474 lines
22 KiB
YAML
474 lines
22 KiB
YAML
version: "3.1"
|
|
services:
|
|
unifi-controller:
|
|
image: lscr.io/linuxserver/unifi-controller:7.2.92
|
|
environment:
|
|
- PUID=1400
|
|
- MEM_LIMIT=1024
|
|
- MEM_STARTUP=1024
|
|
volumes:
|
|
- "{{docker.volumes_path}}/unifi_controller:/config"
|
|
ports:
|
|
- 8443:8443
|
|
- 3478:3478/udp
|
|
- 10001:10001/udp
|
|
- 8080:8080
|
|
- 1900:1900/udp
|
|
- 8843:8843
|
|
- 8880:8880
|
|
- 6789:6789
|
|
- 5514:5514/udp
|
|
restart: always
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.unifi-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.unifi-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.unifi-web.rule: Host(`unifi.zacke.xyz`)
|
|
traefik.http.routers.unifi-web.entrypoints: web
|
|
traefik.http.routers.unifi-web.middlewares: unifi-redirect
|
|
# https
|
|
traefik.http.routers.unifi-websecure.rule: Host(`unifi.zacke.xyz`)
|
|
traefik.http.routers.unifi-websecure.entrypoints: websecure
|
|
traefik.http.routers.unifi-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.unifi-websecure.middlewares: unifi-redirect
|
|
# services
|
|
traefik.http.services.unifi-websecure.loadbalancer.server.port: 8443
|
|
traefik.http.services.unifi-websecure.loadbalancer.server.scheme: https
|
|
plex:
|
|
image: lscr.io/linuxserver/plex:latest
|
|
container_name: plex
|
|
environment:
|
|
- PUID=1400 # docker
|
|
- PGID=1202 # warez
|
|
- TZ=Etc/UTC
|
|
- VERSION=docker
|
|
volumes:
|
|
- "{{docker.plex.config_volume}}/plex:/config"
|
|
- "{{docker.plex.tv_volume}}:/tv"
|
|
- "{{docker.plex.movies_volume}}:/movies"
|
|
restart: unless-stopped
|
|
ports:
|
|
- 32400:32400
|
|
- 32400:32400/udp
|
|
- 1901:1900/udp
|
|
- 8324:8324
|
|
- 32410:32410/udp
|
|
- 32412:32412/udp
|
|
- 32413:32413/udp
|
|
- 32414:32414/udp
|
|
- 32469:32469
|
|
# This makes the instance claiming a lot easier since you can access the host on the same subnet.
|
|
#network_mode: host
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.plex-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.plex-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.plex-web.rule: Host(`plex.zacke.xyz`)
|
|
traefik.http.routers.plex-web.entrypoints: web
|
|
traefik.http.routers.plex-web.middlewares: plex-redirect
|
|
# https
|
|
traefik.http.routers.plex-websecure.rule: Host(`plex.zacke.xyz`)
|
|
traefik.http.routers.plex-websecure.entrypoints: websecure
|
|
traefik.http.routers.plex-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.plex-websecure.middlewares: plex-redirect
|
|
# services
|
|
traefik.http.services.plex-websecure.loadbalancer.server.port: 32400
|
|
frigate:
|
|
container_name: frigate
|
|
privileged: true # this may not be necessary for all setups
|
|
restart: unless-stopped
|
|
image: ghcr.io/blakeblackshear/frigate:0.14.1
|
|
shm_size: "150mb" # update for your cameras based on calculation in docs
|
|
devices:
|
|
#- /dev/bus/usb:/dev/bus/usb # passes the USB Coral, needs to be modified for other versions
|
|
# /dev/apex_0:/dev/apex_0 # passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux
|
|
- /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- "{{docker.frigate.config_volume}}/config.yml:/config/config.yml"
|
|
- "{{docker.frigate.media_volume}}:/media/frigate"
|
|
- type: tmpfs # Optional: 2GB of memory, reduces SSD/SD Card wear
|
|
target: /tmp/cache
|
|
tmpfs:
|
|
size: 2000000000
|
|
ports:
|
|
- "5000:5000"
|
|
- "8554:8554" # RTSP feeds
|
|
- "8555:8555/tcp" # WebRTC over tcp
|
|
- "8555:8555/udp" # WebRTC over udp
|
|
environment:
|
|
FRIGATE_RTSP_PASSWORD: "{{docker.frigate.rtsp_password}}"
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.frigate-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.frigate-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.frigate-web.rule: Host(`frigate.zacke.xyz`)
|
|
traefik.http.routers.frigate-web.entrypoints: web
|
|
traefik.http.routers.frigate-web.middlewares: frigate-redirect
|
|
# https
|
|
traefik.http.routers.frigate-websecure.rule: Host(`frigate.zacke.xyz`)
|
|
traefik.http.routers.frigate-websecure.entrypoints: websecure
|
|
traefik.http.routers.frigate-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.frigate-websecure.middlewares: frigate-redirect
|
|
# services
|
|
traefik.http.services.frigate-websecure.loadbalancer.server.port: 5000
|
|
influxdb:
|
|
image: influxdb:1.8-alpine
|
|
container_name: influxdb
|
|
restart: always
|
|
environment:
|
|
- INFLUXDB_DB=influx
|
|
- INFLUXDB_ADMIN_USER=admin
|
|
- "INFLUXDB_ADMIN_PASSWORD={{docker.influxdb.admin_password}}"
|
|
ports:
|
|
- "8086:8086"
|
|
volumes:
|
|
- "{{docker.influxdb.data_volume}}:/var/lib/influxdb"
|
|
grafana:
|
|
image: grafana/grafana
|
|
container_name: grafana
|
|
restart: always
|
|
depends_on:
|
|
- influxdb
|
|
environment:
|
|
- GF_SECURITY_ADMIN_USER=admin
|
|
- "GF_SECURITY_ADMIN_PASSWORD={{docker.grafana.admin_password}}"
|
|
- GF_INSTALL_PLUGINS=
|
|
links:
|
|
- influxdb
|
|
ports:
|
|
- "3000:3000"
|
|
volumes:
|
|
- "{{docker.grafana.data_volume}}:/var/lib/grafana"
|
|
user: "1400" # docker
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.grafana-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.grafana-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.grafana-web.rule: Host(`grafana.zacke.xyz`)
|
|
traefik.http.routers.grafana-web.entrypoints: web
|
|
traefik.http.routers.grafana-web.middlewares: grafana-redirect
|
|
# https
|
|
traefik.http.routers.grafana-websecure.rule: Host(`grafana.zacke.xyz`)
|
|
traefik.http.routers.grafana-websecure.entrypoints: websecure
|
|
traefik.http.routers.grafana-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.grafana-websecure.middlewares: grafana-redirect
|
|
# services
|
|
traefik.http.services.grafana-websecure.loadbalancer.server.port: 3000
|
|
photoprism:
|
|
container_name: photoprism
|
|
user: "1401:1201" # photoprism
|
|
image: photoprism/photoprism:latest
|
|
restart: unless-stopped
|
|
stop_grace_period: 10s
|
|
depends_on:
|
|
- mariadb
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
ports:
|
|
- "2342:2342" # HTTP port (host:container)
|
|
environment:
|
|
PHOTOPRISM_ADMIN_USER: "wholteza" # admin login username
|
|
PHOTOPRISM_ADMIN_PASSWORD: "{{docker.photoprism.admin_password}}" # initial admin password (8-72 characters)
|
|
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
|
|
PHOTOPRISM_SITE_URL: "http://bigboi.zacke.xyz:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
|
|
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
|
|
PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
|
|
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
|
|
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
|
|
PHOTOPRISM_LOG_LEVEL: "warning" # log level: trace, debug, info, warning, error, fatal, or panic
|
|
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
|
|
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
|
|
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
|
|
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
|
|
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
|
|
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
|
|
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
|
|
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
|
|
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
|
|
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
|
|
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
|
|
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
|
|
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
|
|
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
|
|
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server
|
|
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
|
|
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
|
|
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
|
|
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
|
|
PHOTOPRISM_DATABASE_PASSWORD: "{{docker.mariadb.database_password}}" # MariaDB or MySQL database user password
|
|
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
|
|
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
|
|
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
|
|
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
|
|
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
|
|
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
|
|
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
|
|
## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
|
|
# PHOTOPRISM_INIT: "https gpu tensorflow"
|
|
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
|
|
# PHOTOPRISM_UID: 1000
|
|
# PHOTOPRISM_GID: 1000
|
|
# PHOTOPRISM_UMASK: 0000
|
|
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
|
|
# user: "1000:1000"
|
|
## Share hardware devices with FFmpeg and TensorFlow (optional):
|
|
# devices:
|
|
# - "/dev/dri:/dev/dri" # Intel QSV
|
|
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
|
|
# - "/dev/nvidiactl:/dev/nvidiactl"
|
|
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
|
|
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
|
|
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
|
|
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
|
|
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
|
|
working_dir: "/photoprism" # do not change or remove
|
|
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
|
|
volumes:
|
|
# "/host/folder:/photoprism/folder" # Example
|
|
- "{{docker.photoprism.image_volumes.lilleback}}:/photoprism/originals" # Original media files (DO NOT REMOVE)
|
|
- "{{docker.photoprism.image_volumes.ellen}}:/photoprism/originals/ellen" # Original media files (DO NOT REMOVE)
|
|
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
|
|
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
|
|
- "{{docker.photoprism.data_volume}}:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.photoprism-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.photoprism-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.photoprism-web.rule: Host(`photoprism.zacke.xyz`)
|
|
traefik.http.routers.photoprism-web.entrypoints: web
|
|
traefik.http.routers.photoprism-web.middlewares: photoprism-redirect
|
|
# https
|
|
traefik.http.routers.photoprism-websecure.rule: Host(`photoprism.zacke.xyz`)
|
|
traefik.http.routers.photoprism-websecure.entrypoints: websecure
|
|
traefik.http.routers.photoprism-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.photoprism-websecure.middlewares: photoprism-redirect
|
|
# services
|
|
traefik.http.services.photoprism-websecure.loadbalancer.server.port: 2342
|
|
|
|
mariadb:
|
|
container_name: mariadb
|
|
user: "1401" # photoprism
|
|
image: mariadb:11
|
|
restart: unless-stopped
|
|
stop_grace_period: 5s
|
|
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
|
volumes:
|
|
- "{{docker.mariadb.data_volume}}:/var/lib/mysql"
|
|
environment:
|
|
MARIADB_AUTO_UPGRADE: "1"
|
|
MARIADB_INITDB_SKIP_TZINFO: "1"
|
|
MARIADB_DATABASE: "photoprism"
|
|
MARIADB_USER: "photoprism"
|
|
MARIADB_PASSWORD: "{{docker.mariadb.database_password}}"
|
|
MARIADB_ROOT_PASSWORD: "{{docker.mariadb.database_password}}"
|
|
|
|
vaultwarden:
|
|
image: vaultwarden/server:1.32.7
|
|
container_name: vaultwarden
|
|
restart: unless-stopped
|
|
environment:
|
|
DOMAIN: "https://vaultwarden.zacke.xyz"
|
|
INVITATIONS_ALLOWED: "true"
|
|
SIGNUPS_ALLOWED: "false"
|
|
SIGNUPS_VERIFY: "true"
|
|
ORG_CREATION_USERS: zackarias@montell.se
|
|
ADMIN_TOKEN: "{{docker.vaultwarden.admin_token}}"
|
|
# Email
|
|
SMTP_HOST: "{{docker.vaultwarden.smtp_host}}"
|
|
SMTP_FROM: "{{docker.vaultwarden.smtp_user}}"
|
|
SMTP_FROM_NAME: "Bitwarden Lillebäck"
|
|
SMTP_PORT: "{{docker.vaultwarden.smtp_port}}"
|
|
SMTP_SSL: "true"
|
|
SMTP_USERNAME: "{{docker.vaultwarden.smtp_user}}"
|
|
SMTP_PASSWORD: "{{docker.vaultwarden.smtp_pass}}"
|
|
EXPERIMENTAL_CLIENT_FEATURE_FLAGS: "autofill-v2,ssh-key-vault-item,ssh-agent"
|
|
volumes:
|
|
- "{{docker.vaultwarden.data_volume}}:/data"
|
|
ports:
|
|
- 8081:80
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.vaultwarden-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.vaultwarden-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.vaultwarden-web.rule: Host(`vaultwarden.zacke.xyz`)
|
|
traefik.http.routers.vaultwarden-web.entrypoints: web
|
|
traefik.http.routers.vaultwarden-web.middlewares: vaultwarden-redirect
|
|
# https
|
|
traefik.http.routers.vaultwarden-websecure.rule: Host(`vaultwarden.zacke.xyz`)
|
|
traefik.http.routers.vaultwarden-websecure.entrypoints: websecure
|
|
traefik.http.routers.vaultwarden-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.vaultwarden-websecure.middlewares: vaultwarden-redirect
|
|
# services
|
|
traefik.http.services.vaultwarden-websecure.loadbalancer.server.port: 80
|
|
|
|
reverse-proxy:
|
|
container_name: "reverse-proxy"
|
|
image: traefik:v3.2
|
|
command:
|
|
- --api.insecure=true
|
|
- --providers.docker=true
|
|
- --providers.docker.exposedbydefault=false
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.websecure.address=:443
|
|
- --certificatesresolvers.myresolver.acme.dnschallenge=true
|
|
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=linodev4
|
|
#- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
|
- --certificatesresolvers.myresolver.acme.email=hosting@montell.com
|
|
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
|
|
- --serversTransport.insecureSkipVerify=true
|
|
ports:
|
|
# The Web UI (enabled by --api.insecure=true)
|
|
- "8082:8080"
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- "{{docker.letsencrypt.data_volume}}:/letsencrypt"
|
|
environment:
|
|
LINODE_TOKEN: "{{docker.letsencrypt.linode_token}}"
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.traefik-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.traefik-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.traefik-web.rule: Host(`traefik.zacke.xyz`)
|
|
traefik.http.routers.traefik-web.entrypoints: web
|
|
traefik.http.routers.traefik-web.middlewares: traefik-redirect
|
|
# https
|
|
traefik.http.routers.traefik-websecure.rule: Host(`traefik.zacke.xyz`)
|
|
traefik.http.routers.traefik-websecure.entrypoints: websecure
|
|
traefik.http.routers.traefik-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.traefik-websecure.middlewares: traefik-redirect
|
|
# services
|
|
traefik.http.services.traefik-websecure.loadbalancer.server.port: 8080
|
|
nextcloud:
|
|
image: lscr.io/linuxserver/nextcloud:latest
|
|
container_name: nextcloud
|
|
environment:
|
|
PUID: 1400 # docker
|
|
volumes:
|
|
- "{{docker.nextcloud.config_path}}:/config"
|
|
- "{{docker.nextcloud.data_path}}:/data"
|
|
ports:
|
|
- 8084:443
|
|
restart: unless-stopped
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.nextcloud-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.nextcloud-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.nextcloud-web.rule: Host(`nextcloud.zacke.xyz`)
|
|
traefik.http.routers.nextcloud-web.entrypoints: web
|
|
traefik.http.routers.nextcloud-web.middlewares: nextcloud-redirect
|
|
# https
|
|
traefik.http.routers.nextcloud-websecure.rule: Host(`nextcloud.zacke.xyz`)
|
|
traefik.http.routers.nextcloud-websecure.entrypoints: websecure
|
|
traefik.http.routers.nextcloud-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.nextcloud-websecure.middlewares: nextcloud-redirect
|
|
# services
|
|
traefik.http.services.nextcloud-websecure.loadbalancer.server.port: 443
|
|
traefik.http.services.nextcloud-websecure.loadbalancer.server.scheme: https
|
|
mariadb-nextcloud:
|
|
container_name: mariadb-nextcloud
|
|
image: mariadb:11
|
|
restart: unless-stopped
|
|
stop_grace_period: 5s
|
|
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
|
|
- seccomp:unconfined
|
|
- apparmor:unconfined
|
|
command: --skip-name-resolve=1
|
|
--innodb-buffer-pool-size=128M
|
|
--innodb_flush_log_at_trx_commit=2
|
|
--innodb_log_buffer_size=32M
|
|
--innodb_max_dirty_pages_pct=90
|
|
--query_cache_type=1
|
|
--query_cache_limit=2M
|
|
--query_cache_min_res_unit=2k
|
|
--query_cache_size=64M
|
|
--tmp_table_size=64M
|
|
--max_heap_table_size=64M
|
|
--long_query_time=1
|
|
environment:
|
|
MARIADB_AUTO_UPGRADE: "1"
|
|
MARIADB_INITDB_SKIP_TZINFO: "1"
|
|
MARIADB_ROOT_PASSWORD: "{{docker.mariadb_nextcloud.database_password}}"
|
|
MARIADB_USER: "nextcloud"
|
|
MARIADB_PASSWORD: "{{docker.mariadb_nextcloud.database_password}}"
|
|
MARIADB_DATABASE: "nextcloud"
|
|
ports:
|
|
- 3307:3306
|
|
volumes:
|
|
- "{{docker.mariadb_nextcloud.data_volume}}:/var/lib/mysql"
|
|
dashy:
|
|
container_name: dashy
|
|
image: lissy93/dashy:3.x
|
|
restart: unless-stopped
|
|
volumes:
|
|
- "{{docker.dashy.data_volume}}:/app/user-data"
|
|
ports:
|
|
- 8085:8080
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.dashy-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.dashy-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.dashy-web.rule: Host(`dashy.zacke.xyz`)
|
|
traefik.http.routers.dashy-web.entrypoints: web
|
|
traefik.http.routers.dashy-web.middlewares: dashy-redirect
|
|
# https
|
|
traefik.http.routers.dashy-websecure.rule: Host(`dashy.zacke.xyz`)
|
|
traefik.http.routers.dashy-websecure.entrypoints: websecure
|
|
traefik.http.routers.dashy-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.dashy-websecure.middlewares: dashy-redirect
|
|
# services
|
|
traefik.http.services.dashy-websecure.loadbalancer.server.port: 8080
|
|
calibre-web:
|
|
image: lscr.io/linuxserver/calibre-web:latest
|
|
container_name: calibre-web
|
|
environment:
|
|
- PUID=1400
|
|
- PGID=1400
|
|
- TZ=Etc/UTC
|
|
- DOCKER_MODS=linuxserver/mods:universal-calibre #optional
|
|
- OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional
|
|
volumes:
|
|
- "{{docker.calibre.data_path}}:/config"
|
|
- "{{docker.calibre.library_path}}:/books"
|
|
restart: always
|
|
labels:
|
|
traefik.enable: true
|
|
# redirect scheme
|
|
traefik.http.middlewares.calibre-redirect.redirectscheme.scheme: https
|
|
traefik.http.middlewares.calibre-redirect.redirectscheme.permanent: true
|
|
# http
|
|
traefik.http.routers.calibre-web.rule: Host(`calibre.zacke.xyz`)
|
|
traefik.http.routers.calibre-web.entrypoints: web
|
|
traefik.http.routers.calibre-web.middlewares: calibre-redirect
|
|
# https
|
|
traefik.http.routers.calibre-websecure.rule: Host(`calibre.zacke.xyz`)
|
|
traefik.http.routers.calibre-websecure.entrypoints: websecure
|
|
traefik.http.routers.calibre-websecure.tls.certresolver: myresolver
|
|
traefik.http.routers.calibre-websecure.middlewares: calibre-redirect
|
|
# services
|
|
traefik.http.services.calibre-websecure.loadbalancer.server.port: 8083
|