navidrome: update to 0.57.0

.env

@@ -1,5 +1,7 @@
 REGISTRY_URL=registry.kucharczyk.xyz
 DOMAIN=kucharczyk.xyz
+TS_DOMAIN=jacob-shark.ts.net
+TS_DOMAIN_NAS=nas.${TS_DOMAIN}
 TZ=Europe/Prague
 STORAGE_PATH=/srv/mergerfs/storage
 MEDIA_PATH=${STORAGE_PATH}/media
@@ -105,3 +107,10 @@ VAULTWARDEN_EXTERNAL_PORT=8666
 VAULTWARDEN_INTERNAL_PORT=80
 BAZARR_EXTERNAL_PORT=6767
 BAZARR_INTERNAL_PORT=6767
+GLUETUN_JAPAN_INTERNAL_PORT=8888
+GLUETUN_JAPAN_EXTERNAL_PORT=8888
+HANDBRAKER_SERVER_INTERNAL_PORT=9999
+HANDBRAKER_SERVER_EXTERNAL_PORT=9997
+REDLIB_EXTERNAL_PORT=8088
+SABNZBD_EXTERNAL_PORT=8081
+SABNZBD_INTERNAL_PORT=8080

.gitignore

@@ -0,0 +1 @@
+git-crypt-key

docker-compose.yml

@@ -1,4 +1,13 @@
 ---
+configs:
+  caddyfile:
+    content: |
+      notes-old.kucharczyk.xyz {
+        handle {
+          root * /srv/notes
+          file_server
+        }
+      }
 
 include:
   - services/bazarr.yml
@@ -18,23 +27,36 @@ include:
   - services/portainer.yml
   - services/drone/drone.yml
   - services/enshrouded.yml
+  - services/7dtdserver.yml
+  - services/gluetun.yml
+  - services/handbrake-server.yml
+  - services/redlib.yml
+  - services/calibre-web.yml
+  - services/kavita.yml
 
 services:
   caddy:
-    image: caddy
+    image: lucaslorentz/caddy-docker-proxy:ci-alpine
     container_name: caddy
     ports:
       - "${TIMETRACKER_EXTERNAL_PORT}:${TIMETRACKER_INTERNAL_PORT}"
       - "${DENDRON_NOTES_EXTERNAL_PORT}:${DENDRON_NOTES_INTERNAL_PORT}"
       - 80:80
       - 443:443
-    user: ${PUID}
+    environment:
+      - CADDY_INGRESS_NETWORKS=docker-compose-templates_public
+      - CADDY_DOCKER_CADDYFILE_PATH=/Caddyfile
+    configs:
+      - source: caddyfile
+        target: /Caddyfile
     volumes:
       - "${DOCKER_STORAGE_PATH}/caddy/etc:/etc/caddy"
       - "${DOCKER_STORAGE_PATH}/caddy/data:/data"
       - "${DOCKER_STORAGE_PATH}/caddy/config:/config"
+      - "/var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock"
       - "/www/notes:/srv/notes"
       - "timetracker-static:/srv/timetracker"
+      - /var/run/docker.sock:/var/run/docker.sock
     networks:
       public:
         ipv4_address: 192.168.240.2
@@ -60,16 +82,30 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.3
+    labels:
+      caddy: tracker.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8001 }}"
+      caddy.handle_path: "/static/*"
+      caddy.handle_path.root: "* /srv/timetracker"
+      caddy.handle_path.file_server:
+      caddy.handle: /robots.txt
+      caddy.handle.root: "* /srv/timetracker"
+      caddy.handle.file_server:
     restart: unless-stopped
 
   trilium:
-    image: zadam/trilium
+    image: triliumnext/notes:v0.95.0
     container_name: trilium
     restart: always
     environment:
       - TRILIUM_DATA_DIR=/home/node/trilium-data
     volumes:
       - ${DOCKER_STORAGE_PATH}/trilium:/home/node/trilium-data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    labels:
+      caddy: trilium.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $TRILIUM_INTERNAL_PORT }}"
     ports:
       - "${TRILIUM_EXTERNAL_PORT}:${TRILIUM_INTERNAL_PORT}"
     networks:
@@ -92,10 +128,17 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.5
+    labels:
+      caddy: "notify.${DOMAIN}, http://notify.${DOMAIN}"
+      caddy.reverse_proxy: "{{ upstreams $NTFY_INTERNAL_PORT }}"
+      caddy.@httpget.protocol: http
+      caddy.@httpget.method: get
+      caddy.@httpget.path_regexp: "^/([-_a-z0-9]{0,64}$|docs/|static/)"
+      caddy.redir: "@httpget https://{host}{uri}"
     restart: unless-stopped
 
   audiobookshelf:
-    image: ghcr.io/advplyr/audiobookshelf
+    image: ghcr.io/advplyr/audiobookshelf:2.20.0
     container_name: audiobookshelf
     environment:
       - AUDIOBOOKSHELF_UID=${PUID}
@@ -114,11 +157,10 @@ services:
     restart: unless-stopped
 
   beets:
-    image: ${REGISTRY_URL}/beets:latest
+    image: lscr.io/linuxserver/beets:2.2.0
     container_name: beets
+    user: 1000:100
     environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
       - TZ=${TZ}
     volumes:
       - "${DOCKER_STORAGE_PATH}/beets:/config"
@@ -133,7 +175,7 @@ services:
 
   mealie:
     container_name: mealie
-    image: hkotel/mealie:v1.5.1
+    image: hkotel/mealie:v1.9.0
     environment:
       PUID: ${PUID}
       PGID: ${PGID}
@@ -145,6 +187,9 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.8
+    labels:
+      caddy: recipes.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 9000 }}"
     restart: unless-stopped
 
   rtorrent:
@@ -168,6 +213,9 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.9
+    labels:
+      caddy: torrent.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 9080 }}"
     restart: unless-stopped
 
   webhook:
@@ -204,22 +252,8 @@ services:
         ipv4_address: 192.168.240.11
     restart: unless-stopped
 
-  7daystodie:
-    image: 7daysserver:latest
-    container_name: 7dtd
-    volumes:
-      - ${DOCKER_STORAGE_PATH}/7daystodie/saves:/home/steam/.local/share/7DaysToDie/Saves
-      - ${DOCKER_STORAGE_PATH}/7daystodie/server:/home/steam/server
-    ports:
-      - 26900-26902:26900-26902/udp
-      - 18500:8080
-    networks:
-      public:
-        ipv4_address: 192.168.240.12
-    restart: unless-stopped
-
   stash:
-    image: stashapp/stash:latest
+    image: stashapp/stash:v0.28.1
     container_name: stash
     ports:
       - "${STASH_EXTERNAL_PORT}:${STASH_INTERNAL_PORT}"
@@ -259,7 +293,7 @@ services:
     restart: unless-stopped
 
   navidrome:
-    image: deluan/navidrome
+    image: deluan/navidrome:0.57.0
     container_name: navidrome
     ports:
       - "${NAVIDROME_EXTERNAL_PORT}:${NAVIDROME_INTERNAL_PORT}"
@@ -272,6 +306,9 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.14
+    labels:
+      caddy: music.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $NAVIDROME_INTERNAL_PORT }}"
     restart: unless-stopped
 
   maloja:
@@ -301,7 +338,7 @@ services:
 
   paperless-ngx:
     container_name: paperless-ngx
-    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.0.1
     restart: unless-stopped
     depends_on:
       - redis
@@ -375,11 +412,12 @@ services:
     restart: unless-stopped
 
   syncthing:
-    image: lscr.io/linuxserver/syncthing:latest
+    image: lscr.io/linuxserver/syncthing:1.28.1
     container_name: syncthing
     volumes:
       - "${DOCKER_STORAGE_PATH}/syncthing:/config"
-      - "${STORAGE_PATH}/docker-storage/syncthing:/general"
+      - "${DOCKER_STORAGE_PATH}/syncthing/shares:/shares"
+      - "${STORAGE_PATH}:/storage"
     ports:
       - "${SYNCTHING_EXTERNAL_PORT1}:${SYNCTHING_INTERNAL_PORT1}"
       - "${SYNCTHING_EXTERNAL_PORT2}:${SYNCTHING_INTERNAL_PORT2}"
@@ -399,6 +437,9 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.21
+    labels:
+      caddy: wiki.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $MEDIAWIKI_INTERNAL_PORT }}"
     depends_on:
       - mariadb
     ports:
@@ -417,6 +458,9 @@ services:
         ipv4_address: 192.168.240.22
     ports:
       - "${PHOTOPRISM_EXTERNAL_PORT}:${PHOTOPRISM_INTERNAL_PORT}"
+    labels:
+      caddy: photos.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 2342 }}"
     depends_on:
       - mariadb
     env_file:
@@ -435,6 +479,8 @@ services:
         ipv4_address: 192.168.240.23
     ports:
       - "${MARIADB_EXTERNAL_PORT}:${MARIADB_INTERNAL_PORT}"
+    environment:
+      - MARIADB_AUTO_UPGRADE=true
     volumes:
       - "${DOCKER_STORAGE_PATH}/mariadb:/config"
       - sockets:/run/mysqld/
@@ -446,6 +492,9 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.24
+    labels:
+      caddy: baserow.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
     depends_on:
       - postgres
     env_file:
@@ -456,7 +505,7 @@ services:
 
   gitea:
     container_name: gitea
-    image: gitea/gitea:1.21.11
+    image: gitea/gitea:1.24.0
     networks:
       public:
         ipv4_address: 192.168.240.26
@@ -465,6 +514,9 @@ services:
     ports:
       - "${GITEA_WEBUI_EXTERNAL_PORT}:${GITEA_WEBUI_INTERNAL_PORT}"
       - "${GITEA_SSH_EXTERNAL_PORT}:${GITEA_SSH_INTERNAL_PORT}"
+    labels:
+      caddy: git.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $GITEA_WEBUI_INTERNAL_PORT }}"
     volumes:
       - "${DOCKER_STORAGE_PATH}/gitea:/data"
     restart: unless-stopped
@@ -493,11 +545,14 @@ services:
     restart: unless-stopped
 
   linkace:
-    image: linkace/linkace:simple
+    image: linkace/linkace:v1.15.4-simple
     container_name: linkace
     networks:
       public:
         ipv4_address: 192.168.240.28
+    labels:
+      caddy: bookmarks.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
     depends_on:
       - mariadb
       - redis
@@ -533,18 +588,31 @@ services:
   #     - public
 
   vaultwarden:
-    image: vaultwarden/server:latest
+    image: vaultwarden/server:1.32.1
     container_name: vaultwarden
     networks:
       public:
         ipv4_address: 192.168.240.29
     ports:
       - "${VAULTWARDEN_EXTERNAL_PORT}:${VAULTWARDEN_INTERNAL_PORT}"
+    labels:
+      caddy: bw.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
+    env_file:
+      - ./secrets/vaultwarden.env
     environment:
-            #- PUSH_ENABLED=true
-            #- PUSH_INSTALLATION='287eaff9-7be7-4b52-a31d-b09100dc0f5c'
-            #- PUSH_INSTALLATION_KEY='n0xrH7YORuvJk8rqvxB5'
-       - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$aWJ2cVRvYUsySkM3M01TMTJJMnZqbUF0Wm1qRWhvd1B6Sk50Q1hwck96dz0$$FKjZ36E54pX2e0AE9OaDpiH43TyAyfVwr3IvracbqEA
+      - PUSH_ENABLED=true
+      # PUSH_INSTALLATION_ID=
+      # PUSH_INSTALLATION_KEY=
+      - PUSH_RELAY_URI=https://api.bitwarden.eu
+      - PUSH_IDENTITY_URI=https://identity.bitwarden.eu
+      - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$aWJ2cVRvYUsySkM3M01TMTJJMnZqbUF0Wm1qRWhvd1B6Sk50Q1hwck96dz0$$FKjZ36E54pX2e0AE9OaDpiH43TyAyfVwr3IvracbqEA
+      - SMTP_HOST=${EMAIL_HOST}
+      - SMTP_FROM=${EMAIL_FROM}
+      - SMTP_FROM_NAME="Bitwarden (bw.kucharczyk.xyz)"
+      - SMTP_PORT=${EMAIL_PORT}
+      - SMTP_USERNAME=${EMAIL_FROM}
+      - SMTP_PASSWORD=${EMAIL_PASSWORD}
     volumes:
       - ${DOCKER_STORAGE_PATH}/vaultwarden:/data
     restart: unless-stopped

kavita.env

@@ -1,2 +0,0 @@
-KAVITA_INTERNAL_PORT=5000
-KAVITA_EXTERNAL_PORT=5100

navidrome.env

@@ -2,7 +2,7 @@ ND_LASTFM_APIKEY=29e22ee836a0cb51cfaacb72d605e30d
 ND_LASTFM_SECRET=10aa58294eeffa142685e78a0cd78ad6
 ND_SPOTIFY_ID=9d6a1b14a4134df5b4447fa46c4bf275
 ND_SPOTIFY_SECRET=27aed3e91dc34d7593d99ad4febea939
-ND_DEVACTIVITYPANEL=false
+ND_DEVACTIVITYPANEL=true
 ND_SEARCHFULLSTRING=true
 ND_ENABLESHARING=true
 ND_LOGLEVEL=error

scripts/README.md

@@ -1,9 +0,0 @@
-This folder contains the configuration file, template, and script to generate a Caddyfile for all the services in main repository.
-
-# Usage
-
-1. Run the script:
-```bash
- ./add --config sites-config.yaml --template template.j2 > sites-enabled/generated.caddy
-```
-2. Reload Caddy with `caddy reload -c /etc/caddy/Caddyfile`

scripts/add

@@ -1,76 +0,0 @@
-#!/usr/bin/python3
-import argparse
-import yaml
-from jinja2 import Template
-
-
-def render_template(template_path, **kwargs):
-    with open(template_path, "r") as file:
-        template = Template(file.read())
-        output = template.render(**kwargs)
-    return output
-
-
-def format_subdomain(subdomains, domain):
-    if isinstance(subdomains, list):
-        return ", ".join([f"{sub}.{domain}" for sub in subdomains])
-    else:
-        return f"{subdomains}.{domain}"
-
-
-def process_sites_config(config_path, template_path, check_mode):
-    with open(config_path, "r") as file:
-        sites_config = yaml.safe_load(file)
-
-    default_domain = sites_config.get("default_domain", None)
-    if default_domain is None:
-        raise ValueError("YAML configuration is missing default_domain key")
-    total_sites = len(sites_config["sites"])
-    enabled_sites = 0
-    disabled_sites = 0
-
-    for site in sites_config["sites"]:
-        domain = site.get("domain", default_domain)
-        # Check if site is enabled
-        if site.get("enabled", True):  # Default to True if 'enabled' key is not present
-            enabled_sites += 1
-
-            if "subdomain" in site:
-                site["subdomain"] = format_subdomain(site["subdomain"], domain)
-
-            if not check_mode:
-                rendered_content = render_template(template_path, **site)
-                print(f"{rendered_content}\n")
-        else:
-            disabled_sites += 1
-
-    if check_mode:
-        print(f"Total sites: {total_sites}")
-        print(f"Enabled sites: {enabled_sites}")
-        print(f"Disabled sites: {disabled_sites}")
-
-
-def main():
-    parser = argparse.ArgumentParser(
-        description="Process a sites configuration file for Caddyfiles"
-    )
-    parser.add_argument(
-        "--config", required=True, help="Path to the YAML configuration file"
-    )
-    parser.add_argument(
-        "--check",
-        action="store_true",
-        help="Only check statistics, do not output templates",
-    )
-    parser.add_argument("--template", help="Path to the Jinja2 template file")
-    args = parser.parse_args()
-
-    if args.template is None and args.check is False:
-        parser.error("--template argument is required if not using --check")
-
-    template_path = args.template  # Replace with the actual path to your template file
-    process_sites_config(args.config, template_path, args.check)
-
-
-if __name__ == "__main__":
-    main()

scripts/sites-config.yaml

@@ -1,114 +0,0 @@
-sites:
-  - hostname: gitea
-    subdomain: git
-    port: 3000
-  - hostname: rtorrent
-    subdomain: torrent
-    port: 9080
-  - subdomain: portainer
-    # fixme: move portainer to docker-compose.yml
-    # hostname: portainer
-    hostname: 192.168.0.106
-    port: 9000
-  - subdomain: radarr
-    hostname: radarr
-    port: 7878
-  - subdomain: sonarr-tv
-    hostname: sonarr_tv
-    port: 8989
-  - subdomain: sonarr-anime
-    hostname: sonarr_anime
-    port: 8989
-  - subdomain: notify
-    hostname: ntfy
-    port: 80
-    additional_config: |
-      @httpget {
-            protocol http
-            method GET
-            path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
-            }
-       redir @httpget https://{host}{uri}
-  - subdomain: recipes
-    hostname: mealie
-    port: 80
-  - subdomain: music
-    hostname: navidrome
-    port: 4533
-  - subdomain: paperless
-    hostname: paperless-ngx
-    port: 8000
-  - subdomain: photos
-    hostname: photoprism
-    port: 2342
-  - subdomain: bookmarks
-    hostname: linkace
-    port: 80
-  - subdomain: bw
-    hostname: vaultwarden
-    port: 80
-  - subdomain: drone
-    # fixme: move to docker compose & change hostname AND PORT!! (80)
-    # hostname: drone
-    hostname: 192.168.0.106
-    port: 580
-  - subdomain: jellyfin
-    hostname: jellyfin
-    port: 8096
-  - subdomain: comic
-    hostname: komga
-    port: 25600
-  - subdomain: miniflux
-    hostname: miniflux
-    port: 8080
-  - subdomain: netboot
-    # fixme: move to compose
-    # hostname: netbootxyz
-    hostname: 192.168.0.106
-    port: 3001
-  - subdomain: cloud
-    # fixme: move to compose
-    # hostname: nextcloud
-    hostname: 192.168.0.106
-    port: 8484
-    additional_config: |
-      redir /.well-known/carddav /remote.php/dav 301
-      redir /.well-known/caldav /remote.php/dav 301
-      header Strict-Transport-Security "max-age=15552000; includeSubDomains"
-  - subdomain: registry
-    # fixme: move to compose
-    # hostname: registry
-    hostname: 192.168.0.106
-    port: 5000
-  - subdomain: tracker
-    hostname: timetracker
-    port: 8001
-    additional_config: |
-      handle_path /static/* {
-        root * /srv/timetracker
-        file_server
-      }
-      handle /robots.txt {
-        root * /srv/timetracker
-        file_server
-      }
-  - subdomain: notes-old
-    additional_config: |
-      root * /srv/notes
-      file_server
-  - subdomain: notes
-    additional_config: |
-      reverse_proxy https://publish.obsidian.md {
-        header_up Host {upstream_hostport}
-      }
-      rewrite * /serve?url=notes.kucharczyk.xyz{path}
-    server_config: |
-      encode zstd gzip
-  - subdomain: wiki
-    hostname: mediawiki
-    port: 80
-  - subdomain: baserow
-    hostname: baserow
-    port: 80
-
-

scripts/template.j2

@@ -1,17 +0,0 @@
-{{ subdomain }} {
-	handle {
-		{% if reverse_proxy_config %}
-			reverse_proxy {{ hostname }}:{{ port }} {
-			{{ reverse_proxy_config }}
-			}
-		{% else %}
-			{% if hostname and port %}
-				reverse_proxy {{ hostname }}:{{ port }}
-			{% endif %}
-		{% endif %}
-		{% if additional_config %}
-			{{ additional_config }}
-		{% endif %}
-	}
-	{{ server_config }}
-}

services/7dtdserver.yml

@@ -0,0 +1,51 @@
+---
+
+services:
+  7dtdserver:
+    image: vinanrra/7dtd-server
+    container_name: 7dtdserver
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - START_MODE=1                 # Change between START MODES
+      - VERSION=stable               # Change between 7 days to die versions
+      - TimeZone=Europe/Prague       # Optional - Change Timezone
+      - TEST_ALERT=NO                # Optional - Send a test alert
+      - UPDATE_MODS=NO               # Optional - This will allow mods to be update on start, each mod also need to have XXXX_UPDATE=YES to update on start
+      - MODS_URLS=""                 # Optional - Mods urls to install, must be ZIP or RAR.
+      - ALLOC_FIXES=NO               # Optional - Install ALLOC FIXES
+      - ALLOC_FIXES_UPDATE=NO        # Optional - Update Allocs Fixes before server start
+      - UNDEAD_LEGACY=NO             # Optional - Install Undead Legacy mod, if DARKNESS_FALLS it's enable will not install anything
+      - UNDEAD_LEGACY_VERSION=stable # Optional - Undead Legacy version
+      - UNDEAD_LEGACY_UPDATE=NO      # Optional - Update Undead Legacy mod before server start
+      - DARKNESS_FALLS=NO            # Optional - Install Darkness Falls mod, if UNDEAD_LEGACY it's enable will not install anything
+      - DARKNESS_FALLS_UPDATE=NO     # Optional - Update Darkness Falls mod before server start
+      - DARKNESS_FALLS_URL=False     # Optional - Install the provided Darkness Falls url
+      - CPM=NO                       # Optional - CSMM Patron's Mod (CPM)
+      - CPM_UPDATE=NO                # Optional - Update CPM before server start
+      - BEPINEX=NO                   # Optional - BepInEx
+      - BEPINEX_UPDATE=NO            # Optional - Update BepInEx before server start
+      - BACKUP=NO                    # Optional - Backup server
+      - BACKUP_HOUR=5                # Optional - Backup hour 0-23
+      - BACKUP_MAX=7                 # Optional - Max backups to keep
+      - MONITOR=NO                   # Optional - Keeps server up if crash
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/7daystodie/7DaysToDie:/home/sdtdserver/.local/share/7DaysToDie/"     # 7 Days To Die world saves
+      - "${DOCKER_STORAGE_PATH}/7daystodie/LGSM-Config:/home/sdtdserver/lgsm/config-lgsm/sdtdserver" # LGSM config folder
+      - "${DOCKER_STORAGE_PATH}/7daystodie/ServerFiles:/home/sdtdserver/serverfiles/"                # Optional - serverfiles folder
+      - "${DOCKER_STORAGE_PATH}/7daystodie/log:/home/sdtdserver/log/"                                # Optional - Logs folder
+      - "${DOCKER_STORAGE_PATH}/7daystodie/backups:/home/sdtdserver/lgsm/backup/"                    # Optional - If BACKUP=NO, backups folder
+    networks:
+      public:
+        ipv4_address: 192.168.240.12
+    ports:
+      - 26900:26900/tcp # Default game ports
+      - 26900:26900/udp # Default game ports
+      - 26901:26901/udp # Default game ports
+      - 26902:26902/udp # Default game ports
+      - 8085:8080/tcp   # OPTIONAL - WEBADMIN
+      - 8086:8081/tcp   # OPTIONAL - TELNET
+      - 8087:8082/tcp   # OPTIONAL - WEBSERVER https://7dtd.illy.bz/wiki/Server%20fixes
+    restart: unless-stopped # INFO - NEVER USE WITH START_MODE=4 or START_MODE=0
+
+

services/calibre-web.yml

@@ -0,0 +1,17 @@
+---
+services:
+  calibre-web:
+    image: docker.io/linuxserver/calibre-web:0.6.24
+    container_name: calibre-web
+    ports:
+      - 8089:8083
+    networks:
+      public:
+        ipv4_address: 192.168.240.52
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/calibre-web:/config"
+      - "${DOCKER_STORAGE_PATH}/syncthing/shares/Calibre Library:/books"
+    restart: unless-stopped

services/drone/drone.yml

@@ -6,6 +6,9 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.47
+    labels:
+      caddy: drone.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
     volumes:
       - ${DOCKER_STORAGE_PATH}/drone:/data
     env_file:

services/gluetun.yml

@@ -0,0 +1,35 @@
+---
+services:
+  gluetun:
+      image: qmcgaw/gluetun
+      container_name: gluetun-japan
+      # line above must be uncommented to allow external containers to connect.
+      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
+      cap_add:
+        - NET_ADMIN
+      networks:
+        public:
+          ipv4_address: 192.168.240.49
+      devices:
+        - /dev/net/tun:/dev/net/tun
+      ports:
+        - 8888:8888/tcp # HTTP proxy
+        - 8388:8388/tcp # Shadowsocks
+        - 8388:8388/udp # Shadowsocks
+      volumes:
+        - "${DOCKER_STORAGE_PATH}/gluetun:/gluetun"
+      env_file:
+        - ../secrets/protonvpn.env
+      environment:
+        # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
+        - VPN_SERVICE_PROVIDER=protonvpn
+        - VPN_TYPE=openvpn
+        # OpenVPN:
+        # - OPENVPN_USER=
+        # - OPENVPN_PASSWORD=
+        - TZ=${TZ}
+        - SERVER_COUNTRIES=Japan
+        - HTTPPROXY=on
+        # Server list updater
+        # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
+        - UPDATER_PERIOD=

services/handbrake-server.yml

@@ -0,0 +1,15 @@
+---
+services:
+  handbrake-server:
+    image: ghcr.io/thenickoftime/handbrake-web-server:0.7.3
+    container_name: handbrake-server
+    user: 1000:100 # edit to run as user (uuid:guid) with permissions to access your media. 0:0 to run as root (not recommended).
+    networks:
+        public:
+          ipv4_address: 192.168.240.50
+    ports:
+      - "${HANDBRAKER_SERVER_EXTERNAL_PORT}:${HANDBRAKER_SERVER_INTERNAL_PORT}"
+    volumes:
+      - "${DOCKER_STORAGE_PATH}/handbrake-server/data:/data"
+      - "${STORAGE_PATH}:/video"
+    restart: unless-stopped

services/jellyfin.yml

@@ -1,7 +1,7 @@
 ---
 services:
   jellyfin:
-    image: linuxserver/jellyfin:latest
+    image: linuxserver/jellyfin:10.10.7
     container_name: jellyfin
     ports:
       - "8096:8096"
@@ -10,6 +10,9 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.32
+    labels:
+      caddy: jellyfin.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8096 }}"
     volumes:
       - "${DOCKER_STORAGE_PATH}/jellyfin:/config"
       - "${MEDIA_PATH}:/data/media"

services/kavita.yml

@@ -0,0 +1,21 @@
+---
+services:
+  kavita:
+    image: ghcr.io/kareadita/kavita:0.8.5
+    container_name: kavita
+    networks:
+      public:
+        ipv4_address: 192.168.240.53
+    ports:
+      - ${KAVITA_EXTERNAL_PORT}:${KAVITA_INTERNAL_PORT}
+    labels:
+      caddy: kavita.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams $KAVITA_INTERNAL_PORT }}"
+    environment:
+      - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
+    volumes:
+      - "${STORAGE_PATH}/media/comics:/comics"
+      - "${STORAGE_PATH}/media/comics/manga:/manga"
+      - "${STORAGE_PATH}/media/comics/books:/books"
+      - "${DOCKER_STORAGE_PATH}/kavita:/kavita/config"
+    restart: unless-stopped

services/komga.yml

@@ -1,13 +1,16 @@
 ---
 services:
   komga:
-    image: gotson/komga:latest
+    image: gotson/komga:1.20.0
     container_name: komga
-    ports:
-      - "6080:25600"
     networks:
       public:
         ipv4_address: 192.168.240.34
+    ports:
+      - "25600:25600"
+    labels:
+      caddy: comic.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 25600 }}"
     volumes:
       - "${DOCKER_STORAGE_PATH}/komga:/config"
       - "${COMIC_PATH}:/data"

services/miniflux.yml

@@ -3,11 +3,12 @@ services:
   miniflux:
     image: miniflux/miniflux:latest
     container_name: miniflux
-    ports:
-      - "8282:8080"
     networks:
       public:
         ipv4_address: 192.168.240.35
+    labels:
+      caddy: miniflux.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8080 }}"
     environment:
       - BASE_URL=https://miniflux.${DOMAIN}
       - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/miniflux?sslmode=disable

services/netbootxyz.yml

@@ -6,6 +6,8 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.44
+    ports:
+      - 3000:3000
     volumes:
       - "${DOCKER_STORAGE_PATH}/netbootxyz:/config"
       - "${DOCKER_STORAGE_PATH_SLOW}/netbootxyz:/assets"

services/nextcloud.yml

@@ -15,4 +15,10 @@ services:
     environment:
       # caddy
       - TRUSTED_PROXIES=192.168.240.2
+    labels:
+      caddy: cloud.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 80 }}"
+      caddy.handle.redir_0: "/.well-known/carddav /remote.php/dav 301"
+      caddy.handle.redir_1: "/.well-known/caldav /remote.php/dav 301"
+      caddy.header.Strict-Transport-Security: "max-age=15552000; includeSubDomains"
     restart: unless-stopped

services/prowlarr.yml

@@ -1,11 +1,14 @@
 ---
 services:
   prowlarr:
-    image: linuxserver/prowlarr:latest
+    # see https://github.com/linuxserver/docker-prowlarr/releases
+    image: linuxserver/prowlarr:1.27.0.4852-ls94
     container_name: prowlarr
     networks:
       public:
         ipv4_address: 192.168.240.43
+    ports:
+      - 9696:9696
     volumes:
       - "${DOCKER_STORAGE_PATH}/prowlarr:/config"
     restart: unless-stopped

services/redlib.yml

@@ -0,0 +1,30 @@
+---
+services:
+  redlib:
+    image: quay.io/redlib/redlib:latest
+    restart: unless-stopped
+    container_name: "redlib"
+      # exposed via caddy -> doesn't need an external port
+    user: nobody
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+      # - seccomp=seccomp-redlib.json
+    cap_drop:
+      - ALL
+    environment:
+      - REDLIB_DEFAULT_THEME=dracula;
+      - REDLIB_DEFAULT_SHOW_NSFW=on;
+      - REDLIB_DEFAULT_HIDE_AWARDS=on;
+      - REDLIB_DEFAULT_USE_HLS=on;
+      - REDLIB_DEFAULT_BLUR_SPOILER=on;
+    networks:
+      public:
+        ipv4_address: 192.168.240.51
+    labels:
+      caddy: redlib.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 8080 }}"
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
+      interval: 5m
+      timeout: 3s

services/registry.yml

@@ -6,6 +6,11 @@ services:
     networks:
       public:
         ipv4_address: 192.168.240.45
+    ports:
+      - 5000:5000
+    labels:
+      caddy: registry.${DOMAIN}
+      caddy.reverse_proxy: "{{ upstreams 5000 }}"
     volumes:
       - "${DOCKER_STORAGE_PATH}/registry/data:/var/lib/registry"
       - "${DOCKER_STORAGE_PATH}/registry/config.yml:/etc/docker/registry/config.yml"

services/sabnzbd.yml

@@ -1,7 +1,7 @@
 ---
 services:
   sabnzbd:
-    image: linuxserver/sabnzbd:latest
+    image: linuxserver/sabnzbd:4.5.1
     container_name: sabnzbd
     networks:
       public:
@@ -11,6 +11,8 @@ services:
       - PGID=100
       - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd
       - TP_THEME=dracula
+    ports:
+      - "${SABNZBD_EXTERNAL_PORT}:${SABNZBD_INTERNAL_PORT}"
     volumes:
       - "${DOCKER_STORAGE_PATH}/sabnzbd:/config"
       - "${DOWNLOADS_PATH}/sabnzbd:/downloads"

services/sonarr.yml

@@ -37,4 +37,4 @@ services:
       - "${NZB_DOWNLOADS_PATH}:/downloads"
       - "${TORRENTS_SEED_PATH}:/seed"
       - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete"
-    restart: unless-stopped
+    restart: unless-stopped