jason
/
home-network


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423
							volumes:
  pihole_config_etc:
  pihole_config_dnsmasq:
  heimdall_config:
  git_data:
  postgres_data:
  plex_config:
  plex_transcode:
  lidarr_config:
  radarr_config:
  sonarr_config:
  prowlarr_config:
  sabnzbd_config:
  nzbget_config:
  home_assistant_config:
  tt_rss_app:
  tt_rss_db:

  media_share:
    driver_opts:
      type: nfs
      o: addr=10.10.20.200,rw,hard
      device: :/mnt/media/
  downloads_share:
    driver_opts:
      type: nfs
      o: addr=10.10.20.200,rw,hard
      device: :/mnt/media/Downloads/
  downloads_incomplete_share:
    driver_opts:
      type: nfs
      o: addr=10.10.20.200,rw,hard
      device: :/mnt/media/Downloads/incomplete/

services:
  traefik:
    image: traefik:v2.9
    #    command: --log.level=debug
    ports:
      - "10.10.20.251:80:80/tcp"
      - "10.10.20.251:443:443/tcp"
      - "[::]:443:443/tcp"
      - "10.10.20.254:8080:8080/tcp"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik/

  traefik-forward-auth:
    image: thomseddon/traefik-forward-auth:2
    env_file: traefik/traefik-forward-auth.env
    labels: # you only need these if you're using an auth host
      - traefik.http.routers.auth.rule=Host(`auth.playne.au`)
      - traefik.http.routers.auth.entrypoints=websecure
      - traefik.http.routers.auth.tls=true
      - traefik.http.routers.auth.tls.domains[0].main=auth.playne.au
      - traefik.http.routers.auth.tls.certresolver=le
      - traefik.http.routers.auth.service=auth@docker
      - traefik.http.services.auth.loadbalancer.server.port=4181
      - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181
      - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true
      - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User
      - traefik.http.routers.auth.middlewares=forward-auth

  heimdall:
    environment:
      - PGID=1000
      - PUID=1000
    image: ghcr.io/linuxserver/heimdall
    ports:
      - "10.10.20.254:80:80/tcp"
    restart: unless-stopped
    volumes:
      - heimdall_config:/config:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.http.routers.heimdall.rule=Host(`media.playne.au`)
      - traefik.http.routers.heimdall.tls=true
      - traefik.http.routers.heimdall.tls.certresolver=le
      - traefik.http.routers.heimdall.entrypoints=websecure
      - traefik.http.routers.heimdall.middlewares=forward-auth
      - traefik.http.services.heimdall.loadbalancer.healthCheck.path=/

  pihole:
    dns:
      - 202.142.142.142
      - 202.142.142.242
    environment:
      - PUID=1000
      - CONDITIONAL_FORWARDING_IP=10.10.20.1
      - CONDITIONAL_FORWARDING_DOMAIN=playne.id.au
      - DNS2=202.142.142.242
      - ServerIP=10.10.20.253
      - CONDITIONAL_FORWARDING=True
      - DNS1=202.142.142.142
      - PGID=1000
      - DNS_IPv6=2403:5800:c100:7802::feed
      - DNS_IP=10.10.20.253
      - IPv6=True
    image: pihole/pihole:latest
    ports:
      - "10.10.20.253:443:443/tcp"
      - "10.10.20.253:53:53/tcp"
      - "10.10.20.253:53:53/udp"
      - "10.10.20.253:80:80/tcp"
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - pihole_config_etc:/etc/pihole:rw
      - pihole_config_dnsmasq:/etc/dnsmasq.d:rw
    labels:
      - traefik.enable=false
      - com.centurylinklabs.watchtower.enable=false

  git:
    image: gogs/gogs
    ports:
      - "10022:22"
      - "3000:3000"
    volumes:
      - git_data:/data
    labels:
      - traefik.http.routers.git.rule=Host(`git.playne.au`)
      - traefik.http.routers.git.tls=true
      - traefik.http.routers.git.tls.certresolver=le
      - traefik.http.routers.git.entrypoints=websecure
      - traefik.http.services.git.loadbalancer.server.port=3000
  #      - traefik.tcp.routers.git.entrypoints[0]=gitssh
  #      - traefik.tcp.routers.git.rule=HostSNI(`*`)
  #      - traefik.tcp.services.git.loadbalancer.server.port=10022

  nextcloud:
    image: nextcloud
    restart: unless-stopped
    ports:
      - "10.10.20.252:80:80/tcp"
    volumes:
      - /mnt/documents/files/cloud/:/var/www/html
    environment:
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=nextcloud
      - POSTGRES_HOST=postgres
    depends_on:
      - postgres
    labels:
      - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
      - traefik.http.routers.nextcloud.tls=true
      - traefik.http.routers.nextcloud.tls.certresolver=le
      - traefik.http.routers.nextcloud.middlewares=nextcloud_redirectregex
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav'
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav'

  postgres:
    image: postgres:14
    ports:
      - "5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_DB=nextcloud
    labels:
      - traefik.enable=false

  watchtower:
    image: containrrr/watchtower
    environment:
      - WATCHTOWER_CLEANUP=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - traefik.enable=false

  lidarr:
    environment:
      - PUID=65534
      - PGID=65534
    image: ghcr.io/linuxserver/lidarr
    ports:
      - "10.10.20.254:8686:8686/tcp"
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - lidarr_config:/config:rw
      - media_share:/data
    labels:
      - traefik.http.routers.lidarr.rule=Host(`lidarr.playne.au`)
      - traefik.http.routers.lidarr.tls=true
      - traefik.http.routers.lidarr.tls.certresolver=le
      - traefik.http.routers.lidarr.entrypoints=websecure
      - traefik.http.routers.lidarr.middlewares=forward-auth

  sabnzbd:
    image: lscr.io/linuxserver/sabnzbd:latest
    environment:
      - PGID=65533
      - PUID=65534
    volumes:
      - sabnzbd_config:/config
      - media_share:/data
      - downloads_share:/downloads
      - downloads_incomplete_share:/incomplete-downloads
    #    ports:
    #      - 8080:8080
    restart: unless-stopped
    labels:
      - traefik.http.routers.sabnzbd.rule=Host(`sabnzbd.playne.au`)
      - traefik.http.routers.sabnzbd.tls=true
      - traefik.http.routers.sabnzbd.tls.certresolver=le
      - traefik.http.routers.sabnzbd.entrypoints=websecure
      - traefik.http.routers.sabnzbd.middlewares=forward-auth

  nzbget:
    environment:
      - PGID=65534
      - PUID=65534
      - NZBGET_USER=nzbget
      - NZBGET_PASS=sd9f769342krw
    image: ghcr.io/linuxserver/nzbget
    ports:
      - "10.10.20.254:6790:6789/tcp"
    restart: unless-stopped
    volumes:
      - nzbget_config:/config:rw
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - media_share:/data
    labels:
      - traefik.http.routers.nzbget.rule=Host(`nzbget.playne.au`)
      - traefik.http.routers.nzbget.tls=true
      - traefik.http.routers.nzbget.tls.certresolver=le
      - traefik.http.routers.nzbget.entrypoints=websecure
      - traefik.http.routers.nzbget.middlewares=forward-auth

  plex:
    devices:
      - /dev/bus/usb:/dev/bus/usb
    environment:
      - PUID=65534
      - PGID=65534
      - NVIDIA_VISIBLE_DEVICES=all
      - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
    ports:
      - "10.10.20.254:1900:1900/udp"
      - "10.10.20.254:3005:3005/tcp"
      - "10.10.20.254:32400:32400/tcp"
      - "10.10.20.254:32410:32410/udp"
      - "10.10.20.254:32412:32412/udp"
      - "10.10.20.254:32413:32413/udp"
      - "10.10.20.254:32414:32414/udp"
      - "10.10.20.254:32469:32469/tcp"
      #      - "10.10.20.254:5353:5353/udp"
      - "10.10.20.254:8324:8324/tcp"
    image: ghcr.io/linuxserver/plex
    network_mode: host
    privileged: true
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities: [gpu]
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - media_share:/data
      - plex_config:/config
      - plex_transcode:/transcode
    labels:
      - traefik.enable=false

  radarr:
    environment:
      - PUID=65534
      - PGID=65534
    image: ghcr.io/linuxserver/radarr
    ports:
      - "10.10.20.254:7878:7878/tcp"
    restart: unless-stopped
    volumes:
      - radarr_config:/config:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - media_share:/data
    labels:
      - traefik.http.routers.radarr.rule=Host(`radarr.playne.au`)
      - traefik.http.routers.radarr.tls=true
      - traefik.http.routers.radarr.tls.certresolver=le
      - traefik.http.routers.radarr.entrypoints=websecure
      - traefik.http.routers.radarr.middlewares=forward-auth

  sonarr:
    environment:
      - PGID=65534
      - PUID=65534
    image: ghcr.io/linuxserver/sonarr
    ports:
      - "10.10.20.254:8989:8989/tcp"
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - sonarr_config:/config:rw
      - media_share:/data
    labels:
      - traefik.http.routers.sonarr.rule=Host(`sonarr.playne.au`)
      - traefik.http.routers.sonarr.tls=true
      - traefik.http.routers.sonarr.tls.certresolver=le
      - traefik.http.routers.sonarr.entrypoints=websecure
      - traefik.http.routers.sonarr.middlewares=forward-auth

  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    environment:
      - PGID=65534
      - PUID=65534
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - prowlarr_config:/config:rw
      - media_share:/data
    ports:
      - 9696:9696
    restart: unless-stopped
    labels:
      - traefik.http.routers.prowlarr.rule=Host(`prowlarr.playne.au`)
      - traefik.http.routers.prowlarr.tls=true
      - traefik.http.routers.prowlarr.tls.certresolver=le
      - traefik.http.routers.prowlarr.entrypoints=websecure
      - traefik.http.routers.prowlarr.middlewares=forward-auth

  #todo: once ipv6 is enabled, enable it here too
  ddns_cloudflare:
    image: oznu/cloudflare-ddns:latest
    restart: always
    network_mode: host
    environment:
      - API_KEY=nPHKK83fNj2bCKUtyytc3uOFqh0CukVyZWWKxH3p
      - ZONE=playne.id.au
      - SUBDOMAIN=apps
      - PROXIED=false
      - RRTYPE=AAAA
    labels:
      - traefik.enable=false

  # because this service is `network_mode: host` we configure it in traefik.yml
  home-assistant:
    image: ghcr.io/home-assistant/home-assistant:stable
    network_mode: host
    privileged: true
    environment:
      - TZ=Australia/Perth
    volumes:
      - home_assistant_config:/config
    labels:
      - traefik.enable=false

  ## TT-RSS setups
  tt-rss:
    image: ghcr.io/tt-rss/tt-rss:latest
    restart: unless-stopped
    environment: &tt_rss_env
      - TTRSS_DB_PORT=5433
      - TTRSS_DB_HOST=tt-rss-db
      - TTRSS_DB_USER=tt-rss
      - TTRSS_DB_NAME=tt-rss
      - TTRSS_DB_PASS=National5-Encourage-Lyricism
      - TTRSS_SELF_URL_PATH=https://tt-rss.playne.au
    volumes:
      - tt_rss_app:/var/www/html
      - ./config.d:/opt/tt-rss/config.d:ro
    depends_on:
      - tt-rss-db
    labels:
      - traefik.enable=false

  tt-rss-updater:
    image: ghcr.io/tt-rss/tt-rss:latest
    restart: unless-stopped
    environment: *tt_rss_env
    volumes:
      - tt_rss_app:/var/www/html
      - ./config.d:/opt/tt-rss/config.d:ro
    depends_on:
      - tt-rss
    command: /opt/tt-rss/updater.sh

  tt-rss-db:
    image: postgres:17
    ports:
      - "5433:5432"
    volumes:
      - tt_rss_db:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=National5-Encourage-Lyricism
      - POSTGRES_USER=tt-rss
      - POSTGRES_DB=tt-rss
    labels:
      - traefik.enable=false

  tt-rss-web-nginx:
    image: ghcr.io/tt-rss/tt-rss-web-nginx:latest
    restart: unless-stopped
    ports:
      - 80
    volumes:
      - tt_rss_app:/var/www/html:ro
    depends_on:
      - tt-rss
    labels:
      - traefik.http.routers.ttrss.rule=Host(`tt-rss.playne.au`)
      - traefik.http.routers.ttrss.tls=true
      - traefik.http.routers.ttrss.tls.certresolver=le
      - traefik.http.routers.ttrss.entrypoints=websecure