Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- services:
- secrets:
- cloudflare_api_key:
- file: $SECRETSDIR/cloudflare_api_key.txt
- cloudflare_email:
- file: $SECRETSDIR/cloudflare_email.txt
- transmission_rpc_pass:
- file: $SECRETSDIR/transmission_rpc_pass.txt
- transmission_rpc_user:
- file: $SECRETSDIR/transmission_rpc_user.txt
- cloudflare_api_key:
- file: $SECRETSDIR/cloudflare_api_key.txt
- cloudflare_email:
- file: $SECRETSDIR/cloudflare_email.txt
- mysql_root_password:
- file: $SECRETSDIR/mysql_root_password.txt
- mysql_password:
- file: $SECRETSDIR/mysql_password.txt
- mysql_username:
- file: $SECRETSDIR/mysql_username.txt
- openvpn_username:
- file: $SECRETSDIR/openvpn_username.txt
- openvpn_password:
- file: $SECRETSDIR/openvpn_password.txt
- traefik:
- image: traefik:v2.5
- container_name: traefik
- hostname: traefik
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - CF_API_EMAIL_FILE=/run/secrets/cloudflare_email
- - CF_API_KEY_FILE=/run/secrets/cloudflare_api_key
- - DOCKER_HOST=tcp://docker-socket-proxy:2375
- secrets:
- - cloudflare_api_key
- - cloudflare_email
- volumes:
- - $DOCKERDIR/traefik2/rules:/rules
- - $DOCKERDIR/traefik2/acme.json:/acme.json
- - $DOCKERDIR/traefik2/traefik.log:/traefik.log
- - $DOCKERDIR/shared:/shared
- depends_on:
- - authelia
- - socketproxy
- command: # CLI arguments
- - --global.insecureSNI
- - --global.checkNewVersion=true
- - --global.sendAnonymousUsage=true
- - --entryPoints.http.address=:80
- - --entryPoints.https.address=:443
- # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
- - --entryPoints.traefik.address=:8080
- - --api=true
- # - --api.insecure=true
- # - --serversTransport.insecureSkipVerify=true
- - --log=true
- - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- - --accessLog=true
- - --accessLog.filePath=/traefik.log
- - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- - --accessLog.filters.statusCodes=400-499
- - --providers.docker=true
- - --providers.docker.endpoint="tcp://docker-socket-proxy:2375"
- - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAIN`)
- - --providers.docker.exposedByDefault=false
- - --providers.docker.network=socketproxy
- - --providers.docker.defaultRule=Host({{ trimPrefix / .Name }}.$DOMAIN)
- - --providers.docker.swarmMode=false
- - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
- # - --providers.file.filename=${USERDIR}/docker/traefik/traefik_dynamic.toml # Load dynamic configuration from a file.
- - --providers.file.watch=true # Only works on top level files in the rules folder
- - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- ports:
- - target: 80
- published: 80
- protocol: tcp
- mode: host
- - target: 443
- published: 443
- protocol: tcp
- mode: host
- # - target: 8080
- # published: 8080
- # protocol: tcp
- # mode: host
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.docker.network=t2_proxy
- - traefik.http.routers.http-catchall.entrypoints=http
- - traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)
- - traefik.http.routers.http-catchall.middlewares=redirect-to-https
- - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- - traefik.http.routers.traefik-rtr.entrypoints=https
- - traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAIN`)
- - traefik.http.routers.traefik-rtr.tls=true
- - traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare # Comment out this line after first run of traefik to force the use of wildcard certs
- - traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAIN
- - traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAIN
- - traefik.http.routers.traefik-rtr.middlewares=middlewares-basic-auth@file
- - traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file
- - traefik.http.routers.traefik-rtr.middlewares=middlewares-secure-headers@file,middlewares-rate-limit@file,middlewares-basic-auth@file
- # - traefik.http.routers.traefik-rtr.middlewares=traefik-headers,middlewares-rate-limit@file,middlewares-basic-auth@file
- - traefik.http.middlewares.traefik-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT
- - traefik.http.middlewares.traefik-headers.headers.accesscontrolalloworiginlist=https://$DOMAIN
- - traefik.http.middlewares.traefik-headers.headers.accesscontrolmaxage=100
- - traefik.http.middlewares.traefik-headers.headers.addvaryheader=true
- - traefik.http.middlewares.traefik-headers.headers.allowedhosts=traefik.$DOMAIN
- - traefik.http.middlewares.traefik-headers.headers.hostsproxyheaders=X-Forwarded-Host
- - traefik.http.middlewares.traefik-headers.headers.sslredirect=true
- - traefik.http.middlewares.traefik-headers.headers.sslhost=traefik.$DOMAIN
- - traefik.http.middlewares.traefik-headers.headers.sslforcehost=true
- - traefik.http.middlewares.traefik-headers.headers.sslproxyheaders.X-Forwarded-Proto=https
- - traefik.http.middlewares.traefik-headers.headers.stsseconds=63072000
- - traefik.http.middlewares.traefik-headers.headers.stsincludesubdomains=true
- - traefik.http.middlewares.traefik-headers.headers.stspreload=true
- - traefik.http.middlewares.traefik-headers.headers.forcestsheader=true
- - traefik.http.middlewares.traefik-headers.headers.framedeny=true
- # - traefik.http.middlewares.traefik-headers.headers.customframeoptionsvalue=SAMEORIGIN # This option overrides FrameDeny
- - traefik.http.middlewares.traefik-headers.headers.contenttypenosniff=true
- - traefik.http.middlewares.traefik-headers.headers.browserxssfilter=true
- # - traefik.http.middlewares.traefik-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';
- - traefik.http.middlewares.traefik-headers.headers.referrerpolicy=same-origin
- - traefik.http.middlewares.traefik-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';
- - traefik.http.middlewares.traefik-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex,
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.2
- - socketproxy
- security_opt:
- - no-new-privileges:true
- restart: always
- socketproxy:
- image: tecnativa/docker-socket-proxy
- container_name: socketproxy
- hostname: socketproxy
- privileged: true
- environment:
- - CONTAINERS: 1
- - SECRETS: 1
- - INFO: 1
- - IMAGES: 1
- - VOLUMES: 1
- - NETWORKS: 1
- networks:
- - socketproxy
- ports:
- - 2375
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- restart: always
- cf-ddns:
- container_name: cf-ddns
- hostname: cf-ddns
- image: oznu/cloudflare-ddns:latest
- environment:
- - CF_API_KEY_FILE=/run/secrets/cloudflare_api_key
- - ZONE=$DOMAIN
- - PROXIED=true
- - RRTYPE=A
- - DELETE_ON_STOP=false
- - DNS_SERVER=1.1.1.1
- secrets:
- - cloudflare_api_key
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- restart: always
- authelia:
- image: authelia/authelia:latest
- container_name: authelia
- hostname: authelia
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/authelia:/config
- - $DOCKERDIR/authelia/data:/data
- - $DOCKERDIR/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
- - $DOCKERDIR/authelia/users_database.yml:/etc/authelia/users_database.yml
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.http.routers.authelia.middlewares=authelia-headers
- - traefik.http.middlewares.authelia-headers.headers.browserXssFilter=true
- - traefik.http.middlewares.authelia-headers.headers.customFrameOptionsValue=SAMEORIGIN
- - traefik.http.middlewares.authelia-headers.headers.customResponseHeaders.Cache-Control=no-store
- - traefik.http.middlewares.authelia-headers.headers.customResponseHeaders.Pragma=no-cache
- - traefik.http.routers.authelia.rule=Host(`login.wallace-home.org`)
- - traefik.http.routers.authelia.entrypoints=websecure
- - traefik.http.routers.authelia.tls.certresolver=letsencryptresolver
- - traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9081/api/verify?rd=https://login.wallace-home.org/
- - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
- - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups
- expose:
- - 9081
- depends_on:
- - traefik
- networks:
- t2_proxy:
- ipv4_address: 172.28.0.24
- restart: unless-stopped
- autheliadb:
- image: ghcr.io/linuxserver/mariadb
- container_name: autheliadb
- hostname: autheliadb
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - MYSQL_DATABASE="authelia"
- - REMOTE_SQL="http://autheliadb.wallace-home.org/authelia.sql,https://autheliadb.wallace-home.org/authelia.sql"
- - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
- - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
- - MYSQL_USER_FILE=/run/secrets/mysql_user
- secrets:
- - mysql_root_password
- - mysql_user
- - mysql_password
- volumes:
- - $DOCKERDIR/autheliadb:/config
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- ports:
- - 3307:3306
- networks:
- t2_proxy:
- ipv4_address: 172.28.0.25
- restart: always
- redis:
- image: redis:alpine
- container_name: redis
- hostname: redis
- volumes:
- - $DOCKERDIR/redis:/data
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- networks:
- t2_proxy:
- ipv4_address: 172.28.0.13
- expose:
- - 6379
- restart: unless-stopped
- environment:
- - TZ=$TZ
- rediscommander:
- container_name: rediscommander
- image: rediscommander/redis-commander:latest
- hostname: rediscommander
- security_opt:
- - no-new-privileges:true
- environment:
- - REDIS_HOST=172.28.0.13:6379
- - REDIS_PASSWORD=$REDIS_PASSWORD
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- ## HTTP Routers
- # - traefik.http.routers.rediscommander-rtr.entrypoints=https
- # - traefik.http.routers.rediscommander-rtr.rule=Host(`rediscom.$DOMAIN`)
- ## Middlewares
- # - traefik.http.routers.rediscommander-rtr.middlewares=chain-oauth@file
- ## HTTP Services
- # - traefik.http.routers.rediscommander-rtr.service=rediscommander-svc
- # - traefik.http.services.rediscommander-svc.loadbalancer.server.port=8081
- ports:
- - 8081:8081
- networks:
- t2_proxy:
- ipv4_address: 172.28.0.26
- restart: unless-stopped
- portainer:
- image: portainer/portainer-ce
- container_name: portainer
- hostname: portainer
- # command: -H unix:///var/run/docker.sock
- priveleged: true
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - DOCKER_HOST=tcp://docker-socket-proxy:2375
- depends_on:
- - socketproxy
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- - $DOCKERDIR/portainer:/config
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- # - traefik.network=t2_proxy
- # - traefik.http.routers.portainer-rtr.entrypoints=https
- # - traefik.http.routers.portsiner-rtr.rule=Host(`portainer.$DOMAIN`)
- # - traefik.http.routers.portainer-rtr.tls=true
- # - traefik.http.routers.portainer-rtr.service=portainer-svc
- # - traefik.http.services.portainer-svc.loadbalancer.server.port=9000
- # - traefik.http.routers.portainer-rtr.middlewares=chain-authelia@file
- ports:
- - 9000:9000
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.3
- - socketproxy
- restart: always
- watchtower:
- image: containrrr/watchtower
- container_name: watchtower
- hostname: watchtower
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - WATCHTOWER_CLEANUP=true
- - WATCHTOWER_REMOVE_VOLUMES=false
- - WATCHTOWER_INCLUDE_STOPPED=true
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- network_mode: none
- restart: always
- autoheal:
- image: willfarrell/autoheal
- container_name: autoheal
- hostname: autoheal
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - AUTOHEAL_CONTAINER_LABEL=all
- - DOCKER_HOST=tcp://docker-socket-proxy:2375
- depends_on:
- - socketproxy
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- labels:
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.5
- - socketproxy
- mem_limit: 40m
- mem_reservation: 15m
- restart: always
- services:
- secrets:
- phpmyadmin:
- image: ghcr.io/linuxserver/phpmyadmin
- container_name: phpmyadmin
- hostname: phpmyadmin
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - PMA_ARBITRARY=1 #optional
- - PMA_ABSOLUTE_URI=https://phpmyadmin.wallace-home.org #optional
- volumes:
- - $DOCKERDIR/phpmyadmin:/config
- ports:
- - 81:81
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- # - traefik.network=t2_proxy
- # - traefik.http.routers.phpmyadmin-rtr.entrypoints=https
- # - traefik.http.routers.phpmyadmin-rtr.rule=Host(`phpmyadmin.$DOMAIN`)
- # - traefik.http.routers.phpmyadmin-rtr.tls=true
- # - traefik.http.routers.phpmyadmin-rtr.service=phpmyadmin-svc
- # - traefik.http.services.phpmyadmin-svc.loadbalancer.server.port=81
- # - traefik.http.routers.phpmyadmin-rtr.middlewares=chain-authelia@file
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.6
- restart: unless-stopped
- homer:
- image: b4bz/homer
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/homer/data:/www/assets
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.services.dashboard-service.loadbalancer.server.port=8080
- - traefik.http.routers.dashboard.rule=HostHeader(`$DOMAIN``www.$DOMAIN`)
- - traefik.http.routers.dashboard.entrypoints=http
- # For https:
- - traefik.http.routers.dashboard-secure.rule=Host(`$DOMAIN``www.$DOMAIN`)
- - traefik.http.routers.dashboard-secure.entrypoints=https
- - traefik.http.routers.dashboard-secure.tls=true
- - traefik.http.routers.dashboard-secure.tls.certresolver=le
- - traefik.http.middlewares.dashboard-redirect-dashboard-secure.redirectscheme.scheme=https
- - traefik.http.routers.dashboard.middlewares=dashboard-redirect-dashboard-secure
- # ports:
- # - 8080:8080
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.7
- sonarr:
- image: ghcr.io/linuxserver/sonarr
- container_name: sonarr
- hostname: sonarr
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/sonarr:/config
- - $MEDIADIR/TVShows/TVShows:/data/TVShows
- - $MEDIADIR/TVShows/TV.Doc:/data/TVDoc
- - $MEDIADIR/Movies1/TV.Doc:/data/TVDoc1
- - $DOWNLOADS:/data/completed
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- ## HTTP Routers Auth Bypass
- - traefik.http.routers.sonarr-rtr-bypass.entrypoints=https
- - traefik.http.routers.sonarr-rtr-bypass.rule=Host(`sonarr.$DOMAIN`) && (Headers(`X-Api-Key`, `$SONARR_API_KEY`) || Query(`apikey`, `$SONARR_API_KEY`))
- - traefik.http.routers.sonarr-rtr-bypass.priority=100
- ##Routers
- - traefik.http.routers.sonarr-rtr.entrypoints=https
- - traefik.http.routers.sonarr-rtr.rule=Host(`sonarr.$DOMAIN`)
- - traefik.http.routers.sonarr-rtr.tls=true
- - traefik.http.routers.sonarr-rtr.service=sonarr-svc
- - traefik.http.routers.sonarr-rtr.priority=99
- - traefik.http.routers.sonarr-rtr.middlewares=chain-authelia@file
- ##Services
- - traefik.http.services.sonarr-svc.loadbalancer.server.port=8989
- # ports:
- # - 8989:8989
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.8
- restart: always
- radarr:
- image: ghcr.io/linuxserver/radarr
- container_name: radarr
- hostname: radarr
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/radarr:/config
- - $MEDIADIR/Movies/Animated:/data/Animated1
- - $MEDIADIR/Movies1/Animated:/data/Animated2
- - $MEDIADIR/Movies3/Animated:/data/Animated3
- - $MEDIADIR/Movies/Horror:/data/Horror1
- - $MEDIADIR/Movies1/Horror:/data/Horror2
- - $MEDIADIR/Movies3/Horror:/data/Horror3
- - $MEDIADIR/Movies/Movies:/data/Movies1
- - $MEDIADIR/Movies1/Movies:/data/Movies2
- - $MEDIADIR/Movies3/Movies:/data/Movies3
- - $MEDIADIR/Movies3/Mov.Doc:/data/documentaries
- - $DOWNLOADS:/data/completed
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- ## HTTP Routers Auth Bypass
- - traefik.http.routers.radarr-rtr-bypass.entrypoints=https
- - traefik.http.routers.radarr-rtr-bypass.rule=Host(`radarr.$DOMAIN`) && (Headers(`X-Api-Key`, `$RADARR_API_KEY`) || Query(`apikey`, `$RADARR_API_KEY`))
- - traefik.http.routers.radarr-rtr-bypass.priority=100
- ##Routers
- - traefik.http.routers.radarr-rtr.entrypoints=https
- - traefik.http.routers.radarr-rtr.rule=Host(`radarr.$DOMAIN`)
- - traefik.http.routers.radarr-rtr.tls=true
- - traefik.http.routers.radarr-rtr.middlewares=chain-authelia@file
- - traefik.http.routers.radarr-rtr.priority=99
- - traefik.http.routers.radarr-rtr.service=radarr-svc
- ##Services
- - traefik.http.services.radarr-svc.loadbalancer.server.port=7878
- # ports:
- # - 7878:7878
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.9
- restart: always
- lidarr:
- image: ghcr.io/linuxserver/lidarr
- container_name: lidarr
- hostname: lidarr
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/lidarr:/config
- - $MEDIADIR/Movies1/Music:/data/Music
- - $DOWNLOADS:/data/completed
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.lidarr-rtr.entrypoints=https
- - traefik.http.routers.lidarr-rtr.rule=Host(`lidarr.$DOMAIN`)
- - traefik.http.routers.lidarr-rtr.tls=true
- - traefik.http.routers.lidarr-rtr.service=lidarr-svc
- - traefik.http.services.lidarr-svc.loadbalancer.server.port=8686
- - traefik.http.routers.lidarr-rtr.middlewares=chain-authelia@file
- # ports:
- # - 8686:8686
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.10
- restart: always
- bazarr:
- image: ghcr.io/linuxserver/bazarr
- container_name: bazarr
- hostname: bazarr
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/bazarr:/config
- - $MEDIADIR/Movies/Animated:/data/Animated1
- - $MEDIADIR/Movies1/Animated:/data/Animated2
- - $MEDIADIR/Movies3/Animated:/data/Animated3
- - $MEDIADIR/Movies/Horror:/data/Horror1
- - $MEDIADIR/Movies1/Horror:/data/Horror2
- - $MEDIADIR/Movies3/Horror:/data/Horror3
- - $MEDIADIR/Movies/Movies:/data/Movies1
- - $MEDIADIR/Movies1/Movies:/data/Movies2
- - $MEDIADIR/Movies3/Movies:/data/Movies3
- - $MEDIADIR/TVShows/TVShows:/data/TVShows
- - $MEDIADIR/TVShows/TV.Doc:/data/TVDoc
- - $MEDIADIR/Movies1/TV.Doc:/data/TVDoc1
- - $MEDIADIR/Movies3/Mov.Doc:/data/documentaries
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.bazarr-rtr.entrypoints=https
- - traefik.http.routers.bazarr-rtr.rule=Host(`bazarr.$DOMAIN`)
- - traefik.http.routers.bazarr-rtr.tls=true
- - traefik.http.routers.bazarr-rtr.service=bazarr-svc
- - traefik.http.services.bazarr-svc.loadbalancer.server.port=6767
- - traefik.http.routers.bazarr-rtr.middlewares=chain-authelia@file
- # ports:
- # - 6767:6767
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.11
- restart: always
- prowlarr:
- container_name: prowlarr
- image: linuxserver/prowlarr
- hostname: prowlarr
- environment:
- - PUID=$PUID
- - PGID=$PGID
- - UMASK=002
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/prowlarr:/config
- # ports:
- # - 9696:9696
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.prowlarr-rtr.entrypoints=https
- - traefik.http.routers.prowlarr-rtr.rule=Host(`prowlarr.$DOMAIN`)
- - traefik.http.routers.prowlarr-rtr.tls=true
- - traefik.http.routers.prowlarr-rtr.middlewares=chain-authelia@file
- - traefik.http.routers.prowlarr-rtr.service=prowlarr-svc
- - traefik.http.services.prowlarr-svc.loadbalancer.server.port=9696
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.12
- restart: unless-stopped
- overseerr:
- image: sctx/overseerr
- container_name: overseerr
- hostname: overseerr
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - LOG_LEVEL=info
- volumes:
- - $DOCKERDIR/overseerr:/config
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.overseerr-rtr.entrypoints=https
- - traefik.http.routers.overseerr-rtr.rule=Host(`overseerr.$DOMAIN`)
- - traefik.http.routers.overseerr-rtr.tls=true
- - traefik.http.routers.overseerr-rtr.service=overseerr-svc
- - traefik.http.services.overseerr-svc.loadbalancer.server.port=5055
- - traefik.http.routers.overseerr-rtr.middlewares=chain-authelia@file
- # ports:
- # - 5055:5055
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.14
- transmission:
- image: haugene/transmission-openvpn
- container_name: transmission
- hostname: transmission
- cap_add:
- - NET_ADMIN
- devices:
- - /dev/net/tun
- # ports:
- # - 9091:9091
- # - 8888:8888
- dns:
- - 209.222.18.222
- - 209.222.18.218
- volumes:
- - /etc/localtime:/etc/localtime:ro
- - $DOCKERDIR/transmission:/data
- - $DOCKERDIR/transmission/openvpn:/etc/openvpn/custom/default.ovpn:ro
- - $DOWNLOADS:/data/Downloads
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - UMASK=002
- - OPENVPN_PROVIDER=PIA
- - OPENVPN_CONFIG=switzerland,ca_toronto,ca_montreal,ca_vancouver
- - PIA_OPENVPN_CONFIG_BUNDLE=openvpn
- - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- - LOCAL_NETWORK=192.168.7.0/24
- - TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
- - TRANSMISSION_RPC_HOST_WHITELIST="172.28.0.1,192.168.*.*"
- - TRANSMISSION_MAX_PEERS_GLOBAL=9999
- - TRANSMISSION_PEER_LIMIT_GLOBAL=9999
- - TRANSMISSION_PEER_LIMIT_PER_TORRENT=9999
- - TRANSMISSION_RPC_PASSWORD_FILE=/run/secrets/transmission_rpc_pass
- - TRANSMISSION_RPC_USERNAME_FILE=/run/secrets/transmission_rpc_user
- - TRANSMISSION_DOWNLOAD_DIR=/data/completed
- - OPENVPN_USERNAME_FILE=/run/secrets/openvpn_username
- - OPENVPN_PASSWORD_FILE=/run/secrets/openvpn_password
- secrets:
- - transmission_rpc_pass
- - transmission_rpc_user
- - openvpn_username
- - openvpn_password
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.transmission-rtr.entrypoints=https
- - traefik.http.routers.transmission-rtr.rule=Host(`transmission.$DOMAIN`)
- - traefik.http.routers.transmission-rtr.tls=true
- - traefik.http.routers.transmission-rtr.service=transmission-svc
- - traefik.http.services.transmission-svc.loadbalancer.server.port=9091
- - traefik.http.routers.transmission-rtr.middlewares=chain-authelia@file
- # ports:
- # - 9091:9091
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.15
- restart: always
- tautulli:
- image: ghcr.io/linuxserver/tautulli
- container_name: tautulli
- hostname: tautulli
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/tautulli:/config
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.tautulli-rtr.entrypoints=https
- - traefik.http.routers.tautulli-rtr.rule=Host(`tautulli.$DOMAIN`)
- - traefik.http.routers.tautulli-rtr.tls=true
- - traefik.http.routers.tautulli-rtr.service=radarr-svc
- - traefik.http.services.tautulli-svc.loadbalancer.server.port=8181
- - traefik.http.routers.tautulli-rtr.middlewares=chain-authelia@file
- # ports:
- # - 8181:8181
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.16
- restart: always
- plex:
- image: ghcr.io/linuxserver/plex
- container_name: plex
- hostname: plex
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - VERSION=docker
- # ports:
- # - 32400:32400
- # - 3005:3005/tcp
- # - 8324:8324/tcp
- # - 32469:32469/tcp
- # - 1900:1900/udp
- # - 32410:32410/udp
- # - 32412:32412/udp
- # - 32413:32413/udp
- # - 32414:32414/udp
- volumes:
- - $DOCKERDIR/plex:/config
- - $MEDIADIR/Extra2/Transcode:/transcode
- - $MEDIADIR/Movies/Animated:/data/Animated1
- - $MEDIADIR/Movies1/Animated:/data/Animated2
- - $MEDIADIR/Movies3/Animated:/data/Animated3
- - $MEDIADIR/Movies/Horror:/data/Horror2
- - $MEDIADIR/Movies1/Horror:/data/Horror2
- - $MEDIADIR/Movies3/Horror:/data/Horror3
- - $MEDIADIR/Movies/Movies:/data/Movies1
- - $MEDIADIR/Movies1/Movies:/data/Movies2
- - $MEDIADIR/Movies3/Movies:/data/Movies3
- - $MEDIADIR/TVShows/TVShows:/data/TVShows
- - $MEDIADIR/TVShows/TV.Doc:/data/TVDoc
- - $MEDIADIR/Movies3/Mov.Doc:/data/documentaries
- - $MEDIADIR/Movies1/TV.Doc:/data/TVDoc1
- - $MEDIADIR/Movies1/Music:/data/Music
- - $MEDIADIR/Movies3/Audiobooks:/data/Audiobooks
- - $MEDIADIR/Movies1/Photos:/data/Photos
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- # - traefik.network=t2_proxy
- # - traefik.http.routers.plex-rtr.entrypoints=https
- # - traefik.http.routers.plex-rtr.rule=Host(`plex.$DOMAIN`)
- # - traefik.http.routers.plex-rtr.tls=true
- # - traefik.http.routers.plex-rtr.service=plex-svc
- # - traefik.http.services.plex-svc.loadbalancer.server.port=32400
- # - traefik.http.routers.plex-rtr.middlewares=chain-authelia@file
- network_mode: host
- # networks:
- # t2_proxy:
- # ipv4_address: 172.28.0.17
- restart: always
- jellyfin:
- image: ghcr.io/linuxserver/jellyfin
- container_name: jellyfin
- hostname: jellyfin
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - JELLYFIN_PublishedServerUrl=192.168.7.76 `#optional`
- volumes:
- - $DOCKERDIR/jellyfin:/config
- - $MEDIADIR/Movies/Animated:/data/Animated1
- - $MEDIADIR/Movies1/Animated:/data/Animated2
- - $MEDIADIR/Movies3/Animated:/data/Animated3
- - $MEDIADIR/Movies/Horror:/data/Horror1
- - $MEDIADIR/Movies1/Horror:/data/Horror2
- - $MEDIADIR/Movies3/Horror:/data/Horror3
- - $MEDIADIR/Movies/Movies:/data/Movies1
- - $MEDIADIR/Movies1/Movies:/data/Movies2
- - $MEDIADIR/Movies3/Movies:/data/Movies3
- - $MEDIADIR/TVShows/TVShows:/data/TVShows
- - $MEDIADIR/TVShows/TV.Doc:/data/TVDoc
- - $MEDIADIR/Movies3/Mov.Doc:/data/documentaries
- - $MEDIADIR/Movies1/TV.Doc:/data/TVDoc1
- - $MEDIADIR/Movies1/Music:/data/Music
- - $MEDIADIR/Movies3/Audiobooks:/data/Audiobooks
- - $MEDIADIR/Movies1/Photos:/data/Photos
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- # - traefik.network=t2_proxy
- # - traefik.http.routers.jellyfin-rtr.entrypoints=https
- # - traefik.http.routers.jellyfin-rtr.rule=Host(`jellyfin.$DOMAIN`)
- # - traefik.http.routers.jellyfin-rtr.tls=true
- # - traefik.http.routers.jellyfin-rtr.service=jellyfin-svc
- # - traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096
- # - traefik.http.routers.jellyfin-rtr.middlewares=chain-authelia@file
- network_mode: host
- # t2_proxy:
- # ipv4_address: 172.28.0.18
- restart: always
- unmanic:
- image: josh5/unmanic:latest
- container_name: unmanic
- hostname: unmanic
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/unmanic:/config
- - $MEDIADIR/Movies/Animated:/data/Animated1
- - $MEDIADIR/Movies1/Animated:/data/Animated2
- - $MEDIADIR/Movies3/Animated:/data/Animated3
- - $MEDIADIR/Movies/Horror:/data/Horror1
- - $MEDIADIR/Movies1/Horror:/data/Horror2
- - $MEDIADIR/Movies3/Horror:/data/Horror3
- - $MEDIADIR/Movies/Movies:/data/Movies1
- - $MEDIADIR/Movies1/Movies:/data/Movies2
- - $MEDIADIR/Movies3/Movies:/data/Movies3
- - $MEDIADIR/TVShows/TVShows:/data/TVShows
- - $MEDIADIR/TVShows/TV.Doc:/data/TVDoc
- - $MEDIADIR/Movies3/Mov.Doc:/data/documentaries
- - $MEDIADIR/Movies1/TV.Doc:/data/TVDoc1
- - $TRANSCODES:/tmp/unmanic
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.unmanic-rtr.entrypoints=https
- - traefik.http.routers.unmanic-rtr.rule=Host(`unmanic.$DOMAIN`)
- - traefik.http.routers.unmanic-rtr.tls=true
- - traefik.http.routers.unmanic-rtr.service=unmanic-svc
- - traefik.http.services.unmanic-svc.loadbalancer.server.port=8888
- - traefik.http.routers.unmanic-rtr.middlewares=chain-authelia@file
- # ports:
- # - 8888:8888
- depends_on:
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.19
- restart: always
- whoami:
- # A container that exposes an API to show its IP address
- image: traefik/whoami
- labels:
- - traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)
- depends_on:
- - traefik
- networks:
- - t2_proxy
- nextcloud:
- image: ghcr.io/linuxserver/nextcloud
- container_name: nextcloud
- hostname: nextcloud
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $DOCKERDIR/nextcloud/config:/config
- - $MEDIADIR/Movies1/Photos:/data/Photos
- links:
- - nextclouddb
- - clamav
- - nextcloud_redis
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=true
- - traefik.network=t2_proxy
- - traefik.http.routers.nextcloud-rtr.entrypoints=https
- - traefik.http.routers.nextcloud-rtr.rule=Host(`nextcloud.$DOMAIN`)
- - traefik.http.routers.nextcloud-rtr.tls=true
- - traefik.tcp.routers.nextcloud-tcp.tls.passthrough=true
- - traefik.http.routers.nextcloud-rtr.service=nextcloud-svc
- - traefik.http.services.nextcloud-svc.loadbalancer.server.port=443
- - traefik.http.routers.nextcloud-rtr.middlewares=chain-authelia@docker
- # ports:
- # - 443:443
- depends_on:
- - nextclouddb
- - clamav
- - nextcloud_redis
- - traefik
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.20
- restart: always
- nextclouddb:
- image: ghcr.io/linuxserver/mariadb
- container_name: nextclouddb
- hostname: nextclouddb
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- - MYSQL_DATABASE="nextcloud"
- - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
- - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
- - MYSQL_USER_FILE=/run/secrets/mysql_user
- - REMOTE_SQL="http://nextcloud.wallace-home.org/nextcloud.sql,https://nextcloud.wallace-home.org/nextcloud.sql"
- secrets:
- - mysql_root_password
- - mysql_user
- - mysql_password
- volumes:
- - $DOCKERDIR/mariadb/nextcloud:/config
- depends_on:
- - nextcloud
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- ports:
- - 3306:3306
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.23
- restart: always
- clamav:
- image: mkodockx/docker-clamav:alpine
- container_name: clamav
- hostname: clamav
- environment:
- - PGID=$PGID
- - PUID=$PUID
- - TZ=$TZ
- volumes:
- - $MEDIADIR/Movies1/Photos:/data/Photos
- - $DOCKERDIR/clamav:/var/lib/clamav
- depends_on:
- - nextcloud
- ports:
- - 3310:3310
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.22
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- restart: always
- nextcloud_redis:
- image: redis:5
- container_name: nextcloud_redis
- hostname: nextcloud_redis
- volumes:
- - $DOCKERDIR/nextcloud_redis/redis:/data
- labels:
- - autoheal=true
- - com.centurylinklabs.watchtower.enable=true
- - traefik.enable=false
- networks:
- - t2_proxy:
- - ipv4_address: 172.28.0.21
- expose:
- - 6380
- restart: always
- networks:
- t2_proxy:
- external:
- name: t2_proxy
- default:
- driver: bridge
- socketproxy:
- external:
- name: socketproxy
- networks:
- t2_proxy:
- external:
- name: t2_proxy
- default:
- driver: bridge
- socketproxy:
- internal:
- name: socketproxy
Add Comment
Please, Sign In to add comment