353 lines
10 KiB
YAML
Executable file
353 lines
10 KiB
YAML
Executable file
---
|
|
services:
|
|
harborguard:
|
|
image: ghcr.io/harborguard/harborguard:latest
|
|
container_name: harborguard
|
|
environment:
|
|
- MAX_CONCURRENT_SCANS=1
|
|
- SCAN_TIMEOUT_MINUTES=15
|
|
- ENABLED_SCANNERS=trivy,grype
|
|
- LOG_LEVEL=error
|
|
- CLEANUP_OLD_SCANS_DAYS=7
|
|
ports:
|
|
- 3000:3000
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
foundryvtt:
|
|
image: felddy/foundryvtt:release
|
|
environment:
|
|
- FOUNDRY_USERNAME=${FOUNDRY_USERNAME}
|
|
- FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}
|
|
- UID=1000
|
|
- GID=1000
|
|
ports:
|
|
- "30000:30000/tcp"
|
|
volumes:
|
|
- /config/foundry-data:/data
|
|
env_file:
|
|
- path: .env
|
|
required: true
|
|
|
|
dashy:
|
|
image: lissy93/dashy
|
|
container_name: Dashy
|
|
volumes:
|
|
- /config/dashy/:/app/user-data/
|
|
ports:
|
|
- 8083:8080
|
|
# Set any environmental variables
|
|
environment:
|
|
- NODE_ENV=production
|
|
- UID=1000
|
|
- GID=1000
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ['CMD', 'node', '/app/services/healthcheck']
|
|
interval: 1m30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
pihole:
|
|
container_name: pihole
|
|
image: pihole/pihole:latest
|
|
ports:
|
|
# DNS Ports
|
|
- "53:53/tcp"
|
|
- "53:53/udp"
|
|
# Default HTTP Port
|
|
- "80:80/tcp"
|
|
# Default HTTPs Port. FTL will generate a self-signed certificate
|
|
- "443:443/tcp"
|
|
# Uncomment the below if using Pi-hole as your DHCP Server
|
|
#- "67:67/udp"
|
|
# Uncomment the line below if you are using Pi-hole as your NTP server
|
|
#- "123:123/udp"
|
|
environment:
|
|
# Set the appropriate timezone for your location from
|
|
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
|
|
TZ: 'Europe/Paris'
|
|
# Set a password to access the web interface. Not setting one will result in a random password being assigned
|
|
FTLCONF_webserver_api_password: 'correct horse battery staple'
|
|
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
|
|
FTLCONF_dns_listeningMode: 'all'
|
|
# Volumes store your data between container upgrades
|
|
volumes:
|
|
# For persisting Pi-hole's databases and common configuration file
|
|
- '/config/etc-pihole:/etc/pihole'
|
|
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
|
|
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
|
|
cap_add:
|
|
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
|
|
# Required if you are using Pi-hole as your DHCP server, else not needed
|
|
- NET_ADMIN
|
|
# Required if you are using Pi-hole as your NTP client to be able to set the host's system time
|
|
- SYS_TIME
|
|
# Optional, if Pi-hole should get some more processing time
|
|
- SYS_NICE
|
|
restart: unless-stopped
|
|
|
|
portainer:
|
|
image: portainer/portainer-ce:latest
|
|
container_name: portainer
|
|
restart: unless-stopped
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /config/portainer-data:/data
|
|
ports:
|
|
- 9000:9000
|
|
|
|
flaresolverr:
|
|
image: ghcr.io/flaresolverr/flaresolverr:latest
|
|
container_name: flaresolverr
|
|
environment:
|
|
- LOG_LEVEL=${LOG_LEVEL:-info}
|
|
- LOG_HTML=${LOG_HTML:-false}
|
|
- CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
|
|
- TZ=Europe/Paris
|
|
ports:
|
|
- "${PORT:-8191}:8191"
|
|
restart: unless-stopped
|
|
|
|
prowlarr:
|
|
image: lscr.io/linuxserver/prowlarr:latest
|
|
container_name: prowlarr
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/Paris
|
|
volumes:
|
|
- /config/prowlarr:/config
|
|
ports:
|
|
- 9696:9696
|
|
restart: unless-stopped
|
|
|
|
sonarr:
|
|
image: lscr.io/linuxserver/sonarr:latest
|
|
container_name: sonarr
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/Paris
|
|
volumes:
|
|
- /config/sonarr:/config
|
|
- /media/Seagate/Series:/media/Seagate/Series
|
|
- /media/Seagate/Animes:/media/Seagate/Animes
|
|
- /temp:/temp
|
|
ports:
|
|
- 8989:8989
|
|
restart: unless-stopped
|
|
|
|
radarr:
|
|
image: lscr.io/linuxserver/radarr:latest
|
|
container_name: radarr
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/Paris
|
|
volumes:
|
|
- /config/radarr:/config
|
|
- /media/Seagate/Movies:/media/Seagate/Movies
|
|
- /media/Seagate/temp:/media/Seagate/temp
|
|
- /temp:/temp
|
|
ports:
|
|
- 7878:7878
|
|
restart: unless-stopped
|
|
|
|
gluetun:
|
|
image: qmcgaw/gluetun
|
|
container_name: gluetun
|
|
cap_add:
|
|
- NET_ADMIN
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
env_file:
|
|
- path: .env
|
|
required: true
|
|
environment:
|
|
- VPN_SERVICE_PROVIDER=protonvpn
|
|
- VPN_TYPE=wireguard
|
|
- WIREGUARD_PRIVATE_KEY=${VPNKEY}
|
|
- SERVER_COUNTRIES=Sweden
|
|
- HTTPPROXY=on
|
|
- HTTPPROXY_LOG=on
|
|
ports:
|
|
- 8888:8888
|
|
- 6881:6881
|
|
- 8080:8080
|
|
|
|
qbit:
|
|
image: ghcr.io/linuxserver/qbittorrent
|
|
container_name: qbit
|
|
volumes:
|
|
- /temp:/temp
|
|
- /config/transmission-daemon:/config
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
network_mode: "service:gluetun"
|
|
restart: always
|
|
depends_on:
|
|
gluetun:
|
|
condition: service_healthy
|
|
restart: true
|
|
|
|
jellyfin:
|
|
image: lscr.io/linuxserver/jellyfin:latest
|
|
container_name: jellyfin
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/Paris
|
|
- JELLYFIN_PublishedServerUrl=192.168.1.55 #optional
|
|
volumes:
|
|
- /config/jellyfin:/config
|
|
- /media/Seagate/Series:/Series
|
|
- /media/Seagate/Animes:/Animes
|
|
- /media/Seagate/Movies:/Movies
|
|
ports:
|
|
- 8096:8096
|
|
- 8920:8920 #optional
|
|
- 7359:7359/udp #optional
|
|
- 1900:1900/udp #optional
|
|
restart: unless-stopped
|
|
|
|
watchtower:
|
|
image: containrrr/watchtower
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
immich-server:
|
|
container_name: immich_server
|
|
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
|
|
# extends:
|
|
# file: hwaccel.transcoding.yml
|
|
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
|
|
volumes:
|
|
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
|
|
- ${UPLOAD_LOCATION}:/usr/src/app/upload
|
|
- /etc/localtime:/etc/localtime:ro
|
|
env_file:
|
|
- path: .env
|
|
required: true
|
|
ports:
|
|
- '2283:2283'
|
|
depends_on:
|
|
- redis
|
|
- database
|
|
restart: always
|
|
healthcheck:
|
|
disable: false
|
|
|
|
immich-machine-learning:
|
|
container_name: immich_machine_learning
|
|
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
|
|
# Example tag: ${IMMICH_VERSION:-release}-cuda
|
|
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
|
|
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
|
|
# file: hwaccel.ml.yml
|
|
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
|
|
volumes:
|
|
- model-cache:/cache
|
|
env_file:
|
|
- path: .env
|
|
required: true
|
|
restart: always
|
|
healthcheck:
|
|
disable: false
|
|
|
|
redis:
|
|
container_name: immich_redis
|
|
image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
|
|
healthcheck:
|
|
test: redis-cli ping || exit 1
|
|
restart: always
|
|
|
|
database:
|
|
container_name: immich_postgres
|
|
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
|
|
env_file:
|
|
- path: .env
|
|
required: true
|
|
environment:
|
|
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
|
POSTGRES_USER: ${DB_USERNAME}
|
|
POSTGRES_DB: ${DB_DATABASE_NAME}
|
|
POSTGRES_INITDB_ARGS: '--data-checksums'
|
|
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
|
|
# DB_STORAGE_TYPE: 'HDD'
|
|
volumes:
|
|
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
|
|
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
|
|
restart: always
|
|
|
|
Forgejo:
|
|
image: codeberg.org/forgejo/forgejo:11
|
|
container_name: forgejo
|
|
environment:
|
|
- USER_UID=1000
|
|
- USER_GID=1000
|
|
restart: always
|
|
networks:
|
|
- forgejo
|
|
volumes:
|
|
- /config/forgejo:/data
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- '3000:3000'
|
|
- '222:22'
|
|
|
|
nginx-proxy-manager:
|
|
image: jc21/nginx-proxy-manager:latest
|
|
container_name: nginx-proxy-manager
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "81:81"
|
|
volumes:
|
|
- /config/nginx/data:/data
|
|
- /config/nginx/letsencrypt:/etc/letsencrypt
|
|
restart: unless-stopped
|
|
|
|
freshrss:
|
|
image: lscr.io/linuxserver/freshrss:latest
|
|
container_name: freshrss
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Etc/UTC
|
|
volumes:
|
|
- /config/freshrss/:/config
|
|
ports:
|
|
- 8082:80
|
|
restart: unless-stopped
|
|
|
|
vikunja:
|
|
image: vikunja/vikunja
|
|
environment:
|
|
VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJA_SERVICE_JWTSECRET}
|
|
VIKUNJA_SERVICE_PUBLICURL: https://notes.griffix.hopto.org/
|
|
VIKUNJA_DATABASE_PATH: /db/vikunja.db
|
|
env_file:
|
|
- path: .env
|
|
required: true
|
|
ports:
|
|
- 3456:3456
|
|
volumes:
|
|
- /config/vikunja/files:/app/vikunja/files
|
|
- /config/vikunja/db:/db
|
|
restart: unless-stopped
|
|
|
|
networks:
|
|
forgejo:
|
|
external: false
|
|
#default:
|
|
# external: true
|
|
|
|
volumes:
|
|
model-cache:
|