kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3d5979b5f14ac22c4b7ab398acece71e882b6a95
EZ-Homelab/docker-compose/alternatives/docker-compose.yml
Kelin 3d5979b5f1 Implement fixes from test results 
- Update Docker install to use curl method
- Rename ADMIN_PASSWORD to AUTHELIA_ADMIN_PASSWORD
- Fix Authelia password hash generation (remove grep, no quotes)
- Revert compose labels to single quotes
- Ensure users_database.yml has unquoted password placeholder
2026-02-02 20:59:07 -05:00

233 lines
8.0 KiB
YAML
Raw Blame History

# Alternative Services Stack
# This stack contains alternative/optional services that are not deployed by default
# RESTART POLICY GUIDE:
# - unless-stopped: Core infrastructure services that should always run
# - no: Services with Sablier lazy loading (start on-demand)
# - See individual service comments for specific reasoning
services:
# Portainer - Docker management UI (Alternative to Dockge)
# Docker management interface should always run when deployed
portainer:
image: portainer/portainer-ce:2.19.4
container_name: portainer
restart: unless-stopped
networks:
- homelab-network
- traefik-network
ports:
- "9000:9000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data
security_opt:
- no-new-privileges:true
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- 'homelab.category=alternatives"
- 'homelab.description=Docker container management UI (Alternative to Dockge)"
- 'traefik.enable=true"
- 'traefik.docker.network=traefik-network"
- 'traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)"
- 'traefik.http.routers.portainer.entrypoints=websecure"
- 'traefik.http.routers.portainer.tls.certresolver=letsencrypt"
- 'traefik.http.routers.portainer.middlewares=authelia@docker"
- 'traefik.http.services.portainer.loadbalancer.server.port=9000"
# Authentik - Alternative SSO/Identity Provider with Web UI
# Access at: https://authentik.${DOMAIN}
# NOTE: Authelia is the default SSO. Deploy Authentik only if you need a web UI for user management
# WARNING: Do not run both Authelia and Authentik at the same time
# SSO service should always run when deployed as alternative to Authelia
authentik-server:
image: ghcr.io/goauthentik/server:2024.2.0
container_name: authentik-server
restart: unless-stopped
command: server
networks:
- homelab-network
- traefik-network
ports:
- "9000:9000"
volumes:
- /opt/stacks/authentik/media:/media
- /opt/stacks/authentik/custom-templates:/templates
environment:
- AUTHENTIK_REDIS__HOST=authentik-redis
- AUTHENTIK_POSTGRESQL__HOST=authentik-db
- AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_DB_USER}
- AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DB_NAME}
- AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_DB_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_ERROR_REPORTING__ENABLED=false
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- 'homelab.category=alternatives"
- 'homelab.description=SSO/Identity provider with web UI (Alternative to Authelia)"
- 'traefik.enable=true"
- 'traefik.docker.network=traefik-network"
- 'traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)"
- 'traefik.http.routers.authentik.entrypoints=websecure"
- 'traefik.http.routers.authentik.tls.certresolver=letsencrypt"
- 'traefik.http.routers.authentik.middlewares=authelia@docker"
- 'traefik.http.services.authentik.loadbalancer.server.port=9000"
depends_on:
- authentik-db
- authentik-redis
# Authentik Worker - Background task processor
# SSO background worker should always run when Authentik is deployed
authentik-worker:
image: ghcr.io/goauthentik/server:2024.2.0
container_name: authentik-worker
restart: unless-stopped
command: worker
networks:
- homelab-network
volumes:
- /opt/stacks/authentik/media:/media
- /opt/stacks/authentik/certs:/certs
- /opt/stacks/authentik/custom-templates:/templates
environment:
- AUTHENTIK_REDIS__HOST=authentik-redis
- AUTHENTIK_POSTGRESQL__HOST=authentik-db
- AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_DB_USER}
- AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DB_NAME}
- AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_DB_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_ERROR_REPORTING__ENABLED=false
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- 'homelab.category=alternatives"
- 'homelab.description=Authentik background worker"
depends_on:
- authentik-db
- authentik-redis
# Authentik Database - PostgreSQL
# Database must always run for Authentik to function
authentik-db:
image: postgres:16-alpine
container_name: authentik-db
restart: unless-stopped
networks:
- homelab-network
volumes:
- authentik-db-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${AUTHENTIK_DB_USER}
- POSTGRES_PASSWORD=${AUTHENTIK_DB_PASSWORD}
- POSTGRES_DB=${AUTHENTIK_DB_NAME}
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- 'homelab.category=alternatives"
- 'homelab.description=Authentik database"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${AUTHENTIK_DB_USER}"]
interval: 10s
timeout: 5s
retries: 5
# Authentik Redis - Cache and message queue
# Cache service must always run for Authentik performance
authentik-redis:
image: redis:7-alpine
container_name: authentik-redis
restart: unless-stopped
networks:
- homelab-network
volumes:
- authentik-redis-data:/data
command: --save 60 1 --loglevel warning
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- 'homelab.category=alternatives"
- 'homelab.description=Authentik cache and messaging"
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
interval: 10s
timeout: 3s
retries: 5
# Plex Media Server - Alternative to Jellyfin
# NOTE: No Authelia - allows app access from Roku, Fire TV, mobile, etc.
plex:
image: plexinc/pms-docker:1.40.0.7998-f68041501
container_name: plex
restart: unless-stopped
networks:
- homelab-network
- homelab-network
- traefik-network
ports:
- "32400:32400"
volumes:
- ./plex/config:/config
- /mnt/media:/media:ro # Large media files on separate drive
- plex-transcode:/transcode
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- PLEX_CLAIM=${PLEX_CLAIM}
# Hardware transcoding support
# Uncomment ONE of the following options:
# Option 1: Intel QuickSync (most common)
# devices:
# - /dev/dri:/dev/dri
# Option 2: NVIDIA GPU (requires nvidia-container-toolkit installed)
# runtime: nvidia
# devices:
# - /dev/nvidia0:/dev/nvidia0
# - /dev/nvidiactl:/dev/nvidiactl
# - /dev/nvidia-modeset:/dev/nvidia-modeset
# - /dev/nvidia-uvm:/dev/nvidia-uvm
# - /dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools
# environment:
# - NVIDIA_VISIBLE_DEVICES=all
# - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- 'homelab.category=alternatives"
- 'homelab.description=Alternative media streaming server to Jellyfin"
# Traefik labels - NO Authelia for app access
- 'traefik.enable=true"
- 'traefik.docker.network=traefik-network"
- 'traefik.http.routers.plex.rule=Host(`plex.${DOMAIN}`)"
- 'traefik.http.routers.plex.entrypoints=websecure"
- 'traefik.http.routers.plex.tls.certresolver=letsencrypt"
- 'traefik.http.services.plex.loadbalancer.server.port=32400"
- "x-dockge.url=https://plex.${DOMAIN}"
- "x-dockge.url=https://plex.${DOMAIN}"
volumes:
portainer-data:
driver: local
authentik-db-data:
driver: local
authentik-redis-data:
driver: local
plex-transcode:
driver: local
networks:
homelab-network:
external: true
traefik-network:
external: true
Reference in New Issue View Git Blame Copy Permalink