f6563a67f7
- Updated core services (traefik, authelia, sablier) with standardized labels - Updated monitoring services (prometheus, grafana, cadvisor, uptime-kuma, loki) - Updated utilities services (duplicati, formio, vaultwarden) - Updated media management services (sonarr, radarr, prowlarr) - Updated homeassistant services (esphome) - Added proper TRAEFIK CONFIGURATION headers and comments - Maintained service-specific configurations (authelia middleware, vaultwarden SSO disabled)
225 lines
7.5 KiB
YAML
225 lines
7.5 KiB
YAML
# Home Assistant and IoT Services
|
|
# Home automation platform and related tools
|
|
# Place in /opt/stacks/homeassistant/docker-compose.yml
|
|
|
|
# Service Access URLs:
|
|
# - Home Assistant: https://ha.${DOMAIN} (configure via Traefik file provider - uses host network)
|
|
# - ESPHome: https://esphome.${DOMAIN}
|
|
# - Node-RED: https://nodered.${DOMAIN}
|
|
# - Mosquitto MQTT: mqtt://server-ip:1883 (no web UI)
|
|
# - Zigbee2MQTT: https://zigbee2mqtt.${DOMAIN} (requires USB adapter)
|
|
|
|
services:
|
|
# Home Assistant - Home automation platform
|
|
# Access at: https://ha.${DOMAIN}
|
|
# NOTE: No Authelia - HA has its own authentication
|
|
homeassistant:
|
|
image: ghcr.io/home-assistant/home-assistant:2024.1
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.5'
|
|
memory: 1G
|
|
pids: 2048
|
|
reservations:
|
|
cpus: '0.75'
|
|
memory: 512M
|
|
container_name: homeassistant
|
|
restart: unless-stopped
|
|
network_mode: host # Required for device discovery
|
|
volumes:
|
|
- ./homeassistant/config:/config
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
- TZ=${TZ}
|
|
privileged: true
|
|
labels:
|
|
- "homelab.category=iot"
|
|
- "homelab.description=Home automation platform"
|
|
# Note: network_mode: host means Traefik can't proxy this directly
|
|
# Use Traefik's file provider or external host routing
|
|
|
|
# ESPHome - ESP8266/ESP32 firmware manager
|
|
# Access at: https://esphome.${DOMAIN}
|
|
esphome:
|
|
image: ghcr.io/esphome/esphome:latest
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.50'
|
|
memory: 256M
|
|
pids: 512
|
|
reservations:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
container_name: esphome
|
|
restart: unless-stopped
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "6052:6052"
|
|
volumes:
|
|
- ./esphome/config:/config
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
- TZ=${TZ}
|
|
- ESPHOME_DASHBOARD_USE_PING=true
|
|
privileged: true # For USB device access
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# ==========================================
|
|
# Service metadata
|
|
- "homelab.category=iot"
|
|
- "homelab.description=ESP8266/ESP32 firmware manager"
|
|
# Traefik reverse proxy (comment/uncomment to disable/enable)
|
|
# If Traefik is on a remote server: these labels are NOT USED;
|
|
# configure external yml files in /traefik/dynamic folder instead.
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)"
|
|
- "traefik.http.routers.esphome.entrypoints=websecure"
|
|
- "traefik.http.routers.esphome.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.esphome.middlewares=authelia@docker"
|
|
- "traefik.http.services.esphome.loadbalancer.server.port=6052"
|
|
|
|
# TasmoAdmin - Tasmota device manager
|
|
# Access at: https://tasmoadmin.${DOMAIN}
|
|
tasmoadmin:
|
|
image: ghcr.io/tasmoadmin/tasmoadmin:latest
|
|
container_name: tasmoadmin
|
|
restart: unless-stopped
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "80:80"
|
|
volumes:
|
|
- /opt/stacks/tasmoadmin/data:/data
|
|
environment:
|
|
- TZ=${TZ}
|
|
labels:
|
|
- "homelab.category=iot"
|
|
- "homelab.description=Tasmota device management"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)"
|
|
- "traefik.http.routers.tasmoadmin.entrypoints=websecure"
|
|
- "traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.tasmoadmin.middlewares=authelia@docker"
|
|
- "traefik.http.services.tasmoadmin.loadbalancer.server.port=80"
|
|
|
|
# MotionEye - Video surveillance
|
|
# Access at: https://motioneye.${DOMAIN}
|
|
motioneye:
|
|
image: ccrisan/motioneye:master-amd64
|
|
container_name: motioneye
|
|
restart: unless-stopped
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "8765:8765" # Optional: direct access
|
|
volumes:
|
|
- ./$(basename $file .yml)/config:/etc/motioneye
|
|
- /mnt/surveillance:/var/lib/motioneye # Large video files on separate drive
|
|
environment:
|
|
- TZ=${TZ}
|
|
labels:
|
|
- "homelab.category=iot"
|
|
- "homelab.description=Video surveillance system"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)"
|
|
- "traefik.http.routers.motioneye.entrypoints=websecure"
|
|
- "traefik.http.routers.motioneye.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.motioneye.middlewares=authelia@docker"
|
|
- "traefik.http.services.motioneye.loadbalancer.server.port=8765"
|
|
|
|
# Node-RED - Flow-based automation (Home Assistant addon alternative)
|
|
# Access at: https://nodered.${DOMAIN}
|
|
nodered:
|
|
image: nodered/node-red:latest
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.50'
|
|
memory: 256M
|
|
pids: 512
|
|
reservations:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
container_name: nodered
|
|
restart: unless-stopped
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- "1880:1880"
|
|
volumes:
|
|
- /opt/stacks/nodered/data:/data
|
|
environment:
|
|
- TZ=${TZ}
|
|
labels:
|
|
- "homelab.category=iot"
|
|
- "homelab.description=Flow-based automation programming"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)"
|
|
- "traefik.http.routers.nodered.entrypoints=websecure"
|
|
- "traefik.http.routers.nodered.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.nodered.middlewares=authelia@docker"
|
|
- "traefik.http.services.nodered.loadbalancer.server.port=1880"
|
|
|
|
# Mosquitto - MQTT broker (Home Assistant addon alternative)
|
|
# Used by: Home Assistant, ESPHome, Tasmota devices
|
|
mosquitto:
|
|
image: eclipse-mosquitto:latest
|
|
container_name: mosquitto
|
|
restart: unless-stopped
|
|
networks:
|
|
- homelab-network
|
|
ports:
|
|
- "1883:1883" # MQTT
|
|
- "9001:9001" # Websockets
|
|
volumes:
|
|
- ./mosquitto/config:/mosquitto/config
|
|
- ./mosquitto/data:/mosquitto/data
|
|
- ./mosquitto/log:/mosquitto/log
|
|
labels:
|
|
- "homelab.category=iot"
|
|
- "homelab.description=MQTT message broker"
|
|
|
|
# Zigbee2MQTT - Zigbee to MQTT bridge (DISABLED - requires USB adapter)
|
|
# Access at: https://zigbee2mqtt.${DOMAIN}
|
|
# NOTE: Requires USB Zigbee adapter (e.g., ConBee II, Sonoff ZBDongle)
|
|
# Uncomment after connecting adapter
|
|
# zigbee2mqtt:
|
|
# image: koenkk/zigbee2mqtt:1.35.1
|
|
# container_name: zigbee2mqtt
|
|
# restart: unless-stopped
|
|
# networks:
|
|
# - homelab-network
|
|
# - traefik-network
|
|
# volumes:
|
|
# - ./zigbee2mqtt/data:/app/data
|
|
# - /run/udev:/run/udev:ro
|
|
# # Uncomment and adjust device path after connecting USB adapter:
|
|
# # devices:
|
|
# # - /dev/ttyACM0:/dev/ttyACM0 # Adjust based on your adapter
|
|
# # Common paths: /dev/ttyACM0, /dev/ttyUSB0, /dev/serial/by-id/...
|
|
# # Run 'ls -l /dev/serial/by-id/' to find your adapter
|
|
# environment:
|
|
# - TZ=${TZ}
|
|
# labels:
|
|
# - "homelab.category=iot"
|
|
# - "homelab.description=Zigbee to MQTT bridge"
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)"
|
|
# - "traefik.http.routers.zigbee2mqtt.entrypoints=websecure"
|
|
# - "traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt"
|
|
# - "traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker"
|
|
# - "traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080"
|
|
|
|
networks:
|
|
homelab-network:
|
|
external: true
|
|
traefik-network:
|
|
external: true
|