ 22 | UMASK_SET: 002 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/scrutiny.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Scrutiny - WebUI for smartd S.M.A.R.T monitoring 3 | scrutiny: 4 | image: ghcr.io/analogj/scrutiny:master-web 5 | container_name: scrutiny 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - $SCRUTINY_PORT:8080 14 | volumes: 15 | - $DOCKERDIR/appdata/scrutiny:/opt/scrutiny/config 16 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/searxng.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # SearxNG - Privacy-respecting Metasearch Engine 3 | searxng: 4 | container_name: searxng 5 | image: docker.io/searxng/searxng:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | redis: 14 | condition: service_healthy 15 | ports: 16 | - "$SEARXNG_PORT:8080" 17 | volumes: 18 | - $DOCKERDIR/appdata/searxng:/etc/searxng:rw 19 | environment: 20 | - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/ 21 | - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4} 22 | - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4} 23 | - SEARXNG_REDIS_URL=redis://redis:6379/0 24 | - SEARXNG_SECRET=${SEARXNG_SECRET} 25 | cap_drop: 26 | - ALL 27 | cap_add: 28 | - CHOWN 29 | - SETGID 30 | - SETUID -------------------------------------------------------------------------------- /compose/smokeping.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # SmokePing - Network latency Monitoring 3 | smokeping: 4 | image: lscr.io/linuxserver/smokeping:latest 5 | container_name: smokeping 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$SMOKEPING_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/smokeping/config:/config 16 | - $DOCKERDIR/appdata/smokeping/data:/data 17 | environment: 18 | PUID: $PUID 19 | PGID: $PGID 20 | TZ: $TZ 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/socket-proxy.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket 3 | socket-proxy: 4 | image: lscr.io/linuxserver/socket-proxy:latest 5 | container_name: socket-proxy 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | socket_proxy: 12 | ipv4_address: 192.168.91.254 # You can specify a static IP 13 | # privileged: true # true for VM. False (default) for unprivileged LXC container. 14 | # ports: 15 | #- "2375:2375" 16 | volumes: 17 | - "/var/run/docker.sock:/var/run/docker.sock" 18 | read_only: true 19 | tmpfs: 20 | - /run 21 | environment: 22 | - LOG_LEVEL=warning # debug,info,notice,warning,err,crit,alert,emerg 23 | - ALLOW_START=1 # Portainer 24 | - ALLOW_STOP=1 # Portainer 25 | - ALLOW_RESTARTS=1 # Portainer 26 | ## Granted by Default 27 | - EVENTS=1 28 | - PING=1 29 | - VERSION=1 30 | ## Revoked by Default 31 | # Security critical 32 | - AUTH=0 33 | - SECRETS=0 34 | - POST=1 # Watchtower 35 | # Not always needed 36 | - BUILD=0 37 | - COMMIT=0 38 | - CONFIGS=0 39 | - CONTAINERS=1 # Traefik, portainer, etc. 40 | - DISTRIBUTION=0 41 | - EXEC=0 42 | - IMAGES=1 # Portainer 43 | - INFO=1 # Portainer 44 | - NETWORKS=1 # Portainer 45 | - NODES=0 46 | - PLUGINS=0 47 | - SERVICES=1 # Portainer 48 | - SESSION=0 49 | - SWARM=0 50 | - SYSTEM=0 51 | - TASKS=1 # Portainer 52 | - VOLUMES=1 # Portainer 53 | - DISABLE_IPV6=0 #optional -------------------------------------------------------------------------------- /compose/sonarr.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Sonarr - TV Shows Management 3 | sonarr: 4 | image: lscr.io/linuxserver/sonarr:develop 5 | container_name: sonarr 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "starr", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$SONARR_PORT:8989" 14 | volumes: 15 | - $DOCKERDIR/appdata/sonarr:/config 16 | # - $MEDIADIR1:/data/media1 17 | # - $MEDIADIR2:/data/media2 18 | # - $MEDIADIR3:/data/media3 19 | - $DOWNLOADSDIR:/data/downloads 20 | - "/etc/localtime:/etc/localtime:ro" 21 | environment: 22 | TZ: $TZ 23 | PUID: $PUID 24 | PGID: $PGID 25 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/speedtest-tracker.yml: -------------------------------------------------------------------------------- 1 | services: 2 | speedtest-tracker: 3 | image: lscr.io/linuxserver/speedtest-tracker:latest 4 | container_name: speedtest-tracker 5 | security_opt: 6 | - no-new-privileges:true 7 | restart: unless-stopped 8 | profiles: ["apps", "all"] 9 | networks: 10 | - default 11 | ports: 12 | - "$SPEEDTESTTRACKER_PORT:80" 13 | environment: 14 | TZ: $TZ 15 | PUID: $PUID 16 | PGID: $PGID 17 | DB_CONNECTION: sqlite 18 | APP_KEY: $SPEEDTEST_TRACKER_APP_KEY #optional 19 | # DB_HOST: mariadb #optional 20 | # DB_PORT: 3306 #optional 21 | # DB_DATABASE: speedtest #optional 22 | # DB_USERNAME: speedtest_user #optional 23 | # DB_PASSWORD: ST-DB-PASSWORD-PLACEHOLDER #optional 24 | volumes: 25 | - $DOCKERDIR/appdata/speedtest-tracker:/config 26 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/sshwifty.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Sshwifty - Web SSH & Telnet Client 3 | sshwifty: 4 | image: niruix/sshwifty:latest 5 | container_name: sshwifty 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | network_mode: "host" 11 | # user: "$PUID:$PGID" 12 | volumes: 13 | - $DOCKERDIR/appdata/sshwifty/conf.json:/sshwifty.conf.json 14 | environment: 15 | - TZ=$TZ 16 | - SSHWIFTY_LISTENPORT=$SSHWIFTY_PORT 17 | - SSHWIFTY_SHAREDKEY=$SSHWIFTY_PASSWORD 18 | - SSHWIFTY_CONFIG=/sshwifty.conf.json 19 | # DOCKER-LABELS-PLACEHOLDER 20 | -------------------------------------------------------------------------------- /compose/starter.yml: -------------------------------------------------------------------------------- 1 | ########################### NETWORKS 2 | # You may customize the network subnets (192.168.x.0/24) below as you please. 3 | networks: 4 | default: 5 | driver: bridge 6 | socket_proxy: 7 | name: socket_proxy 8 | driver: bridge 9 | ipam: 10 | config: 11 | - subnet: 192.168.91.0/24 12 | # NETWORKS-PLACEHOLDER-DO-NOT-DELETE 13 | 14 | ########################### SECRETS 15 | # secrets: 16 | # basic_auth_credentials: 17 | # file: $DOCKERDIR/secrets/basic_auth_credentials 18 | # SECRETS-PLACEHOLDER-DO-NOT-DELETE 19 | 20 | include: 21 | ########################### SERVICES 22 | # HOSTNAME defined in .env file 23 | 24 | # - compose/$HOSTNAME/custom.yml 25 | # SERVICE-PLACEHOLDER-DO-NOT-DELETE 26 | -------------------------------------------------------------------------------- /compose/stirling-pdf.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Stirling PDF - Self-hosted PDF Manipulation 3 | stirling-pdf: 4 | image: stirlingtools/stirling-pdf:latest 5 | container_name: stirling-pdf 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$STIRLINGPDF_PORT:8080" 14 | volumes: 15 | - $DOCKERDIR/appdata/stirling-pdf/trainingData:/usr/share/tessdata # Required for extra OCR languages 16 | - $DOCKERDIR/appdata/stirling-pdf/extraConfigs:/configs 17 | # - $DOCKERDIR/appdata/stirling-pdf/customFiles:/customFiles/ 18 | # - $DOCKERDIR/appdata/stirling-pdf/logs:/logs/ 19 | environment: 20 | DOCKER_ENABLE_SECURITY: false 21 | INSTALL_BOOK_AND_ADVANCED_HTML_OPS: false 22 | LANGS: en_US 23 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/tailscale.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Tailscale - Private Network over Internet 3 | tailscale: 4 | image: tailscale/tailscale:stable 5 | container_name: tailscale 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | network_mode: host 11 | cap_add: 12 | - NET_ADMIN 13 | - SYS_MODULE 14 | devices: 15 | - /dev/net/tun 16 | volumes: 17 | - $DOCKERDIR/appdata/tailscale:/var/lib/tailscale 18 | environment: 19 | - TS_AUTH_KEY=$TS_AUTH_KEY 20 | - TS_STATE_DIR=/var/lib/tailscale 21 | - TS_USERSPACE=false 22 | - TS_ACCEPT_DNS=false 23 | # DOCKER-LABELS-PLACEHOLDER 24 | -------------------------------------------------------------------------------- /compose/tautulli.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Tautulli - Plex Statistics and Monitoring 3 | tautulli: 4 | image: lscr.io/linuxserver/tautulli:latest 5 | container_name: tautulli 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: "no" 9 | profiles: ["media", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$TAUTULLI_PORT:8181" 14 | volumes: 15 | - $DOCKERDIR/appdata/tautulli/config:/config 16 | # - $DOCKERDIR/appdata/plex/Library/Application Support/Plex Media Server/Logs:/logs:ro # For tautulli Plex log viewer 17 | environment: 18 | TZ: $TZ 19 | PUID: $PUID 20 | PGID: $PGID 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/thelounge.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # The Lounge - Self-hosted web IRC client 3 | thelounge: 4 | image: lscr.io/linuxserver/thelounge:latest 5 | container_name: thelounge 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$THELOUNGE_PORT:9000" 14 | volumes: 15 | - $DOCKERDIR/appdata/thelounge:/config 16 | environment: 17 | TZ: $TZ 18 | PUID: $PUID 19 | PGID: $PGID 20 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/theme-park.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Theme Park - Themes for various Docker Apps 3 | theme-park: 4 | image: ghcr.io/themepark-dev/theme.park 5 | container_name: theme-park 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$THEMEPARK_PORT:80" 14 | volumes: 15 | - $DOCKERDIR/appdata/theme-park:/config #optional 16 | environment: 17 | TZ: $TZ 18 | PUID: $PUID 19 | PGID: $PGID 20 | # - TP_URLBASE=themepark #optional 21 | # DOCKER-LABELS-PLACEHOLDER 22 | -------------------------------------------------------------------------------- /compose/tika.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Tika - Doc text extraction for Paperless-NGX 3 | tika: 4 | image: docker.io/apache/tika:latest 5 | container_name: tika 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default -------------------------------------------------------------------------------- /compose/tinyauth.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # TinyAuth - Self-Hosted Single Sign-On, 2-FA, and OAuth 3 | tinyauth: 4 | container_name: tinyauth 5 | image: ghcr.io/steveiliop56/tinyauth:v3 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | - t3_proxy 13 | # ports: 14 | # - "$TINYAUTH_PORT:3000" 15 | volumes: 16 | - $DOCKERDIR/appdata/tinyauth/users_file:/tinyauth/users_file 17 | environment: 18 | - SECRET_FILE=/run/secrets/tinyauth_secret 19 | - APP_URL=https://tinyauth.$DOMAINNAME_1 20 | - USERS_FILE=users_file # user:hashed-password, one per line 21 | - LOG_LEVEL=0 22 | - LOGIN_MAX_RETRIES=3 23 | - LOGIN_TIMEOUT=300 24 | - DISABLE_CONTINUE=true 25 | # - OAUTH_WHITELIST=${OAUTH_WHITELIST} 26 | # # Github OAuth2 27 | # - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID} 28 | # - GITHUB_CLIENT_SECRET_FILE=/run/secrets/tinyauth_github_secret 29 | # # Google OAuth2 30 | # - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID} 31 | # - GOOGLE_CLIENT_SECRET_FILE=/run/secrets/tinyauth_google_secret 32 | secrets: 33 | - tinyauth_secret 34 | # - tinyauth_github_secret 35 | # - tinyauth_google_secret 36 | labels: 37 | - "traefik.enable=true" 38 | ## HTTP Routers 39 | - "traefik.http.routers.tinyauth-rtr.entrypoints=websecure-internal,websecure-external" 40 | - "traefik.http.routers.tinyauth-rtr.rule=Host(`tinyauth.$DOMAINNAME_1`)" 41 | ## Middlewares 42 | - "traefik.http.routers.tinyauth-rtr.middlewares=chain-no-auth@file" # Should be chain-no-auth and not chain-tinyauth 43 | ## HTTP Services 44 | - "traefik.http.routers.tinyauth-rtr.service=tinyauth-svc" 45 | - "traefik.http.services.tinyauth-svc.loadbalancer.server.port=3000" -------------------------------------------------------------------------------- /compose/traefik-access-log.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Traefik Access Log (access.log) for Dozzle 3 | traefik-access-log: 4 | container_name: traefik-access-log 5 | image: alpine 6 | volumes: 7 | - $DOCKERDIR/logs/$HOSTNAME/traefik/access.log:/var/log/stream.log 8 | command: 9 | - tail 10 | - -f 11 | - /var/log/stream.log 12 | network_mode: none 13 | restart: unless-stopped -------------------------------------------------------------------------------- /compose/traefik-certs-dumper.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Traefik Certs Dumper - Extract LetsEncrypt Certificates - Traefik2 Compatible 3 | traefik-certs-dumper: 4 | container_name: traefik-certs-dumper 5 | image: ghcr.io/kereis/traefik-certs-dumper:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | network_mode: none 11 | # command: --restart-containers container1,container2,container3 12 | volumes: 13 | - $DOCKERDIR/appdata/traefik3/acme:/traefik:ro 14 | - $DOCKERDIR/appdata/traefik-certs/$DOMAINNAME_1:/output:rw 15 | # - /var/run/docker.sock:/var/run/docker.sock:ro # Only needed if restarting containers (use Docker Socket Proxy instead) 16 | environment: 17 | DOMAIN: $DOMAINNAME_1 -------------------------------------------------------------------------------- /compose/traefik-error-log.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Traefik Error Log (traefik.log) for Dozzle 3 | traefik-error-log: 4 | container_name: traefik-error-log 5 | image: alpine 6 | volumes: 7 | - $DOCKERDIR/logs/$HOSTNAME/traefik/traefik.log:/var/log/stream.log 8 | command: 9 | - tail 10 | - -f 11 | - /var/log/stream.log 12 | network_mode: none 13 | restart: unless-stopped -------------------------------------------------------------------------------- /compose/transmission.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Transmission - Torrent downloader 3 | transmission: 4 | image: lscr.io/linuxserver/transmission:latest 5 | container_name: transmission 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "downloads", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$TRANSMISSION_PORT:9091" 14 | - "51413:51413" 15 | - "51413:51413/udp" 16 | volumes: 17 | - $DOCKERDIR/appdata/transmission:/config 18 | - $DOWNLOADSDIR/torrents:/data/downloads 19 | - $DOWNLOADSDIR:/data/watch 20 | environment: 21 | - PUID=$PUID 22 | - PGID=$PGID 23 | - TZ=$TZ 24 | - FILE__USER=/run/secrets/transmission_user 25 | - FILE__PASS=/run/secrets/transmission_pass 26 | # - TRANSMISSION_WEB_HOME= #optional 27 | # - WHITELIST= #optional 28 | # - PEERPORT= #optional 29 | # - HOST_WHITELIST= #optional 30 | secrets: 31 | - transmission_user 32 | - transmission_pass 33 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/triliumnext.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # TriliumNext - Personal Heirarchical Notes 3 | triliumnext: 4 | image: triliumnext/notes:latest 5 | container_name: triliumnext 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$TRILIUMNEXT_PORT:8080" 14 | volumes: 15 | - $DOCKERDIR/appdata/triliumnext:/home/node/trilium-data 16 | environment: 17 | - TRILIUM_DATA_DIR=/home/node/trilium-data 18 | - TZ=$TZ 19 | # DOCKER-LABELS-PLACEHOLDER 20 | -------------------------------------------------------------------------------- /compose/uptime-kuma.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Uptime Kuma - Status Page & Monitoring Server 3 | uptime-kuma: 4 | image: louislam/uptime-kuma 5 | container_name: uptime-kuma 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | - socket_proxy 13 | ports: 14 | - "$UPTIMEKUMA_PORT:3001" 15 | volumes: 16 | - $DOCKERDIR/appdata/uptime-kuma:/app/data 17 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/vaultwarden.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Vaultwarden Password Manager 3 | vaultwarden: 4 | image: vaultwarden/server:latest 5 | container_name: vaultwarden 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$VAULTWARDEN_PORT:80" 14 | environment: 15 | # This is required to allow vaultwarden to verify the TLS certificate! 16 | - DOMAIN=https://SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 17 | # - ADMIN_TOKEN=ADMIN-TOKEN-PLACEHOLDER 18 | volumes: 19 | - $DOCKERDIR/appdata/vaultwarden/data:/data 20 | # DOCKER-LABELS-PLACEHOLDER 21 | -------------------------------------------------------------------------------- /compose/vikunja.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Vikunja - Task Management 3 | vikunja: 4 | image: vikunja/vikunja 5 | container_name: vikunja 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | depends_on: 13 | mariadb: 14 | condition: service_healthy 15 | user: $PUID 16 | ports: 17 | - "$VIKUNJA_PORT:3456" 18 | volumes: 19 | - $DOCKERDIR/appdata/vikunja:/app/vikunja/files 20 | environment: 21 | VIKUNJA_SERVICE_PUBLICURL: https://VIKUNJA-SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 22 | VIKUNJA_DATABASE_HOST: mariadb 23 | VIKUNJA_DATABASE_PASSWORD: $VIKUNJA_MARIADB_PASSWORD 24 | VIKUNJA_DATABASE_TYPE: mysql 25 | VIKUNJA_DATABASE_USER: $VIKUNJA_MARIADB_USERNAME 26 | VIKUNJA_DATABASE_DATABASE: vikunja 27 | VIKUNJA_SERVICE_JWTSECRET: $VIKUNJA_JWT_SECRET 28 | # DOCKER-LABELS-PLACEHOLDER 29 | -------------------------------------------------------------------------------- /compose/vscode.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # VSCode - VSCode Editing 3 | vscode: 4 | image: lscr.io/linuxserver/code-server:latest 5 | container_name: vscode 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$VSCODE_PORT:8443" 14 | volumes: 15 | - $DOCKERDIR/appdata/vscode:/config 16 | - $USERDIR:/data/$PRIMARY_USERNAME 17 | environment: 18 | - TZ=$TZ 19 | - PUID=$PUID 20 | - PGID=$PGID 21 | # - DOCKER_HOST 22 | # - PASSWORD=$VSCODE_PASSWORD 23 | # - HASHED_PASSWORD= #optional 24 | # - SUDO_PASSWORD= password #optional 25 | # - SUDO_PASSWORD_HASH= #optional 26 | # - PROXY_DOMAIN= code-server.my.domain #optional 27 | # - DEFAULT_WORKSPACE=/config/data/User/Workspaces/Default.code-workspace #optional 28 | # DOCKER-LABELS-PLACEHOLDER 29 | -------------------------------------------------------------------------------- /compose/wallos.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Wallos - Open-source Subscription Tracker 3 | wallos: 4 | container_name: wallos 5 | image: bellamy/wallos:latest 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | networks: 10 | - default 11 | ports: 12 | - "$WALLOS_PORT:80" 13 | volumes: 14 | - '$DOCKERDIR/appdata/wallos/db:/var/www/html/db' 15 | - '$DOCKERDIR/appdata/wallos/logos:/var/www/html/images/uploads/logos' 16 | environment: 17 | TZ: $TZ 18 | # DOCKER-LABELS-PLACEHOLDER 19 | -------------------------------------------------------------------------------- /compose/weaviate.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Weaviate - Vector Database 3 | weaviate: 4 | image: cr.weaviate.io/semitechnologies/weaviate:latest 5 | container_name: weaviate 6 | restart: unless-stopped 7 | profiles: ["apps", "all"] 8 | networks: 9 | - default 10 | ports: 11 | - "$WEAVIATE_PORT:8080" # REST calls 12 | - "50051:50051" # gRPC calls 13 | command: 14 | - --host 15 | - 0.0.0.0 16 | - --port 17 | - '8080' 18 | - --scheme 19 | - http 20 | volumes: 21 | - $DOCKERDIR/appdata/weaviate:/var/lib/weaviate 22 | environment: 23 | QUERY_DEFAULTS_LIMIT: 25 24 | AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'true' # Not secure but OK for local use 25 | PERSISTENCE_DATA_PATH: '/var/lib/weaviate' 26 | ENABLE_API_BASED_MODULES: 'true' 27 | CLUSTER_HOSTNAME: 'node1' 28 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/wg-easy.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # WG-EASY - WireGuard Easy 3 | wg-easy: 4 | image: ghcr.io/wg-easy/wg-easy 5 | container_name: wg-easy 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | cap_add: 13 | - NET_ADMIN 14 | - SYS_MODULE 15 | sysctls: 16 | - net.ipv4.ip_forward=1 17 | - net.ipv4.conf.all.src_valid_mark=1 18 | ports: 19 | - "51820:51820/udp" 20 | - "$WGEASY_PORT:51821/tcp" # WebUI 21 | volumes: 22 | - $DOCKERDIR/appdata/wireguard:/etc/wireguard 23 | environment: 24 | - WG_HOST=SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 25 | - PASSWORD_HASH=WG-EASY-PASSWORD-HASH-PLACEHOLDER 26 | - WG_DEFAULT_ADDRESS=$WGEASY_DEFAULT_ADDRESS 27 | - WG_DEFAULT_DNS=$WGEASY_DEFAULT_DNS 28 | - WG_ALLOWED_IPS=$WGEASY_ALLOWED_IPS 29 | - UI_TRAFFIC_STATS=true 30 | - UI_CHART_TYPE=3 31 | # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt 32 | # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt 33 | # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt 34 | # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt 35 | # DOCKER-LABELS-PLACEHOLDER 36 | -------------------------------------------------------------------------------- /compose/wikidocs.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # Wikidocs - Flat-file Markdown Wiki 3 | wikidocs: 4 | image: zavy86/wikidocs 5 | container_name: wikidocs 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - default 12 | ports: 13 | - "$WIKIDOCS_PORT:80" 14 | volumes: 15 | - '$DOCKERDIR/appdata/wikidocs:/datasets' 16 | environment: 17 | PUID: $PUID 18 | PGID: $PGID 19 | # DOCKER-LABELS-PLACEHOLDER 20 | -------------------------------------------------------------------------------- /compose/wud.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # WUD (What's Up Docker) - Docker Image Update Notification 3 | wud: 4 | image: fmartinou/whats-up-docker 5 | container_name: wud 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["apps", "all"] 10 | networks: 11 | - socket_proxy 12 | ports: 13 | - "$WUD_PORT:3000" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | environment: 17 | # - WUD_TRIGGER_DISCORD_1_URL=https://discord.com/api/webhooks/123/456 18 | # - WUD_TRIGGER_DISCORD_1_BOTUSERNAME=WUD 19 | - WUD_WATCHER_LOCAL_CRON=0 1 * * * 20 | - WUD_WATCHER_LOCAL_WATCHALL=true 21 | # - WUD_WATCHER_MYREMOTEHOST_HOST= 22 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/xpipe-webtop.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # XPipe Webtop - Web Desktop Environment 3 | xpipe-webtop: 4 | image: ghcr.io/xpipe-io/xpipe-webtop:latest 5 | container_name: xpipe-webtop 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | networks: 11 | - default 12 | # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE 13 | ports: 14 | - "$XPIPEWEBTOP_PORT:3000" # HTTP 15 | # - "3001:3001" # HTTPS 16 | volumes: 17 | - $DOCKERDIR/appdata/xpipe-webtop:/config 18 | - /var/run/docker.sock:/var/run/docker.sock #optional 19 | # environment: 20 | # SUBFOLDER: / #optional 21 | # DOCKER-LABELS-PLACEHOLDER -------------------------------------------------------------------------------- /compose/zerotier.yml: -------------------------------------------------------------------------------- 1 | services: 2 | # ZeroTier-One - Private Network over Internet 3 | zerotier: 4 | image: zerotier/zerotier:latest 5 | container_name: zerotier 6 | security_opt: 7 | - no-new-privileges:true 8 | restart: unless-stopped 9 | profiles: ["core", "all"] 10 | network_mode: host 11 | cap_add: 12 | - NET_ADMIN 13 | - SYS_ADMIN 14 | devices: 15 | - /dev/net/tun 16 | volumes: 17 | - $DOCKERDIR/appdata/zerotier:/var/lib/zerotier-one -------------------------------------------------------------------------------- /deployrr_v5.8-arm.app: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/deployrr_v5.8-arm.app -------------------------------------------------------------------------------- /deployrr_v5.8.app: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/deployrr_v5.8.app -------------------------------------------------------------------------------- /images/deployarr_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/deployarr_logo.png -------------------------------------------------------------------------------- /images/deployrr-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/deployrr-logo.png -------------------------------------------------------------------------------- /images/v4/01 Deployarr 4 - Spash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/01 Deployarr 4 - Spash.png -------------------------------------------------------------------------------- /images/v4/02 Deployarr 4 - Main Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/02 Deployarr 4 - Main Menu.png -------------------------------------------------------------------------------- /images/v4/03 Deployarr 4 - Disclaimers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/03 Deployarr 4 - Disclaimers.png -------------------------------------------------------------------------------- /images/v4/04 Deployarr 4 - System Prep Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/04 Deployarr 4 - System Prep Menu.png -------------------------------------------------------------------------------- /images/v4/05 Deployarr 4 - Set Folders.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/05 Deployarr 4 - Set Folders.png -------------------------------------------------------------------------------- /images/v4/06 Deployarr 4 - Docker Sub Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/06 Deployarr 4 - Docker Sub Menu.png -------------------------------------------------------------------------------- /images/v4/07 Deployarr 4 - Reverse Proxy Sub Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/07 Deployarr 4 - Reverse Proxy Sub Menu.png -------------------------------------------------------------------------------- /images/v4/08 Deployarr 4 - Security Sub Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/08 Deployarr 4 - Security Sub Menu.png -------------------------------------------------------------------------------- /images/v4/09 Deployarr 4 - Apps Sub Menu 1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/09 Deployarr 4 - Apps Sub Menu 1.png -------------------------------------------------------------------------------- /images/v4/10 Deployarr 4 - App Install.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/10 Deployarr 4 - App Install.png -------------------------------------------------------------------------------- /images/v4/11 Deployarr 4 - App Uninstall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/11 Deployarr 4 - App Uninstall.png -------------------------------------------------------------------------------- /images/v4/12 Deployarr 4 - Tools Sub Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/12 Deployarr 4 - Tools Sub Menu.png -------------------------------------------------------------------------------- /images/v4/13 Deployarr 4 - Stack Manager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/13 Deployarr 4 - Stack Manager.png -------------------------------------------------------------------------------- /images/v4/14 Deployarr 4 - Containers Status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/14 Deployarr 4 - Containers Status.png -------------------------------------------------------------------------------- /images/v4/15 Deployarr 4 - Services Status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/15 Deployarr 4 - Services Status.png -------------------------------------------------------------------------------- /images/v4/16 Deployarr 4 - Backups Sub Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/16 Deployarr 4 - Backups Sub Menu.png -------------------------------------------------------------------------------- /images/v4/17 Deployarr 4 - Restore Backups.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/17 Deployarr 4 - Restore Backups.png -------------------------------------------------------------------------------- /images/v4/18 Deployarr 4 - Deployarr Settings Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/18 Deployarr 4 - Deployarr Settings Menu.png -------------------------------------------------------------------------------- /images/v4/19 Deployarr 4 - About Sub Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/19 Deployarr 4 - About Sub Menu.png -------------------------------------------------------------------------------- /images/v4/21 Deployarr 4 - Getting Support.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/21 Deployarr 4 - Getting Support.png -------------------------------------------------------------------------------- /images/v4/Deployarr 4 - 40 plus Docker Apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/Deployarr 4 - 40 plus Docker Apps.png -------------------------------------------------------------------------------- /images/v4/Deployarr 4 - 50 plus Docker Apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/Deployarr 4 - 50 plus Docker Apps.png -------------------------------------------------------------------------------- /images/v4/Deployarr 4 - 60 plus Docker Apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/Deployarr 4 - 60 plus Docker Apps.png -------------------------------------------------------------------------------- /images/v4/Deployarr 4 - 75 plus Docker Apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/Deployarr 4 - 75 plus Docker Apps.png -------------------------------------------------------------------------------- /images/v4/Deployarr App Logos 50.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/Deployarr App Logos 50.png -------------------------------------------------------------------------------- /images/v4/Deployarr App Logos 75.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/Deployarr App Logos 75.png -------------------------------------------------------------------------------- /images/v4/Deployarr App Logos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v4/Deployarr App Logos.png -------------------------------------------------------------------------------- /images/v5/01 Deployarr v5 Splash Screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/01 Deployarr v5 Splash Screen.png -------------------------------------------------------------------------------- /images/v5/02 Deployarr v5 Main Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/02 Deployarr v5 Main Menu.png -------------------------------------------------------------------------------- /images/v5/02a local only setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/02a local only setup.png -------------------------------------------------------------------------------- /images/v5/02a system checks output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/02a system checks output.png -------------------------------------------------------------------------------- /images/v5/02b hybrid setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/02b hybrid setup.png -------------------------------------------------------------------------------- /images/v5/03 Deployarr v5 Prerequisites.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/03 Deployarr v5 Prerequisites.png -------------------------------------------------------------------------------- /images/v5/04 Deployarr v5 System Preparation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/04 Deployarr v5 System Preparation.png -------------------------------------------------------------------------------- /images/v5/05 Deployarr v5 Rclone Options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/05 Deployarr v5 Rclone Options.png -------------------------------------------------------------------------------- /images/v5/06 Deployarr v5 Set Folders.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/06 Deployarr v5 Set Folders.png -------------------------------------------------------------------------------- /images/v5/07 Deployarr v5 Docker Options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/07 Deployarr v5 Docker Options.png -------------------------------------------------------------------------------- /images/v5/08 Deployarr v5 Reverse Proxy Options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/08 Deployarr v5 Reverse Proxy Options.png -------------------------------------------------------------------------------- /images/v5/08a Traefik Error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/08a Traefik Error.png -------------------------------------------------------------------------------- /images/v5/09 Deployarr v5 Security Options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/09 Deployarr v5 Security Options.png -------------------------------------------------------------------------------- /images/v5/10 Deployarr 4 - App Install.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/10 Deployarr 4 - App Install.png -------------------------------------------------------------------------------- /images/v5/10 Deployarr v5 Manage Authentication.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/10 Deployarr v5 Manage Authentication.png -------------------------------------------------------------------------------- /images/v5/11 Deployarr 4 - App Uninstall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/11 Deployarr 4 - App Uninstall.png -------------------------------------------------------------------------------- /images/v5/11 Deployarr v5 Apps Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/11 Deployarr v5 Apps Menu.png -------------------------------------------------------------------------------- /images/v5/11a Deployarr v5 Deployarr Dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/11a Deployarr v5 Deployarr Dashboard.png -------------------------------------------------------------------------------- /images/v5/12 Deployarr v5 Tools Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/12 Deployarr v5 Tools Menu.png -------------------------------------------------------------------------------- /images/v5/13 Deployarr v5 Stack Manager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/13 Deployarr v5 Stack Manager.png -------------------------------------------------------------------------------- /images/v5/14 Deployarr 4 - Containers Status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/14 Deployarr 4 - Containers Status.png -------------------------------------------------------------------------------- /images/v5/14 Deployarr v5 Backups Menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/14 Deployarr v5 Backups Menu.png -------------------------------------------------------------------------------- /images/v5/15 Deployarr 4 - Services Status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/15 Deployarr 4 - Services Status.png -------------------------------------------------------------------------------- /images/v5/15 Deployarr v5 Settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/15 Deployarr v5 Settings.png -------------------------------------------------------------------------------- /images/v5/16 Deployarr v5 License Types.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/16 Deployarr v5 License Types.png -------------------------------------------------------------------------------- /images/v5/17 Deployarr 4 - Restore Backups.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/17 Deployarr 4 - Restore Backups.png -------------------------------------------------------------------------------- /images/v5/18 setup options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/18 setup options.png -------------------------------------------------------------------------------- /images/v5/Deployarr App Logos 100 Supported Apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr App Logos 100 Supported Apps.png -------------------------------------------------------------------------------- /images/v5/Deployarr App Logos 100.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr App Logos 100.png -------------------------------------------------------------------------------- /images/v5/Deployarr App Logos 115.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr App Logos 115.png -------------------------------------------------------------------------------- /images/v5/Deployarr App Logos 135.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr App Logos 135.png -------------------------------------------------------------------------------- /images/v5/Deployarr App Logos 140.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr App Logos 140.png -------------------------------------------------------------------------------- /images/v5/Deployarr Version 5 Intro.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr Version 5 Intro.png -------------------------------------------------------------------------------- /images/v5/Deployarr v5 with 75 Apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr v5 with 75 Apps.png -------------------------------------------------------------------------------- /images/v5/Deployarr v5 with 90 Apps Thumbnail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployarr v5 with 90 Apps Thumbnail.png -------------------------------------------------------------------------------- /images/v5/Deployrr App Logos 140.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/Deployrr App Logos 140.png -------------------------------------------------------------------------------- /images/v5/deployarr stats dec 2024-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/deployarr stats dec 2024-2.png -------------------------------------------------------------------------------- /images/v5/deployarr stats dec 2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/deployarr stats dec 2024.png -------------------------------------------------------------------------------- /images/v5/deployarr stats jan 2025.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/deployarr stats jan 2025.png -------------------------------------------------------------------------------- /images/v5/deployarr stats march 2025.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/deployarr stats march 2025.png -------------------------------------------------------------------------------- /images/v5/deployarr stats nov 2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/deployarr stats nov 2024.png -------------------------------------------------------------------------------- /images/v5/deployarr stats sep 2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/deployarr stats sep 2024.png -------------------------------------------------------------------------------- /images/v5/deployrr stats apr 2025.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/images/v5/deployrr stats apr 2025.png -------------------------------------------------------------------------------- /includes/authelia/chain-authelia.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | chain-authelia: 4 | chain: 5 | middlewares: 6 | - middlewares-rate-limit 7 | - middlewares-secure-headers 8 | - middlewares-authelia -------------------------------------------------------------------------------- /includes/authelia/configuration.yml: -------------------------------------------------------------------------------- 1 | ############################################################### 2 | # Authelia configuration # 3 | ############################################################### 4 | 5 | server: 6 | address: tcp://0.0.0.0:9091/ 7 | buffers: 8 | read: 4096 9 | write: 4096 10 | endpoints: 11 | enable_pprof: false 12 | enable_expvars: false 13 | disable_healthcheck: false 14 | tls: 15 | key: "" 16 | certificate: "" 17 | 18 | # https://www.authelia.com/configuration/miscellaneous/logging/ 19 | log: 20 | level: info 21 | format: text 22 | file_path: /config/authelia.log 23 | keep_stdout: true 24 | 25 | # https://www.authelia.com/configuration/second-factor/time-based-one-time-password/ 26 | totp: 27 | issuer: example.com 28 | period: 30 29 | skew: 1 30 | 31 | # AUTHELIA_DUO_PLACEHOLDER 32 | 33 | # https://www.authelia.com/reference/guides/passwords/ 34 | authentication_backend: 35 | password_reset: 36 | disable: false 37 | refresh_interval: 5m 38 | file: 39 | path: /config/users.yml 40 | password: 41 | algorithm: argon2id 42 | iterations: 1 43 | salt_length: 16 44 | parallelism: 8 45 | memory: 256 # blocks this much of the RAM 46 | 47 | # https://www.authelia.com/overview/authorization/access-control/ 48 | access_control: 49 | default_policy: deny 50 | rules: 51 | # - domain: 52 | # - "*.example.com" 53 | # - "example.com" 54 | # policy: bypass 55 | # networks: # bypass authentication for local networks 56 | # - 10.0.0.0/8 57 | # - 192.168.0.0/16 58 | # - 172.16.0.0/12 59 | - domain: 60 | - "*.example.com" 61 | - "example.com" 62 | policy: two_factor 63 | 64 | # https://www.authelia.com/configuration/session/introduction/ 65 | session: 66 | name: authelia_session 67 | same_site: lax 68 | expiration: 7h 69 | inactivity: 5m 70 | remember_me: 1M 71 | cookies: 72 | - domain: 'example.com' 73 | authelia_url: 'https://authelia.example.com' 74 | default_redirection_url: 'https://example.com' 75 | redis: 76 | host: redis 77 | port: 6379 78 | database_index: 0 79 | maximum_active_connections: 10 80 | minimum_idle_connections: 0 81 | 82 | # https://www.authelia.com/configuration/security/regulation/ 83 | regulation: 84 | max_retries: 3 85 | find_time: 10m 86 | ban_time: 12h 87 | 88 | # https://www.authelia.com/configuration/storage/introduction/ 89 | storage: 90 | # For local storage, uncomment lines below and comment out mysql. https://docs.authelia.com/configuration/storage/sqlite.html 91 | # This is good for the beginning. If you have a busy site then switch to other databases. 92 | local: 93 | path: /config/db.sqlite3 94 | 95 | # https://www.authelia.com/configuration/notifications/introduction/ 96 | notifier: 97 | disable_startup_check: false 98 | # For testing purposes, notifications can be sent in a file. Be sure to map the volume in docker-compose. 99 | filesystem: 100 | filename: /config/notifications.txt 101 | -------------------------------------------------------------------------------- /includes/authelia/duo.yml: -------------------------------------------------------------------------------- 1 | # Enable the following for Duo Push Notification support 2 | #duo_api: 3 | # disable: false 4 | # hostname: 5 | # integration_key: 6 | # enable_self_enrollment: true 7 | # # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE 8 | # # secret_key: SECRET_KEY_GOES_HERE # use docker secret file instead AUTHELIA_DUO_API_SECRET_KEY_FILE -------------------------------------------------------------------------------- /includes/authelia/middlewares-authelia.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-authelia: 4 | forwardAuth: 5 | address: "http://authelia:9091/api/verify?rd=https://authelia.{{env "DOMAINNAME_1"}}" 6 | trustForwardHeader: true 7 | authResponseHeaders: 8 | - "Remote-User" 9 | - "Remote-Groups" -------------------------------------------------------------------------------- /includes/authelia/users.yml: -------------------------------------------------------------------------------- 1 | ############################################################### 2 | # Users Database # 3 | ############################################################### 4 | 5 | # This file can be used if you do not have an LDAP set up. 6 | 7 | # List of users 8 | users: 9 | AUTHELIA_USERNAME: 10 | disabled: false 11 | displayname: "AUTHELIA_USER_DISPLAY_NAME" 12 | email: AUTHELIA_USER_EMAIL 13 | password: AUTHELIA_HASHED_PASSWORD 14 | groups: 15 | - admins -------------------------------------------------------------------------------- /includes/authentik/chain-authentik.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | chain-authentik: 4 | chain: 5 | middlewares: 6 | - middlewares-rate-limit 7 | - middlewares-secure-headers 8 | - middlewares-authentik -------------------------------------------------------------------------------- /includes/authentik/middlewares-authentik.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | # https://github.com/goauthentik/authentik/issues/2366 4 | middlewares-authentik: 5 | forwardAuth: 6 | address: "http://authentik:9000/outpost.goauthentik.io/auth/traefik" 7 | trustForwardHeader: true 8 | authResponseHeaders: 9 | - X-authentik-username 10 | - X-authentik-groups 11 | - X-authentik-email 12 | - X-authentik-name 13 | - X-authentik-uid 14 | - X-authentik-jwt 15 | - X-authentik-meta-jwks 16 | - X-authentik-meta-outpost 17 | - X-authentik-meta-provider 18 | - X-authentik-meta-app 19 | - X-authentik-meta-version -------------------------------------------------------------------------------- /includes/crowdsec/acquis-traefik.yaml: -------------------------------------------------------------------------------- 1 | filenames: 2 | - /logs/HOSTNAME-PLACEHOLDER/traefik/*.log 3 | labels: 4 | type: traefik -------------------------------------------------------------------------------- /includes/crowdsec/acquis.yaml: -------------------------------------------------------------------------------- 1 | filenames: 2 | # - /var/log/auth.log 3 | # - /var/log/syslog 4 | # - /var/log/kern.log 5 | # - /var/log/ufw.log 6 | # - /var/log/mail.log 7 | labels: 8 | type: syslog 9 | -------------------------------------------------------------------------------- /includes/crowdsec/crowdsec-firewall-bouncer.yaml: -------------------------------------------------------------------------------- 1 | mode: iptables 2 | pid_dir: /var/run/ 3 | update_frequency: 10s 4 | daemonize: true 5 | log_mode: file 6 | log_dir: /var/log/ 7 | log_level: info 8 | log_compression: true 9 | log_max_size: 100 10 | log_max_backups: 3 11 | log_max_age: 30 12 | api_url: http://localhost:CROWDSEC-PORT-PLACEHOLDER/ 13 | api_key: CROWDSEC-API-KEY-PLACEHOLDER 14 | insecure_skip_verify: false 15 | disable_ipv6: true 16 | deny_action: DROP 17 | deny_log: true 18 | supported_decisions_types: 19 | - ban 20 | #to change log prefix 21 | deny_log_prefix: "[CSFB_BLOCK] " 22 | #to change the blacklists name 23 | blacklists_ipv4: crowdsec-blacklists 24 | blacklists_ipv6: crowdsec6-blacklists 25 | #if present, insert rule in those chains 26 | iptables_chains: 27 | - INPUT 28 | # - FORWARD 29 | - DOCKER-USER 30 | 31 | ## nftables 32 | nftables: 33 | ipv4: 34 | enabled: true 35 | set-only: false 36 | table: crowdsec 37 | chain: crowdsec-chain 38 | ipv6: 39 | enabled: true 40 | set-only: false 41 | table: crowdsec6 42 | chain: crowdsec6-chain 43 | # packet filter 44 | pf: 45 | # an empty string disables the anchor 46 | anchor_name: "" 47 | -------------------------------------------------------------------------------- /includes/crowdsec/custom-whitelists.yaml: -------------------------------------------------------------------------------- 1 | name: crowdsecurity/whitelists 2 | description: "Whitelist events from own/known IP addresses" 3 | whitelist: 4 | reason: "Trusted IPs" 5 | ip: 6 | - "WAN-IP-PLACEHOLDER" # WAN IP 7 | - "127.0.0.1" # Local Host 8 | cidr: 9 | - "192.168.0.0/16" # Local IPs 10 | - "10.0.0.0/8" # Local IPs 11 | - "172.16.0.0/12" # Local/Docker IPs 12 | - "fe80::/10" # Local IPs 13 | - "fc00::/7" # Local IPs 14 | -------------------------------------------------------------------------------- /includes/dashy/starter-conf.yml: -------------------------------------------------------------------------------- 1 | # Page meta info, like heading, footer text and nav links 2 | pageInfo: 3 | title: Dashy 4 | description: Welcome to your new dashboard! 5 | navLinks: 6 | - title: GitHub 7 | path: https://github.com/Lissy93/dashy 8 | - title: Documentation 9 | path: https://dashy.to/docs 10 | 11 | # Optional app settings and configuration 12 | appConfig: 13 | theme: colorful 14 | 15 | # Main content - An array of sections, each containing an array of items 16 | sections: 17 | - name: Getting Started 18 | icon: fas fa-rocket 19 | items: 20 | - title: Dashy Live 21 | description: Development a project management links for Dashy 22 | icon: https://i.ibb.co/qWWpD0v/astro-dab-128.png 23 | url: https://live.dashy.to/ 24 | target: newtab 25 | - title: GitHub 26 | description: Source Code, Issues and Pull Requests 27 | url: https://github.com/lissy93/dashy 28 | icon: favicon 29 | - title: Docs 30 | description: Configuring & Usage Documentation 31 | provider: Dashy.to 32 | icon: far fa-book 33 | url: https://dashy.to/docs 34 | - title: Showcase 35 | description: See how others are using Dashy 36 | url: https://github.com/Lissy93/dashy/blob/master/docs/showcase.md 37 | icon: far fa-grin-hearts 38 | - title: Config Guide 39 | description: See full list of configuration options 40 | url: https://github.com/Lissy93/dashy/blob/master/docs/configuring.md 41 | icon: fas fa-wrench 42 | - title: Support 43 | description: Get help with Dashy, raise a bug, or get in contact 44 | url: https://github.com/Lissy93/dashy/blob/master/.github/SUPPORT.md 45 | icon: far fa-hands-helping -------------------------------------------------------------------------------- /includes/ddns-updater/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "settings": [ 3 | { 4 | "provider": "cloudflare", 5 | "zone_identifier": "CLOUDFLARE-ZONE-IDENTIFIER-PLACEHOLDER", 6 | "domain": "CLOUDFLARE-DOMAIN-PLACEHOLDER", 7 | "proxied": true, 8 | "host": "@", 9 | "ttl": 600, 10 | "token": "CLOUDFLARE-API-TOKEN-PLACEHOLDER", 11 | "ip_version": "ipv4" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /includes/deployrr-dashboard/bookmarks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/bookmarks 4 | 5 | - Links: 6 | - Website: 7 | - icon: mdi-web 8 | href: https://www.simplehomelab.com/ 9 | - Youtube Channel: 10 | - icon: si-youtube 11 | href: https://www.youtube.com/@Simple-Homelab 12 | - Docker-Traefik GitHub Repo: 13 | - icon: si-github 14 | href: https://github.com/SimpleHomelab/Docker-Traefik 15 | - Discord Server: 16 | - icon: si-discord 17 | href: https://discord.gg/wtmqgd4GpX 18 | - Deployrr: 19 | - About Deployrr: 20 | - icon: mdi-application-brackets 21 | href: https://deployrr.app/ 22 | - Your Account: 23 | - icon: mdi-account-box 24 | href: https://www.simplehomelab.com/login/?redirect_to=https%3A%2F%2Fwww.simplehomelab.com%2Fgeek-army%2F 25 | - Deployrr GitHub: 26 | - icon: si-github 27 | href: https://github.com/SimpleHomelab/Deployrr 28 | - Support My Work: 29 | - Join the Geek Army: 30 | - icon: mdi-wallet-membership 31 | href: https://www.simplehomelab.com/geek-army/join/ 32 | - BuyMeACoffee: 33 | - icon: si-buymeacoffee 34 | href: https://www.buymeacoffee.com/SimpleHomelab 35 | - Ko-Fi: 36 | - icon: si-kofi 37 | href: https://ko-fi.com/SimpleHomelab -------------------------------------------------------------------------------- /includes/deployrr-dashboard/deployrr_icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/includes/deployrr-dashboard/deployrr_icon.ico -------------------------------------------------------------------------------- /includes/deployrr-dashboard/deployrr_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SimpleHomelab/Deployrr/65abf62d04462b80d4877688bbb96faf32fbe8d6/includes/deployrr-dashboard/deployrr_icon.png -------------------------------------------------------------------------------- /includes/deployrr-dashboard/docker.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/docker/ 4 | 5 | DOCKER-HOSTNAME-PLACEHOLDER: 6 | host: socket-proxy 7 | port: 2375 8 | 9 | # my-docker: 10 | # socket: /var/run/docker.sock 11 | -------------------------------------------------------------------------------- /includes/deployrr-dashboard/service-template-core.yaml: -------------------------------------------------------------------------------- 1 | # SERVICE-NAME-START-PLACEHOLDER 2 | - SERVICE-NAME-PLACEHOLDER: 3 | href: SERVICE-URL-PLACEHOLDER 4 | description: SERVICE-DESCRIPTION-PLACEHOLDER 5 | icon: SERVICE-ICON-PLACEHOLDER 6 | server: DOCKER-HOSTNAME-PLACEHOLDER 7 | container: CONTAINER-NAME-PLACEHOLDER 8 | showStats: false 9 | # SERVICE-NAME-END-PLACEHOLDER 10 | # CORE-APPS-PLACEHOLDER 11 | -------------------------------------------------------------------------------- /includes/deployrr-dashboard/service-template-web-local.yaml: -------------------------------------------------------------------------------- 1 | # SERVICE-NAME-START-PLACEHOLDER 2 | - SERVICE-NAME-PLACEHOLDER: 3 | href: SERVICE-URL-PLACEHOLDER 4 | description: SERVICE-DESCRIPTION-PLACEHOLDER 5 | icon: SERVICE-ICON-PLACEHOLDER 6 | server: DOCKER-HOSTNAME-PLACEHOLDER 7 | container: CONTAINER-NAME-PLACEHOLDER 8 | showStats: false 9 | # SERVICE-NAME-END-PLACEHOLDER 10 | # WEB-APPS-LOCAL-PLACEHOLDER 11 | -------------------------------------------------------------------------------- /includes/deployrr-dashboard/service-template-web-remote.yaml: -------------------------------------------------------------------------------- 1 | # SERVICE-NAME-START-PLACEHOLDER 2 | - SERVICE-NAME-PLACEHOLDER: 3 | href: SERVICE-URL-PLACEHOLDER 4 | description: SERVICE-DESCRIPTION-PLACEHOLDER 5 | icon: SERVICE-ICON-PLACEHOLDER 6 | server: DOCKER-HOSTNAME-PLACEHOLDER 7 | container: CONTAINER-NAME-PLACEHOLDER 8 | showStats: false 9 | # SERVICE-NAME-END-PLACEHOLDER 10 | # WEB-APPS-REMOTE-PLACEHOLDER 11 | -------------------------------------------------------------------------------- /includes/deployrr-dashboard/services.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/services 4 | 5 | - Apps (Local): 6 | - Local links to Apps: 7 | # WEB-APPS-LOCAL-PLACEHOLDER 8 | 9 | - Apps (Remote): 10 | - Remote links to Apps: 11 | # WEB-APPS-REMOTE-PLACEHOLDER 12 | 13 | - Apps (Others): 14 | - Other Core or Non-Web Apps: 15 | # CORE-APPS-PLACEHOLDER -------------------------------------------------------------------------------- /includes/deployrr-dashboard/settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/settings 4 | 5 | title: Deployarr Dashboard 6 | theme: dark 7 | color: slate 8 | headerStyle: boxed 9 | hideErrors: true 10 | favicon: /images/deployrr_icon.ico 11 | providers: 12 | openweathermap: openweathermapapikey 13 | weatherapi: weatherapiapikey -------------------------------------------------------------------------------- /includes/deployrr-dashboard/widgets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/service-widgets 4 | 5 | - logo: 6 | icon: /images/deployrr_icon.png 7 | 8 | - greeting: 9 | text_size: xl 10 | text: Deployrr Dashboard 11 | 12 | - resources: 13 | cpu: true 14 | memory: true 15 | disk: / 16 | 17 | - search: 18 | provider: duckduckgo 19 | target: _blank 20 | 21 | -------------------------------------------------------------------------------- /includes/devices_gpu.yml: -------------------------------------------------------------------------------- 1 | devices: 2 | - /dev/dri:/dev/dri # for harware transcoding 3 | -------------------------------------------------------------------------------- /includes/docker-gc/docker-gc-exclude: -------------------------------------------------------------------------------- 1 | # If there is a dependent image it seems that the docker-gc can only identify them 2 | # using the image id 3 | # If you pull them specifically it will use the tag otherwise it uses the imageid 4 | # 5 | # The file consists of the name of the image followed by the image id (can be either the short version or the long version) 6 | # 7 | #################################################################################################### 8 | 9 | clockworksoul/docker-gc-cron:latest -------------------------------------------------------------------------------- /includes/docker/custom.yml: -------------------------------------------------------------------------------- 1 | # Add all your custom docker compose snippets here. Auto-Traefik will not modify this. 2 | # Uncomment services and the compose below it, following yaml syntax. 3 | 4 | # services: 5 | -------------------------------------------------------------------------------- /includes/docker/starter.yml: -------------------------------------------------------------------------------- 1 | ########################### NETWORKS 2 | # You may customize the network subnets (192.168.x.0/24) below as you please. 3 | networks: 4 | default: 5 | driver: bridge 6 | socket_proxy: 7 | name: socket_proxy 8 | driver: bridge 9 | ipam: 10 | config: 11 | - subnet: 192.168.91.0/24 12 | # NETWORKS-PLACEHOLDER-DO-NOT-DELETE 13 | 14 | ########################### SECRETS 15 | # secrets: 16 | # basic_auth_credentials: 17 | # file: $DOCKERDIR/secrets/basic_auth_credentials 18 | # SECRETS-PLACEHOLDER-DO-NOT-DELETE 19 | 20 | include: 21 | ########################### SERVICES 22 | # HOSTNAME defined in .env file 23 | 24 | # - compose/$HOSTNAME/custom.yml 25 | # SERVICE-PLACEHOLDER-DO-NOT-DELETE 26 | -------------------------------------------------------------------------------- /includes/docker_aliases_bashrc: -------------------------------------------------------------------------------- 1 | 2 | # Anand's Docker Bash Aliases added by Deployrr 3 | if [ -f DOCKER-ALIASES-PATH-PLACEHOLDER ]; then 4 | . DOCKER-ALIASES-PATH-PLACEHOLDER 5 | fi 6 | -------------------------------------------------------------------------------- /includes/guacamole/app-guacamole.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | guacamole-rtr: 4 | rule: "Host(`guacamole.{{env "DOMAINNAME_1"}}`)" 5 | entryPoints: 6 | - websecure-external 7 | - websecure-internal 8 | middlewares: 9 | - guacamole-add-guacamole 10 | - chain-oauth 11 | service: guacamole-svc 12 | tls: 13 | certResolver: dns-cloudflare 14 | options: tls-opts@file 15 | middlewares: 16 | guacamole-add-guacamole: 17 | addPrefix: 18 | prefix: "/guacamole" 19 | services: 20 | guacamole-svc: 21 | loadBalancer: 22 | servers: 23 | - url: "http://192.168.1.160:8081" # http://IP-ADDRESS:PORT 24 | 25 | 26 | http: 27 | routers: 28 | APPNAME-PLACEHOLDER-rtr: 29 | rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)" 30 | entryPoints: 31 | # - websecure-external 32 | # - websecure-internal 33 | middlewares: 34 | - CHAIN-PLACEHOLDER 35 | service: APPNAME-PLACEHOLDER-svc 36 | tls: 37 | certResolver: dns-cloudflare 38 | options: tls-opts@file 39 | services: 40 | APPNAME-PLACEHOLDER-svc: 41 | loadBalancer: 42 | servers: 43 | - url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT -------------------------------------------------------------------------------- /includes/home-assistant/trusted_proxies.yaml: -------------------------------------------------------------------------------- 1 | http: 2 | server_host: 0.0.0.0 3 | cors_allowed_origins: 4 | - https://www.home-assistant.io 5 | use_x_forwarded_for: true 6 | trusted_proxies: 7 | - 192.168.91.0/24 8 | - 192.168.90.0/24 -------------------------------------------------------------------------------- /includes/mariadb/db_create.sql: -------------------------------------------------------------------------------- 1 | create database DATABASE_NAME_PLACEHOLDER; 2 | CREATE USER 'DATABASE_USERNAME_PLACEHOLDER' IDENTIFIED BY 'DATABASE_PASSWORD_PLACEHOLDER'; 3 | GRANT ALL ON `DATABASE_NAME_PLACEHOLDER%`.* TO 'DATABASE_USERNAME_PLACEHOLDER'; 4 | flush privileges; 5 | quit -------------------------------------------------------------------------------- /includes/mosquitto/mosquitto.conf: -------------------------------------------------------------------------------- 1 | # DATA 2 | persistence true 3 | persistence_location /mosquitto/data 4 | log_dest file /mosquitto/log/mosquitto.log 5 | 6 | # USERS 7 | allow_anonymous false 8 | password_file /mosquitto/config/passwd 9 | 10 | # MQTT Default listener 11 | listener 1883 0.0.0.0 12 | 13 | # MQTT over WebSockets 14 | listener 9001 0.0.0.0 15 | protocol websockets -------------------------------------------------------------------------------- /includes/oauth/chain-oauth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | chain-oauth: 4 | chain: 5 | middlewares: 6 | - middlewares-rate-limit 7 | - middlewares-secure-headers 8 | - middlewares-oauth -------------------------------------------------------------------------------- /includes/oauth/middlewares-oauth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-oauth: 4 | forwardAuth: 5 | address: "http://oauth:4181" # Make sure you have the OAuth service in docker-compose.yml 6 | trustForwardHeader: true 7 | authResponseHeaders: 8 | - "X-Forwarded-User" -------------------------------------------------------------------------------- /includes/oauth/oauth-secrets-template: -------------------------------------------------------------------------------- 1 | providers.google.client-id=GOOGLE-CLIENT-ID-PLACEHOLDER 2 | providers.google.client-secret=GOOGLE-CLIENT-SECRET-PLACEHOLDER 3 | secret=OAUTH-SECRET-PLACEHOLDER 4 | -------------------------------------------------------------------------------- /includes/os/resolved.conf: -------------------------------------------------------------------------------- 1 | [Resolve] 2 | DNS=1.1.1.1 1.0.0.1 3 | FallbackDNS=8.8.8.8 8.8.4.4 4 | DNSStubListener=no -------------------------------------------------------------------------------- /includes/os/smb-mount-template: -------------------------------------------------------------------------------- 1 | SHARE-PLACEHOLDER MOUNT-POINT-PLACEHOLDER cifs credentials=CREDENTIALS-FILE-PATH-PLACEHOLDER,uid=UID-PLACEHOLDER,gid=GID-PLACEHOLDER,iocharset=utf8,file_mode=0775,dir_mode=0775,rw,noauto,x-systemd.automount, 2 | _netdev 0 0 -------------------------------------------------------------------------------- /includes/prometheus/prometheus.yml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 60s # By default, scrape targets every 15 seconds. 3 | evaluation_interval: 60s # Evaluate rules every 15 seconds. The default is every 1 minute. -------------------------------------------------------------------------------- /includes/qbittorrent/qBittorrent.conf: -------------------------------------------------------------------------------- 1 | [AutoRun] 2 | enabled=false 3 | program= 4 | 5 | [BitTorrent] 6 | Session\Port=6881 7 | Session\QueueingSystemEnabled=true 8 | Session\TempPath=/data/downloads/torrents/incomplete/ 9 | Session\DefaultSavePath=/data/downloads/torrents/others/ 10 | Session\FinishedTorrentExportDirectory=/data/downloads/torrents/indexes/completed/ 11 | Session\TorrentExportDirectory=/data/downloads/torrents/indexes/ 12 | 13 | [LegalNotice] 14 | Accepted=true 15 | 16 | [Meta] 17 | MigrationVersion=6 18 | 19 | [Network] 20 | Cookies=@Invalid() 21 | PortForwardingEnabled=false 22 | Proxy\HostnameLookupEnabled=false 23 | Proxy\Profiles\BitTorrent=true 24 | Proxy\Profiles\Misc=true 25 | Proxy\Profiles\RSS=true 26 | 27 | [Preferences] 28 | Connection\PortRangeMin=6881 29 | Connection\UPnP=false 30 | Downloads\SavePath=/downloads/completed/ 31 | Downloads\TempPath=/downloads/incomplete/ 32 | Downloads\TorrentExportDir=/downloads/indexes/ 33 | Downloads\TempPathEnabled=true 34 | Downloads\FinishedTorrentExportDir=/downloads/indexes/ 35 | WebUI\Address=* 36 | WebUI\Password_PBKDF2="@ByteArray(ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==)" 37 | WebUI\ServerDomains=* 38 | WebUI\HTTPS\Enabled=false 39 | WebUI\HostHeaderValidation=false 40 | -------------------------------------------------------------------------------- /includes/rclone/rclone-mount-template.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Rclone SMB 3 | Wants=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | Type=notify 8 | ExecStart=/usr/bin/rclone mount REMOTE-NAME-PLACEHOLDER: REMOTE-MOUNTPOINT-PLACEHOLDER \ 9 | #--read-only \ 10 | --config DOCKER-FOLDER-PLACEHOLDER/appdata/rclone/rclone.conf \ 11 | --log-file=DOCKER-FOLDER-PLACEHOLDER/logs/HOSTNAME-PLACEHOLDER/rclone-REMOTE-NAME-PLACEHOLDER.log \ 12 | --log-level NOTICE \ 13 | --allow-other \ 14 | --no-modtime \ 15 | --umask 002 \ 16 | --user-agent HOSTNAME-PLACEHOLDER \ 17 | --dir-cache-time 1h \ 18 | --buffer-size 128M \ 19 | --vfs-fast-fingerprint \ 20 | --vfs-cache-mode full \ 21 | --vfs-cache-max-age 336h \ 22 | --cache-dir=REMOTE-CACHEDIR-PLACEHOLDER \ 23 | --vfs-cache-max-size REMOTE-CACHESIZE-PLACEHOLDERG \ 24 | --vfs-read-chunk-size-limit 10G \ 25 | --vfs-refresh \ 26 | #--rc \ 27 | #--rc-web-gui \ 28 | #--rc-addr :5572 \ 29 | #--rc-web-gui-no-open-browser \ 30 | #--rc-no-auth \ 31 | #--rc-user= \ 32 | #--rc-pass= \ 33 | --use-mmap 34 | ExecStop=/bin/fusermount -uz REMOTE-MOUNTPOINT-PLACEHOLDER 35 | #ExecStartPost=/usr/bin/rclone rc vfs/refresh recursive=true --rc-addr :5572 _async=true 36 | Restart=on-abort 37 | User=USERNAME-PLACEHOLDER 38 | Group=USERNAME-PLACEHOLDER 39 | KillMode=mixed 40 | RestartSec=5 41 | 42 | [Install] 43 | WantedBy=default.target 44 | -------------------------------------------------------------------------------- /includes/rclone/rclone-template.conf: -------------------------------------------------------------------------------- 1 | [REMOTE-NAME-PLACEHOLDER] 2 | type = smb 3 | host = REMOTE-HOST-PLACEHOLDER 4 | user = REMOTE-USER-PLACEHOLDER 5 | pass = REMOTE-PASSWORD-HASHED-PLACEHOLDER 6 | idle_timeout = 0s 7 | -------------------------------------------------------------------------------- /includes/rclone/start-media-after-boot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=start-media-after-boot 3 | After=network.target 4 | 5 | [Service] 6 | ExecStart=SMAB-PATH-PLACEHOLDER 7 | 8 | [Install] 9 | WantedBy=default.target -------------------------------------------------------------------------------- /includes/rclone/start-media-after-boot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # All containers (profile "media") that access rclone/MergerFS mounts set to NOT restart automatically at boot time. 3 | # This is because, rclone can take a few seconds/minutes to mount remote drives. 4 | # This script checks the required mounts every 5 seconds and as soon as required drives are mounted, it starts the "media" containers. 5 | 6 | # CHECKING FOR DRIVE MOUNTS 7 | num_drives=1 # number of mounts to check 8 | # Drive 1 9 | drive1="REMOTE-MOUNTPOINT-PLACEHOLDER" 10 | drive1_seconds=0 11 | drive1_status=0 12 | # Drive 2 - not used 13 | # drive2="" 14 | # drive2_seconds=0 15 | # drive2_status=0 16 | 17 | mounted=0 18 | rounds=0 19 | 20 | while [[ "$mounted" -ne "$num_drives" ]]; do 21 | if [[ "$(systemctl is-active docker)" == "active" ]]; then 22 | # Drive 1 23 | if mount | grep ${drive1} > /dev/null; then 24 | if [[ "$drive1_status" -eq 0 ]]; then 25 | mounted=$((mounted+1)) 26 | drive1_seconds=$((rounds * 5)) 27 | drive1_status=1 28 | fi 29 | fi 30 | 31 | # Drive 2 32 | # if mount | grep ${drive2} > /dev/null; then 33 | # if [[ "$drive2_status" -eq 0 ]]; then 34 | # mounted=$((mounted+1)) 35 | # drive2_seconds=$((rounds * 5)) 36 | # drive2_status=1 37 | # fi 38 | # fi 39 | 40 | # Timeout if mounting is not successful after 15 min (180x5) 41 | if [[ $rounds -eq 180 ]]; then 42 | break 43 | fi 44 | sleep 5 45 | rounds=$((rounds + 1)) 46 | fi 47 | done 48 | 49 | STARTSTOP_DATE=$(date) 50 | 51 | if [[ "$mounted" -eq "$num_drives" ]]; then 52 | sudo docker compose --profile media -f COMPOSE-FILE-PLACEHOLDER up -d 53 | echo "$STARTSTOP_DATE: Media containers started" >> SMAB-LOG-PLACEHOLDER 54 | else 55 | sudo docker compose --profile media -f COMPOSE-FILE-PLACEHOLDER down 56 | echo "$STARTSTOP_DATE: Media containers start failed" >> SMAB-ERR-PLACEHOLDER 57 | fi -------------------------------------------------------------------------------- /includes/scrutiny/scrutiny.yaml: -------------------------------------------------------------------------------- 1 | # Commented Scrutiny Configuration File 2 | # 3 | # The default location for this file is /opt/scrutiny/config/scrutiny.yaml. 4 | # In some cases to improve clarity default values are specified, 5 | # uncommented. Other example values are commented out. 6 | # 7 | # When this file is parsed by Scrutiny, all configuration file keys are 8 | # lowercased automatically. As such, Configuration keys are case-insensitive, 9 | # and should be lowercase in this file to be consistent with usage. 10 | 11 | 12 | ###################################################################### 13 | # Version 14 | # 15 | # version specifies the version of this configuration file schema, not 16 | # the scrutiny binary. There is only 1 version available at the moment 17 | version: 1 18 | 19 | web: 20 | listen: 21 | port: 8080 22 | host: 0.0.0.0 23 | 24 | # if you're using a reverse proxy like apache/nginx, you can override this value to serve scrutiny on a subpath. 25 | # eg. http://example.com/scrutiny/* vs http://example.com:8080 26 | # see docs/TROUBLESHOOTING_REVERSE_PROXY.md 27 | # basepath: `/scrutiny` 28 | # leave empty unless behind a path prefixed proxy 29 | basepath: '' 30 | database: 31 | # can also set absolute path here 32 | location: /opt/scrutiny/config/scrutiny.db 33 | src: 34 | # the location on the filesystem where scrutiny javascript + css is located 35 | frontend: 36 | path: /opt/scrutiny/web 37 | 38 | # if you're running influxdb on a different host (or using a cloud-provider) you'll need to update the host & port below. 39 | # token, org, bucket are unnecessary for a new InfluxDB installation, as Scrutiny will automatically run the InfluxDB setup, 40 | # and store the information in the config file. If you 're re-using an existing influxdb installation, you'll need to provide 41 | # the `token` 42 | 43 | # Token permissions initially all access. Then 4 buckets and then read only access to all other resources. 44 | influxdb: 45 | scheme: 'http' 46 | host: SCRUTINY-INFLUXDB-HOST-PLACEHOLDER 47 | port: SCRUTINY-INFLUXDB-PORT-PLACEHOLDER 48 | token: 'SCRUTINY-INFLUXDB-TOKEN-PLACEHOLDER' 49 | org: 'SCRUTINY-INFLUXDB-ORG-PLACEHOLDER' 50 | bucket: 'SCRUTINY-INFLUXDB-BUCKET-PLACEHOLDER' 51 | retention_policy: true 52 | # if you wish to disable TLS certificate verification, 53 | # when using self-signed certificates for example, 54 | # then uncomment the lines below and set `insecure_skip_verify: true` 55 | # tls: 56 | # insecure_skip_verify: true 57 | 58 | log: 59 | file: '' #absolute or relative paths allowed, eg. web.log 60 | level: INFO 61 | 62 | # Notification "urls" look like the following. For more information about service specific configuration see 63 | # Shoutrrr's documentation: https://containrrr.dev/shoutrrr/services/overview/ 64 | # 65 | # note, usernames and passwords containing special characters will need to be urlencoded. 66 | # if your username is: "myname@example.com" and your password is "124@34$1" 67 | # your shoutrrr url will look like: "smtp://myname%40example%2Ecom:124%4034%241@ms.my.domain.com:587" 68 | 69 | #notify: 70 | # urls: 71 | # - "discord://token@webhookid" 72 | # - "telegram://token@telegram?channels=channel-1[,channel-2,...]" 73 | # - "pushover://shoutrrr:apiToken@userKey/?priority=1&devices=device1[,device2, ...]" 74 | # - "slack://[botname@]token-a/token-b/token-c" 75 | # - "smtp://username:password@host:port/?fromAddress=fromAddress&toAddresses=recipient1[,recipient2,...]" 76 | # - "teams://token-a/token-b/token-c" 77 | # - "gotify://gotify-host/token" 78 | # - "pushbullet://api-token[/device/#channel/email]" 79 | # - "ifttt://key/?events=event1[,event2,...]&value1=value1&value2=value2&value3=value3" 80 | # - "mattermost://[username@]mattermost-host/token[/channel]" 81 | # - "ntfy://username:password@host:port/topic" 82 | # - "hangouts://chat.googleapis.com/v1/spaces/FOO/messages?key=bar&token=baz" 83 | # - "zulip://bot-mail:bot-key@zulip-domain/?stream=name-or-id&topic=name" 84 | # - "join://shoutrrr:api-key@join/?devices=device1[,device2, ...][&icon=icon][&title=title]" 85 | # - "script:///file/path/on/disk" 86 | # - "https://www.example.com/path" 87 | 88 | ######################################################################################################################## 89 | # FEATURES COMING SOON 90 | # 91 | # The following commented out sections are a preview of additional configuration options that will be available soon. 92 | # 93 | ######################################################################################################################## 94 | 95 | #limits: 96 | # ata: 97 | # critical: 98 | # error: 10 99 | # standard: 100 | # error: 20 101 | # warn: 10 102 | # scsi: 103 | # critical: true 104 | # standard: true 105 | # nvme: 106 | # critical: true 107 | # standard: true -------------------------------------------------------------------------------- /includes/searxng/limiter.toml: -------------------------------------------------------------------------------- 1 | # This configuration file updates the default configuration file 2 | # See https://github.com/searxng/searxng/blob/master/searx/limiter.toml 3 | 4 | [botdetection.ip_limit] 5 | # activate link_token method in the ip_limit method 6 | link_token = true 7 | -------------------------------------------------------------------------------- /includes/sshwifty/sshwifty.conf.json: -------------------------------------------------------------------------------- 1 | { 2 | "HostName": "", 3 | "SharedKey": "WEB_ACCESS_PASSWORD", 4 | "DialTimeout": 5, 5 | "Socks5": "", 6 | "Socks5User": "", 7 | "Socks5Password": "", 8 | "Servers": [ 9 | { 10 | "ListenInterface": "0.0.0.0", 11 | "ListenPort": 9182, 12 | "InitialTimeout": 3, 13 | "ReadTimeout": 60, 14 | "WriteTimeout": 60, 15 | "HeartbeatTimeout": 20, 16 | "ReadDelay": 10, 17 | "WriteDelay": 10, 18 | "TLSCertificateFile": "", 19 | "TLSCertificateKeyFile": "", 20 | "ServerMessage": "Programmers in China launched an online campaign against [implicitly forced overtime work](https://en.wikipedia.org/wiki/996_working_hour_system) in pursuit of balanced work-life relationship. Sshwifty wouldn't exist if its author must work such extreme hours. If you're benefiting from hobbyist projects like this one, please consider to support the action." 21 | } 22 | ], 23 | "Presets": [ 24 | { 25 | "Title": "HOSTNAME-PLACEHOLDER", 26 | "Type": "SSH", 27 | "Host": "localhost:PORT-PLACEHOLDER", 28 | "Meta": { 29 | "User": "USER-PLACEHOLDER", 30 | "Encoding": "utf-8", 31 | "Private Key": "-----BEGIN RSA Will be sent to client-END RSA PRI...\n", 32 | "Authentication": "Password", 33 | "Fingerprint": "SHA256:bgO...." 34 | } 35 | } 36 | ], 37 | "OnlyAllowPresetRemotes": false 38 | } -------------------------------------------------------------------------------- /includes/ssmtp/ssmtp.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Config file for sSMTP sendmail 3 | # 4 | # The person who gets all mail for userids < 1000 5 | # Make this empty to disable rewriting. 6 | root=root@$PRIMARY_DOMAIN 7 | 8 | # The place where the mail goes. The actual machine name is required no 9 | # MX records are consulted. Commonly mailhosts are named mail.domain.com 10 | mailhub=SMTP-SERVER-PLACEHOLDER:SMTP-PORT-PLACEHOLDER 11 | 12 | # Where will the mail seem to come from? 13 | rewriteDomain=$PRIMARY_DOMAIN 14 | 15 | # The full hostname 16 | hostname=$HOSTNAME.$PRIMARY_DOMAIN 17 | 18 | # Username/Password 19 | AuthUser=SMTP-USER-PLACEHOLDER 20 | AuthPass=SMTP-PASSWORD-PLACEHOLDER 21 | #AuthMethod=LOGIN 22 | # Use SSL/TLS before starting negotiation 23 | UseTLS=Yes 24 | UseSTARTTLS=Yes 25 | #TLS_CA_File=/home/nianve/docker/shared/certs/cert.crt 26 | 27 | # Email 'From header's can override the default domain? 28 | FromLineOverride=yes 29 | -------------------------------------------------------------------------------- /includes/tinyauth/chain-tinyauth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | chain-tinyauth: 4 | chain: 5 | middlewares: 6 | - middlewares-rate-limit 7 | - middlewares-secure-headers 8 | - middlewares-tinyauth -------------------------------------------------------------------------------- /includes/tinyauth/middlewares-tinyauth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-tinyauth: 4 | forwardAuth: 5 | address: "http://tinyauth:3000/api/auth/traefik" 6 | trustForwardHeader: true 7 | authResponseHeaders: 8 | - "Remote-User" 9 | - "Remote-Groups" 10 | - "Remote-Email" 11 | -------------------------------------------------------------------------------- /includes/tinyauth/users_file: -------------------------------------------------------------------------------- 1 | ############################################################### 2 | # Users Database # 3 | ############################################################### 4 | 5 | # This file can be used if you do not have an LDAP set up. 6 | 7 | # List of users 8 | users: 9 | AUTHELIA_USERNAME: 10 | disabled: false 11 | displayname: "AUTHELIA_USER_DISPLAY_NAME" 12 | email: AUTHELIA_USER_EMAIL 13 | password: AUTHELIA_HASHED_PASSWORD 14 | groups: 15 | - admins -------------------------------------------------------------------------------- /includes/traefik/app-http-bypass-template.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | APPNAME-PLACEHOLDER-rtr: 4 | rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)" 5 | priority: 99 6 | entryPoints: 7 | # - websecure-external 8 | # - websecure-internal 9 | middlewares: 10 | - CHAIN-PLACEHOLDER 11 | service: APPNAME-PLACEHOLDER-svc 12 | tls: 13 | certResolver: dns-cloudflare 14 | options: tls-opts@file 15 | APPNAME-PLACEHOLDER-rtr-bypass: 16 | rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`) && Header(`traefik-auth-bypass-key`, `{{env "TRAEFIK_AUTH_BYPASS_KEY"}}`)" 17 | priority: 100 18 | entryPoints: 19 | # - websecure 20 | # - websecure-internal 21 | middlewares: 22 | - chain-no-auth 23 | service: APPNAME-PLACEHOLDER-svc 24 | tls: 25 | certResolver: dns-cloudflare 26 | options: tls-opts@file 27 | services: 28 | APPNAME-PLACEHOLDER-svc: 29 | loadBalancer: 30 | servers: 31 | - url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT -------------------------------------------------------------------------------- /includes/traefik/app-http-template.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | APPNAME-PLACEHOLDER-rtr: 4 | rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)" 5 | entryPoints: 6 | # - websecure-external 7 | # - websecure-internal 8 | middlewares: 9 | - CHAIN-PLACEHOLDER 10 | service: APPNAME-PLACEHOLDER-svc 11 | tls: 12 | certResolver: dns-cloudflare 13 | options: tls-opts@file 14 | services: 15 | APPNAME-PLACEHOLDER-svc: 16 | loadBalancer: 17 | servers: 18 | - url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT -------------------------------------------------------------------------------- /includes/traefik/app-https-ssc-bypass-template.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | APPNAME-PLACEHOLDER-rtr: 4 | rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)" 5 | priority: 99 6 | entryPoints: 7 | # - websecure-external 8 | # - websecure-internal 9 | middlewares: 10 | - CHAIN-PLACEHOLDER 11 | service: APPNAME-PLACEHOLDER-svc 12 | tls: 13 | certResolver: dns-cloudflare 14 | options: tls-opts@file 15 | APPNAME-PLACEHOLDER-rtr-bypass: 16 | rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`) && Header(`traefik-auth-bypass-key`, `{{env "TRAEFIK_AUTH_BYPASS_KEY"}}`)" 17 | priority: 100 18 | entryPoints: 19 | # - websecure 20 | # - websecure-internal 21 | middlewares: 22 | - chain-no-auth 23 | service: APPNAME-PLACEHOLDER-svc 24 | tls: 25 | certResolver: dns-cloudflare 26 | options: tls-opts@file 27 | services: 28 | APPNAME-PLACEHOLDER-svc: 29 | loadBalancer: 30 | passHostHeader: true 31 | serversTransport: "APPNAME-PLACEHOLDER-st" 32 | servers: 33 | - url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT 34 | serversTransports: 35 | APPNAME-PLACEHOLDER-st: 36 | insecureSkipVerify: true -------------------------------------------------------------------------------- /includes/traefik/app-https-ssc-template.yml: -------------------------------------------------------------------------------- 1 | http: 2 | routers: 3 | APPNAME-PLACEHOLDER-rtr: 4 | rule: "Host(`APP-SUBDOMAIN-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)" 5 | entryPoints: 6 | # - websecure-external 7 | # - websecure-internal 8 | middlewares: 9 | - CHAIN-PLACEHOLDER 10 | service: APPNAME-PLACEHOLDER-svc 11 | tls: 12 | certResolver: dns-cloudflare 13 | options: tls-opts@file 14 | services: 15 | APPNAME-PLACEHOLDER-svc: 16 | loadBalancer: 17 | passHostHeader: true 18 | serversTransport: "APPNAME-PLACEHOLDER-st" 19 | servers: 20 | - url: "APP-URL-PLACEHOLDER" # https://IP-ADDRESS:PORT 21 | serversTransports: 22 | APPNAME-PLACEHOLDER-st: 23 | insecureSkipVerify: true -------------------------------------------------------------------------------- /includes/traefik/chain-basic-auth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | chain-basic-auth: 4 | chain: 5 | middlewares: 6 | - middlewares-rate-limit 7 | - middlewares-secure-headers 8 | - middlewares-basic-auth 9 | # - middlewares-compress 10 | -------------------------------------------------------------------------------- /includes/traefik/chain-nextcloud.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | chain-nextcloud: 4 | chain: 5 | middlewares: 6 | - middlewares-rate-limit 7 | - nextcloud-middlewares-secure-headers 8 | - nextcloud-redirect -------------------------------------------------------------------------------- /includes/traefik/chain-no-auth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | chain-no-auth: 4 | chain: 5 | middlewares: 6 | - middlewares-rate-limit 7 | - middlewares-secure-headers 8 | # - middlewares-compress 9 | -------------------------------------------------------------------------------- /includes/traefik/domain-passthrough-template.yml: -------------------------------------------------------------------------------- 1 | tcp: 2 | routers: 3 | HOST-PLACEHOLDER-rtr: 4 | entryPoints: 5 | - websecure-internal 6 | - websecure-external 7 | rule: "HostSNIRegexp(`DOMAINNAME-VARIABLE-PLACEHOLDER`) || HostSNIRegexp(`{subdomain:[a-z]+}.DOMAINNAME-VARIABLE-PLACEHOLDER`)" 8 | service: HOST-PLACEHOLDER-svc 9 | tls: 10 | passthrough: true 11 | services: 12 | HOST-PLACEHOLDER-svc: 13 | loadBalancer: 14 | servers: 15 | - address: "HOST-IP-PLACEHOLDER:443" -------------------------------------------------------------------------------- /includes/traefik/labels-auth-bypass-template.yml: -------------------------------------------------------------------------------- 1 | # Auth Bypass 2 | - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.entrypoints=websecure" 3 | - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.rule=Host(`APAPPNAME-PLACEHOLDER.$DOMAINNAME_1`) && Header(`traefik-auth-bypass-key`, `$TRAEFIK_AUTH_BYPASS_KEY`)" # Bypass Auth for LunaSea on iOS 4 | - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.priority=100" 5 | - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.middlewares=chain-no-auth@file" 6 | - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.service=APAPPNAME-PLACEHOLDER-svc" -------------------------------------------------------------------------------- /includes/traefik/labels-template.yml: -------------------------------------------------------------------------------- 1 | labels: 2 | - "traefik.enable=true" 3 | ## HTTP Routers 4 | - "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.entrypoints=ENTRYPOINT-PLACEHOLDER" 5 | - "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" 6 | ## Middlewares 7 | - "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.middlewares=CHAIN-PLACEHOLDER@file" 8 | ## HTTP Services 9 | - "traefik.http.routers.LABEL-SERVICE-NAME-PLACEHOLDER-rtr.service=LABEL-SERVICE-NAME-PLACEHOLDER-svc" 10 | - "traefik.http.services.LABEL-SERVICE-NAME-PLACEHOLDER-svc.loadbalancer.server.port=LABEL-SERVICE-PORT-PLACEHOLDER" -------------------------------------------------------------------------------- /includes/traefik/middlewares-basic-auth.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-basic-auth: 4 | basicAuth: 5 | # users: 6 | # - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1" 7 | usersFile: "/run/secrets/basic_auth_credentials" 8 | realm: "Traefik Basic Auth" -------------------------------------------------------------------------------- /includes/traefik/middlewares-buffering.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-buffering: 4 | buffering: 5 | maxResponseBodyBytes: 2000000 6 | maxRequestBodyBytes: 10485760 7 | memRequestBodyBytes: 2097152 8 | memResponseBodyBytes: 2097152 9 | retryExpression: "IsNetworkError() && Attempts() <= 2" 10 | -------------------------------------------------------------------------------- /includes/traefik/middlewares-compress.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-compress: 4 | compress: {} 5 | -------------------------------------------------------------------------------- /includes/traefik/middlewares-nextcloud.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | ### Let's give them a new name so it won't conflict with others 4 | nextcloud-middlewares-secure-headers: 5 | headers: 6 | accessControlMaxAge: 100 7 | sslRedirect: true 8 | stsSeconds: 63072000 9 | stsIncludeSubdomains: true 10 | stsPreload: true 11 | forceSTSHeader: true 12 | ### We will modify this value for Nextcloud to remove the X-Frame-Options error: 13 | customFrameOptionsValue: "SAMEORIGIN" #CSP takes care of this but may be needed for organizr. 14 | contentTypeNosniff: true 15 | browserXssFilter: true 16 | referrerPolicy: "no-referrer" 17 | ### While CSP is a good security setting, Nextcloud's Apache server takes care of this for us! 18 | # contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';" 19 | featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 20 | customResponseHeaders: 21 | ### Change this to none to remove the Robots error: 22 | X-Robots-Tag: "noindex, nofollow" 23 | X-Content-Type-Options: "nosniff" 24 | X-XSS-Protection: "1; mode=block" 25 | X-Frame-Options: "SAMEORIGIN" 26 | Referrer-Policy: "no-referrer" 27 | server: "" 28 | 29 | ### This section redirects requests for Nextcloud calendar and contacts service discovery 30 | ### source: https://docs.nextcloud.com/server/21/admin_manual/issues/general_troubleshooting.html#service-discovery 31 | nextcloud-redirect: 32 | redirectRegex: 33 | permanent: true 34 | regex: "https://(.*)/.well-known/(card|cal)dav" 35 | replacement: "https://${1}/remote.php/dav/" -------------------------------------------------------------------------------- /includes/traefik/middlewares-rate-limit.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-rate-limit: 4 | rateLimit: 5 | average: 100 6 | burst: 50 7 | -------------------------------------------------------------------------------- /includes/traefik/middlewares-secure-headers.yml: -------------------------------------------------------------------------------- 1 | http: 2 | middlewares: 3 | middlewares-secure-headers: 4 | headers: 5 | accessControlAllowMethods: 6 | - GET 7 | - OPTIONS 8 | - PUT 9 | accessControlMaxAge: 100 10 | hostsProxyHeaders: 11 | - "X-Forwarded-Host" 12 | stsSeconds: 63072000 13 | stsIncludeSubdomains: true 14 | stsPreload: true 15 | forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works. 16 | # Comment out customFrameOptionsValue if you're using Jellyfin on LG WebOS 17 | customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options 18 | contentTypeNosniff: true 19 | browserXssFilter: true 20 | referrerPolicy: "same-origin" 21 | permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()" 22 | customResponseHeaders: 23 | X-Robots-Tag: "none,noindex,nofollow,noarchive,nosnippet,notranslate,noimageindex" # disable search engines from indexing home server 24 | server: "" # hide server info from visitors 25 | customRequestHeaders: 26 | X-Forwarded-Proto: https -------------------------------------------------------------------------------- /includes/traefik/t2_proxy_network.yml: -------------------------------------------------------------------------------- 1 | t2_proxy: 2 | name: t2_proxy 3 | driver: bridge 4 | ipam: 5 | config: 6 | - subnet: 192.168.90.0/24 7 | # NETWORKS-PLACEHOLDER-DO-NOT-DELETE 8 | -------------------------------------------------------------------------------- /includes/traefik/t3_proxy_network.yml: -------------------------------------------------------------------------------- 1 | t3_proxy: 2 | name: t3_proxy 3 | driver: bridge 4 | ipam: 5 | config: 6 | - subnet: 192.168.90.0/24 7 | # NETWORKS-PLACEHOLDER-DO-NOT-DELETE 8 | -------------------------------------------------------------------------------- /includes/traefik/tls-opts.yml: -------------------------------------------------------------------------------- 1 | tls: 2 | options: 3 | tls-opts: 4 | minVersion: VersionTLS12 5 | cipherSuites: 6 | - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 7 | - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 8 | - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 9 | - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 10 | - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 11 | - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 12 | - TLS_AES_128_GCM_SHA256 13 | - TLS_AES_256_GCM_SHA384 14 | - TLS_CHACHA20_POLY1305_SHA256 15 | - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507 16 | curvePreferences: 17 | - CurveP521 18 | - CurveP384 19 | sniStrict: true 20 | -------------------------------------------------------------------------------- /includes/traefik/traefik.yml: -------------------------------------------------------------------------------- 1 | global: 2 | checkNewVersion: true 3 | sendAnonymousUsage: false 4 | 5 | serversTransport: 6 | insecureSkipVerify: true 7 | 8 | entryPoints: 9 | # HTTP Endpoint 10 | web: 11 | address: ":80" 12 | forwardedHeaders: 13 | trustedIPs: &trustedIps 14 | # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/ 15 | - 173.245.48.0/20 16 | - 103.21.244.0/22 17 | - 103.22.200.0/22 18 | - 103.31.4.0/22 19 | - 141.101.64.0/18 20 | - 108.162.192.0/18 21 | - 190.93.240.0/20 22 | - 188.114.96.0/20 23 | - 197.234.240.0/22 24 | - 198.41.128.0/17 25 | - 162.158.0.0/15 26 | - 104.16.0.0/13 27 | - 104.24.0.0/14 28 | - 172.64.0.0/13 29 | - 131.0.72.0/22 30 | - 2400:cb00::/32 31 | - 2606:4700::/32 32 | - 2803:f800::/32 33 | - 2405:b500::/32 34 | - 2405:8100::/32 35 | - 2a06:98c0::/29 36 | - 2c0f:f248::/32 37 | # Local IPs 38 | - 127.0.0.1/32 39 | - 10.0.0.0/8 40 | - 192.168.0.0/16 41 | - 172.16.0.0/12 42 | http: 43 | redirections: 44 | entryPoint: 45 | to: websecure 46 | scheme: https 47 | permanent: true 48 | 49 | # HTTPS endpoint, with domain wildcard 50 | websecure: 51 | address: ":443" 52 | forwardedHeaders: 53 | # Reuse list of Cloudflare Trusted IP's above for HTTPS requests 54 | trustedIPs: *trustedIps 55 | http: 56 | tls: 57 | # TLS Options File inside rules folder 58 | options: tls-opts@file 59 | # Add letsencrypt as default certresolver for all services. 60 | # Also enables TLS (see below) and no need to specify on individual services 61 | certResolver: letsencrypt 62 | domains: 63 | - main: {{env "DOMAINNAME"}} 64 | sans: 65 | - '*.{{env "DOMAINNAME"}}' 66 | # traefik: 67 | # address: :8080 68 | 69 | # Enable Traefik Dashboard 70 | api: 71 | dashboard: true 72 | insecure: true 73 | 74 | # Log level 75 | # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC 76 | log: 77 | level: DEBUG 78 | filePath: /logs/traefik.log 79 | accessLog: 80 | filePath: /logs/access.log 81 | bufferingSize: 100 82 | filters: 83 | statusCodes: 84 | - "204-299" 85 | - "400-499" 86 | - "500-599" 87 | retryAttempts: true 88 | minDuration: "10ms" 89 | 90 | providers: 91 | providersThrottleDuration: 2s 92 | docker: 93 | watch: true 94 | # Use Docker Socket Proxy instead for improved security 95 | # endpoint: "unix:///var/run/docker.sock" 96 | endpoint: "tcp://socket-proxy:2375" 97 | exposedByDefault: false 98 | network: traefik_proxy 99 | swarmMode: false 100 | # File provider for connecting things that are outside of docker / defining middleware 101 | file: 102 | # Only works on top level files in the rules folder 103 | watch: true 104 | # Load dynamic configuration from one or more .toml or .yml files in a directory 105 | directory: /rules 106 | 107 | # Use letsencrypt to generate ssl serficiates 108 | certificatesResolvers: 109 | # previously dns-cloudflare 110 | letsencrypt: 111 | acme: 112 | # LetsEncrypt Staging Server - uncomment when testing 113 | # caServer: https://acme-staging-v02.api.letsencrypt.org/directory 114 | email: {{env "CLOUDFLARE_EMAIL"}} 115 | storage: /acme.json 116 | dnsChallenge: 117 | provider: cloudflare 118 | # Used to make sure the dns challenge is propagated to the rights dns servers 119 | resolvers: 120 | - "1.1.1.1:53" 121 | - "1.0.0.1:53" 122 | # To delay DNS check and reduce LE hitrate 123 | delayBeforeCheck: 90 -------------------------------------------------------------------------------- /includes/traefik/traefik_global_secrets_template.yml: -------------------------------------------------------------------------------- 1 | SECRET-NAME-PLACEHOLDER: 2 | file: $DOCKERDIR/secrets/SECRET-NAME-PLACEHOLDER 3 | # SECRETS-PLACEHOLDER-DO-NOT-DELETE 4 | -------------------------------------------------------------------------------- /latest-version: -------------------------------------------------------------------------------- 1 | 5.8 -------------------------------------------------------------------------------- /scripts/iptables-reset.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # IPv6 4 | 5 | ## 6 | ## set default policies to let everything in 7 | ip6tables --policy INPUT ACCEPT; 8 | ip6tables --policy OUTPUT ACCEPT; 9 | ip6tables --policy FORWARD ACCEPT; 10 | 11 | ## 12 | ## start fresh 13 | ip6tables -Z; # zero counters 14 | ip6tables -F; # flush (delete) rules 15 | ip6tables -X; # delete all extra chains 16 | 17 | # IPv4 18 | 19 | ## 20 | ## set default policies to let everything in 21 | iptables --policy INPUT ACCEPT; 22 | iptables --policy OUTPUT ACCEPT; 23 | iptables --policy FORWARD ACCEPT; 24 | 25 | ## 26 | ## start fresh 27 | iptables -Z; # zero counters 28 | iptables -F; # flush (delete) rules 29 | iptables -X; # delete all extra chains 30 | --------------------------------------------------------------------------------