# Backup and Utility Services # RESTART POLICY GUIDE: # - unless-stopped: Core infrastructure services that should always run # - no: Services with Sablier lazy loading (start on-demand) # - See individual service comments for specific reasoning services: # Backrest - Backup solution for restic # Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity backrest: image: garethgeorge/backrest:latest container_name: backrest restart: no networks: - homelab-network - traefik-network ports: - "9898:9898" volumes: - ./backrest/data:/data - ./backrest/config:/config - /opt/stacks:/opt/stacks:ro # Backup source - /mnt:/mnt:ro # Backup additional drives - backrest-cache:/cache environment: - BACKREST_DATA=/data - BACKREST_CONFIG=/config/config.json - TZ=America/New_York healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:9898/"] interval: 30s timeout: 10s retries: 3 start_period: 30s labels: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - "homelab.category=utilities" - "homelab.description=Backup management with restic" - "traefik.enable=true" - "traefik.docker.network=traefik-network" # Router configuration - "traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)" - "traefik.http.routers.backrest.entrypoints=websecure" - "traefik.http.routers.backrest.tls.certresolver=letsencrypt" - "traefik.http.routers.backrest.middlewares=authelia@docker" # Service configuration - "traefik.http.services.backrest.loadbalancer.server.port=9898" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-backrest" - "sablier.start-on-demand=true" # Duplicati - Backup solution duplicati: image: lscr.io/linuxserver/duplicati:2.0.7 container_name: duplicati restart: no networks: - homelab-network - traefik-network ports: - "8200:8200" volumes: - ./duplicati/config:/config - /opt/stacks:/source/stacks:ro - /mnt:/source/mnt:ro - /mnt/backups:/backups environment: - PUID=1000 - PGID=1000 - TZ=America/New_York healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8200/"] interval: 30s timeout: 10s retries: 3 start_period: 60s labels: # TRAEFIK CONFIGURATION # Service metadata - "com.centurylinklabs.watchtower.enable=true" - "homelab.category=utilities" - "homelab.description=Backup software with encryption" - "traefik.enable=true" - "traefik.docker.network=traefik-network" # Router configuration - "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)" - "traefik.http.routers.duplicati.entrypoints=websecure" - "traefik.http.routers.duplicati.tls.certresolver=letsencrypt" - "traefik.http.routers.duplicati.middlewares=authelia@docker" # Service configuration - "traefik.http.services.duplicati.loadbalancer.server.port=8200" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-duplicati" - "sablier.start-on-demand=true" # Form.io - Form builder # Uncomment and configure if formio/formio image becomes available formio: image: calipseo/formio:latest container_name: formio restart: no networks: - homelab-network - traefik-network ports: - "3002:3001" environment: - MONGO=mongodb://formio-mongo:27017/formio - JWT_SECRET=${FORMIO_JWT_SECRET} - DB_SECRET=${FORMIO_DB_SECRET} healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:3001/"] interval: 30s timeout: 10s retries: 3 start_period: 60s depends_on: - formio-mongo labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - "com.centurylinklabs.watchtower.enable=true" - "homelab.category=utilities" - "homelab.description=Form builder platform" # Traefik labels - "traefik.enable=true" # Router configuration - "traefik.http.routers.formio.rule=Host(`forms.${DOMAIN}`)" - "traefik.http.routers.formio.entrypoints=websecure" - "traefik.http.routers.formio.tls.certresolver=letsencrypt" - "traefik.http.routers.formio.middlewares=authelia@docker" # Service configuration - "traefik.http.services.formio.loadbalancer.server.port=3001" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-formio" - "sablier.start-on-demand=true" formio-mongo: image: mongo:4.4 container_name: formio-mongo restart: unless-stopped networks: - homelab-network labels: - "homelab.category=utilities" - "homelab.description=Form.io database" # Bitwarden (Vaultwarden) - Password manager # Note: SSO disabled for browser extension and mobile app compatibility vaultwarden: image: vaultwarden/server:1.30.1 container_name: vaultwarden restart: no networks: - homelab-network - traefik-network ports: - "8091:80" volumes: - ./vaultwarden/data:/data environment: - DOMAIN=https://vault.${DOMAIN} - SIGNUPS_ALLOWED=${BITWARDEN_SIGNUPS_ALLOWED} - INVITATIONS_ALLOWED=${BITWARDEN_INVITATIONS_ALLOWED} - ADMIN_TOKEN=${BITWARDEN_ADMIN_TOKEN} # SMTP disabled - uncomment and configure to enable email # - SMTP_HOST=${SMTP_HOST} # - SMTP_FROM=${SMTP_FROM} # - SMTP_PORT=${SMTP_PORT} # - SMTP_SECURITY=${SMTP_SECURITY} # - SMTP_USERNAME=${SMTP_USERNAME} # - SMTP_PASSWORD=${SMTP_PASSWORD} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:80/"] interval: 30s timeout: 10s retries: 3 start_period: 30s labels: # TRAEFIK CONFIGURATION # ========================================== # Service metadata - "homelab.category=utilities" - "homelab.description=Self-hosted password manager (Bitwarden)" # Traefik reverse proxy (comment/uncomment to disable/enable) # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - "traefik.enable=true" - "traefik.http.routers.vaultwarden.rule=Host(`vault.${DOMAIN}`)" - "traefik.http.routers.vaultwarden.entrypoints=websecure" - "traefik.http.routers.vaultwarden.tls=true" - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt" # SSO disabled for browser extension and mobile app compatibility # - "traefik.http.routers.vaultwarden.middlewares=authelia@docker" - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" # Sablier configuration - "sablier.enable=true" - "sablier.group=jasper-vaultwarden" - "sablier.start-on-demand=true" # Authelia Redis - Session storage for Authelia # No web UI - backend service # authelia-redis: # image: redis:7-alpine # container_name: authelia-redis # restart: unless-stopped # networks: # - homelab-network # volumes: # - authelia-redis-data:/data # command: redis-server --save 60 1 --loglevel warning # labels: # - homelab.category=utilities # - homelab.description=Session storage for Authelia volumes: backrest-cache: null formio-mongo-data: null authelia-redis-data: null networks: homelab-network: external: true traefik-network: external: true x-dockge: urls: - https://backrest.${DOMAIN} - https://192.168.4.4:9898 - https://duplicati.${DOMAIN} - https://192.168.4.4:8200 - https://forms.${DOMAIN} - https://192.168.4.4:3002 - https://vault.${DOMAIN} - https://192.168.4.4:8091