kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace personal URLs with placeholders and fix variable replacement logic

Browse Source
This commit is contained in:
Kelin
2026-02-02 13:19:22 -05:00
parent 0041b15cc2
commit faaf39002a
23 changed files with 959 additions and 462 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docker-compose/alternatives/docker-compose.yml
View File

@@ -1,8 +1,5 @@
# Alternative Services Stack
# This stack contains alternative/optional services that are not deployed by default
# Deploy manually through Dockge if you want to use these alternatives
# Place in /opt/stacks/alternatives/docker-compose.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
@@ -10,8 +7,6 @@
services:
# Portainer - Docker management UI (Alternative to Dockge)
# Access at: https://portainer.kelinreij.duckdns.org
# NOTE: Dockge is the default Docker management UI. Deploy Portainer only if you prefer its interface
# Docker management interface should always run when deployed
portainer:
image: portainer/portainer-ce:2.19.4
@@ -35,14 +30,14 @@ services:
- "homelab.description=Docker container management UI (Alternative to Dockge)"
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.portainer.rule=Host(`portainer.kelinreij.duckdns.org`)"
- "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
- "traefik.http.routers.portainer.middlewares=authelia@docker"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
# Authentik - Alternative SSO/Identity Provider with Web UI
# Access at: https://authentik.kelinreij.duckdns.org
# Access at: https://authentik.${DOMAIN}
# NOTE: Authelia is the default SSO. Deploy Authentik only if you need a web UI for user management
# WARNING: Do not run both Authelia and Authentik at the same time
# SSO service should always run when deployed as alternative to Authelia
@@ -75,7 +70,7 @@ services:
- "homelab.description=SSO/Identity provider with web UI (Alternative to Authelia)"
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.authentik.rule=Host(`authentik.kelinreij.duckdns.org`)"
- "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)"
- "traefik.http.routers.authentik.entrypoints=websecure"
- "traefik.http.routers.authentik.tls.certresolver=letsencrypt"
- "traefik.http.routers.authentik.middlewares=authelia@docker"
@@ -165,9 +160,7 @@ services:
retries: 5
# Plex Media Server - Alternative to Jellyfin
# Access at: https://plex.yourdomain.duckdns.org
# NOTE: No Authelia - allows app access from Roku, Fire TV, mobile, etc.
# Media server should always run when deployed as alternative to Jellyfin
plex:
image: plexinc/pms-docker:1.40.0.7998-f68041501
container_name: plex
@@ -214,12 +207,12 @@ services:
# Traefik labels - NO Authelia for app access
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.plex.rule=Host(`plex.kelinreij.duckdns.org`)"
- "traefik.http.routers.plex.rule=Host(`plex.${DOMAIN}`)"
- "traefik.http.routers.plex.entrypoints=websecure"
- "traefik.http.routers.plex.tls.certresolver=letsencrypt"
- "traefik.http.services.plex.loadbalancer.server.port=32400"
- "x-dockge.url=https://plex.kelinreij.duckdns.org"
- "x-dockge.url=https://plex.kelinreij.duckdns.org"
- "x-dockge.url=https://plex.${DOMAIN}"
- "x-dockge.url=https://plex.${DOMAIN}"
volumes:
portainer-data:

6
docker-compose/core/authelia/users_database.yml
View File

@@ -3,10 +3,10 @@
###############################################################
users:
kelin:
${DEFAULT_USER}:
displayname: "Admin User"
password: "$argon2id$v=19$m=65536,t=3,p=4$a+3pIrywP/li9wy9J6UkMA$+3THyJiAnS/gNYnLaYtlsRCaYfgnnxsUyGZ4D3xGnUg"
email: kelinshomelab@gmail.com
password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
email: ${DEFAULT_EMAIL}
groups:
- admins
- users

16
docker-compose/core/docker-compose.yml
View File

@@ -1,7 +1,4 @@
# Core Infrastructure Services
# These services form the foundation of the homelab and should always be running
# Place in /opt/stacks/core/docker-compose.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
@@ -50,11 +47,8 @@ services:
# Service metadata
- "homelab.category=core"
- "homelab.description=Reverse proxy and SSL termination"
# Traefik reverse proxy (comment/uncomment to disable/enable)
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.kelinreij.duckdns.org`)"
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.middlewares=authelia@docker"
@@ -86,13 +80,13 @@ services:
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.http.routers.authelia.rule=Host(`auth.kelinreij.duckdns.org`)"
- "traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)"
- "traefik.http.routers.authelia.entrypoints=websecure"
- "traefik.http.routers.authelia.tls.certresolver=letsencrypt"
- "traefik.http.routers.authelia.service=authelia"
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
# Authelia forward auth middleware configuration
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/"
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/"
- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret"
- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
@@ -133,7 +127,7 @@ networks:
x-dockge:
urls:
- https://auth.kelinreij.duckdns.org
- https://auth.${DOMAIN}
- http://192.168.4.11:9091
- https://traefik.kelinreij.duckdns.org
- https://traefik.${DOMAIN}
- http://192.168.4.11:8080

11
docker-compose/dashboards/docker-compose.yml
View File

@@ -1,11 +1,9 @@
# Dashboard Services
# Homepage and Homarr for homelab dashboards
# SABLIER SESSION DURATION: Set to 5m for testing. Increase to 30m for production in config-templates/traefik/dynamic/sablier.yml
# Service Access URLs:
# - Homepage: https://homepage.${DOMAIN}
# - Homarr: https://homarr.${DOMAIN}
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
services:
# Homepage - Default Application Dashboard
@@ -61,7 +59,6 @@ services:
# Homarr - Modern dashboard
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
homarr:
image: ghcr.io/ajnart/homarr:latest
deploy:

14
docker-compose/dashboards/homepage/services.yaml
View File

@@ -17,9 +17,9 @@
href: https://jasper.kelinreij.duckdns.org
description: Main Server
- Dockge - ${REMOTE_SERVER_HOSTNAME}:
- Dockge - your-remote-server :
icon: dockge.png
href: https://${REMOTE_SERVER_HOSTNAME}.kelinreij.duckdns.org
href: https://your-remote-server .kelinreij.duckdns.org
description: Raspberry Pi Authentication Server
- Core:
@@ -46,18 +46,18 @@
- Dozzle:
icon: dozzle.png
href: https://dozzle.${REMOTE_SERVER_HOSTNAME}.kelinreij.duckdns.org
description: ${REMOTE_SERVER_HOSTNAME} - Real-time Log Viewer
href: https://dozzle.your-remote-server .kelinreij.duckdns.org
description: your-remote-server - Real-time Log Viewer
- Glances - jasper:
icon: glances.png
href: https://glances.jasper.kelinreij.duckdns.org
description: jasper - System Monitoring
- Glances - ${REMOTE_SERVER_HOSTNAME}:
- Glances - your-remote-server :
icon: glances.png
href: https://glances.${REMOTE_SERVER_HOSTNAME}.kelinreij.duckdns.org
description: ${REMOTE_SERVER_HOSTNAME} - System Monitoring
href: https://glances.your-remote-server .kelinreij.duckdns.org
description: your-remote-server - System Monitoring
- Uptime Kuma:
icon: uptime-kuma.png

11
docker-compose/dockge/docker-compose.yml
View File

@@ -1,18 +1,11 @@
# Dockge Stack
# Docker Compose Stack Manager
# Place in /opt/dockge/docker-compose.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
# Service Access URLs:
# - Dockge: https://dockge.kelinreij.duckdns.org
services:
# Dockge - Docker Compose Stack Manager (PRIMARY - preferred over Portainer)
# Access at: https://dockge.kelinreij.duckdns.org
# Dockge - Docker Compose Stack Manager
# Stack management interface should always run for container management
dockge:
image: louislam/dockge:1
@@ -51,7 +44,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.dockge.rule=Host(`dockge.kelinreij.duckdns.org`)"
- "traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)"
- "traefik.http.routers.dockge.entrypoints=websecure"
- "traefik.http.routers.dockge.tls.certresolver=letsencrypt"
- "traefik.http.routers.dockge.middlewares=authelia@docker"

43
docker-compose/homeassistant/docker-compose.yml
View File

@@ -1,17 +1,11 @@
# Home Assistant and IoT Services
# Home automation platform and related tools
# Place in /opt/stacks/homeassistant/docker-compose.yml
# Service Access URLs:
# - Home Assistant: https://ha.kelinreij.duckdns.org (configure via Traefik file provider - uses host network)
# - ESPHome: https://esphome.kelinreij.duckdns.org
# - Node-RED: https://nodered.kelinreij.duckdns.org
# - Mosquitto MQTT: mqtt://server-ip:1883 (no web UI)
# - Zigbee2MQTT: https://zigbee2mqtt.kelinreij.duckdns.org (requires USB adapter)
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
services:
# Home Assistant - Home automation platform
# Access at: https://ha.kelinreij.duckdns.org
# NOTE: No Authelia - HA has its own authentication
homeassistant:
image: ghcr.io/home-assistant/home-assistant:2024.1
@@ -40,7 +34,6 @@ services:
# Use Traefik's file provider or external host routing
# ESPHome - ESP8266/ESP32 firmware manager
# Access at: https://esphome.kelinreij.duckdns.org
esphome:
image: ghcr.io/esphome/esphome:latest
deploy:
@@ -77,14 +70,13 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.esphome.rule=Host(`esphome.kelinreij.duckdns.org`)"
- "traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)"
- "traefik.http.routers.esphome.entrypoints=websecure"
- "traefik.http.routers.esphome.tls.certresolver=letsencrypt"
- "traefik.http.routers.esphome.middlewares=authelia@docker"
- "traefik.http.services.esphome.loadbalancer.server.port=6052"
# TasmoAdmin - Tasmota device manager
# Access at: https://tasmoadmin.kelinreij.duckdns.org
tasmoadmin:
image: ghcr.io/tasmoadmin/tasmoadmin:latest
container_name: tasmoadmin
@@ -109,14 +101,13 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.kelinreij.duckdns.org`)"
- "traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)"
- "traefik.http.routers.tasmoadmin.entrypoints=websecure"
- "traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt"
- "traefik.http.routers.tasmoadmin.middlewares=authelia@docker"
- "traefik.http.services.tasmoadmin.loadbalancer.server.port=80"
# MotionEye - Video surveillance
# Access at: https://motioneye.kelinreij.duckdns.org
motioneye:
image: ccrisan/motioneye:master-amd64
container_name: motioneye
@@ -125,7 +116,7 @@ services:
- homelab-network
- traefik-network
ports:
- "8765:8765" # Optional: direct access
- "8765:8765"
volumes:
- ./$(basename $file .yml)/config:/etc/motioneye
- /mnt/surveillance:/var/lib/motioneye # Large video files on separate drive
@@ -142,14 +133,13 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.motioneye.rule=Host(`motioneye.kelinreij.duckdns.org`)"
- "traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)"
- "traefik.http.routers.motioneye.entrypoints=websecure"
- "traefik.http.routers.motioneye.tls.certresolver=letsencrypt"
- "traefik.http.routers.motioneye.middlewares=authelia@docker"
- "traefik.http.services.motioneye.loadbalancer.server.port=8765"
# Node-RED - Flow-based automation (Home Assistant addon alternative)
# Access at: https://nodered.kelinreij.duckdns.org
nodered:
image: nodered/node-red:latest
deploy:
@@ -183,7 +173,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.nodered.rule=Host(`nodered.kelinreij.duckdns.org`)"
- "traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)"
- "traefik.http.routers.nodered.entrypoints=websecure"
- "traefik.http.routers.nodered.tls.certresolver=letsencrypt"
- "traefik.http.routers.nodered.middlewares=authelia@docker"
@@ -209,7 +199,6 @@ services:
- "homelab.description=MQTT message broker"
# Zigbee2MQTT - Zigbee to MQTT bridge (DISABLED - requires USB adapter)
# Access at: https://zigbee2mqtt.kelinreij.duckdns.org
# NOTE: Requires USB Zigbee adapter (e.g., ConBee II, Sonoff ZBDongle)
# Uncomment after connecting adapter
# zigbee2mqtt:
@@ -233,7 +222,7 @@ services:
# - "homelab.category=iot"
# - "homelab.description=Zigbee to MQTT bridge"
# - "traefik.enable=true"
# - "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.kelinreij.duckdns.org`)"
# - "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)"
# - "traefik.http.routers.zigbee2mqtt.entrypoints=websecure"
# - "traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt"
# - "traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker"
@@ -248,15 +237,15 @@ networks:
x-dockge:
urls:
# Proxied URLs (through Traefik)
- https://ha.kelinreij.duckdns.org
- https://ha.${DOMAIN}
- http://192.168.4.4:8123
- https://esphome.kelinreij.duckdns.org
- https://esphome.${DOMAIN}
- http://192.168.4.4:6052
- https://tasmoadmin.kelinreij.duckdns.org
- https://tasmoadmin.${DOMAIN}
- http://192.168.4.4:8084
- https://motioneye.kelinreij.duckdns.org
- https://motioneye.${DOMAIN}
- http://192.168.4.4:8765
- https://nodered.kelinreij.duckdns.org
- https://nodered.${DOMAIN}
- http://192.168.4.4:1880
- mqtt://192.168.4.4:1883
- https://zigbee2mqtt.kelinreij.duckdns.org
- https://zigbee2mqtt.${DOMAIN}

26
docker-compose/infrastructure/docker-compose.yml
View File

@@ -1,9 +1,5 @@
# Infrastructure Services
# Core services that other services depend on
# Place in /opt/stacks/infrastructure/docker-compose.yml
# SABLIER SESSION DURATION: Set to 5m for testing. Increase to 30m for production in config-templates/traefik/dynamic/sablier.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
@@ -41,7 +37,6 @@ services:
- homelab.description=Docker socket proxy for security
# Pi-hole - Network-wide ad blocker and DNS server
# Access at: https://pihole.kelinreij.duckdns.org
# DNS service must always run for network-wide ad blocking
pihole:
image: pihole/pihole:2024.01.0
@@ -87,15 +82,13 @@ services:
# - This prevents conflicts between Docker labels and file provider
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.pihole.rule=Host(`pihole.kelinreij.duckdns.org`)"
- "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)"
- "traefik.http.routers.pihole.entrypoints=websecure"
- "traefik.http.routers.pihole.tls.certresolver=letsencrypt"
- "traefik.http.routers.pihole.middlewares=authelia@docker"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
# Watchtower - Automatic container updates
# Monitors and updates Docker containers to latest versions
# Runs daily at 4 AM
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
@@ -116,7 +109,6 @@ services:
- "homelab.description=Automatic Docker container updates"
# Dozzle - Real-time Docker log viewer
# Access at: https://dozzle.kelinreij.duckdns.org
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
dozzle:
image: amir20/dozzle:latest
@@ -157,7 +149,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.dozzle.rule=Host(`dozzle.jasper.kelinreij.duckdns.org`)"
- "traefik.http.routers.dozzle.rule=Host(`dozzle.jasper.${DOMAIN}`)"
- "traefik.http.routers.dozzle.entrypoints=websecure"
- "traefik.http.routers.dozzle.tls=true"
- "traefik.http.routers.dozzle.middlewares=authelia@docker"
@@ -169,7 +161,6 @@ services:
- "sablier.start-on-demand=true"
# Glances - System monitoring
# Access at: https://glances.kelinreij.duckdns.org
# Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
glances:
image: nicolargo/glances:latest-full
@@ -210,7 +201,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.glances.rule=Host(`glances.jasper.kelinreij.duckdns.org`)"
- "traefik.http.routers.glances.rule=Host(`glances.jasper.${DOMAIN}`)"
- "traefik.http.routers.glances.entrypoints=websecure"
- "traefik.http.routers.glances.tls=true"
- "traefik.http.routers.glances.middlewares=authelia@docker"
@@ -222,7 +213,6 @@ services:
- "sablier.start-on-demand=true"
# Code Server - VS Code in browser
# Access at: https://code.kelinreij.duckdns.org
# Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
code-server:
image: lscr.io/linuxserver/code-server:latest
@@ -267,7 +257,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.code-server.rule=Host(`code.kelinreij.duckdns.org`)"
- "traefik.http.routers.code-server.rule=Host(`code.${DOMAIN}`)"
- "traefik.http.routers.code-server.entrypoints=websecure"
- "traefik.http.routers.code-server.tls.certresolver=letsencrypt"
- "traefik.http.routers.code-server.middlewares=authelia@docker"
@@ -280,13 +270,13 @@ services:
x-dockge:
urls:
- https://pihole.kelinreij.duckdns.org
- https://pihole.${DOMAIN}
- https://192.168.4.4:53
- https://dozzle.kelinreij.duckdns.org
- https://dozzle.${DOMAIN}
- https://192.168.4.4:8085
- https://glances.kelinreij.duckdns.org
- https://glances.${DOMAIN}
- https://192.168.4.4:61208
- https://code.kelinreij.duckdns.org
- https://code.${DOMAIN}
- https://192.168.4.4:8079
- http://192.168.4.4:2375 # Docker Proxy
- http://192.168.4.4:19999 # Netdata

44
docker-compose/media-management/docker-compose.yml
View File

@@ -1,16 +1,12 @@
# Media Management Services
# Content automation and library management (*arr apps, transcoders, etc.)
# Place in /opt/stacks/media-management/docker-compose.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
services:
# Sonarr - TV show automation
# Access at: https://sonarr.yourdomain.duckdns.org
sonarr:
# Sonarr - TV show management and automation
image: linuxserver/sonarr:4.0.0
container_name: sonarr
restart: no
@@ -45,7 +41,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.sonarr.rule=Host(`sonarr.kelinreij.duckdns.org`)"
- "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)"
- "traefik.http.routers.sonarr.entrypoints=websecure"
- "traefik.http.routers.sonarr.tls.certresolver=letsencrypt"
- "traefik.http.routers.sonarr.middlewares=authelia@docker"
@@ -55,7 +51,6 @@ services:
- "sablier.start-on-demand=true"
# Radarr - Movie automation
# Access at: https://radarr.yourdomain.duckdns.org
radarr:
image: linuxserver/radarr:5.2.6
container_name: radarr
@@ -91,7 +86,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.radarr.rule=Host(`radarr.kelinreij.duckdns.org`)"
- "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)"
- "traefik.http.routers.radarr.entrypoints=websecure"
- "traefik.http.routers.radarr.tls.certresolver=letsencrypt"
- "traefik.http.routers.radarr.middlewares=authelia@docker"
@@ -135,7 +130,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.prowlarr.rule=Host(`prowlarr.kelinreij.duckdns.org`)"
- "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)"
- "traefik.http.routers.prowlarr.entrypoints=websecure"
- "traefik.http.routers.prowlarr.tls.certresolver=letsencrypt"
- "traefik.http.routers.prowlarr.middlewares=authelia@docker"
@@ -145,7 +140,6 @@ services:
- "sablier.start-on-demand=true"
# Readarr - Ebook and audiobook management
# Access at: https://readarr.kelinreij.duckdns.org
readarr:
image: linuxserver/readarr:0.4.19-nightly
container_name: readarr
@@ -175,7 +169,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.readarr.rule=Host(`readarr.kelinreij.duckdns.org`)"
- "traefik.http.routers.readarr.rule=Host(`readarr.${DOMAIN}`)"
- "traefik.http.routers.readarr.entrypoints=websecure"
- "traefik.http.routers.readarr.tls.certresolver=letsencrypt"
- "traefik.http.routers.readarr.middlewares=authelia@docker"
@@ -185,7 +179,6 @@ services:
- "sablier.start-on-demand=true"
# Lidarr - Music collection manager
# Access at: https://lidarr.kelinreij.duckdns.org
lidarr:
image: linuxserver/lidarr:2.0.7
container_name: lidarr
@@ -215,7 +208,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.lidarr.rule=Host(`lidarr.kelinreij.duckdns.org`)"
- "traefik.http.routers.lidarr.rule=Host(`lidarr.${DOMAIN}`)"
- "traefik.http.routers.lidarr.entrypoints=websecure"
- "traefik.http.routers.lidarr.tls.certresolver=letsencrypt"
- "traefik.http.routers.lidarr.middlewares=authelia@docker"
@@ -225,7 +218,6 @@ services:
- "sablier.start-on-demand=true"
# Lazy Librarian - Book manager
# Access at: https://lazylibrarian.kelinreij.duckdns.org
lazylibrarian:
image: linuxserver/lazylibrarian:latest
container_name: lazylibrarian
@@ -256,7 +248,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.lazylibrarian.rule=Host(`lazylibrarian.kelinreij.duckdns.org`)"
- "traefik.http.routers.lazylibrarian.rule=Host(`lazylibrarian.${DOMAIN}`)"
- "traefik.http.routers.lazylibrarian.entrypoints=websecure"
- "traefik.http.routers.lazylibrarian.tls.certresolver=letsencrypt"
- "traefik.http.routers.lazylibrarian.middlewares=authelia@docker"
@@ -266,7 +258,6 @@ services:
- "sablier.start-on-demand=true"
# Mylar3 - Comic book manager
# Access at: https://mylar.kelinreij.duckdns.org
mylar3:
image: linuxserver/mylar3:latest
container_name: mylar3
@@ -296,7 +287,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.mylar.rule=Host(`mylar.kelinreij.duckdns.org`)"
- "traefik.http.routers.mylar.rule=Host(`mylar.${DOMAIN}`)"
- "traefik.http.routers.mylar.entrypoints=websecure"
- "traefik.http.routers.mylar.tls.certresolver=letsencrypt"
- "traefik.http.routers.mylar.middlewares=authelia@docker"
@@ -306,7 +297,6 @@ services:
- "sablier.start-on-demand=true"
# Jellyseerr - Request management for Jellyfin/Plex
# Access at: https://jellyseerr.kelinreij.duckdns.org
jellyseerr:
image: fallenbagel/jellyseerr:latest
container_name: jellyseerr
@@ -339,7 +329,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.kelinreij.duckdns.org`)"
- "traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${DOMAIN}`)"
- "traefik.http.routers.jellyseerr.entrypoints=websecure"
- "traefik.http.routers.jellyseerr.tls.certresolver=letsencrypt"
- "traefik.http.routers.jellyseerr.middlewares=authelia@docker"
@@ -368,21 +358,21 @@ services:
x-dockge:
urls:
- https://sonarr.kelinreij.duckdns.org
- https://sonarr.${DOMAIN}
- http://192.168.4.4:8989
- https://radarr.kelinreij.duckdns.org
- https://radarr.${DOMAIN}
- http://192.168.4.4:7878
- https://prowlarr.kelinreij.duckdns.org
- https://prowlarr.${DOMAIN}
- http://192.168.4.4:9696
- https://readarr.kelinreij.duckdns.org
- https://readarr.${DOMAIN}
- http://192.168.4.4:8787
- https://lidarr.kelinreij.duckdns.org
- https://lidarr.${DOMAIN}
- http://192.168.4.4:8686
- https://lazylibrarian.kelinreij.duckdns.org
- https://lazylibrarian.${DOMAIN}
- http://192.168.4.4:5299
- https://mylar.kelinreij.duckdns.org
- https://mylar.${DOMAIN}
- http://192.168.4.4:8090
- https://jellyseerr.kelinreij.duckdns.org
- https://jellyseerr.${DOMAIN}
- http://192.168.4.4:5055
networks:

23
docker-compose/media/docker-compose.yml
View File

@@ -1,22 +1,14 @@
# Media Services
# Default Services for media management and streaming
# Place in /opt/stacks/media/docker-compose.yml
# SABLIER SESSION DURATION: Set to 5m for testing. Increase to 30m for production in config-templates/traefik/dynamic/sablier.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
# Service Access URLs:
# - Jellyfin: https://jellyfin.kelinreij.duckdns.org (no SSO - app access)
# - Plex: https://plex.kelinreij.duckdns.org (no SSO - app access)
# - qBittorrent: https://qbit.kelinreij.duckdns.org (routed through Gluetun VPN)
services:
# Jellyfin - Open-source media streaming server
# Access at: https://jellyfin.yourdomain.duckdns.org
# NOTE: No Authelia - allows app access from Roku, Fire TV, mobile, etc.
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
jellyfin:
@@ -63,7 +55,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.kelinreij.duckdns.org`)"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
@@ -76,7 +68,7 @@ services:
- "sablier.theme=hacker-terminal"
# Calibre-Web - Ebook reader and server
# Access at: https://calibre.kelinreij.duckdns.org
# Access at: https://calibre.${DOMAIN}
calibre-web:
image: lscr.io/linuxserver/calibre-web:latest
deploy:
@@ -112,7 +104,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.calibre.rule=Host(`calibre.kelinreij.duckdns.org`)"
- "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)"
- "traefik.http.routers.calibre.entrypoints=websecure"
- "traefik.http.routers.calibre.tls.certresolver=letsencrypt"
- "traefik.http.routers.calibre.middlewares=authelia@docker"
@@ -123,15 +115,12 @@ services:
- "sablier.group=jasper-calibre-web"
- "sablier.start-on-demand=true"
# ==========================================
# DOCKGE URL CONFIGURATION
# ==========================================
x-dockge:
urls:
# Proxied URLs (through Traefik)
- https://jellyfin.kelinreij.duckdns.org
- https://jellyfin.${DOMAIN}
- http://192.168.4.4:8096
- https://calibre.kelinreij.duckdns.org
- https://calibre.${DOMAIN}
- http://192.168.4.4:8083
networks:

30
docker-compose/monitoring/docker-compose.yml
View File

@@ -1,25 +1,11 @@
# Monitoring and Observability Services
# Services for monitoring your homelab infrastructure
# Place in /opt/stacks/monitoring/docker-compose.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
# Service Access URLs:
# - Prometheus: http://192.168.4.4:9090 (or configure Traefik)
# - Grafana: http://192.168.4.4:3000 (or configure Traefik)
# - Uptime Kuma: https://status.kelinreij.duckdns.org
# - Node Exporter: http://192.168.4.4:9100/metrics
# - cAdvisor: http://192.168.4.4:8082
# - Loki: http://192.168.4.4:3100
# NOTE: Prometheus, Grafana, Loki use ports because they need to be accessible to other services
# Add Traefik labels if you want https://prometheus.kelinreij.duckdns.org access
services:
# Prometheus - Metrics collection and storage
# Access at: http://192.168.4.4:9090
prometheus:
image: prom/prometheus:v2.48.1
deploy:
@@ -59,7 +45,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.kelinreij.duckdns.org`)"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)"
- "traefik.http.routers.prometheus.entrypoints=websecure"
- "traefik.http.routers.prometheus.tls=true"
- "traefik.http.routers.prometheus.tls.certresolver=letsencrypt"
@@ -67,7 +53,6 @@ services:
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
# Grafana - Metrics visualization
# Access at: http://192.168.4.4:3000
# Default credentials: admin / admin (change on first login)
grafana:
image: grafana/grafana:10.2.3
@@ -93,7 +78,7 @@ services:
environment:
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_ROOT_URL=https://grafana.kelinreij.duckdns.org
- GF_SERVER_ROOT_URL=https://grafana.${DOMAIN}
- GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel
user: "1000:1000"
depends_on:
@@ -109,7 +94,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.grafana.rule=Host(`grafana.kelinreij.duckdns.org`)"
- "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)"
- "traefik.http.routers.grafana.entrypoints=websecure"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
@@ -170,7 +155,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.cadvisor.rule=Host(`cadvisor.kelinreij.duckdns.org`)"
- "traefik.http.routers.cadvisor.rule=Host(`cadvisor.${DOMAIN}`)"
- "traefik.http.routers.cadvisor.entrypoints=websecure"
- "traefik.http.routers.cadvisor.tls=true"
- "traefik.http.routers.cadvisor.tls.certresolver=letsencrypt"
@@ -178,7 +163,6 @@ services:
- "traefik.http.services.cadvisor.loadbalancer.server.port=8080"
# Uptime Kuma - Uptime monitoring
# Access at: https://uptime-kuma.kelinreij.duckdns.org
uptime-kuma:
image: louislam/uptime-kuma:1
deploy:
@@ -211,7 +195,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.kelinreij.duckdns.org`)"
- "traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.${DOMAIN}`)"
- "traefik.http.routers.uptime-kuma.entrypoints=websecure"
- "traefik.http.routers.uptime-kuma.tls=true"
- "traefik.http.routers.uptime-kuma.tls.certresolver=letsencrypt"
@@ -253,7 +237,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.loki.rule=Host(`loki.kelinreij.duckdns.org`)"
- "traefik.http.routers.loki.rule=Host(`loki.${DOMAIN}`)"
- "traefik.http.routers.loki.entrypoints=websecure"
- "traefik.http.routers.loki.tls=true"
- "traefik.http.routers.loki.tls.certresolver=letsencrypt"
@@ -300,7 +284,7 @@ x-dockge:
# Proxied URLs (through Traefik)
- http://192.168.4.4:9090
- http://192.168.4.4:3000
- https://uptime-kuma.kelinreij.duckdns.org
- https://uptime-kuma.${DOMAIN}
- http://192.168.4.4:9100/metrics
- http://192.168.4.4:8082
- http://192.168.4.4:3100

34
docker-compose/productivity/docker-compose.yml
View File

@@ -1,8 +1,5 @@
# Productivity and Content Management Services
# Place in /opt/stacks/productivity/docker-compose.yml
# SABLIER SESSION DURATION: Set to 5m for testing. Increase to 30m for production in config-templates/traefik/dynamic/sablier.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
@@ -10,7 +7,6 @@
services:
# Nextcloud - File sync and collaboration
# Access at: https://nextcloud.kelinreij.duckdns.org
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
nextcloud:
image: nextcloud:28
@@ -40,10 +36,10 @@ services:
- MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.kelinreij.duckdns.org
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.${DOMAIN}
- TRUSTED_PROXIES=172.18.0.0/16
- OVERWRITEPROTOCOL=https
- OVERWRITEHOST=nextcloud.kelinreij.duckdns.org
- OVERWRITEHOST=nextcloud.${DOMAIN}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/status.php"]
interval: 30s
@@ -61,7 +57,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.kelinreij.duckdns.org`)"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
- "traefik.http.routers.nextcloud.middlewares=authelia@docker"
@@ -91,7 +87,6 @@ services:
- "homelab.description=Nextcloud database"
# Mealie - Recipe manager
# Access at: https://mealie.kelinreij.duckdns.org
mealie:
image: ghcr.io/mealie-recipes/mealie:latest
container_name: mealie
@@ -107,7 +102,7 @@ services:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- BASE_URL=https://mealie.kelinreij.duckdns.org
- BASE_URL=https://mealie.${DOMAIN}
- DB_ENGINE=sqlite
labels:
# TRAEFIK CONFIGURATION
@@ -118,7 +113,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.mealie.rule=Host(`mealie.kelinreij.duckdns.org`)"
- "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)"
- "traefik.http.routers.mealie.entrypoints=websecure"
- "traefik.http.routers.mealie.tls.certresolver=letsencrypt"
- "traefik.http.routers.mealie.middlewares=authelia@docker"
@@ -130,7 +125,6 @@ services:
- "sablier.start-on-demand=true"
# WordPress - Blog/website platform
# Access at: https://blog.kelinreij.duckdns.org
wordpress:
image: wordpress:latest
container_name: wordpress
@@ -164,7 +158,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.wordpress.rule=Host(`wordpress.kelinreij.duckdns.org`)"
- "traefik.http.routers.wordpress.rule=Host(`wordpress.${DOMAIN}`)"
- "traefik.http.routers.wordpress.entrypoints=websecure"
- "traefik.http.routers.wordpress.tls.certresolver=letsencrypt"
- "traefik.http.routers.wordpress.middlewares=authelia@docker"
@@ -193,7 +187,6 @@ services:
- "homelab.description=WordPress database"
# Gitea - Self-hosted Git service
# Access at: https://git.kelinreij.duckdns.org
gitea:
image: gitea/gitea:latest
deploy:
@@ -241,7 +234,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.gitea.rule=Host(`gitea.kelinreij.duckdns.org`)"
- "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
- "traefik.http.routers.gitea.middlewares=authelia@docker"
@@ -270,7 +263,6 @@ services:
# Jupyter Lab - Interactive computing notebooks
# Access at: https://jupyter.kelinreij.duckdns.org
# Token displayed in logs on first start
jupyter:
image: jupyter/scipy-notebook:latest
@@ -307,7 +299,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.jupyter.rule=Host(`jupyter.kelinreij.duckdns.org`)"
- "traefik.http.routers.jupyter.rule=Host(`jupyter.${DOMAIN}`)"
- "traefik.http.routers.jupyter.entrypoints=websecure"
- "traefik.http.routers.jupyter.tls.certresolver=letsencrypt"
- "traefik.http.routers.jupyter.middlewares=authelia@docker"
@@ -331,13 +323,13 @@ networks:
x-dockge:
urls:
# Proxied URLs (through Traefik)
- https://nextcloud.kelinreij.duckdns.org
- https://nextcloud.${DOMAIN}
- https://192.168.4.4:8089
- https://mealie.kelinreij.duckdns.org
- https://mealie.${DOMAIN}
- https://192.168.4.4:9000
- https://wordpress.kelinreij.duckdns.org
- https://wordpress.${DOMAIN}
- https://192.168.4.4:8088
- https://gitea.kelinreij.duckdns.org
- https://gitea.${DOMAIN}
- https://192.168.4.4:3010
- https://jupyter.kelinreij.duckdns.org
- https://jupyter.${DOMAIN}
- https://192.168.4.4:8890

16
docker-compose/transcoders/docker-compose.yml
View File

@@ -1,6 +1,11 @@
# Transcoder Services
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
services:
# Tdarr Server - Distributed transcoding server
# Access at: https://tdarr.kelinreij.duckdns.org
tdarr-server:
image: ghcr.io/haveagitgat/tdarr:latest
container_name: tdarr-server
@@ -36,7 +41,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.tdarr.rule=Host(`tdarr.kelinreij.duckdns.org`)"
- "traefik.http.routers.tdarr.rule=Host(`tdarr.${DOMAIN}`)"
- "traefik.http.routers.tdarr.entrypoints=websecure"
- "traefik.http.routers.tdarr.tls.certresolver=letsencrypt"
- "traefik.http.routers.tdarr.middlewares=authelia@docker"
@@ -75,7 +80,6 @@ services:
- "sablier.start-on-demand=true"
# Unmanic - Another transcoding option
# Access at: https://unmanic.kelinreij.duckdns.org
unmanic:
image: josh5/unmanic:latest
container_name: unmanic
@@ -105,7 +109,7 @@ services:
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
- "traefik.http.routers.unmanic.rule=Host(`unmanic.kelinreij.duckdns.org`)"
- "traefik.http.routers.unmanic.rule=Host(`unmanic.${DOMAIN}`)"
- "traefik.http.routers.unmanic.entrypoints=websecure"
- "traefik.http.routers.unmanic.tls.certresolver=letsencrypt"
- "traefik.http.routers.unmanic.middlewares=authelia@docker"
@@ -122,7 +126,7 @@ networks:
x-dockge:
urls:
- https://tdarr.kelinreij.duckdns.org
- https://tdarr.${DOMAIN}
- http://192.168.4.4:8265
- https://unmanic.kelinreij.duckdns.org
- https://unmanic.${DOMAIN}
- http://192.168.4.4:8888

23
docker-compose/utilities/docker-compose.yml
View File

@@ -1,6 +1,4 @@
# Backup and Utility Services
# Place in /opt/stacks/utilities/docker-compose.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
@@ -8,7 +6,6 @@
services:
# Backrest - Backup solution for restic
# Access at: https://backrest.kelinreij.duckdns.org
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
backrest:
image: garethgeorge/backrest:latest
@@ -44,7 +41,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.backrest.rule=Host(`backrest.kelinreij.duckdns.org`)"
- "traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)"
- "traefik.http.routers.backrest.entrypoints=websecure"
- "traefik.http.routers.backrest.tls.certresolver=letsencrypt"
- "traefik.http.routers.backrest.middlewares=authelia@docker"
@@ -56,7 +53,6 @@ services:
- "sablier.start-on-demand=true"
# Duplicati - Backup solution
# Access at: https://duplicati.kelinreij.duckdns.org
duplicati:
image: lscr.io/linuxserver/duplicati:2.0.7
container_name: duplicati
@@ -90,7 +86,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.duplicati.rule=Host(`duplicati.kelinreij.duckdns.org`)"
- "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)"
- "traefik.http.routers.duplicati.entrypoints=websecure"
- "traefik.http.routers.duplicati.tls.certresolver=letsencrypt"
- "traefik.http.routers.duplicati.middlewares=authelia@docker"
@@ -134,7 +130,7 @@ services:
# Traefik labels
- "traefik.enable=true"
# Router configuration
- "traefik.http.routers.formio.rule=Host(`forms.kelinreij.duckdns.org`)"
- "traefik.http.routers.formio.rule=Host(`forms.${DOMAIN}`)"
- "traefik.http.routers.formio.entrypoints=websecure"
- "traefik.http.routers.formio.tls.certresolver=letsencrypt"
- "traefik.http.routers.formio.middlewares=authelia@docker"
@@ -156,7 +152,6 @@ services:
- "homelab.description=Form.io database"
# Bitwarden (Vaultwarden) - Password manager
# Access at: https://vault.kelinreij.duckdns.org
# Note: SSO disabled for browser extension and mobile app compatibility
vaultwarden:
@@ -171,7 +166,7 @@ services:
volumes:
- ./vaultwarden/data:/data
environment:
- DOMAIN=https://vault.kelinreij.duckdns.org
- DOMAIN=https://vault.${DOMAIN}
- SIGNUPS_ALLOWED=${BITWARDEN_SIGNUPS_ALLOWED}
- INVITATIONS_ALLOWED=${BITWARDEN_INVITATIONS_ALLOWED}
- ADMIN_TOKEN=${BITWARDEN_ADMIN_TOKEN}
@@ -198,7 +193,7 @@ services:
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.rule=Host(`vault.kelinreij.duckdns.org`)"
- "traefik.http.routers.vaultwarden.rule=Host(`vault.${DOMAIN}`)"
- "traefik.http.routers.vaultwarden.entrypoints=websecure"
- "traefik.http.routers.vaultwarden.tls=true"
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
@@ -238,11 +233,11 @@ networks:
x-dockge:
urls:
- https://backrest.kelinreij.duckdns.org
- https://backrest.${DOMAIN}
- https://192.168.4.4:9898
- https://duplicati.kelinreij.duckdns.org
- https://duplicati.${DOMAIN}
- https://192.168.4.4:8200
- https://forms.kelinreij.duckdns.org
- https://forms.${DOMAIN}
- https://192.168.4.4:3002
- https://vault.kelinreij.duckdns.org
- https://vault.${DOMAIN}
- https://192.168.4.4:8091

9
docker-compose/vpn/docker-compose.yml
View File

@@ -1,7 +1,4 @@
# VPN Stack
# VPN client and VPN-routed download clients
# Place in /opt/stacks/vpn/docker-compose.yml
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
@@ -10,7 +7,6 @@
services:
# Gluetun - VPN client (Surfshark)
# Routes download clients through VPN for security
# VPN service should always run to maintain secure connections
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
@@ -47,7 +43,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.qbittorrent.rule=Host(`qbit.kelinreij.duckdns.org`)"
- "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.tls=true"
- "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
@@ -59,7 +55,6 @@ services:
- "sablier.sessionDuration=1h"
# qBittorrent - Torrent client
# Routes through Gluetun VPN
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
deploy:
@@ -93,5 +88,5 @@ networks:
x-dockge:
urls:
- https://qbit.kelinreij.duckdns.org
- https://qbit.${DOMAIN}
- https://192.168.4.4:8081

23
docker-compose/wikis/docker-compose.yml
View File

@@ -1,6 +1,11 @@
# Wiki Services
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
services:
# DokuWiki - Wiki without database
# Access at: https://wiki.kelinreij.duckdns.org
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
dokuwiki:
image: lscr.io/linuxserver/dokuwiki:latest
@@ -26,7 +31,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.dokuwiki.rule=Host(`dokuwiki.kelinreij.duckdns.org`)"
- "traefik.http.routers.dokuwiki.rule=Host(`dokuwiki.${DOMAIN}`)"
- "traefik.http.routers.dokuwiki.entrypoints=websecure"
- "traefik.http.routers.dokuwiki.tls.certresolver=letsencrypt"
- "traefik.http.routers.dokuwiki.middlewares=authelia@docker"
@@ -38,7 +43,6 @@ services:
- "sablier.start-on-demand=true"
# BookStack - Documentation platform
# Access at: https://docs.kelinreij.duckdns.org
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
bookstack:
image: lscr.io/linuxserver/bookstack:latest
@@ -54,7 +58,7 @@ services:
environment:
- PUID=1000
- PGID=1000
- APP_URL=https://bookstack.kelinreij.duckdns.org
- APP_URL=https://bookstack.${DOMAIN}
- DB_HOST=bookstack-db
- DB_PORT=3306
- DB_DATABASE=bookstack
@@ -78,7 +82,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.bookstack.rule=Host(`bookstack.kelinreij.duckdns.org`)"
- "traefik.http.routers.bookstack.rule=Host(`bookstack.${DOMAIN}`)"
- "traefik.http.routers.bookstack.entrypoints=websecure"
- "traefik.http.routers.bookstack.tls.certresolver=letsencrypt"
- "traefik.http.routers.bookstack.middlewares=authelia@docker"
@@ -107,7 +111,6 @@ services:
- "homelab.description=BookStack database"
# MediaWiki - Wiki platform
# Access at: https://mediawiki.kelinreij.duckdns.org
mediawiki:
image: mediawiki:latest
container_name: mediawiki
@@ -142,7 +145,7 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# Router configuration
- "traefik.http.routers.mediawiki.rule=Host(`mediawiki.kelinreij.duckdns.org`)"
- "traefik.http.routers.mediawiki.rule=Host(`mediawiki.${DOMAIN}`)"
- "traefik.http.routers.mediawiki.entrypoints=websecure"
- "traefik.http.routers.mediawiki.tls.certresolver=letsencrypt"
- "traefik.http.routers.mediawiki.middlewares=authelia@docker"
@@ -183,9 +186,9 @@ networks:
x-dockge:
urls:
# Proxied URLs (through Traefik)
- https://bookstack.kelinreij.duckdns.org
- https://bookstack.${DOMAIN}
- https://192.168.4.4:6875
- https://dokuwiki.kelinreij.duckdns.org
- https://dokuwiki.${DOMAIN}
- https://192.168.4.4:8087
- https://mediawiki.kelinreij.duckdns.org
- https://mediawiki.${DOMAIN}
- https://192.168.4.4:8086