API tools faq
paste
Advertisement
gw17252009

home.compose

gw17252009
Jun 6th, 2021
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 42.99 KB | None | 0 0
raw download clone embed print report
  1. networks:
  2.   t2_proxy:
  3.     name: t2_proxy
  4.     driver: bridge
  5.     enable_ipv6: false
  6.     ipam:
  7.       driver: default
  8.       config:
  9.         - subnet: 172.28.0.0/24
  10.           gateway: 172.28.0.1
  11.   VPN:
  12.     name: VPN
  13.     driver: bridge
  14.     ipam:
  15.       driver: default
  16.       config:
  17.         - subnet: 172.28.1.0/24
  18.           gateway: 172.28.1.1      
  19. services:
  20.   traefik:
  21.     image: traefik:v2.2.1
  22.     container_name: traefik
  23.     hostname: traefik
  24.     env_file: .env
  25.     environment:
  26.      - PUID=$PUID
  27.       - PGID=$PGID
  28.       - TZ=$TZ
  29.       - CF_API_EMAIL=$CLOUDFLARE_EMAIL
  30.       - CF_API_KEY=$CLOUDFLARE_API_KEY
  31.     volumes:
  32.      - $DOCKERDIR/traefik/rules:/rules
  33.       - /var/run/docker.sock:/var/run/docker.sock:ro
  34.       - $DOCKERDIR/traefik/acme.json:/acme.json
  35.       - $DOCKERDIR/traefik/traefik.log:/traefik.log
  36.       - $DOCKERDIR/shared:/shared
  37.     command: # CLI arguments
  38.       - --global.checkNewVersion=true
  39.       - --global.sendAnonymousUsage=true
  40.       - --entryPoints.http.address=:80
  41.       - --entryPoints.https.address=:443
  42.         # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
  43.       - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
  44.       - --entryPoints.traefik.address=:8080
  45.       - --api=true
  46. #      - --api.insecure=true
  47. #      - --serversTransport.insecureSkipVerify=true
  48.       - --log=true
  49.       - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
  50.       - --accessLog=true
  51.       - --accessLog.filePath=/traefik.log
  52.       - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
  53.       - --accessLog.filters.statusCodes=400-499
  54.       - --providers.docker=true
  55.       - --providers.docker.endpoint=unix:///var/run/docker.sock
  56.       - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAIN`)
  57.       - --providers.docker.exposedByDefault=false
  58.       - --providers.docker.network=t2_proxy
  59.       - --providers.docker.swarmMode=false
  60.       - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
  61. #      - --providers.file.filename=${USERDIR}/docker/traefik/traefik_dynamic.toml # Load dynamic configuration from a file.
  62.       - --providers.file.watch=true # Only works on top level files in the rules folder
  63.       - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
  64.       - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
  65.       - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
  66.       - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
  67.     ports:
  68.       - target: 80
  69.         published: 80
  70.         protocol: tcp
  71.         mode: host
  72.       - target: 443
  73.         published: 443
  74.         protocol: tcp
  75.         mode: host
  76. #      - target: 8080
  77. #        published: 8080
  78. #        protocol: tcp
  79. #        mode: host
  80.     labels:
  81.      - com.centurylinklabs.watchtower.enable=true
  82.       - "traefik.enable=true"
  83.       - "traefik.docker.network=t2_proxy"
  84.       ## HTTP-to-HTTPS Redirect
  85.       - "traefik.http.routers.http-catchall.entrypoints=http"
  86.       - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
  87.       - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
  88.       - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
  89.       ## HTTP Routers
  90.       - "traefik.http.routers.traefik-rtr.entrypoints=https"
  91.       - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAIN`)"
  92.       - "traefik.http.routers.traefik-rtr.tls=true"
  93.       - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
  94.       - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAIN"
  95.       - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAIN"
  96.       - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file"
  97.       - "traefik.http.routers.traefik-rtr.middlewares=middlewares-secure-headers@file,middlewares-rate-limit@file,middlewares-basic-auth@file"
  98.       ## Services - API
  99.       - "traefik.http.routers.traefik-rtr.service=api@internal"
  100.       ## Middlewares
  101. #      - "traefik.http.routers.traefik-rtr.middlewares=traefik-headers,middlewares-rate-limit@file,middlewares-basic-auth@file"
  102.       - "traefik.http.middlewares.traefik-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT"
  103.       - "traefik.http.middlewares.traefik-headers.headers.accesscontrolalloworiginlist=https://$DOMAIN"
  104.       - "traefik.http.middlewares.traefik-headers.headers.accesscontrolmaxage=100"
  105.       - "traefik.http.middlewares.traefik-headers.headers.addvaryheader=true"
  106.       - "traefik.http.middlewares.traefik-headers.headers.allowedhosts=traefik.$DOMAIN"
  107.       - "traefik.http.middlewares.traefik-headers.headers.hostsproxyheaders=X-Forwarded-Host"
  108.       - "traefik.http.middlewares.traefik-headers.headers.sslredirect=true"
  109.       - "traefik.http.middlewares.traefik-headers.headers.sslhost=traefik.$DOMAIN"
  110.       - "traefik.http.middlewares.traefik-headers.headers.sslforcehost=true"
  111.       - "traefik.http.middlewares.traefik-headers.headers.sslproxyheaders.X-Forwarded-Proto=https"
  112.       - "traefik.http.middlewares.traefik-headers.headers.stsseconds=63072000"
  113.       - "traefik.http.middlewares.traefik-headers.headers.stsincludesubdomains=true"
  114.       - "traefik.http.middlewares.traefik-headers.headers.stspreload=true"
  115.       - "traefik.http.middlewares.traefik-headers.headers.forcestsheader=true"
  116.       - "traefik.http.middlewares.traefik-headers.headers.framedeny=true"
  117. #      - "traefik.http.middlewares.traefik-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny
  118.       - "traefik.http.middlewares.traefik-headers.headers.contenttypenosniff=true"
  119.       - "traefik.http.middlewares.traefik-headers.headers.browserxssfilter=true"
  120. #      - "traefik.http.middlewares.traefik-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';"
  121.       - "traefik.http.middlewares.traefik-headers.headers.referrerpolicy=same-origin"
  122.       - "traefik.http.middlewares.traefik-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
  123.       - "traefik.http.middlewares.traefik-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex,"
  124.     networks:
  125.       t2_proxy:
  126.         ipv4_address: 172.28.0.1
  127.     security_opt:
  128.      - no-new-privileges:true
  129.     restart: always
  130.    
  131.   oauth:
  132.     image: thomseddon/traefik-forward-auth:latest
  133.     container_name: oauth
  134.     hostname: oauth
  135.     security_opt:
  136.      - no-new-privileges:true
  137.     environment:
  138.      - CLIENT_ID=$GOOGLE_CLIENT_ID
  139.       - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET
  140.       - SECRET=$OAUTH_SECRET
  141.       - COOKIE_DOMAIN=$DOMAIN
  142.       - INSECURE_COOKIE=false
  143.       - AUTH_HOST=oauth.$DOMAIN
  144.       - URL_PATH=/_oauth
  145.       - [email protected]
  146.       - LOG_LEVEL=info
  147.       - LOG_FORMAT=text
  148.       - LIFETIME=2592000 # 30 days
  149.     labels:
  150.      - com.centurylinklabs.watchtower.enable=true
  151.       - "traefik.network=t2_proxy"
  152.       - "traefik.enable=true"
  153.       ## HTTP Routers
  154.       - "traefik.http.routers.oauth-rtr.entrypoints=https"
  155.       - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)"
  156.       - "traefik.http.routers.oauth-rtr.tls=true"
  157.       ## HTTP Services
  158.       - "traefik.http.routers.oauth-rtr.service=oauth-svc"
  159.       - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181"
  160.       ## Middlewares
  161.       - "traefik.http.routers.oauth-rtr.middlewares=chain-oauth@file"
  162.     networks:
  163.       t2_proxy:
  164.         ipv4_address: 127.28.0.30
  165.     restart: always
  166.  
  167.   gluetun:
  168.     image: qmcgaw/gluetun
  169.     container_name: gluetun
  170.     hostname: gluetun
  171.     priveleged: true
  172.     cap_add:
  173.      - NET_ADMIN
  174.     env_file: .env
  175.     environment:
  176.      - VPNSP=cyberghost
  177.       - PUID=$PUID
  178.       - PGID=$PGID
  179.       - TZ=$TZ
  180.       - OPENVPN_USER=
  181.       - OPENVPN_PASSWORD=
  182.       - REGION=CANADA,USA,MEXICO
  183.       - CYBERGHOST_GROUP=PREMIUM_TCP_USA,PREMIUM_UDP_USA,
  184.       - SERVER_HOSTNAME=94-1-ca.cg-dialup.net,94-1-us.cg-dialup.net,93-1-mx.cg-dialup.net
  185.     volumes:
  186.      - $DOCKERDIR/gluetun:/gluetun
  187.       - $DOCKERDIR/gluetun/client.key:/gluetun/client.key:ro
  188.       - $DOCKERDIR/gluetun/client.crt:/gluetun/client.crt:ro
  189.     ports:
  190.      - 8889:8888/tcp # HTTP proxy
  191.       - 8388:8388/tcp # Shadowsocks
  192.       - 8388:8388/udp # Shadowsocks
  193.       - 8000:8000/tcp # Built-in HTTP control server
  194.     labels:
  195.      - com.centurylinklabs.watchtower.enable=true
  196.       - "traefik.enable=true"
  197.       - "traefik.network=t2_proxy"
  198.       - "traefik.http.routers.transmission-rtr.entrypoints=https"
  199.       - "traefik.http.routers.transmission-rtr.rule=Host(`transmission.$DOMAIN`)"
  200.       - "traefik.http.routers.transmission-rtr.tls=true"
  201.       - "traefik.http.routers.transmission-rtr.service=transmission-svc"
  202.       - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091"
  203.       - "traefik.http.routers.transmission-rtr.middlewares=chain-oauth@file"
  204.       - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  205.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  206.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  207.    networks:
  208.      VPN:
  209.        ipv4_address: 127.28.1.1
  210.      t2_proxy:
  211.        ipv4_address: 127.28.0.31
  212.    restart: always
  213.    
  214.  organizr:
  215.    image: organizr/organizr
  216.    container_name: organizr
  217.    hostname: organizr
  218.    security_opt:
  219.      - no-new-privileges:true
  220. #    ports:
  221. #      - "$ORGANIZR_PORT:80"
  222.    env_file: .env
  223.    environment:
  224.      - PUID=$PUID
  225.      - PGID=$PGID
  226.      - TZ=$TZ
  227.    volumes:
  228.      - $DOCKERDIR/organizr:/config
  229.    links:
  230.      - db2
  231.    labels:
  232.      - com.centurylinklabs.watchtower.enable=true
  233.      - "traefik.enable=true"
  234.      - "traefik.network=t2_proxy"
  235.      - "traefik.http.routers.organizr-rtr.entrypoints=https"
  236.      - "traefik.http.routers.organizr-rtr.rule=Host(`$DOMAIN`,`www.$DOMAIN`)"
  237.      - "traefik.http.routers.organizr-rtr.tls=true"
  238.      - "traefik.http.routers.organizr-rtr.middlewares=chain-oauth@file"
  239.      - "traefik.http.routers.organizr-rtr.service=organizr-svc"
  240.      - "traefik.http.services.organizr-svc.loadbalancer.server.port=80"
  241.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  242.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  243.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  244.    networks:
  245.      t2_proxy:
  246.        ipv4_address: 127.28.0.3
  247.    depends_on:
  248.       - db2
  249.    restart: unless-stopped
  250.  
  251.  db2:
  252.    image: ghcr.io/linuxserver/mariadb
  253.    container_name: mariadb2
  254.    hostname: mariadb2
  255.    env_file: .env
  256.    environment:
  257.      - PUID=$PUID
  258.      - PGID=$PGID
  259.      - TZ=$TZ
  260.      - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
  261.      - MYSQL_DATABASE="organizr"
  262.      - MYSQL_USER=$MYSQL_USER
  263.      - MYSQL_PASSWORD=$MYSQL_PASS
  264.      - REMOTE_SQL="http://organizr.wallace-home.org/organizr.sql,https://organizr.wallace-home.org/organizr.sql"
  265.    volumes:
  266.      - $DOCKERDIR/mariadb/organizr:/config
  267.    labels:
  268.      - com.centurylinklabs.watchtower.enable=true
  269.      - "traefik.enable=false"
  270.    ports:
  271.      - 3307:3306
  272.    networks:
  273.      t2_proxy:
  274.        ipv4_address: 127.28.0.4
  275.    restart: always
  276.  
  277.  portainer:
  278.    image: portainer/portainer
  279.    container_name: portainer
  280.    hostname: portainer
  281.    command: -H unix:///var/run/docker.sock
  282.    env_file: .env
  283.    environment:
  284.      - PUID=$PUID
  285.      - PGID=$PGID
  286.      - TZ=$TZ
  287.    volumes:
  288.      - /var/run/docker.sock:/var/run/docker.sock
  289.      - $DOCKERDIR/portainer:/config
  290.    labels:
  291.      - com.centurylinklabs.watchtower.enable=true
  292.      - "traefik.enable=true"
  293.      - "traefik.network=t2_proxy"
  294.      - "traefik.http.routers.portainer-rtr.entrypoints=https"
  295.      - "traefik.http.routers.portsiner-rtr.rule=Host(`portainer.$DOMAIN`)"
  296.      - "traefik.http.routers.portainer-rtr.tls=true"
  297.      - "traefik.http.routers.portainer-rtr.service=portainer-svc"
  298.      - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
  299.      - "traefik.http.routers.portainer-rtr.middlewares=chain-oauth@file"
  300.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  301.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  302.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  303.    networks:
  304.      t2_proxy:
  305.        ipv4_address: 127.28.0.5
  306.    restart: always
  307.  
  308.  sonarr:
  309.    image: ghcr.io/linuxserver/sonarr
  310.    container_name: sonarr
  311.    hostname: sonarr
  312.    env_file: .env
  313.    environment:
  314.      - PUID=$PUID
  315.      - PGID=$PGID
  316.      - TZ=$TZ
  317.    volumes:
  318.      - $DOCKERDIR/sonarr:/config
  319.      - $TV:/data/TVShows
  320.      - $Downloads:/data/Downloads
  321.    labels:
  322.      - com.centurylinklabs.watchtower.enable=true
  323.      - "traefik.enable=true"
  324.      - "traefik.network=t2_proxy"
  325.      - "traefik.http.routers.sonarr-rtr.entrypoints=https"
  326.      - "traefik.http.routers.sonarr-rtr.rule=Host(`sonarr.$DOMAIN`)"
  327.      - "traefik.http.routers.sonarr-rtr.tls=true"
  328.      - "traefik.http.routers.sonarr-rtr.service=sonarr-svc"
  329.      - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989"
  330.      - "traefik.http.routers.sonarr-rtr.middlewares=chain-oauth@file"
  331.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  332.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  333.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  334.    networks:
  335.      t2_proxy:
  336.        ipv4_address: 127.28.0.6
  337.    restart: always
  338.  
  339.  radarr:
  340.    image: ghcr.io/linuxserver/radarr
  341.    container_name: radarr
  342.    hostname: radarr
  343.    env_file: .env
  344.    environment:
  345.      - PUID=$PUID
  346.      - PGID=$PGID
  347.      - TZ=$TZ
  348.    volumes:
  349.      - $DOCKERDIR/radarr:/config
  350.      - $Ani1:/data/Animated1
  351.      - $Ani2:/data/Animated2
  352.      - $Ani3:/data/Animated3
  353.      - $Hor1:/data/Horror1
  354.      - $Hor2:/data/Horror2
  355.      - $Hor3:/data/Horror3
  356.      - $Mov1:/data/Movies1
  357.      - $Mov2:/data/Movies2
  358.      - $Mov3:/data/Movies3
  359.      - $TV:/data/TVShows
  360.      - $Downloads:/data/Downloads
  361.    labels:
  362.      - com.centurylinklabs.watchtower.enable=true
  363.      - "traefik.enable=true"
  364.      - "traefik.network=t2_proxy"
  365.      - "traefik.http.routers.radarr-rtr.entrypoints=https"
  366.      - "traefik.http.routers.radarr-rtr.rule=Host(`radarr.$DOMAIN`)"
  367.      - "traefik.http.routers.radarr-rtr.tls=true"
  368.      - "traefik.http.routers.radarr-rtr.service=radarr-svc"
  369.      - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878"
  370.      - "traefik.http.routers.radarr-rtr.middlewares=chain-oauth@file"
  371.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  372.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  373.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  374.    networks:
  375.      t2_proxy:
  376.        ipv4_address: 127.28.0.7
  377.    restart: always
  378.  
  379.  bazarr:
  380.    image: ghcr.io/linuxserver/bazarr
  381.    container_name: bazarr
  382.    hostname: bazarr
  383.    env_file: .env
  384.    environment:
  385.      - PUID=$PUID
  386.      - PGID=$PGID
  387.      - TZ=$TZ
  388.    volumes:
  389.      - $DOCKERDIR/bazarr:/config
  390.      - $Ani1:/data/Animated1
  391.      - $Ani2:/data/Animated2
  392.      - $Ani3:/data/Animated3
  393.      - $Hor1:/data/Horror1
  394.      - $Hor2:/data/Horror2
  395.      - $Hor3:/data/Horror3
  396.      - $Mov1:/data/Movies1
  397.      - $Mov2:/data/Movies2
  398.      - $Mov3:/data/Movies3
  399.      - $TV:/data/TVShows
  400.    labels:
  401.      - com.centurylinklabs.watchtower.enable=true
  402.      - "traefik.enable=true"
  403.      - "traefik.network=t2_proxy"
  404.      - "traefik.http.routers.bazarr-rtr.entrypoints=https"
  405.      - "traefik.http.routers.bazarr-rtr.rule=Host(`bazarr.$DOMAIN`)"
  406.      - "traefik.http.routers.bazarr-rtr.tls=true"
  407.      - "traefik.http.routers.bazarr-rtr.service=bazarr-svc"
  408.      - "traefik.http.services.bazarr-svc.loadbalancer.server.port=6767"
  409.      - "traefik.http.routers.bazarr-rtr.middlewares=chain-oauth@file"    
  410.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  411.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  412.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  413.    networks:
  414.      t2_proxy:
  415.        ipv4_address: 127.28.0.10
  416.    restart: always
  417.  
  418.  jackett:
  419.    image: ghcr.io/linuxserver/jackett
  420.    container_name: jackett
  421.    hostname: jackett
  422.    env_file: .env
  423.    environment:
  424.      - PUID=$PUID
  425.      - PGID=$PGID
  426.      - TZ=$TZ
  427.      - AUTO_UPDATE=true `#optional`
  428.    volumes:      
  429.      - $DOCKERDIR/jackett:/config
  430.      - $Downloads:/data/Downloads
  431.    labels:
  432.      - com.centurylinklabs.watchtower.enable=true
  433.      - "traefik.enable=true"
  434.      - "traefik.network=t2_proxy"
  435.      - "traefik.http.routers.jackett-rtr.entrypoints=https"
  436.      - "traefik.http.routers.jackett-rtr.rule=Host(`jackett.$DOMAIN`)"
  437.      - "traefik.http.routers.jackett-rtr.tls=true"
  438.      - "traefik.http.routers.jackett-rtr.service=jackett-svc"
  439.      - "traefik.http.services.jackett-svc.loadbalancer.server.port=9117"
  440.      - "traefik.http.routers.jackett-rtr.middlewares=chain-oauth@file"
  441.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  442.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  443.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  444.    networks:
  445.      t2_proxy:
  446.        ipv4_address: 127.28.0.11
  447.    restart: always
  448.  
  449.  nzbhydra2:
  450.    image: ghcr.io/linuxserver/nzbhydra2
  451.    container_name: nzbhydra2
  452.    hostname: nzbhydra2
  453.    env_file: .env
  454.    environment:
  455.      - PUID=$PUID
  456.      - PGID=$PGID
  457.      - TZ=$TZ
  458.    volumes:
  459.      - $DOCKERDIR/nzbhydra2:/config
  460.      - $Downloads:/data/Downloads
  461.    labels:
  462.      - com.centurylinklabs.watchtower.enable=true
  463.      - "traefik.enable=true"
  464.      - "traefik.network=t2_proxy"
  465.      - "traefik.http.routers.nzbhydra2-rtr.entrypoints=https"
  466.      - "traefik.http.routers.nzbhydra2-rtr.rule=Host(`nzbhydra2.$DOMAIN`)"
  467.      - "traefik.http.routers.nzbhydra2-rtr.tls=true"
  468.      - "traefik.http.routers.nzbhydra2-rtr.service=nzbhydra2-svc"
  469.      - "traefik.http.services.nzbhydra2-svc.loadbalancer.server.port=5076"
  470.      - "traefik.http.routers.nzbhydra2-rtr.middlewares=chain-oauth@file"
  471.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  472.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  473.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  474.    networks:
  475.      t2_proxy:
  476.        ipv4_address: 127.28.0.12
  477.    restart: always
  478.  
  479.  transmission:
  480.    image: ghcr.io/linuxserver/transmission
  481.    container_name: transmission
  482.    hostname: transmission
  483.    env_file: .env
  484.    environment:
  485.      - PUID=$PUID
  486.      - PGID=$PGID
  487.      - TZ=$TZ
  488.      - TRANSMISSION_WEB_HOME=/transmission-web-control/ `#optional`
  489.    volumes:
  490.      - $DOCKERDIR/transmission:/config
  491.      - $Downloads:/data/Downloads
  492.    labels:
  493.      - com.centurylinklabs.watchtower.enable=true
  494.      - "traefik.enable=false"
  495.    network_mode: service:gluetun
  496.    depends_on:
  497.      - gluetun
  498.    restart: always
  499.    
  500.  overseerr:
  501.    image: sctx/overseerr
  502.    container_name: overseerr
  503.    hostname: overseerr
  504.    env_file: .env
  505.    environment:
  506.      - PUID=$PUID
  507.      - PGID=$PGID
  508.      - TZ=$TZ
  509.      - LOG_LEVEL=info
  510.    volumes:
  511.      - $DOCKERDIR/overseerr:/config
  512.    labels:
  513.      - com.centurylinklabs.watchtower.enable=true
  514.      - "traefik.enable=true"
  515.      - "traefik.network=t2_proxy"
  516.      - "traefik.http.routers.overseerr-rtr.entrypoints=https"
  517.      - "traefik.http.routers.overseerr-rtr.rule=Host(`overseerr.$DOMAIN`)"
  518.      - "traefik.http.routers.overseerr-rtr.tls=true"
  519.      - "traefik.http.routers.overseerr-rtr.service=overseerr-svc"
  520.      - "traefik.http.services.overseerr-svc.loadbalancer.server.port=5055"
  521.      - "traefik.http.routers.overseerr-rtr.middlewares=chain-oauth@file"
  522.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  523.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  524.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  525.    networks:
  526.      t2_proxy:
  527.        ipv4_address: 127.28.0.13
  528.    restart: always
  529.  
  530.  tautulli:
  531.    image: ghcr.io/linuxserver/tautulli
  532.    container_name: tautulli
  533.    hostname: tautulli
  534.    env_file: .env
  535.    environment:
  536.      - PUID=$PUID
  537.      - PGID=$PGID
  538.      - TZ=$TZ
  539.    volumes:
  540.      - $DOCKERDIR/tautulli:/config
  541.    labels:
  542.      - com.centurylinklabs.watchtower.enable=true
  543.      - "traefik.enable=true"
  544.      - "traefik.network=t2_proxy"
  545.      - "traefik.http.routers.tautulli-rtr.entrypoints=https"
  546.      - "traefik.http.routers.tautulli-rtr.rule=Host(`tautulli.$DOMAIN`)"
  547.      - "traefik.http.routers.tautulli-rtr.tls=true"
  548.      - "traefik.http.routers.tautulli-rtr.service=radarr-svc"
  549.      - "traefik.http.services.tautulli-svc.loadbalancer.server.port=8181"
  550.      - "traefik.http.routers.tautulli-rtr.middlewares=chain-oauth@file"
  551.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  552.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  553.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  554.    networks:
  555.      t2_proxy:
  556.        ipv4_address: 127.28.0.14
  557.    restart: always
  558.  
  559.  gaps:
  560.    image: housewrecker/gaps:latest
  561.    container_name: gaps
  562.    env_file: .env
  563.    environment:
  564.      - PUID=$PUID
  565.      - PGID=$PGID
  566.      - TZ=$TZ
  567.    ports:
  568.      - 8484:8484
  569.    volumes:
  570.      - $DOCKERDIR/gaps:/config
  571.      - $Ani1:/data/Animated1
  572.      - $Ani2:/data/Animated2
  573.      - $Ani3:/data/Animated3
  574.      - $Hor1:/data/Horror1
  575.      - $Hor2:/data/Horror2
  576.      - $Hor3:/data/Horror3
  577.      - $Mov1:/data/Movies1
  578.      - $Mov2:/data/Movies2
  579.      - $Mov3:/data/Movies3
  580.    networks:
  581.      t2_proxy:
  582.        ipv4_address: 127.28.0.15
  583.    labels:
  584.      - com.centurylinklabs.watchtower.enable=true
  585.      - "traefik.enable=false"
  586.    restart: always
  587.      
  588.  plex:
  589.    image: plexinc/pms-docker:latest
  590.    container_name: plex
  591.    hostname: plex
  592.    env_file: .env
  593.    environment:
  594.      - PUID=$PUID
  595.      - PGID=$PGID
  596.      - TZ=$TZ
  597.      - VERSION=docker
  598.    ports:
  599.      - 32400:32400
  600.      - 3005:3005/tcp
  601.      - 8324:8324/tcp
  602.      - 32469:32469/tcp
  603.      - 1900:1900/udp
  604.      - 32410:32410/udp
  605.      - 32412:32412/udp
  606.      - 32413:32413/udp
  607.      - 32414:32414/udp
  608.    volumes:  
  609.      - $DOCKERDIR/plex:/config
  610.      - $Transcode:/transcode
  611.      - $Ani1:/data/Animated1
  612.      - $Ani2:/data/Animated2
  613.      - $Ani3:/data/Animated3
  614.      - $Hor1:/data/Horror2
  615.      - $Hor2:/data/Horror2
  616.      - $Hor3:/data/Horror3
  617.      - $Mov1:/data/Movies1
  618.      - $Mov2:/data/Movies2
  619.      - $Mov3:/data/Movies3
  620.      - $TV:/data/TVShows
  621.      - $Music:/data/Music
  622.      - $Audio:/data/Audiobooks
  623.      - $Photos:/data/Photos
  624.    labels:
  625.      - com.centurylinklabs.watchtower.enable=true
  626.      - "traefik.enable=true"
  627.      - "traefik.network=t2_proxy"
  628.      - "traefik.http.routers.plex-rtr.entrypoints=https"
  629.      - "traefik.http.routers.plex-rtr.rule=Host(`plex.$DOMAIN`)"
  630.      - "traefik.http.routers.plex-rtr.tls=true"
  631.      - "traefik.http.routers.plex-rtr.service=plex-svc"
  632.      - "traefik.http.services.plex-svc.loadbalancer.server.port=32400"
  633.      - "traefik.http.routers.plex-rtr.middlewares=chain-oauth@file"
  634.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  635.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  636.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  637.    networks:
  638.      t2_proxy:
  639.        ipv4_address: 172.28.0.2
  640.    restart: always
  641.    
  642.  jellyfin:
  643.    image: ghcr.io/linuxserver/jellyfin
  644.    container_name: jellyfin
  645.    hostname: jellyfin
  646.    env_file: .env
  647.    environment:
  648.      - PUID=$PUID
  649.      - PGID=$PGID
  650.      - TZ=$TZ
  651.      - JELLYFIN_PublishedServerUrl=192.168.7.76 `#optional`
  652.    volumes:  
  653.      - $DOCKERDIR/jellyfin:/config
  654.      - $Ani1:/data/Animated1
  655.      - $Ani2:/data/Animated2
  656.      - $Ani3:/data/Animated3
  657.      - $Hor1:/data/Horror1
  658.      - $Hor2:/data/Horror2
  659.      - $Hor3:/data/Horror3
  660.      - $Mov1:/data/Movies1
  661.      - $Mov2:/data/Movies2
  662.      - $Mov3:/data/Movies3
  663.      - $TV:/data/TVShows
  664.      - $Music:/data/Music
  665.      - $Audio:/data/Audiobooks
  666.      - $Photos:/data/Photos
  667.    labels:
  668.      - com.centurylinklabs.watchtower.enable=true
  669.      - "traefik.enable=true"
  670.      - "traefik.network=t2_proxy"
  671.      - "traefik.http.routers.jellyfin-rtr.entrypoints=https"
  672.      - "traefik.http.routers.jellyfin-rtr.rule=Host(`jellyfin.$DOMAIN`)"
  673.      - "traefik.http.routers.jellyfin-rtr.tls=true"
  674.      - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc"
  675.      - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
  676.      - "traefik.http.routers.jellyfin-rtr.middlewares=chain-oauth@file"
  677.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  678.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  679.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  680.    networks:
  681.      t2_proxy:
  682.        ipv4_address: 172.28.0.16
  683.    restart: always
  684.      
  685.  unmanic:
  686.    image: josh5/unmanic:latest
  687.    container_name: unmanic
  688.    hostname: unmanic
  689.    env_file: .env
  690.    environment:
  691.      - PUID=$PUID
  692.      - PGID=$PGID
  693.      - TZ=$TZ
  694.    volumes:
  695.      - $DOCKERDIR/unmanic:/config
  696.      - $TV:/Library
  697.      - $Transcode:/tmp/unmanic
  698.    labels:
  699.      - com.centurylinklabs.watchtower.enable=true
  700.      - "traefik.enable=true"
  701.      - "traefik.network=t2_proxy"
  702.      - "traefik.http.routers.unmanic-rtr.entrypoints=https"
  703.      - "traefik.http.routers.unmanic-rtr.rule=Host(`unmanic.$DOMAIN`)"
  704.      - "traefik.http.routers.unmanic-rtr.tls=true"
  705.      - "traefik.http.routers.unmanic-rtr.service=unmanic-svc"
  706.      - "traefik.http.services.unmanic-svc.loadbalancer.server.port=8888"
  707.      - "traefik.http.routers.unmanic-rtr.middlewares=chain-oauth@file"
  708.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  709.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  710.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  711.    networks:
  712.      t2_proxy:
  713.        ipv4_address: 127.28.0.17
  714.    restart: always
  715.  
  716.  tdarr:
  717.    image: haveagitgat/tdarr:latest
  718.    container_name: tdarr
  719.    hostname: tdarr
  720.    env_file: .env
  721.    environment:
  722.      - TZ=$TZ
  723.      - PUID=$PUID
  724.      - PGID=$PGID
  725.      - UMASK_SET=002
  726.      - serverIP=0.0.0.0
  727.      - serverPort=8266
  728.      - webUIPort=8265
  729.    volumes:
  730.      - $DOCKERDIR/tdarr/server:/app/server
  731.      - $DOCKERDIR/tdarr/configs:/app/configs
  732.      - $DOCKERDIR/tdarr/logs:/app/logs
  733.      - $Transcode:/home/Tdarr/cache
  734.      - $Ani1:/home/Tdarr/media/Animated1
  735.      - $Ani2:/home/Tdarr/media/Animated2
  736.      - $Ani3:/home/Tdarr/media/Animated3
  737.      - $Hor1:/home/Tdarr/media/Horror1
  738.      - $Hor2:/home/Tdarr/media/Horror2
  739.      - $Hor3:/home/Tdarr/media/Horror3
  740.      - $Mov1:/home/Tdarr/media/Movies1
  741.      - $Mov2:/home/Tdarr/media/Movies2
  742.      - $Mov3:/home/Tdarr/media/Movies3
  743.      - $TV:/home/Tdarr/media/TVShows
  744.    labels:
  745.      - com.centurylinklabs.watchtower.enable=true
  746.      - "traefik.enable=true"
  747.      - "traefik.network=t2_proxy"
  748.      - "traefik.http.routers.tdarr-rtr.entrypoints=https"
  749.      - "traefik.http.routers.tdarr-rtr.rule=Host(`tdarr.$DOMAIN`)"
  750.      - "traefik.http.routers.tdarr-rtr.tls=true"
  751.      - "traefik.http.routers.tdarr-rtr.service=tdarr-svc"
  752.      - "traefik.http.services.tdarr-svc.loadbalancer.server.port=8266"
  753.      - "traefik.http.routers.tdarr-rtr.middlewares=chain-oauth@file"
  754.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  755.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  756.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  757.    networks:
  758.      t2_proxy:
  759.        ipv4_address: 127.28.0.18
  760.    ports:
  761.      - 8265:8265 # webUI port
  762.      - 8266:8266 # server port
  763.      - 8267:8267 # node port. It should be mapped on this container because
  764.                  # the node container use the network from the main container
  765.    restart: always
  766.    
  767.  tdarr-node:
  768.    image: haveagitgat/tdarr_node:latest
  769.    container_name: tdarr-node
  770.    env_file: .env
  771.    environment:
  772.      - TZ=$TZ
  773.      - PUID=$PUID
  774.      - PGID=$PGID
  775.      - UMASK_SET=002
  776.      - nodeID=MainNode
  777.      - nodeIP=0.0.0.0
  778.      - nodePort=8267
  779.      - serverIP=0.0.0.0
  780.      - serverPort=8266
  781.    volumes:
  782.      - $DOCKERDIR/tdarr/configs:/app/configs
  783.      - $DOCKERDIR/tdarr/logs:/app/logs
  784.      - $Transcode:/home/Tdarr/cache
  785.      - $Ani1:/home/Tdarr/media/Animated1
  786.      - $Ani2:/home/Tdarr/media/Animated2
  787.      - $Ani3:/home/Tdarr/media/Animated3
  788.      - $Hor1:/home/Tdarr/media/Horror1
  789.      - $Hor2:/home/Tdarr/media/Horror2
  790.      - $Hor3:/home/Tdarr/media/Horror3
  791.      - $Mov1:/home/Tdarr/media/Movies1
  792.      - $Mov2:/home/Tdarr/media/Movies2
  793.      - $Mov3:/home/Tdarr/media/Movies3
  794.      - $TV:/home/Tdarr/media/TVShows
  795.    ports:
  796.      - 8267:8267
  797.    labels:
  798.      - com.centurylinklabs.watchtower.enable=true
  799.      - "traefik.enable=false"
  800.    network_mode: "service:tdarr"
  801.    restart: always
  802.  
  803.  mkvtoolnix:
  804.    image: jlesage/mkvtoolnix
  805.    container_name: mkvtoolnix
  806.    env_file: .env
  807.    environment:
  808.      - PUID=$PUID
  809.      - PGID=$PGID
  810.      - TZ=$TZ
  811.    ports:
  812.      - 5850:5850
  813.    volumes:
  814.      - $DOCKERDIR/mkvtoolnix:/config:rw
  815.      - $Files:/storage:rw
  816.    networks:
  817.      t2_proxy:
  818.        ipv4_address: 127.28.0.23
  819.    labels:
  820.      - com.centurylinklabs.watchtower.enable=true
  821.      - "traefik.enable=false"
  822.    restart: always
  823.      
  824.  filebot:
  825.    image: jlesage/filebot
  826.    container_name: filebot
  827.    env_file: .env
  828.    environment:
  829.      - PUID=$PUID
  830.      - PGID=$PGID
  831.      - TZ=$TZ
  832.    volumes:
  833.      - $DOCKERDIR/FileBot:/config
  834.      - $Downloads:/storage
  835.    labels:
  836.      - com.centurylinklabs.watchtower.enable=true
  837.      - "traefik.enable=false"
  838.    networks:
  839.      t2_proxy:
  840.        ipv4_address: 127.28.0.20
  841.    restart: always
  842.  
  843.  tinymediamanager:
  844.    image: romancin/tinymediamanager
  845.    container_name: tmm
  846.    hostname: tmm
  847.    env_file: .env
  848.    environment:
  849.      - PUID=$PUID
  850.      - PGID=$PGID
  851.      - TZ=$TZ
  852.    volumes:
  853.      - $DOCKERDIR/tinymediamanager/config:/config
  854.      - $Ani1:/data/Animated1
  855.      - $Ani2:/data/Animated2
  856.      - $Ani3:/data/Animated3
  857.      - $Hor1:/data/Horror1
  858.      - $Hor2:/data/Horror2
  859.      - $Hor3:/data/Horror3
  860.      - $Mov1:/data/Movies1
  861.      - $Mov2:/data/Movies2
  862.      - $Mov3:/data/Movies3
  863.      - $TV:/data/TVShows
  864.    labels:
  865.      - com.centurylinklabs.watchtower.enable=true
  866.      - "traefik.enable=true"
  867.      - "traefik.network=t2_proxy"
  868.      - "traefik.http.routers.tmm-rtr.entrypoints=https"
  869.      - "traefik.http.routers.tmm-rtr.rule=Host(`tmm.$DOMAIN`)"
  870.      - "traefik.http.routers.tmm-rtr.tls=true"
  871.      - "traefik.http.routers.tmm-rtr.service=tmm-svc"
  872.      - "traefik.http.services.tmm-svc.loadbalancer.server.port=5801"
  873.      - "traefik.http.routers.tmm-rtr.middlewares=chain-oauth@file"
  874.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  875.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  876.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  877.    networks:
  878.      t2_proxy:
  879.        ipv4_address: 127.28.0.21
  880.    restart: always
  881.  
  882. ##Music##
  883.  
  884.  deemix:
  885.    image: registry.gitlab.com/bockiii/deemix-docker
  886.    container_name: Deemix
  887.    hostname: Deemix
  888.    env_file: .env
  889.    environment:
  890.      - TZ=$TZ
  891.      - PUID=$PUID
  892.      - PGID=$PGID
  893.      - ARL=1234567
  894.      - UMASK_SET=022
  895.      - DEEZUI=false
  896.    volumes:
  897.      - $Downloads:/data/Downloads
  898.      - $DOCKERDIR/deemix:/config
  899.    labels:
  900.      - com.centurylinklabs.watchtower.enable=true
  901.      - "traefik.enable=true"
  902.      - "traefik.network=t2_proxy"
  903.      - "traefik.http.routers.deemix-rtr.entrypoints=https"
  904.      - "traefik.http.routers.deemix-rtr.rule=Host(`deemix.$DOMAIN`)"
  905.      - "traefik.http.routers.deemix-rtr.tls=true"
  906.      - "traefik.http.routers.deemix-rtr.service=deemix-svc"
  907.      - "traefik.http.services.deemix-svc.loadbalancer.server.port=6595"
  908.      - "traefik.http.routers.deemix-rtr.middlewares=chain-oauth@file"
  909.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  910.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  911.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  912.    networks:
  913.      t2_proxy:
  914.        ipv4_address: 127.28.0.9
  915.    restart: always
  916.  
  917.  mediamonkey:
  918.    image: zalaare/zizzy.mediamonkey-server
  919.    container_name: mediamonkey
  920.    hostname: mediamonkey
  921.    env_file: .env
  922.    environment:
  923.      - PUID=$PUID
  924.      - PGID=$PGID
  925.      - TZ=$TZ
  926.    volumes:
  927.      - $DOCKERDIR/mediamonkey/config:/config
  928.      - $Music:/data/Music
  929.      - $Downloads:/data/Downloads
  930.    labels:
  931.      - com.centurylinklabs.watchtower.enable=true
  932.      - "traefik.enable=true"
  933.      - "traefik.network=t2_proxy"
  934.      - "traefik.http.routers.mediamonkey-rtr.entrypoints=https"
  935.      - "traefik.http.routers.mediamonkey-rtr.rule=Host(`mediamonkey.$DOMAIN`)"
  936.      - "traefik.http.routers.mediamonkey-rtr.tls=true"
  937.      - "traefik.http.routers.mediamonkey-rtr.service=mediamonkey-svc"
  938.      - "traefik.http.services.mediamonkey-svc.loadbalancer.server.port=8383"      
  939.      - "traefik.http.routers.mediamonkey-rtr.middlewares=chain-oauth@file"
  940.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  941.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  942.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  943.    networks:
  944.      t2_proxy:
  945.        ipv4_address: 127.28.0.19
  946.    restart: always
  947.  
  948.  beets:
  949.    image: ghcr.io/linuxserver/beets
  950.    container_name: beets
  951.    hostname: beets
  952.    env_file: .env
  953.    environment:
  954.      - PUID=$PUID
  955.      - PGID=$PGID
  956.      - TZ=$TZ
  957.    volumes:
  958.      - $DOCKERDIR/beets:/config
  959.      - $Music:/music
  960.      - $Downloads:/downloads
  961.    labels:
  962.      - com.centurylinklabs.watchtower.enable=true
  963.      - "traefik.enable=true"
  964.      - "traefik.network=t2_proxy"
  965.      - "traefik.http.routers.beets-rtr.entrypoints=https"
  966.      - "traefik.http.routers.beets-rtr.rule=Host(`beets.$DOMAIN`)"
  967.      - "traefik.http.routers.beets-rtr.tls=true"
  968.      - "traefik.http.routers.beets-rtr.service=beets-svc"
  969.      - "traefik.http.services.beets-svc.loadbalancer.server.port=8337"
  970.      - "traefik.http.routers.beets-rtr.middlewares=chain-oauth@file"
  971.    networks:
  972.      t2_proxy:
  973.        ipv4_address: 172.28.0.32
  974.    restart: unless-stopped
  975.  
  976.  lidarr:
  977.    image: ghcr.io/linuxserver/lidarr
  978.    container_name: lidarr
  979.    hostname: lidarr
  980.    env_file: .env
  981.    environment:
  982.      - PUID=$PUID
  983.      - PGID=$PGID
  984.      - TZ=$TZ
  985.    volumes:
  986.      - $DOCKERDIR/lidarr:/config
  987.      - $Music:/data/Music
  988.      - $Downloads:/data/Downloads
  989.    labels:
  990.      - com.centurylinklabs.watchtower.enable=true
  991.      - "traefik.enable=true"
  992.      - "traefik.network=t2_proxy"
  993.      - "traefik.http.routers.lidarr-rtr.entrypoints=https"
  994.      - "traefik.http.routers.lidarr-rtr.rule=Host(`lidarr.$DOMAIN`)"
  995.      - "traefik.http.routers.lidarr-rtr.tls=true"
  996.      - "traefik.http.routers.lidarr-rtr.service=lidarr-svc"
  997.      - "traefik.http.services.lidarr-svc.loadbalancer.server.port=8686"
  998.      - "traefik.http.routers.lidarr-rtr.middlewares=chain-oauth@file"
  999.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  1000.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  1001.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  1002.    networks:
  1003.      t2_proxy:
  1004.        ipv4_address: 127.28.0.8
  1005.    restart: always
  1006.  
  1007.  picard:
  1008.    image: mikenye/picard:latest
  1009.    container_name: picard
  1010.    hostname: picard
  1011.    env_file: .env
  1012.    environment:
  1013.      - PUID=$PUID
  1014.      - PGID=$PGID
  1015.      - TZ=$TZ
  1016.      - UMASK=022
  1017.      - DISPLAY_WIDTH=1600
  1018.      - DISPLAY_HEIGHT=1024
  1019.    volumes:
  1020.      - $DOCKERDIR/picard:/config:rw
  1021.      - $Music:/storage:rw
  1022.    labels:
  1023.      - com.centurylinklabs.watchtower.enable=true
  1024.      - "traefik.enable=true"
  1025.      - "traefik.network=t2_proxy"
  1026.      - "traefik.http.routers.picard-rtr.entrypoints=https"
  1027.      - "traefik.http.routers.picard-rtr.rule=Host(`picard.$DOMAIN`)"
  1028.      - "traefik.http.routers.picard-rtr.tls=true"
  1029.      - "traefik.http.routers.picard-rtr.service=picard-svc"
  1030.      - "traefik.http.services.picard-svc.loadbalancer.server.port=5810"
  1031.      - "traefik.http.routers.picard-rtr.middlewares=chain-oauth@file"
  1032.      - "traefik.frontend.auth.forward.address: "http://oauth:4181""
  1033.      - "traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User"
  1034.      - "traefik.frontend.auth.forward.trustForwardHeader: "true""
  1035.    networks:
  1036.      t2_proxy:
  1037.        ipv4_address: 127.28.0.22
  1038.    restart: always
  1039.  
  1040.    
  1041.  watchtower:
  1042.    image: containrrr/watchtower
  1043.    container_name: watchtower
  1044.    command: --label-enable --cleanup --interval 300
  1045.    env_file: .env
  1046.    environment:
  1047.      - PUID=$PUID
  1048.      - PGID=$PGID
  1049.      - TZ=$TZ
  1050.    volumes:
  1051.      - /var/run/docker.sock:/var/run/docker.sock
  1052.    labels:
  1053.      - com.centurylinklabs.watchtower.enable=true
  1054.      - "traefik.enable=false"
  1055.    network_mode: none
  1056.    restart: always
  1057.    
  1058.  nextcloud:
  1059.    image: ghcr.io/linuxserver/nextcloud
  1060.    container_name: nextcloud
  1061.    hostname: nextcloud
  1062.    env_file: .env
  1063.    environment:
  1064.      - PUID=$PUID
  1065.      - PGID=$PGID
  1066.      - TZ=$TZ
  1067.    volumes:
  1068.      - $DOCKERDIR/nextcloud/config:/config
  1069.      - $Photos:/data/Photos
  1070.    links:
  1071.      - db
  1072.    labels:
  1073.      - com.centurylinklabs.watchtower.enable=true
  1074.      - "traefik.enable=true"
  1075.      - "traefik.network=t2_proxy"
  1076.      - "traefik.tcp.routers.nextcloud-tcp.entrypoints=https"
  1077.      - "traefik.tcp.routers.nextcloud-tcp.rule=HostSNI(`nextcloud.$DOMAIN`)"
  1078.      - "traefik.tcp.routers.nextcloud-tcp.tls=true"
  1079.      - "traefik.tcp.routers.nextcloud-tcp.tls.passthrough=true"
  1080.      - "traefik.tcp.routers.nextcloud-tcp.service=nextcloud-tcp-svc"
  1081.      - "traefik.tcp.services.nextcloud-tcp-svc.loadbalancer.server.port=443"
  1082.    networks:
  1083.      t2_proxy:
  1084.        ipv4_address: 127.28.0.24
  1085.    depends_on:
  1086.      - db
  1087.    restart: always
  1088.  
  1089.  db:
  1090.    image: ghcr.io/linuxserver/mariadb
  1091.    container_name: mariadb
  1092.    hostname: mariadb
  1093.    env_file: .env
  1094.    environment:
  1095.      - PUID=$PUID
  1096.      - PGID=$PGID
  1097.      - TZ=$TZ
  1098.      - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
  1099.      - MYSQL_DATABASE="nextcloud"
  1100.      - MYSQL_USER=$MYSQL_USER
  1101.      - MYSQL_PASSWORD=$MYSQL_PASS
  1102.      - REMOTE_SQL="http://nextcloud.wallace-home.org/nextcloud.sql,https://nextcloud.wallace-home.org/nextcloud.sql"
  1103.    volumes:
  1104.      - $DOCKERDIR/mariadb/nextcloud:/config
  1105.    labels:
  1106.      - com.centurylinklabs.watchtower.enable=true
  1107.      - "traefik.enable=false"
  1108.    ports:
  1109.      - 3306:3306
  1110.    networks:
  1111.      t2_proxy:
  1112.        ipv4_address: 127.28.0.25
  1113.    restart: always
  1114.    
  1115.  av:
  1116.    image: mkodockx/docker-clamav:alpine
  1117.    container_name: av
  1118.    hostname: av
  1119.    env_file: .env
  1120.    environment:
  1121.      - PUID=$PUID
  1122.      - PGID=$PGID
  1123.      - TZ=$TZ
  1124.    volumes:
  1125.      - $DOCKERDIR/clam:/var/lib/clamav
  1126.    labels:
  1127.      - com.centurylinklabs.watchtower.enable=true
  1128.      - "traefik.enable=false"
  1129.    networks:
  1130.      t2_proxy:
  1131.        ipv4_address: 127.28.0.26
  1132.    restart: always
  1133.  
  1134.  vaultwarden:
  1135.    image: vaultwarden/server:latest
  1136.    container_name: vaultwarden
  1137.    hostname: vaultwarden
  1138.    env_file: .env
  1139.    environment:
  1140.      - PUID=$PUID
  1141.      - PGID=$PGID
  1142.      - TZ=$TZ
  1143.      - WEBSOCKET_ENABLED=true  # Enable WebSocket notifications.
  1144.    volumes:
  1145.      - $DOCKERDIR/vw-data:/data/vw-data
  1146.    links:
  1147.      - db3
  1148.    depends_on:
  1149.      - db3
  1150.    networks:
  1151.      t2_proxy:
  1152.        ipv4_address: 127.28.0.27
  1153.    labels:
  1154.      - com.centurylinklabs.watchtower.enable=true
  1155.      - "traefik.enable=false"
  1156.    restart: always
  1157.  
  1158.  db3:
  1159.    image: ghcr.io/linuxserver/mariadb
  1160.    container_name: mariadb3
  1161.    hostname: mariadb3
  1162.    env_file: .env
  1163.    environment:
  1164.      - PUID=$PUID
  1165.      - PGID=$PGID
  1166.      - TZ=$TZ
  1167.      - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
  1168.      - MYSQL_DATABASE="vaultwarden"
  1169.      - MYSQL_USER=$MYSQL_USER
  1170.      - MYSQL_PASSWORD=$MYSQL_PASS
  1171.      - REMOTE_SQL="http://192.168.7.76:3308/vaultwarden.sql,https://192.168.7.76:3308/vaultwarden.sql"
  1172.    volumes:
  1173.      - $DOCKERDIR/mariadb/vaultwarden:/config
  1174.    labels:
  1175.      - com.centurylinklabs.watchtower.enable=true
  1176.      - "traefik.enable=false"
  1177.    ports:
  1178.      - 3308:3306
  1179.    networks:
  1180.      t2_proxy:
  1181.        ipv4_address: 127.28.0.28
  1182.    restart: always
  1183.  
  1184.  cf-companion:
  1185.    image: tiredofit/traefik-cloudflare-companion:latest
  1186.    container_name: cf-companion
  1187.    hostname: cf-companion
  1188.    security_opt:
  1189.      - no-new-privileges:true
  1190.    #depends_on:
  1191.    #  - socket-proxy
  1192.    env_file: .env
  1193.    environment:
  1194.      - TZ=$TZ
  1195.      - TRAEFIK_VERSION=2
  1196.      #- CF_EMAIL=$CLOUDFLARE_EMAIL
  1197.      - CF_TOKEN=$CLOUDFLARE_API_TOKEN
  1198.      - TARGET_DOMAIN=$DOMAIN
  1199.      - DOMAIN1=$DOMAIN
  1200.      - DOMAIN1_ZONE_ID=$CLOUDFLARE_ZONEID # Copy from Cloudflare Overview page
  1201.      - DOMAIN1_PROXIED=TRUE
  1202.      - DOCKER_HOST=tcp://socket-proxy:2375
  1203.    labels:
  1204.      # Add hosts specified in rules here to force cf-companion to create the CNAMEs
  1205.      - com.centurylinklabs.watchtower.enable=true
  1206.      - "traefik.enable=false"
  1207.    networks:
  1208.      t2_proxy:
  1209.        ipv4_address: 127.28.0.29
  1210.    restart: always
  1211.      
  1212.  certdumper:
  1213.    container_name: traefik_certdumper
  1214.    env_file: .env
  1215.    image: humenius/traefik-certs-dumper:latest
  1216.    network_mode: none
  1217.    security_opt:
  1218.      - no-new-privileges:true
  1219.    # command: --restart-containers container1,container2,container3
  1220.    volumes:
  1221.      - $DOCKERDIR/traefik2/acme:/traefik:ro
  1222.      - $DOCKERDIR/shared/certs:/output:rw
  1223.      # - /var/run/docker.sock:/var/run/docker.sock:ro # Only needed if restarting containers (use Docker Socket Proxy instead)
  1224.    environment:
  1225.      - PUID=$PUID
  1226.      - PGID=$PGID
  1227.      - TZ=$TZ
  1228.      - DOMAIN=$DOMAIN
  1229.    labels:
  1230.      - com.centurylinklabs.watchtower.enable=true
  1231.      - "traefik.enable=false"
  1232.    restart: always
  1233.  
  1234. volumes:
  1235.  - $DOCKERDIR/mariadb/organizr
  1236.  - $DOCKERDIR/mariadb/nextcloud
  1237.  - $DOCKERDIR/mariadb/vaultwarden
  1238.  - $Ani1
  1239.  - $Ani2
  1240.  - $Ani3
  1241.  - $Hor1
  1242.  - $Hor2
  1243.  - $Hor3
  1244.  - $Mov1
  1245.  - $Mov2
  1246.  - $Mov3
  1247.  - $TV
  1248.  - $Music
  1249.  - $Audio
  1250.  - $Photos
  1251.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!