fern/stacks
1
0
Fork 0
mirror of https://github.com/firewalkwithm3/stacks.git synced 2025-07-02 02:47:49 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

dclint

Browse source
This commit is contained in:
Fern Garden 2025-07-01 17:30:05 +08:00
parent d4dd9806b4
commit fc40d136e4
35 changed files with 698 additions and 681 deletions
Download patch file Download diff file Expand all files Collapse all files

6
13ft/compose.yaml
View file

@ -1,11 +1,13 @@
name: 13ft
services:
13ft:
container_name: 13ft
image: ghcr.io/wasi-master/13ft:latest
restart: unless-stopped
container_name: 13ft
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: 13ft.ferngarden.net
caddy.import: internal

319
arr/compose.yaml
View file

@ -1,159 +1,98 @@
name: arr
services:
jellyseerr:
image: ghcr.io/fallenbagel/jellyseerr:latest
container_name: jellyseerr
networks:
- default
- proxy
- media
environment:
- LOG_LEVEL=debug
- TZ=Australia/Perth
volumes:
- jellyseerr_config:/app/config
restart: unless-stopped
labels:
caddy: jellyseerr.fern.garden
caddy.import: internal
caddy.reverse_proxy: "{{upstreams 5055}}"
jackett:
image: lscr.io/linuxserver/jackett:latest
container_name: jackett
networks:
- default
- media
- proxy
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
volumes:
- jackett_config:/config
- jackett_downloads:/downloads
restart: unless-stopped
labels:
caddy: jackett.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
container_name: prowlarr
networks:
- default
- media
- proxy
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
volumes:
- prowlarr_config:/config
restart: unless-stopped
labels:
caddy: prowlarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:latest
container_name: flaresolverr
networks:
- default
environment:
- LOG_LEVEL=info
- LOG_HTML=false
- CAPTCHA_SOLVER=none
- TZ=Australia/Perth
restart: unless-stopped
bazarr:
image: lscr.io/linuxserver/bazarr:latest
container_name: bazarr
networks:
- default
- media
- proxy
volumes:
- bazarr_config:/config
- /media:/media
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
volumes:
- bazarr_config:/config
- /media:/media
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: bazarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
sonarr:
image: lscr.io/linuxserver/sonarr:latest
container_name: sonarr
networks:
- default
- media
- proxy
cleanuparr:
image: ghcr.io/cleanuparr/cleanuparr:latest
container_name: cleanuparr
volumes:
- /mnt/docker/cleanuparr/config:/config
- /media:/media
environment:
- TZ=Australia/Perth
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
volumes:
- sonarr_config:/config
- /media:/media
networks:
- default
- proxy
- media
restart: unless-stopped
labels:
caddy: sonarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
caddy: cleanuparr.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{ upstreams 11011 }}'
radarr:
image: lscr.io/linuxserver/radarr:latest
container_name: radarr
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:latest
container_name: flaresolverr
environment:
- LOG_LEVEL=info
- LOG_HTML=false
- CAPTCHA_SOLVER=none
- TZ=Australia/Perth
networks:
- default
- media
- proxy
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
volumes:
- radarr_config:/config
- /media:/media
restart: unless-stopped
labels:
caddy: radarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
lidarr:
image: blampe/lidarr:latest
container_name: lidarr
networks:
- default
- media
- proxy
jackett:
image: lscr.io/linuxserver/jackett:latest
container_name: jackett
volumes:
- jackett_config:/config
- jackett_downloads:/downloads
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
volumes:
- lidarr_config:/config
- /mnt/docker/beets/config:/beets
- ./install_beets.bash:/custom-cont-init.d/install_beets.bash:ro
- /media:/media
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: lidarr.ferngarden.net
caddy: jackett.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
jellyseerr:
image: ghcr.io/fallenbagel/jellyseerr:latest
container_name: jellyseerr
volumes:
- jellyseerr_config:/app/config
environment:
- LOG_LEVEL=debug
- TZ=Australia/Perth
networks:
- default
- proxy
- media
restart: unless-stopped
labels:
caddy: jellyseerr.fern.garden
caddy.import: internal
caddy.reverse_proxy: "{{upstreams 5055}}"
kapowarr:
container_name: kapowarr
image: mrcas/kapowarr:latest
user: 1000:1800
container_name: kapowarr
volumes:
- /mnt/docker/kapowarr/database:/app/db
- /media:/media
@ -165,79 +104,141 @@ services:
caddy: kapowarr.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{ upstreams 5656 }}'
user: 1000:1800
letterboxd-list-radarr:
image: screeny05/letterboxd-list-radarr:latest
container_name: letterboxd-list-radarr
restart: unless-stopped
networks:
- default
environment:
- REDIS_URL=redis://letterboxd-list-radarr_redis:6379
depends_on:
- letterboxd-list-radarr_redis
environment:
- REDIS_URL=redis://letterboxd-list-radarr_redis:6379
networks:
- default
restart: unless-stopped
letterboxd-list-radarr_redis:
image: redis:6.0
container_name: letterboxd-list-radarr_redis
restart: unless-stopped
networks:
- default
volumes:
- letterboxd-list-radarr_redis:/data
image: redis:6.0
soularr:
image: mrusse08/soularr:latest
container_name: soularr
networks:
- default
- media
user: 1000:1800
environment:
- TZ=Australia/Perth
- SCRIPT_INTERVAL=300
volumes:
- /media:/media
- /mnt/docker/soularr/config:/data
restart: unless-stopped
cleanuparr:
image: ghcr.io/cleanuparr/cleanuparr:latest
container_name: cleanuparr
restart: unless-stopped
networks:
- default
- proxy
- media
lidarr:
image: blampe/lidarr:latest
container_name: lidarr
volumes:
- /mnt/docker/cleanuparr/config:/config
- lidarr_config:/config
- /mnt/docker/beets/config:/beets
- ./install_beets.bash:/custom-cont-init.d/install_beets.bash:ro
- /media:/media
environment:
- TZ=Australia/Perth
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: cleanuparr.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{ upstreams 11011 }}'
caddy: lidarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
profilarr:
image: santiagosayshey/profilarr:latest
container_name: profilarr
networks:
- default
- media
- proxy
volumes:
- profilarr_config:/config
environment:
- TZ=Australia/Perth
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: profilarr.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: "{{upstreams 6868}}"
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
container_name: prowlarr
volumes:
- prowlarr_config:/config
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: prowlarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
radarr:
image: lscr.io/linuxserver/radarr:latest
container_name: radarr
volumes:
- radarr_config:/config
- /media:/media
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: radarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
sonarr:
image: lscr.io/linuxserver/sonarr:latest
container_name: sonarr
volumes:
- sonarr_config:/config
- /media:/media
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: sonarr.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
soularr:
image: mrusse08/soularr:latest
container_name: soularr
volumes:
- /media:/media
- /mnt/docker/soularr/config:/data
environment:
- TZ=Australia/Perth
- SCRIPT_INTERVAL=300
networks:
- default
- media
restart: unless-stopped
user: 1000:1800
networks:
default:
proxy:

10
audiobookshelf/compose.yaml
View file

@ -1,17 +1,19 @@
name: audiobookshelf
services:
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
container_name: audiobookshelf
restart: unless-stopped
networks:
- default
- proxy
volumes:
- audiobookshelf_config:/config
- audiobookshelf_metadata:/metadata
- /media:/media
environment:
- TZ=Australia/Perth
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: audiobooks.fern.garden
caddy.reverse_proxy: "{{upstreams 80}}"

196
authentik/compose.yaml
View file

@ -1,129 +1,132 @@
name: authentik
services:
authentik:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
container_name: authentik
depends_on:
authentik_db:
condition: service_healthy
authentik_redis:
condition: service_healthy
volumes:
- authentik_media:/media
- authentik_templates:/templates
environment:
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_REDIS__HOST=authentik_redis
- AUTHENTIK_POSTGRESQL__HOST=authentik_db
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true
networks:
- default
- proxy
command: server
restart: unless-stopped
labels:
caddy: auth.fern.garden
caddy.reverse_proxy: "{{upstreams 9000}}"
authentik_db:
image: docker.io/library/postgres:16-alpine
container_name: authentik_db
networks:
- default
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- authentik_db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=authentik
- POSTGRES_DB=authentik
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
authentik_redis:
image: docker.io/library/redis:alpine
container_name: authentik_redis
networks:
- default
command: --save 60 1 --loglevel warning
restart: always
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- authentik_redis:/data
timeout: 5s
authentik:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
container_name: authentik
networks:
- default
- proxy
restart: unless-stopped
command: server
environment:
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_REDIS__HOST=authentik_redis
- AUTHENTIK_POSTGRESQL__HOST=authentik_db
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true
volumes:
- authentik_media:/media
- authentik_templates:/templates
depends_on:
authentik_db:
condition: service_healthy
authentik_redis:
condition: service_healthy
labels:
caddy: auth.fern.garden
caddy.reverse_proxy: "{{upstreams 9000}}"
authentik_worker:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
container_name: authentik_worker
networks:
- default
restart: unless-stopped
command: worker
environment:
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_REDIS__HOST=authentik_redis
- AUTHENTIK_POSTGRESQL__HOST=authentik_db
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- authentik_media:/media
- authentik_templates:/templates
- authentik_certs:/certs
depends_on:
authentik_db:
condition: service_healthy
authentik_redis:
condition: service_healthy
authentik_proxy:
image: ghcr.io/goauthentik/proxy:${AUTHENTIK_VERSION}
container_name: authentik_proxy
networks:
- default
- proxy
environment:
- AUTHENTIK_HOST=http://authentik:9000
- AUTHENTIK_HOST_BROWSER=https://auth.fern.garden
- AUTHENTIK_INSECURE=true
- AUTHENTIK_TOKEN=${AUTHENTIK_PROXY_TOKEN}
authentik_ldap:
image: ghcr.io/goauthentik/ldap:${AUTHENTIK_VERSION}
container_name: authentik_ldap
depends_on:
authentik:
condition: service_healthy
authentik_worker:
condition: service_healthy
authentik_ldap:
image: ghcr.io/goauthentik/ldap:${AUTHENTIK_VERSION}
container_name: authentik_ldap
networks:
- default
ports:
- 389:3389
- 636:6636
environment:
- AUTHENTIK_HOST=http://authentik:9000
- AUTHENTIK_HOST_BROWSER=https://auth.fern.garden
- AUTHENTIK_INSECURE=true
- AUTHENTIK_TOKEN=${AUTHENTIK_LDAP_TOKEN}
networks:
- default
authentik_proxy:
image: ghcr.io/goauthentik/proxy:${AUTHENTIK_VERSION}
container_name: authentik_proxy
depends_on:
authentik:
condition: service_healthy
authentik_worker:
condition: service_healthy
environment:
- AUTHENTIK_HOST=http://authentik:9000
- AUTHENTIK_HOST_BROWSER=https://auth.fern.garden
- AUTHENTIK_INSECURE=true
- AUTHENTIK_TOKEN=${AUTHENTIK_PROXY_TOKEN}
networks:
- default
- proxy
authentik_redis:
image: docker.io/library/redis:alpine
container_name: authentik_redis
volumes:
- authentik_redis:/data
networks:
- default
command: --save 60 1 --loglevel warning
restart: always
healthcheck:
test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
authentik_worker:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
container_name: authentik_worker
depends_on:
authentik_db:
condition: service_healthy
authentik_redis:
condition: service_healthy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- authentik_media:/media
- authentik_templates:/templates
- authentik_certs:/certs
environment:
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_REDIS__HOST=authentik_redis
- AUTHENTIK_POSTGRESQL__HOST=authentik_db
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true
networks:
- default
command: worker
restart: unless-stopped
user: root
networks:
default:
proxy:
external: true
volumes:
authentik_db:
@ -136,8 +139,3 @@ volumes:
name: authentik_certs
authentik_templates:
name: authentik_templates
networks:
default:
proxy:
external: true

37
caddy/compose.yaml
View file

@ -1,30 +1,27 @@
name: caddy
services:
caddy:
image: ghcr.io/firewalkwithm3/caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- 80:80
- 443:443
- 443:443/udp
networks:
- default
- proxy
- traefik
environment:
- CADDY_INGRESS_NETWORKS=proxy
- CF_API_TOKEN=${CF_API_TOKEN}
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
- CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./Caddyfile:/etc/caddy/Caddyfile
- /srv:/srv
- caddy_data:/data
volumes:
caddy_data:
name: caddy_data
environment:
- CADDY_INGRESS_NETWORKS=proxy
- CF_API_TOKEN=${CF_API_TOKEN}
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
- CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile
ports:
- '80:80'
- '443:443'
- '443:443/udp'
networks:
- default
- proxy
- traefik
restart: unless-stopped
networks:
default:
@ -32,3 +29,7 @@ networks:
external: true
traefik:
external: true
volumes:
caddy_data:
name: caddy_data

15
calibre/compose.yaml
View file

@ -1,27 +1,30 @@
name: calibre
services:
calibre-web-automated:
image: crocodilestick/calibre-web-automated:latest
container_name: calibre-web-automated
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
volumes:
- /mnt/docker/calibre-web-automated/config:/config
- /media/media/calibre/ingest:/cwa-book-ingest
- /media/media/calibre/library:/calibre-library
environment:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
networks:
- default
- proxy
- media
restart: unless-stopped
labels:
caddy: books.fern.garden
caddy.reverse_proxy: '{{ upstreams 8083 }}'
restart: unless-stopped
cwa-downloader:
image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest
container_name: cwa-downloader
volumes:
- /media/media/calibre/ingest:/cwa-book-ingest
environment:
FLASK_PORT: 8084
LOG_LEVEL: info
@ -36,8 +39,6 @@ services:
- media
- proxy
restart: unless-stopped
volumes:
- /media/media/calibre/ingest:/cwa-book-ingest
labels:
caddy: books-dl.ferngarden.net
caddy.import: internal

7
dozzle/compose.yaml
View file

@ -1,7 +1,11 @@
name: dozzle
services:
dozzle:
image: amir20/dozzle:latest
container_name: dozzle
environment:
DOZZLE_AUTH_PROVIDER: forward-proxy
DOZZLE_REMOTE_HOST: tcp://docker_socket_proxy:2375|docker.local,tcp://10.0.1.105:2375|minecraft.local,tcp://10.0.1.4:2375|weebill.local
networks:
- default
- metrics
@ -10,9 +14,6 @@ services:
caddy: dozzle.ferngarden.net
caddy.1_import: internal
caddy.2_import: authentik
environment:
DOZZLE_AUTH_PROVIDER: forward-proxy
DOZZLE_REMOTE_HOST: tcp://docker_socket_proxy:2375|docker.local,tcp://10.0.1.105:2375|minecraft.local,tcp://10.0.1.4:2375|weebill.local
networks:
default:

48
forgejo/compose.yaml
View file

@ -1,12 +1,26 @@
name: forgejo
services:
forgejo_db:
image: postgres:14
container_name: forgejo_db
volumes:
- forgejo_db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=forgejo
- POSTGRES_DB=forgejo
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
networks:
- default
restart: unless-stopped
server:
image: codeberg.org/forgejo/forgejo:11
container_name: forgejo
networks:
- proxy
- default
ports:
- 222:22
depends_on:
- forgejo_db
volumes:
- forgejo_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- USER_UID=1000
- USER_GID=1000
@ -15,30 +29,16 @@ services:
- FORGEJO__database__NAME=forgejo
- FORGEJO__database__USER=forgejo
- FORGEJO__database__PASSWD=${POSTGRES_PASSWORD}
ports:
- '222:22'
networks:
- proxy
- default
restart: unless-stopped
volumes:
- forgejo_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- forgejo_db
labels:
caddy: git.fern.garden
caddy.reverse_proxy: "{{upstreams 3000}}"
forgejo_db:
image: postgres:14
container_name: forgejo_db
networks:
- default
restart: unless-stopped
environment:
- POSTGRES_USER=forgejo
- POSTGRES_DB=forgejo
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- forgejo_db:/var/lib/postgresql/data
networks:
default:
proxy:

9
grocy/compose.yaml
View file

@ -1,7 +1,10 @@
name: grocy
services:
grocy:
image: lscr.io/linuxserver/grocy:latest
container_name: grocy
volumes:
- grocy_config:/config
environment:
- PUID=1000
- PGID=1000
@ -10,13 +13,11 @@ services:
- GROCY_FEATURE_FLAG_SHOPPINGLIST=false
- GROCY_FEATURE_FLAG_STOCK=false
- GROCY_CURRENCY=AUD
ports:
- '9192:80'
networks:
- default
- proxy
ports:
- 9192:80
volumes:
- grocy_config:/config
restart: unless-stopped
labels:
caddy: grocy.ferngarden.net

17
homebox/compose.yaml
View file

@ -1,18 +1,19 @@
name: homebox
services:
homebox:
image: ghcr.io/sysadminsmedia/homebox:latest-rootless
container_name: homebox
restart: unless-stopped
environment:
- HBOX_LOG_LEVEL=info
- HBOX_LOG_FORMAT=text
- HBOX_WEB_MAX_FILE_UPLOAD=10
- HBOX_OPTIONS_ALLOW_ANALYTICS=false
volumes:
- homebox_data:/data/
environment:
- HBOX_LOG_LEVEL=info
- HBOX_LOG_FORMAT=text
- HBOX_WEB_MAX_FILE_UPLOAD=10
- HBOX_OPTIONS_ALLOW_ANALYTICS=false
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: homebox.ferngarden.net
caddy.import: internal
@ -24,5 +25,5 @@ networks:
external: true
volumes:
homebox_data:
name: homebox_data
homebox_data:
name: homebox_data

5
homepage/compose.yaml
View file

@ -1,21 +1,22 @@
name: homepage
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
volumes:
- /mnt/docker/homepage/config:/app/config
user: 1000:1000
restart: unless-stopped
environment:
HOMEPAGE_ALLOWED_HOSTS: dash.ferngarden.net
networks:
- default
- proxy
- metrics
restart: unless-stopped
labels:
caddy: dash.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{ upstreams 3000 }}'
user: 1000:1000
networks:
proxy:

12
hortusfox/compose.yaml
View file

@ -1,7 +1,10 @@
name: hortusfox
services:
hortusfox:
image: ghcr.io/danielbrendel/hortusfox-web:latest
container_name: hortusfox
depends_on:
- hortusfox_db
volumes:
- hortusfox_images:/var/www/html/public/img
- hortusfox_logs:/var/www/html/hortusfox/logs
@ -21,8 +24,6 @@ services:
networks:
- default
- proxy
depends_on:
- hortusfox_db
labels:
caddy: hortusfox.ferngarden.net
caddy.import: internal
@ -31,16 +32,16 @@ services:
hortusfox_db:
image: mariadb
container_name: hortusfox_db
restart: always
volumes:
- hortusfox_db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: hortusfox
MYSQL_USER: hortusfox
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
volumes:
- hortusfox_db:/var/lib/mysql
networks:
- default
restart: always
networks:
default:
@ -55,3 +56,4 @@ volumes:
hortusfox_themes:
hortusfox_migrate:

60
immich/compose.yaml
View file

@ -1,23 +1,21 @@
name: immich
services:
immich:
container_name: immich
hostname: immich-server
image: ghcr.io/immich-app/immich-server:release
container_name: immich
depends_on:
- immich_db
- immich_redis
volumes:
- immich_library:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
networks:
- default
- proxy
environment:
- DB_USERNAME=postgres
- DB_DATABASE_NAME=immich
- DB_PASSWORD=${DB_PASSWORD}
devices:
- /dev/dri:/dev/dri
depends_on:
- immich_redis
- immich_db
networks:
- default
- proxy
restart: unless-stopped
healthcheck:
disable: false
@ -25,12 +23,28 @@ services:
caddy: photos.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: "{{upstreams 2283}}"
devices:
- /dev/dri:/dev/dri
hostname: immich-server
immich_db:
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0@sha256:fa4f6e0971f454cd95fec5a9aaed2ed93d8f46725cc6bc61e0698e97dba96da1
container_name: immich_db
volumes:
- immich_db:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_USER=postgres
- POSTGRES_DB=immich
- POSTGRES_INITDB_ARGS='--data-checksums'
networks:
- default
restart: always
hostname: database
immich_ml:
container_name: immich_ml
hostname: immich-machine-learning
image: ghcr.io/immich-app/immich-machine-learning:release
container_name: immich_ml
volumes:
- immich_ml_cache:/cache
networks:
@ -38,31 +52,17 @@ services:
restart: unless-stopped
healthcheck:
disable: false
hostname: immich-machine-learning
immich_redis:
container_name: immich_redis
hostname: redis
image: docker.io/valkey/valkey:8-bookworm@sha256:ff21bc0f8194dc9c105b769aeabf9585fea6a8ed649c0781caeac5cb3c247884
container_name: immich_redis
networks:
- default
restart: unless-stopped
healthcheck:
test: redis-cli ping || exit 1
restart: unless-stopped
immich_db:
container_name: immich_db
hostname: database
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0@sha256:fa4f6e0971f454cd95fec5a9aaed2ed93d8f46725cc6bc61e0698e97dba96da1
networks:
- default
environment:
- POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_USER=postgres
- POSTGRES_DB=immich
- POSTGRES_INITDB_ARGS='--data-checksums'
volumes:
- immich_db:/var/lib/postgresql/data
restart: always
hostname: redis
networks:
default:

3
it-tools/compose.yaml
View file

@ -1,11 +1,12 @@
name: it-tools
services:
it-tools:
image: corentinth/it-tools:latest
container_name: it-tools
restart: unless-stopped
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: it-tools.ferngarden.net
caddy.import: internal

81
jellyfin/compose.yaml
View file

@ -1,25 +1,14 @@
name: jellyfin
services:
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
user: 1000:1800
group_add:
- 992
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
networks:
- default
- proxy
- media
volumes:
- jellyfin_cache:/var/cache/jellyfin
- jellyfin_config:/etc/jellyfin
- jellyfin_data:/var/lib/jellyfin
- jellyfin_logs:/var/log/jellyfin
- /media:/media
restart: unless-stopped
ports:
- 8096:8096
environment:
- JELLYFIN_PublishedServerUrl=https://jellyfin.fern.garden
- JELLYFIN_CACHE_DIR=/var/cache/jellyfin
@ -27,38 +16,30 @@ services:
- JELLYFIN_DATA_DIR=/var/lib/jellyfin
- JELLYFIN_LOG_DIR=/var/log/jellyfin
- TZ=Australia/Perth
ports:
- '8096:8096'
networks:
- default
- proxy
- media
restart: unless-stopped
labels:
caddy: jellyfin.fern.garden
caddy.@blacklist.not.path: "/metrics"
caddy.reverse_proxy: "@blacklist {{upstreams 8096}}"
jellystat_db:
image: postgres:15.2
shm_size: '1gb'
container_name: jellystat_db
restart: unless-stopped
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
environment:
POSTGRES_USER: jellystat
POSTGRES_PASSWORD: ${JELLYSTAT_POSTGRES_PASSWORD}
networks:
- default
volumes:
- jellystat_db:/var/lib/postgresql/data
user: 1000:1800
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
group_add:
- 992
jellystat:
image: cyfershepard/jellystat:latest
container_name: jellystat
restart: unless-stopped
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
depends_on:
- jellystat_db
volumes:
- jellystat_data:/app/backend/backup-data
environment:
POSTGRES_USER: jellystat
POSTGRES_PASSWORD: ${JELLYSTAT_POSTGRES_PASSWORD}
@ -68,18 +49,38 @@ services:
JS_USER: fern
JS_PASSWORD: ${JELLYSTAT_PASSWORD}
TZ: Australia/Perth
volumes:
- jellystat_data:/app/backend/backup-data
networks:
- default
- proxy
depends_on:
- jellystat_db
restart: unless-stopped
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
labels:
caddy: jellystat.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{upstreams 3000}}'
jellystat_db:
image: postgres:15.2
container_name: jellystat_db
volumes:
- jellystat_db:/var/lib/postgresql/data
environment:
POSTGRES_USER: jellystat
POSTGRES_PASSWORD: ${JELLYSTAT_POSTGRES_PASSWORD}
networks:
- default
restart: unless-stopped
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
shm_size: '1gb'
networks:
default:
media:

5
komga/compose.yaml
View file

@ -1,3 +1,4 @@
name: komga
services:
komga:
image: gotson/komga
@ -5,18 +6,18 @@ services:
volumes:
- komga_config:/config
- /media:/media:ro
user: "1000:1800"
environment:
- TZ=Australia/Perth
- KOMGA_OAUTH2_ACCOUNT_CREATION=true
restart: unless-stopped
networks:
- default
- media
- proxy
restart: unless-stopped
labels:
caddy: comics.fern.garden
caddy.reverse_proxy: '{{upstreams 25600}}'
user: "1000:1800"
networks:
default:

39
linkwarden/compose.yaml
View file

@ -1,18 +1,12 @@
name: linkwarden
services:
linkwarden_db:
image: postgres:16-alpine
container_name: linkwarden_db
environment:
- POSTGRES_USER=linkwarden
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=linkwarden
restart: always
volumes:
- /mnt/docker/linkwarden/database:/var/lib/postgresql/data
networks:
- default
linkwarden:
image: ghcr.io/linkwarden/linkwarden:latest
depends_on:
- linkwarden_db
- linkwarden_search
volumes:
- /mnt/docker/linkwarden/data:/data/data
environment:
- DATABASE_URL=postgresql://linkwarden:${POSTGRES_PASSWORD}@linkwarden_db:5432/linkwarden
- MEILI_HOST=linkwarden_search
@ -22,27 +16,34 @@ services:
- AUTHENTIK_ISSUER=https://auth.fern.garden/application/o/linkwarden
- AUTHENTIK_CLIENT_ID=${AUTHENTIK_CLIENT_ID}
- AUTHENTIK_CLIENT_SECRET=${AUTHENTIK_CLIENT_SECRET}
restart: always
volumes:
- /mnt/docker/linkwarden/data:/data/data
depends_on:
- linkwarden_db
- linkwarden_search
networks:
- default
- proxy
restart: always
labels:
caddy: linkwarden.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{ upstreams 3000 }}'
linkwarden_db:
image: postgres:16-alpine
container_name: linkwarden_db
volumes:
- /mnt/docker/linkwarden/database:/var/lib/postgresql/data
environment:
- POSTGRES_USER=linkwarden
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=linkwarden
networks:
- default
restart: always
linkwarden_search:
image: getmeili/meilisearch:v1.12.8
container_name: linkwarden_search
restart: always
volumes:
- /mnt/docker/linkwarden/search:/meili_data
networks:
- default
restart: always
networks:
default:

27
mailserver/compose.yaml
View file

@ -1,19 +1,8 @@
name: mailserver
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
hostname: mail.ferngarden.net
env_file: mailserver.env
environment:
SSL_TYPE: manual
SSL_CERT_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.crt
SSL_KEY_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.key
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
volumes:
- mailserver_data:/var/mail/
- mailserver_state:/var/mail-state/
@ -21,12 +10,24 @@ services:
- mailserver_config:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
- caddy_data:/srv/tls
environment:
SSL_TYPE: manual
SSL_CERT_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.crt
SSL_KEY_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.key
env_file: mailserver.env
ports:
- '25:25' # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
- '143:143' # IMAP4 (explicit TLS => STARTTLS)
- '465:465' # ESMTP (implicit TLS)
- '587:587' # ESMTP (explicit TLS => STARTTLS)
- '993:993' # IMAP4 (implicit TLS)
restart: always
stop_grace_period: 1m
healthcheck:
test: "ss --listening --ipv4 --tcp | grep --silent ':smtp' || exit 1"
timeout: 3s
retries: 0
hostname: mail.ferngarden.net
stop_grace_period: 1m
volumes:
mailserver_data:

15
metrics/compose.yaml
View file

@ -1,32 +1,33 @@
name: metrics
services:
docker_socket_proxy:
image: ghcr.io/tecnativa/docker-socket-proxy:latest
container_name: docker_socket_proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
environment:
- CONTAINERS=1 # Allow access to viewing containers
- INFO=1
- POST=0 # Disallow any POST operations (effectively read-only)
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
restart: unless-stopped
ports:
- 2375:2375
- '2375:2375'
networks:
- default
- metrics
restart: unless-stopped
glances:
image: nicolargo/glances:latest
container_name: glances
restart: always
pid: host
environment:
- "GLANCES_OPT=-w"
ports:
- 61208:61208
- '61208:61208'
networks:
- default
- metrics
restart: always
pid: host
networks:
default:

56
minecraft/compose.yaml
View file

@ -1,55 +1,57 @@
name: minecraft
services:
minecraft_proxy:
image: itzg/mc-proxy
container_name: minecraft_proxy
restart: unless-stopped
volumes:
- velocity_config:/config
- velocity_server:/server
networks:
- default
ports:
- 25565:25565
environment:
- TYPE=VELOCITY
- MINECRAFT_VERSION=1.21.5
minecraft_server_mc:
image: itzg/minecraft-server
container_name: minecraft_server_mc
hostname: mc
restart: unless-stopped
volumes:
- minecraft_server_mc:/data
ports:
- '25565:25565'
networks:
- default
depends_on:
- minecraft_proxy
env_file:
- server.env
environment:
- MOTD=meow
- ICON=https://git.fern.garden/fern/stacks/raw/branch/main/minecraft/server-icons/mc.png
- PLUGINS=https://dev.bukkit.org/projects/dead-chest/files/latest
restart: unless-stopped
minecraft_server_bob:
image: itzg/minecraft-server
container_name: minecraft_server_bob
hostname: bob
restart: unless-stopped
volumes:
- minecraft_server_bob:/data
depends_on:
- minecraft_proxy
env_file:
- server.env
volumes:
- minecraft_server_bob:/data
environment:
- MOTD=it's bob's world, we're just living in it
- ICON=https://git.fern.garden/fern/stacks/raw/branch/main/minecraft/server-icons/bob.png
env_file:
- server.env
restart: unless-stopped
hostname: bob
minecraft_server_mc:
image: itzg/minecraft-server
container_name: minecraft_server_mc
depends_on:
- minecraft_proxy
volumes:
- minecraft_server_mc:/data
environment:
- MOTD=meow
- ICON=https://git.fern.garden/fern/stacks/raw/branch/main/minecraft/server-icons/mc.png
- PLUGINS=https://dev.bukkit.org/projects/dead-chest/files/latest
env_file:
- server.env
networks:
- default
restart: unless-stopped
hostname: mc
networks:
default:
volumes:
minecraft_webadmin_db:
name: minecraft_webadmin_db

21
miniflux/compose.yaml
View file

@ -1,11 +1,8 @@
name: miniflux
services:
miniflux:
image: miniflux/miniflux:latest
container_name: miniflux
restart: unless-stopped
networks:
- default
- proxy
depends_on:
miniflux_db:
condition: service_healthy
@ -22,6 +19,10 @@ services:
- OAUTH2_REDIRECT_URL=https://rss.ferngarden.net/oauth2/oidc/callback
- OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://auth.fern.garden/application/o/miniflux/
- OAUTH2_USER_CREATION=1
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: rss.ferngarden.net
caddy.import: internal
@ -30,17 +31,17 @@ services:
miniflux_db:
image: postgres:17-alpine
container_name: miniflux_db
restart: unless-stopped
networks:
- default
volumes:
- miniflux_db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=miniflux
- POSTGRES_DB=miniflux
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- miniflux_db:/var/lib/postgresql/data
networks:
- default
restart: unless-stopped
healthcheck:
test: ["CMD", "pg_isready", "-U", "miniflux"]
test: [ "CMD", "pg_isready", "-U", "miniflux" ]
interval: 10s
start_period: 30s

15
navidrome/compose.yaml
View file

@ -1,11 +1,11 @@
name: navidrome
services:
navidrome:
image: deluan/navidrome:latest
container_name: navidrome
networks:
- default
- proxy
restart: unless-stopped
volumes:
- navidrome_data:/data
- /media/media/beets:/music:ro
environment:
- ND_BASEURL=https://music.fern.garden
- ND_REVERSEPROXYUSERHEADER=X-authentik-username
@ -13,9 +13,10 @@ services:
- ND_LASTFM_APIKEY=${ND_LASTFM_APIKEY}
- ND_LASTFM_SECRET=${ND_LASTFM_SECRET}
- ND_PLAYLISTSPATH=Playlists
volumes:
- navidrome_data:/data
- /media/media/beets:/music:ro
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: music.fern.garden
caddy.import: authentik

7
netatalk/compose.yaml
View file

@ -1,10 +1,8 @@
name: netatalk
services:
netatalk:
image: netatalk/netatalk:latest
container_name: netatalk
network_mode: host
cap_add:
- NET_ADMIN
volumes:
- netatalk_backup:/mnt/afpbackup
- /srv/netatalk:/mnt/afpshare
@ -15,6 +13,9 @@ services:
- AFP_GROUP=afpusers
- ATALKD_INTERFACE=eth0
- TZ=Australia/Perth
network_mode: host
cap_add:
- NET_ADMIN
volumes:
netatalk_backup:

11
nextcloud-aio/compose.yaml
View file

@ -1,23 +1,24 @@
name: nextcloud-aio
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
container_name: nextcloud-aio-mastercontainer
init: true
network_mode: bridge
restart: always
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 8080:8080
environment:
APACHE_PORT: 11000
APACHE_IP_BINDING: 0.0.0.0
APACHE_ADDITIONAL_NETWORK: proxy
ports:
- '8080:8080'
network_mode: bridge
restart: always
labels:
caddy: cloud.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: "nextcloud-aio-apache:11000"
init: true
volumes:
nextcloud_aio_mastercontainer:

56
notifications/compose.yaml
View file

@ -1,37 +1,10 @@
name: notifications
services:
ntfy:
image: binwiederhier/ntfy
container_name: ntfy
networks:
- default
- proxy
command: serve
volumes:
- ntfy_cache:/var/cache/ntfy
- ntfy_config:/etc/ntfy
- ntfy_data:/var/lib/ntfy
healthcheck:
test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
interval: 60s
timeout: 10s
retries: 3
start_period: 40s
restart: unless-stopped
labels:
caddy: ntfy.fern.garden
caddy.reverse_proxy: "{{upstreams 2586}}"
mollysocket:
image: ghcr.io/mollyim/mollysocket:1
container_name: mollysocket
networks:
- default
- proxy
restart: unless-stopped
volumes:
- mollysocket_data:/data
working_dir: /data
command: server
environment:
- MOLLY_DB=/data/mollysocket.db
- MOLLY_ALLOWED_ENDPOINTS=["https://ntfy.fern.garden"]
@ -40,9 +13,36 @@ services:
- MOLLY_HOST=0.0.0.0
- MOLLY_PORT=8020
- RUST_LOG=info
networks:
- default
- proxy
command: server
working_dir: /data
restart: unless-stopped
labels:
caddy: mollysocket.fern.garden
caddy.reverse_proxy: "{{upstreams 8020}}"
ntfy:
image: binwiederhier/ntfy
container_name: ntfy
volumes:
- ntfy_cache:/var/cache/ntfy
- ntfy_config:/etc/ntfy
- ntfy_data:/var/lib/ntfy
networks:
- default
- proxy
command: serve
restart: unless-stopped
healthcheck:
test: [ "CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1" ]
interval: 60s
timeout: 10s
retries: 3
start_period: 40s
labels:
caddy: ntfy.fern.garden
caddy.reverse_proxy: "{{upstreams 2586}}"
networks:
default:

46
paperless/compose.yaml
View file

@ -1,30 +1,8 @@
name: paperless
services:
paperless_redis:
image: docker.io/library/redis:8
container_name: paperless_redis
restart: unless-stopped
volumes:
- paperless_redis:/data
networks:
- default
paperless_db:
image: docker.io/library/postgres:17
container_name: paperless_db
restart: unless-stopped
volumes:
- paperless_db:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
networks:
- default
paperless:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
container_name: paperless
restart: unless-stopped
depends_on:
- paperless_db
- paperless_redis
@ -66,11 +44,33 @@ services:
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: paperless.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: "{{upstreams 8000}}"
paperless_db:
image: docker.io/library/postgres:17
container_name: paperless_db
volumes:
- paperless_db:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
networks:
- default
restart: unless-stopped
paperless_redis:
image: docker.io/library/redis:8
container_name: paperless_redis
volumes:
- paperless_redis:/data
networks:
- default
restart: unless-stopped
networks:
default:
proxy:

114
qbittorrent/compose.yaml
View file

@ -1,9 +1,41 @@
name: qbittorrent
services:
cross-seed:
image: ghcr.io/cross-seed/cross-seed:6
container_name: cross-seed
volumes:
- cross-seed_config:/config
- /media:/media
networks:
- default
- media
command: daemon
restart: unless-stopped
user: 1000:1800
fertilizer:
image: ghcr.io/moleculekayak/fertilizer:latest
container_name: fertilizer
volumes:
- qbittorrent_config:/torrents:ro
- /media:/media
environment:
- OPS_KEY=${OPS_KEY}
- RED_KEY=${RED_KEY}
- INJECT_TORRENTS=true
- INJECTION_LINK_DIRECTORY=/media/downloads/fertilizer/linked-data
- QBITTORRENT_URL=http://fern:${QBITTORRENT_PASS}@qbittorrent_gluetun:8080
networks:
default:
ipv4_address: 172.16.7.4
command: fertilizer -o /media/downloads/fertilizer/torrent-files -i /torrents/qBittorrent/BT_backup --server
user: 1000:1800
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
restart: unless-stopped
network_mode: service:qbittorrent_gluetun
depends_on:
qbittorrent_gluetun:
condition: service_healthy
volumes:
- qbittorrent_config:/config
- /media:/media
@ -12,27 +44,17 @@ services:
- PUID=1000
- PGID=1800
- TZ=Australia/Perth
network_mode: service:qbittorrent_gluetun
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "curl -sf https://api.ipify.org || exit 1"]
test: [ "CMD-SHELL", "curl -sf https://api.ipify.org || exit 1" ]
interval: 30s
timeout: 10s
retries: 3
depends_on:
qbittorrent_gluetun:
condition: service_healthy
qbittorrent_gluetun:
image: qmcgaw/gluetun
container_name: qbittorrent_gluetun
restart: unless-stopped
networks:
- default
- proxy
- media
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
volumes:
- qbittorrent_gluetun_auth:/gluetun/auth
environment:
@ -44,16 +66,23 @@ services:
- WIREGUARD_ADDRESSES=10.2.0.2/32
- WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
- BLOCK_MALICIOUS=off
networks:
- default
- proxy
- media
restart: unless-stopped
labels:
caddy: qbittorrent.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: "{{upstreams 8080}}"
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
qbittorrent_qsticky:
image: ghcr.io/monstermuffin/qsticky:latest
container_name: qbittorrent_qsticky
networks:
- default
environment:
- QBITTORRENT_HOST=qbittorrent_gluetun
- QBITTORRENT_HTTPS=false
@ -64,57 +93,14 @@ services:
- GLUETUN_AUTH_TYPE=apikey
- GLUETUN_APIKEY=${GLUETUN_APIKEY}
- LOG_LEVEL=INFO
networks:
- default
restart: unless-stopped
healthcheck:
test: ["CMD", "python3", "-c", "import json; exit(0 if json.load(open('/app/health/status.json'))['healthy'] else 1)"]
test: [ "CMD", "python3", "-c", "import json; exit(0 if json.load(open('/app/health/status.json'))['healthy'] else 1)" ]
interval: 30s
timeout: 10s
retries: 3
restart: unless-stopped
# qbittorrent_mamapi:
# image: elforkhead/mamapi
# container_name: qbittorrent_mamapi
# restart: unless-stopped
# network_mode: service:qbittorrent_gluetun
# environment:
# - TZ=Australia/Perth
# - MAM_ID=${MAM_ID}
# volumes:
# - qbittorrent_mamapi_data:/data
# depends_on:
# qbittorrent_gluetun:
# condition: service_healthy
cross-seed:
image: ghcr.io/cross-seed/cross-seed:6
container_name: cross-seed
user: 1000:1800
volumes:
- cross-seed_config:/config
- /media:/media
networks:
- default
- media
command: daemon
restart: unless-stopped
fertilizer:
image: ghcr.io/moleculekayak/fertilizer:latest
container_name: fertilizer
user: 1000:1800
networks:
default:
ipv4_address: 172.16.7.4
volumes:
- qbittorrent_config:/torrents:ro
- /media:/media
environment:
- OPS_KEY=${OPS_KEY}
- RED_KEY=${RED_KEY}
- INJECT_TORRENTS=true
- INJECTION_LINK_DIRECTORY=/media/downloads/fertilizer/linked-data
- QBITTORRENT_URL=http://fern:${QBITTORRENT_PASS}@qbittorrent_gluetun:8080
command: fertilizer -o /media/downloads/fertilizer/torrent-files -i /torrents/qBittorrent/BT_backup --server
networks:
default:

31
romm/compose.yaml
View file

@ -1,8 +1,18 @@
name: romm
services:
romm:
image: rommapp/romm:latest
container_name: romm
restart: unless-stopped
depends_on:
romm_db:
condition: service_healthy
restart: true
volumes:
- romm_resources:/romm/resources # Resources fetched from IGDB (covers, screenshots, etc.)
- romm_redis:/redis-data # Cached data for background tasks
- romm_assets:/romm/assets # Uploaded saves, states, etc.
- romm_config:/romm/config # Path where config.yml is stored
- /media/media/romm:/romm/library/roms:ro # Your game library. Check https://github.com/rommapp/romm?tab=readme-ov-file#folder-structure for more details.
environment:
- DB_HOST=romm_db
- DB_NAME=romm # Should match MARIADB_DATABASE in mariadb
@ -21,19 +31,10 @@ services:
- SCREENSCRAPER_USER=mondas # Use your ScreenScraper username and password
- SCREENSCRAPER_PASSWORD=${SCREENSCRAPER_PASSWORD} # https://docs.romm.app/latest/Getting-Started/Metadata-Providers/#screenscraper
- STEAMGRIDDB_API_KEY=${STEAMGRIDDB_API_KEY} # https://github.com/rommapp/romm/wiki/Metadata-Providers#steamgriddb
volumes:
- romm_resources:/romm/resources # Resources fetched from IGDB (covers, screenshots, etc.)
- romm_redis:/redis-data # Cached data for background tasks
- romm_assets:/romm/assets # Uploaded saves, states, etc.
- romm_config:/romm/config # Path where config.yml is stored
- /media/media/romm:/romm/library/roms:ro # Your game library. Check https://github.com/rommapp/romm?tab=readme-ov-file#folder-structure for more details.
depends_on:
romm_db:
condition: service_healthy
restart: true
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: games.fern.garden
caddy.reverse_proxy: '{{upstreams 8080}}'
@ -41,18 +42,18 @@ services:
romm_db:
image: mariadb:latest
container_name: romm_db
restart: unless-stopped
volumes:
- romm_db:/var/lib/mysql
environment:
- MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD} # Use a unique, secure password
- MARIADB_DATABASE=romm
- MARIADB_USER=romm
- MARIADB_PASSWORD=${MARIADB_PASSWORD}
volumes:
- romm_db:/var/lib/mysql
networks:
- default
restart: unless-stopped
healthcheck:
test: [CMD, healthcheck.sh, --connect, --innodb_initialized]
test: [ CMD, healthcheck.sh, --connect, --innodb_initialized ]
start_period: 30s
start_interval: 10s
interval: 10s

13
scrutiny/compose.yaml
View file

@ -1,17 +1,12 @@
name: scrutiny
services:
scrutiny:
image: ghcr.io/analogj/scrutiny:master-omnibus
container_name: scrutiny
cap_add:
- SYS_RAWIO
volumes:
- /run/udev:/run/udev:ro
- /mnt/docker/scrutiny/influxdb:/opt/scrutiny/influxdb
- /mnt/docker/scrutiny/config:/opt/scrutiny/config
devices:
- /dev/sdc
- /dev/sdd
- /dev/sde
networks:
- default
- proxy
@ -19,6 +14,12 @@ services:
caddy: scrutiny.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{ upstreams 8080 }}'
cap_add:
- SYS_RAWIO
devices:
- /dev/sdc
- /dev/sdd
- /dev/sde
networks:
default:

21
slskd/compose.yaml
View file

@ -1,14 +1,11 @@
name: slskd
services:
slskd:
image: slskd/slskd:latest
container_name: slskd
networks:
- default
- proxy
- media
user: 1000:1800
ports:
- 50300:50300
volumes:
- /mnt/docker/slskd/data:/app
- /media:/media
environment:
- SLSKD_REMOTE_CONFIGURATION=true
- SLSKD_SHARED_DIR=/media/media/lidarr
@ -18,14 +15,18 @@ services:
- SLSKD_PASSWORD=${SLSKD_PASSWORD}
- SLSKD_SLSK_USERNAME=MtQueerie
- SLSKD_SLSK_PASSWORD=${SLSKD_SLSK_PASSWORD}
volumes:
- /mnt/docker/slskd/data:/app
- /media:/media
ports:
- '50300:50300'
networks:
- default
- proxy
- media
restart: unless-stopped
labels:
caddy: slskd.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: "{{upstreams 5030}}"
user: 1000:1800
networks:
default:

23
stash/compose.yaml
View file

@ -1,18 +1,8 @@
name: stash
services:
stash:
image: stashapp/stash:latest
container_name: stash
networks:
- default
- proxy
restart: unless-stopped
environment:
- STASH_STASH=/data/
- STASH_GENERATED=/generated/
- STASH_METADATA=/metadata/
- STASH_CACHE=/cache/
- STASH_BLOBS=/blobs/
- STASH_PORT=9999
volumes:
- /etc/localtime:/etc/localtime:ro
- /media/downloads/porn:/data:ro
@ -21,6 +11,17 @@ services:
- stash_cache:/cache
- stash_blobs:/blobs
- stash_generated:/generated
environment:
- STASH_STASH=/data/
- STASH_GENERATED=/generated/
- STASH_METADATA=/metadata/
- STASH_CACHE=/cache/
- STASH_BLOBS=/blobs/
- STASH_PORT=9999
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: stash.ferngarden.net
caddy.1_import: internal

3
stirling-pdf/compose.yaml
View file

@ -1,3 +1,4 @@
name: stirling-pdf
services:
stirling-pdf:
image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
@ -11,7 +12,6 @@ services:
environment:
- DOCKER_ENABLE_SECURITY=false
- LANGS=en_GB
user: 1000:1000
networks:
- default
- proxy
@ -19,6 +19,7 @@ services:
caddy: pdf.ferngarden.net
caddy.import: internal
caddy.reverse_proxy: '{{ upstreams 8080 }}'
user: 1000:1000
networks:
default:

19
synapse/compose.yaml
View file

@ -1,17 +1,18 @@
name: synapse
services:
synapse:
image: docker.io/matrixdotorg/synapse:latest
container_name: synapse
restart: unless-stopped
depends_on:
- synapse_db
volumes:
- synapse_data:/data
environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
networks:
- default
- proxy
environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
volumes:
- synapse_data:/data
depends_on:
- synapse_db
restart: unless-stopped
labels:
caddy_0: mx.fern.garden
caddy_0.1_reverse_proxy: reverse_proxy /_matrix/* synapse:8008
@ -36,11 +37,11 @@ services:
synapse_db:
image: docker.io/postgres:16-alpine
container_name: synapse_db
volumes:
- synapse_db:/var/lib/postgresql/data
networks:
- default
restart: unless-stopped
volumes:
- synapse_db:/var/lib/postgresql/data
networks:
default:

13
vaultwarden/compose.yaml
View file

@ -1,11 +1,10 @@
name: vaultwarden
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
networks:
- default
- proxy
restart: unless-stopped
volumes:
- vaultwarden_data:/data
environment:
- DOMAIN=https://vault.ferngarden.net
- SMTP_HOST=mail.ferngarden.net
@ -14,8 +13,10 @@ services:
- SMTP_FROM=ornithologist@ferngarden.net
- SMTP_USERNAME=ornithologist@ferngarden.net
- SMTP_PASSWORD=${SMTP_PASSWORD}
volumes:
- vaultwarden_data:/data
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: vault.ferngarden.net
caddy.import: internal

9
wallos/compose.yaml
View file

@ -1,14 +1,15 @@
name: wallosf
services:
wallos:
image: bellamy/wallos:latest
container_name: wallos
restart: unless-stopped
networks:
- default
- proxy
volumes:
- wallos_db:/var/www/html/db
- wallos_logos:/var/www/html/images/uploads/logos
networks:
- default
- proxy
restart: unless-stopped
labels:
caddy: subscriptions.ferngarden.net
caddy.import: internal