Delmar/docker_dev
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b2ba11fcd38e7d36f64ff94dea3462444e21d855
docker_dev/arr-suite/temp.yaml
julien b2ba11fcd3 Moved to _dev
2025-09-20 16:11:47 +02:00

1769 lines
68 KiB
YAML
Raw Blame History

###########################################################################
###########################################################################
networks:
mediastack:
name: mediastack
driver: bridge
ipam:
driver: default
config:
- subnet: ${DOCKER_SUBNET:?err}
gateway: ${DOCKER_GATEWAY:?err}
###########################################################################
###########################################################################
services:
###########################################################################
###########################################################################
##
## Docker Compose File: Postgresql
## Function: Postgresql Database Server
##
## Documentation: https://hub.docker.com/_/postgres
##
###########################################################################
###########################################################################
postgresql:
image: docker.io/library/postgres:latest
container_name: postgresql
restart: unless-stopped
networks:
- mediastack
user: ${PUID:?err}:${PGID:?err}
ports:
- ${POSTGRESQL_PORT:?err}:5432
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ${FOLDER_FOR_DATA:?err}/postgresql:/var/lib/postgresql/data
environment:
- TZ=${TIMEZONE:?err}
- POSTGRES_DB=${AUTHENTIK_DATABASE:?err}
- POSTGRES_USER=${POSTGRESQL_USERNAME:?err}
- POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD:?err}
###########################################################################
###########################################################################
##
## Docker Compose File: Guacamole / Guacd
## Function: Clientless Remote Desktop Gateway
##
## Documentation: https://hub.docker.com/r/guacamole/guacamole
##
###########################################################################
###########################################################################
guacamole:
image: guacamole/guacamole
container_name: guacamole
restart: unless-stopped
user: ${PUID:?err}:${PGID:?err}
depends_on:
postgresql:
condition: service_healthy
restart: true
networks:
- mediastack
ports:
- ${WEBUI_PORT_GUACAMOLE:?err}:8080
environment:
- TZ=${TIMEZONE:?err}
- WEBAPP_CONTEXT=ROOT
- GUACD_HOSTNAME=guacd
- POSTGRESQL_HOSTNAME=postgresql
- POSTGRESQL_PORT=${POSTGRESQL_PORT:?err}
- POSTGRESQL_DATABASE=${GUACAMOLE_DATABASE:?err}
- POSTGRESQL_USER=${POSTGRESQL_USERNAME:?err}
- POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD:?err}
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.guacamole.service=guacamole
- traefik.http.routers.guacamole.rule=Host(`guacamole.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.guacamole.entrypoints=secureweb
- traefik.http.routers.guacamole.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.guacamole.loadbalancer.server.scheme=http
- traefik.http.services.guacamole.loadbalancer.server.port=8080
# MIDDLEWARES
guacd:
image: guacamole/guacd
container_name: guacd
restart: unless-stopped
user: ${PUID:?err}:${PGID:?err}
depends_on:
postgresql:
condition: service_healthy
restart: true
networks:
- mediastack
ports:
- ${GUACD_PORT:?err}:4822
environment:
- TZ=${TIMEZONE:?err}
- POSTGRESQL_HOSTNAME=postgresql
- POSTGRESQL_PORT=${POSTGRESQL_PORT:?err}
- POSTGRESQL_DATABASE=${GUACAMOLE_DATABASE:?err}
- POSTGRESQL_USER=${POSTGRESQL_USERNAME:?err}
- POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD:?err}
###########################################################################
###########################################################################
##
## Docker Compose File: Valkey (same as Redis)
## Function: High Performance Data Structure Server
##
## Documentation: https://hub.docker.com/r/valkey/valkey
##
###########################################################################
###########################################################################
valkey:
image: valkey/valkey:alpine
container_name: valkey
command: --save 60 1 --loglevel warning
restart: unless-stopped
networks:
- mediastack
user: ${PUID:?err}:${PGID:?err}
ports:
- ${VALKEY_PORT:?err}:6379
healthcheck:
test: ["CMD-SHELL", "valkey-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- ${FOLDER_FOR_DATA:?err}/valkey:/data
###########################################################################
###########################################################################
##
## Docker Compose File: Authentik Server & Worker
## Function: Authentication & Authorisation Identity Manager
##
## Documentation: https://docs.goauthentik.io/docs/install-config/install/docker-compose
##
###########################################################################
###########################################################################
authentik:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:?err}
container_name: authentik
restart: unless-stopped
networks:
- mediastack
user: ${PUID:?err}:${PGID:?err}
command: server
environment:
- TZ=${TIMEZONE:?err}
- AUTHENTIK_LOG_LEVEL=info # Options are: # info, warning, error, debug and trace
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?err}
- AUTHENTIK_REDIS__HOST=valkey
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DATABASE:?err}
- AUTHENTIK_POSTGRESQL__USER=${POSTGRESQL_USERNAME:?err}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRESQL_PASSWORD:?err}
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED:?err}
- AUTHENTIK_EMAIL__HOST=${EMAIL_SERVER_HOST}
- AUTHENTIK_EMAIL__PORT=${EMAIL_SERVER_PORT}
- AUTHENTIK_EMAIL__USERNAME=${EMAIL_ADDRESS}
- AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD}
- AUTHENTIK_EMAIL__USE_TLS=${EMAIL_TLS}
- AUTHENTIK_EMAIL__USE_SSL=${EMAIL_SSL}
- AUTHENTIK_EMAIL__FROM=${EMAIL_SENDER}
- AUTHENTIK_EMAIL__TIMEOUT=10
volumes:
- ${FOLDER_FOR_DATA:?err}/authentik/media:/media
- ${FOLDER_FOR_DATA:?err}/authentik/templates:/templates
ports:
- ${WEBUI_PORT_AUTHENTIK:?err}:9000
depends_on:
postgresql:
condition: service_healthy
restart: true
valkey:
condition: service_healthy
restart: true
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.authentik.service=authentik
- traefik.http.routers.authentik.rule=Host(`auth.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.authentik.entrypoints=secureweb
- traefik.http.routers.authentik.middlewares=security-headers@file,traefik-bouncer@file
# Do not add authentik-forwardauth@file to middlewares, otherwise other applications can't authenticate
# SERVICES
- traefik.http.services.authentik.loadbalancer.server.scheme=http
- traefik.http.services.authentik.loadbalancer.server.port=9000
# MIDDLEWARES
authentic-worker:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:?err}
container_name: authentik-worker
restart: unless-stopped
networks:
- mediastack
user: ${PUID:?err}:${PGID:?err}
command: worker
environment:
- TZ=${TIMEZONE:?err}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?err}
- AUTHENTIK_REDIS__HOST=valkey
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DATABASE:?err}
- AUTHENTIK_POSTGRESQL__USER=${POSTGRESQL_USERNAME:?err}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRESQL_PASSWORD:?err}
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED:?err}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${FOLDER_FOR_DATA:?err}/authentik/certs:/certs
- ${FOLDER_FOR_DATA:?err}/authentik/media:/media
- ${FOLDER_FOR_DATA:?err}/authentik/templates:/templates
depends_on:
postgresql:
condition: service_healthy
restart: true
valkey:
condition: service_healthy
restart: true
###########################################################################
###########################################################################
##
## Docker Compose File: Traefik
## Function: Reverse Proxy Routing Server
##
## Documentation: https://doc.traefik.io/traefik/
##
###########################################################################
###########################################################################
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
networks:
- mediastack
user: root
environment:
- TZ=${TIMEZONE:?err}
- CF_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN:?err}
ports:
- ${REVERSE_PROXY_PORT_HTTP:?err}:80
- ${REVERSE_PROXY_PORT_HTTPS:?err}:443
- ${WEBUI_PORT_TRAEFIK:?err}:8080
- ${METRICS_PORT_TRAEFIK:?err}:8082
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${FOLDER_FOR_DATA:?err}/logs/traefik:/var/log
- ${FOLDER_FOR_DATA:?err}/traefik:/etc/traefik
- ${FOLDER_FOR_DATA:?err}/traefik/letsencrypt:/letsencrypt
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.rule=Host(`traefik.${CLOUDFLARE_DNS_ZONE:?err}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
- traefik.http.routers.traefik.entrypoints=secureweb
- traefik.http.routers.traefik.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.traefik.loadbalancer.server.scheme=http
- traefik.http.services.traefik.loadbalancer.server.port=8080
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Traefik Certificate Dumper
## Function: Dump SSL / TLS Certificates from Traefik
##
## Documentation: https://hub.docker.com/r/ldez/traefik-certs-dumper
##
###########################################################################
###########################################################################
traefik-certs-dumper:
image: ldez/traefik-certs-dumper:latest
container_name: traefik-certs-dumper
restart: always
networks:
- mediastack
user: ${PUID:?err}:${PGID:?err}
entrypoint: sh -c '
while ! [ -e /data/acme.json ]
|| ! [ `jq ".[] | .Certificates | length" /data/acme.json | jq -s "add" ` != 0 ]; do
sleep 1
; done
&& traefik-certs-dumper file --version v2 --watch
--source /data/acme.json --dest /certs'
volumes:
- ${FOLDER_FOR_DATA:?err}/traefik/letsencrypt:/data:ro
- ${FOLDER_FOR_DATA:?err}/traefik-certs-dumper:/certs
###########################################################################
###########################################################################
##
## Docker Compose File: CrowdSec Security Engine
## Function: Cyber Security Threat Intelligence
##
## Documentation: https://docs.crowdsec.net/u/getting_started/installation/docker/
##
###########################################################################
###########################################################################
crowdsec:
image: crowdsecurity/crowdsec:latest
container_name: crowdsec
restart: always
networks:
- mediastack
user: ${PUID:?err}:${PGID:?err}
environment:
- TZ=${TIMEZONE:?err}
ports:
- 127.0.0.1:${CROWDSEC_PORT:?err}:8080
- 6060:6060 # Provides Metrics for Prometheus
- 7422:7422 # Provides WAF AppSec
depends_on:
- traefik
volumes:
- ${FOLDER_FOR_DATA:?err}/crowdsec:/etc/crowdsec
- ${FOLDER_FOR_DATA:?err}/crowdsec/data:/var/lib/crowdsec/data/
- ${FOLDER_FOR_DATA:?err}/logs:/logs:ro
###########################################################################
###########################################################################
##
## Docker Compose File: Prometheus
## Function: Systems and Service Monitoring
##
## Documentation: https://prometheus.io/docs/introduction/overview/
##
###########################################################################
###########################################################################
prometheus:
image: prom/prometheus
container_name: prometheus
restart: unless-stopped
user: ${PUID:?err}:${PGID:?err}
networks:
- mediastack
depends_on:
- crowdsec
ports:
- 127.0.0.1:${WEBUI_PORT_PROMETHEUS:?err}:9090
volumes:
- ${FOLDER_FOR_DATA:?err}/prometheus:/prometheus
environment:
- TZ=${TIMEZONE:?err}
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.prometheus.service=prometheus
- traefik.http.routers.prometheus.rule=Host(`prometheus.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.prometheus.entrypoints=secureweb
- traefik.http.routers.prometheus.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.prometheus.loadbalancer.server.scheme=http
- traefik.http.services.prometheus.loadbalancer.server.port=9090
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Grafana
## Function: Visual Monitoring Dashboard
##
## Documentation: http://docs.grafana.org/installation/docker/
##
###########################################################################
###########################################################################
grafana:
image: grafana/grafana-enterprise
container_name: grafana
restart: unless-stopped
user: ${PUID:?err}:${PGID:?err}
depends_on:
- crowdsec
networks:
- mediastack
ports:
- ${WEBUI_PORT_GRAFANA:?err}:3000
volumes:
- /var/log:/var/dockerhost:ro
- ${FOLDER_FOR_DATA:?err}/grafana:/var/lib/grafana
environment:
- TZ=${TIMEZONE:?err}
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.grafana.service=grafana
- traefik.http.routers.grafana.rule=Host(`grafana.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.grafana.entrypoints=secureweb
- traefik.http.routers.grafana.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.grafana.loadbalancer.server.scheme=http
- traefik.http.services.grafana.loadbalancer.server.port=3000
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Headscale
## Function: OpenSource Tailscale Coordination Server
##
## Documentation: https://headscale.net/stable/
##
###########################################################################
###########################################################################
headscale:
image: headscale/headscale:latest
container_name: headscale
restart: unless-stopped
networks:
- mediastack
command: serve
ports:
- ${CONNECT_PORT_HEADSCALE:?err}:8080
- ${METRICS_PORT_HEADSCALE:?err}:9090
volumes:
- ${FOLDER_FOR_DATA:?err}/headscale:/etc/headscale
- ${FOLDER_FOR_DATA:?err}/headscale/data:/var/lib/headscale
environment:
- TZ=${TIMEZONE:?err}
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.headscale.service=headscale
- traefik.http.routers.headscale.rule=Host(`headscale.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.headscale.entrypoints=secureweb
- traefik.http.routers.headscale.middlewares=security-headers@file,traefik-bouncer@file
# Do not add authentik-forwardauth@file to middlewares, otherwise Tailscale clients can't authenticate and connect
# SERVICES
- traefik.http.services.headscale.loadbalancer.server.scheme=http
- traefik.http.services.headscale.loadbalancer.server.port=8080
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Tailscale
## Function: Tailscale Client - Operating as Tailnet Exit-Node
##
## Documentation: https://headscale.net/stable/
##
###########################################################################
###########################################################################
tailscale:
image: tailscale/tailscale:latest
hostname: tailscale
container_name: tailscale
restart: unless-stopped
networks:
- mediastack
cap_add:
- net_admin
devices:
- /dev/net/tun:/dev/net/tun
volumes:
- ${FOLDER_FOR_DATA:?err}/tailscale:/var/lib/tailscale
environment:
- TS_USERSPACE=false
- TS_STATE_DIR=/var/lib/tailscale
- TS_AUTHKEY=${TAILSCALE_AUTHKEY:?err}
- TS_EXTRA_ARGS=--hostname=exit-node --advertise-exit-node --advertise-routes=${LOCAL_SUBNET:?err},${DOCKER_SUBNET:?err} --login-server=https://headscale.${CLOUDFLARE_DNS_ZONE:?err}
###########################################################################
###########################################################################
##
## Docker Compose File: Headplane
## Function: WebUI Management for Headscale Coordination Server
##
## Documentation: https://github.com/tale/headplane
##
###########################################################################
###########################################################################
headplane:
image: ghcr.io/tale/headplane:latest
container_name: headplane
restart: unless-stopped
networks:
- mediastack
ports:
- ${WEBUI_PORT_HEADPLANE:?err}:3000
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${FOLDER_FOR_DATA:?err}/headscale:/etc/headscale
- ${FOLDER_FOR_DATA:?err}/headplane:/etc/headplane
- ${FOLDER_FOR_DATA:?err}/headplane/data:/var/lib/headplane
environment:
- TZ=${TIMEZONE:?err}
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.headplane.service=headplane
- traefik.http.routers.headplane.rule=Host(`headplane.${CLOUDFLARE_DNS_ZONE:?err}`) && PathPrefix(`/admin/`)
- traefik.http.routers.headplane.entrypoints=secureweb
- traefik.http.routers.headplane.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.headplane.loadbalancer.server.scheme=http
- traefik.http.services.headplane.loadbalancer.server.port=3000
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Gluetun (qmcgaw)
## Function: VPN Client
##
## Documentation: https://github.com/qdm12/gluetun-wiki
##
###########################################################################
###########################################################################
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
restart: always
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # Gluetun Local Network HTTP proxy
- 8388:8388/tcp # Gluetun Local Network Shadowsocks
- 8388:8388/udp # Gluetun Local Network Shadowsocks
- ${GLUETUN_CONTROL_PORT:?err}:${GLUETUN_CONTROL_PORT:?err} # Gluetun Status Port
# Comment out lines below if they are not going to use Gluetun VPN for Internet connection:
- ${WEBUI_PORT_BAZARR:?err}:6767 # WebUI Portal: Bazarr
- ${WEBUI_PORT_FILEBOT:?err}:5454 # WebUI Portal: Filebot
- ${WEBUI_PORT_HUNTARR:?err}:9705 # WebUI Portal: Huntarr
- ${WEBUI_PORT_JELLYFIN:?err}:8096 # WebUI Portal: Jellyfin
- ${WEBUI_PORT_JELLYSEERR:?err}:5055 # WebUI Portal: Jellyseerr
- ${WEBUI_PORT_LIDARR:?err}:8686 # WebUI Portal: Lidarr
- ${WEBUI_PORT_MYLAR:?err}:8090 # WebUI Portal: Mylar3
- ${WEBUI_PORT_PROWLARR:?err}:9696 # WebUI Portal: Prowlarr
- ${WEBUI_PORT_RADARR:?err}:7878 # WebUI Portal: Radarr
- ${WEBUI_PORT_READARR:?err}:8787 # WebUI Portal: Readarr
- ${WEBUI_PORT_SABNZBD:?err}:8080 # WebUI Portal: SABnzbd
- ${WEBUI_PORT_SONARR:?err}:8989 # WebUI Portal: Sonarr
- ${WEBUI_PORT_WHISPARR:?err}:6969 # WebUI Portal: Whisparr
- ${WEBUI_PORT_QBITTORRENT:?err}:${WEBUI_PORT_QBITTORRENT:?err} # WebUI Portal: qBittorrent
- ${QBIT_PORT:?err}:6881 # Transmission Torrent Port
- ${FLARESOLVERR_PORT:?err}:8191 # Service Port: FlareSolverr
- ${TDARR_SERVER_PORT:?err}:${TDARR_SERVER_PORT:?err} # Tdarr: Server Port
- ${WEBUI_PORT_TDARR:?err}:${WEBUI_PORT_TDARR:?err} # Tdarr: WebUI Portal
- ${WEBUI_PORT_PLEX:?err}:32400 # WebUI Portal: Plex
# - 1900:1900/udp # DNLA Service (Clashes with Synology: SSPD "File Services" --> "Advanced")
# - 5353:5353/udp # Plex Network Port (Clashes with Synology: Bonjour "File Services" --> "Advanced")
- 8324:8324 # Plex Network Port
- 32410:32410/udp # Plex Network Port
- 32412:32412/udp # Plex Network Port
- 32413:32413/udp # Plex Network Port
- 32414:32414/udp # Plex Network Port
- 32469:32469 # Plex Network Port
volumes:
- ${FOLDER_FOR_DATA:?err}/gluetun:/gluetun
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- VPN_SERVICE_PROVIDER=${VPN_SERVICE_PROVIDER:?err}
- OPENVPN_USER=${VPN_USERNAME:?err}
- OPENVPN_PASSWORD=${VPN_PASSWORD:?err}
- SERVER_COUNTRIES=${SERVER_COUNTRIES}
- SERVER_REGIONS=${SERVER_REGIONS}
- SERVER_CITIES=${SERVER_CITIES}
- SERVER_HOSTNAMES=${SERVER_HOSTNAMES}
- SERVER_CATEGORIES=${SERVER_CATEGORIES}
- FIREWALL_OUTBOUND_SUBNETS=${LOCAL_SUBNET:?err}
- OPENVPN_CUSTOM_CONFIG=${OPENVPN_CUSTOM_CONFIG}
- HTTP_CONTROL_SERVER_ADDRESS=:${GLUETUN_CONTROL_PORT:?err}
- VPN_TYPE=${VPN_TYPE}
- VPN_ENDPOINT_IP=${VPN_ENDPOINT_IP}
- VPN_ENDPOINT_PORT=${VPN_ENDPOINT_PORT}
- WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY}
- WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
- WIREGUARD_PRESHARED_KEY=${WIREGUARD_PRESHARED_KEY}
- WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES}
- HTTPPROXY=on
- SHADOWSOCKS=on
networks:
- mediastack
###########################################################################
###########################################################################
##
## Docker Compose File: Bazarr (LinuxServer.io)
## Function: Download subtitles for Radarr and Sonarr
##
## Documentation: https://docs.linuxserver.io/images/docker-bazarr
##
###########################################################################
###########################################################################
bazarr:
image: lscr.io/linuxserver/bazarr:latest
container_name: bazarr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/bazarr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:bazarr
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_BAZARR:?err}:6767 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.bazarr.service=bazarr
- traefik.http.routers.bazarr.rule=Host(`bazarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.bazarr.entrypoints=secureweb
- traefik.http.routers.bazarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.bazarr.loadbalancer.server.scheme=http
- traefik.http.services.bazarr.loadbalancer.server.port=6767
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Chromium (LinuxServer.io)
## Function: OpenSource Web Browser
##
## Documentation: https://docs.linuxserver.io/images/docker-chromium/
##
###########################################################################
###########################################################################
chromium:
image: lscr.io/linuxserver/chromium:latest
container_name: chromium
restart: unless-stopped
shm_size: 1gb
volumes:
- ${FOLDER_FOR_DATA:?err}/chromium:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- TITLE=MediaStack Chromium
- CUSTOM_PORT=${WEBUI_PORT_CHROMIUM:?err}
- CHROME_CLI=${CHROMIUM_START_PAGE:?err}
ports:
- ${WEBUI_PORT_CHROMIUM:?err}:${WEBUI_PORT_CHROMIUM:?err}
networks:
- mediastack
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.chromium.service=chromium
- traefik.http.routers.chromium.rule=Host(`chromium.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.chromium.entrypoints=secureweb
- traefik.http.routers.chromium.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.chromium.loadbalancer.server.scheme=http
- traefik.http.services.chromium.loadbalancer.server.port=${WEBUI_PORT_CHROMIUM:?err}
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: DDNS-Updater (qmcgaw)
## Function: Update Dynamic IP addresses for DNS A and/or AAAA records
##
## Documentation: https://hub.docker.com/r/qmcgaw/ddns-updater
##
###########################################################################
###########################################################################
ddns-updater:
image: qmcgaw/ddns-updater:latest
container_name: ddns-updater
restart: always
user: ${PUID:?err}:${PGID:?err}
volumes:
- ${FOLDER_FOR_DATA:?err}/ddns-updater:/updater/data
ports:
- ${WEBUI_PORT_DDNS_UPDATER:?err}:${WEBUI_PORT_DDNS_UPDATER:?err}/tcp
environment:
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- CONFIG=
- PERIOD=5m
- UPDATE_COOLDOWN_PERIOD=5m
- PUBLICIP_FETCHERS=all
- PUBLICIP_HTTP_PROVIDERS=all
- PUBLICIPV4_HTTP_PROVIDERS=all
- PUBLICIPV6_HTTP_PROVIDERS=all
- PUBLICIP_DNS_PROVIDERS=all
- PUBLICIP_DNS_TIMEOUT=3s
- HTTP_TIMEOUT=10s
# Web UI
- LISTENING_ADDRESS=:${WEBUI_PORT_DDNS_UPDATER:?err}
- ROOT_URL=/
# Backup
- BACKUP_PERIOD=0 # 0 to disable
- BACKUP_DIRECTORY=/updater/data
# Other
- LOG_LEVEL=info
- LOG_CALLER=hidden
- SHOUTRRR_ADDRESSES=
# NOTE: DDNS-Update MUST NOT connect to the Gluetun VPN container
networks:
- mediastack
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.ddns-updater.service=ddns-updater
- traefik.http.routers.ddns-updater.rule=Host(`ddns-updater.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.ddns-updater.entrypoints=secureweb
- traefik.http.routers.ddns-updater.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.ddns-updater.loadbalancer.server.scheme=http
- traefik.http.services.ddns-updater.loadbalancer.server.port=${WEBUI_PORT_DDNS_UPDATER:?err}
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Filebot (GitHub)
## Function: Lookup and Rename Media from Internet Databases
##
## Docker Page: https://github.com/filebot/filebot-docker#filebot-xpra
## Homepage: https://www.filebot.net/
## User Forum: https://www.filebot.net/forums
##
###########################################################################
###########################################################################
filebot:
image: rednoah/filebot:xpra
container_name: filebot
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}/filebot:/filebot
- ${FOLDER_FOR_DATA:?err}/filebot:/data/filebot
environment:
# - XPRA_AUTH=password:value=YOUR_PASSWORD
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- DARK_MODE=1
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_FILEBOT:?err}:5454 # Configured in Gluetun VPN service
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.filebot.service=filebot
- traefik.http.routers.filebot.rule=Host(`filebot.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.filebot.entrypoints=secureweb
- traefik.http.routers.filebot.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.filebot.loadbalancer.server.scheme=http
- traefik.http.services.filebot.loadbalancer.server.port=5454
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Flaresolverr (Flaresolverr)
## Function: Cloudflare Proxy Server
##
## Documentation: https://github.com/FlareSolverr/FlareSolverr
##
###########################################################################
###########################################################################
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:latest
container_name: flaresolverr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
environment:
- LOG_LEVEL=info
- LOG_HTML=false
- CAPTCHA_SOLVER=none
- TZ=${TIMEZONE:?err}
network_mode: "service:gluetun"
# ports:
# - ${FLARESOLVERR_PORT:?err}:8191 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.flaresolverr.service=flaresolverr
- traefik.http.routers.flaresolverr.rule=Host(`flaresolverr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.flaresolverr.entrypoints=secureweb
- traefik.http.routers.flaresolverr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.flaresolverr.loadbalancer.server.scheme=http
- traefik.http.services.flaresolverr.loadbalancer.server.port=8191
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Heimdall (LinuxServer.io)
## Function: Organise links to web sites and web applications
##
## Documentation: https://docs.linuxserver.io/images/docker-heimdall
##
###########################################################################
###########################################################################
heimdall:
image: lscr.io/linuxserver/heimdall:latest
container_name: heimdall
restart: unless-stopped
volumes:
- ${FOLDER_FOR_DATA:?err}/heimdall:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
ports:
- ${WEBUI_PORT_HEIMDALL:?err}:80
# NOTE: Heimdall MUST NOT connect to the Gluetun VPN container
networks:
- mediastack
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.heimdall.service=heimdall
- traefik.http.routers.heimdall.rule=Host(`heimdall.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.heimdall.entrypoints=secureweb
- traefik.http.routers.heimdall.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.heimdall.loadbalancer.server.scheme=http
- traefik.http.services.heimdall.loadbalancer.server.port=80
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Homarr (https://ghcr.io/)
## Function: Application Dashboard
##
## Documentation: https://homarr.dev/docs/getting-started/after-the-installation
##
###########################################################################
###########################################################################
homarr:
image: ghcr.io/ajnart/homarr:latest
container_name: homarr
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${FOLDER_FOR_DATA:?err}/homarr/configs:/app/data/configs
- ${FOLDER_FOR_DATA:?err}/homarr/icons:/app/public/icons
- ${FOLDER_FOR_DATA:?err}/homarr/data:/data
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
ports:
- ${WEBUI_PORT_HOMARR:?err}:7575
# NOTE: Heimdall MUST NOT connect to the Gluetun VPN container
networks:
- mediastack
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.homarr.service=homarr
- traefik.http.routers.homarr.rule=Host(`homarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.homarr.entrypoints=secureweb
- traefik.http.routers.homarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.homarr.loadbalancer.server.scheme=http
- traefik.http.services.homarr.loadbalancer.server.port=7575
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Homepage (https://ghcr.io/)
## Function: Application Dashboard
##
## Documentation: https://gethomepage.dev/latest/configs/
##
###########################################################################
###########################################################################
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
restart: unless-stopped
ports:
- ${WEBUI_PORT_HOMEPAGE:?err}:3000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${FOLDER_FOR_DATA:?err}/homepage:/app/config
environment:
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- HOMEPAGE_ALLOWED_HOSTS=homepage,homepage.${CLOUDFLARE_DNS_ZONE:?err},${CLOUDFLARE_DNS_ZONE:?err},localhost,${LOCAL_DOCKER_IP:?err}
# NOTE: Homepage MUST NOT connect to the Gluetun VPN container
networks:
- mediastack
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.homepage.service=homepage
- traefik.http.routers.homepage.rule=Host(`homepage.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.homepage.entrypoints=secureweb
- traefik.http.routers.homepage.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.homepage.loadbalancer.server.scheme=http
- traefik.http.services.homepage.loadbalancer.server.port=3000
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Huntarr
## Function: ARR Missing Content Manager
##
## Documentation: https://github.com/plexguide/Huntarr.io
##
###########################################################################
###########################################################################
huntarr:
image: huntarr/huntarr:latest
container_name: huntarr
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_DATA:?err}/huntarr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_HUNTARR:?err}:9705 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.huntarr.service=huntarr
- traefik.http.routers.huntarr.rule=Host(`huntarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.huntarr.entrypoints=secureweb
- traefik.http.routers.huntarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.huntarr.loadbalancer.server.scheme=http
- traefik.http.services.huntarr.loadbalancer.server.port=9705
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Jellyfin (LinuxServer.io)
## Function: Media Server
##
## Documentation: https://jellyfin.org/docs/general/administration/installing#docker
## https://jellyfin.org/docs/general/administration/hardware-acceleration/
##
###########################################################################
###########################################################################
jellyfin:
image: lscr.io/linuxserver/jellyfin:latest
container_name: jellyfin
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
# Add Configurations for GPU Hardware Rendering Here:
# devices:
# - /dev/dri/renderD128:/dev/dri/renderD128
# - /dev/dri/card0:/dev/dri/card0
volumes:
- ${FOLDER_FOR_MEDIA:?err}/media:/data/media
- ${FOLDER_FOR_DATA:?err}/jellyfin:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
# - JELLYFIN_PublishedServerUrl=${LOCAL_DOCKER_IP:?err} # Enable for DLNA - Only works on HOST Network Mode
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_JELLYFIN:?err}:8096 # Configured in Gluetun VPN container
# - 7359:7359/udp # Enable for DLNA - Only works on HOST Network Mode
# - 1900:1900/udp # Enable for DLNA - Only works on HOST Network Mode
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.jellyfin.service=jellyfin
- traefik.http.routers.jellyfin.rule=Host(`jellyfin.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.jellyfin.entrypoints=secureweb
- traefik.http.routers.jellyfin.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.jellyfin.loadbalancer.server.scheme=http
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Jellyseerr (fallenbagel)
## Function: Media Request Manager
##
## Documentation: https://hub.docker.com/r/fallenbagel/jellyseerr
##
###########################################################################
###########################################################################
jellyseerr:
image: fallenbagel/jellyseerr:latest
container_name: jellyseerr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_DATA:?err}/jellyseerr:/app/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_JELLYSEERR:?err}:5055 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.jellyseerr.service=jellyseerr
- traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.jellyseerr.entrypoints=secureweb
- traefik.http.routers.jellyseerr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.jellyseerr.loadbalancer.server.scheme=http
- traefik.http.services.jellyseerr.loadbalancer.server.port=5055
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Lidarr (LinuxServer.io)
## Function: Music Library Manager
##
## Documentation: https://docs.linuxserver.io/images/docker-lidarr
##
###########################################################################
###########################################################################
lidarr:
image: lscr.io/linuxserver/lidarr:latest
container_name: lidarr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/lidarr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lidarr
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_LIDARR:?err}:8686 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.lidarr.service=lidarr
- traefik.http.routers.lidarr.rule=Host(`lidarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.lidarr.entrypoints=secureweb
- traefik.http.routers.lidarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.lidarr.loadbalancer.server.scheme=http
- traefik.http.services.lidarr.loadbalancer.server.port=8686
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Mylar3 (LinuxServer.io)
## Function: Comic Library Manager
##
## Documentation: https://github.com/mylar3/mylar3/wiki
##
###########################################################################
###########################################################################
mylar:
image: lscr.io/linuxserver/mylar3:latest
container_name: mylar
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/mylar:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:mylar3
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_MYLAR:?err}:8090 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.mylar.service=mylar
- traefik.http.routers.mylar.rule=Host(`mylar.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.mylar.entrypoints=secureweb
- traefik.http.routers.mylar.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.mylar.loadbalancer.server.scheme=http
- traefik.http.services.mylar.loadbalancer.server.port=8090
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Plex (LinuxServer.io)
## Function: Media Server
##
## Documentation: https://hub.docker.com/r/linuxserver/plex
##
###########################################################################
###########################################################################
plex:
image: lscr.io/linuxserver/plex:latest
container_name: plex
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
# Add Configurations for GPU Hardware Rendering Here:
# devices:
# - /dev/dri/renderD128:/dev/dri/renderD128
# - /dev/dri/card0:/dev/dri/card0
network_mode: "service:gluetun"
# Ports are disabled in containers when they are connected to VPN, as the
# Gluetun container manages the ports for containers that connect via VPN
# ports:
# - ${WEBUI_PORT_PLEX:?err}:32400 # Configured in Gluetun VPN container
# - 1900:1900/udp
# - 5353:5353/udp
# - 8324:8324
# - 32410:32410/udp
# - 32412:32412/udp
# - 32413:32413/udp
# - 32414:32414/udp
# - 32469:32469
volumes:
- ${FOLDER_FOR_MEDIA:?err}/media:/data/media
- ${FOLDER_FOR_DATA:?err}/plex:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- VERSION=docker
- PLEX_CLAIM=${PLEX_CLAIM}
- ADVERTISE_IP=https://plex.${CLOUDFLARE_DNS_ZONE:?err}:443/
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.plex.service=plex
- traefik.http.routers.plex.rule=Host(`plex.${CLOUDFLARE_DNS_ZONE:?err}`) && PathPrefix(`/web/`)
- traefik.http.routers.plex.entrypoints=secureweb
- traefik.http.routers.plex.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.plex.loadbalancer.server.scheme=http
- traefik.http.services.plex.loadbalancer.server.port=32400
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Portainer (Portainer.io)
## Function: Alternate GUI Manager for Docker
##
## Documentation: https://docs.portainer.io/start/install/server/docker
##
###########################################################################
###########################################################################
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${FOLDER_FOR_DATA:?err}/portainer:/data
ports:
- ${WEBUI_PORT_PORTAINER:?err}:9000
# NOTE: Portainer MUST NOT connect to the Gluetun VPN container
networks:
- mediastack
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.portainer.service=portainer
- traefik.http.routers.portainer.rule=Host(`portainer.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.portainer.entrypoints=secureweb
- traefik.http.routers.portainer.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.portainer.loadbalancer.server.scheme=http
- traefik.http.services.portainer.loadbalancer.server.port=9000
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Prowlarr (LinuxServer.io)
## Function: Indexer and Search Manager
##
## Documentation: https://docs.linuxserver.io/images/docker-prowlarr
##
###########################################################################
###########################################################################
prowlarr:
image: lscr.io/linuxserver/prowlarr:develop
container_name: prowlarr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_DATA:?err}/prowlarr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:prowlarr
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_PROWLARR:?err}:9696 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.prowlarr.service=prowlarr
- traefik.http.routers.prowlarr.rule=Host(`prowlarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.prowlarr.entrypoints=secureweb
- traefik.http.routers.prowlarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.prowlarr.loadbalancer.server.scheme=http
- traefik.http.services.prowlarr.loadbalancer.server.port=9696
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: qBittorrent (LinuxServer.io)
## Function: Torrent Download Client
##
## Documentation: https://docs.linuxserver.io/images/docker-qbittorrent
##
###########################################################################
###########################################################################
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/qbittorrent:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- WEBUI_PORT=${WEBUI_PORT_QBITTORRENT:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:qbittorrent
- TP_THEME=${TP_THEME:?err}
## Do Not Change Network for qBittorrent
## qBittorrent MUST always use a VPN / Secure Internet connection
network_mode: "service:gluetun"
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.qbittorrent.service=qbittorrent
- traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.qbittorrent.entrypoints=secureweb
- traefik.http.routers.qbittorrent.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.qbittorrent.loadbalancer.server.scheme=http
- traefik.http.services.qbittorrent.loadbalancer.server.port=${WEBUI_PORT_QBITTORRENT:?err}
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Radarr (LinuxServer.io)
## Function: Movie Library Manager
##
## Documentation: https://docs.linuxserver.io/images/docker-radarr
##
###########################################################################
###########################################################################
radarr:
image: lscr.io/linuxserver/radarr:latest
container_name: radarr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/radarr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:radarr
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_RADARR:?err}:7878 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.radarr.service=radarr
- traefik.http.routers.radarr.rule=Host(`radarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.radarr.entrypoints=secureweb
- traefik.http.routers.radarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.radarr.loadbalancer.server.scheme=http
- traefik.http.services.radarr.loadbalancer.server.port=7878
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Readarr (LinuxServer.io)
## Function: Book Library Manager
##
## Documentation: https://docs.linuxserver.io/images/docker-readarr
##
###########################################################################
###########################################################################
readarr:
image: lscr.io/linuxserver/readarr:develop
container_name: readarr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/readarr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:readarr
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_READARR:?err}:8787 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.readarr.service=readarr
- traefik.http.routers.readarr.rule=Host(`readarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.readarr.entrypoints=secureweb
- traefik.http.routers.readarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.readarr.loadbalancer.server.scheme=http
- traefik.http.services.readarr.loadbalancer.server.port=8787
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: SABnzbd (LinuxServer.io)
## Function: Usenet Download Client
##
## Documentation: https://docs.linuxserver.io/images/docker-sabnzbd
##
###########################################################################
###########################################################################
sabnzbd:
image: lscr.io/linuxserver/sabnzbd:latest
container_name: sabnzbd
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/sabnzbd:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_SABNZBD:?err}:8080 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.sabnzbd.service=sabnzbd
- traefik.http.routers.sabnzbd.rule=Host(`sabnzbd.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.sabnzbd.entrypoints=secureweb
- traefik.http.routers.sabnzbd.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.sabnzbd.loadbalancer.server.scheme=http
- traefik.http.services.sabnzbd.loadbalancer.server.port=8080
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Sonarr (LinuxServer.io)
## Function: Series Library Manager (TV Shows)
##
## Documentation: https://docs.linuxserver.io/images/docker-sonarr
##
###########################################################################
###########################################################################
sonarr:
image: lscr.io/linuxserver/sonarr:latest
container_name: sonarr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/sonarr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- TZ=${TIMEZONE:?err}
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sonarr
- TP_THEME=${TP_THEME:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_SONARR:?err}:8989 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.sonarr.service=sonarr
- traefik.http.routers.sonarr.rule=Host(`sonarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.sonarr.entrypoints=secureweb
- traefik.http.routers.sonarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.sonarr.loadbalancer.server.scheme=http
- traefik.http.services.sonarr.loadbalancer.server.port=8989
# MIDDLEWARES
###########################################################################
###########################################################################
##
## Docker Compose File: Tdarr V2 (haveagitgat/tdarr)
## Function: Tdarr V2 - Audio/Video library transcoding automation
## (Contains Tdarr_Server and WebUI )
##
## Documentation: https://docs.tdarr.io/docs/installation/docker/run-compose/
## https://docs.tdarr.io/docs/installation/docker/hardware-transcoding
##
###########################################################################
###########################################################################
tdarr:
image: ghcr.io/haveagitgat/tdarr:latest
container_name: tdarr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}/media:/data
- ${FOLDER_FOR_DATA:?err}/tdarr/server:/app/server
- ${FOLDER_FOR_DATA:?err}/tdarr/configs:/app/configs
- ${FOLDER_FOR_DATA:?err}/tdarr/logs:/app/logs
- ${FOLDER_FOR_DATA:?err}/tdarr-node:/temp
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- serverIP=0.0.0.0
- serverPort=${TDARR_SERVER_PORT:?err}
- webUIPort=${WEBUI_PORT_TDARR:?err}
- internalNode=true
- nodeID=Tdarr_Server
network_mode: "service:gluetun"
# ports:
# - ${TDARR_SERVER_PORT:?err}:${TDARR_SERVER_PORT:?err} # Configured in Gluetun VPN container
# - ${WEBUI_PORT_TDARR:?err}:${WEBUI_PORT_TDARR:?err} # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.tdarr.service=tdarr
- traefik.http.routers.tdarr.rule=Host(`tdarr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.tdarr.entrypoints=secureweb
- traefik.http.routers.tdarr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.tdarr.loadbalancer.server.scheme=http
- traefik.http.services.tdarr.loadbalancer.server.port=${WEBUI_PORT_TDARR:?err}
# MIDDLEWARES
tdarr-node:
image: ghcr.io/haveagitgat/tdarr_node:latest
container_name: tdarr-node
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}/media:/data
- ${FOLDER_FOR_DATA:?err}/tdarr/configs:/app/configs
- ${FOLDER_FOR_DATA:?err}/tdarr/logs:/app/logs
- ${FOLDER_FOR_DATA:?err}/tdarr-node:/temp
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
- nodeID=Tdarr_Node_1
- serverIP=0.0.0.0
- serverPort=${TDARR_SERVER_PORT:?err}
network_mode: "service:gluetun"
###########################################################################
###########################################################################
##
## Docker Compose File: Unpackerr (Hotio.Dev)
## Function: Archive Media Extraction
##
## Documentation: https://github.com/davidnewhall/unpackerr
## https://github.com/davidnewhall/unpackerr/blob/master/examples/docker-compose.yml
##
###########################################################################
###########################################################################
unpackerr:
image: golift/unpackerr
container_name: unpackerr
restart: unless-stopped
user: ${PUID:?err}:${PGID:?err}
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/unpackerr:/config
- ${FOLDER_FOR_DATA:?err}/logs/unpackerr:/var/log
networks:
- mediastack
ports:
- ${METRICS_PORT_UNPACKERR:?err}:5656
environment:
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
# Remove all lines that begin with UN_CMDHOOK, UN_WEBHOOK, UN_FOLDER, UN_WEBSERVER, and other apps you do not use.
## Global Settings
- UN_DEBUG=false
- UN_QUIET=false
- UN_ERROR_STDERR=false
- UN_ACTIVITY=false
- UN_LOG_QUEUES=1m
- UN_LOG_FILE=/var/log/unpackerr.log
- UN_LOG_FILES=10
- UN_LOG_FILE_MB=10
- UN_LOG_FILE_MODE=0644
- UN_INTERVAL=2m
- UN_START_DELAY=1m
- UN_RETRY_DELAY=5m
- UN_MAX_RETRIES=3
- UN_PARALLEL=1
- UN_FILE_MODE=0644
- UN_DIR_MODE=2755
## Web Server
- UN_WEBSERVER_METRICS=true
- UN_WEBSERVER_LISTEN_ADDR=0.0.0.0:5656
- UN_WEBSERVER_LOG_FILE=/var/log/server.log
- UN_WEBSERVER_LOG_FILES=10
- UN_WEBSERVER_LOG_FILE_MB=10
- UN_WEBSERVER_SSL_CERT_FILE=
- UN_WEBSERVER_SSL_KEY_FILE=
- UN_WEBSERVER_URLBASE=/
- UN_WEBSERVER_UPSTREAMS=
## Folder Settings
- UN_FOLDERS_INTERVAL=1s
- UN_FOLDERS_BUFFER=20000
## Mylar Settings
## Mylar Config - Copy API Key from: http://mylar:8090/general/settings
- UN_MYLAR_0_URL=http://mylar:8090
- UN_MYLAR_0_API_KEY=0123456789abcdef0123456789abcdef
- UN_MYLAR_0_PATHS_0=/data/torrents/comics
- UN_MYLAR_0_PROTOCOLS=torrent
- UN_MYLAR_0_TIMEOUT=10s
- UN_MYLAR_0_DELETE_DELAY=5m
- UN_MYLAR_0_DELETE_ORIG=false
- UN_MYLAR_0_SYNCTHING=false
## Sonarr Settings
## Sonarr Config - Copy API Key from: http://sonarr:8989/general/settings
- UN_SONARR_0_URL=http://sonarr:8989
- UN_SONARR_0_API_KEY=0123456789abcdef0123456789abcdef
- UN_SONARR_0_PATHS_0=/data/torrents/anime
- UN_SONARR_0_PATHS_1=/data/torrents/tv
- UN_SONARR_0_PROTOCOLS=torrent
- UN_SONARR_0_TIMEOUT=10s
- UN_SONARR_0_DELETE_DELAY=5m
- UN_SONARR_0_DELETE_ORIG=false
- UN_SONARR_0_SYNCTHING=false
## Radarr Settings
## Radarr Config - Copy API Key from: http://radarr:7878/general/settings
- UN_RADARR_0_URL=http://radarr:7878
- UN_RADARR_0_API_KEY=0123456789abcdef0123456789abcdef
- UN_RADARR_0_PATHS_0=/data/torrents/movies
- UN_RADARR_0_PROTOCOLS=torrent
- UN_RADARR_0_TIMEOUT=10s
- UN_RADARR_0_DELETE_DELAY=5m
- UN_RADARR_0_DELETE_ORIG=false
- UN_RADARR_0_SYNCTHING=false
## Lidarr Settings
## Lidarr Config - Copy API Key from: http://lidarr:8686/general/settings
- UN_LIDARR_0_URL=http://lidarr:8686
- UN_LIDARR_0_API_KEY=0123456789abcdef0123456789abcdef
- UN_LIDARR_0_PATHS_0=/data/torrents/music
- UN_LIDARR_0_PROTOCOLS=torrent
- UN_LIDARR_0_TIMEOUT=10s
- UN_LIDARR_0_DELETE_DELAY=5m
- UN_LIDARR_0_DELETE_ORIG=false
- UN_LIDARR_0_SYNCTHING=false
## Readarr Settings
## Readarr Config - Copy API Key from: http://readarr:8787/general/settings
- UN_READARR_0_URL=http://readarr:8787
- UN_READARR_0_API_KEY=0123456789abcdef0123456789abcdef
- UN_READARR_0_PATHS_0=/data/torrents/books
- UN_READARR_0_PROTOCOLS=torrent
- UN_READARR_0_TIMEOUT=10s
- UN_READARR_0_DELETE_DELAY=5m
- UN_READARR_0_DELETE_ORIG=false
- UN_READARR_0_SYNCTHING=false
## Whisparr Settings
## Whisparr Config - Copy API Key from: http://readarr:6969/general/settings
- UN_WHISPARR_0_URL=http://whisparr:6969
- UN_WHISPARR_0_API_KEY=0123456789abcdef0123456789abcdef
- UN_WHISPARR_0_PATHS_0=/data/torrents/xxx
- UN_WHISPARR_0_PROTOCOLS=torrent
- UN_WHISPARR_0_TIMEOUT=10s
- UN_WHISPARR_0_DELETE_DELAY=5m
- UN_WHISPARR_0_DELETE_ORIG=false
- UN_WHISPARR_0_SYNCTHING=false
## Watch Folders
- UN_FOLDER_0_PATH=/data/torrents/complete
- UN_FOLDER_0_EXTRACT_PATH=
- UN_FOLDER_0_DELETE_AFTER=10m
- UN_FOLDER_0_DISABLE_RECURSION=false
- UN_FOLDER_0_DELETE_FILES=false
- UN_FOLDER_0_DELETE_ORIGINAL=false
- UN_FOLDER_0_DISABLE_LOG=false
- UN_FOLDER_0_MOVE_BACK=false
- UN_FOLDER_0_EXTRACT_ISOS=false
## Web Hooks
- UN_WEBHOOK_0_URL=https://notifiarr.com/api/v1/notification/unpackerr/api_key_from_notifiarr_com
- UN_WEBHOOK_0_NAME=
- UN_WEBHOOK_0_SILENT=false
- UN_WEBHOOK_0_EVENTS_0=1
- UN_WEBHOOK_0_EVENTS_1=4
- UN_WEBHOOK_0_EVENTS_2=6
- UN_WEBHOOK_0_NICKNAME=Unpackerr
- UN_WEBHOOK_0_CHANNEL=
- UN_WEBHOOK_0_EXCLUDE_0=readarr
- UN_WEBHOOK_0_EXCLUDE_1=lidarr
- UN_WEBHOOK_0_TEMPLATE_PATH=
- UN_WEBHOOK_0_TEMPLATE=
- UN_WEBHOOK_0_IGNORE_SSL=false
- UN_WEBHOOK_0_TIMEOUT=10s
- UN_WEBHOOK_0_CONTENT_TYPE=application/json
## Command Hooks
- UN_CMDHOOK_0_COMMAND=/data/torrents/unpackerr.sh
- UN_CMDHOOK_0_NAME=
- UN_CMDHOOK_0_SHELL=false
- UN_CMDHOOK_0_SILENT=false
- UN_CMDHOOK_0_EVENTS_0=1
- UN_CMDHOOK_0_EVENTS_1=4
- UN_CMDHOOK_0_EVENTS_2=7
- UN_CMDHOOK_0_EXCLUDE_0=readarr
- UN_CMDHOOK_0_EXCLUDE_1=lidarr
- UN_CMDHOOK_0_TIMEOUT=10s
###########################################################################
###########################################################################
##
## Docker Compose File: Whisparr (Hotio.Dev)
## Function: Adult Media Library Manager
##
## Documentation: https://wiki.servarr.com/whisparr
##
###########################################################################
###########################################################################
whisparr:
image: hotio/whisparr:nightly
container_name: whisparr
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
restart: true
volumes:
- ${FOLDER_FOR_MEDIA:?err}:/data
- ${FOLDER_FOR_DATA:?err}/whisparr:/config
environment:
- PUID=${PUID:?err}
- PGID=${PGID:?err}
- UMASK=${UMASK:?err}
- TZ=${TIMEZONE:?err}
network_mode: "service:gluetun"
# ports:
# - ${WEBUI_PORT_WHISPARR:?err}:6969 # Configured in Gluetun VPN container
labels:
- traefik.enable=true
# ROUTERS
- traefik.http.routers.whisparr.service=whisparr
- traefik.http.routers.whisparr.rule=Host(`whisparr.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.whisparr.entrypoints=secureweb
- traefik.http.routers.whisparr.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
# SERVICES
- traefik.http.services.whisparr.loadbalancer.server.scheme=http
- traefik.http.services.whisparr.loadbalancer.server.port=6969
# MIDDLEWARES
Reference in New Issue View Git Blame Copy Permalink