version: '3.3' services: uptime-kuma: image: louislam/uptime-kuma:1 container_name: uptimekuma volumes: - "${DOCKER_STORAGE_PATH}/uptimekuma:/app/data" - "/var/run/docker.sock:/var/run/docker.sock" ports: - "${UPTIME_KUMA_EXTERNAL_PORT}:${UPTIME_KUMA_INTERNAL_PORT}" networks: - public profiles: - infra - base restart: unless-stopped logseq: image: ghcr.io/logseq/logseq-webapp:latest container_name: logseq ports: - "${LOGSEQ_EXTERNAL_PORT}:${LOGSEQ_INTERNAL_PORT}" networks: - public profiles: - disabled restart: unless-stopped - disabled caddy: image: caddy container_name: caddy ports: - "${TIMETRACKER_EXTERNAL_PORT}:${TIMETRACKER_INTERNAL_PORT}" - "${DENDRON_NOTES_EXTERNAL_PORT}:${DENDRON_NOTES_INTERNAL_PORT}" user: ${PUID} volumes: - "${DOCKER_STORAGE_PATH}/caddy/etc:/etc/caddy" - "${DOCKER_STORAGE_PATH}/caddy/data:/data" - "${DOCKER_STORAGE_PATH}/caddy/config:/config" - "/www/notes:/srv/notes" - "timetracker-static:/srv/timetracker" networks: - public - caddy profiles: - infra - base restart: unless-stopped # cap_drop: # - ALL # cap_add: # - NET_BIND_SERVICE timetracker: image: ${REGISTRY_URL}/timetracker container_name: timetracker environment: - TZ=${TZ} - "CSRF_TRUSTED_ORIGINS=https://tracker.kucharczyk.xyz" user: ${PUID} volumes: - "${DOCKER_STORAGE_PATH}/timetracker/db.sqlite3:/home/timetracker/app/db.sqlite3" - "${DOCKER_STORAGE_PATH}/timetracker/backups:/home/timetracker/app/games/fixtures/backups" - "timetracker-static:/var/www/django/static" depends_on: - caddy networks: - caddy profiles: - base restart: unless-stopped dokku: image: dokku/dokku:0.29.4 container_name: dokku environment: - "DOKKU_HOSTNAME=192.168.0.106" - "DOKKU_HOST_ROOT=/var/lib/dokku/home/dokku" volumes: - "${DOCKER_STORAGE_PATH}/dokku:/mnt/dokku" - "/var/run/docker.sock:/var/run/docker.sock" ports: - "${DOKKU_EXTERNAL_PORT_1}:${DOKKU_INTERNAL_PORT_1}" - "${DOKKU_EXTERNAL_PORT_2}:${DOKKU_INTERNAL_PORT_2}" - "${DOKKU_EXTERNAL_PORT_3}:${DOKKU_INTERNAL_PORT_3}" networks: - public profiles: - disabled trilium: image: zadam/trilium container_name: trilium restart: always environment: - TRILIUM_DATA_DIR=/home/node/trilium-data volumes: - ${DOCKER_STORAGE_PATH}/trilium:/home/node/trilium-data ports: - "${TRILIUM_EXTERNAL_PORT}:${TRILIUM_INTERNAL_PORT}" networks: - public profiles: - base ntfy: image: binwiederhier/ntfy container_name: ntfy command: - serve user: ${PUID}:${PGID} environment: - TZ=${TZ} volumes: - "${DOCKER_STORAGE_PATH}/ntfy/cache:/var/cache/ntfy" - "${DOCKER_STORAGE_PATH}/ntfy/config:/etc/ntfy" ports: - "${NTFY_EXTERNAL_PORT}:${NTFY_INTERNAL_PORT}" networks: - public profiles: - base - infra restart: unless-stopped audiobookshelf: image: ghcr.io/advplyr/audiobookshelf container_name: audiobookshelf environment: - AUDIOBOOKSHELF_UID=${PUID} - AUDIOBOOKSHELF_GID=${PGID} - TZ=${TZ} volumes: - "${DOCKER_STORAGE_PATH}/audiobookshelf/audiobooks:/audiobooks" - "${DOCKER_STORAGE_PATH}/audiobookshelf/podcasts:/podcasts" - "${DOCKER_STORAGE_PATH}/audiobookshelf/config:/config" - "${DOCKER_STORAGE_PATH}/audiobookshelf/metadata:/metadata" ports: - "${AUDIOBOOKSHELF_EXTERNAL_PORT}:${AUDIOBOOKSHELF_INTERNAL_PORT}" networks: - public profiles: - disabled restart: unless-stopped beets: image: ${REGISTRY_URL}/beets:latest container_name: beets environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - "${DOCKER_STORAGE_PATH}/beets:/config" - "${STORAGE_PATH}/media/music2:/music" - "${STORAGE_PATH}/download/music:/downloads" ports: - 8337:8337 networks: - public profiles: - base restart: unless-stopped deluge: image: lscr.io/linuxserver/deluge:latest container_name: deluge environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - DELUGE_LOGLEVEL=error #optional volumes: - "${DOCKER_STORAGE_PATH}/deluge2:/config" - "${STORAGE_PATH}/seed:/seed" ports: - "8112:8112" - "58846:58846" networks: - public profiles: - disabled restart: unless-stopped filebrowser: image: filebrowser/filebrowser:s6 container_name: filebrowser environment: - PUID=${PUID} - PGID=${PGID} volumes: - "${DOCKER_STORAGE_PATH}/filebrowser/database:/database/" - "${DOCKER_STORAGE_PATH}/filebrowser/config/:/config/" - "${STORAGE_PATH}:/srv" ports: - "9999:80" networks: - public profiles: - disabled restart: unless-stopped mealie: container_name: mealie image: hkotel/mealie:latest environment: PUID: ${PUID} PGID: ${PGID} TZ: ${TZ} env_file: - mealie.env volumes: - "${DOCKER_STORAGE_PATH}/mealie/data/:/app/data" ports: - ${MEALIE_EXTERNAL_PORT}:${MEALIE_INTERNAL_PORT} networks: - public restart: unless-stopped rtorrent: image: binhex/arch-rtorrentvpn container_name: rtorrent volumes: - "${DOCKER_STORAGE_PATH}/rtorrent/config:/config" - "${DOCKER_STORAGE_PATH}/rtorrent/watch:/watch" - ${STORAGE_PATH}/seed:/data - /etc/localtime:/etc/localtime:ro environment: - PUID=${PUID} - PGID=${PGID} env_file: - rtorrent.env ports: - "9080:9080" - "9443:9443" - "8118:8118" - "6881:6881" networks: - public profiles: - base restart: unless-stopped kavita: image: "kizaing/kavita:latest" container_name: kavita env_file: - kavita.env ports: - "${KAVITA_EXTERNAL_PORT}:${KAVITA_INTERNAL_PORT}" volumes: - "${STORAGE_PATH}/media/comics:/manga" - "${DOCKER_STORAGE_PATH}/kavita:/kavita/config" networks: - public profiles: - disabled restart: unless-stopped webhook: image: ${REGISTRY_URL}/webhook container_name: webhook build: https://git.kucharczyk.xyz/containers/webhook.git#main user: ${PUID}:${PGID} environment: - TZ=${TZ} volumes: - "${DOCKER_STORAGE_PATH}/webhook/config:/config" - "${DOCKER_STORAGE_PATH}/webhook/scripts:/var/webhook" ports: - "${WEBHOOK_EXTERNAL_PORT}:${WEBHOOK_INTERNAL_PORT}" networks: - public profiles: - base - infra restart: unless-stopped valheim: image: ghcr.io/lloesche/valheim-server container_name: valheim volumes: - ${DOCKER_STORAGE_PATH}/valheim/config:/config - ${DOCKER_STORAGE_PATH}/valheim/data:/opt/valheim env_file: - valheim.env ports: - ${VALHEIM_EXTERNAL_PORT}:${VALHEIM_INTERNAL_PORT} cap_add: - SYS_NICE networks: - public profiles: - disabled restart: unless-stopped 7daystodie: image: 7daysserver:latest container_name: 7dtd volumes: - ${DOCKER_STORAGE_PATH}/7daystodie/saves:/home/steam/.local/share/7DaysToDie/Saves - ${DOCKER_STORAGE_PATH}/7daystodie/server:/home/steam/server ports: - 26900-26902:26900-26902/udp - 18500:8080 networks: - public profiles: - disabled restart: unless-stopped loki: image: grafana/loki:2.6.1 container_name: loki user: "${PUID}" ports: - "${LOKI_EXTERNAL_PORT}:${LOKI_INTERNAL_PORT}" command: -config.file=/etc/loki/local-config.yaml volumes: - "${DOCKER_STORAGE_PATH}/loki/local-config.yaml:/etc/loki/local-config.yaml" networks: - loki profiles: - disabled - infra restart: unless-stopped promtail: image: grafana/promtail:2.6.1 container_name: promtail user: "${PUID}" volumes: - /var/log:/var/log - "${DOCKER_STORAGE_PATH}/promtail/config.yml:/etc/promtail/config.yml" command: -config.file=/etc/promtail/config.yml depends_on: - loki networks: - loki profiles: - disabled - infra restart: unless-stopped grafana: image: grafana/grafana:latest container_name: grafana user: "${PUID}" ports: - "${GRAFANA_EXTERNAL_PORT}:${GRAFANA_INTERNAL_PORT}" networks: - loki profiles: - disabled - infra restart: unless-stopped stash: image: stashapp/stash:latest container_name: stash ports: - "${STASH_EXTERNAL_PORT}:${STASH_INTERNAL_PORT}" ## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section # network_mode: host logging: driver: "json-file" options: max-file: "10" max-size: "2m" environment: - STASH_STASH=/data/ - STASH_GENERATED=/generated/ - STASH_METADATA=/metadata/ - STASH_CACHE=/cache/ - STASH_PORT=${STASH_INTERNAL_PORT} volumes: - /etc/localtime:/etc/localtime:ro ## Adjust below paths (the left part) to your liking. ## E.g. you can change ./config:/root/.stash to ./stash:/root/.stash ## Keep configs, scrapers, and plugins here. - "${DOCKER_STORAGE_PATH}/stash/config:/root/.stash" ## Point this at your collection. - "${STORAGE_PATH}/xxx:/data/" ## This is where your stash's metadata lives - "${DOCKER_STORAGE_PATH}/stash/metadata:/metadata" ## Any other cache content. - "${DOCKER_STORAGE_PATH}/stash/cache:/cache" ## Where to store generated content (screenshots,previews,transcodes,sprites) - "${DOCKER_STORAGE_PATH}/stash/generated:/generated" ## Where to store binary blob data (scene covers, images) - "${DOCKER_STORAGE_PATH}/stash/blobs:/blobs" networks: - public profiles: - base restart: unless-stopped navidrome: image: deluan/navidrome container_name: navidrome ports: - "${NAVIDROME_EXTERNAL_PORT}:${NAVIDROME_INTERNAL_PORT}" env_file: - navidrome.env user: "${PUID}:${PGID}" volumes: - "${DOCKER_STORAGE_PATH}/navidrome:/data" - "${STORAGE_PATH}/media/music2:/music" networks: - public profiles: - base restart: unless-stopped maloja: image: krateng/maloja container_name: maloja ports: - "${MALOJA_EXTERNAL_PORT}:${MALOJA_INTERNAL_PORT}" env_file: - maloja.env user: "${PUID}:${PGID}" volumes: - "${DOCKER_STORAGE_PATH}/maloja:/data" networks: - public profiles: - base restart: unless-stopped redis: container_name: redis image: docker.io/library/redis:7 networks: - redis restart: unless-stopped volumes: - "${DOCKER_STORAGE_PATH}/redis:/data" paperless-ngx: container_name: paperless-ngx image: ghcr.io/paperless-ngx/paperless-ngx:latest restart: unless-stopped depends_on: - redis - gotenberg - tika ports: - "${PAPERLESS_EXTERNAL_PORT}:${PAPERLESS_INTERNAL_PORT}" networks: - public - redis - tika - gotenberg profiles: - base healthcheck: test: [ "CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000" ] interval: 30s timeout: 10s retries: 5 volumes: - "${DOCKER_STORAGE_PATH}/paperless-ngx/data:/usr/src/paperless/data" - "${DOCKER_STORAGE_PATH}/paperless-ngx/media:/usr/src/paperless/media" - "${DOCKER_STORAGE_PATH}/paperless-ngx/export:/usr/src/paperless/export" - "${DOCKER_STORAGE_PATH}/paperless-ngx/consume:/usr/src/paperless/consume" env_file: paperless-ngx.env environment: PAPERLESS_REDIS: redis://redis:6379 PAPERLESS_TIKA_ENABLED: 1 PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 PAPERLESS_TIKA_ENDPOINT: http://tika:9998 gotenberg: image: docker.io/gotenberg/gotenberg:7.6 restart: unless-stopped networks: - gotenberg # The gotenberg chromium route is used to convert .eml files. We do not # want to allow external content like tracking pixels or even javascript. profiles: - base command: - "gotenberg" - "--chromium-disable-javascript=true" - "--chromium-allow-list=file:///tmp/.*" tika: image: ghcr.io/paperless-ngx/tika:latest networks: - tika profiles: - base restart: unless-stopped homer: image: b4bz/homer container_name: homer ports: - "${HOMER_EXTERNAL_PORT}:${HOMER_INTERNAL_PORT}" networks: - public profiles: - base volumes: - "${DOCKER_STORAGE_PATH}/homer:/www/assets" environment: UID: ${PUID} GID: ${PGID} restart: unless-stopped syncthing: image: lscr.io/linuxserver/syncthing:latest container_name: syncthing volumes: - "${DOCKER_STORAGE_PATH}/syncthing:/config" - "${STORAGE_PATH}/docker-storage/syncthing:/general" ports: - "${SYNCTHING_EXTERNAL_PORT1}:${SYNCTHING_INTERNAL_PORT1}" - "${SYNCTHING_EXTERNAL_PORT2}:${SYNCTHING_INTERNAL_PORT2}" - "${SYNCTHING_EXTERNAL_PORT3}:${SYNCTHING_INTERNAL_PORT3}" - "${SYNCTHING_EXTERNAL_PORT4}:${SYNCTHING_INTERNAL_PORT4}" environment: - "PUID=${PUID}" - "PGID=${PGID}" restart: unless-stopped profiles: - base networks: - public mediawiki: container_name: mediawiki image: mediawiki networks: - public depends_on: - mariadb ports: - "${MEDIAWIKI_EXTERNAL_PORT}:${MEDIAWIKI_INTERNAL_PORT}" volumes: - "${DOCKER_STORAGE_PATH}/mediawiki/images:/var/www/html/images" - "${DOCKER_STORAGE_PATH}/mediawiki/extensions:/var/www/html/extensions" - "${DOCKER_STORAGE_PATH}/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php" profiles: - base restart: unless-stopped npm: container_name: nginx-proxy-manager image: docker.io/jc21/nginx-proxy-manager:latest network_mode: host # doesn't need to be in the mariadb network because it uses host mode depends_on: - mariadb volumes: - "${DOCKER_STORAGE_PATH}/nginx-proxy-manager/data:/data" - "${DOCKER_STORAGE_PATH}/nginx-proxy-manager/letsencrypt:/etc/letsencrypt" - sockets:/var/run/mysqld - "${DOCKER_STORAGE_PATH}/nginx-proxy-manager/98-themepark:/etc/cont-init.d/99-themepark" environment: - DB_MYSQL_HOST=localhost - DB_MYSQL_NAME=npm - DB_MYSQL_PASSWORD=npm - "DB_MYSQL_PORT=${MARIADB_EXTERNAL_PORT}" - DB_MYSQL_USER=npm profiles: - infra - base restart: unless-stopped photoprism: container_name: photoprism image: docker.io/photoprism/photoprism networks: - mariadb - public ports: - "${PHOTOPRISM_EXTERNAL_PORT}:${PHOTOPRISM_INTERNAL_PORT}" depends_on: - mariadb env_file: - photoprism.env volumes: - "${PHOTOS_STORAGE_PATH}/import:/photoprism/import" - "${PHOTOS_STORAGE_PATH}/originals:/photoprism/originals" - "${PHOTOS_STORAGE_PATH}/storage:/photoprism/storage" profiles: - base restart: unless-stopped mariadb: container_name: mariadb image: linuxserver/mariadb networks: - mariadb - public ports: - "${MARIADB_EXTERNAL_PORT}:${MARIADB_INTERNAL_PORT}" volumes: - "${DOCKER_STORAGE_PATH}/mariadb:/config" - sockets:/run/mysqld/ restart: unless-stopped profiles: - infra - base sonarr_tv: container_name: sonarr_tv_standard image: linuxserver/sonarr:develop networks: - public ports: - "${SONARR_TV_STANDARD_EXTERNAL_PORT}:${SONARR_INTERNAL_PORT}" environment: - PUID=${PUID} - PGID=${PGID} volumes: - "${DOCKER_STORAGE_PATH}/sonarr:/config" - "${TV_PATH}:/tv" - "${ANIME_PATH}:/anime" - "${NZB_DOWNLOADS_PATH}:/downloads" - "${TORRENTS_SEED_PATH}:/seed" - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete" restart: unless-stopped profiles: - base - media sonarr_anime: container_name: sonarr_anime image: linuxserver/sonarr:develop networks: - public ports: - "${SONARR_ANIME_EXTERNAL_PORT}:${SONARR_INTERNAL_PORT}" environment: - PUID=${PUID} - PGID=${PGID} volumes: - "${DOCKER_STORAGE_PATH}/sonarr_anime:/config" - "${ANIME_PATH}:/anime" - "${NZB_DOWNLOADS_PATH}:/downloads" - "${TORRENTS_SEED_PATH}:/seed" - "${TORRENTS_SEED_PATH}/incomplete:/data" restart: unless-stopped profiles: - base - media baserow: container_name: baserow image: baserow/baserow:latest networks: - public - postgres depends_on: - postgres ports: - "${BASEROW_EXTERNAL_PORT}:${BASEROW_INTERNAL_PORT}" env_file: - baserow.env volumes: - "${DOCKER_STORAGE_PATH}/baserow:/baserow/data" restart: unless-stopped profiles: - disabled postgres: container_name: postgres image: postgres:latest networks: - postgres ports: - "${BASEROW_EXTERNAL_PORT}:${BASEROW_INTERNAL_PORT}" volumes: - "${DOCKER_STORAGE_PATH}/postgres:/var/lib/postgresql/data" restart: unless-stopped profiles: - base - infra gitea: container_name: gitea image: ${REGISTRY_URL}/gitea:latest networks: - public - postgres - gitea depends_on: - postgres ports: - "${GITEA_WEBUI_EXTERNAL_PORT}:${GITEA_WEBUI_INTERNAL_PORT}" - "${GITEA_SSH_EXTERNAL_PORT}:${GITEA_SSH_INTERNAL_PORT}" volumes: - "${DOCKER_STORAGE_PATH}/gitea:/data" restart: unless-stopped gitearunner: container_name: gitearunner image: gitea/act_runner depends_on: - gitea volumes: - "${DOCKER_STORAGE_PATH}/gitearunner/config:/config" - "${DOCKER_STORAGE_PATH}/gitearunner/data:/data" - /var/run/docker.sock:/var/run/docker.sock networks: - gitea environment: - GITEA_INSTANCE_URL=https://git.${DOMAIN} - CONFIG_FILE=/config/config.yaml # When using Docker Secrets, it's also possible to use # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location. # The env var takes precedence - GITEA_RUNNER_REGISTRATION_TOKEN=92U7bIiADtqkILwjjj9rffjz8vyNp0zo7uaOgrIG - GITEA_RUNNER_LABELS="ubuntu-latest:docker://catthehacker/ubuntu:act-latest" - GITEA_RUNNER_NAME="NAS_CONTAINER" profiles: - base - infrastructure restart: unless-stopped linkace: image: linkace/linkace:simple container_name: linkace networks: - public - mariadb - redis depends_on: - mariadb - redis environment: # these env variables are instead of .env file # see https://www.linkace.org/docs/v1/setup/setup-with-docker/advanced-configuration/#using-docker-environment-variables-instead-of-the-env-file - APP_KEY=base64:X6XDR+dfqn5PM9QdmmxJoOECSsldWhkfnyi6yvohgNM= - DB_HOST=${MYSQL_HOST} - DB_DATABASE=${LINKACE_DB} - DB_USERNAME=${LINKACE_DB_USERNAME} - DB_PASSWORD=${LINKACE_DB_PASSWORD} - REDIS_HOST=redis ports: - "${LINKACE_EXTERNAL_PORT}:${LINKACE_INTERNAL_PORT}" volumes: - ${DOCKER_STORAGE_PATH}/linkace/backups:/app/storage/app/backups - ${DOCKER_STORAGE_PATH}/linkace/logs:/app/storage/logs restart: unless-stopped profiles: - base traefik: image: "traefik:latest" container_name: traefik command: - --api.insecure=true - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.http.address=:80 - --entrypoints.https.address=:443 - --certificatesresolvers.myresolver.acme.email=lukas@kucharczyk.xyz - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json - --certificatesresolvers.myresolver.acme.dnsChallenge=true - --certificatesresolvers.myresolver.acme.dnsChallenge.provider=ovh - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - --configFile=/etc/traefik/traefik.toml environment: - "OVH_ENDPOINT=ovh-eu" - "OVH_APPLICATION_KEY=f7255cb22f72787c" - "OVH_APPLICATION_SECRET=3a040d8113a213b9613b3877ce4352ad" - "OVH_CONSUMER_KEY=a0a9e8004bb6fe251654cc744c55d239" ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock - ${DOCKER_STORAGE_PATH}/traefik/acme.json:/letsencrypt/acme.json - ${DOCKER_STORAGE_PATH}/traefik/traefik.toml:/etc/traefik/traefik.toml networks: - public # ghost: # image: "ghost:latest" # container_name: ghost # environment: # - url=http://blog.kucharczyk.xyz # labels: # - "traefik.enable=true" # - "traefik.http.routers.ghost.rule=Host(`blog.kucharczyk.xyz`)" # - "traefik.http.routers.ghost.entrypoints=https" # - "traefik.http.routers.ghost.tls.certresolver=myresolver" # volumes: # - ${DOCKER_STORAGE_PATH}/ghost/content:/var/lib/ghost/content # networks: # - public whoami: image: traefik/whoami container_name: simple-service labels: - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.kucharczyk.xyz`)" - "traefik.http.routers.whoami.entrypoints=https" - "traefik.http.routers.whoami.tls.certresolver=myresolver" vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden networks: - public ports: - "${VAULTWARDEN_EXTERNAL_PORT}:${VAULTWARDEN_INTERNAL_PORT}" environment: #- PUSH_ENABLED=true #- PUSH_INSTALLATION='287eaff9-7be7-4b52-a31d-b09100dc0f5c' #- PUSH_INSTALLATION_KEY='n0xrH7YORuvJk8rqvxB5' - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$aWJ2cVRvYUsySkM3M01TMTJJMnZqbUF0Wm1qRWhvd1B6Sk50Q1hwck96dz0$$FKjZ36E54pX2e0AE9OaDpiH43TyAyfVwr3IvracbqEA volumes: - ${DOCKER_STORAGE_PATH}/vaultwarden:/data restart: unless-stopped profiles: - base - infra networks: loki: caddy: attachable: true internal: true redis: internal: true tika: internal: true gotenberg: internal: true public: attachable: true postgres: external: true mariadb: attachable: true gitea: external: false volumes: timetracker-static: sockets: