home-network/network/docker-compose.yml

version: "3.9"

volumes:
  pihole_config_etc:
  pihole_config_dnsmasq:
  heimdall_config:
  git_data:
  postgres_data:
  plex_config:
  plex_transcode:
  lidarr_config:
  radarr_config:
  sonarr_config:
  nzbget_config:
  home_assistant_config:

  media_share:
    driver_opts:
      type: nfs
      o: addr=10.10.20.200,rw,hard
      device: :/mnt/media/


services:
  traefik:
    image: traefik:v2.9
    command: --api.insecure=true
    ports:
      - "10.10.20.251:80:80/tcp"
      - "10.10.20.251:443:443/tcp"
      - "10.10.20.254:8080:8080/tcp"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik/

  traefik-forward-auth:
    image: thomseddon/traefik-forward-auth:2
    env_file: traefik/traefik-forward-auth.env
    labels: # you only need these if you're using an auth host
      - traefik.http.routers.auth.rule=Host(`auth.playne.au`)
      - traefik.http.routers.auth.entrypoints=websecure
      - traefik.http.routers.auth.tls=true
      - traefik.http.routers.auth.tls.domains[0].main=auth.playne.au
      - traefik.http.routers.auth.tls.certresolver=le
      - traefik.http.routers.auth.service=auth@docker
      - traefik.http.services.auth.loadbalancer.server.port=4181
      - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181
      - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true
      - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User
      - traefik.http.routers.auth.middlewares=forward-auth

  heimdall:
    environment:
      - PGID=1000
      - PUID=1000
    image: ghcr.io/linuxserver/heimdall
    ports:
      - "10.10.20.254:80:80/tcp"
    restart: unless-stopped
    volumes:
      - heimdall_config:/config:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.http.routers.heimdall.rule=Host(`media.playne.au`)
      - traefik.http.routers.heimdall.tls=true
      - traefik.http.routers.heimdall.tls.certresolver=le
      - traefik.http.routers.heimdall.entrypoints=websecure
      - traefik.http.routers.heimdall.middlewares=forward-auth
      - traefik.http.services.heimdall.loadbalancer.healthCheck.path=/


  pihole:
    dns:
      - 202.142.142.142
      - 202.142.142.242
    environment:
      - PUID=1000
      - CONDITIONAL_FORWARDING_IP=10.10.20.1
      - CONDITIONAL_FORWARDING_DOMAIN=playne.id.au
      - DNS2=202.142.142.242
      - ServerIP=10.10.20.253
      - CONDITIONAL_FORWARDING=True
      - DNS1=202.142.142.142
      - PGID=1000
      - DNS_IPv6=2403:5800:c100:7802::feed
      - DNS_IP=10.10.20.253
      - IPv6=True
    image: pihole/pihole:latest
    ports:
      - "10.10.20.253:443:443/tcp"
      - "10.10.20.253:53:53/tcp"
      - "10.10.20.253:53:53/udp"
      - "10.10.20.253:80:80/tcp"
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - pihole_config_etc:/etc/pihole:rw
      - pihole_config_dnsmasq:/etc/dnsmasq.d:rw
    labels:
      - traefik.enable=false
      - com.centurylinklabs.watchtower.enable=false

  git:
    image: gogs/gogs
    ports:
      - "10022:22"
      - "3000:3000"
    volumes:
      - git_data:/data
    labels:
      - traefik.http.routers.git.rule=Host(`git.playne.au`)
      - traefik.http.routers.git.tls=true
      - traefik.http.routers.git.tls.certresolver=le
      - traefik.http.routers.git.entrypoints=websecure
      - traefik.http.services.git.loadbalancer.server.port=3000
#      - traefik.tcp.routers.git.entrypoints[0]=gitssh
#      - traefik.tcp.routers.git.rule=HostSNI(`*`)
#      - traefik.tcp.services.git.loadbalancer.server.port=10022

  nextcloud:
    image: nextcloud
    restart: unless-stopped
    ports:
      - "10.10.20.252:80:80/tcp"
    volumes:
      - /mnt/documents/files/cloud/:/var/www/html
    environment:
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=nextcloud
      - POSTGRES_HOST=postgres
    depends_on:
      - postgres
    labels:
      - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
      - traefik.http.routers.nextcloud.tls=true
      - traefik.http.routers.nextcloud.tls.certresolver=le
      - traefik.http.routers.nextcloud.middlewares=nextcloud_redirectregex
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav'
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav'

  postgres:
    image: postgres:14
    ports:
      - "5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_DB=nextcloud
    labels:
      - traefik.enable=false

  watchtower:
    image: containrrr/watchtower
    environment:
      - WATCHTOWER_CLEANUP=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - traefik.enable=false


  lidarr:
    environment:
      - PUID=65534
      - PGID=65534
    image: ghcr.io/linuxserver/lidarr
    ports:
      - "10.10.20.254:8686:8686/tcp"
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - lidarr_config:/config:rw
      - media_share:/data
    labels:
      - traefik.http.routers.lidarr.rule=Host(`lidarr.playne.au`)
      - traefik.http.routers.lidarr.tls=true
      - traefik.http.routers.lidarr.tls.certresolver=le
      - traefik.http.routers.lidarr.entrypoints=websecure
      - traefik.http.routers.lidarr.middlewares=forward-auth

  nzbget:
    environment:
      - PGID=65534
      - PUID=65534
      - NZBGET_USER=nzbget
      - NZBGET_PASS=sd9f769342krw
    image: ghcr.io/linuxserver/nzbget
    ports:
      - "10.10.20.254:6790:6789/tcp"
    restart: unless-stopped
    volumes:
      - nzbget_config:/config:rw
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - media_share:/data
    labels:
      - traefik.http.routers.nzbget.rule=Host(`nzbget.playne.au`)
      - traefik.http.routers.nzbget.tls=true
      - traefik.http.routers.nzbget.tls.certresolver=le
      - traefik.http.routers.nzbget.entrypoints=websecure
      - traefik.http.routers.nzbget.middlewares=forward-auth

  plex:
    devices:
      - /dev/bus/usb:/dev/bus/usb
    environment:
      - PUID=65534
      - PGID=65534
      - NVIDIA_VISIBLE_DEVICES=all
      - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
    ports:
      - "10.10.20.254:1900:1900/udp"
      - "10.10.20.254:3005:3005/tcp"
      - "10.10.20.254:32400:32400/tcp"
      - "10.10.20.254:32410:32410/udp"
      - "10.10.20.254:32412:32412/udp"
      - "10.10.20.254:32413:32413/udp"
      - "10.10.20.254:32414:32414/udp"
      - "10.10.20.254:32469:32469/tcp"
      #      - "10.10.20.254:5353:5353/udp"
      - "10.10.20.254:8324:8324/tcp"
    image: ghcr.io/linuxserver/plex
    network_mode: host
    privileged: true
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities: [ gpu ]
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - media_share:/data
      - plex_config:/config
      - plex_transcode:/transcode
    labels:
      - traefik.enable=false

  radarr:
    environment:
      - PUID=65534
      - PGID=65534
    image: ghcr.io/linuxserver/radarr
    ports:
      - "10.10.20.254:7878:7878/tcp"
    restart: unless-stopped
    volumes:
      - radarr_config:/config:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - media_share:/data
    labels:
      - traefik.http.routers.radarr.rule=Host(`radarr.playne.au`)
      - traefik.http.routers.radarr.tls=true
      - traefik.http.routers.radarr.tls.certresolver=le
      - traefik.http.routers.radarr.entrypoints=websecure
      - traefik.http.routers.radarr.middlewares=forward-auth

  sonarr:
    environment:
      - PGID=65534
      - PUID=65534
    image: ghcr.io/linuxserver/sonarr
    ports:
      - "10.10.20.254:8989:8989/tcp"
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - sonarr_config:/config:rw
      - media_share:/data
    labels:
      - traefik.http.routers.sonarr.rule=Host(`sonarr.playne.au`)
      - traefik.http.routers.sonarr.tls=true
      - traefik.http.routers.sonarr.tls.certresolver=le
      - traefik.http.routers.sonarr.entrypoints=websecure
      - traefik.http.routers.sonarr.middlewares=forward-auth

  #todo: once ipv6 is enabled, enable it here too
  ddns_cloudflare:
    image: oznu/cloudflare-ddns:latest
    restart: always
    network_mode: host
    environment:
      - API_KEY=nPHKK83fNj2bCKUtyytc3uOFqh0CukVyZWWKxH3p
      - ZONE=playne.id.au
      - SUBDOMAIN=apps
      - PROXIED=false
#      - RRTYPE=AAAA

  home_assistant:
    image: ghcr.io/home-assistant/home-assistant:stable
    network: host
    network_mode: host
    privileged: true
    environment:
      - TZ=Australia/Perth
    volumes:
      - home_assistant_config:/config