diff --git a/docker-compose/alternatives.yml b/docker-compose/alternatives.yml deleted file mode 100644 index 1df94aa..0000000 --- a/docker-compose/alternatives.yml +++ /dev/null @@ -1,203 +0,0 @@ -# Alternative Services Stack -# This stack contains alternative/optional services that are not deployed by default -# Deploy manually through Dockge if you want to use these alternatives -# Place in /opt/stacks/alternatives/docker-compose.yml - -services: - # Portainer - Docker management UI (Alternative to Dockge) - # Access at: https://portainer.${DOMAIN} - # NOTE: Dockge is the default Docker management UI. Deploy Portainer only if you prefer its interface - portainer: - image: portainer/portainer-ce:2.19.4 - container_name: portainer - restart: unless-stopped - networks: - - homelab-network - - traefik-network - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - portainer-data:/data - security_opt: - - no-new-privileges:true - labels: - - "homelab.category=alternatives" - - "homelab.description=Docker container management UI (Alternative to Dockge)" - - "traefik.enable=true" - - "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)" - - "traefik.http.routers.portainer.entrypoints=websecure" - - "traefik.http.routers.portainer.tls.certresolver=letsencrypt" - - "traefik.http.routers.portainer.middlewares=authelia@docker" - - "traefik.http.services.portainer.loadbalancer.server.port=9000" - - # Authentik - Alternative SSO/Identity Provider with Web UI - # Access at: https://authentik.${DOMAIN} - # NOTE: Authelia is the default SSO. Deploy Authentik only if you need a web UI for user management - # WARNING: Do not run both Authelia and Authentik at the same time - authentik-server: - image: ghcr.io/goauthentik/server:2024.2.0 - container_name: authentik-server - restart: unless-stopped - command: server - networks: - - homelab-network - - traefik-network - volumes: - - /opt/stacks/authentik/media:/media - - /opt/stacks/authentik/custom-templates:/templates - environment: - - AUTHENTIK_REDIS__HOST=authentik-redis - - AUTHENTIK_POSTGRESQL__HOST=authentik-db - - AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_DB_USER:-authentik} - - AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DB_NAME:-authentik} - - AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_DB_PASSWORD} - - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - - AUTHENTIK_ERROR_REPORTING__ENABLED=false - labels: - - "homelab.category=alternatives" - - "homelab.description=SSO/Identity provider with web UI (Alternative to Authelia)" - - "traefik.enable=true" - - "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)" - - "traefik.http.routers.authentik.entrypoints=websecure" - - "traefik.http.routers.authentik.tls.certresolver=letsencrypt" - - "traefik.http.routers.authentik.middlewares=authelia@docker" - - "traefik.http.services.authentik.loadbalancer.server.port=9000" - depends_on: - - authentik-db - - authentik-redis - - # Authentik Worker - Background task processor - authentik-worker: - image: ghcr.io/goauthentik/server:2024.2.0 - container_name: authentik-worker - restart: unless-stopped - command: worker - networks: - - homelab-network - volumes: - - /opt/stacks/authentik/media:/media - - /opt/stacks/authentik/certs:/certs - - /opt/stacks/authentik/custom-templates:/templates - environment: - - AUTHENTIK_REDIS__HOST=authentik-redis - - AUTHENTIK_POSTGRESQL__HOST=authentik-db - - AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_DB_USER:-authentik} - - AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DB_NAME:-authentik} - - AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_DB_PASSWORD} - - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - - AUTHENTIK_ERROR_REPORTING__ENABLED=false - labels: - - "homelab.category=alternatives" - - "homelab.description=Authentik background worker" - depends_on: - - authentik-db - - authentik-redis - - # Authentik Database - PostgreSQL - authentik-db: - image: postgres:16-alpine - container_name: authentik-db - restart: unless-stopped - networks: - - homelab-network - volumes: - - authentik-db-data:/var/lib/postgresql/data - environment: - - POSTGRES_USER=${AUTHENTIK_DB_USER:-authentik} - - POSTGRES_PASSWORD=${AUTHENTIK_DB_PASSWORD} - - POSTGRES_DB=${AUTHENTIK_DB_NAME:-authentik} - labels: - - "homelab.category=alternatives" - - "homelab.description=Authentik database" - healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${AUTHENTIK_DB_USER:-authentik}"] - interval: 10s - timeout: 5s - retries: 5 - - # Authentik Redis - Cache and message queue - authentik-redis: - image: redis:7-alpine - container_name: authentik-redis - restart: unless-stopped - networks: - - homelab-network - volumes: - - authentik-redis-data:/data - command: --save 60 1 --loglevel warning - labels: - - "homelab.category=alternatives" - - "homelab.description=Authentik cache and messaging" - healthcheck: - test: ["CMD-SHELL", "redis-cli ping | grep PONG"] - interval: 10s - timeout: 3s - retries: 5 - - # Plex Media Server - Alternative to Jellyfin - # Access at: https://plex.yourdomain.duckdns.org - # NOTE: No Authelia - allows app access from Roku, Fire TV, mobile, etc. - plex: - image: plexinc/pms-docker:1.40.0.7998-f68041501 - container_name: plex - restart: unless-stopped - networks: - - media-network - - homelab-network - - traefik-network - volumes: - - ./plex/config:/config - - /mnt/media:/media:ro # Large media files on separate drive - - plex-transcode:/transcode - environment: - - PUID=${PUID:-1000} - - PGID=${PGID:-1000} - - TZ=${TZ:-America/New_York} - - PLEX_CLAIM=${PLEX_CLAIM} - # Hardware transcoding support - # Uncomment ONE of the following options: - - # Option 1: Intel QuickSync (most common) - # devices: - # - /dev/dri:/dev/dri - - # Option 2: NVIDIA GPU (requires nvidia-container-toolkit installed) - # runtime: nvidia - # devices: - # - /dev/nvidia0:/dev/nvidia0 - # - /dev/nvidiactl:/dev/nvidiactl - # - /dev/nvidia-modeset:/dev/nvidia-modeset - # - /dev/nvidia-uvm:/dev/nvidia-uvm - # - /dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools - # environment: - # - NVIDIA_VISIBLE_DEVICES=all - # - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility - labels: - - "homelab.category=alternatives" - - "homelab.description=Alternative media streaming server to Jellyfin" - # Traefik labels - NO Authelia for app access - - "traefik.enable=true" - - "traefik.http.routers.plex.rule=Host(`plex.${DOMAIN}`)" - - "traefik.http.routers.plex.entrypoints=websecure" - - "traefik.http.routers.plex.tls.certresolver=letsencrypt" - - "traefik.http.services.plex.loadbalancer.server.port=32400" - - "x-dockge.url=https://plex.${DOMAIN}" - - "x-dockge.url=https://plex.${DOMAIN}" - -volumes: - portainer-data: - driver: local - authentik-db-data: - driver: local - authentik-redis-data: - driver: local - plex-transcode: - driver: local - -networks: - homelab-network: - external: true - traefik-network: - external: true - media-network: - external: true - diff --git a/docker-compose/development.yml b/docker-compose/development.yml deleted file mode 100644 index bba6136..0000000 --- a/docker-compose/development.yml +++ /dev/null @@ -1,171 +0,0 @@ -# Development Services -# Tools and services for development work - -# Service Access URLs: -# - GitLab: https://gitlab.${DOMAIN} -# - pgAdmin: https://pgadmin.${DOMAIN} -# - Jupyter: https://jupyter.${DOMAIN} - -services: - # GitLab CE - Self-hosted Git repository manager - # Access at: https://gitlab.${DOMAIN} - # Note: Requires significant resources (4GB+ RAM recommended) - gitlab: - image: gitlab/gitlab-ce:latest - container_name: gitlab - restart: unless-stopped - networks: - - homelab-network - - traefik-network - volumes: - - ./config/gitlab/config:/etc/gitlab - - gitlab-logs:/var/log/gitlab - - gitlab-data:/var/opt/gitlab - environment: - GITLAB_OMNIBUS_CONFIG: | - external_url 'https://gitlab.${DOMAIN}' - gitlab_rails['gitlab_shell_ssh_port'] = 2222 - gitlab_rails['time_zone'] = '${TZ:-America/New_York}' - shm_size: '256m' - deploy: - resources: - limits: - memory: 4G - reservations: - memory: 2G - labels: - - "homelab.category=development" - - "homelab.description=Self-hosted Git repository manager" - - "traefik.enable=true" - - "traefik.http.routers.gitlab.rule=Host(`gitlab.${DOMAIN}`)" - - "traefik.http.routers.gitlab.entrypoints=websecure" - - "traefik.http.routers.gitlab.tls.certresolver=letsencrypt" - - "traefik.http.routers.gitlab.middlewares=authelia@docker" - - "traefik.http.services.gitlab.loadbalancer.server.port=80" - - "x-dockge.url=https://gitlab.${DOMAIN}" - - "x-dockge.url=https://gitlab.${DOMAIN}" - - # PostgreSQL - Database for development - # Access at: localhost:5432 from other containers - postgres: - image: postgres:16.1-alpine - container_name: postgres-dev - restart: unless-stopped - networks: - - database-network - - homelab-network - ports: - - "5432:5432" - volumes: - - postgres-data:/var/lib/postgresql/data - - ./config/postgres/init:/docker-entrypoint-initdb.d - environment: - - POSTGRES_USER=${POSTGRES_USER:-postgres} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme} - - POSTGRES_DB=${POSTGRES_DB:-homelab} - - PGDATA=/var/lib/postgresql/data/pgdata - labels: - - "homelab.category=development" - - "homelab.description=PostgreSQL database for development" - - # Redis - In-memory data store - # Access at: localhost:6379 from other containers - redis: - image: redis:7.2.3-alpine - container_name: redis-dev - restart: unless-stopped - networks: - - database-network - - homelab-network - ports: - - "6379:6379" - volumes: - - redis-data:/data - - ./config/redis/redis.conf:/usr/local/etc/redis/redis.conf - command: redis-server /usr/local/etc/redis/redis.conf --appendonly yes - labels: - - "homelab.category=development" - - "homelab.description=Redis in-memory data store" - - # pgAdmin - PostgreSQL management UI - # Access at: https://pgadmin.${DOMAIN} - pgadmin: - image: dpage/pgadmin4:latest - container_name: pgadmin - restart: unless-stopped - networks: - - database-network - - homelab-network - - traefik-network - volumes: - - pgadmin-data:/var/lib/pgadmin - environment: - - PGADMIN_DEFAULT_EMAIL=${PGADMIN_EMAIL:-admin@example.com} - - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:-changeme} - - PGADMIN_CONFIG_SERVER_MODE=False - depends_on: - - postgres - labels: - - "homelab.category=development" - - "homelab.description=PostgreSQL administration UI" - - "traefik.enable=true" - - "traefik.http.routers.pgadmin.rule=Host(`pgadmin.${DOMAIN}`)" - - "traefik.http.routers.pgadmin.entrypoints=websecure" - - "traefik.http.routers.pgadmin.tls.certresolver=letsencrypt" - - "traefik.http.routers.pgadmin.middlewares=authelia@docker" - - "traefik.http.services.pgadmin.loadbalancer.server.port=80" - - # Jupyter Lab - Interactive computing notebooks - # Access at: https://jupyter.${DOMAIN} - # Token displayed in logs on first start - jupyter: - image: jupyter/scipy-notebook:latest - container_name: jupyter - restart: unless-stopped - networks: - - homelab-network - - traefik-network - volumes: - - ./config/jupyter:/home/jovyan/work - environment: - - JUPYTER_ENABLE_LAB=yes - - GRANT_SUDO=yes - user: root - command: start-notebook.sh --NotebookApp.token='${JUPYTER_TOKEN:-changeme}' - # Uncomment for GPU support (NVIDIA, requires nvidia-container-toolkit) - # runtime: nvidia - # devices: - # - /dev/nvidia0:/dev/nvidia0 - # - /dev/nvidiactl:/dev/nvidiactl - # Add these to environment above: - # - NVIDIA_VISIBLE_DEVICES=all - # - NVIDIA_DRIVER_CAPABILITIES=compute,utility - labels: - - "homelab.category=development" - - "homelab.description=Jupyter Lab for data science and ML" - - "traefik.enable=true" - - "traefik.http.routers.jupyter.rule=Host(`jupyter.${DOMAIN}`)" - - "traefik.http.routers.jupyter.entrypoints=websecure" - - "traefik.http.routers.jupyter.tls.certresolver=letsencrypt" - - "traefik.http.routers.jupyter.middlewares=authelia@docker" - - "traefik.http.services.jupyter.loadbalancer.server.port=8888" - -volumes: - gitlab-logs: - driver: local - gitlab-data: - driver: local - postgres-data: - driver: local - redis-data: - driver: local - pgadmin-data: - driver: local - -networks: - database-network: - driver: bridge - homelab-network: - external: true - traefik-network: - external: true diff --git a/docker-compose/homeassistant.yml b/docker-compose/homeassistant.yml deleted file mode 100644 index 45e3ba6..0000000 --- a/docker-compose/homeassistant.yml +++ /dev/null @@ -1,187 +0,0 @@ -# Home Assistant and IoT Services -# Home automation platform and related tools -# Place in /opt/stacks/homeassistant/docker-compose.yml - -# Service Access URLs: -# - Home Assistant: https://ha.${DOMAIN} (configure via Traefik file provider - uses host network) -# - ESPHome: https://esphome.${DOMAIN} -# - Node-RED: https://nodered.${DOMAIN} -# - Mosquitto MQTT: mqtt://server-ip:1883 (no web UI) -# - Zigbee2MQTT: https://zigbee2mqtt.${DOMAIN} (requires USB adapter) - -services: - # Home Assistant - Home automation platform - # Access at: https://ha.${DOMAIN} - # NOTE: No Authelia - HA has its own authentication - homeassistant: - image: ghcr.io/home-assistant/home-assistant:2024.1 - container_name: homeassistant - restart: unless-stopped - network_mode: host # Required for device discovery - volumes: - - ./homeassistant/config:/config - - /etc/localtime:/etc/localtime:ro - environment: - - TZ=${TZ} - privileged: true - labels: - - "homelab.category=iot" - - "homelab.description=Home automation platform" - # Note: network_mode: host means Traefik can't proxy this directly - # Use Traefik's file provider or external host routing - - # ESPHome - ESP8266/ESP32 firmware manager - # Access at: https://esphome.${DOMAIN} - esphome: - image: ghcr.io/esphome/esphome:latest - container_name: esphome - restart: unless-stopped - networks: - - homelab-network - - traefik-network - volumes: - - ./esphome/config:/config - - /etc/localtime:/etc/localtime:ro - environment: - - TZ=${TZ} - - ESPHOME_DASHBOARD_USE_PING=true - privileged: true # For USB device access - labels: - - "homelab.category=iot" - - "homelab.description=ESP8266/ESP32 firmware manager" - - "traefik.enable=true" - - "traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)" - - "traefik.http.routers.esphome.entrypoints=websecure" - - "traefik.http.routers.esphome.tls.certresolver=letsencrypt" - - "traefik.http.routers.esphome.middlewares=authelia@docker" - - "traefik.http.services.esphome.loadbalancer.server.port=6052" - - "x-dockge.url=https://esphome.${DOMAIN}" - - "x-dockge.url=https://esphome.${DOMAIN}" - - # TasmoAdmin - Tasmota device manager - # Access at: https://tasmoadmin.${DOMAIN} - tasmoadmin: - image: ghcr.io/tasmoadmin/tasmoadmin:latest - container_name: tasmoadmin - restart: unless-stopped - networks: - - homelab-network - - traefik-network - volumes: - - /opt/stacks/tasmoadmin/data:/data - environment: - - TZ=${TZ} - labels: - - "homelab.category=iot" - - "homelab.description=Tasmota device management" - - "traefik.enable=true" - - "traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)" - - "traefik.http.routers.tasmoadmin.entrypoints=websecure" - - "traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt" - - "traefik.http.routers.tasmoadmin.middlewares=authelia@docker" - - "traefik.http.services.tasmoadmin.loadbalancer.server.port=80" - - # MotionEye - Video surveillance - # Access at: https://motioneye.${DOMAIN} - motioneye: - image: ccrisan/motioneye:master-amd64 - container_name: motioneye - restart: unless-stopped - networks: - - homelab-network - - traefik-network - ports: - - "8765:8765" # Optional: direct access - volumes: - - ./$(basename $file .yml)/config:/etc/motioneye - - /mnt/surveillance:/var/lib/motioneye # Large video files on separate drive - environment: - - TZ=${TZ} - labels: - - "homelab.category=iot" - - "homelab.description=Video surveillance system" - - "traefik.enable=true" - - "traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)" - - "traefik.http.routers.motioneye.entrypoints=websecure" - - "traefik.http.routers.motioneye.tls.certresolver=letsencrypt" - - "traefik.http.routers.motioneye.middlewares=authelia@docker" - - "traefik.http.services.motioneye.loadbalancer.server.port=8765" - - # Node-RED - Flow-based automation (Home Assistant addon alternative) - # Access at: https://nodered.${DOMAIN} - nodered: - image: nodered/node-red:latest - container_name: nodered - restart: unless-stopped - networks: - - homelab-network - - traefik-network - volumes: - - /opt/stacks/nodered/data:/data - environment: - - TZ=${TZ} - labels: - - "homelab.category=iot" - - "homelab.description=Flow-based automation programming" - - "traefik.enable=true" - - "traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)" - - "traefik.http.routers.nodered.entrypoints=websecure" - - "traefik.http.routers.nodered.tls.certresolver=letsencrypt" - - "traefik.http.routers.nodered.middlewares=authelia@docker" - - "traefik.http.services.nodered.loadbalancer.server.port=1880" - - # Mosquitto - MQTT broker (Home Assistant addon alternative) - # Used by: Home Assistant, ESPHome, Tasmota devices - mosquitto: - image: eclipse-mosquitto:latest - container_name: mosquitto - restart: unless-stopped - networks: - - homelab-network - ports: - - "1883:1883" # MQTT - - "9001:9001" # Websockets - volumes: - - ./mosquitto/config:/mosquitto/config - - ./mosquitto/data:/mosquitto/data - - ./mosquitto/log:/mosquitto/log - labels: - - "homelab.category=iot" - - "homelab.description=MQTT message broker" - - # Zigbee2MQTT - Zigbee to MQTT bridge (DISABLED - requires USB adapter) - # Access at: https://zigbee2mqtt.${DOMAIN} - # NOTE: Requires USB Zigbee adapter (e.g., ConBee II, Sonoff ZBDongle) - # Uncomment after connecting adapter - # zigbee2mqtt: - # image: koenkk/zigbee2mqtt:1.35.1 - # container_name: zigbee2mqtt - # restart: unless-stopped - # networks: - # - homelab-network - # - traefik-network - # volumes: - # - ./zigbee2mqtt/data:/app/data - # - /run/udev:/run/udev:ro - # # Uncomment and adjust device path after connecting USB adapter: - # # devices: - # # - /dev/ttyACM0:/dev/ttyACM0 # Adjust based on your adapter - # # Common paths: /dev/ttyACM0, /dev/ttyUSB0, /dev/serial/by-id/... - # # Run 'ls -l /dev/serial/by-id/' to find your adapter - # environment: - # - TZ=${TZ} - # labels: - # - "homelab.category=iot" - # - "homelab.description=Zigbee to MQTT bridge" - # - "traefik.enable=true" - # - "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)" - # - "traefik.http.routers.zigbee2mqtt.entrypoints=websecure" - # - "traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt" - # - "traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker" - # - "traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080" - -networks: - homelab-network: - external: true - traefik-network: - external: true