diff --git a/13ft/compose.yaml b/13ft/compose.yaml index df4a491..f9e5714 100644 --- a/13ft/compose.yaml +++ b/13ft/compose.yaml @@ -1,13 +1,11 @@ -name: 13ft - services: 13ft: - image: ghcr.io/wasi-master/13ft:latest container_name: 13ft + image: ghcr.io/wasi-master/13ft:latest + restart: unless-stopped networks: - default - proxy - restart: unless-stopped labels: caddy: 13ft.ferngarden.net caddy.import: internal diff --git a/arr/compose.yaml b/arr/compose.yaml index 8e95202..5baf01b 100644 --- a/arr/compose.yaml +++ b/arr/compose.yaml @@ -1,98 +1,158 @@ -name: arr - services: - bazarr: - image: lscr.io/linuxserver/bazarr:latest - container_name: bazarr - volumes: - - bazarr_config:/config - - /media:/media - environment: - - PUID=1000 - - PGID=1800 - - TZ=Australia/Perth - networks: - - default - - media - - proxy - restart: unless-stopped - labels: - caddy: bazarr.ferngarden.net - caddy.1_import: internal - caddy.2_import: authentik - - cleanuparr: - image: ghcr.io/cleanuparr/cleanuparr:latest - container_name: cleanuparr - volumes: - - /mnt/docker/cleanuparr/config:/config - - /media:/media - environment: - - TZ=Australia/Perth - - PUID=1000 - - PGID=1800 - networks: - - default - - proxy - - media - restart: unless-stopped - labels: - caddy: cleanuparr.ferngarden.net - caddy.import: internal - caddy.reverse_proxy: '{{ upstreams 11011 }}' - - flaresolverr: - image: ghcr.io/flaresolverr/flaresolverr:latest - container_name: flaresolverr - environment: - - LOG_LEVEL=info - - LOG_HTML=false - - CAPTCHA_SOLVER=none - - TZ=Australia/Perth - networks: - - default - restart: unless-stopped - - jackett: - image: lscr.io/linuxserver/jackett:latest - container_name: jackett - volumes: - - jackett_config:/config - - jackett_downloads:/downloads - environment: - - PUID=1000 - - PGID=1800 - - TZ=Australia/Perth - networks: - - default - - media - - proxy - restart: unless-stopped - labels: - caddy: jackett.ferngarden.net - caddy.1_import: internal - caddy.2_import: authentik jellyseerr: image: ghcr.io/fallenbagel/jellyseerr:latest container_name: jellyseerr - volumes: - - jellyseerr_config:/app/config - environment: - - LOG_LEVEL=debug - - TZ=Australia/Perth networks: - default - proxy - media + environment: + - LOG_LEVEL=debug + - TZ=Australia/Perth + volumes: + - jellyseerr_config:/app/config restart: unless-stopped labels: caddy: jellyseerr.fern.garden caddy.import: internal caddy.reverse_proxy: "{{upstreams 5055}}" + jackett: + image: lscr.io/linuxserver/jackett:latest + container_name: jackett + networks: + - default + - media + - proxy + environment: + - PUID=1000 + - PGID=1800 + - TZ=Australia/Perth + volumes: + - jackett_config:/config + - jackett_downloads:/downloads + restart: unless-stopped + labels: + caddy: jackett.ferngarden.net + caddy.1_import: internal + caddy.2_import: authentik + + prowlarr: + image: lscr.io/linuxserver/prowlarr:latest + container_name: prowlarr + networks: + - default + - media + - proxy + environment: + - PUID=1000 + - PGID=1800 + - TZ=Australia/Perth + volumes: + - prowlarr_config:/config + restart: unless-stopped + labels: + caddy: prowlarr.ferngarden.net + caddy.1_import: internal + caddy.2_import: authentik + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: flaresolverr + networks: + - default + environment: + - LOG_LEVEL=info + - LOG_HTML=false + - CAPTCHA_SOLVER=none + - TZ=Australia/Perth + restart: unless-stopped + + bazarr: + image: lscr.io/linuxserver/bazarr:latest + container_name: bazarr + networks: + - default + - media + - proxy + environment: + - PUID=1000 + - PGID=1800 + - TZ=Australia/Perth + volumes: + - bazarr_config:/config + - /media:/media + restart: unless-stopped + labels: + caddy: bazarr.ferngarden.net + caddy.1_import: internal + caddy.2_import: authentik + + sonarr: + image: lscr.io/linuxserver/sonarr:latest + container_name: sonarr + networks: + - default + - media + - proxy + environment: + - PUID=1000 + - PGID=1800 + - TZ=Australia/Perth + volumes: + - sonarr_config:/config + - /media:/media + restart: unless-stopped + labels: + caddy: sonarr.ferngarden.net + caddy.1_import: internal + caddy.2_import: authentik + + radarr: + image: lscr.io/linuxserver/radarr:latest + container_name: radarr + networks: + - default + - media + - proxy + environment: + - PUID=1000 + - PGID=1800 + - TZ=Australia/Perth + volumes: + - radarr_config:/config + - /media:/media + restart: unless-stopped + labels: + caddy: radarr.ferngarden.net + caddy.1_import: internal + caddy.2_import: authentik + + lidarr: + image: blampe/lidarr:latest + container_name: lidarr + networks: + - default + - media + - proxy + environment: + - PUID=1000 + - PGID=1800 + - TZ=Australia/Perth + volumes: + - lidarr_config:/config + - /mnt/docker/beets/config:/beets + - ./install_beets.bash:/custom-cont-init.d/install_beets.bash:ro + - /media:/media + restart: unless-stopped + labels: + caddy: lidarr.ferngarden.net + caddy.1_import: internal + caddy.2_import: authentik + kapowarr: - image: mrcas/kapowarr:latest container_name: kapowarr + image: mrcas/kapowarr:latest volumes: - /mnt/docker/kapowarr/database:/app/db - /media:/media @@ -108,158 +168,75 @@ services: letterboxd-list-radarr: image: screeny05/letterboxd-list-radarr:latest container_name: letterboxd-list-radarr - depends_on: - - letterboxd-list-radarr_redis + restart: unless-stopped + networks: + - default environment: - REDIS_URL=redis://letterboxd-list-radarr_redis:6379 - networks: - - default - restart: unless-stopped + depends_on: + - letterboxd-list-radarr_redis letterboxd-list-radarr_redis: - image: redis:6.0 container_name: letterboxd-list-radarr_redis + restart: unless-stopped + networks: + - default volumes: - letterboxd-list-radarr_redis:/data - networks: - - default - restart: unless-stopped + image: redis:6.0 - lidarr: - image: blampe/lidarr:latest - container_name: lidarr - volumes: - - lidarr_config:/config - - /mnt/docker/beets/config:/beets - - ./install_beets.bash:/custom-cont-init.d/install_beets.bash:ro - - /media:/media - environment: - - PUID=1000 - - PGID=1800 - - TZ=Australia/Perth + soularr: + image: mrusse08/soularr:latest + container_name: soularr networks: - default - media - - proxy - restart: unless-stopped - labels: - caddy: lidarr.ferngarden.net - caddy.1_import: internal - caddy.2_import: authentik - - lidarr-audiobooks: - image: blampe/lidarr:latest - container_name: lidarr-audiobooks - volumes: - - /mnt/docker/lidarr-audiobooks/config:/config - - /media:/media + user: 1000:1800 environment: - - PUID=1000 - - PGID=1800 - TZ=Australia/Perth + - SCRIPT_INTERVAL=300 + volumes: + - /media:/media + - /mnt/docker/soularr/config:/data + restart: unless-stopped + + cleanuparr: + image: ghcr.io/cleanuparr/cleanuparr:latest + container_name: cleanuparr + restart: unless-stopped networks: - default - - media - proxy - ports: - - 8686:8686 - restart: unless-stopped + - media + volumes: + - /mnt/docker/cleanuparr/config:/config + - /media:/media + environment: + - TZ=Australia/Perth + - PUID=1000 + - PGID=1800 labels: - caddy: lidarr-audiobooks.ferngarden.net - caddy.1_import: internal - caddy.2_import: authentik - + caddy: cleanuparr.ferngarden.net + caddy.import: internal + caddy.reverse_proxy: '{{ upstreams 11011 }}' + profilarr: image: santiagosayshey/profilarr:latest container_name: profilarr + networks: + - default + - media + - proxy volumes: - profilarr_config:/config environment: - TZ=Australia/Perth - networks: - - default - - media - - proxy restart: unless-stopped labels: caddy: profilarr.ferngarden.net caddy.import: internal caddy.reverse_proxy: "{{upstreams 6868}}" - prowlarr: - image: lscr.io/linuxserver/prowlarr:latest - container_name: prowlarr - volumes: - - prowlarr_config:/config - environment: - - PUID=1000 - - PGID=1800 - - TZ=Australia/Perth - networks: - - default - - media - - proxy - restart: unless-stopped - labels: - caddy: prowlarr.ferngarden.net - caddy.1_import: internal - caddy.2_import: authentik - - radarr: - image: lscr.io/linuxserver/radarr:latest - container_name: radarr - volumes: - - radarr_config:/config - - /media:/media - environment: - - PUID=1000 - - PGID=1800 - - TZ=Australia/Perth - networks: - - default - - media - - proxy - restart: unless-stopped - labels: - caddy: radarr.ferngarden.net - caddy.1_import: internal - caddy.2_import: authentik - - sonarr: - image: lscr.io/linuxserver/sonarr:latest - container_name: sonarr - volumes: - - sonarr_config:/config - - /media:/media - environment: - - PUID=1000 - - PGID=1800 - - TZ=Australia/Perth - networks: - - default - - media - - proxy - restart: unless-stopped - labels: - caddy: sonarr.ferngarden.net - caddy.1_import: internal - caddy.2_import: authentik - - soularr: - image: mrusse08/soularr:latest - container_name: soularr - volumes: - - /media:/media - - /mnt/docker/soularr/config:/data - environment: - - TZ=Australia/Perth - - SCRIPT_INTERVAL=300 - networks: - - default - - media - restart: unless-stopped - user: 1000:1800 - networks: default: proxy: diff --git a/audiobookshelf/compose.yaml b/audiobookshelf/compose.yaml index d13a9a4..0c1bb78 100644 --- a/audiobookshelf/compose.yaml +++ b/audiobookshelf/compose.yaml @@ -1,19 +1,17 @@ -name: audiobookshelf - services: audiobookshelf: image: ghcr.io/advplyr/audiobookshelf:latest container_name: audiobookshelf + restart: unless-stopped + networks: + - default + - proxy volumes: - audiobookshelf_config:/config - audiobookshelf_metadata:/metadata - /media:/media environment: - TZ=Australia/Perth - networks: - - default - - proxy - restart: unless-stopped labels: caddy: audiobooks.fern.garden caddy.reverse_proxy: "{{upstreams 80}}" diff --git a/authentik/compose.yaml b/authentik/compose.yaml index 9f5ab72..f8664b2 100644 --- a/authentik/compose.yaml +++ b/authentik/compose.yaml @@ -1,114 +1,47 @@ -name: authentik - services: - authentik: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} - container_name: authentik - depends_on: - authentik_db: - condition: service_healthy - authentik_redis: - condition: service_healthy - volumes: - - authentik_media:/media - - authentik_templates:/templates - environment: - - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - - AUTHENTIK_REDIS__HOST=authentik_redis - - AUTHENTIK_POSTGRESQL__HOST=authentik_db - - AUTHENTIK_POSTGRESQL__USER=authentik - - AUTHENTIK_POSTGRESQL__NAME=authentik - - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - - AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true - networks: - - default - - proxy - command: server - restart: unless-stopped - labels: - caddy: auth.fern.garden - caddy.reverse_proxy: "{{upstreams 9000}}" authentik_db: image: docker.io/library/postgres:16-alpine container_name: authentik_db + networks: + - default + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s volumes: - authentik_db:/var/lib/postgresql/data environment: - POSTGRES_USER=authentik - POSTGRES_DB=authentik - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - networks: - - default - restart: unless-stopped - healthcheck: - test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] - start_period: 20s - interval: 30s - retries: 5 - timeout: 5s - - authentik_ldap: - image: ghcr.io/goauthentik/ldap:${AUTHENTIK_VERSION} - container_name: authentik_ldap - depends_on: - authentik: - condition: service_healthy - authentik_worker: - condition: service_healthy - environment: - - AUTHENTIK_HOST=http://authentik:9000 - - AUTHENTIK_HOST_BROWSER=https://auth.fern.garden - - AUTHENTIK_INSECURE=true - - AUTHENTIK_TOKEN=${AUTHENTIK_LDAP_TOKEN} - networks: - - default - - authentik_proxy: - image: ghcr.io/goauthentik/proxy:${AUTHENTIK_VERSION} - container_name: authentik_proxy - depends_on: - authentik: - condition: service_healthy - authentik_worker: - condition: service_healthy - environment: - - AUTHENTIK_HOST=http://authentik:9000 - - AUTHENTIK_HOST_BROWSER=https://auth.fern.garden - - AUTHENTIK_INSECURE=true - - AUTHENTIK_TOKEN=${AUTHENTIK_PROXY_TOKEN} - networks: - - default - - proxy authentik_redis: image: docker.io/library/redis:alpine container_name: authentik_redis - volumes: - - authentik_redis:/data networks: - default command: --save 60 1 --loglevel warning restart: always healthcheck: - test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ] + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s - - authentik_worker: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} - container_name: authentik_worker - depends_on: - authentik_db: - condition: service_healthy - authentik_redis: - condition: service_healthy volumes: - - /var/run/docker.sock:/var/run/docker.sock - - authentik_media:/media - - authentik_templates:/templates - - authentik_certs:/certs + - authentik_redis:/data + + authentik: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} + container_name: authentik + networks: + - default + - proxy + restart: unless-stopped + command: server environment: - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - AUTHENTIK_REDIS__HOST=authentik_redis @@ -117,16 +50,80 @@ services: - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true + volumes: + - authentik_media:/media + - authentik_templates:/templates + depends_on: + authentik_db: + condition: service_healthy + authentik_redis: + condition: service_healthy + labels: + caddy: auth.fern.garden + caddy.reverse_proxy: "{{upstreams 9000}}" + + authentik_worker: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} + container_name: authentik_worker networks: - default - command: worker restart: unless-stopped + command: worker + environment: + - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} + - AUTHENTIK_REDIS__HOST=authentik_redis + - AUTHENTIK_POSTGRESQL__HOST=authentik_db + - AUTHENTIK_POSTGRESQL__USER=authentik + - AUTHENTIK_POSTGRESQL__NAME=authentik + - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} + - AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - authentik_media:/media + - authentik_templates:/templates + - authentik_certs:/certs + depends_on: + authentik_db: + condition: service_healthy + authentik_redis: + condition: service_healthy -networks: - default: - proxy: - external: true + authentik_proxy: + image: ghcr.io/goauthentik/proxy:${AUTHENTIK_VERSION} + container_name: authentik_proxy + networks: + - default + - proxy + environment: + - AUTHENTIK_HOST=http://authentik:9000 + - AUTHENTIK_HOST_BROWSER=https://auth.fern.garden + - AUTHENTIK_INSECURE=true + - AUTHENTIK_TOKEN=${AUTHENTIK_PROXY_TOKEN} + depends_on: + authentik: + condition: service_healthy + authentik_worker: + condition: service_healthy + + authentik_ldap: + image: ghcr.io/goauthentik/ldap:${AUTHENTIK_VERSION} + container_name: authentik_ldap + networks: + - default + ports: + - 389:3389 + - 636:6636 + environment: + - AUTHENTIK_HOST=http://authentik:9000 + - AUTHENTIK_HOST_BROWSER=https://auth.fern.garden + - AUTHENTIK_INSECURE=true + - AUTHENTIK_TOKEN=${AUTHENTIK_LDAP_TOKEN} + depends_on: + authentik: + condition: service_healthy + authentik_worker: + condition: service_healthy volumes: authentik_db: @@ -139,3 +136,8 @@ volumes: name: authentik_certs authentik_templates: name: authentik_templates + +networks: + default: + proxy: + external: true diff --git a/caddy/compose.yaml b/caddy/compose.yaml index 6fd6585..220d80b 100644 --- a/caddy/compose.yaml +++ b/caddy/compose.yaml @@ -1,27 +1,30 @@ -name: caddy services: caddy: image: ghcr.io/firewalkwithm3/caddy:latest container_name: caddy - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./Caddyfile:/etc/caddy/Caddyfile - - /srv:/srv - - caddy_data:/data + restart: unless-stopped + ports: + - 80:80 + - 443:443 + - 443:443/udp + networks: + - default + - proxy + - traefik environment: - CADDY_INGRESS_NETWORKS=proxy - CF_API_TOKEN=${CF_API_TOKEN} - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} - CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile - ports: - - '80:80' - - '443:443' - - '443:443/udp' - networks: - - default - - proxy - - traefik - restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./Caddyfile:/etc/caddy/Caddyfile + - /srv:/srv + - caddy_data:/data + +volumes: + caddy_data: + name: caddy_data networks: default: @@ -29,7 +32,3 @@ networks: external: true traefik: external: true - -volumes: - caddy_data: - name: caddy_data diff --git a/calibre/compose.yaml b/calibre/compose.yaml index 803e26d..c71c2ea 100644 --- a/calibre/compose.yaml +++ b/calibre/compose.yaml @@ -1,30 +1,27 @@ -name: calibre services: calibre-web-automated: image: crocodilestick/calibre-web-automated:latest container_name: calibre-web-automated - volumes: - - /mnt/docker/calibre-web-automated/config:/config - - /media/media/calibre/ingest:/cwa-book-ingest - - /media/media/calibre/library:/calibre-library environment: - PUID=1000 - PGID=1800 - TZ=Australia/Perth + volumes: + - /mnt/docker/calibre-web-automated/config:/config + - /media/media/calibre/ingest:/cwa-book-ingest + - /media/media/calibre/library:/calibre-library networks: - default - proxy - media - restart: unless-stopped labels: caddy: books.fern.garden caddy.reverse_proxy: '{{ upstreams 8083 }}' + restart: unless-stopped cwa-downloader: image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest container_name: cwa-downloader - volumes: - - /media/media/calibre/ingest:/cwa-book-ingest environment: FLASK_PORT: 8084 LOG_LEVEL: info @@ -34,15 +31,19 @@ services: APP_ENV: prod UID: 1000 GID: 1800 + CWA_DB_PATH: /auth/app.db networks: - default - media - proxy restart: unless-stopped + volumes: + - /media/media/calibre/ingest:/cwa-book-ingest + - /mnt/docker/calibre-web-automated/downloader/app.db:/auth/app.db:ro labels: caddy: books-dl.ferngarden.net caddy.import: internal - caddy.reverse_proxy: '{{ upstreams 8084 }}' + cadyd.reverse_proxy: '{{ upstreams 8084 }}' networks: default: diff --git a/dozzle/compose.yaml b/dozzle/compose.yaml index af3f128..0942c2d 100644 --- a/dozzle/compose.yaml +++ b/dozzle/compose.yaml @@ -1,11 +1,7 @@ -name: dozzle services: dozzle: image: amir20/dozzle:latest container_name: dozzle - environment: - DOZZLE_AUTH_PROVIDER: forward-proxy - DOZZLE_REMOTE_HOST: tcp://docker_socket_proxy:2375|docker.local,tcp://10.0.1.105:2375|minecraft.local,tcp://10.0.1.4:2375|weebill.local networks: - default - metrics @@ -14,6 +10,9 @@ services: caddy: dozzle.ferngarden.net caddy.1_import: internal caddy.2_import: authentik + environment: + DOZZLE_AUTH_PROVIDER: forward-proxy + DOZZLE_REMOTE_HOST: tcp://docker_socket_proxy:2375|docker.local,tcp://10.0.1.105:2375|minecraft.local,tcp://10.0.1.4:2375|weebill.local networks: default: diff --git a/forgejo/compose.yaml b/forgejo/compose.yaml index e565f3a..9b826e0 100644 --- a/forgejo/compose.yaml +++ b/forgejo/compose.yaml @@ -1,26 +1,12 @@ -name: forgejo services: - forgejo_db: - image: postgres:14 - container_name: forgejo_db - volumes: - - forgejo_db:/var/lib/postgresql/data - environment: - - POSTGRES_USER=forgejo - - POSTGRES_DB=forgejo - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - networks: - - default - restart: unless-stopped server: image: codeberg.org/forgejo/forgejo:11 container_name: forgejo - depends_on: - - forgejo_db - volumes: - - forgejo_data:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro + networks: + - proxy + - default + ports: + - 222:22 environment: - USER_UID=1000 - USER_GID=1000 @@ -29,16 +15,30 @@ services: - FORGEJO__database__NAME=forgejo - FORGEJO__database__USER=forgejo - FORGEJO__database__PASSWD=${POSTGRES_PASSWORD} - ports: - - '222:22' - networks: - - proxy - - default restart: unless-stopped + volumes: + - forgejo_data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + depends_on: + - forgejo_db labels: caddy: git.fern.garden caddy.reverse_proxy: "{{upstreams 3000}}" + forgejo_db: + image: postgres:14 + container_name: forgejo_db + networks: + - default + restart: unless-stopped + environment: + - POSTGRES_USER=forgejo + - POSTGRES_DB=forgejo + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + volumes: + - forgejo_db:/var/lib/postgresql/data + networks: default: proxy: diff --git a/grocy/compose.yaml b/grocy/compose.yaml index 25aeaea..bc132e8 100644 --- a/grocy/compose.yaml +++ b/grocy/compose.yaml @@ -1,10 +1,7 @@ -name: grocy services: grocy: image: lscr.io/linuxserver/grocy:latest container_name: grocy - volumes: - - grocy_config:/config environment: - PUID=1000 - PGID=1000 @@ -13,11 +10,13 @@ services: - GROCY_FEATURE_FLAG_SHOPPINGLIST=false - GROCY_FEATURE_FLAG_STOCK=false - GROCY_CURRENCY=AUD - ports: - - '9192:80' networks: - default - proxy + ports: + - 9192:80 + volumes: + - grocy_config:/config restart: unless-stopped labels: caddy: grocy.ferngarden.net diff --git a/homebox/compose.yaml b/homebox/compose.yaml index f767f1e..93b2ac8 100644 --- a/homebox/compose.yaml +++ b/homebox/compose.yaml @@ -1,19 +1,18 @@ -name: homebox services: homebox: image: ghcr.io/sysadminsmedia/homebox:latest-rootless container_name: homebox + restart: unless-stopped + environment: + - HBOX_LOG_LEVEL=info + - HBOX_LOG_FORMAT=text + - HBOX_WEB_MAX_FILE_UPLOAD=10 + - HBOX_OPTIONS_ALLOW_ANALYTICS=false volumes: - homebox_data:/data/ - environment: - - HBOX_LOG_LEVEL=info - - HBOX_LOG_FORMAT=text - - HBOX_WEB_MAX_FILE_UPLOAD=10 - - HBOX_OPTIONS_ALLOW_ANALYTICS=false networks: - default - proxy - restart: unless-stopped labels: caddy: homebox.ferngarden.net caddy.import: internal @@ -25,5 +24,5 @@ networks: external: true volumes: - homebox_data: - name: homebox_data + homebox_data: + name: homebox_data \ No newline at end of file diff --git a/homepage/compose.yaml b/homepage/compose.yaml index 2135dba..494eb3c 100644 --- a/homepage/compose.yaml +++ b/homepage/compose.yaml @@ -1,22 +1,21 @@ -name: homepage services: homepage: image: ghcr.io/gethomepage/homepage:latest container_name: homepage volumes: - /mnt/docker/homepage/config:/app/config + user: 1000:1000 + restart: unless-stopped environment: HOMEPAGE_ALLOWED_HOSTS: dash.ferngarden.net networks: - default - proxy - metrics - restart: unless-stopped labels: caddy: dash.ferngarden.net caddy.import: internal caddy.reverse_proxy: '{{ upstreams 3000 }}' - user: 1000:1000 networks: proxy: diff --git a/hortusfox/compose.yaml b/hortusfox/compose.yaml index 1d71b96..361ed88 100644 --- a/hortusfox/compose.yaml +++ b/hortusfox/compose.yaml @@ -1,10 +1,7 @@ -name: hortusfox services: hortusfox: image: ghcr.io/danielbrendel/hortusfox-web:latest container_name: hortusfox - depends_on: - - hortusfox_db volumes: - hortusfox_images:/var/www/html/public/img - hortusfox_logs:/var/www/html/hortusfox/logs @@ -24,6 +21,8 @@ services: networks: - default - proxy + depends_on: + - hortusfox_db labels: caddy: hortusfox.ferngarden.net caddy.import: internal @@ -32,16 +31,16 @@ services: hortusfox_db: image: mariadb container_name: hortusfox_db - volumes: - - hortusfox_db:/var/lib/mysql + restart: always environment: MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} MYSQL_DATABASE: hortusfox MYSQL_USER: hortusfox MYSQL_PASSWORD: ${MYSQL_PASSWORD} + volumes: + - hortusfox_db:/var/lib/mysql networks: - default - restart: always networks: default: @@ -56,4 +55,3 @@ volumes: hortusfox_themes: hortusfox_migrate: - diff --git a/immich/compose.yaml b/immich/compose.yaml index 0ff1967..7cc6f3d 100644 --- a/immich/compose.yaml +++ b/immich/compose.yaml @@ -1,21 +1,23 @@ -name: immich services: immich: - image: ghcr.io/immich-app/immich-server:release container_name: immich - depends_on: - - immich_db - - immich_redis + hostname: immich-server + image: ghcr.io/immich-app/immich-server:release volumes: - immich_library:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro + networks: + - default + - proxy environment: - DB_USERNAME=postgres - DB_DATABASE_NAME=immich - DB_PASSWORD=${DB_PASSWORD} - networks: - - default - - proxy + devices: + - /dev/dri:/dev/dri + depends_on: + - immich_redis + - immich_db restart: unless-stopped healthcheck: disable: false @@ -23,28 +25,12 @@ services: caddy: photos.ferngarden.net caddy.import: internal caddy.reverse_proxy: "{{upstreams 2283}}" - devices: - - /dev/dri:/dev/dri - hostname: immich-server - immich_db: - image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0@sha256:fa4f6e0971f454cd95fec5a9aaed2ed93d8f46725cc6bc61e0698e97dba96da1 - container_name: immich_db - volumes: - - immich_db:/var/lib/postgresql/data - environment: - - POSTGRES_PASSWORD=${DB_PASSWORD} - - POSTGRES_USER=postgres - - POSTGRES_DB=immich - - POSTGRES_INITDB_ARGS='--data-checksums' - networks: - - default - restart: always - hostname: database immich_ml: - image: ghcr.io/immich-app/immich-machine-learning:release container_name: immich_ml + hostname: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:release volumes: - immich_ml_cache:/cache networks: @@ -52,17 +38,31 @@ services: restart: unless-stopped healthcheck: disable: false - hostname: immich-machine-learning immich_redis: - image: docker.io/valkey/valkey:8-bookworm@sha256:ff21bc0f8194dc9c105b769aeabf9585fea6a8ed649c0781caeac5cb3c247884 container_name: immich_redis + hostname: redis + image: docker.io/valkey/valkey:8-bookworm@sha256:ff21bc0f8194dc9c105b769aeabf9585fea6a8ed649c0781caeac5cb3c247884 networks: - default - restart: unless-stopped healthcheck: test: redis-cli ping || exit 1 - hostname: redis + restart: unless-stopped + + immich_db: + container_name: immich_db + hostname: database + image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0@sha256:fa4f6e0971f454cd95fec5a9aaed2ed93d8f46725cc6bc61e0698e97dba96da1 + networks: + - default + environment: + - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_USER=postgres + - POSTGRES_DB=immich + - POSTGRES_INITDB_ARGS='--data-checksums' + volumes: + - immich_db:/var/lib/postgresql/data + restart: always networks: default: diff --git a/it-tools/compose.yaml b/it-tools/compose.yaml index 851f1b5..ba981d3 100644 --- a/it-tools/compose.yaml +++ b/it-tools/compose.yaml @@ -1,12 +1,11 @@ -name: it-tools services: it-tools: image: corentinth/it-tools:latest container_name: it-tools + restart: unless-stopped networks: - default - proxy - restart: unless-stopped labels: caddy: it-tools.ferngarden.net caddy.import: internal diff --git a/jellyfin/compose.yaml b/jellyfin/compose.yaml index eeb28ab..7998308 100644 --- a/jellyfin/compose.yaml +++ b/jellyfin/compose.yaml @@ -1,14 +1,25 @@ -name: jellyfin services: jellyfin: image: jellyfin/jellyfin container_name: jellyfin + user: 1000:1800 + group_add: + - 992 + devices: + - /dev/dri/renderD128:/dev/dri/renderD128 + networks: + - default + - proxy + - media volumes: - jellyfin_cache:/var/cache/jellyfin - jellyfin_config:/etc/jellyfin - jellyfin_data:/var/lib/jellyfin - jellyfin_logs:/var/log/jellyfin - /media:/media + restart: unless-stopped + ports: + - 8096:8096 environment: - JELLYFIN_PublishedServerUrl=https://jellyfin.fern.garden - JELLYFIN_CACHE_DIR=/var/cache/jellyfin @@ -16,30 +27,38 @@ services: - JELLYFIN_DATA_DIR=/var/lib/jellyfin - JELLYFIN_LOG_DIR=/var/log/jellyfin - TZ=Australia/Perth - ports: - - '8096:8096' - networks: - - default - - proxy - - media - restart: unless-stopped labels: caddy: jellyfin.fern.garden caddy.@blacklist.not.path: "/metrics" caddy.reverse_proxy: "@blacklist {{upstreams 8096}}" - user: 1000:1800 - devices: - - /dev/dri/renderD128:/dev/dri/renderD128 - group_add: - - 992 + + jellystat_db: + image: postgres:15.2 + shm_size: '1gb' + container_name: jellystat_db + restart: unless-stopped + logging: + driver: "json-file" + options: + max-file: "5" + max-size: "10m" + environment: + POSTGRES_USER: jellystat + POSTGRES_PASSWORD: ${JELLYSTAT_POSTGRES_PASSWORD} + networks: + - default + volumes: + - jellystat_db:/var/lib/postgresql/data jellystat: image: cyfershepard/jellystat:latest container_name: jellystat - depends_on: - - jellystat_db - volumes: - - jellystat_data:/app/backend/backup-data + restart: unless-stopped + logging: + driver: "json-file" + options: + max-file: "5" + max-size: "10m" environment: POSTGRES_USER: jellystat POSTGRES_PASSWORD: ${JELLYSTAT_POSTGRES_PASSWORD} @@ -49,38 +68,18 @@ services: JS_USER: fern JS_PASSWORD: ${JELLYSTAT_PASSWORD} TZ: Australia/Perth + volumes: + - jellystat_data:/app/backend/backup-data networks: - default - proxy - restart: unless-stopped - logging: - driver: "json-file" - options: - max-file: "5" - max-size: "10m" + depends_on: + - jellystat_db labels: caddy: jellystat.ferngarden.net caddy.import: internal caddy.reverse_proxy: '{{upstreams 3000}}' - jellystat_db: - image: postgres:15.2 - container_name: jellystat_db - volumes: - - jellystat_db:/var/lib/postgresql/data - environment: - POSTGRES_USER: jellystat - POSTGRES_PASSWORD: ${JELLYSTAT_POSTGRES_PASSWORD} - networks: - - default - restart: unless-stopped - logging: - driver: "json-file" - options: - max-file: "5" - max-size: "10m" - shm_size: '1gb' - networks: default: media: diff --git a/komga/compose.yaml b/komga/compose.yaml index 5dcab93..da862b0 100644 --- a/komga/compose.yaml +++ b/komga/compose.yaml @@ -1,4 +1,3 @@ -name: komga services: komga: image: gotson/komga @@ -6,18 +5,18 @@ services: volumes: - komga_config:/config - /media:/media:ro + user: "1000:1800" environment: - TZ=Australia/Perth - KOMGA_OAUTH2_ACCOUNT_CREATION=true + restart: unless-stopped networks: - default - media - proxy - restart: unless-stopped labels: caddy: comics.fern.garden caddy.reverse_proxy: '{{upstreams 25600}}' - user: "1000:1800" networks: default: @@ -28,4 +27,4 @@ networks: volumes: komga_config: - name: komga_config + name: komga_config \ No newline at end of file diff --git a/linkwarden/compose.yaml b/linkwarden/compose.yaml index c4f4755..1ed65b5 100644 --- a/linkwarden/compose.yaml +++ b/linkwarden/compose.yaml @@ -1,12 +1,18 @@ -name: linkwarden services: + linkwarden_db: + image: postgres:16-alpine + container_name: linkwarden_db + environment: + - POSTGRES_USER=linkwarden + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DB=linkwarden + restart: always + volumes: + - /mnt/docker/linkwarden/database:/var/lib/postgresql/data + networks: + - default linkwarden: image: ghcr.io/linkwarden/linkwarden:latest - depends_on: - - linkwarden_db - - linkwarden_search - volumes: - - /mnt/docker/linkwarden/data:/data/data environment: - DATABASE_URL=postgresql://linkwarden:${POSTGRES_PASSWORD}@linkwarden_db:5432/linkwarden - MEILI_HOST=linkwarden_search @@ -16,34 +22,27 @@ services: - AUTHENTIK_ISSUER=https://auth.fern.garden/application/o/linkwarden - AUTHENTIK_CLIENT_ID=${AUTHENTIK_CLIENT_ID} - AUTHENTIK_CLIENT_SECRET=${AUTHENTIK_CLIENT_SECRET} + restart: always + volumes: + - /mnt/docker/linkwarden/data:/data/data + depends_on: + - linkwarden_db + - linkwarden_search networks: - default - proxy - restart: always labels: caddy: linkwarden.ferngarden.net caddy.import: internal caddy.reverse_proxy: '{{ upstreams 3000 }}' - linkwarden_db: - image: postgres:16-alpine - container_name: linkwarden_db - volumes: - - /mnt/docker/linkwarden/database:/var/lib/postgresql/data - environment: - - POSTGRES_USER=linkwarden - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_DB=linkwarden - networks: - - default - restart: always linkwarden_search: image: getmeili/meilisearch:v1.12.8 container_name: linkwarden_search + restart: always volumes: - /mnt/docker/linkwarden/search:/meili_data networks: - default - restart: always networks: default: diff --git a/mailserver/compose.yaml b/mailserver/compose.yaml index 5e5882b..2eb787d 100644 --- a/mailserver/compose.yaml +++ b/mailserver/compose.yaml @@ -1,8 +1,19 @@ -name: mailserver services: mailserver: image: ghcr.io/docker-mailserver/docker-mailserver:latest container_name: mailserver + hostname: mail.ferngarden.net + env_file: mailserver.env + environment: + SSL_TYPE: manual + SSL_CERT_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.crt + SSL_KEY_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.key + ports: + - "25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead) + - "143:143" # IMAP4 (explicit TLS => STARTTLS) + - "465:465" # ESMTP (implicit TLS) + - "587:587" # ESMTP (explicit TLS => STARTTLS) + - "993:993" # IMAP4 (implicit TLS) volumes: - mailserver_data:/var/mail/ - mailserver_state:/var/mail-state/ @@ -10,24 +21,12 @@ services: - mailserver_config:/tmp/docker-mailserver/ - /etc/localtime:/etc/localtime:ro - caddy_data:/srv/tls - environment: - SSL_TYPE: manual - SSL_CERT_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.crt - SSL_KEY_PATH: /srv/tls/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.ferngarden.net/wildcard_.ferngarden.net.key - env_file: mailserver.env - ports: - - '25:25' # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead) - - '143:143' # IMAP4 (explicit TLS => STARTTLS) - - '465:465' # ESMTP (implicit TLS) - - '587:587' # ESMTP (explicit TLS => STARTTLS) - - '993:993' # IMAP4 (implicit TLS) restart: always + stop_grace_period: 1m healthcheck: test: "ss --listening --ipv4 --tcp | grep --silent ':smtp' || exit 1" timeout: 3s retries: 0 - hostname: mail.ferngarden.net - stop_grace_period: 1m volumes: mailserver_data: @@ -39,4 +38,4 @@ volumes: mailserver_config: name: mailserver_config caddy_data: - external: true + external: true \ No newline at end of file diff --git a/memos/compose.yaml b/memos/compose.yaml new file mode 100644 index 0000000..675538d --- /dev/null +++ b/memos/compose.yaml @@ -0,0 +1,43 @@ +services: + memos: + image: neosmemo/memos:stable + container_name: memos + restart: unless-stopped + networks: + - default + - proxy + depends_on: + - memos_db + volumes: + - memos_data:/var/opt/memos + environment: + - MEMOS_DRIVER=postgres + - MEMOS_DSN=user=memos password=${POSTGRES_PASSWORD} dbname=memosdb host=memos_db sslmode=disable + labels: + caddy: memos.ferngarden.net + caddy.import: internal + caddy.reverse_proxy: "{{upstreams 5230}}" + + memos_db: + image: postgres:16.1 + container_name: memos_db + restart: unless-stopped + networks: + - default + volumes: + - memos_db:/var/lib/postgresql/data/ + environment: + - POSTGRES_USER=memos + - POSTGRES_DB=memosdb + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + +networks: + default: + proxy: + external: true + +volumes: + memos_db: + name: memos_db + memos_data: + name: memos_data diff --git a/metrics/compose.yaml b/metrics/compose.yaml index 0917beb..a64bb26 100644 --- a/metrics/compose.yaml +++ b/metrics/compose.yaml @@ -1,33 +1,32 @@ -name: metrics services: docker_socket_proxy: image: ghcr.io/tecnativa/docker-socket-proxy:latest container_name: docker_socket_proxy - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only environment: - CONTAINERS=1 # Allow access to viewing containers - INFO=1 - POST=0 # Disallow any POST operations (effectively read-only) + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only + restart: unless-stopped ports: - - '2375:2375' + - 2375:2375 networks: - default - metrics - restart: unless-stopped glances: image: nicolargo/glances:latest container_name: glances + restart: always + pid: host environment: - "GLANCES_OPT=-w" ports: - - '61208:61208' + - 61208:61208 networks: - default - metrics - restart: always - pid: host networks: default: diff --git a/minecraft/compose.yaml b/minecraft/compose.yaml index 3956209..0cc2cd1 100644 --- a/minecraft/compose.yaml +++ b/minecraft/compose.yaml @@ -1,57 +1,55 @@ -name: minecraft services: minecraft_proxy: image: itzg/mc-proxy container_name: minecraft_proxy + restart: unless-stopped volumes: - velocity_config:/config - velocity_server:/server + networks: + - default + ports: + - 25565:25565 environment: - TYPE=VELOCITY - MINECRAFT_VERSION=1.21.5 - ports: - - '25565:25565' - networks: - - default - restart: unless-stopped - - minecraft_server_bob: - image: itzg/minecraft-server - container_name: minecraft_server_bob - depends_on: - - minecraft_proxy - volumes: - - minecraft_server_bob:/data - environment: - - MOTD=it's bob's world, we're just living in it - - ICON=https://git.fern.garden/fern/stacks/raw/branch/main/minecraft/server-icons/bob.png - env_file: - - server.env - restart: unless-stopped - hostname: bob minecraft_server_mc: image: itzg/minecraft-server container_name: minecraft_server_mc - depends_on: - - minecraft_proxy + hostname: mc + restart: unless-stopped volumes: - minecraft_server_mc:/data + networks: + - default + depends_on: + - minecraft_proxy + env_file: + - server.env environment: - MOTD=meow - ICON=https://git.fern.garden/fern/stacks/raw/branch/main/minecraft/server-icons/mc.png - PLUGINS=https://dev.bukkit.org/projects/dead-chest/files/latest + + minecraft_server_bob: + image: itzg/minecraft-server + container_name: minecraft_server_bob + hostname: bob + restart: unless-stopped + volumes: + - minecraft_server_bob:/data + depends_on: + - minecraft_proxy env_file: - server.env - networks: - - default - restart: unless-stopped - hostname: mc + environment: + - MOTD=it's bob's world, we're just living in it + - ICON=https://git.fern.garden/fern/stacks/raw/branch/main/minecraft/server-icons/bob.png networks: default: - volumes: minecraft_webadmin_db: name: minecraft_webadmin_db diff --git a/miniflux/compose.yaml b/miniflux/compose.yaml index d9c99e5..3200d37 100644 --- a/miniflux/compose.yaml +++ b/miniflux/compose.yaml @@ -1,8 +1,11 @@ -name: miniflux services: miniflux: image: miniflux/miniflux:latest container_name: miniflux + restart: unless-stopped + networks: + - default + - proxy depends_on: miniflux_db: condition: service_healthy @@ -19,10 +22,6 @@ services: - OAUTH2_REDIRECT_URL=https://rss.ferngarden.net/oauth2/oidc/callback - OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://auth.fern.garden/application/o/miniflux/ - OAUTH2_USER_CREATION=1 - networks: - - default - - proxy - restart: unless-stopped labels: caddy: rss.ferngarden.net caddy.import: internal @@ -31,17 +30,17 @@ services: miniflux_db: image: postgres:17-alpine container_name: miniflux_db - volumes: - - miniflux_db:/var/lib/postgresql/data + restart: unless-stopped + networks: + - default environment: - POSTGRES_USER=miniflux - POSTGRES_DB=miniflux - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - networks: - - default - restart: unless-stopped + volumes: + - miniflux_db:/var/lib/postgresql/data healthcheck: - test: [ "CMD", "pg_isready", "-U", "miniflux" ] + test: ["CMD", "pg_isready", "-U", "miniflux"] interval: 10s start_period: 30s diff --git a/navidrome/compose.yaml b/navidrome/compose.yaml index aaadb6e..61c7399 100644 --- a/navidrome/compose.yaml +++ b/navidrome/compose.yaml @@ -1,11 +1,11 @@ -name: navidrome services: navidrome: image: deluan/navidrome:latest container_name: navidrome - volumes: - - navidrome_data:/data - - /media/media/beets:/music:ro + networks: + - default + - proxy + restart: unless-stopped environment: - ND_BASEURL=https://music.fern.garden - ND_REVERSEPROXYUSERHEADER=X-authentik-username @@ -13,10 +13,9 @@ services: - ND_LASTFM_APIKEY=${ND_LASTFM_APIKEY} - ND_LASTFM_SECRET=${ND_LASTFM_SECRET} - ND_PLAYLISTSPATH=Playlists - networks: - - default - - proxy - restart: unless-stopped + volumes: + - navidrome_data:/data + - /media/media/beets:/music:ro labels: caddy: music.fern.garden caddy.import: authentik diff --git a/netatalk/compose.yaml b/netatalk/compose.yaml index fcdd9bd..fb6aac8 100644 --- a/netatalk/compose.yaml +++ b/netatalk/compose.yaml @@ -1,8 +1,10 @@ -name: netatalk services: netatalk: image: netatalk/netatalk:latest container_name: netatalk + network_mode: host + cap_add: + - NET_ADMIN volumes: - netatalk_backup:/mnt/afpbackup - /srv/netatalk:/mnt/afpshare @@ -13,9 +15,6 @@ services: - AFP_GROUP=afpusers - ATALKD_INTERFACE=eth0 - TZ=Australia/Perth - network_mode: host - cap_add: - - NET_ADMIN volumes: netatalk_backup: diff --git a/nextcloud-aio/compose.yaml b/nextcloud-aio/compose.yaml index 23cbb60..cd45ffa 100644 --- a/nextcloud-aio/compose.yaml +++ b/nextcloud-aio/compose.yaml @@ -1,24 +1,23 @@ -name: nextcloud-aio services: nextcloud-aio-mastercontainer: image: ghcr.io/nextcloud-releases/all-in-one:latest container_name: nextcloud-aio-mastercontainer + init: true + network_mode: bridge + restart: always volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config - /var/run/docker.sock:/var/run/docker.sock:ro + ports: + - 8080:8080 environment: APACHE_PORT: 11000 APACHE_IP_BINDING: 0.0.0.0 APACHE_ADDITIONAL_NETWORK: proxy - ports: - - '8080:8080' - network_mode: bridge - restart: always labels: caddy: cloud.ferngarden.net caddy.import: internal caddy.reverse_proxy: "nextcloud-aio-apache:11000" - init: true volumes: nextcloud_aio_mastercontainer: diff --git a/notifications/compose.yaml b/notifications/compose.yaml index 8f706f1..2025546 100644 --- a/notifications/compose.yaml +++ b/notifications/compose.yaml @@ -1,10 +1,37 @@ -name: notifications services: + ntfy: + image: binwiederhier/ntfy + container_name: ntfy + networks: + - default + - proxy + command: serve + volumes: + - ntfy_cache:/var/cache/ntfy + - ntfy_config:/etc/ntfy + - ntfy_data:/var/lib/ntfy + healthcheck: + test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"] + interval: 60s + timeout: 10s + retries: 3 + start_period: 40s + restart: unless-stopped + labels: + caddy: ntfy.fern.garden + caddy.reverse_proxy: "{{upstreams 2586}}" + mollysocket: image: ghcr.io/mollyim/mollysocket:1 container_name: mollysocket + networks: + - default + - proxy + restart: unless-stopped volumes: - mollysocket_data:/data + working_dir: /data + command: server environment: - MOLLY_DB=/data/mollysocket.db - MOLLY_ALLOWED_ENDPOINTS=["https://ntfy.fern.garden"] @@ -13,36 +40,9 @@ services: - MOLLY_HOST=0.0.0.0 - MOLLY_PORT=8020 - RUST_LOG=info - networks: - - default - - proxy - command: server - working_dir: /data - restart: unless-stopped labels: caddy: mollysocket.fern.garden caddy.reverse_proxy: "{{upstreams 8020}}" - ntfy: - image: binwiederhier/ntfy - container_name: ntfy - volumes: - - ntfy_cache:/var/cache/ntfy - - ntfy_config:/etc/ntfy - - ntfy_data:/var/lib/ntfy - networks: - - default - - proxy - command: serve - restart: unless-stopped - healthcheck: - test: [ "CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1" ] - interval: 60s - timeout: 10s - retries: 3 - start_period: 40s - labels: - caddy: ntfy.fern.garden - caddy.reverse_proxy: "{{upstreams 2586}}" networks: default: diff --git a/paperless/compose.yaml b/paperless/compose.yaml index c00b63c..a297e3f 100644 --- a/paperless/compose.yaml +++ b/paperless/compose.yaml @@ -1,8 +1,30 @@ -name: paperless services: + paperless_redis: + image: docker.io/library/redis:8 + container_name: paperless_redis + restart: unless-stopped + volumes: + - paperless_redis:/data + networks: + - default + + paperless_db: + image: docker.io/library/postgres:17 + container_name: paperless_db + restart: unless-stopped + volumes: + - paperless_db:/var/lib/postgresql/data + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + networks: + - default + paperless: image: ghcr.io/paperless-ngx/paperless-ngx:latest container_name: paperless + restart: unless-stopped depends_on: - paperless_db - paperless_redis @@ -44,33 +66,11 @@ services: networks: - default - proxy - restart: unless-stopped labels: caddy: paperless.ferngarden.net caddy.import: internal caddy.reverse_proxy: "{{upstreams 8000}}" - paperless_db: - image: docker.io/library/postgres:17 - container_name: paperless_db - volumes: - - paperless_db:/var/lib/postgresql/data - environment: - POSTGRES_DB: paperless - POSTGRES_USER: paperless - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - networks: - - default - restart: unless-stopped - paperless_redis: - image: docker.io/library/redis:8 - container_name: paperless_redis - volumes: - - paperless_redis:/data - networks: - - default - restart: unless-stopped - networks: default: proxy: diff --git a/qbittorrent/compose.yaml b/qbittorrent/compose.yaml index 738445c..b481313 100644 --- a/qbittorrent/compose.yaml +++ b/qbittorrent/compose.yaml @@ -1,42 +1,9 @@ -name: qbittorrent services: - cross-seed: - image: ghcr.io/cross-seed/cross-seed:6 - container_name: cross-seed - volumes: - - cross-seed_config:/config - - /media:/media - networks: - - default - - media - command: daemon - restart: unless-stopped - user: 1000:1800 - - fertilizer: - image: ghcr.io/moleculekayak/fertilizer:latest - container_name: fertilizer - volumes: - - qbittorrent_config:/torrents:ro - - /media:/media - environment: - - OPS_KEY=${OPS_KEY} - - RED_KEY=${RED_KEY} - - INJECT_TORRENTS=true - - INJECTION_LINK_DIRECTORY=/media/downloads/fertilizer/linked-data - - QBITTORRENT_URL=http://fern:${QBITTORRENT_PASS}@qbittorrent_gluetun:8080 - networks: - default: - ipv4_address: 172.16.7.4 - command: fertilizer -o /media/downloads/fertilizer/torrent-files -i /torrents/qBittorrent/BT_backup --server - user: 1000:1800 - qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent - depends_on: - qbittorrent_gluetun: - condition: service_healthy + restart: unless-stopped + network_mode: service:qbittorrent_gluetun volumes: - qbittorrent_config:/config - /media:/media @@ -45,17 +12,27 @@ services: - PUID=1000 - PGID=1800 - TZ=Australia/Perth - network_mode: service:qbittorrent_gluetun - restart: unless-stopped healthcheck: - test: [ "CMD-SHELL", "curl -sf https://api.ipify.org || exit 1" ] + test: ["CMD-SHELL", "curl -sf https://api.ipify.org || exit 1"] interval: 30s timeout: 10s retries: 3 + depends_on: + qbittorrent_gluetun: + condition: service_healthy qbittorrent_gluetun: image: qmcgaw/gluetun container_name: qbittorrent_gluetun + restart: unless-stopped + networks: + - default + - proxy + - media + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun volumes: - qbittorrent_gluetun_auth:/gluetun/auth environment: @@ -67,23 +44,16 @@ services: - WIREGUARD_ADDRESSES=10.2.0.2/32 - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY} - BLOCK_MALICIOUS=off - networks: - - default - - proxy - - media - restart: unless-stopped labels: caddy: qbittorrent.ferngarden.net caddy.import: internal caddy.reverse_proxy: "{{upstreams 8080}}" - cap_add: - - NET_ADMIN - devices: - - /dev/net/tun:/dev/net/tun qbittorrent_qsticky: image: ghcr.io/monstermuffin/qsticky:latest container_name: qbittorrent_qsticky + networks: + - default environment: - QBITTORRENT_HOST=qbittorrent_gluetun - QBITTORRENT_HTTPS=false @@ -94,25 +64,57 @@ services: - GLUETUN_AUTH_TYPE=apikey - GLUETUN_APIKEY=${GLUETUN_APIKEY} - LOG_LEVEL=INFO - networks: - - default - restart: unless-stopped healthcheck: - test: [ "CMD", "python3", "-c", "import json; exit(0 if json.load(open('/app/health/status.json'))['healthy'] else 1)" ] + test: ["CMD", "python3", "-c", "import json; exit(0 if json.load(open('/app/health/status.json'))['healthy'] else 1)"] interval: 30s timeout: 10s retries: 3 + restart: unless-stopped - qbittorrent_mamapi: - image: elforkhead/mamapi:latest - container_name: qbittorrent_mamapi + # qbittorrent_mamapi: + # image: elforkhead/mamapi + # container_name: qbittorrent_mamapi + # restart: unless-stopped + # network_mode: service:qbittorrent_gluetun + # environment: + # - TZ=Australia/Perth + # - MAM_ID=${MAM_ID} + # volumes: + # - qbittorrent_mamapi_data:/data + # depends_on: + # qbittorrent_gluetun: + # condition: service_healthy + + cross-seed: + image: ghcr.io/cross-seed/cross-seed:6 + container_name: cross-seed + user: 1000:1800 volumes: - - /mnt/docker/qbittorrent_mamapi/data:/data - network_mode: service:qbittorrent_gluetun + - cross-seed_config:/config + - /media:/media + networks: + - default + - media + command: daemon + restart: unless-stopped + + fertilizer: + image: ghcr.io/moleculekayak/fertilizer:latest + container_name: fertilizer + user: 1000:1800 + networks: + default: + ipv4_address: 172.16.7.4 + volumes: + - qbittorrent_config:/torrents:ro + - /media:/media environment: - TZ: Australia/Perth - MAM_ID: ${MAM_ID} - WRITE_CURRENT_MAMID: True + - OPS_KEY=${OPS_KEY} + - RED_KEY=${RED_KEY} + - INJECT_TORRENTS=true + - INJECTION_LINK_DIRECTORY=/media/downloads/fertilizer/linked-data + - QBITTORRENT_URL=http://fern:${QBITTORRENT_PASS}@qbittorrent_gluetun:8080 + command: fertilizer -o /media/downloads/fertilizer/torrent-files -i /torrents/qBittorrent/BT_backup --server networks: default: @@ -128,6 +130,8 @@ networks: volumes: qbittorrent_config: name: qbittorrent_config + qbittorrent_mamapi_data: + name: qbittorrent_mamapi_data qbittorrent_gluetun_auth: name: qbittorrent_gluetun_auth cross-seed_config: diff --git a/romm/compose.yaml b/romm/compose.yaml index 4f2b96a..6346304 100644 --- a/romm/compose.yaml +++ b/romm/compose.yaml @@ -1,18 +1,8 @@ -name: romm services: romm: image: rommapp/romm:latest container_name: romm - depends_on: - romm_db: - condition: service_healthy - restart: true - volumes: - - romm_resources:/romm/resources # Resources fetched from IGDB (covers, screenshots, etc.) - - romm_redis:/redis-data # Cached data for background tasks - - romm_assets:/romm/assets # Uploaded saves, states, etc. - - romm_config:/romm/config # Path where config.yml is stored - - /media/media/romm:/romm/library/roms:ro # Your game library. Check https://github.com/rommapp/romm?tab=readme-ov-file#folder-structure for more details. + restart: unless-stopped environment: - DB_HOST=romm_db - DB_NAME=romm # Should match MARIADB_DATABASE in mariadb @@ -31,10 +21,19 @@ services: - SCREENSCRAPER_USER=mondas # Use your ScreenScraper username and password - SCREENSCRAPER_PASSWORD=${SCREENSCRAPER_PASSWORD} # https://docs.romm.app/latest/Getting-Started/Metadata-Providers/#screenscraper - STEAMGRIDDB_API_KEY=${STEAMGRIDDB_API_KEY} # https://github.com/rommapp/romm/wiki/Metadata-Providers#steamgriddb + volumes: + - romm_resources:/romm/resources # Resources fetched from IGDB (covers, screenshots, etc.) + - romm_redis:/redis-data # Cached data for background tasks + - romm_assets:/romm/assets # Uploaded saves, states, etc. + - romm_config:/romm/config # Path where config.yml is stored + - /media/media/romm:/romm/library/roms:ro # Your game library. Check https://github.com/rommapp/romm?tab=readme-ov-file#folder-structure for more details. + depends_on: + romm_db: + condition: service_healthy + restart: true networks: - default - proxy - restart: unless-stopped labels: caddy: games.fern.garden caddy.reverse_proxy: '{{upstreams 8080}}' @@ -42,18 +41,18 @@ services: romm_db: image: mariadb:latest container_name: romm_db - volumes: - - romm_db:/var/lib/mysql + restart: unless-stopped environment: - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD} # Use a unique, secure password - MARIADB_DATABASE=romm - MARIADB_USER=romm - MARIADB_PASSWORD=${MARIADB_PASSWORD} + volumes: + - romm_db:/var/lib/mysql networks: - default - restart: unless-stopped healthcheck: - test: [ CMD, healthcheck.sh, --connect, --innodb_initialized ] + test: [CMD, healthcheck.sh, --connect, --innodb_initialized] start_period: 30s start_interval: 10s interval: 10s @@ -75,4 +74,4 @@ volumes: romm_assets: name: romm_assets romm_config: - name: romm_config + name: romm_config \ No newline at end of file diff --git a/scrutiny/compose.yaml b/scrutiny/compose.yaml index fda7586..afaeaf3 100644 --- a/scrutiny/compose.yaml +++ b/scrutiny/compose.yaml @@ -1,12 +1,17 @@ -name: scrutiny services: scrutiny: image: ghcr.io/analogj/scrutiny:master-omnibus container_name: scrutiny + cap_add: + - SYS_RAWIO volumes: - /run/udev:/run/udev:ro - /mnt/docker/scrutiny/influxdb:/opt/scrutiny/influxdb - /mnt/docker/scrutiny/config:/opt/scrutiny/config + devices: + - /dev/sdc + - /dev/sdd + - /dev/sde networks: - default - proxy @@ -14,16 +19,10 @@ services: caddy: scrutiny.ferngarden.net caddy.import: internal caddy.reverse_proxy: '{{ upstreams 8080 }}' - cap_add: - - SYS_RAWIO - devices: - - /dev/sdc - - /dev/sdd - - /dev/sde networks: default: proxy: external: true metrics: - external: true + external: true \ No newline at end of file diff --git a/slskd/compose.yaml b/slskd/compose.yaml index 192f133..a839013 100644 --- a/slskd/compose.yaml +++ b/slskd/compose.yaml @@ -1,11 +1,14 @@ -name: slskd services: slskd: image: slskd/slskd:latest container_name: slskd - volumes: - - /mnt/docker/slskd/data:/app - - /media:/media + networks: + - default + - proxy + - media + user: 1000:1800 + ports: + - 50300:50300 environment: - SLSKD_REMOTE_CONFIGURATION=true - SLSKD_SHARED_DIR=/media/media/lidarr @@ -15,18 +18,14 @@ services: - SLSKD_PASSWORD=${SLSKD_PASSWORD} - SLSKD_SLSK_USERNAME=MtQueerie - SLSKD_SLSK_PASSWORD=${SLSKD_SLSK_PASSWORD} - ports: - - '50300:50300' - networks: - - default - - proxy - - media + volumes: + - /mnt/docker/slskd/data:/app + - /media:/media restart: unless-stopped labels: caddy: slskd.ferngarden.net caddy.import: internal caddy.reverse_proxy: "{{upstreams 5030}}" - user: 1000:1800 networks: default: diff --git a/stash/compose.yaml b/stash/compose.yaml index 0721ccf..3f23358 100644 --- a/stash/compose.yaml +++ b/stash/compose.yaml @@ -1,8 +1,18 @@ -name: stash services: stash: image: stashapp/stash:latest container_name: stash + networks: + - default + - proxy + restart: unless-stopped + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_METADATA=/metadata/ + - STASH_CACHE=/cache/ + - STASH_BLOBS=/blobs/ + - STASH_PORT=9999 volumes: - /etc/localtime:/etc/localtime:ro - /media/downloads/porn:/data:ro @@ -11,17 +21,6 @@ services: - stash_cache:/cache - stash_blobs:/blobs - stash_generated:/generated - environment: - - STASH_STASH=/data/ - - STASH_GENERATED=/generated/ - - STASH_METADATA=/metadata/ - - STASH_CACHE=/cache/ - - STASH_BLOBS=/blobs/ - - STASH_PORT=9999 - networks: - - default - - proxy - restart: unless-stopped labels: caddy: stash.ferngarden.net caddy.1_import: internal diff --git a/stirling-pdf/compose.yaml b/stirling-pdf/compose.yaml index fea107f..1185d55 100644 --- a/stirling-pdf/compose.yaml +++ b/stirling-pdf/compose.yaml @@ -1,4 +1,3 @@ -name: stirling-pdf services: stirling-pdf: image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest @@ -12,6 +11,7 @@ services: environment: - DOCKER_ENABLE_SECURITY=false - LANGS=en_GB + user: 1000:1000 networks: - default - proxy @@ -19,7 +19,6 @@ services: caddy: pdf.ferngarden.net caddy.import: internal caddy.reverse_proxy: '{{ upstreams 8080 }}' - user: 1000:1000 networks: default: diff --git a/synapse/compose.yaml b/synapse/compose.yaml index b90c796..3e72d01 100644 --- a/synapse/compose.yaml +++ b/synapse/compose.yaml @@ -1,18 +1,17 @@ -name: synapse services: synapse: image: docker.io/matrixdotorg/synapse:latest container_name: synapse - depends_on: - - synapse_db - volumes: - - synapse_data:/data - environment: - - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml + restart: unless-stopped networks: - default - proxy - restart: unless-stopped + environment: + - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml + volumes: + - synapse_data:/data + depends_on: + - synapse_db labels: caddy_0: mx.fern.garden caddy_0.1_reverse_proxy: reverse_proxy /_matrix/* synapse:8008 @@ -37,11 +36,11 @@ services: synapse_db: image: docker.io/postgres:16-alpine container_name: synapse_db - volumes: - - synapse_db:/var/lib/postgresql/data networks: - default restart: unless-stopped + volumes: + - synapse_db:/var/lib/postgresql/data networks: default: diff --git a/vaultwarden/compose.yaml b/vaultwarden/compose.yaml index b43d08c..4befeb0 100644 --- a/vaultwarden/compose.yaml +++ b/vaultwarden/compose.yaml @@ -1,10 +1,11 @@ -name: vaultwarden services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden - volumes: - - vaultwarden_data:/data + networks: + - default + - proxy + restart: unless-stopped environment: - DOMAIN=https://vault.ferngarden.net - SMTP_HOST=mail.ferngarden.net @@ -13,10 +14,8 @@ services: - SMTP_FROM=ornithologist@ferngarden.net - SMTP_USERNAME=ornithologist@ferngarden.net - SMTP_PASSWORD=${SMTP_PASSWORD} - networks: - - default - - proxy - restart: unless-stopped + volumes: + - vaultwarden_data:/data labels: caddy: vault.ferngarden.net caddy.import: internal diff --git a/wallos/compose.yaml b/wallos/compose.yaml index dc2066a..6ed3978 100644 --- a/wallos/compose.yaml +++ b/wallos/compose.yaml @@ -1,15 +1,14 @@ -name: wallosf services: wallos: image: bellamy/wallos:latest container_name: wallos - volumes: - - wallos_db:/var/www/html/db - - wallos_logos:/var/www/html/images/uploads/logos + restart: unless-stopped networks: - default - proxy - restart: unless-stopped + volumes: + - wallos_db:/var/www/html/db + - wallos_logos:/var/www/html/images/uploads/logos labels: caddy: subscriptions.ferngarden.net caddy.import: internal