wholteza/lilleback-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e5a1b431cc4978ee1f5ed12e811858761cca839d
lilleback-infra/roles/bigboi/docker/templates/docker-compose.yml

317 lines
15 KiB
YAML
Raw Blame History

version: "3.1"
services:
unifi-controller:
image: lscr.io/linuxserver/unifi-controller:7.2.92
environment:
- PUID=1400
- MEM_LIMIT=1024
- MEM_STARTUP=1024
volumes:
- "{{docker.volumes_path}}/unifi_controller:/config"
ports:
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
- 8080:8080
- 1900:1900/udp
- 8843:8843
- 8880:8880
- 6789:6789
- 5514:5514/udp
restart: always
plex:
image: lscr.io/linuxserver/plex:latest
container_name: plex
environment:
- PUID=1400 # docker
- PGID=1202 # warez
- TZ=Etc/UTC
- VERSION=docker
volumes:
- "{{docker.plex.config_volume}}/plex:/config"
- "{{docker.plex.tv_volume}}:/tv"
- "{{docker.plex.movies_volume}}:/movies"
restart: unless-stopped
# This makes the instance claiming a lot easier since you can access the host on the same subnet.
network_mode: host
frigate:
container_name: frigate
privileged: true # this may not be necessary for all setups
restart: unless-stopped
image: ghcr.io/blakeblackshear/frigate:0.14.1
shm_size: "150mb" # update for your cameras based on calculation in docs
devices:
#- /dev/bus/usb:/dev/bus/usb # passes the USB Coral, needs to be modified for other versions
# /dev/apex_0:/dev/apex_0 # passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux
- /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware
volumes:
- /etc/localtime:/etc/localtime:ro
- "{{docker.frigate.config_volume}}/config.yml:/config/config.yml"
- "{{docker.frigate.media_volume}}:/media/frigate"
- type: tmpfs # Optional: 2GB of memory, reduces SSD/SD Card wear
target: /tmp/cache
tmpfs:
size: 2000000000
ports:
- "5000:5000"
- "8554:8554" # RTSP feeds
- "8555:8555/tcp" # WebRTC over tcp
- "8555:8555/udp" # WebRTC over udp
environment:
FRIGATE_RTSP_PASSWORD: "{{docker.frigate.rtsp_password}}"
influxdb:
image: influxdb:1.8-alpine
container_name: influxdb
restart: always
environment:
- INFLUXDB_DB=influx
- INFLUXDB_ADMIN_USER=admin
- "INFLUXDB_ADMIN_PASSWORD={{docker.influxdb.admin_password}}"
ports:
- "8086:8086"
volumes:
- "{{docker.influxdb.data_volume}}:/var/lib/influxdb"
grafana:
image: grafana/grafana
container_name: grafana
restart: always
depends_on:
- influxdb
environment:
- GF_SECURITY_ADMIN_USER=admin
- "GF_SECURITY_ADMIN_PASSWORD={{docker.grafana.admin_password}}"
- GF_INSTALL_PLUGINS=
links:
- influxdb
ports:
- "3000:3000"
volumes:
- "{{docker.grafana.data_volume}}:/var/lib/grafana"
user: "1400" # docker
photoprism:
container_name: photoprism
user: "1401:1201" # photoprism
image: photoprism/photoprism:latest
# restart: unless-stopped
stop_grace_period: 10s
depends_on:
- mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
ports:
- "2342:2342" # HTTP port (host:container)
environment:
PHOTOPRISM_ADMIN_USER: "wholteza" # admin login username
PHOTOPRISM_ADMIN_PASSWORD: "{{docker.photoprism.admin_password}}" # initial admin password (8-72 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "http://bigboi.zacke.xyz:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "warning" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
PHOTOPRISM_DATABASE_PASSWORD: "{{docker.mariadb.database_password}}" # MariaDB or MySQL database user password
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
# PHOTOPRISM_INIT: "https gpu tensorflow"
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# PHOTOPRISM_UID: 1000
# PHOTOPRISM_GID: 1000
# PHOTOPRISM_UMASK: 0000
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# user: "1000:1000"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # Example
- "{{docker.photoprism.image_volumes.lilleback}}:/photoprism/originals" # Original media files (DO NOT REMOVE)
- "{{docker.photoprism.image_volumes.ellen}}:/photoprism/originals/ellen" # Original media files (DO NOT REMOVE)
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "{{docker.photoprism.data_volume}}:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
mariadb:
container_name: mariadb
user: "1401" # photoprism
image: mariadb:11
restart: unless-stopped
stop_grace_period: 5s
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
volumes:
- "{{docker.mariadb.data_volume}}:/var/lib/mysql"
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "{{docker.mariadb.database_password}}"
MARIADB_ROOT_PASSWORD: "{{docker.mariadb.database_password}}"
vaultwarden:
image: vaultwarden/server:1.32.7
container_name: vaultwarden
restart: unless-stopped
environment:
DOMAIN: "https://vaultwarden.zacke.xyz"
EXPERIMENTAL_CLIENT_FEATURE_FLAGS: "autofill-v2,ssh-key-vault-item,ssh-agent"
volumes:
- "{{docker.vaultwarden.data_volume}}:/data"
ports:
- 8081:80
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.vaultwarden-redirect.redirectscheme.scheme: https
traefik.http.middlewares.vaultwarden-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.vaultwarden-web.rule: Host(`vaultwarden.zacke.xyz`)
traefik.http.routers.vaultwarden-web.entrypoints: web
traefik.http.routers.vaultwarden-web.middlewares: vaultwarden-redirect
# https
traefik.http.routers.vaultwarden-websecure.rule: Host(`vaultwarden.zacke.xyz`)
traefik.http.routers.vaultwarden-websecure.entrypoints: websecure
traefik.http.routers.vaultwarden-websecure.tls.certresolver: myresolver
traefik.http.routers.vaultwarden-websecure.middlewares: vaultwarden-redirect
# services
traefik.http.services.vaultwarden-websecure.loadbalancer.server.port: 80
reverse-proxy:
container_name: "reverse-proxy"
image: traefik:v3.2
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=linodev4
#- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.myresolver.acme.email=hosting@montell.com
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
- --serversTransport.insecureSkipVerify=true
ports:
# The Web UI (enabled by --api.insecure=true)
- "8082:8080"
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "{{docker.letsencrypt.data_volume}}:/letsencrypt"
environment:
LINODE_TOKEN: "{{docker.letsencrypt.linode_token}}"
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.traefik-redirect.redirectscheme.scheme: https
traefik.http.middlewares.traefik-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.traefik-web.rule: Host(`traefik.zacke.xyz`)
traefik.http.routers.traefik-web.entrypoints: web
traefik.http.routers.traefik-web.middlewares: traefik-redirect
# https
traefik.http.routers.traefik-websecure.rule: Host(`traefik.zacke.xyz`)
traefik.http.routers.traefik-websecure.entrypoints: websecure
traefik.http.routers.traefik-websecure.tls.certresolver: myresolver
traefik.http.routers.traefik-websecure.middlewares: traefik-redirect
# services
traefik.http.services.traefik-websecure.loadbalancer.server.port: 8080
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
container_name: nextcloud
environment:
PUID: 1400 # docker
volumes:
- "{{docker.nextcloud.config_path}}:/config"
- "{{docker.nextcloud.data_path}}:/data"
ports:
- 8084:443
restart: unless-stopped
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.nextcloud-redirect.redirectscheme.scheme: https
traefik.http.middlewares.nextcloud-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.nextcloud-web.rule: Host(`nextcloud.zacke.xyz`)
traefik.http.routers.nextcloud-web.entrypoints: web
traefik.http.routers.nextcloud-web.middlewares: nextcloud-redirect
# https
traefik.http.routers.nextcloud-websecure.rule: Host(`nextcloud.zacke.xyz`)
traefik.http.routers.nextcloud-websecure.entrypoints: websecure
traefik.http.routers.nextcloud-websecure.tls.certresolver: myresolver
traefik.http.routers.nextcloud-websecure.middlewares: nextcloud-redirect
# services
traefik.http.services.nextcloud-websecure.loadbalancer.server.port: 443
traefik.http.services.nextcloud-websecure.loadbalancer.server.scheme: https
mariadb-nextcloud:
container_name: mariadb-nextcloud
image: mariadb:11
restart: unless-stopped
stop_grace_period: 5s
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: --skip-name-resolve=1
--innodb-buffer-pool-size=128M
--innodb_flush_log_at_trx_commit=2
--innodb_log_buffer_size=32M
--innodb_max_dirty_pages_pct=90
--query_cache_type=1
--query_cache_limit=2M
--query_cache_min_res_unit=2k
--query_cache_size=64M
--tmp_table_size=64M
--max_heap_table_size=64M
--long_query_time=1
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_ROOT_PASSWORD: "{{docker.mariadb_nextcloud.database_password}}"
MARIADB_USER: "nextcloud"
MARIADB_PASSWORD: "{{docker.mariadb_nextcloud.database_password}}"
MARIADB_DATABASE: "nextcloud"
ports:
- 3307:3306
volumes:
- "{{docker.mariadb_nextcloud.data_volume}}:/var/lib/mysql"
Reference in New Issue View Git Blame Copy Permalink