Round 10: Add Traefik routing to monitoring services

- Added Traefik labels and routing to prometheus, grafana, loki, cadvisor - Fixed Grafana ROOT_URL to use domain-based URL (https://grafana.${DOMAIN}) - Added uptime-kuma bypass rule in Authelia (needs initial setup) - Updated all services to use traefik-network - Synced domain from kelin-hass to kelin-casa across all configs - Fixed missing tls=true label on uptime-kuma - Note: Loki is API-only service (no web UI, accessed via Grafana)
2026-01-14 23:08:37 -05:00
parent 258e8eec94
commit adb894d35e
15 changed files with 1342 additions and 229 deletions
--- a/docker-compose/media-management.yml
+++ b/docker-compose/media-management.yml
@@ -2,11 +2,23 @@
 # Content automation and library management (*arr apps, transcoders, etc.)
 # Place in /opt/stacks/media-management/docker-compose.yml

+# Service Access URLs:
+# - Sonarr: https://sonarr.${DOMAIN}
+# - Radarr: https://radarr.${DOMAIN}
+# - Prowlarr: https://prowlarr.${DOMAIN}
+# - Readarr: https://readarr.${DOMAIN}
+# - Lidarr: https://lidarr.${DOMAIN}
+# - LazyLibrarian: https://lazylibrarian.${DOMAIN}
+# - Mylar3: https://mylar.${DOMAIN}
+# - Jellyseerr: https://jellyseerr.${DOMAIN}
+# - Tdarr: https://tdarr.${DOMAIN}
+# - Unmanic: https://unmanic.${DOMAIN}
+
 services:
  # Sonarr - TV show automation
  # Access at: https://sonarr.yourdomain.duckdns.org
  sonarr:
-    image: lscr.io/linuxserver/sonarr:4.0.0
+    image: linuxserver/sonarr:4.0.0
    container_name: sonarr
    restart: unless-stopped
    networks:
@@ -16,26 +28,25 @@ services:
    volumes:
      - ./sonarr/config:/config
      - /mnt/media:/media
-      - /mnt/downloads:/downloads  # Large downloads on separate drive
+      - /mnt/downloads:/downloads # Large downloads on separate drive
    environment:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}
      - TZ=${TZ:-America/New_York}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=TV show management and automation"
+      - homelab.category=media
+      - homelab.description=TV show management and automation
      # Traefik labels with Authelia
-      - "traefik.enable=true"
-      - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)"
-      - "traefik.http.routers.sonarr.entrypoints=websecure"
-      - "traefik.http.routers.sonarr.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.sonarr.middlewares=authelia@docker"
-      - "traefik.http.services.sonarr.loadbalancer.server.port=8989"
-
+      - traefik.enable=true
+      - traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)
+      - traefik.http.routers.sonarr.entrypoints=websecure
+      - traefik.http.routers.sonarr.tls.certresolver=letsencrypt
+      - traefik.http.routers.sonarr.middlewares=authelia@docker
+      - traefik.http.services.sonarr.loadbalancer.server.port=8989
  # Radarr - Movie automation
  # Access at: https://radarr.yourdomain.duckdns.org
  radarr:
-    image: lscr.io/linuxserver/radarr:5.2.6
+    image: linuxserver/radarr:5.2.6
    container_name: radarr
    restart: unless-stopped
    networks:
@@ -45,26 +56,25 @@ services:
    volumes:
      - ./radarr/config:/config
      - /mnt/media:/media
-      - /mnt/downloads:/downloads  # Large downloads on separate drive
+      - /mnt/downloads:/downloads # Large downloads on separate drive
    environment:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}
      - TZ=${TZ:-America/New_York}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Movie management and automation"
+      - homelab.category=media
+      - homelab.description=Movie management and automation
      # Traefik labels with Authelia
-      - "traefik.enable=true"
-      - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)"
-      - "traefik.http.routers.radarr.entrypoints=websecure"
-      - "traefik.http.routers.radarr.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.radarr.middlewares=authelia@docker"
-      - "traefik.http.services.radarr.loadbalancer.server.port=7878"
-
+      - traefik.enable=true
+      - traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)
+      - traefik.http.routers.radarr.entrypoints=websecure
+      - traefik.http.routers.radarr.tls.certresolver=letsencrypt
+      - traefik.http.routers.radarr.middlewares=authelia@docker
+      - traefik.http.services.radarr.loadbalancer.server.port=7878
  # Prowlarr - Indexer manager
  # Access at: https://prowlarr.yourdomain.duckdns.org
  prowlarr:
-    image: lscr.io/linuxserver/prowlarr:1.11.4
+    image: linuxserver/prowlarr:1.11.4
    container_name: prowlarr
    restart: unless-stopped
    networks:
@@ -78,20 +88,19 @@ services:
      - PGID=${PGID:-1000}
      - TZ=${TZ:-America/New_York}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Indexer manager for Sonarr/Radarr"
+      - homelab.category=media
+      - homelab.description=Indexer manager for Sonarr/Radarr
      # Traefik labels with Authelia
-      - "traefik.enable=true"
-      - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)"
-      - "traefik.http.routers.prowlarr.entrypoints=websecure"
-      - "traefik.http.routers.prowlarr.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.prowlarr.middlewares=authelia@docker"
-      - "traefik.http.services.prowlarr.loadbalancer.server.port=9696"
-
+      - traefik.enable=true
+      - traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)
+      - traefik.http.routers.prowlarr.entrypoints=websecure
+      - traefik.http.routers.prowlarr.tls.certresolver=letsencrypt
+      - traefik.http.routers.prowlarr.middlewares=authelia@docker
+      - traefik.http.services.prowlarr.loadbalancer.server.port=9696
  # Readarr - Ebook and audiobook management
  # Access at: https://readarr.${DOMAIN}
  readarr:
-    image: lscr.io/linuxserver/readarr:develop
+    image: linuxserver/readarr:0.4.19-nightly
    container_name: readarr
    restart: unless-stopped
    networks:
@@ -99,7 +108,7 @@ services:
      - homelab-network
      - traefik-network
    volumes:
-      - ./$(basename $file .yml)/config:/config
+      - ./readarr/config:/config
      - /mnt/media/books:/books
      - /mnt/downloads:/downloads
    environment:
@@ -107,19 +116,18 @@ services:
      - PGID=${PGID:-1000}
      - TZ=${TZ}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Ebook and audiobook management"
-      - "traefik.enable=true"
-      - "traefik.http.routers.readarr.rule=Host(`readarr.${DOMAIN}`)"
-      - "traefik.http.routers.readarr.entrypoints=websecure"
-      - "traefik.http.routers.readarr.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.readarr.middlewares=authelia@docker"
-      - "traefik.http.services.readarr.loadbalancer.server.port=8787"
-
+      - homelab.category=media
+      - homelab.description=Ebook and audiobook management
+      - traefik.enable=true
+      - traefik.http.routers.readarr.rule=Host(`readarr.${DOMAIN}`)
+      - traefik.http.routers.readarr.entrypoints=websecure
+      - traefik.http.routers.readarr.tls.certresolver=letsencrypt
+      - traefik.http.routers.readarr.middlewares=authelia@docker
+      - traefik.http.services.readarr.loadbalancer.server.port=8787
  # Lidarr - Music collection manager
  # Access at: https://lidarr.${DOMAIN}
  lidarr:
-    image: lscr.io/linuxserver/lidarr:latest
+    image: linuxserver/lidarr:2.0.7
    container_name: lidarr
    restart: unless-stopped
    networks:
@@ -127,7 +135,7 @@ services:
      - homelab-network
      - traefik-network
    volumes:
-      - ./$(basename $file .yml)/config:/config
+      - ./lidarr/config:/config
      - /mnt/media/music:/music
      - /mnt/downloads:/downloads
    environment:
@@ -135,19 +143,18 @@ services:
      - PGID=${PGID:-1000}
      - TZ=${TZ}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Music collection manager"
-      - "traefik.enable=true"
-      - "traefik.http.routers.lidarr.rule=Host(`lidarr.${DOMAIN}`)"
-      - "traefik.http.routers.lidarr.entrypoints=websecure"
-      - "traefik.http.routers.lidarr.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.lidarr.middlewares=authelia@docker"
-      - "traefik.http.services.lidarr.loadbalancer.server.port=8686"
-
+      - homelab.category=media
+      - homelab.description=Music collection manager
+      - traefik.enable=true
+      - traefik.http.routers.lidarr.rule=Host(`lidarr.${DOMAIN}`)
+      - traefik.http.routers.lidarr.entrypoints=websecure
+      - traefik.http.routers.lidarr.tls.certresolver=letsencrypt
+      - traefik.http.routers.lidarr.middlewares=authelia@docker
+      - traefik.http.services.lidarr.loadbalancer.server.port=8686
  # Lazy Librarian - Book manager
  # Access at: https://lazylibrarian.${DOMAIN}
  lazylibrarian:
-    image: lscr.io/linuxserver/lazylibrarian:latest
+    image: linuxserver/lazylibrarian:latest
    container_name: lazylibrarian
    restart: unless-stopped
    networks:
@@ -155,7 +162,7 @@ services:
      - homelab-network
      - traefik-network
    volumes:
-      - ./$(basename $file .yml)/config:/config
+      - ./lazylibrarian/config:/config
      - /mnt/media/books:/books
      - /mnt/downloads:/downloads
    environment:
@@ -164,19 +171,18 @@ services:
      - TZ=${TZ}
      - DOCKER_MODS=linuxserver/mods:lazylibrarian-ffmpeg
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Book download automation"
-      - "traefik.enable=true"
-      - "traefik.http.routers.lazylibrarian.rule=Host(`lazylibrarian.${DOMAIN}`)"
-      - "traefik.http.routers.lazylibrarian.entrypoints=websecure"
-      - "traefik.http.routers.lazylibrarian.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.lazylibrarian.middlewares=authelia@docker"
-      - "traefik.http.services.lazylibrarian.loadbalancer.server.port=5299"
-
+      - homelab.category=media
+      - homelab.description=Book download automation
+      - traefik.enable=true
+      - traefik.http.routers.lazylibrarian.rule=Host(`lazylibrarian.${DOMAIN}`)
+      - traefik.http.routers.lazylibrarian.entrypoints=websecure
+      - traefik.http.routers.lazylibrarian.tls.certresolver=letsencrypt
+      - traefik.http.routers.lazylibrarian.middlewares=authelia@docker
+      - traefik.http.services.lazylibrarian.loadbalancer.server.port=5299
  # Mylar3 - Comic book manager
  # Access at: https://mylar.${DOMAIN}
  mylar3:
-    image: lscr.io/linuxserver/mylar3:latest
+    image: linuxserver/mylar3:latest
    container_name: mylar3
    restart: unless-stopped
    networks:
@@ -184,7 +190,7 @@ services:
      - homelab-network
      - traefik-network
    volumes:
-      - /opt/stacks/mylar3/config:/config
+      - ./mylar3/config:/config
      - /mnt/media/comics:/comics
      - /mnt/downloads:/downloads
    environment:
@@ -192,15 +198,14 @@ services:
      - PGID=${PGID:-1000}
      - TZ=${TZ}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Comic book collection manager"
-      - "traefik.enable=true"
-      - "traefik.http.routers.mylar.rule=Host(`mylar.${DOMAIN}`)"
-      - "traefik.http.routers.mylar.entrypoints=websecure"
-      - "traefik.http.routers.mylar.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.mylar.middlewares=authelia@docker"
-      - "traefik.http.services.mylar.loadbalancer.server.port=8090"
-
+      - homelab.category=media
+      - homelab.description=Comic book collection manager
+      - traefik.enable=true
+      - traefik.http.routers.mylar.rule=Host(`mylar.${DOMAIN}`)
+      - traefik.http.routers.mylar.entrypoints=websecure
+      - traefik.http.routers.mylar.tls.certresolver=letsencrypt
+      - traefik.http.routers.mylar.middlewares=authelia@docker
+      - traefik.http.services.mylar.loadbalancer.server.port=8090
  # Jellyseerr - Request management for Jellyfin/Plex
  # Access at: https://jellyseerr.${DOMAIN}
  jellyseerr:
@@ -212,24 +217,23 @@ services:
      - homelab-network
      - traefik-network
    volumes:
-      - ./$(basename $file .yml)/config:/app/config
+      - ./jellyseerr/config:/app/config
    environment:
      - LOG_LEVEL=info
      - TZ=${TZ}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Media request management"
-      - "traefik.enable=true"
-      - "traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${DOMAIN}`)"
-      - "traefik.http.routers.jellyseerr.entrypoints=websecure"
-      - "traefik.http.routers.jellyseerr.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.jellyseerr.middlewares=authelia@docker"
-      - "traefik.http.services.jellyseerr.loadbalancer.server.port=5055"
-
+      - homelab.category=media
+      - homelab.description=Media request management
+      - traefik.enable=true
+      - traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${DOMAIN}`)
+      - traefik.http.routers.jellyseerr.entrypoints=websecure
+      - traefik.http.routers.jellyseerr.tls.certresolver=letsencrypt
+      - traefik.http.routers.jellyseerr.middlewares=authelia@docker
+      - traefik.http.services.jellyseerr.loadbalancer.server.port=5055
  # FlareSolverr - Cloudflare bypass for Prowlarr
  # No web UI - used by Prowlarr
  flaresolverr:
-    image: ghcr.io/flaresolverr/flaresolverr:latest
+    image: flaresolverr/flaresolverr:latest
    container_name: flaresolverr
    restart: unless-stopped
    networks:
@@ -238,9 +242,8 @@ services:
      - LOG_LEVEL=info
      - TZ=${TZ}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Cloudflare bypass for indexers"
-
+      - homelab.category=media
+      - homelab.description=Cloudflare bypass for indexers
  # Tdarr Server - Distributed transcoding server
  # Access at: https://tdarr.${DOMAIN}
  tdarr-server:
@@ -252,13 +255,13 @@ services:
      - homelab-network
      - traefik-network
    ports:
-      - "8266:8266"  # Server port
+      - 8266:8266 # Server port
    volumes:
-      - /opt/stacks/tdarr/server:/app/server
-      - ./$(basename $file .yml)/configs:/app/configs
-      - /opt/stacks/tdarr/logs:/app/logs
+      - ./tdarr/server:/app/server
+      - ./tdarr/configs:/app/configs
+      - ./tdarr/logs:/app/logs
      - /mnt/media:/media
-      - /mnt/tdarr-transcode:/temp  # Transcode cache on separate drive
+      - /mnt/tdarr-transcode:/temp # Transcode cache on separate drive
    environment:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}
@@ -267,15 +270,14 @@ services:
      - serverPort=8266
      - webUIPort=8265
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Distributed transcoding server"
-      - "traefik.enable=true"
-      - "traefik.http.routers.tdarr.rule=Host(`tdarr.${DOMAIN}`)"
-      - "traefik.http.routers.tdarr.entrypoints=websecure"
-      - "traefik.http.routers.tdarr.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.tdarr.middlewares=authelia@docker"
-      - "traefik.http.services.tdarr.loadbalancer.server.port=8265"
-
+      - homelab.category=media
+      - homelab.description=Distributed transcoding server
+      - traefik.enable=true
+      - traefik.http.routers.tdarr.rule=Host(`tdarr.${DOMAIN}`)
+      - traefik.http.routers.tdarr.entrypoints=websecure
+      - traefik.http.routers.tdarr.tls.certresolver=letsencrypt
+      - traefik.http.routers.tdarr.middlewares=authelia@docker
+      - traefik.http.services.tdarr.loadbalancer.server.port=8265
  # Tdarr Node - Transcoding worker
  # No web UI - controlled by server
  tdarr-node:
@@ -285,8 +287,8 @@ services:
    networks:
      - media-network
    volumes:
-      - ./$(basename $file .yml)/configs:/app/configs
-      - /opt/stacks/tdarr/logs:/app/logs
+      - ./tdarr/configs:/app/configs
+      - ./tdarr/logs:/app/logs
      - /mnt/media:/media
      - /mnt/tdarr-transcode:/temp
    environment:
@@ -299,9 +301,8 @@ services:
      - serverIP=tdarr-server
      - serverPort=8266
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Tdarr transcoding worker node"
-
+      - homelab.category=media
+      - homelab.description=Tdarr transcoding worker node
  # Unmanic - Another transcoding option
  # Access at: https://unmanic.${DOMAIN}
  unmanic:
@@ -313,23 +314,22 @@ services:
      - homelab-network
      - traefik-network
    volumes:
-      - ./$(basename $file .yml)/config:/config
+      - ./unmanic/config:/config
      - /mnt/media:/library
-      - /mnt/unmanic-cache:/tmp/unmanic  # Transcode cache on separate drive
+      - /mnt/unmanic-cache:/tmp/unmanic # Transcode cache on separate drive
    environment:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}
      - TZ=${TZ}
    labels:
-      - "homelab.category=media"
-      - "homelab.description=Library optimization and transcoding"
-      - "traefik.enable=true"
-      - "traefik.http.routers.unmanic.rule=Host(`unmanic.${DOMAIN}`)"
-      - "traefik.http.routers.unmanic.entrypoints=websecure"
-      - "traefik.http.routers.unmanic.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.unmanic.middlewares=authelia@docker"
-      - "traefik.http.services.unmanic.loadbalancer.server.port=8888"
-
+      - homelab.category=media
+      - homelab.description=Library optimization and transcoding
+      - traefik.enable=true
+      - traefik.http.routers.unmanic.rule=Host(`unmanic.${DOMAIN}`)
+      - traefik.http.routers.unmanic.entrypoints=websecure
+      - traefik.http.routers.unmanic.tls.certresolver=letsencrypt
+      - traefik.http.routers.unmanic.middlewares=authelia@docker
+      - traefik.http.services.unmanic.loadbalancer.server.port=8888
 networks:
  media-network:
    external: true