Update docker-compose files to use configurable environment variables

- Replace hardcoded paths with variables: STACKS_DIR, PROJECTS_DIR, MEDIA_DIR, DOWNLOAD_DIR - Update .env.example with new variable definitions - Remove unused .template files - Enable configurable directory paths for stacks, media, and downloads
2026-02-10 17:55:47 -05:00
parent 5fcd10895a
commit 363530f395
28 changed files with 295 additions and 2802 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,138 +1,116 @@
-# EZ-Homelab .env template file  -  Copy to .env and fill in your values
+########################################################
+####         EZ-Homelab .env template file          ####
+####  EZ MODE: just run ez-homelab.sh               ####
+########################################################

-# ################################
-# #### REQUIRED CONFIGURATION ####
+########################################################
+#  ####           REQUIRED CONFIGURATION            ####

-# User and Group IDs for file permissions (get with: id -u and id -g)
+# Required for file permissions (get with: id -u and id -g)
 PUID=1000       
 PGID=1000
 TZ=America/New_York

-# Servers configuration
-SERVER_IP=192.168.1.100     # This server                         
-SERVER_HOSTNAME=debian                           
+# This Server's IP and Hostname
+SERVER_IP=
+SERVER_HOSTNAME=

 # Domain Configuration
-DUCKDNS_SUBDOMAINS=yourdomain    # Without .duckdns.org
-DUCKDNS_TOKEN=your-duckdns-token
+DUCKDNS_SUBDOMAINS=
+DUCKDNS_TOKEN=
 DOMAIN=${DUCKDNS_SUBDOMAINS}.duckdns.org

-# Default credentials (used by multiple services for easier setup)
-DEFAULT_USER=admin                              
-DEFAULT_PASSWORD=changeme
-DEFAULT_EMAIL=admin@example.com
-
-# ADMIN_SSH_PUB_KEY=
+# Default credentials (used by multiple services)
+# For better security: replace each ${DEFAULT_PASSWORD} with unique values
+DEFAULT_USER=                              
+DEFAULT_PASSWORD=
+DEFAULT_EMAIL=

 # FOLDER PATHS
-USERDIR=/opt/stacks           # all docker-compose stacks
-MEDIADIR=/mnt/media           # Large media files on separate drive
-DOWNLOADDIR=/mnt/downloads    # Downloads on separate drive
-PROJECTDIR=~/projects         # User's projects folder
+STACKS_DIR=/opt/stacks         # for Dockge 
+PROJECTS_DIR=${STACKS_DIR}     # for Arcane
+MEDIA_DIR=/mnt/media           # Large media files on separate drive
+DOWNLOAD_DIR=/mnt/downloads    # Downloads on separate drive

-# If selecting option 3: Deploy Additional Server
-# the CORE_SERVER is where the Core Traefik is running
-CORE_SERVER_IP=192.168.1.101
-CORE_SERVER_HOSTNAME=debian2
+# PROJECTDIR=~/projects         # User's projects folder
+
+#  ##########    END REQUIRED CONFIGURATION         ####
+########################################################
+
+########################################################
+#  ####        OPTION 3: ADDITIONAL SERVER          ####
+CORE_SERVER_IP=
+CORE_SERVER_HOSTNAME=
 CORE_SERVER_USER=${DEFAULT_USER}
 CORE_SERVER_PASSWORD=${DEFAULT_PASSWORD}
+#  ####            END ADDITIONAL SERVER            ####
+########################################################

-# ##########################################
-# #### NOTEABLE OPTIONAL CONFIGURATIONS ####
-
-# Surfshark OpenVPN (RECOMMENDED)
-# Wireguard options are below and commented out
-SURFSHARK_USERNAME=your-surfshark-username
-SURFSHARK_PASSWORD=your-surfshark-password
+########################################################
+#  ####             VPN CONFIGURATIONS              ####
+SURFSHARK_USERNAME=
+SURFSHARK_PASSWORD=
 VPN_SERVER_COUNTRIES=Netherlands  # Preferred VPN server location
+#  ####           END VPN CONFIGURATIONS            ####
+########################################################

-# Email credentials for services that need SMTP
-SMTP_EMAIL_PASSWORD=your-email-app-password
-SMTP_EMAIL_SERVER=smtp.gmail.com            # change if not using Gmail
+########################################################
+#  ####           EMAIL CONFIGURATIONS              ####
+SMTP_EMAIL_PASSWORD=
+SMTP_EMAIL_SERVER=smtp.gmail.com 
 SMTP_EMAIL_PORT=587
 SMTP_EMAIL_FROM=${DEFAULT_EMAIL}
 SMTP_EMAIL_SECURITY=starttls
+ACME_EMAIL=${DEFAULT_EMAIL}
+SMTP_USERNAME=${SMTP_EMAIL_FROM}
+SMTP_PASSWORD=${SMTP_EMAIL_PASSWORD}
+#  ####         END EMAIL CONFIGURATIONS            ####
+########################################################

-# ACME Email for Let's Encrypt certificates
-ACME_EMAIL=${DEFAULT_EMAIL}    
+########################################################
+#  ###########    DELETE AFTER DEPLOYMENT    ###########
+#  ####    Used by ez-homelab.sh & deploy scripts   ####
+#  ####       Unused by the actual containers       ####

-# Authelia Admin Account
-# These 4 Used by ez-homelab.sh for easy deployment
-# Not used by the Authelia container directly
-ADMIN_EMAIL=${DEFAULT_EMAIL}  # Used for admin user account
+# Public SSH key from the pc used to access the homelab
+# Will be added to the admin user's authorized_keys
+# ####  DO NOT INCLUDE YOUR PRIVATE KEY  ####
+ADMIN_SSH_PUB_KEY=
+
+# Authelia Admin Credentials
+ADMIN_EMAIL=${DEFAULT_EMAIL}  
 AUTHELIA_ADMIN_USER=${DEFAULT_USER}
 AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL}
 AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
-AUTHELIA_ADMIN_PASSWORD_HASH=generate-with-openssl-rand-hex-64

-# SMTP for Authelia Notifications
-SMTP_USERNAME=${SMTP_EMAIL_FROM}
-SMTP_PASSWORD=${SMTP_EMAIL_PASSWORD}
+# Use this command to generate AUTHELIA_ADMIN_PASSWORD_HASH:
+# docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "YOUR_PASSWORD_HERE"
+AUTHELIA_ADMIN_PASSWORD_HASH=

-# Let ez-homelab.sh generate these 3 unless you know what your doing
-AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64           
-AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64
-AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
+# Use this command to generate each secret
+# openssl rand -hex 64
+AUTHELIA_JWT_SECRET=           
+AUTHELIA_SESSION_SECRET=
+AUTHELIA_STORAGE_ENCRYPTION_KEY=

-# ARCANE Secrets - Let ez-homelab.sh generate these unless you know what your doing
-ARCANE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
-ARCANE_JWT_SECRET=generate-with-openssl-rand-hex-64
+# Arcane secrets
+ARCANE_ENCRYPTION_KEY=
+ARCANE_JWT_SECRET=
+#  ##########    END DELETE AFTER DEPLOYMENT        ####
+########################################################


-# Surfshark WireGuard (OPTIONAL - Advanced users only)
-# Get WireGuard details from Surfshark dashboard
-# SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
-# SURFSHARK_ADDRESSES=10.14.0.2/16
+########################################################
+#  #####################################################
+#  ####     Application Specific Configurations     ####
+#  #####################################################

-# What domains Homepage will accept requests from
-# comma separated list NO SPACES!!!
-HOMEPAGE_ALLOWED_HOSTS=homepage.${DOMAIN},${SERVER_IP}:3003
+#  #####################################################
+#  ####                 Bitwarden                  #####
+#  #### SET TO FALSE AFTER CREATING USERS ####

-# #######################################
-# #### OTHER OPTIONAL CONFIGURATIONS ####
+BITWARDEN_SIGNUPS_ALLOWED=true 

-# BookStack
-BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD}
-BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
-
-# DATABASES - GENERAL
-POSTGRES_USER=${DEFAULT_USER}
-POSTGRES_PASSWORD=${DEFAULT_PASSWORD}
-POSTGRES_DB=homelab
-PGADMIN_EMAIL=${DEFAULT_EMAIL}
-PGADMIN_PASSWORD=${DEFAULT_PASSWORD}
-
-# Form.io
-FORMIO_JWT_SECRET=${DEFAULT_PASSWORD}
-FORMIO_DB_SECRET=${DEFAULT_PASSWORD}
-
-# Gitea
-GITEA_DB_PASSWORD=${DEFAULT_PASSWORD}
-
-# GRAFANA
-GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
-
-# Jupyter Notebook
-JUPYTER_TOKEN=${DEFAULT_PASSWORD}
-
-# MediaWiki
-MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD}
-MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
-
-# Nextcloud
-NEXTCLOUD_ADMIN_USER=${DEFAULT_USER}
-NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
-NEXTCLOUD_DB_PASSWORD=${DEFAULT_PASSWORD}
-NEXTCLOUD_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
-
-# Pi-hole
-PIHOLE_PASSWORD=${DEFAULT_PASSWORD}
-
-# qBittorrent
-QBITTORRENT_USER=admin
-QBITTORRENT_PASS=${DEFAULT_PASSWORD}
-
-# Vaultwarden
 BITWARDEN_ADMIN_TOKEN=${DEFAULT_PASSWORD}
 BITWARDEN_INVITATIONS_ALLOWED=true
 SMTP_HOST=${SMTP_EMAIL_SERVER}
@@ -140,17 +118,90 @@ SMTP_FROM=${SMTP_EMAIL_FROM}
 SMTP_PORT=${SMTP_EMAIL_PORT}
 SMTP_SECURITY=${SMTP_EMAIL_SECURITY}

-# #### IMPORTANT ****************************
-# #### SET TO FALSE AFTER CREATING USERS ####
-BITWARDEN_SIGNUPS_ALLOWED=true 
+#  #####################################################
+#  ####                 Bookstack                  #####
+
+BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD}
+BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####                 Code Server                #####

-# VS Code Server
 CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD}
 CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD}

-# Watchtower Notifications (optional)
+#  #####################################################
+#  ####                  Form.io                   #####
+
+FORMIO_JWT_SECRET=${DEFAULT_PASSWORD}
+FORMIO_DB_SECRET=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####                   Gitea                    #####
+
+GITEA_DB_PASSWORD=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####                  Grafana                   #####
+
+GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####                 Homepage                   #####
+
+# comma separated list NO SPACES!!!
+HOMEPAGE_ALLOWED_HOSTS=homepage.${DOMAIN},${SERVER_IP}:3003
+
+#  #####################################################
+#  ####                  Jupyter                   #####
+
+JUPYTER_TOKEN=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####                 MediaWiki                  #####
+
+MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD}
+MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####                 Nextcloud                  #####
+
+NEXTCLOUD_ADMIN_USER=${DEFAULT_USER}
+NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
+NEXTCLOUD_DB_PASSWORD=${DEFAULT_PASSWORD}
+NEXTCLOUD_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
+NEXTCLOUD_DIR=./nextcloud/data
+#  #####################################################
+#  ####                  Pi-hole                   #####
+
+PIHOLE_PASSWORD=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####               qBittorrent                  #####
+
+QBITTORRENT_USER=admin
+QBITTORRENT_PASS=${DEFAULT_PASSWORD}
+
+#  #####################################################
+#  ####      SURFSHARK OPTIONAL CONFIGURATIONS      ####
+
+# Surfshark WireGuard (OPTIONAL - Advanced users only)
+# Get WireGuard details from Surfshark dashboard
+# SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
+# SURFSHARK_ADDRESSES=10.14.0.2/16
+
+#  #####################################################
+#  ####                Watchtower                  #####
+
 # WATCHTOWER_NOTIFICATION_URL=

-# WordPress
+#  #####################################################
+#  ####                 WordPress                  #####
+
 WORDPRESS_DB_PASSWORD=${DEFAULT_PASSWORD}
-WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
+WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
+
+
+
+TDARR_TRANSCODE_DIR=./tdarr/transcode_cache
+UNMANIC_TRANSCODE_DIR=./unmanic/cache