Docker - HA Server

services:
  esphome:
    container_name: esphome
    image: esphome/esphome
    restart: unless-stopped
    environment:
      - TZ=${TIME_ZONE}
      - VIRTUAL_HOST=addonsserver.pmf.local
    ports:
      - 6052:6052
    volumes:
      - ${CONFIG_FOLDER}/esphome/config:/config
      - /etc/localtime:/etc/localtime:ro
    privileged: true
  grafana:
    image: grafana/grafana-oss:latest
    container_name: grafana
    restart: unless-stopped
    environment:
      - TZ=${TIME_ZONE}
      - GF_SERVER_ROOT_URL=${GF_SERVER_ROOT_URL_GRAFANA}
      - GF_AUTH_PROXY_ENABLED=false
      - GF_AUTH_ANONYMOUS_ENABLED=true
      - GF_AUTH_ANONYMOUS_ORG_NAME=Main Org.
      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
      - GF_USERS_ALLOW_SIGN_UP=false
      - GF_AUTH_GENERIC_OAUTH_ENABLED=${GF_AUTH_GENERIC_OAUTH_ENABLED}
      - GF_AUTH_GENERIC_OAUTH_NAME=${GF_AUTH_GENERIC_OAUTH_NAME}
      - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${GF_AUTH_GENERIC_OAUTH_CLIENT_ID_GRAFANA}
      - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET_GRAFANA}
      - GF_AUTH_GENERIC_OAUTH_SCOPES=${GF_AUTH_GENERIC_OAUTH_SCOPES}
      - GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=${GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES}
      - GF_AUTH_GENERIC_OAUTH_AUTH_URL=${GF_AUTH_GENERIC_OAUTH_AUTH_URL}
      - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${GF_AUTH_GENERIC_OAUTH_TOKEN_URL}
      - GF_AUTH_GENERIC_OAUTH_API_URL=${GF_AUTH_GENERIC_OAUTH_API_URL}
      - GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=${GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH}
      - GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=${GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH}
      - GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=${GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH}
      - GF_AUTH_GENERIC_OAUTH_USE_PKCE=${GF_AUTH_GENERIC_OAUTH_USE_PKCE}
    ports:
      - 3001:3000
    volumes:
      - ${CONFIG_FOLDER}/grafana:/var/lib/grafana
  hikvisionoorbell:
    image: pergolafabio/hikvision-doorbell:latest
    container_name: hikvisionoorbell
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - TZ=${TIME_ZONE}
    tty: true   # To read stdin commands
  homeassistant:
    container_name: homeassistant
    hostname: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    restart: unless-stopped
    network_mode: "host"
    privileged: true
    environment:
      - TZ=${TIME_ZONE}
    volumes:
      - ${CONFIG_FOLDER}/homeassistant:/config
      - ${TEMP_FOLDER}/homeassistant:/mnt/temp
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
  influxdb:
    image: influxdb:latest
    container_name: influxdb
    restart: unless-stopped
    ports:
      - 8086:8086
    volumes:
      - ${CONFIG_FOLDER}/influxdb:/var/lib/influxdb2
      - ${DATA_FOLDER}/influxdb/engine:/influxdb2/engine
    environment:
      - TZ=${TIME_ZONE}
      - INFLUXD_ENGINE_PATH=/influxdb2/engine
  mariadb:
    container_name: mariadb
    image: mariadb:latest
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
      - TZ=${TIME_ZONE}
    ports:
      - 3306:3306
    volumes:
      - ${CONFIG_FOLDER}/mariadb/data:/var/lib/mysql
      - ${TEMP_FOLDER}/mysqldump:/tmp/mysqldump
    labels:
      - "com.centurylinklabs.watchtower.monitor-only=true"
  mdns-repeater:
    image: monstrenyatko/mdns-repeater
    container_name: mdns-repeater
    restart: unless-stopped
    command: mdns-repeater-app -f eth0 br-c62806394e19
    network_mode: "host"
    environment:
      - TZ=${TIME_ZONE}
  mqtt-explorer:
    image: smeagolworms4/mqtt-explorer
    container_name: mqtt-explorer
    restart: unless-stopped
    environment:
      - TZ=${TIME_ZONE}
    ports:
      - 4001:4000
    volumes:
      - ${CONFIG_FOLDER}/mqtt-explorer:/mqtt-explorer/config
  mosquitto:
    image: eclipse-mosquitto:latest
    container_name: mosquitto
    restart: unless-stopped
    environment:
      - TZ=${TIME_ZONE}
    ports:
      - 1883:1883
      - 1884:1884
      - 9001:9001
    volumes:
      - ${CONFIG_FOLDER}/mosquitto/config:/mosquitto/config
      - ${CONFIG_FOLDER}/mosquitto/data:/mosquitto/data
      - ${CONFIG_FOLDER}/mosquitto/log:/mosquitto/log
  node-red:
    container_name: node-red
    image: nodered/node-red
    environment:
      - TZ=${TIME_ZONE}
    volumes:
      - ${CONFIG_FOLDER}/node-red:/data
      - ${TEMP_FOLDER}/homeassistant:/mnt/temp
    ports:
      - "1880:1880"
      - 80:80
      - 3456:3456
    expose:
      - 80
    restart: unless-stopped
  socket-proxy:
    container_name: socket-proxy
    image: tecnativa/docker-socket-proxy
    restart: always
    # networks:
    #   - socket_proxy
    # privileged: true # true for VM. False for unprivileged LXC container.
    ports:
    #  - "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line.
    # I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network.
     - "2375:2375"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
      ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
      # 0 to revoke access.
      # 1 to grant access.
      ## Granted by Default
      - EVENTS=1
      - PING=1
      - VERSION=1
      ## Revoked by Default
      # Security critical
      - AUTH=0
      - SECRETS=0
      - POST=1 # Watchtower
      # Not always needed
      - BUILD=0
      - COMMIT=0
      - CONFIGS=0
      - CONTAINERS=1 # Traefik, portainer, etc.
      - DISTRIBUTION=0
      - EXEC=0
      - IMAGES=1 # Portainer
      - INFO=1 # Portainer
      - NETWORKS=1 # Portainer
      - NODES=0
      - PLUGINS=0
      - SERVICES=1 # Portainer
      - SESSION=0
      - SWARM=0
      - SYSTEM=0
      - TASKS=1 # Portainer
      - VOLUMES=1 # Portainer
  watchtower:
    container_name: watchtower
    image: containrrr/watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command: --debug --cleanup --schedule "0 0 21 * * *"
    environment:
      TZ: ${TIME_ZONE}
      WATCHTOWER_NO_STARTUP_MESSAGE: true
      WATCHTOWER_NOTIFICATIONS_HOSTNAME: "AddonsServer"
      WATCHTOWER_NOTIFICATION_REPORT: "true"
      WATCHTOWER_NOTIFICATION_URL: ${TELEGRAM_URL}
      WATCHTOWER_NOTIFICATION_TEMPLATE: |
        {{- if .Report -}}
          {{- with .Report -}}
        {{len .Scanned}} Scanned, {{len .Updated}} Updated, {{len .Failed}} Failed
              {{- range .Updated}}
        - {{.Name}}: {{.CurrentImageID.ShortID}} updated to {{.LatestImageID.ShortID}}
              {{- end -}}
              {{- range .Fresh}}
        - {{.Name}}: {{.State}}
            {{- end -}}
            {{- range .Skipped}}
        - {{.Name}}: {{.State}}: {{.Error}}
            {{- end -}}
            {{- range .Failed}}
        - {{.Name}}: {{.State}}: {{.Error}}
            {{- end -}}
          {{- end -}}
        {{- else -}}
          {{range .Entries -}}{{.Message}}{{"\n"}}{{- end -}}
        {{- end -}}
  zigbee2mqtt:
    container_name: zigbee2mqtt
    image: koenkk/zigbee2mqtt
    restart: unless-stopped
    volumes:
      - ${CONFIG_FOLDER}/zigbee2mqtt/data:/app/data
      - /run/udev:/run/udev:ro
    ports:
      - 8080:8080
    environment:
      - TZ=${TIME_ZONE}
    devices:
      - ${SONOFF_ZIGBEE}:/dev/ttyACM0