handbrake-server: add

2024-11-18 07:23:36 +01:00
21 changed files with 247 additions and 201 deletions
--- a/.env
+++ b/.env
@ -1,7 +1,5 @@
 REGISTRY_URL=registry.kucharczyk.xyz
 DOMAIN=kucharczyk.xyz
 TS_DOMAIN=jacob-shark.ts.net
 TS_DOMAIN_NAS=nas.${TS_DOMAIN}
 TZ=Europe/Prague
 STORAGE_PATH=/srv/mergerfs/storage
 MEDIA_PATH=${STORAGE_PATH}/media
@ -109,8 +107,5 @@ BAZARR_EXTERNAL_PORT=6767
 BAZARR_INTERNAL_PORT=6767
 GLUETUN_JAPAN_INTERNAL_PORT=8888
 GLUETUN_JAPAN_EXTERNAL_PORT=8888
-HANDBRAKER_SERVER_INTERNAL_PORT=9999
+HANDBRAKER_SERVER_INTERNAL_PORT=9997
-HANDBRAKER_SERVER_EXTERNAL_PORT=9997
+HANDBRAKER_SERVER_EXTERNAL_PORT=9999
 REDLIB_EXTERNAL_PORT=8088
 SABNZBD_EXTERNAL_PORT=8081
 SABNZBD_INTERNAL_PORT=8080
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,13 +1,4 @@
 ---
 configs:
  caddyfile:
    content: |
      notes-old.kucharczyk.xyz {
        handle {
          root * /srv/notes
          file_server
        }
      }
 include:
  - services/bazarr.yml
@ -29,34 +20,23 @@ include:
  - services/enshrouded.yml
  - services/7dtdserver.yml
  - services/gluetun.yml
  - services/handbrake-server.yml
  - services/redlib.yml
  - services/calibre-web.yml
  - services/kavita.yml
 services:
  caddy:
-    image: lucaslorentz/caddy-docker-proxy:ci-alpine
+    image: caddy
    container_name: caddy
    ports:
      - "${TIMETRACKER_EXTERNAL_PORT}:${TIMETRACKER_INTERNAL_PORT}"
      - "${DENDRON_NOTES_EXTERNAL_PORT}:${DENDRON_NOTES_INTERNAL_PORT}"
      - 80:80
      - 443:443
-    environment:
+    user: ${PUID}
      - CADDY_INGRESS_NETWORKS=docker-compose-templates_public
      - CADDY_DOCKER_CADDYFILE_PATH=/Caddyfile
    configs:
      - source: caddyfile
        target: /Caddyfile
    volumes:
      - "${DOCKER_STORAGE_PATH}/caddy/etc:/etc/caddy"
      - "${DOCKER_STORAGE_PATH}/caddy/data:/data"
      - "${DOCKER_STORAGE_PATH}/caddy/config:/config"
      - "/var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock"
      - "/www/notes:/srv/notes"
      - "timetracker-static:/srv/timetracker"
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      public:
        ipv4_address: 192.168.240.2
@ -82,30 +62,16 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.3
    labels:
      caddy: tracker.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8001 }}"
      caddy.handle_path: "/static/*"
      caddy.handle_path.root: "* /srv/timetracker"
      caddy.handle_path.file_server:
      caddy.handle: /robots.txt
      caddy.handle.root: "* /srv/timetracker"
      caddy.handle.file_server:
    restart: unless-stopped
  trilium:
-    image: triliumnext/notes:v0.95.0
+    image: zadam/trilium
    container_name: trilium
    restart: always
    environment:
      - TRILIUM_DATA_DIR=/home/node/trilium-data
    volumes:
      - ${DOCKER_STORAGE_PATH}/trilium:/home/node/trilium-data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      caddy: trilium.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $TRILIUM_INTERNAL_PORT }}"
    ports:
      - "${TRILIUM_EXTERNAL_PORT}:${TRILIUM_INTERNAL_PORT}"
    networks:
@ -128,17 +94,10 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.5
    labels:
      caddy: "notify.${DOMAIN}, http://notify.${DOMAIN}"
      caddy.reverse_proxy: "{{ upstreams $NTFY_INTERNAL_PORT }}"
      caddy.@httpget.protocol: http
      caddy.@httpget.method: get
      caddy.@httpget.path_regexp: "^/([-_a-z0-9]{0,64}$|docs/|static/)"
      caddy.redir: "@httpget https://{host}{uri}"
    restart: unless-stopped
  audiobookshelf:
-    image: ghcr.io/advplyr/audiobookshelf:2.20.0
+    image: ghcr.io/advplyr/audiobookshelf
    container_name: audiobookshelf
    environment:
      - AUDIOBOOKSHELF_UID=${PUID}
@ -157,10 +116,11 @@ services:
    restart: unless-stopped
  beets:
-    image: lscr.io/linuxserver/beets:2.2.0
+    image: ${REGISTRY_URL}/beets:latest
    container_name: beets
    user: 1000:100
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    volumes:
      - "${DOCKER_STORAGE_PATH}/beets:/config"
@ -187,9 +147,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.8
    labels:
      caddy: recipes.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 9000 }}"
    restart: unless-stopped
  rtorrent:
@ -213,9 +170,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.9
    labels:
      caddy: torrent.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 9080 }}"
    restart: unless-stopped
  webhook:
@ -253,7 +207,7 @@ services:
    restart: unless-stopped
  stash:
-    image: stashapp/stash:v0.28.1
+    image: stashapp/stash:v0.27.2
    container_name: stash
    ports:
      - "${STASH_EXTERNAL_PORT}:${STASH_INTERNAL_PORT}"
@ -293,7 +247,7 @@ services:
    restart: unless-stopped
  navidrome:
-    image: deluan/navidrome:0.57.0
+    image: deluan/navidrome:0.53.3
    container_name: navidrome
    ports:
      - "${NAVIDROME_EXTERNAL_PORT}:${NAVIDROME_INTERNAL_PORT}"
@ -306,9 +260,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.14
    labels:
      caddy: music.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $NAVIDROME_INTERNAL_PORT }}"
    restart: unless-stopped
  maloja:
@ -338,7 +289,7 @@ services:
  paperless-ngx:
    container_name: paperless-ngx
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.0.1
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    depends_on:
      - redis
@ -412,12 +363,11 @@ services:
    restart: unless-stopped
  syncthing:
-    image: lscr.io/linuxserver/syncthing:1.28.1
+    image: lscr.io/linuxserver/syncthing:latest
    container_name: syncthing
    volumes:
      - "${DOCKER_STORAGE_PATH}/syncthing:/config"
-      - "${DOCKER_STORAGE_PATH}/syncthing/shares:/shares"
+      - "${STORAGE_PATH}/docker-storage/syncthing:/general"
      - "${STORAGE_PATH}:/storage"
    ports:
      - "${SYNCTHING_EXTERNAL_PORT1}:${SYNCTHING_INTERNAL_PORT1}"
      - "${SYNCTHING_EXTERNAL_PORT2}:${SYNCTHING_INTERNAL_PORT2}"
@ -437,9 +387,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.21
    labels:
      caddy: wiki.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $MEDIAWIKI_INTERNAL_PORT }}"
    depends_on:
      - mariadb
    ports:
@ -458,9 +405,6 @@ services:
        ipv4_address: 192.168.240.22
    ports:
      - "${PHOTOPRISM_EXTERNAL_PORT}:${PHOTOPRISM_INTERNAL_PORT}"
    labels:
      caddy: photos.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 2342 }}"
    depends_on:
      - mariadb
    env_file:
@ -479,8 +423,6 @@ services:
        ipv4_address: 192.168.240.23
    ports:
      - "${MARIADB_EXTERNAL_PORT}:${MARIADB_INTERNAL_PORT}"
    environment:
      - MARIADB_AUTO_UPGRADE=true
    volumes:
      - "${DOCKER_STORAGE_PATH}/mariadb:/config"
      - sockets:/run/mysqld/
@ -492,9 +434,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.24
    labels:
      caddy: baserow.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    depends_on:
      - postgres
    env_file:
@ -505,7 +444,7 @@ services:
  gitea:
    container_name: gitea
-    image: gitea/gitea:1.24.0
+    image: gitea/gitea:1.21.11
    networks:
      public:
        ipv4_address: 192.168.240.26
@ -514,9 +453,6 @@ services:
    ports:
      - "${GITEA_WEBUI_EXTERNAL_PORT}:${GITEA_WEBUI_INTERNAL_PORT}"
      - "${GITEA_SSH_EXTERNAL_PORT}:${GITEA_SSH_INTERNAL_PORT}"
    labels:
      caddy: git.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $GITEA_WEBUI_INTERNAL_PORT }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/gitea:/data"
    restart: unless-stopped
@ -550,9 +486,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.28
    labels:
      caddy: bookmarks.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    depends_on:
      - mariadb
      - redis
@ -588,16 +521,13 @@ services:
  #     - public
  vaultwarden:
-    image: vaultwarden/server:1.32.1
+    image: vaultwarden/server:1.31.0
    container_name: vaultwarden
    networks:
      public:
        ipv4_address: 192.168.240.29
    ports:
      - "${VAULTWARDEN_EXTERNAL_PORT}:${VAULTWARDEN_INTERNAL_PORT}"
    labels:
      caddy: bw.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    env_file:
      - ./secrets/vaultwarden.env
    environment:
--- a/kavita.env
+++ b/kavita.env
@ -0,0 +1,2 @@
 KAVITA_INTERNAL_PORT=5000
 KAVITA_EXTERNAL_PORT=5100
--- a/scripts/README.md
+++ b/scripts/README.md
@ -0,0 +1,9 @@
 This folder contains the configuration file, template, and script to generate a Caddyfile for all the services in main repository.
 # Usage
 1. Run the script:
 ```bash
 ./add --config sites-config.yaml --template template.j2 > sites-enabled/generated.caddy
 ```
 2. Reload Caddy with `caddy reload -c /etc/caddy/Caddyfile`
--- a/scripts/add
+++ b/scripts/add
@ -0,0 +1,76 @@
 #!/usr/bin/python3
 import argparse
 import yaml
 from jinja2 import Template
 def render_template(template_path, **kwargs):
    with open(template_path, "r") as file:
        template = Template(file.read())
        output = template.render(**kwargs)
    return output
 def format_subdomain(subdomains, domain):
    if isinstance(subdomains, list):
        return ", ".join([f"{sub}.{domain}" for sub in subdomains])
    else:
        return f"{subdomains}.{domain}"
 def process_sites_config(config_path, template_path, check_mode):
    with open(config_path, "r") as file:
        sites_config = yaml.safe_load(file)
    default_domain = sites_config.get("default_domain", None)
    if default_domain is None:
        raise ValueError("YAML configuration is missing default_domain key")
    total_sites = len(sites_config["sites"])
    enabled_sites = 0
    disabled_sites = 0
    for site in sites_config["sites"]:
        domain = site.get("domain", default_domain)
        # Check if site is enabled
        if site.get("enabled", True):  # Default to True if 'enabled' key is not present
            enabled_sites += 1
            if "subdomain" in site:
                site["subdomain"] = format_subdomain(site["subdomain"], domain)
            if not check_mode:
                rendered_content = render_template(template_path, **site)
                print(f"{rendered_content}\n")
        else:
            disabled_sites += 1
    if check_mode:
        print(f"Total sites: {total_sites}")
        print(f"Enabled sites: {enabled_sites}")
        print(f"Disabled sites: {disabled_sites}")
 def main():
    parser = argparse.ArgumentParser(
        description="Process a sites configuration file for Caddyfiles"
    )
    parser.add_argument(
        "--config", required=True, help="Path to the YAML configuration file"
    )
    parser.add_argument(
        "--check",
        action="store_true",
        help="Only check statistics, do not output templates",
    )
    parser.add_argument("--template", help="Path to the Jinja2 template file")
    args = parser.parse_args()
    if args.template is None and args.check is False:
        parser.error("--template argument is required if not using --check")
    template_path = args.template  # Replace with the actual path to your template file
    process_sites_config(args.config, template_path, args.check)
 if __name__ == "__main__":
    main()
--- a/scripts/sites-config.yaml
+++ b/scripts/sites-config.yaml
@ -0,0 +1,114 @@
 sites:
  - hostname: gitea
    subdomain: git
    port: 3000
  - hostname: rtorrent
    subdomain: torrent
    port: 9080
  - subdomain: portainer
    # fixme: move portainer to docker-compose.yml
    # hostname: portainer
    hostname: 192.168.0.106
    port: 9000
  - subdomain: radarr
    hostname: radarr
    port: 7878
  - subdomain: sonarr-tv
    hostname: sonarr_tv
    port: 8989
  - subdomain: sonarr-anime
    hostname: sonarr_anime
    port: 8989
  - subdomain: notify
    hostname: ntfy
    port: 80
    additional_config: |
      @httpget {
            protocol http
            method GET
            path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
            }
       redir @httpget https://{host}{uri}
  - subdomain: recipes
    hostname: mealie
    port: 80
  - subdomain: music
    hostname: navidrome
    port: 4533
  - subdomain: paperless
    hostname: paperless-ngx
    port: 8000
  - subdomain: photos
    hostname: photoprism
    port: 2342
  - subdomain: bookmarks
    hostname: linkace
    port: 80
  - subdomain: bw
    hostname: vaultwarden
    port: 80
  - subdomain: drone
    # fixme: move to docker compose & change hostname AND PORT!! (80)
    # hostname: drone
    hostname: 192.168.0.106
    port: 580
  - subdomain: jellyfin
    hostname: jellyfin
    port: 8096
  - subdomain: comic
    hostname: komga
    port: 25600
  - subdomain: miniflux
    hostname: miniflux
    port: 8080
  - subdomain: netboot
    # fixme: move to compose
    # hostname: netbootxyz
    hostname: 192.168.0.106
    port: 3001
  - subdomain: cloud
    # fixme: move to compose
    # hostname: nextcloud
    hostname: 192.168.0.106
    port: 8484
    additional_config: |
      redir /.well-known/carddav /remote.php/dav 301
      redir /.well-known/caldav /remote.php/dav 301
      header Strict-Transport-Security "max-age=15552000; includeSubDomains"
  - subdomain: registry
    # fixme: move to compose
    # hostname: registry
    hostname: 192.168.0.106
    port: 5000
  - subdomain: tracker
    hostname: timetracker
    port: 8001
    additional_config: |
      handle_path /static/* {
        root * /srv/timetracker
        file_server
      }
      handle /robots.txt {
        root * /srv/timetracker
        file_server
      }
  - subdomain: notes-old
    additional_config: |
      root * /srv/notes
      file_server
  - subdomain: notes
    additional_config: |
      reverse_proxy https://publish.obsidian.md {
        header_up Host {upstream_hostport}
      }
      rewrite * /serve?url=notes.kucharczyk.xyz{path}
    server_config: |
      encode zstd gzip
  - subdomain: wiki
    hostname: mediawiki
    port: 80
  - subdomain: baserow
    hostname: baserow
    port: 80
--- a/scripts/template.j2
+++ b/scripts/template.j2
@ -0,0 +1,17 @@
 {{ subdomain }} {
 	handle {
 		{% if reverse_proxy_config %}
 			reverse_proxy {{ hostname }}:{{ port }} {
 			{{ reverse_proxy_config }}
 			}
 		{% else %}
 			{% if hostname and port %}
 				reverse_proxy {{ hostname }}:{{ port }}
 			{% endif %}
 		{% endif %}
 		{% if additional_config %}
 			{{ additional_config }}
 		{% endif %}
 	}
 	{{ server_config }}
 }
--- a/services/calibre-web.yml
+++ b/services/calibre-web.yml
@ -1,17 +0,0 @@
 ---
 services:
  calibre-web:
    image: docker.io/linuxserver/calibre-web:0.6.24
    container_name: calibre-web
    ports:
      - 8089:8083
    networks:
      public:
        ipv4_address: 192.168.240.52
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - "${DOCKER_STORAGE_PATH}/calibre-web:/config"
      - "${DOCKER_STORAGE_PATH}/syncthing/shares/Calibre Library:/books"
    restart: unless-stopped
--- a/services/drone/drone.yml
+++ b/services/drone/drone.yml
@ -6,9 +6,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.47
    labels:
      caddy: drone.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    volumes:
      - ${DOCKER_STORAGE_PATH}/drone:/data
    env_file:
--- a/services/handbrake-server.yml
+++ b/services/handbrake-server.yml
@ -1,8 +1,8 @@
---
+--
 services:
  handbrake-server:
-    image: ghcr.io/thenickoftime/handbrake-web-server:0.7.3
+    image: ghcr.io/thenickoftime/handbrake-web-server:latest
-    container_name: handbrake-server
+    container_name: handbrake-web-server
    user: 1000:100 # edit to run as user (uuid:guid) with permissions to access your media. 0:0 to run as root (not recommended).
    networks:
        public:
@ -10,6 +10,5 @@ services:
    ports:
      - "${HANDBRAKER_SERVER_EXTERNAL_PORT}:${HANDBRAKER_SERVER_INTERNAL_PORT}"
    volumes:
-      - "${DOCKER_STORAGE_PATH}/handbrake-server/data:/data"
+      - "${DOCKER_STORAGE_PATH}/data:/data"
      - "${STORAGE_PATH}:/video"
    restart: unless-stopped
--- a/services/jellyfin.yml
+++ b/services/jellyfin.yml
@ -1,7 +1,7 @@
 ---
 services:
  jellyfin:
-    image: linuxserver/jellyfin:10.10.7
+    image: linuxserver/jellyfin:10.10.1
    container_name: jellyfin
    ports:
      - "8096:8096"
@ -10,9 +10,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.32
    labels:
      caddy: jellyfin.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8096 }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/jellyfin:/config"
      - "${MEDIA_PATH}:/data/media"
--- a/services/kavita.yml
+++ b/services/kavita.yml
@ -1,21 +0,0 @@
 ---
 services:
  kavita:
    image: ghcr.io/kareadita/kavita:0.8.5
    container_name: kavita
    networks:
      public:
        ipv4_address: 192.168.240.53
    ports:
      - ${KAVITA_EXTERNAL_PORT}:${KAVITA_INTERNAL_PORT}
    labels:
      caddy: kavita.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $KAVITA_INTERNAL_PORT }}"
    environment:
      - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=true
    volumes:
      - "${STORAGE_PATH}/media/comics:/comics"
      - "${STORAGE_PATH}/media/comics/manga:/manga"
      - "${STORAGE_PATH}/media/comics/books:/books"
      - "${DOCKER_STORAGE_PATH}/kavita:/kavita/config"
    restart: unless-stopped
--- a/services/komga.yml
+++ b/services/komga.yml
@ -1,16 +1,13 @@
 ---
 services:
  komga:
-    image: gotson/komga:1.20.0
+    image: gotson/komga:latest
    container_name: komga
    ports:
      - "6080:25600"
    networks:
      public:
        ipv4_address: 192.168.240.34
    ports:
      - "25600:25600"
    labels:
      caddy: comic.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 25600 }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/komga:/config"
      - "${COMIC_PATH}:/data"
--- a/services/miniflux.yml
+++ b/services/miniflux.yml
@ -3,12 +3,11 @@ services:
  miniflux:
    image: miniflux/miniflux:latest
    container_name: miniflux
    ports:
      - "8282:8080"
    networks:
      public:
        ipv4_address: 192.168.240.35
    labels:
      caddy: miniflux.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8080 }}"
    environment:
      - BASE_URL=https://miniflux.${DOMAIN}
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/miniflux?sslmode=disable
--- a/services/netbootxyz.yml
+++ b/services/netbootxyz.yml
@ -6,8 +6,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.44
    ports:
      - 3000:3000
    volumes:
      - "${DOCKER_STORAGE_PATH}/netbootxyz:/config"
      - "${DOCKER_STORAGE_PATH_SLOW}/netbootxyz:/assets"
--- a/services/nextcloud.yml
+++ b/services/nextcloud.yml
@ -15,10 +15,4 @@ services:
    environment:
      # caddy
      - TRUSTED_PROXIES=192.168.240.2
    labels:
      caddy: cloud.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
      caddy.handle.redir_0: "/.well-known/carddav /remote.php/dav 301"
      caddy.handle.redir_1: "/.well-known/caldav /remote.php/dav 301"
      caddy.header.Strict-Transport-Security: "max-age=15552000; includeSubDomains"
    restart: unless-stopped
--- a/services/prowlarr.yml
+++ b/services/prowlarr.yml
@ -1,14 +1,11 @@
 ---
 services:
  prowlarr:
-    # see https://github.com/linuxserver/docker-prowlarr/releases
+    image: linuxserver/prowlarr:latest
    image: linuxserver/prowlarr:1.27.0.4852-ls94
    container_name: prowlarr
    networks:
      public:
        ipv4_address: 192.168.240.43
    ports:
      - 9696:9696
    volumes:
      - "${DOCKER_STORAGE_PATH}/prowlarr:/config"
    restart: unless-stopped
--- a/services/redlib.yml
+++ b/services/redlib.yml
@ -1,30 +0,0 @@
 ---
 services:
  redlib:
    image: quay.io/redlib/redlib:latest
    restart: unless-stopped
    container_name: "redlib"
      # exposed via caddy -> doesn't need an external port
    user: nobody
    read_only: true
    security_opt:
      - no-new-privileges:true
      # - seccomp=seccomp-redlib.json
    cap_drop:
      - ALL
    environment:
      - REDLIB_DEFAULT_THEME=dracula;
      - REDLIB_DEFAULT_SHOW_NSFW=on;
      - REDLIB_DEFAULT_HIDE_AWARDS=on;
      - REDLIB_DEFAULT_USE_HLS=on;
      - REDLIB_DEFAULT_BLUR_SPOILER=on;
    networks:
      public:
        ipv4_address: 192.168.240.51
    labels:
      caddy: redlib.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8080 }}"
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
      interval: 5m
      timeout: 3s
--- a/services/registry.yml
+++ b/services/registry.yml
@ -6,11 +6,6 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.45
    ports:
      - 5000:5000
    labels:
      caddy: registry.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 5000 }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/registry/data:/var/lib/registry"
      - "${DOCKER_STORAGE_PATH}/registry/config.yml:/etc/docker/registry/config.yml"
--- a/services/sabnzbd.yml
+++ b/services/sabnzbd.yml
@ -1,7 +1,7 @@
 ---
 services:
  sabnzbd:
-    image: linuxserver/sabnzbd:4.5.1
+    image: linuxserver/sabnzbd:latest
    container_name: sabnzbd
    networks:
      public:
@ -11,8 +11,6 @@ services:
      - PGID=100
      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd
      - TP_THEME=dracula
    ports:
      - "${SABNZBD_EXTERNAL_PORT}:${SABNZBD_INTERNAL_PORT}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/sabnzbd:/config"
      - "${DOWNLOADS_PATH}/sabnzbd:/downloads"
--- a/services/sonarr.yml
+++ b/services/sonarr.yml
@ -37,4 +37,4 @@ services:
      - "${NZB_DOWNLOADS_PATH}:/downloads"
      - "${TORRENTS_SEED_PATH}:/seed"
      - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete"
-    restart: unless-stopped
+    restart: unless-stopped
		`@ -0,0 +1,2 @@`
							`KAVITA_INTERNAL_PORT=5000`
							`KAVITA_EXTERNAL_PORT=5100`