kelin
363530f395
- Replace hardcoded paths with variables: STACKS_DIR, PROJECTS_DIR, MEDIA_DIR, DOWNLOAD_DIR - Update .env.example with new variable definitions - Remove unused .template files - Enable configurable directory paths for stacks, media, and downloads
226 lines
7.4 KiB
YAML
226 lines
7.4 KiB
YAML
# Backup and Utility Services
|
|
# RESTART POLICY GUIDE:
|
|
# - unless-stopped: Core infrastructure services that should always run
|
|
# - no: Services with Sablier lazy loading (start on-demand)
|
|
# - See individual service comments for specific reasoning
|
|
|
|
services:
|
|
# Backrest - Backup solution for restic
|
|
# Uses Sablier lazy loading - starts on-demand, stops after 5min inactivity
|
|
backrest:
|
|
image: garethgeorge/backrest:latest
|
|
container_name: backrest
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- '9898:9898'
|
|
volumes:
|
|
- ./backrest/data:/data
|
|
- ./backrest/config:/config
|
|
- ${STACKS_DIR}:${STACKS_DIR}:ro # Backup source
|
|
- /mnt:/mnt:ro # Backup additional drives
|
|
- ./backrest/cache:/cache
|
|
environment:
|
|
- BACKREST_DATA=/data
|
|
- BACKREST_CONFIG=/config/config.json
|
|
- TZ=${TZ}
|
|
healthcheck:
|
|
test: ['CMD', 'wget', '--quiet', '--tries=1', '--spider', 'http://localhost:9898/']
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# Service metadata
|
|
- 'com.centurylinklabs.watchtower.enable=true'
|
|
- 'homelab.category=utilities'
|
|
- 'homelab.description=Backup management with restic'
|
|
- 'traefik.enable=true'
|
|
- 'traefik.docker.network=traefik-network'
|
|
# Router configuration
|
|
- 'traefik.http.routers.backrest.rule=Host(`backrest.${DOMAIN}`)'
|
|
- 'traefik.http.routers.backrest.entrypoints=websecure'
|
|
- 'traefik.http.routers.backrest.tls.certresolver=letsencrypt'
|
|
- 'traefik.http.routers.backrest.middlewares=authelia@docker'
|
|
# Service configuration
|
|
- 'traefik.http.services.backrest.loadbalancer.server.port=9898'
|
|
# Sablier configuration
|
|
- 'sablier.enable=true'
|
|
- 'sablier.group=jasper-backrest'
|
|
- 'sablier.start-on-demand=true'
|
|
|
|
# Duplicati - Backup solution
|
|
duplicati:
|
|
image: lscr.io/linuxserver/duplicati:2.0.7
|
|
container_name: duplicati
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- '8200:8200'
|
|
volumes:
|
|
- ./duplicati/config:/config
|
|
- ${STACKS_DIR}:${STACKS_DIR}:ro
|
|
- /mnt:/source/mnt:ro
|
|
- /mnt/backups:/backups
|
|
environment:
|
|
- PUID=${PUID}
|
|
- PGID=${PGID}
|
|
- TZ=${TZ}
|
|
healthcheck:
|
|
test: ['CMD', 'curl', '-f', 'http://localhost:8200/']
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# Service metadata
|
|
- 'com.centurylinklabs.watchtower.enable=true'
|
|
- 'homelab.category=utilities'
|
|
- 'homelab.description=Backup software with encryption'
|
|
- 'traefik.enable=true'
|
|
- 'traefik.docker.network=traefik-network'
|
|
# Router configuration
|
|
- 'traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)'
|
|
- 'traefik.http.routers.duplicati.entrypoints=websecure'
|
|
- 'traefik.http.routers.duplicati.tls.certresolver=letsencrypt'
|
|
- 'traefik.http.routers.duplicati.middlewares=authelia@docker'
|
|
# Service configuration
|
|
- 'traefik.http.services.duplicati.loadbalancer.server.port=8200'
|
|
# Sablier configuration
|
|
- 'sablier.enable=true'
|
|
- 'sablier.group=jasper-duplicati'
|
|
- 'sablier.start-on-demand=true'
|
|
|
|
# Form.io - Form builder
|
|
# Uncomment and configure if formio/formio image becomes available
|
|
formio:
|
|
image: calipseo/formio:latest
|
|
container_name: formio
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- '3002:3001'
|
|
environment:
|
|
- MONGO=mongodb://formio-mongo:27017/formio
|
|
- JWT_SECRET=${FORMIO_JWT_SECRET}
|
|
- DB_SECRET=${FORMIO_DB_SECRET}
|
|
healthcheck:
|
|
test: ['CMD', 'wget', '--quiet', '--tries=1', '--spider', 'http://localhost:3001/']
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
depends_on:
|
|
- formio-mongo
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# ==========================================
|
|
# Service metadata
|
|
- 'com.centurylinklabs.watchtower.enable=true'
|
|
- 'homelab.category=utilities'
|
|
- 'homelab.description=Form builder platform'
|
|
# Traefik labels
|
|
- 'traefik.enable=true'
|
|
# Router configuration
|
|
- 'traefik.http.routers.formio.rule=Host(`forms.${DOMAIN}`)'
|
|
- 'traefik.http.routers.formio.entrypoints=websecure'
|
|
- 'traefik.http.routers.formio.tls.certresolver=letsencrypt'
|
|
- 'traefik.http.routers.formio.middlewares=authelia@docker'
|
|
# Service configuration
|
|
- 'traefik.http.services.formio.loadbalancer.server.port=3001'
|
|
# Sablier configuration
|
|
- 'sablier.enable=true'
|
|
- 'sablier.group=jasper-formio'
|
|
- 'sablier.start-on-demand=true'
|
|
|
|
formio-mongo:
|
|
image: mongo:4.4
|
|
container_name: formio-mongo
|
|
restart: unless-stopped
|
|
networks:
|
|
- homelab-network
|
|
labels:
|
|
- 'homelab.category=utilities'
|
|
- 'homelab.description=Form.io database'
|
|
|
|
# Vaultwarden - Password manager
|
|
# Note: SSO disabled for browser extension and mobile app compatibility
|
|
|
|
vaultwarden:
|
|
image: vaultwarden/server:1.30.1
|
|
container_name: vaultwarden
|
|
restart: no
|
|
networks:
|
|
- homelab-network
|
|
- traefik-network
|
|
ports:
|
|
- '8091:80'
|
|
volumes:
|
|
- ./vaultwarden/data:/data
|
|
environment:
|
|
- DOMAIN=https://vault.${DOMAIN}
|
|
- SIGNUPS_ALLOWED=${BITWARDEN_SIGNUPS_ALLOWED}
|
|
- INVITATIONS_ALLOWED=${BITWARDEN_INVITATIONS_ALLOWED}
|
|
- ADMIN_TOKEN=${BITWARDEN_ADMIN_TOKEN}
|
|
# SMTP disabled - uncomment and configure to enable email
|
|
# - SMTP_HOST=${SMTP_HOST}
|
|
# - SMTP_FROM=${SMTP_FROM}
|
|
# - SMTP_PORT=${SMTP_PORT}
|
|
# - SMTP_SECURITY=${SMTP_SECURITY}
|
|
# - SMTP_USERNAME=${SMTP_USERNAME}
|
|
# - SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
healthcheck:
|
|
test: ['CMD', 'curl', '-f', 'http://localhost:80/']
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
labels:
|
|
# TRAEFIK CONFIGURATION
|
|
# ==========================================
|
|
# Service metadata
|
|
- 'homelab.category=utilities'
|
|
- 'homelab.description=Self-hosted password manager (Bitwarden)'
|
|
# Traefik reverse proxy (comment/uncomment to disable/enable)
|
|
# If Traefik is on a remote server: these labels are NOT USED;
|
|
# configure external yml files in /traefik/dynamic folder instead.
|
|
- 'traefik.enable=true'
|
|
- 'traefik.http.routers.vaultwarden.rule=Host(`vault.${DOMAIN}`)'
|
|
- 'traefik.http.routers.vaultwarden.entrypoints=websecure'
|
|
- 'traefik.http.routers.vaultwarden.tls=true'
|
|
- 'traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt'
|
|
# SSO disabled for browser extension and mobile app compatibility
|
|
# - 'traefik.http.routers.vaultwarden.middlewares=authelia@docker'
|
|
- 'traefik.http.services.vaultwarden.loadbalancer.server.port=80'
|
|
# Sablier configuration
|
|
- 'sablier.enable=true'
|
|
- 'sablier.group=jasper-vaultwarden'
|
|
- 'sablier.start-on-demand=true'
|
|
|
|
volumes:
|
|
formio-mongo-data: null
|
|
|
|
networks:
|
|
homelab-network:
|
|
external: true
|
|
traefik-network:
|
|
external: true
|
|
|
|
x-dockge:
|
|
urls:
|
|
- https://backrest.${DOMAIN}
|
|
- https://192.168.4.4:9898
|
|
- https://duplicati.${DOMAIN}
|
|
- https://192.168.4.4:8200
|
|
- https://forms.${DOMAIN}
|
|
- https://192.168.4.4:3002
|
|
- https://vault.${DOMAIN}
|
|
- https://192.168.4.4:8091 |