mariadb: add MARIADB_AUTO_UPGRADE

Based on https://miniflux.app/docs/upgrade.html#docker

.env

@@ -0,0 +1,116 @@
+REGISTRY_URL=registry.kucharczyk.xyz
+DOMAIN=kucharczyk.xyz
+TS_DOMAIN=jacob-shark.ts.net
+TS_DOMAIN_NAS=nas.${TS_DOMAIN}
+TZ=Europe/Prague
+STORAGE_PATH=/srv/mergerfs/storage
+MEDIA_PATH=${STORAGE_PATH}/media
+COMIC_PATH=${MEDIA_PATH}/comics
+ANIME_PATH=${STORAGE_PATH}/media/anime
+TV_PATH=${STORAGE_PATH}/media/tv
+MOVIE_PATH=${STORAGE_PATH}/media/movies
+MUSIC_PATH=${STORAGE_PATH}/media/music2
+DOWNLOADS_PATH=${STORAGE_PATH}/download
+NZB_DOWNLOADS_PATH=${DOWNLOADS_PATH}/sabnzbd
+TORRENTS_SEED_PATH=${STORAGE_PATH}/seed
+DOCKER_STORAGE_PATH=/docker
+DOCKER_STORAGE_PATH_SLOW=${STORAGE_PATH}/docker-storage
+PHOTOS_STORAGE_PATH=/srv/dev-disk-by-uuid-2d34f1a9-4284-4cad-ae9a-f1ef36244201/photos
+EMAIL_ADMIN=lukas@kucharczyk.xyz
+EMAIL_FROM=kucharczyk.lukas@gmail.com
+EMAIL_HOST=smtp.gmail.com
+EMAIL_PASSWORD=sebrubdsgkuptcjr
+EMAIL_PORT=587
+POSTGRES_HOST=postgres
+POSTGRES_USER=lukas
+POSTGRES_PASSWORD=kralovna
+POSTGRES_PORT=5432
+MYSQL_HOST=mariadb
+MYSQL_USER=lukas
+MYSQL_PASSWORD=kralovna
+MYSQL_ROOT_PASSWORD=kralovna
+MYSQL_PORT=3306
+PUID=1000
+PGID=100
+KAVITA_INTERNAL_PORT=5000
+KAVITA_EXTERNAL_PORT=5100
+VALHEIM_INTERNAL_PORT=2456-2457/udp
+VALHEIM_EXTERNAL_PORT=2456-2457
+NTFY_EXTERNAL_PORT=8100
+NTFY_INTERNAL_PORT=80
+WEBHOOK_EXTERNAL_PORT=9200
+WEBHOOK_INTERNAL_PORT=9000
+CHANGEDETECTION_EXTERNAL_PORT=5200
+CHANGEDETECTION_INTERNAL_PORT=5000
+AUDIOBOOKSHELF_INTERNAL_PORT=80
+AUDIOBOOKSHELF_EXTERNAL_PORT=13378
+TIMETRACKER_EXTERNAL_PORT=8003
+TIMETRACKER_INTERNAL_PORT=8000
+TRILIUM_EXTERNAL_PORT=8080
+TRILIUM_INTERNAL_PORT=8080
+NETBOOTXYZ_INTERNAL_PORT=3001
+GITEA_INTERNAL_PORT=3002
+LOGSEQ_INTERNAL_PORT=80
+LOGSEQ_EXTERNAL_PORT=3005
+DENDRON_NOTES_EXTERNAL_PORT=2020
+DENDRON_NOTES_INTERNAL_PORT=2020
+DOKKU_EXTERNAL_PORT_1=3022
+DOKKU_INTERNAL_PORT_1=22
+DOKKU_EXTERNAL_PORT_2=8081
+DOKKU_INTERNAL_PORT_2=80
+DOKKU_EXTERNAL_PORT_3=8443
+DOKKU_INTERNAL_PORT_3=443
+LOKI_EXTERNAL_PORT=3200
+LOKI_INTERNAL_PORT=3100
+GRAFANA_EXTERNAL_PORT=3600
+GRAFANA_INTERNAL_PORT=3000
+STASH_EXTERNAL_PORT=9998
+STASH_INTERNAL_PORT=9999
+NAVIDROME_EXTERNAL_PORT=4533
+NAVIDROME_INTERNAL_PORT=4533
+MALOJA_EXTERNAL_PORT=42010
+MALOJA_INTERNAL_PORT=42010
+PAPERLESS_EXTERNAL_PORT=8004
+PAPERLESS_INTERNAL_PORT=8000
+HOMER_EXTERNAL_PORT=7080
+HOMER_INTERNAL_PORT=8080
+SYNCTHING_EXTERNAL_PORT1=8384
+SYNCTHING_INTERNAL_PORT1=8384
+SYNCTHING_EXTERNAL_PORT2=22000
+SYNCTHING_INTERNAL_PORT2=22000/tcp
+SYNCTHING_EXTERNAL_PORT3=22000
+SYNCTHING_INTERNAL_PORT3=22000/udp
+SYNCTHING_EXTERNAL_PORT4=21027
+SYNCTHING_INTERNAL_PORT4=21027/udp
+SEARXNG_EXTERNAL_PORT=8082
+SEARXNG_INTERNAL_PORT=8080
+MEDIAWIKI_EXTERNAL_PORT=8083
+MEDIAWIKI_INTERNAL_PORT=80
+MARIADB_INTERNAL_PORT=3307
+MARIADB_EXTERNAL_PORT=3307
+PHOTOPRISM_EXTERNAL_PORT=2342
+PHOTOPRISM_INTERNAL_PORT=2342
+SONARR_TV_STANDARD_EXTERNAL_PORT=8989
+SONARR_ANIME_EXTERNAL_PORT=8988
+SONARR_INTERNAL_PORT=8989
+BASEROW_INTERNAL_PORT=80
+GITEA_WEBUI_EXTERNAL_PORT=3002
+GITEA_WEBUI_INTERNAL_PORT=3000
+GITEA_SSH_EXTERNAL_PORT=2022
+GITEA_SSH_INTERNAL_PORT=22
+LINKACE_EXTERNAL_PORT=8084
+LINKACE_INTERNAL_PORT=80
+LINKACE_DB=linkace
+LINKACE_DB_USERNAME=linkace
+LINKACE_DB_PASSWORD=zghhRS&FdK6niiJg5Q5Nr3E4
+VAULTWARDEN_EXTERNAL_PORT=8666
+VAULTWARDEN_INTERNAL_PORT=80
+BAZARR_EXTERNAL_PORT=6767
+BAZARR_INTERNAL_PORT=6767
+GLUETUN_JAPAN_INTERNAL_PORT=8888
+GLUETUN_JAPAN_EXTERNAL_PORT=8888
+HANDBRAKER_SERVER_INTERNAL_PORT=9999
+HANDBRAKER_SERVER_EXTERNAL_PORT=9997
+REDLIB_EXTERNAL_PORT=8088
+SABNZBD_EXTERNAL_PORT=8081
+SABNZBD_INTERNAL_PORT=8080

.gitattributes

@@ -0,0 +1,2 @@
+secrets/** filter=git-crypt diff=git-crypt
+.gitattributes !filter !diff

.gitignore

@@ -0,0 +1 @@
+git-crypt-key

authentik.env

@@ -0,0 +1,16 @@
+AUTHENTIK_AUTHENTIK__GEOIP=/geoip/GeoLite2-City.mmdb
+AUTHENTIK_EMAIL__FROM=${EMAIL_FROM}
+AUTHENTIK_EMAIL__HOST=${EMAIL_HOST}
+AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD}
+AUTHENTIK_EMAIL__PORT=${EMAIL_PORT}
+AUTHENTIK_EMAIL__TIMEOUT=10
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__USE_TLS=true
+AUTHENTIK_EMAIL__USERNAME=${EMAIL_FROM}
+AUTHENTIK_ERROR_REPORTING__ENABLED=true
+AUTHENTIK_PORT_HTTP=9200
+AUTHENTIK_PORT_HTTPS=7443
+AUTHENTIK_SECRET_KEY=tcVoaScDoqaIyAZDnAq3MYsHIBnzVYPbXzFVsOfWReoqatgsU7
+GEOIPUPDATE_ACCOUNT_ID=732732
+GEOIPUPDATE_LICENSE_KEY=3NGI4ijkeEfCsjyq
+PG_PASS=29PnrjM386yP3w

authentik.yml

@@ -0,0 +1,106 @@
+---
+version: '3.4'
+
+services:
+  # postgresql:
+  #   image: postgres:12-alpine
+  #   restart: unless-stopped
+  #   healthcheck:
+  #     test: ["CMD", "pg_isready"]
+  #     start_period: 20s
+  #     interval: 30s
+  #     retries: 5
+  #     timeout: 5s
+  #   volumes:
+  #     - database:/var/lib/postgresql/data
+  #   environment:
+  #     - POSTGRES_PASSWORD=${PG_PASS:?database password required}
+  #     - POSTGRES_USER=${PG_USER:-authentik}
+  #     - POSTGRES_DB=${PG_DB:-authentik}
+  #   env_file:
+  #     - .env
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    networks:
+      - internal
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgres}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
+      # WORKERS: 2
+    volumes:
+      - ./media:${DOCKER_STORAGE_PATH}/authentik/media
+      - ./custom-templates:${DOCKER_STORAGE_PATH}/authentik/templates
+      - geoip:/geoip
+    env_file:
+      - shared.env
+      - authentik.env
+    ports:
+      - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
+      - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
+    networks:
+      - internal
+      - postgres
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgres}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
+    # This is optional, and can be removed. If you remove this, the following will happen
+    # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
+    # - The docker socket can't be accessed anymore
+    user: root
+    volumes:
+      - ./media:${DOCKER_STORAGE_PATH}/authentik/media
+      - ./certs:${DOCKER_STORAGE_PATH}/authentik/certs
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./custom-templates:${DOCKER_STORAGE_PATH}/authentik/templates
+      - geoip:/geoip
+    env_file:
+      - .env
+    networks:
+      - internal
+      - postgres
+  geoipupdate:
+    image: "maxmindinc/geoipupdate:latest"
+    volumes:
+      - "geoip:/usr/share/GeoIP"
+    environment:
+      GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
+      GEOIPUPDATE_FREQUENCY: "8"
+    env_file:
+      - .env
+    networks:
+      - internal
+
+volumes:
+  database:
+    driver: local
+  geoip:
+    driver: local
+
+networks:
+  internal:
+    external: true 
+  postgres:
+    external: true

baserow.env

@@ -0,0 +1,12 @@
+BASEROW_PUBLIC_URL=https://baserow.${DOMAIN}
+DATABASE_HOST=${POSTGRES_HOST}
+DATABASE_NAME=baserow
+DATABASE_USER=baserow
+DATABASE_PASSWORD=S@8rBtSApf@YpNLXS!2hr2F$
+EMAIL_SMTP=1
+EMAIL_SMTP_HOST=${EMAIL_HOST}
+EMAIL_SMTP_PASSWORD=${EMAIL_PASSWORD}
+EMAIL_SMTP_PORT=${EMAIL_PORT}
+EMAIL_SMTP_USE_TLS=1
+EMAIL_SMTP_USER=${EMAIL_FROM}
+FROM_EMAIL=${EMAIL_FROM}

docker-compose.yml

@@ -1,105 +1,631 @@
 ---
-version: '3.4'
+configs:
+  caddyfile:
+    content: |
+      notes-old.kucharczyk.xyz {
+        handle {
+          root * /srv/notes
+          file_server
+        }
+      }
+
+include:
+  - services/bazarr.yml
+  - services/jellyfin.yml
+  - services/komga.yml
+  - services/radarr.yml
+  - services/miniflux.yml
+  - services/jelu.yml
+  - services/sonarr.yml
+  - services/postgres.yml
+  - services/nextcloud.yml
+  - services/sabnzbd.yml
+  - services/openldap.yml
+  - services/prowlarr.yml
+  - services/netbootxyz.yml
+  - services/registry.yml
+  - services/portainer.yml
+  - services/drone/drone.yml
+  - services/enshrouded.yml
+  - services/7dtdserver.yml
+  - services/gluetun.yml
+  - services/handbrake-server.yml
+  - services/redlib.yml
+  - services/calibre-web.yml
+  - services/kavita.yml
 
 services:
-  # postgresql:
-  #   image: postgres:12-alpine
-  #   restart: unless-stopped
-  #   healthcheck:
-  #     test: ["CMD", "pg_isready"]
-  #     start_period: 20s
-  #     interval: 30s
-  #     retries: 5
-  #     timeout: 5s
-  #   volumes:
-  #     - database:/var/lib/postgresql/data
-  #   environment:
-  #     - POSTGRES_PASSWORD=${PG_PASS:?database password required}
-  #     - POSTGRES_USER=${PG_USER:-authentik}
-  #     - POSTGRES_DB=${PG_DB:-authentik}
-  #   env_file:
-  #     - .env
-  redis:
-    image: redis:alpine
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    networks:
-      - internal
-  server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
-    restart: unless-stopped
-    command: server
-    environment:
-      AUTHENTIK_REDIS__HOST: redis
-      AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgres}
-      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
-      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
-      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
-      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
-      # WORKERS: 2
-    volumes:
-      - ./media:${DOCKER_STORAGE_PATH}/authentik/media
-      - ./custom-templates:${DOCKER_STORAGE_PATH}/authentik/templates
-      - geoip:/geoip
-    env_file:
-      - .env
+  caddy:
+    image: lucaslorentz/caddy-docker-proxy:ci-alpine
+    container_name: caddy
     ports:
-      - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
-      - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
-    networks:
-      - internal
-      - postgres
-  worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
-    restart: unless-stopped
-    command: worker
+      - "${TIMETRACKER_EXTERNAL_PORT}:${TIMETRACKER_INTERNAL_PORT}"
+      - "${DENDRON_NOTES_EXTERNAL_PORT}:${DENDRON_NOTES_INTERNAL_PORT}"
+      - 80:80
+      - 443:443
     environment:
-      AUTHENTIK_REDIS__HOST: redis
-      AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgres}
-      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
-      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
-      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
-      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
-    # This is optional, and can be removed. If you remove this, the following will happen
-    # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
-    # - The docker socket can't be accessed anymore
-    user: root
+      - CADDY_INGRESS_NETWORKS=docker-compose-templates_public
+      - CADDY_DOCKER_CADDYFILE_PATH=/Caddyfile
+    configs:
+      - source: caddyfile
+        target: /Caddyfile
     volumes:
-      - ./media:${DOCKER_STORAGE_PATH}/authentik/media
-      - ./certs:${DOCKER_STORAGE_PATH}/authentik/certs
+      - "${DOCKER_STORAGE_PATH}/caddy/etc:/etc/caddy"
+      - "${DOCKER_STORAGE_PATH}/caddy/data:/data"
+      - "${DOCKER_STORAGE_PATH}/caddy/config:/config"
+      - "/var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock"
+      - "/www/notes:/srv/notes"
+      - "timetracker-static:/srv/timetracker"
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./custom-templates:${DOCKER_STORAGE_PATH}/authentik/templates
-      - geoip:/geoip
-    env_file:
-      - .env
     networks:
-      - internal
-      - postgres
-  geoipupdate:
-    image: "maxmindinc/geoipupdate:latest"
-    volumes:
-      - "geoip:/usr/share/GeoIP"
-    environment:
-      GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
-      GEOIPUPDATE_FREQUENCY: "8"
-    env_file:
-      - .env
-    networks:
-      - internal
+      public:
+        ipv4_address: 192.168.240.2
+    restart: unless-stopped
+    # cap_drop:
+    #   - ALL
+    # cap_add:
+    #   - NET_BIND_SERVICE
 
-volumes:
-  database:
-    driver: local
-  geoip:
-    driver: local
+  timetracker:
+    image: ${REGISTRY_URL}/timetracker
+    container_name: timetracker
+    environment:
+      - TZ=${TZ}
+      - "CSRF_TRUSTED_ORIGINS=https://tracker.kucharczyk.xyz"
+    user: ${PUID}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/timetracker/db.sqlite3:/home/timetracker/app/db.sqlite3"
+      - "${DOCKER_STORAGE_PATH}/timetracker/backups:/home/timetracker/app/games/fixtures/backups"
+      - "timetracker-static:/var/www/django/static"
+    depends_on:
+      - caddy
+    networks:
+      public:
+        ipv4_address: 192.168.240.3
+    labels:
+      caddy: tracker.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8001 }}"
+      caddy.handle_path: "/static/*"
+      caddy.handle_path.root: "* /srv/timetracker"
+      caddy.handle_path.file_server:
+      caddy.handle: /robots.txt
+      caddy.handle.root: "* /srv/timetracker"
+      caddy.handle.file_server:
+    restart: unless-stopped
+
+  trilium:
+    image: triliumnext/notes:v0.95.0
+    container_name: trilium
+    restart: always
+    environment:
+      - TRILIUM_DATA_DIR=/home/node/trilium-data
+    volumes:
+      - ${DOCKER_STORAGE_PATH}/trilium:/home/node/trilium-data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    labels:
+      caddy: trilium.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $TRILIUM_INTERNAL_PORT }}"
+    ports:
+      - "${TRILIUM_EXTERNAL_PORT}:${TRILIUM_INTERNAL_PORT}"
+    networks:
+      public:
+        ipv4_address: 192.168.240.4
+
+  ntfy:
+    image: binwiederhier/ntfy
+    container_name: ntfy
+    command:
+      - serve
+    user: ${PUID}:${PGID}
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/ntfy/cache:/var/cache/ntfy"
+      - "${DOCKER_STORAGE_PATH}/ntfy/config:/etc/ntfy"
+    ports:
+      - "${NTFY_EXTERNAL_PORT}:${NTFY_INTERNAL_PORT}"
+    networks:
+      public:
+        ipv4_address: 192.168.240.5
+    labels:
+      caddy: "notify.${DOMAIN}, http://notify.${DOMAIN}"
+      caddy.reverse_proxy: "{{ upstreams $NTFY_INTERNAL_PORT }}"
+      caddy.@httpget.protocol: http
+      caddy.@httpget.method: get
+      caddy.@httpget.path_regexp: "^/([-_a-z0-9]{0,64}$|docs/|static/)"
+      caddy.redir: "@httpget https://{host}{uri}"
+    restart: unless-stopped
+
+  audiobookshelf:
+    image: ghcr.io/advplyr/audiobookshelf:2.20.0
+    container_name: audiobookshelf
+    environment:
+      - AUDIOBOOKSHELF_UID=${PUID}
+      - AUDIOBOOKSHELF_GID=${PGID}
+      - TZ=${TZ}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/audiobookshelf/audiobooks:/audiobooks"
+      - "${DOCKER_STORAGE_PATH}/audiobookshelf/podcasts:/podcasts"
+      - "${DOCKER_STORAGE_PATH}/audiobookshelf/config:/config"
+      - "${DOCKER_STORAGE_PATH}/audiobookshelf/metadata:/metadata"
+    ports:
+      - "${AUDIOBOOKSHELF_EXTERNAL_PORT}:${AUDIOBOOKSHELF_INTERNAL_PORT}"
+    networks:
+      public:
+        ipv4_address: 192.168.240.6
+    restart: unless-stopped
+
+  beets:
+    image: lscr.io/linuxserver/beets:2.2.0
+    container_name: beets
+    user: 1000:100
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/beets:/config"
+      - "${STORAGE_PATH}/media/music2:/music"
+      - "${STORAGE_PATH}/download/music:/downloads"
+    ports:
+      - 8337:8337
+    networks:
+      public:
+        ipv4_address: 192.168.240.7
+    restart: unless-stopped
+
+  mealie:
+    container_name: mealie
+    image: hkotel/mealie:v1.9.0
+    environment:
+      PUID: ${PUID}
+      PGID: ${PGID}
+      TZ: ${TZ}
+    env_file:
+      - mealie.env
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/mealie/data/:/app/data"
+    networks:
+      public:
+        ipv4_address: 192.168.240.8
+    labels:
+      caddy: recipes.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 9000 }}"
+    restart: unless-stopped
+
+  rtorrent:
+    image: binhex/arch-rtorrentvpn
+    container_name: rtorrent
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/rtorrent/config:/config"
+      - "${DOCKER_STORAGE_PATH}/rtorrent/watch:/watch"
+      - ${STORAGE_PATH}/seed:/data
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+    env_file:
+      - rtorrent.env
+    ports:
+      - "9080:9080"
+      - "9443:9443"
+      - "8118:8118"
+      - "6881:6881"
+    networks:
+      public:
+        ipv4_address: 192.168.240.9
+    labels:
+      caddy: torrent.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 9080 }}"
+    restart: unless-stopped
+
+  webhook:
+    image: ${REGISTRY_URL}/webhook
+    container_name: webhook
+    build: https://git.kucharczyk.xyz/containers/webhook.git#main
+    user: ${PUID}:${PGID}
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/webhook/config:/config"
+      - "${DOCKER_STORAGE_PATH}/webhook/scripts:/var/webhook"
+    ports:
+      - "${WEBHOOK_EXTERNAL_PORT}:${WEBHOOK_INTERNAL_PORT}"
+    networks:
+      public:
+        ipv4_address: 192.168.240.10
+    restart: unless-stopped
+
+  valheim:
+    image: ghcr.io/lloesche/valheim-server
+    container_name: valheim
+    volumes:
+      - ${DOCKER_STORAGE_PATH}/valheim/config:/config
+      - ${DOCKER_STORAGE_PATH}/valheim/data:/opt/valheim
+    env_file:
+      - valheim.env
+    ports:
+      - ${VALHEIM_EXTERNAL_PORT}:${VALHEIM_INTERNAL_PORT}
+    cap_add:
+      - SYS_NICE
+    networks:
+      public:
+        ipv4_address: 192.168.240.11
+    restart: unless-stopped
+
+  stash:
+    image: stashapp/stash:v0.28.1
+    container_name: stash
+    ports:
+      - "${STASH_EXTERNAL_PORT}:${STASH_INTERNAL_PORT}"
+    ## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
+    # network_mode: host
+    logging:
+      driver: "json-file"
+      options:
+        max-file: "10"
+        max-size: "2m"
+    environment:
+      - STASH_STASH=/data/
+      - STASH_GENERATED=/generated/
+      - STASH_METADATA=/metadata/
+      - STASH_CACHE=/cache/
+      - STASH_PORT=${STASH_INTERNAL_PORT}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      ## Adjust below paths (the left part) to your liking.
+      ## E.g. you can change ./config:/root/.stash to ./stash:/root/.stash
+
+      ## Keep configs, scrapers, and plugins here.
+      - "${DOCKER_STORAGE_PATH}/stash/config:/root/.stash"
+      ## Point this at your collection.
+      - "${STORAGE_PATH}/xxx:/data/"
+      ## This is where your stash's metadata lives
+      - "${DOCKER_STORAGE_PATH}/stash/metadata:/metadata"
+      ## Any other cache content.
+      - "${DOCKER_STORAGE_PATH}/stash/cache:/cache"
+      ## Where to store generated content (screenshots,previews,transcodes,sprites)
+      - "${DOCKER_STORAGE_PATH}/stash/generated:/generated"
+      ## Where to store binary blob data (scene covers, images)
+      - "${DOCKER_STORAGE_PATH}/stash/blobs:/blobs"
+    networks:
+      public:
+        ipv4_address: 192.168.240.13
+    restart: unless-stopped
+
+  navidrome:
+    image: deluan/navidrome:0.55.2
+    container_name: navidrome
+    ports:
+      - "${NAVIDROME_EXTERNAL_PORT}:${NAVIDROME_INTERNAL_PORT}"
+    env_file:
+      - navidrome.env
+    user: "${PUID}:${PGID}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/navidrome:/data"
+      - "${STORAGE_PATH}/media/music2:/music"
+    networks:
+      public:
+        ipv4_address: 192.168.240.14
+    labels:
+      caddy: music.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $NAVIDROME_INTERNAL_PORT }}"
+    restart: unless-stopped
+
+  maloja:
+    image: krateng/maloja
+    container_name: maloja
+    ports:
+      - "${MALOJA_EXTERNAL_PORT}:${MALOJA_INTERNAL_PORT}"
+    env_file:
+      - maloja.env
+    user: "${PUID}:${PGID}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/maloja:/data"
+    networks:
+      public:
+        ipv4_address: 192.168.240.15
+    restart: unless-stopped
+
+  redis:
+    container_name: redis
+    image: docker.io/library/redis:7
+    networks:
+      public:
+        ipv4_address: 192.168.240.30
+    restart: unless-stopped
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/redis:/data"
+
+  paperless-ngx:
+    container_name: paperless-ngx
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.0.1
+    restart: unless-stopped
+    depends_on:
+      - redis
+      - gotenberg
+      - tika
+    ports:
+      - "${PAPERLESS_EXTERNAL_PORT}:${PAPERLESS_INTERNAL_PORT}"
+    networks:
+      public:
+        ipv4_address: 192.168.240.16
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "curl",
+          "-fs",
+          "-S",
+          "--max-time",
+          "2",
+          "http://localhost:8000"
+        ]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/paperless-ngx/data:/usr/src/paperless/data"
+      - "${DOCKER_STORAGE_PATH}/paperless-ngx/media:/usr/src/paperless/media"
+      - "${DOCKER_STORAGE_PATH}/paperless-ngx/export:/usr/src/paperless/export"
+      - "${DOCKER_STORAGE_PATH}/paperless-ngx/consume:/usr/src/paperless/consume"
+    env_file: paperless-ngx.env
+    environment:
+      PAPERLESS_REDIS: redis://redis:6379
+      PAPERLESS_TIKA_ENABLED: 1
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
+      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+      PAPERLESS_URL: "https://paperless.${DOMAIN}"
+
+  gotenberg:
+    image: docker.io/gotenberg/gotenberg:7.6
+    restart: unless-stopped
+    networks:
+      public:
+        ipv4_address: 192.168.240.17
+    # The gotenberg chromium route is used to convert .eml files. We do not
+    # want to allow external content like tracking pixels or even javascript.
+    command:
+      - "gotenberg"
+      - "--chromium-disable-javascript=true"
+      - "--chromium-allow-list=file:///tmp/.*"
+
+  tika:
+    image: ghcr.io/paperless-ngx/tika:latest
+    networks:
+      public:
+        ipv4_address: 192.168.240.18
+    restart: unless-stopped
+
+  homer:
+    image: b4bz/homer
+    container_name: homer
+    ports:
+      - "${HOMER_EXTERNAL_PORT}:${HOMER_INTERNAL_PORT}"
+    networks:
+      public:
+        ipv4_address: 192.168.240.19
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/homer:/www/assets"
+    environment:
+      UID: ${PUID}
+      GID: ${PGID}
+    restart: unless-stopped
+
+  syncthing:
+    image: lscr.io/linuxserver/syncthing:1.28.1
+    container_name: syncthing
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/syncthing:/config"
+      - "${DOCKER_STORAGE_PATH}/syncthing/shares:/shares"
+      - "${STORAGE_PATH}:/storage"
+    ports:
+      - "${SYNCTHING_EXTERNAL_PORT1}:${SYNCTHING_INTERNAL_PORT1}"
+      - "${SYNCTHING_EXTERNAL_PORT2}:${SYNCTHING_INTERNAL_PORT2}"
+      - "${SYNCTHING_EXTERNAL_PORT3}:${SYNCTHING_INTERNAL_PORT3}"
+      - "${SYNCTHING_EXTERNAL_PORT4}:${SYNCTHING_INTERNAL_PORT4}"
+    environment:
+      - "PUID=${PUID}"
+      - "PGID=${PGID}"
+    restart: unless-stopped
+    networks:
+      public:
+        ipv4_address: 192.168.240.20
+
+  mediawiki:
+    container_name: mediawiki
+    image: mediawiki
+    networks:
+      public:
+        ipv4_address: 192.168.240.21
+    labels:
+      caddy: wiki.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $MEDIAWIKI_INTERNAL_PORT }}"
+    depends_on:
+      - mariadb
+    ports:
+      - "${MEDIAWIKI_EXTERNAL_PORT}:${MEDIAWIKI_INTERNAL_PORT}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/mediawiki/images:/var/www/html/images"
+      - "${DOCKER_STORAGE_PATH}/mediawiki/extensions:/var/www/html/extensions"
+      - "${DOCKER_STORAGE_PATH}/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php"
+    restart: unless-stopped
+
+  photoprism:
+    container_name: photoprism
+    image: docker.io/photoprism/photoprism
+    networks:
+      public:
+        ipv4_address: 192.168.240.22
+    ports:
+      - "${PHOTOPRISM_EXTERNAL_PORT}:${PHOTOPRISM_INTERNAL_PORT}"
+    labels:
+      caddy: photos.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 2342 }}"
+    depends_on:
+      - mariadb
+    env_file:
+      - photoprism.env
+    volumes:
+      - "${PHOTOS_STORAGE_PATH}/import:/photoprism/import"
+      - "${PHOTOS_STORAGE_PATH}/originals:/photoprism/originals"
+      - "${PHOTOS_STORAGE_PATH}/storage:/photoprism/storage"
+    restart: unless-stopped
+
+  mariadb:
+    container_name: mariadb
+    image: linuxserver/mariadb
+    networks:
+      public:
+        ipv4_address: 192.168.240.23
+    ports:
+      - "${MARIADB_EXTERNAL_PORT}:${MARIADB_INTERNAL_PORT}"
+    environment:
+      - MARIADB_AUTO_UPGRADE=true
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/mariadb:/config"
+      - sockets:/run/mysqld/
+    restart: unless-stopped
+
+  baserow:
+    container_name: baserow
+    image: baserow/baserow:latest
+    networks:
+      public:
+        ipv4_address: 192.168.240.24
+    labels:
+      caddy: baserow.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
+    depends_on:
+      - postgres
+    env_file:
+      - baserow.env
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/baserow:/baserow/data"
+    restart: unless-stopped
+
+  gitea:
+    container_name: gitea
+    image: gitea/gitea:1.24.0
+    networks:
+      public:
+        ipv4_address: 192.168.240.26
+    depends_on:
+      - postgres
+    ports:
+      - "${GITEA_WEBUI_EXTERNAL_PORT}:${GITEA_WEBUI_INTERNAL_PORT}"
+      - "${GITEA_SSH_EXTERNAL_PORT}:${GITEA_SSH_INTERNAL_PORT}"
+    labels:
+      caddy: git.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $GITEA_WEBUI_INTERNAL_PORT }}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/gitea:/data"
+    restart: unless-stopped
+
+  gitearunner:
+    container_name: gitearunner
+    image: gitea/act_runner
+    depends_on:
+      - gitea
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/gitearunner/config:/config"
+      - "${DOCKER_STORAGE_PATH}/gitearunner/data:/data"
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      public:
+        ipv4_address: 192.168.240.27
+    environment:
+      - GITEA_INSTANCE_URL=https://git.${DOMAIN}
+      - CONFIG_FILE=/config/config.yaml
+      # When using Docker Secrets, it's also possible to use
+      # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
+      # The env var takes precedence
+      - GITEA_RUNNER_REGISTRATION_TOKEN=92U7bIiADtqkILwjjj9rffjz8vyNp0zo7uaOgrIG
+      - GITEA_RUNNER_LABELS="ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
+      - GITEA_RUNNER_NAME="NAS_CONTAINER"
+    restart: unless-stopped
+
+  linkace:
+    image: linkace/linkace:v1.15.4-simple
+    container_name: linkace
+    networks:
+      public:
+        ipv4_address: 192.168.240.28
+    labels:
+      caddy: bookmarks.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
+    depends_on:
+      - mariadb
+      - redis
+    environment:
+      # these env variables are instead of .env file
+      # see https://www.linkace.org/docs/v1/setup/setup-with-docker/advanced-configuration/#using-docker-environment-variables-instead-of-the-env-file
+      - APP_KEY=base64:X6XDR+dfqn5PM9QdmmxJoOECSsldWhkfnyi6yvohgNM=
+      - DB_HOST=${MYSQL_HOST}
+      - DB_DATABASE=${LINKACE_DB}
+      - DB_USERNAME=${LINKACE_DB_USERNAME}
+      - DB_PASSWORD=${LINKACE_DB_PASSWORD}
+      - REDIS_HOST=redis
+    ports:
+      - "${LINKACE_EXTERNAL_PORT}:${LINKACE_INTERNAL_PORT}"
+    volumes:
+      - ${DOCKER_STORAGE_PATH}/linkace/backups:/app/storage/app/backups
+      - ${DOCKER_STORAGE_PATH}/linkace/logs:/app/storage/logs
+    restart: unless-stopped
+
+  # ghost:
+  #   image: "ghost:latest"
+  #   container_name: ghost
+  #   environment:
+  #     - url=http://blog.kucharczyk.xyz
+  #   labels:
+  #     - "traefik.enable=true"
+  #     - "traefik.http.routers.ghost.rule=Host(`blog.kucharczyk.xyz`)"
+  #     - "traefik.http.routers.ghost.entrypoints=https"
+  #     - "traefik.http.routers.ghost.tls.certresolver=myresolver"
+  #   volumes:
+  #     - ${DOCKER_STORAGE_PATH}/ghost/content:/var/lib/ghost/content
+  #   networks:
+  #     - public
+
+  vaultwarden:
+    image: vaultwarden/server:1.32.1
+    container_name: vaultwarden
+    networks:
+      public:
+        ipv4_address: 192.168.240.29
+    ports:
+      - "${VAULTWARDEN_EXTERNAL_PORT}:${VAULTWARDEN_INTERNAL_PORT}"
+    labels:
+      caddy: bw.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
+    env_file:
+      - ./secrets/vaultwarden.env
+    environment:
+      - PUSH_ENABLED=true
+      # PUSH_INSTALLATION_ID=
+      # PUSH_INSTALLATION_KEY=
+      - PUSH_RELAY_URI=https://api.bitwarden.eu
+      - PUSH_IDENTITY_URI=https://identity.bitwarden.eu
+      - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$aWJ2cVRvYUsySkM3M01TMTJJMnZqbUF0Wm1qRWhvd1B6Sk50Q1hwck96dz0$$FKjZ36E54pX2e0AE9OaDpiH43TyAyfVwr3IvracbqEA
+      - SMTP_HOST=${EMAIL_HOST}
+      - SMTP_FROM=${EMAIL_FROM}
+      - SMTP_FROM_NAME="Bitwarden (bw.kucharczyk.xyz)"
+      - SMTP_PORT=${EMAIL_PORT}
+      - SMTP_USERNAME=${EMAIL_FROM}
+      - SMTP_PASSWORD=${EMAIL_PASSWORD}
+    volumes:
+      - ${DOCKER_STORAGE_PATH}/vaultwarden:/data
+    restart: unless-stopped
+       
 
 networks:
-  internal:
-    external: true 
-  postgres:
-    external: true
+  public:
+    attachable: true
+    ipam:
+      config:
+        # 192.168.240.1 - 192.168.240.254
+        - subnet: "192.168.240.0/24"
+
+volumes:
+  timetracker-static:
+  sockets:

maloja.env

@@ -0,0 +1,2 @@
+MALOJA_DATA_DIRECTORY=/data
+MALOJA_FORCE_PASSWORD=kralovna

mealie.env

@@ -0,0 +1,16 @@
+# Default Recipe Settings
+RECIPE_PUBLIC=true
+RECIPE_SHOW_NUTRITION=true
+RECIPE_SHOW_ASSETS=true
+RECIPE_LANDSCAPE_VIEW=true
+RECIPE_DISABLE_COMMENTS=false
+RECIPE_DISABLE_AMOUNT=false
+BASE_URL=https://recipes.${DOMAIN}
+SMTP_HOST=${EMAIL_HOST}
+SMTP_FROM_EMAIL=${EMAIL_FROM}
+SMTP_USER=${EMAIL_FROM}
+SMTP_PASSWORD=${EMAIL_PASSWORD}
+# Gunicorn
+# WEB_CONCURRENCY=2
+# WORKERS_PER_CORE=0.5
+# MAX_WORKERS=8

mediawiki.env

@@ -0,0 +1,3 @@
+MYSQL_DATABASE=mediawiki
+MYSQL_USER=mediawiki
+MYSQL_PASSWORD=41eebea0e3ef17dc68064e004e03dafeddd996bf513021b5cf7daf5a0c4d2b32

navidrome.env

@@ -0,0 +1,9 @@
+ND_LASTFM_APIKEY=29e22ee836a0cb51cfaacb72d605e30d
+ND_LASTFM_SECRET=10aa58294eeffa142685e78a0cd78ad6
+ND_SPOTIFY_ID=9d6a1b14a4134df5b4447fa46c4bf275
+ND_SPOTIFY_SECRET=27aed3e91dc34d7593d99ad4febea939
+ND_DEVACTIVITYPANEL=true
+ND_SEARCHFULLSTRING=true
+ND_ENABLESHARING=true
+ND_LOGLEVEL=error
+ND_PREFERSORTTAGS=true

paperless-ngx.env

@@ -0,0 +1,42 @@
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# Additional languages to install for text recognition, separated by a
+# whitespace. Note that this is
+# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
+# language used for OCR.
+# The container installs English, German, Italian, Spanish and French by
+# default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+PAPERLESS_OCR_LANGUAGES=ces chi-sim
+
+###############################################################################
+# Paperless-specific settings                                                 #
+###############################################################################
+
+# All settings defined in the paperless.conf.example can be used here. The
+# Docker setup does not use the configuration file.
+# A few commonly adjusted settings are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+#PAPERLESS_SECRET_KEY=change-me
+
+# Use this variable to set a timezone for the Paperless Docker containers. If not specified, defaults to UTC.
+PAPERLESS_TIME_ZONE=Europe/Prague
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+PAPERLESS_OCR_LANGUAGE=eng+ces+chi_sim
+
+# Set if accessing paperless via a domain subpath e.g. https://domain.com/PATHPREFIX and using a reverse-proxy like traefik or nginx
+#PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX
+#PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required

penpot.env

@@ -0,0 +1,11 @@
+--2023-01-05 19:27:46--  https://raw.githubusercontent.com/penpot/penpot/main/docker/images/config.env
+Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.109.133, 185.199.111.133, ...
+Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 2713 (2.6K) [text/plain]
+Saving to: ‘config.env.1’
+
+     0K ..                                                    100%  123M=0s
+
+2023-01-05 19:27:46 (123 MB/s) - ‘config.env.1’ saved [2713/2713]
+

penpot.yml

@@ -0,0 +1,75 @@
+---
+networks:
+  penpot:
+
+volumes:
+  penpot_postgres_data:
+  penpot_assets_data:
+
+services:
+  penpot-frontend:
+    image: "penpotapp/frontend:latest"
+    ports:
+      - 9001:80
+
+    volumes:
+      - ${DOCKER_STORAGE_PATH}/penpot/data:/opt/data$
+
+    env_file:
+      - penpot.env
+
+    depends_on:
+      - penpot-backend
+      - penpot-exporter
+
+    networks:
+      - penpot
+
+  penpot-backend:
+    image: "penpotapp/backend:latest"
+    volumes:
+      - penpot_assets_data:/opt/data
+
+    depends_on:
+      - penpot-postgres
+      - penpot-redis
+
+    env_file:
+      - config.env
+
+    networks:
+      - penpot
+
+  penpot-exporter:
+    image: "penpotapp/exporter:latest"
+    env_file:
+      - config.env
+    environment:
+      # Don't touch it; this uses internal docker network to
+      # communicate with the frontend.
+      - PENPOT_PUBLIC_URI=http://penpot-frontend
+    networks:
+      - penpot
+
+  penpot-postgres:
+    image: "postgres:14"
+    restart: always
+    stop_signal: SIGINT
+
+    environment:
+      - POSTGRES_INITDB_ARGS=--data-checksums
+      - POSTGRES_DB=penpot
+      - POSTGRES_USER=penpot
+      - POSTGRES_PASSWORD=penpot
+
+    volumes:
+      - penpot_postgres_data:/var/lib/postgresql/data
+
+    networks:
+      - penpot
+
+  penpot-redis:
+    image: redis:7
+    restart: always
+    networks:
+      - penpot

photoprism.env

@@ -0,0 +1,11 @@
+PHOTOPRISM_ADMIN_PASSWORD=kRalovna12514265!
+PHOTOPRISM_DATABASE_DRIVER=mysql
+PHOTOPRISM_DATABASE_NAME=photoprism
+PHOTOPRISM_DATABASE_PASSWORD=TWB64mcPZ^TSdo
+PHOTOPRISM_DATABASE_SERVER=mariadb
+PHOTOPRISM_DATABASE_USER=photoprism
+PHOTOPRISM_IMPORT_PATH=/photoprism/import
+PHOTOPRISM_ORIGINALS_PATH=/photoprism/originals
+PHOTOPRISM_SITE_URL=https://photos.${DOMAIN}
+PHOTOPRISM_SPONSOR=true
+PHOTOPRISM_STORAGE_PATH=/photoprism/storage

rtorrent.env

@@ -0,0 +1,6 @@
+VPN_ENABLED=no
+ENABLE_WEBUI_AUTH=no
+ENABLE_RPC2=yes
+ENABLE_RPC2_AUTH=yes
+RPC2_USER=lukas
+RPC2_PASS=5zpxni8N@DYCaZL

services/7dtdserver.yml

@@ -0,0 +1,51 @@
+---
+
+services:
+  7dtdserver:
+    image: vinanrra/7dtd-server
+    container_name: 7dtdserver
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - START_MODE=1                 # Change between START MODES
+      - VERSION=stable               # Change between 7 days to die versions
+      - TimeZone=Europe/Prague       # Optional - Change Timezone
+      - TEST_ALERT=NO                # Optional - Send a test alert
+      - UPDATE_MODS=NO               # Optional - This will allow mods to be update on start, each mod also need to have XXXX_UPDATE=YES to update on start
+      - MODS_URLS=""                 # Optional - Mods urls to install, must be ZIP or RAR.
+      - ALLOC_FIXES=NO               # Optional - Install ALLOC FIXES
+      - ALLOC_FIXES_UPDATE=NO        # Optional - Update Allocs Fixes before server start
+      - UNDEAD_LEGACY=NO             # Optional - Install Undead Legacy mod, if DARKNESS_FALLS it's enable will not install anything
+      - UNDEAD_LEGACY_VERSION=stable # Optional - Undead Legacy version
+      - UNDEAD_LEGACY_UPDATE=NO      # Optional - Update Undead Legacy mod before server start
+      - DARKNESS_FALLS=NO            # Optional - Install Darkness Falls mod, if UNDEAD_LEGACY it's enable will not install anything
+      - DARKNESS_FALLS_UPDATE=NO     # Optional - Update Darkness Falls mod before server start
+      - DARKNESS_FALLS_URL=False     # Optional - Install the provided Darkness Falls url
+      - CPM=NO                       # Optional - CSMM Patron's Mod (CPM)
+      - CPM_UPDATE=NO                # Optional - Update CPM before server start
+      - BEPINEX=NO                   # Optional - BepInEx
+      - BEPINEX_UPDATE=NO            # Optional - Update BepInEx before server start
+      - BACKUP=NO                    # Optional - Backup server
+      - BACKUP_HOUR=5                # Optional - Backup hour 0-23
+      - BACKUP_MAX=7                 # Optional - Max backups to keep
+      - MONITOR=NO                   # Optional - Keeps server up if crash
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/7daystodie/7DaysToDie:/home/sdtdserver/.local/share/7DaysToDie/"     # 7 Days To Die world saves
+      - "${DOCKER_STORAGE_PATH}/7daystodie/LGSM-Config:/home/sdtdserver/lgsm/config-lgsm/sdtdserver" # LGSM config folder
+      - "${DOCKER_STORAGE_PATH}/7daystodie/ServerFiles:/home/sdtdserver/serverfiles/"                # Optional - serverfiles folder
+      - "${DOCKER_STORAGE_PATH}/7daystodie/log:/home/sdtdserver/log/"                                # Optional - Logs folder
+      - "${DOCKER_STORAGE_PATH}/7daystodie/backups:/home/sdtdserver/lgsm/backup/"                    # Optional - If BACKUP=NO, backups folder
+    networks:
+      public:
+        ipv4_address: 192.168.240.12
+    ports:
+      - 26900:26900/tcp # Default game ports
+      - 26900:26900/udp # Default game ports
+      - 26901:26901/udp # Default game ports
+      - 26902:26902/udp # Default game ports
+      - 8085:8080/tcp   # OPTIONAL - WEBADMIN
+      - 8086:8081/tcp   # OPTIONAL - TELNET
+      - 8087:8082/tcp   # OPTIONAL - WEBSERVER https://7dtd.illy.bz/wiki/Server%20fixes
+    restart: unless-stopped # INFO - NEVER USE WITH START_MODE=4 or START_MODE=0
+
+

services/bazarr.yml

@@ -0,0 +1,18 @@
+---
+services:
+  bazarr:
+    image: docker.io/linuxserver/bazarr:latest
+    container_name: bazarr
+    ports:
+      - "${BAZARR_EXTERNAL_PORT}:${BAZARR_INTERNAL_PORT}"
+    networks:
+      public:
+        ipv4_address: 192.168.240.31
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/bazarr:/config"
+      - "${MOVIE_PATH}:/movies"
+      - "${TV_PATH}:/tv"
+    restart: unless-stopped

services/calibre-web.yml

@@ -0,0 +1,17 @@
+---
+services:
+  calibre-web:
+    image: docker.io/linuxserver/calibre-web:0.6.24
+    container_name: calibre-web
+    ports:
+      - 8089:8083
+    networks:
+      public:
+        ipv4_address: 192.168.240.52
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/calibre-web:/config"
+      - "${DOCKER_STORAGE_PATH}/syncthing/shares/Calibre Library:/books"
+    restart: unless-stopped

services/drone/drone.env

@@ -0,0 +1,2 @@
+DRONE_SERVER_HOST=drone.${DOMAIN}
+DRONE_RPC_HOST=${DRONE_SERVER_HOST}

services/drone/drone.yml

@@ -0,0 +1,44 @@
+---
+services:
+  drone:
+    image: drone/drone:1
+    container_name: drone
+    networks:
+      public:
+        ipv4_address: 192.168.240.47
+    labels:
+      caddy: drone.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
+    volumes:
+      - ${DOCKER_STORAGE_PATH}/drone:/data
+    env_file:
+      - drone.env
+      - ../../secrets/drone.env
+    environment:
+      # encrypted
+      # - DRONE_GITEA_CLIENT_ID=
+      # - DRONE_GITEA_CLIENT_SECRET=
+      # - DRONE_RPC_SECRET=
+      - DRONE_GITEA_SERVER=https://git.${DOMAIN}
+      - DRONE_SERVER_PROTO=https
+      - DRONE_USER_CREATE=username:lukas,admin:true
+    restart: unless-stopped
+
+  drone-runner:
+    image: drone/drone-runner-docker:1
+    container_name: drone-runner
+    networks:
+      public:
+        ipv4_address: 192.168.240.48
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    env_file:
+      - drone.env
+      - ../../secrets/drone.env
+    environment:
+      # encrypted
+      # - DRONE_RPC_SECRET=
+      - DRONE_RPC_PROTO=https
+      - DRONE_RUNNER_CAPACITY=1
+      - DRONE_RUNNER_NAME=nas-docker-runner
+    restart: unless-stopped

services/enshrouded.yml

@@ -0,0 +1,21 @@
+---
+services:
+  enshrouded:
+    image: mornedhels/enshrouded-server:latest
+    container_name: enshrouded
+    hostname: enshrouded
+    restart: unless-stopped
+    stop_grace_period: 90s
+    env_file:
+      - ../secrets/enshrouded.env
+    ports:
+      - "15636-15637:15636-15637/udp"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/enshrouded:/opt/enshrouded"
+    environment:
+      - SERVER_NAME=DominikJirkaLukas
+      # - SERVER_PASSWORD=
+      - SERVER_SLOT_COUNT=3
+      - UPDATE_CRON=*/30 * * * *
+      - PUID=${PUID}
+      - PGID=${PGID}

services/gluetun.yml

@@ -0,0 +1,35 @@
+---
+services:
+  gluetun:
+      image: qmcgaw/gluetun
+      container_name: gluetun-japan
+      # line above must be uncommented to allow external containers to connect.
+      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
+      cap_add:
+        - NET_ADMIN
+      networks:
+        public:
+          ipv4_address: 192.168.240.49
+      devices:
+        - /dev/net/tun:/dev/net/tun
+      ports:
+        - 8888:8888/tcp # HTTP proxy
+        - 8388:8388/tcp # Shadowsocks
+        - 8388:8388/udp # Shadowsocks
+      volumes:
+        - "${DOCKER_STORAGE_PATH}/gluetun:/gluetun"
+      env_file:
+        - ../secrets/protonvpn.env
+      environment:
+        # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
+        - VPN_SERVICE_PROVIDER=protonvpn
+        - VPN_TYPE=openvpn
+        # OpenVPN:
+        # - OPENVPN_USER=
+        # - OPENVPN_PASSWORD=
+        - TZ=${TZ}
+        - SERVER_COUNTRIES=Japan
+        - HTTPPROXY=on
+        # Server list updater
+        # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
+        - UPDATER_PERIOD=

services/handbrake-server.yml

@@ -0,0 +1,15 @@
+---
+services:
+  handbrake-server:
+    image: ghcr.io/thenickoftime/handbrake-web-server:0.7.3
+    container_name: handbrake-server
+    user: 1000:100 # edit to run as user (uuid:guid) with permissions to access your media. 0:0 to run as root (not recommended).
+    networks:
+        public:
+          ipv4_address: 192.168.240.50
+    ports:
+      - "${HANDBRAKER_SERVER_EXTERNAL_PORT}:${HANDBRAKER_SERVER_INTERNAL_PORT}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/handbrake-server/data:/data"
+      - "${STORAGE_PATH}:/video"
+    restart: unless-stopped

services/jellyfin.yml

@@ -0,0 +1,23 @@
+---
+services:
+  jellyfin:
+    image: linuxserver/jellyfin:10.10.7
+    container_name: jellyfin
+    ports:
+      - "8096:8096"
+      - "1900:1900/udp"
+      - "7359:7359/udp"
+    networks:
+      public:
+        ipv4_address: 192.168.240.32
+    labels:
+      caddy: jellyfin.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8096 }}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/jellyfin:/config"
+      - "${MEDIA_PATH}:/data/media"
+    environment:
+      - "JELLYFIN_PublishedServerUrl=https://jellyfin.${DOMAIN}"
+      - PUID=${PUID}
+      - PGID=${PGID}
+    restart: unless-stopped

services/jelu.yml

@@ -0,0 +1,29 @@
+---
+services:
+  jelu:
+    image: wabayang/jelu
+    container_name: jelu
+    volumes:
+      - ${DOCKER_STORAGE_PATH}/jelu/database:/database
+      - ${DOCKER_STORAGE_PATH}/jelu/files/images:/files/images
+      - ${DOCKER_STORAGE_PATH}/jelu/files/imports:/files/imports
+      - /etc/timezone:/etc/timezone:ro
+    configs:
+      - source: jelu_config
+        target: /config/application.yml
+    networks:
+      public:
+        ipv4_address: 192.168.240.33
+    env_file:
+      - ../secrets/jelu.env
+    environment:
+      SERVER_PORT: 80
+      SPRING_DATASOURCE_USERNAME: lukas
+      SPRING_DATASOURCE_PASSWORD: Q^k5i2^hN!wmEr6JLkYP9ME
+      JELU_CORS_ALLOWED-ORIGINS: https://jelu.${DOMAIN}
+    restart: unless-stopped
+
+configs:
+  jelu_config:
+    file: ../secrets/jelu-application.yml
+

services/kavita.yml

@@ -0,0 +1,21 @@
+---
+services:
+  kavita:
+    image: ghcr.io/kareadita/kavita:0.8.5
+    container_name: kavita
+    networks:
+      public:
+        ipv4_address: 192.168.240.53
+    ports:
+      - ${KAVITA_EXTERNAL_PORT}:${KAVITA_INTERNAL_PORT}
+    labels:
+      caddy: kavita.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $KAVITA_INTERNAL_PORT }}"
+    environment:
+      - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+    volumes:
+      - "${STORAGE_PATH}/media/comics:/comics"
+      - "${STORAGE_PATH}/media/comics/manga:/manga"
+      - "${STORAGE_PATH}/media/comics/books:/books"
+      - "${DOCKER_STORAGE_PATH}/kavita:/kavita/config"
+    restart: unless-stopped

services/komga.yml

@@ -0,0 +1,18 @@
+---
+services:
+  komga:
+    image: gotson/komga:1.20.0
+    container_name: komga
+    networks:
+      public:
+        ipv4_address: 192.168.240.34
+    ports:
+      - "25600:25600"
+    labels:
+      caddy: comic.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 25600 }}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/komga:/config"
+      - "${COMIC_PATH}:/data"
+      - "${TORRENTS_SEED_PATH}:/import"
+    restart: unless-stopped

services/miniflux.yml

@@ -0,0 +1,16 @@
+---
+services:
+  miniflux:
+    image: miniflux/miniflux:latest
+    container_name: miniflux
+    networks:
+      public:
+        ipv4_address: 192.168.240.35
+    labels:
+      caddy: miniflux.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8080 }}"
+    environment:
+      - BASE_URL=https://miniflux.${DOMAIN}
+      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/miniflux?sslmode=disable
+      - RUN_MIGRATIONS=1
+    restart: unless-stopped

services/netbootxyz.yml

@@ -0,0 +1,14 @@
+---
+services:
+  netbootxyz:
+    image: linuxserver/netbootxyz:latest
+    container_name: netbootxyz
+    networks:
+      public:
+        ipv4_address: 192.168.240.44
+    ports:
+      - 3000:3000
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/netbootxyz:/config"
+      - "${DOCKER_STORAGE_PATH_SLOW}/netbootxyz:/assets"
+    restart: unless-stopped

services/nextcloud.yml

@@ -0,0 +1,24 @@
+---
+services:
+  nextcloud:
+    image: registry.kucharczyk.xyz/nextcloud:latest
+    container_name: nextcloud
+    networks:
+      public:
+        ipv4_address: 192.168.240.40
+    depends_on:
+      - postgres
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/nextcloud/config:/var/www/html/config"
+      - "${DOCKER_STORAGE_PATH}/nextcloud/data:/var/www/html/data"
+      - "${DOCKER_STORAGE_PATH}/nextcloud/html:/var/www/html"
+    environment:
+      # caddy
+      - TRUSTED_PROXIES=192.168.240.2
+    labels:
+      caddy: cloud.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
+      caddy.handle.redir_0: "/.well-known/carddav /remote.php/dav 301"
+      caddy.handle.redir_1: "/.well-known/caldav /remote.php/dav 301"
+      caddy.header.Strict-Transport-Security: "max-age=15552000; includeSubDomains"
+    restart: unless-stopped

services/openldap.yml

@@ -0,0 +1,24 @@
+---
+services:
+  openldap:
+    image: osixia/openldap:latest
+    container_name: openldap
+    networks:
+      public:
+        ipv4_address: 192.168.240.42
+    ports:
+      - 389:389
+      - 636:636
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/openldap/config:/etc/ldap/slapd.d"
+      - "${DOCKER_STORAGE_PATH}/openldap/data:/var/lib/ldap"
+    environment:
+      - LDAP_ORGANISATION=Homelab
+      - LDAP_DOMAIN=${DOMAIN}
+      - LDAP_ADMIN_PASSWORD=kral
+      - LDAP_OPENLDAP_UID=${PUID}
+      - LDAP_OPENLDAP_GID=${PGID}
+      - LDAP_READONLY_USER=true
+      - LDAP_READONLY_USER_USERNAME=readonly
+      - LDAP_READONLY_USER_PASSWORD=readonly
+    restart: unless-stopped

services/portainer.yml

@@ -0,0 +1,17 @@
+---
+services:
+  portainer:
+    image: portainer/portainer-ee:2.19.1
+    container_name: portainer
+    ports:
+      - 9000:9000
+    networks:
+      public:
+        ipv4_address: 192.168.240.46
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+    restart: unless-stopped
+
+volumes:
+  portainer_data:

services/postgres.yml

@@ -0,0 +1,11 @@
+---
+services:
+  postgres:
+    container_name: postgres
+    image: postgres:latest
+    networks:
+      public:
+        ipv4_address: 192.168.240.25
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/postgres:/var/lib/postgresql/data"
+    restart: unless-stopped

services/prowlarr.yml

@@ -0,0 +1,14 @@
+---
+services:
+  prowlarr:
+    # see https://github.com/linuxserver/docker-prowlarr/releases
+    image: linuxserver/prowlarr:1.27.0.4852-ls94
+    container_name: prowlarr
+    networks:
+      public:
+        ipv4_address: 192.168.240.43
+    ports:
+      - 9696:9696
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/prowlarr:/config"
+    restart: unless-stopped

services/radarr.yml

@@ -0,0 +1,19 @@
+---
+services:
+  radarr:
+    image: ${REGISTRY_URL}/radarr:latest
+    container_name: radarr
+    ports:
+      - 7878:7878 
+    networks:
+      public:
+        ipv4_address: 192.168.240.36
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/radarr:/config"
+      - "${NZB_DOWNLOADS_PATH}:/downloads"
+      - "${TORRENTS_SEED_PATH}:/seed"
+      - "${MOVIE_PATH}:/movies"
+    restart: unless-stopped

services/redlib.yml

@@ -0,0 +1,30 @@
+---
+services:
+  redlib:
+    image: quay.io/redlib/redlib:latest
+    restart: unless-stopped
+    container_name: "redlib"
+      # exposed via caddy -> doesn't need an external port
+    user: nobody
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+      # - seccomp=seccomp-redlib.json
+    cap_drop:
+      - ALL
+    environment:
+      - REDLIB_DEFAULT_THEME=dracula;
+      - REDLIB_DEFAULT_SHOW_NSFW=on;
+      - REDLIB_DEFAULT_HIDE_AWARDS=on;
+      - REDLIB_DEFAULT_USE_HLS=on;
+      - REDLIB_DEFAULT_BLUR_SPOILER=on;
+    networks:
+      public:
+        ipv4_address: 192.168.240.51
+    labels:
+      caddy: redlib.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8080 }}"
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
+      interval: 5m
+      timeout: 3s

services/registry.yml

@@ -0,0 +1,17 @@
+---
+services:
+  registry:
+    image: registry:latest
+    container_name: registry
+    networks:
+      public:
+        ipv4_address: 192.168.240.45
+    ports:
+      - 5000:5000
+    labels:
+      caddy: registry.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 5000 }}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/registry/data:/var/lib/registry"
+      - "${DOCKER_STORAGE_PATH}/registry/config.yml:/etc/docker/registry/config.yml"
+    restart: unless-stopped

services/sabnzbd.yml

@@ -0,0 +1,21 @@
+---
+services:
+  sabnzbd:
+    image: linuxserver/sabnzbd:4.5.1
+    container_name: sabnzbd
+    networks:
+      public:
+        ipv4_address: 192.168.240.41
+    environment:
+      - PUID=1000
+      - PGID=100
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd
+      - TP_THEME=dracula
+    ports:
+      - "${SABNZBD_EXTERNAL_PORT}:${SABNZBD_INTERNAL_PORT}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/sabnzbd:/config"
+      - "${DOWNLOADS_PATH}/sabnzbd:/downloads"
+      - "${DOWNLOADS_PATH}/sabnzbd-incomplete:/incomplete-downloads"
+      - "${MEDIA_PATH}:/media"
+    restart: unless-stopped

services/sonarr.yml

@@ -0,0 +1,40 @@
+---
+services: 
+  sonarr_tv:
+    container_name: sonarr_tv_standard
+    image: linuxserver/sonarr:develop
+    networks:
+      public:
+        ipv4_address: 192.168.240.38
+    ports:
+      - "${SONARR_TV_STANDARD_EXTERNAL_PORT}:${SONARR_INTERNAL_PORT}"
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/sonarr:/config"
+      - "${TV_PATH}:/tv"
+      - "${ANIME_PATH}:/anime"
+      - "${NZB_DOWNLOADS_PATH}:/downloads"
+      - "${TORRENTS_SEED_PATH}:/seed"
+      - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete"
+    restart: unless-stopped
+
+  sonarr_anime:
+    container_name: sonarr_anime
+    image: linuxserver/sonarr:develop
+    networks:
+      public:
+        ipv4_address: 192.168.240.37
+    ports:
+      - "${SONARR_ANIME_EXTERNAL_PORT}:${SONARR_INTERNAL_PORT}"
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/sonarr_anime:/config"
+      - "${ANIME_PATH}:/anime"
+      - "${NZB_DOWNLOADS_PATH}:/downloads"
+      - "${TORRENTS_SEED_PATH}:/seed"
+      - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete"
+    restart: unless-stopped

services/uptime-kuma.yml

@@ -0,0 +1,12 @@
+---
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    container_name: uptimekuma
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/uptimekuma:/app/data"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    networks:
+      public:
+        ipv4_address: 192.168.240.39
+    restart: unless-stopped

snibox.env

@@ -0,0 +1,2 @@
+SECRET_KEY_BASE=sMHYqzrgJQgPynv6ZDG7M8ZpF
+FORCE_SSL=false

valheim.env

@@ -0,0 +1,4 @@
+SERVER_NAME=LukasJirkaDominik
+WORLD_NAME=Mujnovyserver
+SERVER_PASS=heslo
+VALHEIM_PLUS=true

valheim.yml

@@ -1,22 +0,0 @@
----
-version: '3.4'
-
-services:
-  valheim:
-    image: ghcr.io/lloesche/valheim-server
-    restart: unless-stopped
-    volumes:
-      - /docker/valheim/config:/config
-      - /docker/valheim/data:/opt/valheim
-    environment:
-      - SERVER_NAME=LukasJirkaDominik
-      - WORLD_NAME=Mujnovyserver
-      - SERVER_PASS=heslo
-      - PUID=1000
-      - PGID=100
-      - TZ=Europe/Prague
-      - VALHEIM_PLUS=true
-    ports:
-      - "2456-2457:2456-2457/udp"
-    cap_add:
-      - SYS_NICE