diff --git a/docker/pi5/20250926_docker-compose .yaml b/docker/pi5/20250926_docker-compose .yaml new file mode 100755 index 0000000..eaea157 --- /dev/null +++ b/docker/pi5/20250926_docker-compose .yaml @@ -0,0 +1,353 @@ +--- +services: + harborguard: + image: ghcr.io/harborguard/harborguard:latest + container_name: harborguard + environment: + - MAX_CONCURRENT_SCANS=1 + - SCAN_TIMEOUT_MINUTES=15 + - ENABLED_SCANNERS=trivy,grype + - LOG_LEVEL=error + - CLEANUP_OLD_SCANS_DAYS=7 + ports: + - 3000:3000 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + + foundryvtt: + image: felddy/foundryvtt:release + environment: + - FOUNDRY_USERNAME=${FOUNDRY_USERNAME} + - FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD} + - UID=1000 + - GID=1000 + ports: + - "30000:30000/tcp" + volumes: + - /config/foundry-data:/data + env_file: + - path: .env + required: true + + dashy: + image: lissy93/dashy + container_name: Dashy + volumes: + - /config/dashy/:/app/user-data/ + ports: + - 8083:8080 + # Set any environmental variables + environment: + - NODE_ENV=production + - UID=1000 + - GID=1000 + restart: unless-stopped + healthcheck: + test: ['CMD', 'node', '/app/services/healthcheck'] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s + + pihole: + container_name: pihole + image: pihole/pihole:latest + ports: + # DNS Ports + - "53:53/tcp" + - "53:53/udp" + # Default HTTP Port + - "80:80/tcp" + # Default HTTPs Port. FTL will generate a self-signed certificate + - "443:443/tcp" + # Uncomment the below if using Pi-hole as your DHCP Server + #- "67:67/udp" + # Uncomment the line below if you are using Pi-hole as your NTP server + #- "123:123/udp" + environment: + # Set the appropriate timezone for your location from + # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g: + TZ: 'Europe/Paris' + # Set a password to access the web interface. Not setting one will result in a random password being assigned + FTLCONF_webserver_api_password: 'correct horse battery staple' + # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all' + FTLCONF_dns_listeningMode: 'all' + # Volumes store your data between container upgrades + volumes: + # For persisting Pi-hole's databases and common configuration file + - '/config/etc-pihole:/etc/pihole' + # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true' + #- './etc-dnsmasq.d:/etc/dnsmasq.d' + cap_add: + # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # Required if you are using Pi-hole as your DHCP server, else not needed + - NET_ADMIN + # Required if you are using Pi-hole as your NTP client to be able to set the host's system time + - SYS_TIME + # Optional, if Pi-hole should get some more processing time + - SYS_NICE + restart: unless-stopped + + portainer: + image: portainer/portainer-ce:latest + container_name: portainer + restart: unless-stopped + security_opt: + - no-new-privileges:true + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - /config/portainer-data:/data + ports: + - 9000:9000 + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: flaresolverr + environment: + - LOG_LEVEL=${LOG_LEVEL:-info} + - LOG_HTML=${LOG_HTML:-false} + - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} + - TZ=Europe/Paris + ports: + - "${PORT:-8191}:8191" + restart: unless-stopped + + prowlarr: + image: lscr.io/linuxserver/prowlarr:latest + container_name: prowlarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + volumes: + - /config/prowlarr:/config + ports: + - 9696:9696 + restart: unless-stopped + + sonarr: + image: lscr.io/linuxserver/sonarr:latest + container_name: sonarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + volumes: + - /config/sonarr:/config + - /media/Seagate/Series:/media/Seagate/Series + - /media/Seagate/Animes:/media/Seagate/Animes + - /temp:/temp + ports: + - 8989:8989 + restart: unless-stopped + + radarr: + image: lscr.io/linuxserver/radarr:latest + container_name: radarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + volumes: + - /config/radarr:/config + - /media/Seagate/Movies:/media/Seagate/Movies + - /media/Seagate/temp:/media/Seagate/temp + - /temp:/temp + ports: + - 7878:7878 + restart: unless-stopped + + gluetun: + image: qmcgaw/gluetun + container_name: gluetun + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun + env_file: + - path: .env + required: true + environment: + - VPN_SERVICE_PROVIDER=protonvpn + - VPN_TYPE=wireguard + - WIREGUARD_PRIVATE_KEY=${VPNKEY} + - SERVER_COUNTRIES=Sweden + - HTTPPROXY=on + - HTTPPROXY_LOG=on + ports: + - 8888:8888 + - 6881:6881 + - 8080:8080 + + qbit: + image: ghcr.io/linuxserver/qbittorrent + container_name: qbit + volumes: + - /temp:/temp + - /config/transmission-daemon:/config + environment: + - PUID=1000 + - PGID=1000 + network_mode: "service:gluetun" + restart: always + depends_on: + gluetun: + condition: service_healthy + restart: true + + jellyfin: + image: lscr.io/linuxserver/jellyfin:latest + container_name: jellyfin + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + - JELLYFIN_PublishedServerUrl=192.168.1.55 #optional + volumes: + - /config/jellyfin:/config + - /media/Seagate/Series:/Series + - /media/Seagate/Animes:/Animes + - /media/Seagate/Movies:/Movies + ports: + - 8096:8096 + - 8920:8920 #optional + - 7359:7359/udp #optional + - 1900:1900/udp #optional + restart: unless-stopped + + watchtower: + image: containrrr/watchtower + volumes: + - /var/run/docker.sock:/var/run/docker.sock + + immich-server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + # extends: + # file: hwaccel.transcoding.yml + # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding + volumes: + # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file + - ${UPLOAD_LOCATION}:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + env_file: + - path: .env + required: true + ports: + - '2283:2283' + depends_on: + - redis + - database + restart: always + healthcheck: + disable: false + + immich-machine-learning: + container_name: immich_machine_learning + # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag. + # Example tag: ${IMMICH_VERSION:-release}-cuda + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration + # file: hwaccel.ml.yml + # service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable + volumes: + - model-cache:/cache + env_file: + - path: .env + required: true + restart: always + healthcheck: + disable: false + + redis: + container_name: immich_redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177 + healthcheck: + test: redis-cli ping || exit 1 + restart: always + + database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0 + env_file: + - path: .env + required: true + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs + # DB_STORAGE_TYPE: 'HDD' + volumes: + # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + restart: always + + Forgejo: + image: codeberg.org/forgejo/forgejo:11 + container_name: forgejo + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + networks: + - forgejo + volumes: + - /config/forgejo:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - '3000:3000' + - '222:22' + + nginx-proxy-manager: + image: jc21/nginx-proxy-manager:latest + container_name: nginx-proxy-manager + ports: + - "80:80" + - "443:443" + - "81:81" + volumes: + - /config/nginx/data:/data + - /config/nginx/letsencrypt:/etc/letsencrypt + restart: unless-stopped + + freshrss: + image: lscr.io/linuxserver/freshrss:latest + container_name: freshrss + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - /config/freshrss/:/config + ports: + - 8082:80 + restart: unless-stopped + + vikunja: + image: vikunja/vikunja + environment: + VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJA_SERVICE_JWTSECRET} + VIKUNJA_SERVICE_PUBLICURL: https://notes.griffix.hopto.org/ + VIKUNJA_DATABASE_PATH: /db/vikunja.db + env_file: + - path: .env + required: true + ports: + - 3456:3456 + volumes: + - /config/vikunja/files:/app/vikunja/files + - /config/vikunja/db:/db + restart: unless-stopped + +networks: + forgejo: + external: false + #default: + # external: true + +volumes: + model-cache: diff --git a/docker/pi5/docker-compose.yaml b/docker/pi5/docker-compose.yaml index eaea157..76d30ff 100755 --- a/docker/pi5/docker-compose.yaml +++ b/docker/pi5/docker-compose.yaml @@ -1,18 +1,5 @@ --- services: - harborguard: - image: ghcr.io/harborguard/harborguard:latest - container_name: harborguard - environment: - - MAX_CONCURRENT_SCANS=1 - - SCAN_TIMEOUT_MINUTES=15 - - ENABLED_SCANNERS=trivy,grype - - LOG_LEVEL=error - - CLEANUP_OLD_SCANS_DAYS=7 - ports: - - 3000:3000 - volumes: - - /var/run/docker.sock:/var/run/docker.sock foundryvtt: image: felddy/foundryvtt:release @@ -29,65 +16,6 @@ services: - path: .env required: true - dashy: - image: lissy93/dashy - container_name: Dashy - volumes: - - /config/dashy/:/app/user-data/ - ports: - - 8083:8080 - # Set any environmental variables - environment: - - NODE_ENV=production - - UID=1000 - - GID=1000 - restart: unless-stopped - healthcheck: - test: ['CMD', 'node', '/app/services/healthcheck'] - interval: 1m30s - timeout: 10s - retries: 3 - start_period: 40s - - pihole: - container_name: pihole - image: pihole/pihole:latest - ports: - # DNS Ports - - "53:53/tcp" - - "53:53/udp" - # Default HTTP Port - - "80:80/tcp" - # Default HTTPs Port. FTL will generate a self-signed certificate - - "443:443/tcp" - # Uncomment the below if using Pi-hole as your DHCP Server - #- "67:67/udp" - # Uncomment the line below if you are using Pi-hole as your NTP server - #- "123:123/udp" - environment: - # Set the appropriate timezone for your location from - # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g: - TZ: 'Europe/Paris' - # Set a password to access the web interface. Not setting one will result in a random password being assigned - FTLCONF_webserver_api_password: 'correct horse battery staple' - # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all' - FTLCONF_dns_listeningMode: 'all' - # Volumes store your data between container upgrades - volumes: - # For persisting Pi-hole's databases and common configuration file - - '/config/etc-pihole:/etc/pihole' - # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true' - #- './etc-dnsmasq.d:/etc/dnsmasq.d' - cap_add: - # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities - # Required if you are using Pi-hole as your DHCP server, else not needed - - NET_ADMIN - # Required if you are using Pi-hole as your NTP client to be able to set the host's system time - - SYS_TIME - # Optional, if Pi-hole should get some more processing time - - SYS_NICE - restart: unless-stopped - portainer: image: portainer/portainer-ce:latest container_name: portainer @@ -218,6 +146,7 @@ services: watchtower: image: containrrr/watchtower + container_name: watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock @@ -329,6 +258,7 @@ services: vikunja: image: vikunja/vikunja + container_name: vikunja environment: VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJA_SERVICE_JWTSECRET} VIKUNJA_SERVICE_PUBLICURL: https://notes.griffix.hopto.org/ @@ -343,6 +273,24 @@ services: - /config/vikunja/db:/db restart: unless-stopped + glass-keep: + image: nikunjsingh/glass-keep:latest + container_name: glass-keep + restart: unless-stopped + env_file: + - path: .env + required: true + environment: + NODE_ENV: production + API_PORT: "8080" + JWT_SECRET: ${VIKUNJA_SERVICE_JWTSECRET} + DB_FILE: /app/data/notes.db + ADMIN_EMAILS: griffix + ports: + - "8380:8080" + volumes: + - /config/glass-keep:/app/data + networks: forgejo: external: false diff --git a/infra_conf/backup_pi5.sh b/infra_conf/backup_pi5.sh index 60bac0e..a5e66d7 100755 --- a/infra_conf/backup_pi5.sh +++ b/infra_conf/backup_pi5.sh @@ -2,6 +2,8 @@ DestDir="/media/Seagate/backups/pi5/config/" +docker image prune -f + echo "docker compose stop" docker compose -f /config/compose.yaml stop