########################################################################### ########################################################################### networks: mediastack: name: mediastack driver: bridge ipam: driver: default config: - subnet: ${DOCKER_SUBNET:?err} gateway: ${DOCKER_GATEWAY:?err} ########################################################################### ########################################################################### services: ########################################################################### ########################################################################### ## ## Docker Compose File: Postgresql ## Function: Postgresql Database Server ## ## Documentation: https://hub.docker.com/_/postgres ## ########################################################################### ########################################################################### postgresql: image: docker.io/library/postgres:latest container_name: postgresql restart: unless-stopped networks: - mediastack user: ${PUID:?err}:${PGID:?err} ports: - ${POSTGRESQL_PORT:?err}:5432 healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ${FOLDER_FOR_DATA:?err}/postgresql:/var/lib/postgresql/data environment: - TZ=${TIMEZONE:?err} - POSTGRES_DB=${AUTHENTIK_DATABASE:?err} - POSTGRES_USER=${POSTGRESQL_USERNAME:?err} - POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD:?err} ########################################################################### ########################################################################### ## ## Docker Compose File: Guacamole / Guacd ## Function: Clientless Remote Desktop Gateway ## ## Documentation: https://hub.docker.com/r/guacamole/guacamole ## ########################################################################### ########################################################################### guacamole: image: guacamole/guacamole container_name: guacamole restart: unless-stopped user: ${PUID:?err}:${PGID:?err} depends_on: postgresql: condition: service_healthy restart: true networks: - mediastack ports: - ${WEBUI_PORT_GUACAMOLE:?err}:8080 environment: - TZ=${TIMEZONE:?err} - WEBAPP_CONTEXT=ROOT - GUACD_HOSTNAME=guacd - POSTGRESQL_HOSTNAME=postgresql - POSTGRESQL_PORT=${POSTGRESQL_PORT:?err} - POSTGRESQL_DATABASE=${GUACAMOLE_DATABASE:?err} - POSTGRESQL_USER=${POSTGRESQL_USERNAME:?err} - POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD:?err} labels: - traefik.enable=true # ROUTERS - traefik.http.routers.guacamole.service=guacamole - traefik.http.routers.guacamole.rule=Host(`guacamole.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.guacamole.entrypoints=secureweb - traefik.http.routers.guacamole.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.guacamole.loadbalancer.server.scheme=http - traefik.http.services.guacamole.loadbalancer.server.port=8080 # MIDDLEWARES guacd: image: guacamole/guacd container_name: guacd restart: unless-stopped user: ${PUID:?err}:${PGID:?err} depends_on: postgresql: condition: service_healthy restart: true networks: - mediastack ports: - ${GUACD_PORT:?err}:4822 environment: - TZ=${TIMEZONE:?err} - POSTGRESQL_HOSTNAME=postgresql - POSTGRESQL_PORT=${POSTGRESQL_PORT:?err} - POSTGRESQL_DATABASE=${GUACAMOLE_DATABASE:?err} - POSTGRESQL_USER=${POSTGRESQL_USERNAME:?err} - POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD:?err} ########################################################################### ########################################################################### ## ## Docker Compose File: Valkey (same as Redis) ## Function: High Performance Data Structure Server ## ## Documentation: https://hub.docker.com/r/valkey/valkey ## ########################################################################### ########################################################################### valkey: image: valkey/valkey:alpine container_name: valkey command: --save 60 1 --loglevel warning restart: unless-stopped networks: - mediastack user: ${PUID:?err}:${PGID:?err} ports: - ${VALKEY_PORT:?err}:6379 healthcheck: test: ["CMD-SHELL", "valkey-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ${FOLDER_FOR_DATA:?err}/valkey:/data ########################################################################### ########################################################################### ## ## Docker Compose File: Authentik Server & Worker ## Function: Authentication & Authorisation Identity Manager ## ## Documentation: https://docs.goauthentik.io/docs/install-config/install/docker-compose ## ########################################################################### ########################################################################### authentik: image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:?err} container_name: authentik restart: unless-stopped networks: - mediastack user: ${PUID:?err}:${PGID:?err} command: server environment: - TZ=${TIMEZONE:?err} - AUTHENTIK_LOG_LEVEL=info # Options are: # info, warning, error, debug and trace - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?err} - AUTHENTIK_REDIS__HOST=valkey - AUTHENTIK_POSTGRESQL__HOST=postgresql - AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DATABASE:?err} - AUTHENTIK_POSTGRESQL__USER=${POSTGRESQL_USERNAME:?err} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRESQL_PASSWORD:?err} - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED:?err} - AUTHENTIK_EMAIL__HOST=${EMAIL_SERVER_HOST} - AUTHENTIK_EMAIL__PORT=${EMAIL_SERVER_PORT} - AUTHENTIK_EMAIL__USERNAME=${EMAIL_ADDRESS} - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_TLS} - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_SSL} - AUTHENTIK_EMAIL__FROM=${EMAIL_SENDER} - AUTHENTIK_EMAIL__TIMEOUT=10 volumes: - ${FOLDER_FOR_DATA:?err}/authentik/media:/media - ${FOLDER_FOR_DATA:?err}/authentik/templates:/templates ports: - ${WEBUI_PORT_AUTHENTIK:?err}:9000 depends_on: postgresql: condition: service_healthy restart: true valkey: condition: service_healthy restart: true labels: - traefik.enable=true # ROUTERS - traefik.http.routers.authentik.service=authentik - traefik.http.routers.authentik.rule=Host(`auth.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.authentik.entrypoints=secureweb - traefik.http.routers.authentik.middlewares=security-headers@file,traefik-bouncer@file # Do not add authentik-forwardauth@file to middlewares, otherwise other applications can't authenticate # SERVICES - traefik.http.services.authentik.loadbalancer.server.scheme=http - traefik.http.services.authentik.loadbalancer.server.port=9000 # MIDDLEWARES authentic-worker: image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:?err} container_name: authentik-worker restart: unless-stopped networks: - mediastack user: ${PUID:?err}:${PGID:?err} command: worker environment: - TZ=${TIMEZONE:?err} - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?err} - AUTHENTIK_REDIS__HOST=valkey - AUTHENTIK_POSTGRESQL__HOST=postgresql - AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DATABASE:?err} - AUTHENTIK_POSTGRESQL__USER=${POSTGRESQL_USERNAME:?err} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRESQL_PASSWORD:?err} - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED:?err} volumes: - /var/run/docker.sock:/var/run/docker.sock - ${FOLDER_FOR_DATA:?err}/authentik/certs:/certs - ${FOLDER_FOR_DATA:?err}/authentik/media:/media - ${FOLDER_FOR_DATA:?err}/authentik/templates:/templates depends_on: postgresql: condition: service_healthy restart: true valkey: condition: service_healthy restart: true ########################################################################### ########################################################################### ## ## Docker Compose File: Traefik ## Function: Reverse Proxy Routing Server ## ## Documentation: https://doc.traefik.io/traefik/ ## ########################################################################### ########################################################################### traefik: image: traefik:latest container_name: traefik restart: unless-stopped networks: - mediastack user: root environment: - TZ=${TIMEZONE:?err} - CF_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN:?err} ports: - ${REVERSE_PROXY_PORT_HTTP:?err}:80 - ${REVERSE_PROXY_PORT_HTTPS:?err}:443 - ${WEBUI_PORT_TRAEFIK:?err}:8080 - ${METRICS_PORT_TRAEFIK:?err}:8082 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${FOLDER_FOR_DATA:?err}/logs/traefik:/var/log - ${FOLDER_FOR_DATA:?err}/traefik:/etc/traefik - ${FOLDER_FOR_DATA:?err}/traefik/letsencrypt:/letsencrypt labels: - traefik.enable=true # ROUTERS - traefik.http.routers.traefik.service=api@internal - traefik.http.routers.traefik.rule=Host(`traefik.${CLOUDFLARE_DNS_ZONE:?err}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) - traefik.http.routers.traefik.entrypoints=secureweb - traefik.http.routers.traefik.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.traefik.loadbalancer.server.scheme=http - traefik.http.services.traefik.loadbalancer.server.port=8080 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Traefik Certificate Dumper ## Function: Dump SSL / TLS Certificates from Traefik ## ## Documentation: https://hub.docker.com/r/ldez/traefik-certs-dumper ## ########################################################################### ########################################################################### traefik-certs-dumper: image: ldez/traefik-certs-dumper:latest container_name: traefik-certs-dumper restart: always networks: - mediastack user: ${PUID:?err}:${PGID:?err} entrypoint: sh -c ' while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json | jq -s "add" ` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /certs' volumes: - ${FOLDER_FOR_DATA:?err}/traefik/letsencrypt:/data:ro - ${FOLDER_FOR_DATA:?err}/traefik-certs-dumper:/certs ########################################################################### ########################################################################### ## ## Docker Compose File: CrowdSec Security Engine ## Function: Cyber Security Threat Intelligence ## ## Documentation: https://docs.crowdsec.net/u/getting_started/installation/docker/ ## ########################################################################### ########################################################################### crowdsec: image: crowdsecurity/crowdsec:latest container_name: crowdsec restart: always networks: - mediastack user: ${PUID:?err}:${PGID:?err} environment: - TZ=${TIMEZONE:?err} ports: - 127.0.0.1:${CROWDSEC_PORT:?err}:8080 - 6060:6060 # Provides Metrics for Prometheus - 7422:7422 # Provides WAF AppSec depends_on: - traefik volumes: - ${FOLDER_FOR_DATA:?err}/crowdsec:/etc/crowdsec - ${FOLDER_FOR_DATA:?err}/crowdsec/data:/var/lib/crowdsec/data/ - ${FOLDER_FOR_DATA:?err}/logs:/logs:ro ########################################################################### ########################################################################### ## ## Docker Compose File: Prometheus ## Function: Systems and Service Monitoring ## ## Documentation: https://prometheus.io/docs/introduction/overview/ ## ########################################################################### ########################################################################### prometheus: image: prom/prometheus container_name: prometheus restart: unless-stopped user: ${PUID:?err}:${PGID:?err} networks: - mediastack depends_on: - crowdsec ports: - 127.0.0.1:${WEBUI_PORT_PROMETHEUS:?err}:9090 volumes: - ${FOLDER_FOR_DATA:?err}/prometheus:/prometheus environment: - TZ=${TIMEZONE:?err} labels: - traefik.enable=true # ROUTERS - traefik.http.routers.prometheus.service=prometheus - traefik.http.routers.prometheus.rule=Host(`prometheus.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.prometheus.entrypoints=secureweb - traefik.http.routers.prometheus.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.prometheus.loadbalancer.server.scheme=http - traefik.http.services.prometheus.loadbalancer.server.port=9090 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Grafana ## Function: Visual Monitoring Dashboard ## ## Documentation: http://docs.grafana.org/installation/docker/ ## ########################################################################### ########################################################################### grafana: image: grafana/grafana-enterprise container_name: grafana restart: unless-stopped user: ${PUID:?err}:${PGID:?err} depends_on: - crowdsec networks: - mediastack ports: - ${WEBUI_PORT_GRAFANA:?err}:3000 volumes: - /var/log:/var/dockerhost:ro - ${FOLDER_FOR_DATA:?err}/grafana:/var/lib/grafana environment: - TZ=${TIMEZONE:?err} labels: - traefik.enable=true # ROUTERS - traefik.http.routers.grafana.service=grafana - traefik.http.routers.grafana.rule=Host(`grafana.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.grafana.entrypoints=secureweb - traefik.http.routers.grafana.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.grafana.loadbalancer.server.scheme=http - traefik.http.services.grafana.loadbalancer.server.port=3000 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Headscale ## Function: OpenSource Tailscale Coordination Server ## ## Documentation: https://headscale.net/stable/ ## ########################################################################### ########################################################################### headscale: image: headscale/headscale:latest container_name: headscale restart: unless-stopped networks: - mediastack command: serve ports: - ${CONNECT_PORT_HEADSCALE:?err}:8080 - ${METRICS_PORT_HEADSCALE:?err}:9090 volumes: - ${FOLDER_FOR_DATA:?err}/headscale:/etc/headscale - ${FOLDER_FOR_DATA:?err}/headscale/data:/var/lib/headscale environment: - TZ=${TIMEZONE:?err} labels: - traefik.enable=true # ROUTERS - traefik.http.routers.headscale.service=headscale - traefik.http.routers.headscale.rule=Host(`headscale.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.headscale.entrypoints=secureweb - traefik.http.routers.headscale.middlewares=security-headers@file,traefik-bouncer@file # Do not add authentik-forwardauth@file to middlewares, otherwise Tailscale clients can't authenticate and connect # SERVICES - traefik.http.services.headscale.loadbalancer.server.scheme=http - traefik.http.services.headscale.loadbalancer.server.port=8080 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Tailscale ## Function: Tailscale Client - Operating as Tailnet Exit-Node ## ## Documentation: https://headscale.net/stable/ ## ########################################################################### ########################################################################### tailscale: image: tailscale/tailscale:latest hostname: tailscale container_name: tailscale restart: unless-stopped networks: - mediastack cap_add: - net_admin devices: - /dev/net/tun:/dev/net/tun volumes: - ${FOLDER_FOR_DATA:?err}/tailscale:/var/lib/tailscale environment: - TS_USERSPACE=false - TS_STATE_DIR=/var/lib/tailscale - TS_AUTHKEY=${TAILSCALE_AUTHKEY:?err} - TS_EXTRA_ARGS=--hostname=exit-node --advertise-exit-node --advertise-routes=${LOCAL_SUBNET:?err},${DOCKER_SUBNET:?err} --login-server=https://headscale.${CLOUDFLARE_DNS_ZONE:?err} ########################################################################### ########################################################################### ## ## Docker Compose File: Headplane ## Function: WebUI Management for Headscale Coordination Server ## ## Documentation: https://github.com/tale/headplane ## ########################################################################### ########################################################################### headplane: image: ghcr.io/tale/headplane:latest container_name: headplane restart: unless-stopped networks: - mediastack ports: - ${WEBUI_PORT_HEADPLANE:?err}:3000 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${FOLDER_FOR_DATA:?err}/headscale:/etc/headscale - ${FOLDER_FOR_DATA:?err}/headplane:/etc/headplane - ${FOLDER_FOR_DATA:?err}/headplane/data:/var/lib/headplane environment: - TZ=${TIMEZONE:?err} labels: - traefik.enable=true # ROUTERS - traefik.http.routers.headplane.service=headplane - traefik.http.routers.headplane.rule=Host(`headplane.${CLOUDFLARE_DNS_ZONE:?err}`) && PathPrefix(`/admin/`) - traefik.http.routers.headplane.entrypoints=secureweb - traefik.http.routers.headplane.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.headplane.loadbalancer.server.scheme=http - traefik.http.services.headplane.loadbalancer.server.port=3000 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Gluetun (qmcgaw) ## Function: VPN Client ## ## Documentation: https://github.com/qdm12/gluetun-wiki ## ########################################################################### ########################################################################### gluetun: image: qmcgaw/gluetun:latest container_name: gluetun restart: always cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp # Gluetun Local Network HTTP proxy - 8388:8388/tcp # Gluetun Local Network Shadowsocks - 8388:8388/udp # Gluetun Local Network Shadowsocks - ${GLUETUN_CONTROL_PORT:?err}:${GLUETUN_CONTROL_PORT:?err} # Gluetun Status Port # Comment out lines below if they are not going to use Gluetun VPN for Internet connection: - ${WEBUI_PORT_BAZARR:?err}:6767 # WebUI Portal: Bazarr - ${WEBUI_PORT_FILEBOT:?err}:5454 # WebUI Portal: Filebot - ${WEBUI_PORT_HUNTARR:?err}:9705 # WebUI Portal: Huntarr - ${WEBUI_PORT_JELLYFIN:?err}:8096 # WebUI Portal: Jellyfin - ${WEBUI_PORT_JELLYSEERR:?err}:5055 # WebUI Portal: Jellyseerr - ${WEBUI_PORT_LIDARR:?err}:8686 # WebUI Portal: Lidarr - ${WEBUI_PORT_MYLAR:?err}:8090 # WebUI Portal: Mylar3 - ${WEBUI_PORT_PROWLARR:?err}:9696 # WebUI Portal: Prowlarr - ${WEBUI_PORT_RADARR:?err}:7878 # WebUI Portal: Radarr - ${WEBUI_PORT_READARR:?err}:8787 # WebUI Portal: Readarr - ${WEBUI_PORT_SABNZBD:?err}:8080 # WebUI Portal: SABnzbd - ${WEBUI_PORT_SONARR:?err}:8989 # WebUI Portal: Sonarr - ${WEBUI_PORT_WHISPARR:?err}:6969 # WebUI Portal: Whisparr - ${WEBUI_PORT_QBITTORRENT:?err}:${WEBUI_PORT_QBITTORRENT:?err} # WebUI Portal: qBittorrent - ${QBIT_PORT:?err}:6881 # Transmission Torrent Port - ${FLARESOLVERR_PORT:?err}:8191 # Service Port: FlareSolverr - ${TDARR_SERVER_PORT:?err}:${TDARR_SERVER_PORT:?err} # Tdarr: Server Port - ${WEBUI_PORT_TDARR:?err}:${WEBUI_PORT_TDARR:?err} # Tdarr: WebUI Portal - ${WEBUI_PORT_PLEX:?err}:32400 # WebUI Portal: Plex # - 1900:1900/udp # DNLA Service (Clashes with Synology: SSPD "File Services" --> "Advanced") # - 5353:5353/udp # Plex Network Port (Clashes with Synology: Bonjour "File Services" --> "Advanced") - 8324:8324 # Plex Network Port - 32410:32410/udp # Plex Network Port - 32412:32412/udp # Plex Network Port - 32413:32413/udp # Plex Network Port - 32414:32414/udp # Plex Network Port - 32469:32469 # Plex Network Port volumes: - ${FOLDER_FOR_DATA:?err}/gluetun:/gluetun environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - VPN_SERVICE_PROVIDER=${VPN_SERVICE_PROVIDER:?err} - OPENVPN_USER=${VPN_USERNAME:?err} - OPENVPN_PASSWORD=${VPN_PASSWORD:?err} - SERVER_COUNTRIES=${SERVER_COUNTRIES} - SERVER_REGIONS=${SERVER_REGIONS} - SERVER_CITIES=${SERVER_CITIES} - SERVER_HOSTNAMES=${SERVER_HOSTNAMES} - SERVER_CATEGORIES=${SERVER_CATEGORIES} - FIREWALL_OUTBOUND_SUBNETS=${LOCAL_SUBNET:?err} - OPENVPN_CUSTOM_CONFIG=${OPENVPN_CUSTOM_CONFIG} - HTTP_CONTROL_SERVER_ADDRESS=:${GLUETUN_CONTROL_PORT:?err} - VPN_TYPE=${VPN_TYPE} - VPN_ENDPOINT_IP=${VPN_ENDPOINT_IP} - VPN_ENDPOINT_PORT=${VPN_ENDPOINT_PORT} - WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY} - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY} - WIREGUARD_PRESHARED_KEY=${WIREGUARD_PRESHARED_KEY} - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES} - HTTPPROXY=on - SHADOWSOCKS=on networks: - mediastack ########################################################################### ########################################################################### ## ## Docker Compose File: Bazarr (LinuxServer.io) ## Function: Download subtitles for Radarr and Sonarr ## ## Documentation: https://docs.linuxserver.io/images/docker-bazarr ## ########################################################################### ########################################################################### bazarr: image: lscr.io/linuxserver/bazarr:latest container_name: bazarr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/bazarr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:bazarr - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_BAZARR:?err}:6767 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.bazarr.service=bazarr - traefik.http.routers.bazarr.rule=Host(`bazarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.bazarr.entrypoints=secureweb - traefik.http.routers.bazarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.bazarr.loadbalancer.server.scheme=http - traefik.http.services.bazarr.loadbalancer.server.port=6767 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Chromium (LinuxServer.io) ## Function: OpenSource Web Browser ## ## Documentation: https://docs.linuxserver.io/images/docker-chromium/ ## ########################################################################### ########################################################################### chromium: image: lscr.io/linuxserver/chromium:latest container_name: chromium restart: unless-stopped shm_size: 1gb volumes: - ${FOLDER_FOR_DATA:?err}/chromium:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - TITLE=MediaStack Chromium - CUSTOM_PORT=${WEBUI_PORT_CHROMIUM:?err} - CHROME_CLI=${CHROMIUM_START_PAGE:?err} ports: - ${WEBUI_PORT_CHROMIUM:?err}:${WEBUI_PORT_CHROMIUM:?err} networks: - mediastack labels: - traefik.enable=true # ROUTERS - traefik.http.routers.chromium.service=chromium - traefik.http.routers.chromium.rule=Host(`chromium.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.chromium.entrypoints=secureweb - traefik.http.routers.chromium.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.chromium.loadbalancer.server.scheme=http - traefik.http.services.chromium.loadbalancer.server.port=${WEBUI_PORT_CHROMIUM:?err} # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: DDNS-Updater (qmcgaw) ## Function: Update Dynamic IP addresses for DNS A and/or AAAA records ## ## Documentation: https://hub.docker.com/r/qmcgaw/ddns-updater ## ########################################################################### ########################################################################### ddns-updater: image: qmcgaw/ddns-updater:latest container_name: ddns-updater restart: always user: ${PUID:?err}:${PGID:?err} volumes: - ${FOLDER_FOR_DATA:?err}/ddns-updater:/updater/data ports: - ${WEBUI_PORT_DDNS_UPDATER:?err}:${WEBUI_PORT_DDNS_UPDATER:?err}/tcp environment: - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - CONFIG= - PERIOD=5m - UPDATE_COOLDOWN_PERIOD=5m - PUBLICIP_FETCHERS=all - PUBLICIP_HTTP_PROVIDERS=all - PUBLICIPV4_HTTP_PROVIDERS=all - PUBLICIPV6_HTTP_PROVIDERS=all - PUBLICIP_DNS_PROVIDERS=all - PUBLICIP_DNS_TIMEOUT=3s - HTTP_TIMEOUT=10s # Web UI - LISTENING_ADDRESS=:${WEBUI_PORT_DDNS_UPDATER:?err} - ROOT_URL=/ # Backup - BACKUP_PERIOD=0 # 0 to disable - BACKUP_DIRECTORY=/updater/data # Other - LOG_LEVEL=info - LOG_CALLER=hidden - SHOUTRRR_ADDRESSES= # NOTE: DDNS-Update MUST NOT connect to the Gluetun VPN container networks: - mediastack labels: - traefik.enable=true # ROUTERS - traefik.http.routers.ddns-updater.service=ddns-updater - traefik.http.routers.ddns-updater.rule=Host(`ddns-updater.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.ddns-updater.entrypoints=secureweb - traefik.http.routers.ddns-updater.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.ddns-updater.loadbalancer.server.scheme=http - traefik.http.services.ddns-updater.loadbalancer.server.port=${WEBUI_PORT_DDNS_UPDATER:?err} # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Filebot (GitHub) ## Function: Lookup and Rename Media from Internet Databases ## ## Docker Page: https://github.com/filebot/filebot-docker#filebot-xpra ## Homepage: https://www.filebot.net/ ## User Forum: https://www.filebot.net/forums ## ########################################################################### ########################################################################### filebot: image: rednoah/filebot:xpra container_name: filebot restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}/filebot:/filebot - ${FOLDER_FOR_DATA:?err}/filebot:/data/filebot environment: # - XPRA_AUTH=password:value=YOUR_PASSWORD - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - DARK_MODE=1 network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_FILEBOT:?err}:5454 # Configured in Gluetun VPN service labels: - traefik.enable=true # ROUTERS - traefik.http.routers.filebot.service=filebot - traefik.http.routers.filebot.rule=Host(`filebot.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.filebot.entrypoints=secureweb - traefik.http.routers.filebot.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.filebot.loadbalancer.server.scheme=http - traefik.http.services.filebot.loadbalancer.server.port=5454 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Flaresolverr (Flaresolverr) ## Function: Cloudflare Proxy Server ## ## Documentation: https://github.com/FlareSolverr/FlareSolverr ## ########################################################################### ########################################################################### flaresolverr: image: ghcr.io/flaresolverr/flaresolverr:latest container_name: flaresolverr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true environment: - LOG_LEVEL=info - LOG_HTML=false - CAPTCHA_SOLVER=none - TZ=${TIMEZONE:?err} network_mode: "service:gluetun" # ports: # - ${FLARESOLVERR_PORT:?err}:8191 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.flaresolverr.service=flaresolverr - traefik.http.routers.flaresolverr.rule=Host(`flaresolverr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.flaresolverr.entrypoints=secureweb - traefik.http.routers.flaresolverr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.flaresolverr.loadbalancer.server.scheme=http - traefik.http.services.flaresolverr.loadbalancer.server.port=8191 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Heimdall (LinuxServer.io) ## Function: Organise links to web sites and web applications ## ## Documentation: https://docs.linuxserver.io/images/docker-heimdall ## ########################################################################### ########################################################################### heimdall: image: lscr.io/linuxserver/heimdall:latest container_name: heimdall restart: unless-stopped volumes: - ${FOLDER_FOR_DATA:?err}/heimdall:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} ports: - ${WEBUI_PORT_HEIMDALL:?err}:80 # NOTE: Heimdall MUST NOT connect to the Gluetun VPN container networks: - mediastack labels: - traefik.enable=true # ROUTERS - traefik.http.routers.heimdall.service=heimdall - traefik.http.routers.heimdall.rule=Host(`heimdall.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.heimdall.entrypoints=secureweb - traefik.http.routers.heimdall.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.heimdall.loadbalancer.server.scheme=http - traefik.http.services.heimdall.loadbalancer.server.port=80 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Homarr (https://ghcr.io/) ## Function: Application Dashboard ## ## Documentation: https://homarr.dev/docs/getting-started/after-the-installation ## ########################################################################### ########################################################################### homarr: image: ghcr.io/ajnart/homarr:latest container_name: homarr restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock - ${FOLDER_FOR_DATA:?err}/homarr/configs:/app/data/configs - ${FOLDER_FOR_DATA:?err}/homarr/icons:/app/public/icons - ${FOLDER_FOR_DATA:?err}/homarr/data:/data environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} ports: - ${WEBUI_PORT_HOMARR:?err}:7575 # NOTE: Heimdall MUST NOT connect to the Gluetun VPN container networks: - mediastack labels: - traefik.enable=true # ROUTERS - traefik.http.routers.homarr.service=homarr - traefik.http.routers.homarr.rule=Host(`homarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.homarr.entrypoints=secureweb - traefik.http.routers.homarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.homarr.loadbalancer.server.scheme=http - traefik.http.services.homarr.loadbalancer.server.port=7575 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Homepage (https://ghcr.io/) ## Function: Application Dashboard ## ## Documentation: https://gethomepage.dev/latest/configs/ ## ########################################################################### ########################################################################### homepage: image: ghcr.io/gethomepage/homepage:latest container_name: homepage restart: unless-stopped ports: - ${WEBUI_PORT_HOMEPAGE:?err}:3000 volumes: - /var/run/docker.sock:/var/run/docker.sock - ${FOLDER_FOR_DATA:?err}/homepage:/app/config environment: - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - HOMEPAGE_ALLOWED_HOSTS=homepage,homepage.${CLOUDFLARE_DNS_ZONE:?err},${CLOUDFLARE_DNS_ZONE:?err},localhost,${LOCAL_DOCKER_IP:?err} # NOTE: Homepage MUST NOT connect to the Gluetun VPN container networks: - mediastack labels: - traefik.enable=true # ROUTERS - traefik.http.routers.homepage.service=homepage - traefik.http.routers.homepage.rule=Host(`homepage.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.homepage.entrypoints=secureweb - traefik.http.routers.homepage.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.homepage.loadbalancer.server.scheme=http - traefik.http.services.homepage.loadbalancer.server.port=3000 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Huntarr ## Function: ARR Missing Content Manager ## ## Documentation: https://github.com/plexguide/Huntarr.io ## ########################################################################### ########################################################################### huntarr: image: huntarr/huntarr:latest container_name: huntarr depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_DATA:?err}/huntarr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_HUNTARR:?err}:9705 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.huntarr.service=huntarr - traefik.http.routers.huntarr.rule=Host(`huntarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.huntarr.entrypoints=secureweb - traefik.http.routers.huntarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.huntarr.loadbalancer.server.scheme=http - traefik.http.services.huntarr.loadbalancer.server.port=9705 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Jellyfin (LinuxServer.io) ## Function: Media Server ## ## Documentation: https://jellyfin.org/docs/general/administration/installing#docker ## https://jellyfin.org/docs/general/administration/hardware-acceleration/ ## ########################################################################### ########################################################################### jellyfin: image: lscr.io/linuxserver/jellyfin:latest container_name: jellyfin restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true # Add Configurations for GPU Hardware Rendering Here: # devices: # - /dev/dri/renderD128:/dev/dri/renderD128 # - /dev/dri/card0:/dev/dri/card0 volumes: - ${FOLDER_FOR_MEDIA:?err}/media:/data/media - ${FOLDER_FOR_DATA:?err}/jellyfin:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} # - JELLYFIN_PublishedServerUrl=${LOCAL_DOCKER_IP:?err} # Enable for DLNA - Only works on HOST Network Mode network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_JELLYFIN:?err}:8096 # Configured in Gluetun VPN container # - 7359:7359/udp # Enable for DLNA - Only works on HOST Network Mode # - 1900:1900/udp # Enable for DLNA - Only works on HOST Network Mode labels: - traefik.enable=true # ROUTERS - traefik.http.routers.jellyfin.service=jellyfin - traefik.http.routers.jellyfin.rule=Host(`jellyfin.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.jellyfin.entrypoints=secureweb - traefik.http.routers.jellyfin.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.jellyfin.loadbalancer.server.scheme=http - traefik.http.services.jellyfin.loadbalancer.server.port=8096 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Jellyseerr (fallenbagel) ## Function: Media Request Manager ## ## Documentation: https://hub.docker.com/r/fallenbagel/jellyseerr ## ########################################################################### ########################################################################### jellyseerr: image: fallenbagel/jellyseerr:latest container_name: jellyseerr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_DATA:?err}/jellyseerr:/app/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_JELLYSEERR:?err}:5055 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.jellyseerr.service=jellyseerr - traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.jellyseerr.entrypoints=secureweb - traefik.http.routers.jellyseerr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.jellyseerr.loadbalancer.server.scheme=http - traefik.http.services.jellyseerr.loadbalancer.server.port=5055 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Lidarr (LinuxServer.io) ## Function: Music Library Manager ## ## Documentation: https://docs.linuxserver.io/images/docker-lidarr ## ########################################################################### ########################################################################### lidarr: image: lscr.io/linuxserver/lidarr:latest container_name: lidarr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/lidarr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lidarr - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_LIDARR:?err}:8686 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.lidarr.service=lidarr - traefik.http.routers.lidarr.rule=Host(`lidarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.lidarr.entrypoints=secureweb - traefik.http.routers.lidarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.lidarr.loadbalancer.server.scheme=http - traefik.http.services.lidarr.loadbalancer.server.port=8686 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Mylar3 (LinuxServer.io) ## Function: Comic Library Manager ## ## Documentation: https://github.com/mylar3/mylar3/wiki ## ########################################################################### ########################################################################### mylar: image: lscr.io/linuxserver/mylar3:latest container_name: mylar restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/mylar:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:mylar3 - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_MYLAR:?err}:8090 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.mylar.service=mylar - traefik.http.routers.mylar.rule=Host(`mylar.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.mylar.entrypoints=secureweb - traefik.http.routers.mylar.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.mylar.loadbalancer.server.scheme=http - traefik.http.services.mylar.loadbalancer.server.port=8090 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Plex (LinuxServer.io) ## Function: Media Server ## ## Documentation: https://hub.docker.com/r/linuxserver/plex ## ########################################################################### ########################################################################### plex: image: lscr.io/linuxserver/plex:latest container_name: plex restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true # Add Configurations for GPU Hardware Rendering Here: # devices: # - /dev/dri/renderD128:/dev/dri/renderD128 # - /dev/dri/card0:/dev/dri/card0 network_mode: "service:gluetun" # Ports are disabled in containers when they are connected to VPN, as the # Gluetun container manages the ports for containers that connect via VPN # ports: # - ${WEBUI_PORT_PLEX:?err}:32400 # Configured in Gluetun VPN container # - 1900:1900/udp # - 5353:5353/udp # - 8324:8324 # - 32410:32410/udp # - 32412:32412/udp # - 32413:32413/udp # - 32414:32414/udp # - 32469:32469 volumes: - ${FOLDER_FOR_MEDIA:?err}/media:/data/media - ${FOLDER_FOR_DATA:?err}/plex:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - VERSION=docker - PLEX_CLAIM=${PLEX_CLAIM} - ADVERTISE_IP=https://plex.${CLOUDFLARE_DNS_ZONE:?err}:443/ labels: - traefik.enable=true # ROUTERS - traefik.http.routers.plex.service=plex - traefik.http.routers.plex.rule=Host(`plex.${CLOUDFLARE_DNS_ZONE:?err}`) && PathPrefix(`/web/`) - traefik.http.routers.plex.entrypoints=secureweb - traefik.http.routers.plex.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.plex.loadbalancer.server.scheme=http - traefik.http.services.plex.loadbalancer.server.port=32400 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Portainer (Portainer.io) ## Function: Alternate GUI Manager for Docker ## ## Documentation: https://docs.portainer.io/start/install/server/docker ## ########################################################################### ########################################################################### portainer: image: portainer/portainer-ce:latest container_name: portainer restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock - ${FOLDER_FOR_DATA:?err}/portainer:/data ports: - ${WEBUI_PORT_PORTAINER:?err}:9000 # NOTE: Portainer MUST NOT connect to the Gluetun VPN container networks: - mediastack labels: - traefik.enable=true # ROUTERS - traefik.http.routers.portainer.service=portainer - traefik.http.routers.portainer.rule=Host(`portainer.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.portainer.entrypoints=secureweb - traefik.http.routers.portainer.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.portainer.loadbalancer.server.scheme=http - traefik.http.services.portainer.loadbalancer.server.port=9000 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Prowlarr (LinuxServer.io) ## Function: Indexer and Search Manager ## ## Documentation: https://docs.linuxserver.io/images/docker-prowlarr ## ########################################################################### ########################################################################### prowlarr: image: lscr.io/linuxserver/prowlarr:develop container_name: prowlarr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_DATA:?err}/prowlarr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:prowlarr - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_PROWLARR:?err}:9696 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.prowlarr.service=prowlarr - traefik.http.routers.prowlarr.rule=Host(`prowlarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.prowlarr.entrypoints=secureweb - traefik.http.routers.prowlarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.prowlarr.loadbalancer.server.scheme=http - traefik.http.services.prowlarr.loadbalancer.server.port=9696 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: qBittorrent (LinuxServer.io) ## Function: Torrent Download Client ## ## Documentation: https://docs.linuxserver.io/images/docker-qbittorrent ## ########################################################################### ########################################################################### qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/qbittorrent:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - WEBUI_PORT=${WEBUI_PORT_QBITTORRENT:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:qbittorrent - TP_THEME=${TP_THEME:?err} ## Do Not Change Network for qBittorrent ## qBittorrent MUST always use a VPN / Secure Internet connection network_mode: "service:gluetun" labels: - traefik.enable=true # ROUTERS - traefik.http.routers.qbittorrent.service=qbittorrent - traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.qbittorrent.entrypoints=secureweb - traefik.http.routers.qbittorrent.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.qbittorrent.loadbalancer.server.scheme=http - traefik.http.services.qbittorrent.loadbalancer.server.port=${WEBUI_PORT_QBITTORRENT:?err} # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Radarr (LinuxServer.io) ## Function: Movie Library Manager ## ## Documentation: https://docs.linuxserver.io/images/docker-radarr ## ########################################################################### ########################################################################### radarr: image: lscr.io/linuxserver/radarr:latest container_name: radarr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/radarr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:radarr - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_RADARR:?err}:7878 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.radarr.service=radarr - traefik.http.routers.radarr.rule=Host(`radarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.radarr.entrypoints=secureweb - traefik.http.routers.radarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.radarr.loadbalancer.server.scheme=http - traefik.http.services.radarr.loadbalancer.server.port=7878 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Readarr (LinuxServer.io) ## Function: Book Library Manager ## ## Documentation: https://docs.linuxserver.io/images/docker-readarr ## ########################################################################### ########################################################################### readarr: image: lscr.io/linuxserver/readarr:develop container_name: readarr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/readarr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:readarr - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_READARR:?err}:8787 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.readarr.service=readarr - traefik.http.routers.readarr.rule=Host(`readarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.readarr.entrypoints=secureweb - traefik.http.routers.readarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.readarr.loadbalancer.server.scheme=http - traefik.http.services.readarr.loadbalancer.server.port=8787 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: SABnzbd (LinuxServer.io) ## Function: Usenet Download Client ## ## Documentation: https://docs.linuxserver.io/images/docker-sabnzbd ## ########################################################################### ########################################################################### sabnzbd: image: lscr.io/linuxserver/sabnzbd:latest container_name: sabnzbd restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/sabnzbd:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_SABNZBD:?err}:8080 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.sabnzbd.service=sabnzbd - traefik.http.routers.sabnzbd.rule=Host(`sabnzbd.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.sabnzbd.entrypoints=secureweb - traefik.http.routers.sabnzbd.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.sabnzbd.loadbalancer.server.scheme=http - traefik.http.services.sabnzbd.loadbalancer.server.port=8080 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Sonarr (LinuxServer.io) ## Function: Series Library Manager (TV Shows) ## ## Documentation: https://docs.linuxserver.io/images/docker-sonarr ## ########################################################################### ########################################################################### sonarr: image: lscr.io/linuxserver/sonarr:latest container_name: sonarr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/sonarr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - TZ=${TIMEZONE:?err} - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sonarr - TP_THEME=${TP_THEME:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_SONARR:?err}:8989 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.sonarr.service=sonarr - traefik.http.routers.sonarr.rule=Host(`sonarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.sonarr.entrypoints=secureweb - traefik.http.routers.sonarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.sonarr.loadbalancer.server.scheme=http - traefik.http.services.sonarr.loadbalancer.server.port=8989 # MIDDLEWARES ########################################################################### ########################################################################### ## ## Docker Compose File: Tdarr V2 (haveagitgat/tdarr) ## Function: Tdarr V2 - Audio/Video library transcoding automation ## (Contains Tdarr_Server and WebUI ) ## ## Documentation: https://docs.tdarr.io/docs/installation/docker/run-compose/ ## https://docs.tdarr.io/docs/installation/docker/hardware-transcoding ## ########################################################################### ########################################################################### tdarr: image: ghcr.io/haveagitgat/tdarr:latest container_name: tdarr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}/media:/data - ${FOLDER_FOR_DATA:?err}/tdarr/server:/app/server - ${FOLDER_FOR_DATA:?err}/tdarr/configs:/app/configs - ${FOLDER_FOR_DATA:?err}/tdarr/logs:/app/logs - ${FOLDER_FOR_DATA:?err}/tdarr-node:/temp environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - serverIP=0.0.0.0 - serverPort=${TDARR_SERVER_PORT:?err} - webUIPort=${WEBUI_PORT_TDARR:?err} - internalNode=true - nodeID=Tdarr_Server network_mode: "service:gluetun" # ports: # - ${TDARR_SERVER_PORT:?err}:${TDARR_SERVER_PORT:?err} # Configured in Gluetun VPN container # - ${WEBUI_PORT_TDARR:?err}:${WEBUI_PORT_TDARR:?err} # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.tdarr.service=tdarr - traefik.http.routers.tdarr.rule=Host(`tdarr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.tdarr.entrypoints=secureweb - traefik.http.routers.tdarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.tdarr.loadbalancer.server.scheme=http - traefik.http.services.tdarr.loadbalancer.server.port=${WEBUI_PORT_TDARR:?err} # MIDDLEWARES tdarr-node: image: ghcr.io/haveagitgat/tdarr_node:latest container_name: tdarr-node restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}/media:/data - ${FOLDER_FOR_DATA:?err}/tdarr/configs:/app/configs - ${FOLDER_FOR_DATA:?err}/tdarr/logs:/app/logs - ${FOLDER_FOR_DATA:?err}/tdarr-node:/temp environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - nodeID=Tdarr_Node_1 - serverIP=0.0.0.0 - serverPort=${TDARR_SERVER_PORT:?err} network_mode: "service:gluetun" ########################################################################### ########################################################################### ## ## Docker Compose File: Unpackerr (Hotio.Dev) ## Function: Archive Media Extraction ## ## Documentation: https://github.com/davidnewhall/unpackerr ## https://github.com/davidnewhall/unpackerr/blob/master/examples/docker-compose.yml ## ########################################################################### ########################################################################### unpackerr: image: golift/unpackerr container_name: unpackerr restart: unless-stopped user: ${PUID:?err}:${PGID:?err} volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/unpackerr:/config - ${FOLDER_FOR_DATA:?err}/logs/unpackerr:/var/log networks: - mediastack ports: - ${METRICS_PORT_UNPACKERR:?err}:5656 environment: - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} # Remove all lines that begin with UN_CMDHOOK, UN_WEBHOOK, UN_FOLDER, UN_WEBSERVER, and other apps you do not use. ## Global Settings - UN_DEBUG=false - UN_QUIET=false - UN_ERROR_STDERR=false - UN_ACTIVITY=false - UN_LOG_QUEUES=1m - UN_LOG_FILE=/var/log/unpackerr.log - UN_LOG_FILES=10 - UN_LOG_FILE_MB=10 - UN_LOG_FILE_MODE=0644 - UN_INTERVAL=2m - UN_START_DELAY=1m - UN_RETRY_DELAY=5m - UN_MAX_RETRIES=3 - UN_PARALLEL=1 - UN_FILE_MODE=0644 - UN_DIR_MODE=2755 ## Web Server - UN_WEBSERVER_METRICS=true - UN_WEBSERVER_LISTEN_ADDR=0.0.0.0:5656 - UN_WEBSERVER_LOG_FILE=/var/log/server.log - UN_WEBSERVER_LOG_FILES=10 - UN_WEBSERVER_LOG_FILE_MB=10 - UN_WEBSERVER_SSL_CERT_FILE= - UN_WEBSERVER_SSL_KEY_FILE= - UN_WEBSERVER_URLBASE=/ - UN_WEBSERVER_UPSTREAMS= ## Folder Settings - UN_FOLDERS_INTERVAL=1s - UN_FOLDERS_BUFFER=20000 ## Mylar Settings ## Mylar Config - Copy API Key from: http://mylar:8090/general/settings - UN_MYLAR_0_URL=http://mylar:8090 - UN_MYLAR_0_API_KEY=0123456789abcdef0123456789abcdef - UN_MYLAR_0_PATHS_0=/data/torrents/comics - UN_MYLAR_0_PROTOCOLS=torrent - UN_MYLAR_0_TIMEOUT=10s - UN_MYLAR_0_DELETE_DELAY=5m - UN_MYLAR_0_DELETE_ORIG=false - UN_MYLAR_0_SYNCTHING=false ## Sonarr Settings ## Sonarr Config - Copy API Key from: http://sonarr:8989/general/settings - UN_SONARR_0_URL=http://sonarr:8989 - UN_SONARR_0_API_KEY=0123456789abcdef0123456789abcdef - UN_SONARR_0_PATHS_0=/data/torrents/anime - UN_SONARR_0_PATHS_1=/data/torrents/tv - UN_SONARR_0_PROTOCOLS=torrent - UN_SONARR_0_TIMEOUT=10s - UN_SONARR_0_DELETE_DELAY=5m - UN_SONARR_0_DELETE_ORIG=false - UN_SONARR_0_SYNCTHING=false ## Radarr Settings ## Radarr Config - Copy API Key from: http://radarr:7878/general/settings - UN_RADARR_0_URL=http://radarr:7878 - UN_RADARR_0_API_KEY=0123456789abcdef0123456789abcdef - UN_RADARR_0_PATHS_0=/data/torrents/movies - UN_RADARR_0_PROTOCOLS=torrent - UN_RADARR_0_TIMEOUT=10s - UN_RADARR_0_DELETE_DELAY=5m - UN_RADARR_0_DELETE_ORIG=false - UN_RADARR_0_SYNCTHING=false ## Lidarr Settings ## Lidarr Config - Copy API Key from: http://lidarr:8686/general/settings - UN_LIDARR_0_URL=http://lidarr:8686 - UN_LIDARR_0_API_KEY=0123456789abcdef0123456789abcdef - UN_LIDARR_0_PATHS_0=/data/torrents/music - UN_LIDARR_0_PROTOCOLS=torrent - UN_LIDARR_0_TIMEOUT=10s - UN_LIDARR_0_DELETE_DELAY=5m - UN_LIDARR_0_DELETE_ORIG=false - UN_LIDARR_0_SYNCTHING=false ## Readarr Settings ## Readarr Config - Copy API Key from: http://readarr:8787/general/settings - UN_READARR_0_URL=http://readarr:8787 - UN_READARR_0_API_KEY=0123456789abcdef0123456789abcdef - UN_READARR_0_PATHS_0=/data/torrents/books - UN_READARR_0_PROTOCOLS=torrent - UN_READARR_0_TIMEOUT=10s - UN_READARR_0_DELETE_DELAY=5m - UN_READARR_0_DELETE_ORIG=false - UN_READARR_0_SYNCTHING=false ## Whisparr Settings ## Whisparr Config - Copy API Key from: http://readarr:6969/general/settings - UN_WHISPARR_0_URL=http://whisparr:6969 - UN_WHISPARR_0_API_KEY=0123456789abcdef0123456789abcdef - UN_WHISPARR_0_PATHS_0=/data/torrents/xxx - UN_WHISPARR_0_PROTOCOLS=torrent - UN_WHISPARR_0_TIMEOUT=10s - UN_WHISPARR_0_DELETE_DELAY=5m - UN_WHISPARR_0_DELETE_ORIG=false - UN_WHISPARR_0_SYNCTHING=false ## Watch Folders - UN_FOLDER_0_PATH=/data/torrents/complete - UN_FOLDER_0_EXTRACT_PATH= - UN_FOLDER_0_DELETE_AFTER=10m - UN_FOLDER_0_DISABLE_RECURSION=false - UN_FOLDER_0_DELETE_FILES=false - UN_FOLDER_0_DELETE_ORIGINAL=false - UN_FOLDER_0_DISABLE_LOG=false - UN_FOLDER_0_MOVE_BACK=false - UN_FOLDER_0_EXTRACT_ISOS=false ## Web Hooks - UN_WEBHOOK_0_URL=https://notifiarr.com/api/v1/notification/unpackerr/api_key_from_notifiarr_com - UN_WEBHOOK_0_NAME= - UN_WEBHOOK_0_SILENT=false - UN_WEBHOOK_0_EVENTS_0=1 - UN_WEBHOOK_0_EVENTS_1=4 - UN_WEBHOOK_0_EVENTS_2=6 - UN_WEBHOOK_0_NICKNAME=Unpackerr - UN_WEBHOOK_0_CHANNEL= - UN_WEBHOOK_0_EXCLUDE_0=readarr - UN_WEBHOOK_0_EXCLUDE_1=lidarr - UN_WEBHOOK_0_TEMPLATE_PATH= - UN_WEBHOOK_0_TEMPLATE= - UN_WEBHOOK_0_IGNORE_SSL=false - UN_WEBHOOK_0_TIMEOUT=10s - UN_WEBHOOK_0_CONTENT_TYPE=application/json ## Command Hooks - UN_CMDHOOK_0_COMMAND=/data/torrents/unpackerr.sh - UN_CMDHOOK_0_NAME= - UN_CMDHOOK_0_SHELL=false - UN_CMDHOOK_0_SILENT=false - UN_CMDHOOK_0_EVENTS_0=1 - UN_CMDHOOK_0_EVENTS_1=4 - UN_CMDHOOK_0_EVENTS_2=7 - UN_CMDHOOK_0_EXCLUDE_0=readarr - UN_CMDHOOK_0_EXCLUDE_1=lidarr - UN_CMDHOOK_0_TIMEOUT=10s ########################################################################### ########################################################################### ## ## Docker Compose File: Whisparr (Hotio.Dev) ## Function: Adult Media Library Manager ## ## Documentation: https://wiki.servarr.com/whisparr ## ########################################################################### ########################################################################### whisparr: image: hotio/whisparr:nightly container_name: whisparr restart: unless-stopped depends_on: gluetun: condition: service_healthy restart: true volumes: - ${FOLDER_FOR_MEDIA:?err}:/data - ${FOLDER_FOR_DATA:?err}/whisparr:/config environment: - PUID=${PUID:?err} - PGID=${PGID:?err} - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} network_mode: "service:gluetun" # ports: # - ${WEBUI_PORT_WHISPARR:?err}:6969 # Configured in Gluetun VPN container labels: - traefik.enable=true # ROUTERS - traefik.http.routers.whisparr.service=whisparr - traefik.http.routers.whisparr.rule=Host(`whisparr.${CLOUDFLARE_DNS_ZONE:?err}`) - traefik.http.routers.whisparr.entrypoints=secureweb - traefik.http.routers.whisparr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file # SERVICES - traefik.http.services.whisparr.loadbalancer.server.scheme=http - traefik.http.services.whisparr.loadbalancer.server.port=6969 # MIDDLEWARES