3d5979b5f1
- Update Docker install to use curl method - Rename ADMIN_PASSWORD to AUTHELIA_ADMIN_PASSWORD - Fix Authelia password hash generation (remove grep, no quotes) - Revert compose labels to single quotes - Ensure users_database.yml has unquoted password placeholder
336 lines
10 KiB
YAML
336 lines
10 KiB
YAML
# Productivity and Content Management Services
|
|
# SABLIER SESSION DURATION: Set to 5m for testing. Increase to 30m for production in config-templates/traefik/dynamic/sablier.yml
|
|
# RESTART POLICY GUIDE:
|
|
# - unless-stopped: Core infrastructure services that should always run
|
|
# - no: Services with Sablier lazy loading (start on-demand)
|
|
# - See individual service comments for specific reasoning
|
|
|
|
services:
|
|
# Nextcloud - File sync and collaboration
|
|
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
|
|
nextcloud:
|
|
image: nextcloud:28
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.5'
|
|
memory: 1G
|
|
pids: 2048
|
|
reservations:
|
|
cpus: '0.75'
|
|
memory: 512M
|
|
container_name: nextcloud
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "8089:80"
|
|
volumes:
|
|
- ./nextcloud/html:/var/www/html
|
|
- /mnt/nextcloud-data:/var/www/html/data # Large data on separate drive
|
|
environment:
|
|
- MYSQL_HOST=nextcloud-db
|
|
- MYSQL_DATABASE=nextcloud
|
|
- MYSQL_USER=nextcloud
|
|
- MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
|
|
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
|
|
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
|
|
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.${DOMAIN}
|
|
- TRUSTED_PROXIES=172.18.0.0/16
|
|
- OVERWRITEPROTOCOL=https
|
|
- OVERWRITEHOST=nextcloud.${DOMAIN}
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost/status.php"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
depends_on:
|
|
- nextcloud-db
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# Service metadata
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=File sync and collaboration"
|
|
- 'traefik.enable=true"
|
|
- 'traefik.docker.network=traefik-network"
|
|
# Router configuration
|
|
- 'traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)"
|
|
- 'traefik.http.routers.nextcloud.entrypoints=websecure"
|
|
- 'traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
|
|
- 'traefik.http.routers.nextcloud.middlewares=authelia@docker"
|
|
# Service configuration
|
|
- 'traefik.http.services.nextcloud.loadbalancer.server.port=8089"
|
|
# Sablier configuration
|
|
- "sablier.enable=true"
|
|
- "sablier.group=jasper-nextcloud"
|
|
- "sablier.start-on-demand=true"
|
|
|
|
nextcloud-db:
|
|
image: mariadb:10.11
|
|
container_name: nextcloud-db
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
volumes:
|
|
- nextcloud-db-data:/var/lib/mysql
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
|
|
- MYSQL_DATABASE=nextcloud
|
|
- MYSQL_USER=nextcloud
|
|
- MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
|
|
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
|
|
labels:
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=Nextcloud database"
|
|
|
|
# Mealie - Recipe manager
|
|
mealie:
|
|
image: ghcr.io/mealie-recipes/mealie:latest
|
|
container_name: mealie
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "9000:9000"
|
|
volumes:
|
|
- ./mealie/data:/app/data
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=America/New_York
|
|
- BASE_URL=https://mealie.${DOMAIN}
|
|
- DB_ENGINE=sqlite
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# Service metadata
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=Recipe manager and meal planner"
|
|
- 'traefik.enable=true"
|
|
- 'traefik.docker.network=traefik-network"
|
|
# Router configuration
|
|
- 'traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)"
|
|
- 'traefik.http.routers.mealie.entrypoints=websecure"
|
|
- 'traefik.http.routers.mealie.tls.certresolver=letsencrypt"
|
|
- 'traefik.http.routers.mealie.middlewares=authelia@docker"
|
|
# Service configuration
|
|
- 'traefik.http.services.mealie.loadbalancer.server.port=9000"
|
|
# Sablier configuration
|
|
- "sablier.enable=true"
|
|
- "sablier.group=jasper-mealie"
|
|
- "sablier.start-on-demand=true"
|
|
|
|
# WordPress - Blog/website platform
|
|
wordpress:
|
|
image: wordpress:latest
|
|
container_name: wordpress
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "8088:80"
|
|
volumes:
|
|
- ./wordpress/html:/var/www/html
|
|
environment:
|
|
- WORDPRESS_DB_HOST=wordpress-db
|
|
- WORDPRESS_DB_USER=wordpress
|
|
- WORDPRESS_DB_PASSWORD=${WORDPRESS_DB_PASSWORD}
|
|
- WORDPRESS_DB_NAME=wordpress
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost/"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
depends_on:
|
|
- wordpress-db
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# Service metadata
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=Blog and website platform"
|
|
- 'traefik.enable=true"
|
|
- 'traefik.docker.network=traefik-network"
|
|
# Router configuration
|
|
- 'traefik.http.routers.wordpress.rule=Host(`wordpress.${DOMAIN}`)"
|
|
- 'traefik.http.routers.wordpress.entrypoints=websecure"
|
|
- 'traefik.http.routers.wordpress.tls.certresolver=letsencrypt"
|
|
- 'traefik.http.routers.wordpress.middlewares=authelia@docker"
|
|
# Service configuration
|
|
- 'traefik.http.services.wordpress.loadbalancer.server.port=8088"
|
|
# Sablier configuration
|
|
- "sablier.enable=true"
|
|
- "sablier.group=jasper-wordpress"
|
|
- "sablier.start-on-demand=true"
|
|
|
|
wordpress-db:
|
|
image: mariadb:10.11
|
|
container_name: wordpress-db
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
volumes:
|
|
- wordpress-db-data:/var/lib/mysql
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=${WORDPRESS_DB_ROOT_PASSWORD}
|
|
- MYSQL_DATABASE=wordpress
|
|
- MYSQL_USER=wordpress
|
|
- MYSQL_PASSWORD=${WORDPRESS_DB_PASSWORD}
|
|
labels:
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=WordPress database"
|
|
|
|
# Gitea - Self-hosted Git service
|
|
gitea:
|
|
image: gitea/gitea:latest
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.50'
|
|
memory: 256M
|
|
pids: 512
|
|
reservations:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
container_name: gitea
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "3010:3000"
|
|
volumes:
|
|
- ./gitea/data:/data
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
- USER_UID=1000
|
|
- USER_GID=1000
|
|
- GITEA__database__DB_TYPE=postgres
|
|
- GITEA__database__HOST=gitea-db:5432
|
|
- GITEA__database__NAME=gitea
|
|
- GITEA__database__USER=gitea
|
|
- GITEA__database__PASSWD=${GITEA_DB_PASSWORD}
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:3000/"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
depends_on:
|
|
- gitea-db
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# Service metadata
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=Self-hosted Git service"
|
|
- 'traefik.enable=true"
|
|
- 'traefik.docker.network=traefik-network"
|
|
# Router configuration
|
|
- 'traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
|
|
- 'traefik.http.routers.gitea.entrypoints=websecure"
|
|
- 'traefik.http.routers.gitea.tls.certresolver=letsencrypt"
|
|
- 'traefik.http.routers.gitea.middlewares=authelia@docker"
|
|
# Service configuration
|
|
- 'traefik.http.services.gitea.loadbalancer.server.port=3010"
|
|
# Sablier configuration
|
|
- "sablier.enable=true"
|
|
- "sablier.group=jasper-gitea"
|
|
- "sablier.start-on-demand=true"
|
|
|
|
gitea-db:
|
|
image: postgres:14-alpine
|
|
container_name: gitea-db
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
volumes:
|
|
- gitea-db-data:/var/lib/postgresql/data
|
|
environment:
|
|
- POSTGRES_USER=gitea
|
|
- POSTGRES_PASSWORD=${GITEA_DB_PASSWORD}
|
|
- POSTGRES_DB=gitea
|
|
labels:
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=Gitea database"
|
|
|
|
|
|
# Jupyter Lab - Interactive computing notebooks
|
|
# Token displayed in logs on first start
|
|
jupyter:
|
|
image: jupyter/scipy-notebook:latest
|
|
container_name: jupyter
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "8890:8888"
|
|
volumes:
|
|
- ./config/jupyter:/home/jovyan/work
|
|
environment:
|
|
- JUPYTER_ENABLE_LAB=yes
|
|
- GRANT_SUDO=yes
|
|
user: root
|
|
command: start-notebook.sh --NotebookApp.token='${JUPYTER_TOKEN}'
|
|
# Uncomment for GPU support (NVIDIA, requires nvidia-container-toolkit)
|
|
# runtime: nvidia
|
|
# devices:
|
|
# - /dev/nvidia0:/dev/nvidia0
|
|
# - /dev/nvidiactl:/dev/nvidiactl
|
|
# Add these to environment above:
|
|
# - NVIDIA_VISIBLE_DEVICES=all
|
|
# - NVIDIA_DRIVER_CAPABILITIES=compute,utility
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# ==========================================
|
|
# Service metadata
|
|
- 'homelab.category=productivity"
|
|
- 'homelab.description=Jupyter Lab for data science and ML"
|
|
# Traefik reverse proxy (comment/uncomment to disable/enable)
|
|
# If Traefik is on a remote server: these labels are NOT USED;
|
|
# configure external yml files in /traefik/dynamic folder instead.
|
|
- 'traefik.enable=true"
|
|
- 'traefik.docker.network=traefik-network"
|
|
- 'traefik.http.routers.jupyter.rule=Host(`jupyter.${DOMAIN}`)"
|
|
- 'traefik.http.routers.jupyter.entrypoints=websecure"
|
|
- 'traefik.http.routers.jupyter.tls.certresolver=letsencrypt"
|
|
- 'traefik.http.routers.jupyter.middlewares=authelia@docker"
|
|
- 'traefik.http.services.jupyter.loadbalancer.server.port=8890"
|
|
# Sablier configuration
|
|
- "sablier.enable=true"
|
|
- "sablier.group=jasper-jupyter"
|
|
- "sablier.start-on-demand=true"
|
|
|
|
volumes:
|
|
nextcloud-db-data:
|
|
wordpress-db-data:
|
|
gitea-db-data:
|
|
|
|
networks:
|
|
homelab-network:
|
|
external: true
|
|
traefik-network:
|
|
external: true
|
|
|
|
x-dockge:
|
|
urls:
|
|
# Proxied URLs (through Traefik)
|
|
- https://nextcloud.${DOMAIN}
|
|
- https://192.168.4.4:8089
|
|
- https://mealie.${DOMAIN}
|
|
- https://192.168.4.4:9000
|
|
- https://wordpress.${DOMAIN}
|
|
- https://192.168.4.4:8088
|
|
- https://gitea.${DOMAIN}
|
|
- https://192.168.4.4:3010
|
|
- https://jupyter.${DOMAIN}
|
|
- https://192.168.4.4:8890
|