version: "3.1" services: unifi-controller: image: lscr.io/linuxserver/unifi-controller:7.2.92 environment: - PUID=1400 - MEM_LIMIT=1024 - MEM_STARTUP=1024 volumes: - "{{docker.volumes_path}}/unifi_controller:/config" ports: - 8443:8443 - 3478:3478/udp - 10001:10001/udp - 8080:8080 - 1900:1900/udp - 8843:8843 - 8880:8880 - 6789:6789 - 5514:5514/udp restart: always plex: image: lscr.io/linuxserver/plex:latest container_name: plex environment: - PUID=1400 # docker - PGID=1202 # warez - TZ=Etc/UTC - VERSION=docker volumes: - "{{docker.plex.config_volume}}/plex:/config" - "{{docker.plex.tv_volume}}:/tv" - "{{docker.plex.movies_volume}}:/movies" restart: unless-stopped # This makes the instance claiming a lot easier since you can access the host on the same subnet. network_mode: host frigate: container_name: frigate privileged: true # this may not be necessary for all setups restart: unless-stopped image: ghcr.io/blakeblackshear/frigate:0.14.1 shm_size: "150mb" # update for your cameras based on calculation in docs devices: #- /dev/bus/usb:/dev/bus/usb # passes the USB Coral, needs to be modified for other versions # /dev/apex_0:/dev/apex_0 # passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux - /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware volumes: - /etc/localtime:/etc/localtime:ro - "{{docker.frigate.config_volume}}/config.yml:/config/config.yml" - "{{docker.frigate.media_volume}}:/media/frigate" - type: tmpfs # Optional: 2GB of memory, reduces SSD/SD Card wear target: /tmp/cache tmpfs: size: 2000000000 ports: - "5000:5000" - "8554:8554" # RTSP feeds - "8555:8555/tcp" # WebRTC over tcp - "8555:8555/udp" # WebRTC over udp environment: FRIGATE_RTSP_PASSWORD: "{{docker.frigate.rtsp_password}}" influxdb: image: influxdb:1.8-alpine container_name: influxdb restart: always environment: - INFLUXDB_DB=influx - INFLUXDB_ADMIN_USER=admin - "INFLUXDB_ADMIN_PASSWORD={{docker.influxdb.admin_password}}" ports: - "8086:8086" volumes: - "{{docker.influxdb.data_volume}}:/var/lib/influxdb" grafana: image: grafana/grafana container_name: grafana restart: always depends_on: - influxdb environment: - GF_SECURITY_ADMIN_USER=admin - "GF_SECURITY_ADMIN_PASSWORD={{docker.grafana.admin_password}}" - GF_INSTALL_PLUGINS= links: - influxdb ports: - "3000:3000" volumes: - "{{docker.grafana.data_volume}}:/var/lib/grafana" user: "1400" # docker photoprism: container_name: photoprism user: "1401:1201" # photoprism image: photoprism/photoprism:latest # restart: unless-stopped stop_grace_period: 10s depends_on: - mariadb security_opt: - seccomp:unconfined - apparmor:unconfined ports: - "2342:2342" # HTTP port (host:container) environment: PHOTOPRISM_ADMIN_USER: "wholteza" # admin login username PHOTOPRISM_ADMIN_PASSWORD: "{{docker.photoprism.admin_password}}" # initial admin password (8-72 characters) PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) PHOTOPRISM_SITE_URL: "http://bigboi.zacke.xyz:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)" PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) PHOTOPRISM_LOG_LEVEL: "warning" # log level: trace, debug, info, warning, error, fatal, or panic PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance) PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow) # PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name PHOTOPRISM_DATABASE_PASSWORD: "{{docker.mariadb.database_password}}" # MariaDB or MySQL database user password PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description PHOTOPRISM_SITE_AUTHOR: "" # meta site author ## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/): # PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi) # PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840) # PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50) ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean): # PHOTOPRISM_INIT: "https gpu tensorflow" ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): # PHOTOPRISM_UID: 1000 # PHOTOPRISM_GID: 1000 # PHOTOPRISM_UMASK: 0000 ## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): # user: "1000:1000" ## Share hardware devices with FFmpeg and TensorFlow (optional): # devices: # - "/dev/dri:/dev/dri" # Intel QSV # - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA # - "/dev/nvidiactl:/dev/nvidiactl" # - "/dev/nvidia-modeset:/dev/nvidia-modeset" # - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl" # - "/dev/nvidia-uvm:/dev/nvidia-uvm" # - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools" # - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m) working_dir: "/photoprism" # do not change or remove ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory volumes: # "/host/folder:/photoprism/folder" # Example - "{{docker.photoprism.image_volumes.lilleback}}:/photoprism/originals" # Original media files (DO NOT REMOVE) - "{{docker.photoprism.image_volumes.ellen}}:/photoprism/originals/ellen" # Original media files (DO NOT REMOVE) # - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this # - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals - "{{docker.photoprism.data_volume}}:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) mariadb: container_name: mariadb user: "1401" # photoprism image: mariadb:11 restart: unless-stopped stop_grace_period: 5s security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 - seccomp:unconfined - apparmor:unconfined command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 volumes: - "{{docker.mariadb.data_volume}}:/var/lib/mysql" environment: MARIADB_AUTO_UPGRADE: "1" MARIADB_INITDB_SKIP_TZINFO: "1" MARIADB_DATABASE: "photoprism" MARIADB_USER: "photoprism" MARIADB_PASSWORD: "{{docker.mariadb.database_password}}" MARIADB_ROOT_PASSWORD: "{{docker.mariadb.database_password}}" vaultwarden: image: vaultwarden/server:1.32.7 container_name: vaultwarden restart: unless-stopped environment: DOMAIN: "https://vaultwarden.zacke.xyz" EXPERIMENTAL_CLIENT_FEATURE_FLAGS: "autofill-v2,ssh-key-vault-item,ssh-agent" volumes: - "{{docker.vaultwarden.data_volume}}:/data" ports: - 8081:80 labels: traefik.enable: true # redirect scheme traefik.http.middlewares.vaultwarden-redirect.redirectscheme.scheme: https traefik.http.middlewares.vaultwarden-redirect.redirectscheme.permanent: true # http traefik.http.routers.vaultwarden-web.rule: Host(`vaultwarden.zacke.xyz`) traefik.http.routers.vaultwarden-web.entrypoints: web traefik.http.routers.vaultwarden-web.middlewares: vaultwarden-redirect # https traefik.http.routers.vaultwarden-websecure.rule: Host(`vaultwarden.zacke.xyz`) traefik.http.routers.vaultwarden-websecure.entrypoints: websecure traefik.http.routers.vaultwarden-websecure.tls.certresolver: myresolver traefik.http.routers.vaultwarden-websecure.middlewares: vaultwarden-redirect # services traefik.http.services.vaultwarden-websecure.loadbalancer.server.port: 80 reverse-proxy: container_name: "reverse-proxy" image: traefik:v3.2 command: - --api.insecure=true - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --certificatesresolvers.myresolver.acme.dnschallenge=true - --certificatesresolvers.myresolver.acme.dnschallenge.provider=linodev4 #- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.myresolver.acme.email=hosting@montell.com - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json ports: # The Web UI (enabled by --api.insecure=true) - "8082:8080" - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock - "{{docker.letsencrypt.data_volume}}:/letsencrypt" environment: LINODE_TOKEN: "{{docker.letsencrypt.linode_token}}" labels: traefik.enable: true # redirect scheme traefik.http.middlewares.traefik-redirect.redirectscheme.scheme: https traefik.http.middlewares.traefik-redirect.redirectscheme.permanent: true # http traefik.http.routers.traefik-web.rule: Host(`traefik.zacke.xyz`) traefik.http.routers.traefik-web.entrypoints: web traefik.http.routers.traefik-web.middlewares: traefik-redirect # https traefik.http.routers.traefik-websecure.rule: Host(`traefik.zacke.xyz`) traefik.http.routers.traefik-websecure.entrypoints: websecure traefik.http.routers.traefik-websecure.tls.certresolver: myresolver traefik.http.routers.traefik-websecure.middlewares: traefik-redirect # services traefik.http.services.traefik-websecure.loadbalancer.server.port: 8080