volumes: pihole_config_etc: pihole_config_dnsmasq: heimdall_config: git_data: postgres_data: plex_config: plex_transcode: lidarr_config: radarr_config: sonarr_config: prowlarr_config: sabnzbd_config: nzbget_config: home_assistant_config: tt_rss_app: tt_rss_db: media_share: driver_opts: type: nfs o: addr=10.10.20.200,rw,hard device: :/mnt/media/ downloads_share: driver_opts: type: nfs o: addr=10.10.20.200,rw,hard device: :/mnt/media/Downloads/ downloads_incomplete_share: driver_opts: type: nfs o: addr=10.10.20.200,rw,hard device: :/mnt/media/Downloads/incomplete/ services: traefik: image: traefik:v2.9 # command: --log.level=debug ports: - "10.10.20.251:80:80/tcp" - "10.10.20.251:443:443/tcp" - "[::]:443:443/tcp" - "10.10.20.254:8080:8080/tcp" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock - ./traefik:/etc/traefik/ traefik-forward-auth: image: thomseddon/traefik-forward-auth:2 env_file: traefik/traefik-forward-auth.env labels: # you only need these if you're using an auth host - traefik.http.routers.auth.rule=Host(`auth.playne.au`) - traefik.http.routers.auth.entrypoints=websecure - traefik.http.routers.auth.tls=true - traefik.http.routers.auth.tls.domains[0].main=auth.playne.au - traefik.http.routers.auth.tls.certresolver=le - traefik.http.routers.auth.service=auth@docker - traefik.http.services.auth.loadbalancer.server.port=4181 - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181 - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User - traefik.http.routers.auth.middlewares=forward-auth heimdall: environment: - PGID=1000 - PUID=1000 image: ghcr.io/linuxserver/heimdall ports: - "10.10.20.254:80:80/tcp" restart: unless-stopped volumes: - heimdall_config:/config:rw - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: - traefik.http.routers.heimdall.rule=Host(`media.playne.au`) - traefik.http.routers.heimdall.tls=true - traefik.http.routers.heimdall.tls.certresolver=le - traefik.http.routers.heimdall.entrypoints=websecure - traefik.http.routers.heimdall.middlewares=forward-auth - traefik.http.services.heimdall.loadbalancer.healthCheck.path=/ pihole: dns: - 202.142.142.142 - 202.142.142.242 environment: - PUID=1000 - CONDITIONAL_FORWARDING_IP=10.10.20.1 - CONDITIONAL_FORWARDING_DOMAIN=playne.id.au - DNS2=202.142.142.242 - ServerIP=10.10.20.253 - CONDITIONAL_FORWARDING=True - DNS1=202.142.142.142 - PGID=1000 - DNS_IPv6=2403:5800:c100:7802::feed - DNS_IP=10.10.20.253 - IPv6=True image: pihole/pihole:latest ports: - "10.10.20.253:443:443/tcp" - "10.10.20.253:53:53/tcp" - "10.10.20.253:53:53/udp" - "10.10.20.253:80:80/tcp" restart: unless-stopped volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - pihole_config_etc:/etc/pihole:rw - pihole_config_dnsmasq:/etc/dnsmasq.d:rw labels: - traefik.enable=false - com.centurylinklabs.watchtower.enable=false git: image: gogs/gogs ports: - "10022:22" - "3000:3000" volumes: - git_data:/data labels: - traefik.http.routers.git.rule=Host(`git.playne.au`) - traefik.http.routers.git.tls=true - traefik.http.routers.git.tls.certresolver=le - traefik.http.routers.git.entrypoints=websecure - traefik.http.services.git.loadbalancer.server.port=3000 # - traefik.tcp.routers.git.entrypoints[0]=gitssh # - traefik.tcp.routers.git.rule=HostSNI(`*`) # - traefik.tcp.services.git.loadbalancer.server.port=10022 nextcloud: image: nextcloud restart: unless-stopped ports: - "10.10.20.252:80:80/tcp" volumes: - /mnt/documents/files/cloud/:/var/www/html environment: - POSTGRES_DB=nextcloud - POSTGRES_USER=nextcloud - POSTGRES_PASSWORD=nextcloud - POSTGRES_HOST=postgres depends_on: - postgres labels: - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`) - traefik.http.routers.nextcloud.tls=true - traefik.http.routers.nextcloud.tls.certresolver=le - traefik.http.routers.nextcloud.middlewares=nextcloud_redirectregex - traefik.http.routers.nextcloud.entrypoints=websecure - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav' - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav' postgres: image: postgres:14 ports: - "5432" volumes: - postgres_data:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=nextcloud - POSTGRES_USER=nextcloud - POSTGRES_DB=nextcloud labels: - traefik.enable=false watchtower: image: containrrr/watchtower environment: - WATCHTOWER_CLEANUP=true volumes: - /var/run/docker.sock:/var/run/docker.sock labels: - traefik.enable=false lidarr: environment: - PUID=65534 - PGID=65534 image: ghcr.io/linuxserver/lidarr ports: - "10.10.20.254:8686:8686/tcp" restart: unless-stopped volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - lidarr_config:/config:rw - media_share:/data labels: - traefik.http.routers.lidarr.rule=Host(`lidarr.playne.au`) - traefik.http.routers.lidarr.tls=true - traefik.http.routers.lidarr.tls.certresolver=le - traefik.http.routers.lidarr.entrypoints=websecure - traefik.http.routers.lidarr.middlewares=forward-auth sabnzbd: image: lscr.io/linuxserver/sabnzbd:latest environment: - PGID=65533 - PUID=65534 volumes: - sabnzbd_config:/config - media_share:/data - downloads_share:/downloads - downloads_incomplete_share:/incomplete-downloads # ports: # - 8080:8080 restart: unless-stopped labels: - traefik.http.routers.sabnzbd.rule=Host(`sabnzbd.playne.au`) - traefik.http.routers.sabnzbd.tls=true - traefik.http.routers.sabnzbd.tls.certresolver=le - traefik.http.routers.sabnzbd.entrypoints=websecure - traefik.http.routers.sabnzbd.middlewares=forward-auth nzbget: environment: - PGID=65534 - PUID=65534 - NZBGET_USER=nzbget - NZBGET_PASS=sd9f769342krw image: ghcr.io/linuxserver/nzbget ports: - "10.10.20.254:6790:6789/tcp" restart: unless-stopped volumes: - nzbget_config:/config:rw - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - media_share:/data labels: - traefik.http.routers.nzbget.rule=Host(`nzbget.playne.au`) - traefik.http.routers.nzbget.tls=true - traefik.http.routers.nzbget.tls.certresolver=le - traefik.http.routers.nzbget.entrypoints=websecure - traefik.http.routers.nzbget.middlewares=forward-auth plex: devices: - /dev/bus/usb:/dev/bus/usb environment: - PUID=65534 - PGID=65534 - NVIDIA_VISIBLE_DEVICES=all - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility ports: - "10.10.20.254:1900:1900/udp" - "10.10.20.254:3005:3005/tcp" - "10.10.20.254:32400:32400/tcp" - "10.10.20.254:32410:32410/udp" - "10.10.20.254:32412:32412/udp" - "10.10.20.254:32413:32413/udp" - "10.10.20.254:32414:32414/udp" - "10.10.20.254:32469:32469/tcp" # - "10.10.20.254:5353:5353/udp" - "10.10.20.254:8324:8324/tcp" image: ghcr.io/linuxserver/plex network_mode: host privileged: true deploy: resources: reservations: devices: - driver: nvidia count: 1 capabilities: [gpu] restart: unless-stopped volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - media_share:/data - plex_config:/config - plex_transcode:/transcode labels: - traefik.enable=false radarr: environment: - PUID=65534 - PGID=65534 image: ghcr.io/linuxserver/radarr ports: - "10.10.20.254:7878:7878/tcp" restart: unless-stopped volumes: - radarr_config:/config:rw - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - media_share:/data labels: - traefik.http.routers.radarr.rule=Host(`radarr.playne.au`) - traefik.http.routers.radarr.tls=true - traefik.http.routers.radarr.tls.certresolver=le - traefik.http.routers.radarr.entrypoints=websecure - traefik.http.routers.radarr.middlewares=forward-auth sonarr: environment: - PGID=65534 - PUID=65534 image: ghcr.io/linuxserver/sonarr ports: - "10.10.20.254:8989:8989/tcp" restart: unless-stopped volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - sonarr_config:/config:rw - media_share:/data labels: - traefik.http.routers.sonarr.rule=Host(`sonarr.playne.au`) - traefik.http.routers.sonarr.tls=true - traefik.http.routers.sonarr.tls.certresolver=le - traefik.http.routers.sonarr.entrypoints=websecure - traefik.http.routers.sonarr.middlewares=forward-auth prowlarr: image: lscr.io/linuxserver/prowlarr:latest environment: - PGID=65534 - PUID=65534 volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - prowlarr_config:/config:rw - media_share:/data ports: - 9696:9696 restart: unless-stopped labels: - traefik.http.routers.prowlarr.rule=Host(`prowlarr.playne.au`) - traefik.http.routers.prowlarr.tls=true - traefik.http.routers.prowlarr.tls.certresolver=le - traefik.http.routers.prowlarr.entrypoints=websecure - traefik.http.routers.prowlarr.middlewares=forward-auth #todo: once ipv6 is enabled, enable it here too ddns_cloudflare: image: oznu/cloudflare-ddns:latest restart: always network_mode: host environment: - API_KEY=nPHKK83fNj2bCKUtyytc3uOFqh0CukVyZWWKxH3p - ZONE=playne.id.au - SUBDOMAIN=apps - PROXIED=false - RRTYPE=AAAA labels: - traefik.enable=false # because this service is `network_mode: host` we configure it in traefik.yml home-assistant: image: ghcr.io/home-assistant/home-assistant:stable network_mode: host privileged: true environment: - TZ=Australia/Perth volumes: - home_assistant_config:/config labels: - traefik.enable=false ## TT-RSS setups tt-rss: image: ghcr.io/tt-rss/tt-rss:latest restart: unless-stopped environment: &tt_rss_env - TTRSS_DB_PORT=5432 - TTRSS_DB_HOST=tt-rss-db - TTRSS_DB_USER=tt-rss - TTRSS_DB_NAME=tt-rss - TTRSS_DB_PASS=National5-Encourage-Lyricism - TTRSS_SELF_URL_PATH=https://tt-rss.playne.au volumes: - tt_rss_app:/var/www/html - ./config.d:/opt/tt-rss/config.d:ro depends_on: - tt-rss-db labels: - traefik.enable=false tt-rss-updater: image: ghcr.io/tt-rss/tt-rss:latest restart: unless-stopped environment: *tt_rss_env volumes: - tt_rss_app:/var/www/html - ./config.d:/opt/tt-rss/config.d:ro depends_on: - tt-rss command: /opt/tt-rss/updater.sh labels: - traefik.enable=false tt-rss-db: image: postgres:17 ports: - "5432" volumes: - tt_rss_db:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=National5-Encourage-Lyricism - POSTGRES_USER=tt-rss - POSTGRES_DB=tt-rss labels: - traefik.enable=false tt-rss-web-nginx: image: ghcr.io/tt-rss/tt-rss-web-nginx:latest restart: unless-stopped environment: - APP_UPSTREAM=tt-rss ports: - 80 volumes: - tt_rss_app:/var/www/html:ro depends_on: - tt-rss labels: - traefik.http.routers.ttrss.rule=Host(`tt-rss.playne.au`) - traefik.http.routers.ttrss.tls=true - traefik.http.routers.ttrss.tls.certresolver=le - traefik.http.routers.ttrss.entrypoints=websecure