# Backup and Utility Services # RESTART POLICY GUIDE: # - unless-stopped: Core infrastructure services that should always run # - no: Services with Sablier lazy loading (start on-demand) # - See individual service comments for specific reasoning services: # Backrest - Backup solution for restic # Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity backrest: image: garethgeorge/backrest:latest container_name: backrest restart: no networks: - homelab-network - traefik-network ports: - '9898:9898' volumes: - ./backrest/data:/data - ./backrest/config:/config - /opt/stacks:/opt/stacks:ro # Backup source - /mnt:/mnt:ro # Backup additional drives - backrest-cache:/cache environment: - BACKREST_DATA=/data - BACKREST_CONFIG=/config/config.json - TZ=America/New_York healthcheck: test: ['CMD', 'wget', '--quiet', '--tries=1', '--spider', 'http://localhost:9898/'] interval: 30s timeout: 10s retries: 3 start_period: 30s labels: # TRAEFIK CONFIGURATION # Service metadata - 'com.centurylinklabs.watchtower.enable=true' - 'homelab.category=utilities' - 'homelab.description=Backup management with restic' - 'traefik.enable=true' - 'traefik.docker.network=traefik-network' # Router configuration - 'traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)' - 'traefik.http.routers.backrest.entrypoints=websecure' - 'traefik.http.routers.backrest.tls.certresolver=letsencrypt' - 'traefik.http.routers.backrest.middlewares=authelia@docker' # Service configuration - 'traefik.http.services.backrest.loadbalancer.server.port=9898' # Sablier configuration - 'sablier.enable=true' - 'sablier.group=jasper-backrest' - 'sablier.start-on-demand=true' # Duplicati - Backup solution duplicati: image: lscr.io/linuxserver/duplicati:2.0.7 container_name: duplicati restart: no networks: - homelab-network - traefik-network ports: - '8200:8200' volumes: - ./duplicati/config:/config - /opt/stacks:/source/stacks:ro - /mnt:/source/mnt:ro - /mnt/backups:/backups environment: - PUID=1000 - PGID=1000 - TZ=America/New_York healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:8200/'] interval: 30s timeout: 10s retries: 3 start_period: 60s labels: # TRAEFIK CONFIGURATION # Service metadata - 'com.centurylinklabs.watchtower.enable=true' - 'homelab.category=utilities' - 'homelab.description=Backup software with encryption' - 'traefik.enable=true' - 'traefik.docker.network=traefik-network' # Router configuration - 'traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)' - 'traefik.http.routers.duplicati.entrypoints=websecure' - 'traefik.http.routers.duplicati.tls.certresolver=letsencrypt' - 'traefik.http.routers.duplicati.middlewares=authelia@docker' # Service configuration - 'traefik.http.services.duplicati.loadbalancer.server.port=8200' # Sablier configuration - 'sablier.enable=true' - 'sablier.group=jasper-duplicati' - 'sablier.start-on-demand=true' # Form.io - Form builder # Uncomment and configure if formio/formio image becomes available formio: image: calipseo/formio:latest container_name: formio restart: no networks: - homelab-network - traefik-network ports: - '3002:3001' environment: - MONGO=mongodb://formio-mongo:27017/formio - JWT_SECRET=${FORMIO_JWT_SECRET} - DB_SECRET=${FORMIO_DB_SECRET} healthcheck: test: ['CMD', 'wget', '--quiet', '--tries=1', '--spider', 'http://localhost:3001/'] interval: 30s timeout: 10s retries: 3 start_period: 60s depends_on: - formio-mongo labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - 'com.centurylinklabs.watchtower.enable=true' - 'homelab.category=utilities' - 'homelab.description=Form builder platform' # Traefik labels - 'traefik.enable=true' # Router configuration - 'traefik.http.routers.formio.rule=Host(`forms.${DOMAIN}`)' - 'traefik.http.routers.formio.entrypoints=websecure' - 'traefik.http.routers.formio.tls.certresolver=letsencrypt' - 'traefik.http.routers.formio.middlewares=authelia@docker' # Service configuration - 'traefik.http.services.formio.loadbalancer.server.port=3001' # Sablier configuration - 'sablier.enable=true' - 'sablier.group=jasper-formio' - 'sablier.start-on-demand=true' formio-mongo: image: mongo:4.4 container_name: formio-mongo restart: unless-stopped networks: - homelab-network labels: - 'homelab.category=utilities' - 'homelab.description=Form.io database' # Bitwarden (Vaultwarden) - Password manager # Note: SSO disabled for browser extension and mobile app compatibility vaultwarden: image: vaultwarden/server:1.30.1 container_name: vaultwarden restart: no networks: - homelab-network - traefik-network ports: - '8091:80' volumes: - ./vaultwarden/data:/data environment: - DOMAIN=https://vault.${DOMAIN} - SIGNUPS_ALLOWED=${BITWARDEN_SIGNUPS_ALLOWED} - INVITATIONS_ALLOWED=${BITWARDEN_INVITATIONS_ALLOWED} - ADMIN_TOKEN=${BITWARDEN_ADMIN_TOKEN} # SMTP disabled - uncomment and configure to enable email # - SMTP_HOST=${SMTP_HOST} # - SMTP_FROM=${SMTP_FROM} # - SMTP_PORT=${SMTP_PORT} # - SMTP_SECURITY=${SMTP_SECURITY} # - SMTP_USERNAME=${SMTP_USERNAME} # - SMTP_PASSWORD=${SMTP_PASSWORD} healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:80/'] interval: 30s timeout: 10s retries: 3 start_period: 30s labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - 'homelab.category=utilities' - 'homelab.description=Self-hosted password manager (Bitwarden)' # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - 'traefik.enable=true' - 'traefik.http.routers.vaultwarden.rule=Host(`vault.${DOMAIN}`)' - 'traefik.http.routers.vaultwarden.entrypoints=websecure' - 'traefik.http.routers.vaultwarden.tls=true' - 'traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt' # SSO disabled for browser extension and mobile app compatibility # - 'traefik.http.routers.vaultwarden.middlewares=authelia@docker' - 'traefik.http.services.vaultwarden.loadbalancer.server.port=80' # Sablier configuration - 'sablier.enable=true' - 'sablier.group=jasper-vaultwarden' - 'sablier.start-on-demand=true' # Authelia Redis - Session storage for Authelia # No web UI - backend service # authelia-redis: # image: redis:7-alpine # container_name: authelia-redis # restart: unless-stopped # networks: # - homelab-network # volumes: # - authelia-redis-data:/data # command: redis-server --save 60 1 --loglevel warning # labels: # - homelab.category=utilities # - homelab.description=Session storage for Authelia volumes: backrest-cache: null formio-mongo-data: null authelia-redis-data: null networks: homelab-network: external: true traefik-network: external: true x-dockge: urls: - https://backrest.${DOMAIN} - https://192.168.4.4:9898 - https://duplicati.${DOMAIN} - https://192.168.4.4:8200 - https://forms.${DOMAIN} - https://192.168.4.4:3002 - https://vault.${DOMAIN} - https://192.168.4.4:8091