# Home Assistant and IoT Services # RESTART POLICY GUIDE: # - unless-stopped: Core infrastructure services that should always run # - no: Services with Sablier lazy loading (start on-demand) # - See individual service comments for specific reasoning services: # Home Assistant - Home automation platform # NOTE: No Authelia - HA has its own authentication homeassistant: image: ghcr.io/home-assistant/home-assistant:2024.1 deploy: resources: limits: cpus: '1.5' memory: 1G pids: 2048 reservations: cpus: '0.75' memory: 512M container_name: homeassistant restart: unless-stopped network_mode: host # Required for device discovery volumes: - ./homeassistant/config:/config - /etc/localtime:/etc/localtime:ro environment: - TZ=America/New_York privileged: true labels: - 'homelab.category=iot' - 'homelab.description=Home automation platform' # Note: network_mode: host means Traefik can't proxy this directly # Use Traefik's file provider or external host routing # ESPHome - ESP8266/ESP32 firmware manager esphome: image: ghcr.io/esphome/esphome:latest deploy: resources: limits: cpus: '0.50' memory: 256M pids: 512 reservations: cpus: '0.25' memory: 128M container_name: esphome restart: unless-stopped networks: - homelab-network - traefik-network ports: - '6052:6052' volumes: - ./esphome/config:/config - /etc/localtime:/etc/localtime:ro environment: - TZ=America/New_York - ESPHOME_DASHBOARD_USE_PING=true privileged: true # For USB device access labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - 'homelab.category=iot' - 'homelab.description=ESP8266/ESP32 firmware manager' # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - 'traefik.enable=true' - 'traefik.docker.network=traefik-network' - 'traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)' - 'traefik.http.routers.esphome.entrypoints=websecure' - 'traefik.http.routers.esphome.tls.certresolver=letsencrypt' - 'traefik.http.routers.esphome.middlewares=authelia@docker' - 'traefik.http.services.esphome.loadbalancer.server.port=6052' # TasmoAdmin - Tasmota device manager tasmoadmin: image: ghcr.io/tasmoadmin/tasmoadmin:latest container_name: tasmoadmin restart: unless-stopped networks: - homelab-network - traefik-network ports: - '8084:80' volumes: - /opt/stacks/tasmoadmin/data:/data environment: - TZ=America/New_York labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - 'homelab.category=iot' - 'homelab.description=Tasmota device management' # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - 'traefik.enable=true' - 'traefik.docker.network=traefik-network' - 'traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)' - 'traefik.http.routers.tasmoadmin.entrypoints=websecure' - 'traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt' - 'traefik.http.routers.tasmoadmin.middlewares=authelia@docker' - 'traefik.http.services.tasmoadmin.loadbalancer.server.port=80' # MotionEye - Video surveillance motioneye: image: ccrisan/motioneye:master-amd64 container_name: motioneye restart: unless-stopped networks: - homelab-network - traefik-network ports: - '8765:8765' volumes: - ./$(basename $file .yml)/config:/etc/motioneye - /mnt/surveillance:/var/lib/motioneye # Large video files on separate drive environment: - TZ=America/New_York labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - 'homelab.category=iot' - 'homelab.description=Video surveillance system' # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - 'traefik.enable=true' - 'traefik.docker.network=traefik-network' - 'traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)' - 'traefik.http.routers.motioneye.entrypoints=websecure' - 'traefik.http.routers.motioneye.tls.certresolver=letsencrypt' - 'traefik.http.routers.motioneye.middlewares=authelia@docker' - 'traefik.http.services.motioneye.loadbalancer.server.port=8765' # Node-RED - Flow-based automation (Home Assistant addon alternative) nodered: image: nodered/node-red:latest deploy: resources: limits: cpus: '0.50' memory: 256M pids: 512 reservations: cpus: '0.25' memory: 128M container_name: nodered restart: unless-stopped networks: - homelab-network - traefik-network ports: - '1880:1880' volumes: - /opt/stacks/nodered/data:/data environment: - TZ=America/New_York labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - 'homelab.category=iot' - 'homelab.description=Flow-based automation programming' # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - 'traefik.enable=true' - 'traefik.docker.network=traefik-network' - 'traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)' - 'traefik.http.routers.nodered.entrypoints=websecure' - 'traefik.http.routers.nodered.tls.certresolver=letsencrypt' - 'traefik.http.routers.nodered.middlewares=authelia@docker' - 'traefik.http.services.nodered.loadbalancer.server.port=1880' # Mosquitto - MQTT broker (Home Assistant addon alternative) # Used by: Home Assistant, ESPHome, Tasmota devices mosquitto: image: eclipse-mosquitto:latest container_name: mosquitto restart: unless-stopped networks: - homelab-network ports: - '1883:1883' # MQTT - '9001:9001' # Websockets volumes: - ./mosquitto/config:/mosquitto/config - ./mosquitto/data:/mosquitto/data - ./mosquitto/log:/mosquitto/log labels: - 'homelab.category=iot' - 'homelab.description=MQTT message broker' # Zigbee2MQTT - Zigbee to MQTT bridge (DISABLED - requires USB adapter) # NOTE: Requires USB Zigbee adapter (e.g., ConBee II, Sonoff ZBDongle) # Uncomment after connecting adapter # zigbee2mqtt: # image: koenkk/zigbee2mqtt:1.35.1 # container_name: zigbee2mqtt # restart: unless-stopped # networks: # - homelab-network # - traefik-network # volumes: # - ./zigbee2mqtt/data:/app/data # - /run/udev:/run/udev:ro # # Uncomment and adjust device path after connecting USB adapter: # # devices: # # - /dev/ttyACM0:/dev/ttyACM0 # Adjust based on your adapter # # Common paths: /dev/ttyACM0, /dev/ttyUSB0, /dev/serial/by-id/... # # Run 'ls -l /dev/serial/by-id/' to find your adapter # environment: # - TZ=America/New_York # labels: # - 'homelab.category=iot' # - 'homelab.description=Zigbee to MQTT bridge' # - 'traefik.enable=true' # - 'traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)' # - 'traefik.http.routers.zigbee2mqtt.entrypoints=websecure' # - 'traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt' # - 'traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker' # - 'traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080' networks: homelab-network: external: true traefik-network: external: true x-dockge: urls: # Proxied URLs (through Traefik) - https://ha.${DOMAIN} - http://192.168.4.4:8123 - https://esphome.${DOMAIN} - http://192.168.4.4:6052 - https://tasmoadmin.${DOMAIN} - http://192.168.4.4:8084 - https://motioneye.${DOMAIN} - http://192.168.4.4:8765 - https://nodered.${DOMAIN} - http://192.168.4.4:1880 - mqtt://192.168.4.4:1883 - https://zigbee2mqtt.${DOMAIN}