From dfe252e94533d791d968ac47522efb3ab379249e Mon Sep 17 00:00:00 2001 From: Colin Hebert Date: Thu, 26 Sep 2024 15:59:37 +0200 Subject: [PATCH] Migration to newer dockge/compose stack --- .gitignore | 12 +- authentication/compose.yaml | 67 ++++++++++ authentication/docker-compose.yml | 65 ---------- authentication/secrets/.gitkeep | 0 .../volumes/authelia_config/.gitkeep | 0 authentication/volumes/lldap_data/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 25 ++-- .../volumes/readarr-audiobook_config/.gitkeep | 0 .../volumes/readarr-ebook_config/.gitkeep | 0 ...mpose.macvlan.yml => compose.macvlan.yaml} | 2 + bootstrap/compose.yaml | 21 ++++ bootstrap/docker-compose.yml | 14 --- bootstrap/secrets/.gitkeep | 0 bootstrap/volumes/portainer_data/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 13 +- comic-collector/volumes/mylar_config/.gitkeep | 0 compose.base.yaml | 22 ++++ docker-monitoring/compose.yaml | 61 +++++++++ docker-monitoring/docker-compose.yml | 33 ----- docker-monitoring/secrets/.gitkeep | 0 .../volumes/dockge_data/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 30 ++--- .../volumes/broker_data/.gitkeep | 0 .../volumes/paperless_data/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 7 +- .../{docker-compose.yml => compose.yaml} | 29 ++--- .../volumes/calibre-web_config/.gitkeep | 0 ebook-reader/volumes/calibre_config/.gitkeep | 0 email/compose.yaml | 21 ++++ email/secrets/.gitkeep | 0 git/{docker-compose.yml => compose.yaml} | 14 +-- git/volumes/gitea_config/.gitkeep | 0 git/volumes/gitea_data/.gitkeep | 0 indexer/{docker-compose.yml => compose.yaml} | 43 ++++--- indexer/volumes/autobrr_config/.gitkeep | 0 indexer/volumes/omegabrr_config/.gitkeep | 0 indexer/volumes/prowlarr_config/.gitkeep | 0 irc/{docker-compose.yml => compose.yaml} | 13 +- irc/volumes/thelounge_config/.gitkeep | 0 ...compose.hwaccl.yml => compose.hwaccl.yaml} | 0 ...mpose.macvlan.yml => compose.macvlan.yaml} | 0 media-player/compose.yaml | 76 ++++++++++++ media-player/docker-compose.yml | 81 ------------ media-player/secrets/.gitkeep | 0 .../volumes/audiobookshelf_config/.gitkeep | 0 .../volumes/audiobookshelf_metadata/.gitkeep | 0 media-player/volumes/plaxt_keystore/.gitkeep | 0 media-player/volumes/plex_config/.gitkeep | 0 media-player/volumes/tautulli_config/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 14 +-- .../volumes/overseerr_config/.gitkeep | 0 monitoring/compose.macvlan.yaml | 11 ++ monitoring/{compose.yml => compose.yaml} | 59 +++++---- monitoring/volumes/grafana_data/.gitkeep | 0 monitoring/volumes/prometheus_data/.gitkeep | 0 monitoring/volumes/promtail_logs/.gitignore | 6 + .../volumes/promtail_logs/traefik/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 14 +-- .../volumes/radarr_config/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 0 .../volumes/smokeping_config/.gitkeep | 0 .../volumes/smokeping_data/.gitkeep | 0 notifiarr/compose.yaml | 28 +++++ notifiarr/docker-compose.yml | 31 ----- notifiarr/volumes/notifiarr_config/.gitkeep | 0 notifiarr/volumes/recyclarr_config/.gitkeep | 0 photo-collector/compose.yaml | 82 +++++++++++++ photo-collector/docker-compose.yml | 59 --------- .../volumes/immich_ml_cache/.gitkeep | 0 .../volumes/immich_postgres_data/.gitkeep | 0 recipe-collector/compose.yaml | 16 +++ recipe-collector/docker-compose.yml | 22 ---- recipe-collector/volumes/mealie_data/.gitkeep | 0 ...mpose.macvlan.yml => compose.macvlan.yaml} | 2 + .../{docker-compose.yml => compose.yaml} | 39 +++--- reverse-proxy/configs/dynamic/authelia.yml | 2 + reverse-proxy/configs/dynamic/compress.yml | 2 + reverse-proxy/configs/dynamic/hsts.yml | 2 + reverse-proxy/configs/dynamic/portainer.yml | 11 -- reverse-proxy/configs/dynamic/synology.yml | 4 +- reverse-proxy/configs/traefik.yml | 8 +- reverse-proxy/secrets/.gitkeep | 0 reverse-proxy/volumes/traefik_acme/.gitkeep | 0 reverse-proxy/volumes/traefik_logs | 1 + ssh-protection/docker-compose.yml | 21 ---- .../{docker-compose.yml => compose.yaml} | 13 +- .../volumes/bazarr_config/.gitkeep | 0 torrents/compose.yaml | 116 ++++++++++++++++++ torrents/config/98-gateway-setup | 11 -- torrents/config/99-cron-start | 1 - torrents/docker-compose.yml | 102 --------------- torrents/secrets/.gitkeep | 0 torrents/volumes/cross-seed_config/.gitkeep | 0 .../qbitmanage-seeding_config/.gitkeep | 0 torrents/volumes/qbitmanage_config/.gitkeep | 0 .../qbittorrent-seeding_config/.gitkeep | 0 torrents/volumes/qbittorrent_config/.gitkeep | 0 torrents/volumes/unpackerr_config/.gitkeep | 0 .../{docker-compose.yml => compose.yaml} | 14 ++- tv-collector/volumes/sonarr_config/.gitkeep | 0 usenet/{docker-compose.yml => compose.yaml} | 17 ++- usenet/volumes/sabnzbd_config/.gitkeep | 0 youtube-dl/compose.yaml | 21 ++++ youtube-dl/docker-compose.yml | 40 ------ 104 files changed, 752 insertions(+), 666 deletions(-) create mode 100644 authentication/compose.yaml delete mode 100644 authentication/docker-compose.yml create mode 100644 authentication/secrets/.gitkeep create mode 100644 authentication/volumes/authelia_config/.gitkeep create mode 100644 authentication/volumes/lldap_data/.gitkeep rename book-collector/{docker-compose.yml => compose.yaml} (65%) create mode 100644 book-collector/volumes/readarr-audiobook_config/.gitkeep create mode 100644 book-collector/volumes/readarr-ebook_config/.gitkeep rename bootstrap/{docker-compose.macvlan.yml => compose.macvlan.yaml} (80%) create mode 100644 bootstrap/compose.yaml delete mode 100644 bootstrap/docker-compose.yml create mode 100644 bootstrap/secrets/.gitkeep create mode 100644 bootstrap/volumes/portainer_data/.gitkeep rename comic-collector/{docker-compose.yml => compose.yaml} (61%) create mode 100644 comic-collector/volumes/mylar_config/.gitkeep create mode 100644 compose.base.yaml create mode 100644 docker-monitoring/compose.yaml delete mode 100644 docker-monitoring/docker-compose.yml create mode 100644 docker-monitoring/secrets/.gitkeep create mode 100644 docker-monitoring/volumes/dockge_data/.gitkeep rename document-collector/{docker-compose.yml => compose.yaml} (59%) create mode 100644 document-collector/volumes/broker_data/.gitkeep create mode 100644 document-collector/volumes/paperless_data/.gitkeep rename dynamic-dns/{docker-compose.yml => compose.yaml} (50%) rename ebook-reader/{docker-compose.yml => compose.yaml} (56%) create mode 100644 ebook-reader/volumes/calibre-web_config/.gitkeep create mode 100644 ebook-reader/volumes/calibre_config/.gitkeep create mode 100644 email/compose.yaml create mode 100644 email/secrets/.gitkeep rename git/{docker-compose.yml => compose.yaml} (62%) create mode 100644 git/volumes/gitea_config/.gitkeep create mode 100644 git/volumes/gitea_data/.gitkeep rename indexer/{docker-compose.yml => compose.yaml} (57%) create mode 100644 indexer/volumes/autobrr_config/.gitkeep create mode 100644 indexer/volumes/omegabrr_config/.gitkeep create mode 100644 indexer/volumes/prowlarr_config/.gitkeep rename irc/{docker-compose.yml => compose.yaml} (57%) create mode 100644 irc/volumes/thelounge_config/.gitkeep rename media-player/{docker-compose.hwaccl.yml => compose.hwaccl.yaml} (100%) rename media-player/{docker-compose.macvlan.yml => compose.macvlan.yaml} (100%) create mode 100644 media-player/compose.yaml delete mode 100644 media-player/docker-compose.yml create mode 100644 media-player/secrets/.gitkeep create mode 100644 media-player/volumes/audiobookshelf_config/.gitkeep create mode 100644 media-player/volumes/audiobookshelf_metadata/.gitkeep create mode 100644 media-player/volumes/plaxt_keystore/.gitkeep create mode 100644 media-player/volumes/plex_config/.gitkeep create mode 100644 media-player/volumes/tautulli_config/.gitkeep rename media-requester/{docker-compose.yml => compose.yaml} (55%) create mode 100644 media-requester/volumes/overseerr_config/.gitkeep create mode 100644 monitoring/compose.macvlan.yaml rename monitoring/{compose.yml => compose.yaml} (50%) create mode 100644 monitoring/volumes/grafana_data/.gitkeep create mode 100644 monitoring/volumes/prometheus_data/.gitkeep create mode 100644 monitoring/volumes/promtail_logs/.gitignore create mode 100644 monitoring/volumes/promtail_logs/traefik/.gitkeep rename movie-collector/{docker-compose.yml => compose.yaml} (64%) create mode 100644 movie-collector/volumes/radarr_config/.gitkeep rename network-monitoring/{docker-compose.yml => compose.yaml} (100%) create mode 100644 network-monitoring/volumes/smokeping_config/.gitkeep create mode 100644 network-monitoring/volumes/smokeping_data/.gitkeep create mode 100644 notifiarr/compose.yaml delete mode 100644 notifiarr/docker-compose.yml create mode 100644 notifiarr/volumes/notifiarr_config/.gitkeep create mode 100644 notifiarr/volumes/recyclarr_config/.gitkeep create mode 100644 photo-collector/compose.yaml delete mode 100644 photo-collector/docker-compose.yml create mode 100644 photo-collector/volumes/immich_ml_cache/.gitkeep create mode 100644 photo-collector/volumes/immich_postgres_data/.gitkeep create mode 100644 recipe-collector/compose.yaml delete mode 100644 recipe-collector/docker-compose.yml create mode 100644 recipe-collector/volumes/mealie_data/.gitkeep rename reverse-proxy/{docker-compose.macvlan.yml => compose.macvlan.yaml} (71%) rename reverse-proxy/{docker-compose.yml => compose.yaml} (57%) delete mode 100644 reverse-proxy/configs/dynamic/portainer.yml create mode 100644 reverse-proxy/secrets/.gitkeep create mode 100644 reverse-proxy/volumes/traefik_acme/.gitkeep create mode 120000 reverse-proxy/volumes/traefik_logs delete mode 100644 ssh-protection/docker-compose.yml rename subtitle-collector/{docker-compose.yml => compose.yaml} (65%) create mode 100644 subtitle-collector/volumes/bazarr_config/.gitkeep create mode 100644 torrents/compose.yaml delete mode 100755 torrents/config/98-gateway-setup delete mode 100644 torrents/docker-compose.yml create mode 100644 torrents/secrets/.gitkeep create mode 100644 torrents/volumes/cross-seed_config/.gitkeep create mode 100644 torrents/volumes/qbitmanage-seeding_config/.gitkeep create mode 100644 torrents/volumes/qbitmanage_config/.gitkeep create mode 100644 torrents/volumes/qbittorrent-seeding_config/.gitkeep create mode 100644 torrents/volumes/qbittorrent_config/.gitkeep create mode 100644 torrents/volumes/unpackerr_config/.gitkeep rename tv-collector/{docker-compose.yml => compose.yaml} (65%) create mode 100644 tv-collector/volumes/sonarr_config/.gitkeep rename usenet/{docker-compose.yml => compose.yaml} (66%) create mode 100644 usenet/volumes/sabnzbd_config/.gitkeep create mode 100644 youtube-dl/compose.yaml delete mode 100644 youtube-dl/docker-compose.yml diff --git a/.gitignore b/.gitignore index 3767b39..cfe81b2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,13 @@ *.nas-compose.env -/**/volumes/* -/**/secrets/* +# Prevent the content of volumes from being commited, but allow the folders +/*/volumes/*/** +# Prevent secrets from being commited +/*/secrets/** +# Prevent local environment configuration from being commited +/*/.env +# Allow .gitkeeps for empty folders (volumes/secrets) +!.gitkeep +!.gitignore + @eaDir .DS_Store diff --git a/authentication/compose.yaml b/authentication/compose.yaml new file mode 100644 index 0000000..c8bf7d3 --- /dev/null +++ b/authentication/compose.yaml @@ -0,0 +1,67 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + authelia: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: authelia + image: authelia/authelia + command: + - authelia + - --config=/etc/authelia/configuration.yml + - --config=/etc/authelia/access.yml + - --config=/etc/authelia/authentication.yml + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + environment: + AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: /run/secrets/jwt_secret + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/storage_key + AUTHELIA_NOTIFIER_SMTP_ADDRESS: smtp://smtp-server + AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS: true + AUTHELIA_NOTIFIER_SMTP_SENDER: Authelia + X_AUTHELIA_CONFIG_FILTERS: template + TEMPLATE_NASCOMPOSE_DOMAIN: ${NASCOMPOSE_DOMAIN?} + networks: + - smtp-server + - default + volumes: + - ./volumes/authelia_config/:/config/ + - ./configs/authelia_configuration.yml:/etc/authelia/configuration.yml:ro + - ./configs/authelia_access.yml:/etc/authelia/access.yml:ro + - ./configs/authelia_authentication.yml:/etc/authelia/authentication.yml:ro + - ./secrets/authelia_jwt_secret:/run/secrets/jwt_secret:ro + - ./secrets/authelia_storage_key:/run/secrets/storage_key:ro + - ./secrets/authelia_oidcsecret:/run/secrets/oidcsecret:ro + - ./secrets/authelia_oidc.key:/run/secrets/oidc.key:ro + authelia-redis: + extends: + file: ../compose.base.yaml + service: base-service + container_name: authelia-redis + image: redis + #user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + + lldap: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: lldap + image: lldap/lldap:latest-alpine-rootless + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + environment: + LLDAP_JWT_SECRET_FILE: /run/secrets/jwt_secret + LLDAP_KEY_SEED_FILE: /run/secrets/key_seed + networks: + - default + volumes: + - ./volumes/lldap_data:/data + - ./secrets/lldap_jwt_secret:/run/secrets/jwt_secret:ro + - ./secrets/lldap_key_seed:/run/secrets/key_seed:ro + labels: + traefik.http.routers.lldap.middlewares: authelia@file + traefik.http.services.lldap.loadbalancer.server.port: 17170 +networks: + reverse-proxy: + external: true + smtp-server: + external: true diff --git a/authentication/docker-compose.yml b/authentication/docker-compose.yml deleted file mode 100644 index d1a8b83..0000000 --- a/authentication/docker-compose.yml +++ /dev/null @@ -1,65 +0,0 @@ -version: "3.8" - -services: - authelia: - hostname: authelia - image: authelia/authelia - command: - - --config=/etc/authelia/configuration.yml - - --config=/etc/authelia/access.yml - - --config=/etc/authelia/authentication.yml - environment: - PUID: ${NASCOMPOSE_UID?} - PGID: ${NASCOMPOSE_GID?} - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: /run/secrets/jwt_secret - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/storage_key - AUTHELIA_NOTIFIER_SMTP_ADDRESS: ${NASCOMPOSE_AUTHELIA_SMTP_ADDRESS?} - AUTHELIA_NOTIFIER_SMTP_USERNAME: ${NASCOMPOSE_AUTHELIA_SMTP_USERNAME?} - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /run/secrets/smtp_password - AUTHELIA_NOTIFIER_SMTP_SENDER: authelia@${NASCOMPOSE_DOMAIN?} - X_AUTHELIA_CONFIG_FILTERS: template - TEMPLATE_NASCOMPOSE_DOMAIN: ${NASCOMPOSE_DOMAIN?} - networks: - - reverse-proxy - - default - volumes: - - ${NASCOMPOSE_SERVICES?}/authentication/volumes/authelia_config/:/config/ - # Configuration - - ${NASCOMPOSE_SERVICES?}/authentication/configs/authelia_configuration.yml:/etc/authelia/configuration.yml:ro - - ${NASCOMPOSE_SERVICES?}/authentication/configs/authelia_access.yml:/etc/authelia/access.yml:ro - - ${NASCOMPOSE_SERVICES?}/authentication/configs/authelia_authentication.yml:/etc/authelia/authentication.yml:ro - # Secrets - - ${NASCOMPOSE_SERVICES?}/authentication/secrets/authelia_jwt_secret:/run/secrets/jwt_secret:ro - - ${NASCOMPOSE_SERVICES?}/authentication/secrets/authelia_storage_key:/run/secrets/storage_key:ro - - ${NASCOMPOSE_SERVICES?}/authentication/secrets/authelia_smtp_password:/run/secrets/smtp_password:ro - - ${NASCOMPOSE_SERVICES?}/authentication/secrets/authelia_oidcsecret:/run/secrets/oidcsecret:ro - - ${NASCOMPOSE_SERVICES?}/authentication/secrets/authelia_oidc.key:/run/secrets/oidc.key:ro - restart: unless-stopped - labels: - traefik.enable: true - authelia-redis: - hostname: authelia-redis - image: redis - restart: unless-stopped - lldap: - image: lldap/lldap - environment: - UID: ${NASCOMPOSE_UID?} - GID: ${NASCOMPOSE_GID?} - LLDAP_JWT_SECRET_FILE: /run/secrets/jwt_secret - LLDAP_KEY_SEED_FILE: /run/secrets/key_seed - networks: - - reverse-proxy - - default - volumes: - - ${NASCOMPOSE_SERVICES?}/authentication/volumes/lldap_data:/data - # Secrets - - ${NASCOMPOSE_SERVICES?}/authentication/secrets/lldap_jwt_secret:/run/secrets/jwt_secret:ro - - ${NASCOMPOSE_SERVICES?}/authentication/secrets/lldap_key_seed:/run/secrets/key_seed:ro - labels: - traefik.enable: true - traefik.http.routers.lldap.middlewares: authelia@file - traefik.http.services.lldap.loadbalancer.server.port: 17170 -networks: - reverse-proxy: - external: true diff --git a/authentication/secrets/.gitkeep b/authentication/secrets/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/authentication/volumes/authelia_config/.gitkeep b/authentication/volumes/authelia_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/authentication/volumes/lldap_data/.gitkeep b/authentication/volumes/lldap_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/book-collector/docker-compose.yml b/book-collector/compose.yaml similarity index 65% rename from book-collector/docker-compose.yml rename to book-collector/compose.yaml index 0b23b03..70fea8f 100644 --- a/book-collector/docker-compose.yml +++ b/book-collector/compose.yaml @@ -1,42 +1,41 @@ -name: book-collector +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json +name: book-collector services: readarr-audiobook: - hostname: readarr-audiobook + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: readarr-audiobook image: lscr.io/linuxserver/readarr:develop # TODO: Move to a stable version environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - torrents - usenet volumes: - - ${NASCOMPOSE_SERVICES?}/book-collector/volumes/readarr-audiobook_config/:/config/ + - ./volumes/readarr-audiobook_config/:/config/ - ${NASCOMPOSE_DATA?}/:/data/ - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.readarr-audiobook.middlewares: authelia@file - readarr-ebook: - hostname: readarr-ebook + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: readarr-ebook image: lscr.io/linuxserver/readarr:develop # TODO: Move to a stable version environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - torrents - usenet volumes: - - ${NASCOMPOSE_SERVICES?}/book-collector/volumes/readarr-ebook_config/:/config/ + - ./volumes/readarr-ebook_config/:/config/ - ${NASCOMPOSE_DATA?}/:/data/ - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.readarr-ebook.middlewares: authelia@file - networks: reverse-proxy: external: true diff --git a/book-collector/volumes/readarr-audiobook_config/.gitkeep b/book-collector/volumes/readarr-audiobook_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/book-collector/volumes/readarr-ebook_config/.gitkeep b/book-collector/volumes/readarr-ebook_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/bootstrap/docker-compose.macvlan.yml b/bootstrap/compose.macvlan.yaml similarity index 80% rename from bootstrap/docker-compose.macvlan.yml rename to bootstrap/compose.macvlan.yaml index f281473..2452724 100644 --- a/bootstrap/docker-compose.macvlan.yml +++ b/bootstrap/compose.macvlan.yaml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + services: portainer: networks: diff --git a/bootstrap/compose.yaml b/bootstrap/compose.yaml new file mode 100644 index 0000000..0ccb2ac --- /dev/null +++ b/bootstrap/compose.yaml @@ -0,0 +1,21 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + portainer: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: portainer + image: portainer/portainer-ee + command: + - --admin-password-file=/run/secrets/portainer_password + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./volumes/portainer_data/:/data/ + - ./secrets/portainer_password:/run/secrets/portainer_password:ro + labels: + traefik.http.services.portainer.loadbalancer.server.port: 9443 + traefik.http.services.portainer.loadbalancer.server.scheme: https +networks: + reverse-proxy: + external: true diff --git a/bootstrap/docker-compose.yml b/bootstrap/docker-compose.yml deleted file mode 100644 index ec0166a..0000000 --- a/bootstrap/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: "3.8" -services: - portainer: - hostname: portainer - image: portainer/portainer-ee - command: - - --admin-password-file=/run/secrets/portainer_password - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /var/packages/ContainerManager/var/docker/volumes/:/var/lib/docker/volumes/ - - ${NASCOMPOSE_SERVICES?}/bootstrap/volumes/portainer_data/:/data/ - # Secrets - - ${NASCOMPOSE_SERVICES?}/bootstrap/secrets/portainer_password:/run/secrets/portainer_password:ro - restart: unless-stopped diff --git a/bootstrap/secrets/.gitkeep b/bootstrap/secrets/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/bootstrap/volumes/portainer_data/.gitkeep b/bootstrap/volumes/portainer_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/comic-collector/docker-compose.yml b/comic-collector/compose.yaml similarity index 61% rename from comic-collector/docker-compose.yml rename to comic-collector/compose.yaml index 1692e7e..1089d7a 100644 --- a/comic-collector/docker-compose.yml +++ b/comic-collector/compose.yaml @@ -1,27 +1,24 @@ -name: comic-collector +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: mylar: + extends: + file: ../compose.base.yaml + service: exposed-service hostname: mylar image: lscr.io/linuxserver/mylar3 environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - torrents - usenet volumes: - - ${NASCOMPOSE_SERVICES?}/comic-collector/volumes/mylar_config/:/config/ + - ./volumes/mylar_config/:/config/ - ${NASCOMPOSE_DATA?}/:/data/ - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.mylar.middlewares: authelia@file - networks: - reverse-proxy: - external: true torrents: external: true usenet: diff --git a/comic-collector/volumes/mylar_config/.gitkeep b/comic-collector/volumes/mylar_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/compose.base.yaml b/compose.base.yaml new file mode 100644 index 0000000..a08cfe1 --- /dev/null +++ b/compose.base.yaml @@ -0,0 +1,22 @@ +services: + base-service: + restart: unless-stopped + logging: + driver: loki + options: + loki-url: http://${NASCOMPOSE_MACVLAN_LOKI_IP?}:3100/loki/api/v1/push + loki-retries: 2 + loki-max-backoff: 800ms + loki-timeout: 1s + keep-file: 'true' + + exposed-service: + extends: base-service + networks: + - reverse-proxy + labels: + traefik.enable: true + +networks: + reverse-proxy: + external: true diff --git a/docker-monitoring/compose.yaml b/docker-monitoring/compose.yaml new file mode 100644 index 0000000..95b70fa --- /dev/null +++ b/docker-monitoring/compose.yaml @@ -0,0 +1,61 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + watchtower: + extends: + file: ../compose.base.yaml + service: ase-service + container_name: watchtower + image: containrrr/watchtower + environment: + WATCHTOWER_INCLUDE_RESTARTING: true + WATCHTOWER_INCLUDE_STOPPED: true + WATCHTOWER_CLEANUP: true + WATCHTOWER_NOTIFICATION_REPORT: true + WATCHTOWER_NOTIFICATION_URL: /run/secrets/notification_url + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${NASCOMPOSE_SERVICES?}/docker-monitoring/secrets/notification_url:/run/secrets/notification_url:ro + + portainer: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: portainer + image: portainer/portainer-ee + command: + - --admin-password-file=/run/secrets/portainer_password + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./volumes/portainer_data/:/data/ + - ./secrets/portainer_password:/run/secrets/portainer_password:ro + labels: + traefik.http.services.portainer.loadbalancer.server.port: 9443 + traefik.http.services.portainer.loadbalancer.server.scheme: https + + dockge: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: dockge + build: + context: . + dockerfile_inline: | + FROM louislam/dockge + RUN apt update \ + && apt --yes --no-install-recommends install \ + docker-ce-cli docker-compose-plugin \ + && rm -rf /var/lib/apt/lists/* + environment: + DOCKGE_STACKS_DIR: ${NASCOMPOSE_SERVICES?}/ + COMPOSE_ENV_FILES: ${NASCOMPOSE_SERVICES?}/nas-compose.env,.env + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${NASCOMPOSE_SERVICES?}/:${NASCOMPOSE_SERVICES?}/ + - ${NASCOMPOSE_SERVICES?}/docker-monitoring/volumes/dockge_data/:/app/data/ + labels: + traefik.http.routers.dockge.middlewares: authelia@file + +networks: + reverse-proxy: + external: true diff --git a/docker-monitoring/docker-compose.yml b/docker-monitoring/docker-compose.yml deleted file mode 100644 index 36d7988..0000000 --- a/docker-monitoring/docker-compose.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: docker-monitoring -services: - watchtower: - hostname: watchtower - image: containrrr/watchtower - environment: - WATCHTOWER_INCLUDE_RESTARTING: true - WATCHTOWER_INCLUDE_STOPPED: true - WATCHTOWER_CLEANUP: true - WATCHTOWER_NOTIFICATION_REPORT: true - WATCHTOWER_NOTIFICATION_URL: /run/secrets/notification_url - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ${NASCOMPOSE_SERVICES?}/docker-monitoring/secrets/notification_url:/run/secrets/notification_url:ro - restart: unless-stopped - dockge: - hostname: dockge - image: louislam/dockge - networks: - - reverse-proxy - environment: - DOCKGE_STACKS_DIR: ${NASCOMPOSE_SERVICES?}/ - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ${NASCOMPOSE_SERVICES?}/:${NASCOMPOSE_SERVICES?}/ - - ${NASCOMPOSE_SERVICES?}/docker-monitoring/volumes/dockge_data/:/app/data/ - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.routers.dockge.middlewares: authelia@file -networks: - reverse-proxy: - external: true diff --git a/docker-monitoring/secrets/.gitkeep b/docker-monitoring/secrets/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker-monitoring/volumes/dockge_data/.gitkeep b/docker-monitoring/volumes/dockge_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/document-collector/docker-compose.yml b/document-collector/compose.yaml similarity index 59% rename from document-collector/docker-compose.yml rename to document-collector/compose.yaml index fd4169b..38f7ecf 100644 --- a/document-collector/docker-compose.yml +++ b/document-collector/compose.yaml @@ -1,11 +1,14 @@ -name: document-collector +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: paperless: - hostname: paperless + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: paperless image: ghcr.io/paperless-ngx/paperless-ngx environment: - PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_REDIS: redis://paperless-broker:6379 USERMAP_UID: ${NASCOMPOSE_UID?} USERMAP_GID: ${NASCOMPOSE_GID?} PAPERLESS_URL: https://paperless.${NASCOMPOSE_DOMAIN?} @@ -13,27 +16,24 @@ services: PAPERLESS_TRASH_DIR: /usr/src/paperless/media/recycle-bin/paperless/ PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}' networks: - - reverse-proxy - default depends_on: - - broker + - paperless-broker volumes: - - ${NASCOMPOSE_SERVICES?}/document-collector/volumes/paperless_data/:/usr/src/paperless/data/ + - ./volumes/paperless_data/:/usr/src/paperless/data/ - ${NASCOMPOSE_DATA?}/media/:/usr/src/paperless/media/ - ${NASCOMPOSE_DATA?}/consume:/usr/src/paperless/consume - ${NASCOMPOSE_DATA?}/export:/usr/src/paperless/export - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.paperless.middlewares: authelia@file - - broker: - hostname: broker - image: redis:7 + paperless-broker: + extends: + file: ../compose.base.yaml + service: base-service + container_name: paperless-broker + image: redis volumes: - - ${NASCOMPOSE_SERVICES?}/document-collector/volumes/broker_data/:/data/ - restart: unless-stopped - + - ./volumes/broker_data/:/data/ networks: reverse-proxy: external: true diff --git a/document-collector/volumes/broker_data/.gitkeep b/document-collector/volumes/broker_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/document-collector/volumes/paperless_data/.gitkeep b/document-collector/volumes/paperless_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/dynamic-dns/docker-compose.yml b/dynamic-dns/compose.yaml similarity index 50% rename from dynamic-dns/docker-compose.yml rename to dynamic-dns/compose.yaml index 018936d..af81210 100644 --- a/dynamic-dns/docker-compose.yml +++ b/dynamic-dns/compose.yaml @@ -1,13 +1,14 @@ -name: dynamic-dns +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: duckdns: - hostname: duckdns + container_name: duckdns image: lscr.io/linuxserver/duckdns environment: - SUBDOMAINS=${NASCOMPOSE_DUCKDNS_DOMAIN?} - FILE__TOKEN=/run/secrets/duckdns_token volumes: # Secrets - - ${NASCOMPOSE_SERVICES?}/dynamic-dns/secrets/duckdns_token:/run/secrets/duckdns_token:ro + - ./secrets/duckdns_token:/run/secrets/duckdns_token:ro restart: unless-stopped +networks: {} diff --git a/ebook-reader/docker-compose.yml b/ebook-reader/compose.yaml similarity index 56% rename from ebook-reader/docker-compose.yml rename to ebook-reader/compose.yaml index 0f27aee..242fd67 100644 --- a/ebook-reader/docker-compose.yml +++ b/ebook-reader/compose.yaml @@ -1,46 +1,43 @@ -name: ebook-reader +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: calibre: - hostname: calibre + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: calibre image: lscr.io/linuxserver/calibre environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - calibre volumes: - - ${NASCOMPOSE_SERVICES?}/ebook-reader/volumes/calibre_config/:/config/ + - ./volumes/calibre_config/:/config/ - ${NASCOMPOSE_DATA?}/media/ebooks/:/data/media/ebooks/ - - ${NASCOMPOSE_SERVICES?}/ebook-reader/volumes/calibre_database/metadata.db:/data/media/ebooks/metadata.db - restart: unless-stopped + - ./volumes/calibre_database/metadata.db:/data/media/ebooks/metadata.db labels: - traefik.enable: true traefik.http.services.calibre.loadbalancer.server.port: 8080 traefik.http.routers.calibre.middlewares: authelia@file - calibre-web: - hostname: calibre-web + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: calibre-web image: lscr.io/linuxserver/calibre-web environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - calibre volumes: - - ${NASCOMPOSE_SERVICES?}/ebook-reader/volumes/calibre-web_config/:/config/ + - ./volumes/calibre-web_config/:/config/ - ${NASCOMPOSE_DATA?}/media/ebooks/:/data/media/ebooks/:ro - - ${NASCOMPOSE_SERVICES?}/ebook-reader/volumes/calibre_database/metadata.db:/data/media/ebooks/metadata.db:ro - restart: unless-stopped + - ./volumes/calibre_database/metadata.db:/data/media/ebooks/metadata.db:ro labels: - traefik.enable: true traefik.http.routers.calibre-web.middlewares: authelia@file - networks: calibre: name: calibre - reverse-proxy: external: true diff --git a/ebook-reader/volumes/calibre-web_config/.gitkeep b/ebook-reader/volumes/calibre-web_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ebook-reader/volumes/calibre_config/.gitkeep b/ebook-reader/volumes/calibre_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/email/compose.yaml b/email/compose.yaml new file mode 100644 index 0000000..efc65cd --- /dev/null +++ b/email/compose.yaml @@ -0,0 +1,21 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + smtp-server: + extends: + file: ../compose.base.yaml + service: base-service + container_name: smtp-server + image: juanluisbaptiste/postfix + environment: + - SMTP_SERVER=${SMTP_ADDRESS?} + - SMTP_USERNAME=${SMTP_USERNAME?} + - SMTP_PASSWORD_FILE=/run/secrets/smtp_password + - SERVER_HOSTNAME=${NASCOMPOSE_DOMAIN?} + networks: + - smtp-server + volumes: + - ./secrets/smtp_password:/run/secrets/smtp_password:ro +networks: + smtp-server: + name: smtp-server diff --git a/email/secrets/.gitkeep b/email/secrets/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/git/docker-compose.yml b/git/compose.yaml similarity index 62% rename from git/docker-compose.yml rename to git/compose.yaml index 68e2dd0..532b465 100644 --- a/git/docker-compose.yml +++ b/git/compose.yaml @@ -1,18 +1,18 @@ -version: "3.8" +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + services: gitea: + extends: + file: ../compose.base.yaml + service: exposed-service container_name: gitea image: gitea/gitea:latest-rootless user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} volumes: - ${NASCOMPOSE_DATA?}/git:/var/lib/gitea/git/lfs - - ${NASCOMPOSE_SERVICES?}/git/volumes/gitea_data:/var/lib/gitea - - ${NASCOMPOSE_SERVICES?}/git/volumes/gitea_config:/etc/gitea - networks: - - reverse-proxy - restart: unless-stopped + - ./volumes/gitea_data:/var/lib/gitea + - ./volumes/gitea_config:/etc/gitea labels: - traefik.enable: true traefik.http.services.gitea.loadbalancer.server.port: 3000 traefik.tcp.routers.gitea.entryPoints: ssh traefik.tcp.routers.gitea.rule: HostSNI(`*`) diff --git a/git/volumes/gitea_config/.gitkeep b/git/volumes/gitea_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/git/volumes/gitea_data/.gitkeep b/git/volumes/gitea_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/indexer/docker-compose.yml b/indexer/compose.yaml similarity index 57% rename from indexer/docker-compose.yml rename to indexer/compose.yaml index f45a07f..8b0fb23 100644 --- a/indexer/docker-compose.yml +++ b/indexer/compose.yaml @@ -1,14 +1,16 @@ -name: indexer +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: prowlarr: - hostname: prowlarr + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: prowlarr image: lscr.io/linuxserver/prowlarr environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - default - indexer - torrents @@ -18,27 +20,27 @@ services: - 1.1.1.1 - 1.0.0.1 volumes: - - ${NASCOMPOSE_SERVICES?}/indexer/volumes/prowlarr_config/:/config/ - restart: unless-stopped + - ./volumes/prowlarr_config/:/config/ labels: - traefik.enable: true traefik.http.routers.prowlarr.middlewares: authelia@file - flaresolverr: - hostname: flaresolverr - image: ghcr.io/flaresolverr/flaresolverr:pr-1282 # Temporary until https://github.com/FlareSolverr/FlareSolverr/pull/1272 gets fixed - restart: unless-stopped + extends: + file: ../compose.base.yaml + service: base-service + container_name: flaresolverr + image: alexfozor/flaresolverr:pr-1300-experimental # ghcr.io/flaresolverr/flaresolverr:pr-1282 # Temporary until https://github.com/FlareSolverr/FlareSolverr/pull/1272 gets fixed dns: # Work around DNS blocks in various regions - 1.1.1.1 - 1.0.0.1 - autobrr: - hostname: autobrr + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: autobrr image: ghcr.io/autobrr/autobrr user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} networks: - - reverse-proxy - default - torrents dns: @@ -46,27 +48,24 @@ services: - 1.1.1.1 - 1.0.0.1 volumes: - - ${NASCOMPOSE_SERVICES?}/indexer/volumes/autobrr_config/:/config/ - restart: unless-stopped + - ./volumes/autobrr_config/:/config/ labels: - traefik.enable: true traefik.http.routers.autobrr.middlewares: authelia@file - omegabrr: - hostname: omegabrr + extends: + file: ../compose.base.yaml + service: base-service + container_name: omegabrr image: ghcr.io/autobrr/omegabrr user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} networks: - - reverse-proxy + - reverse-proxy # Hack to access sonarr/radarr - default volumes: - ${NASCOMPOSE_SERVICES?}/indexer/volumes/omegabrr_config/:/config/ - restart: unless-stopped - networks: indexer: name: indexer - reverse-proxy: external: true torrents: diff --git a/indexer/volumes/autobrr_config/.gitkeep b/indexer/volumes/autobrr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/indexer/volumes/omegabrr_config/.gitkeep b/indexer/volumes/omegabrr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/indexer/volumes/prowlarr_config/.gitkeep b/indexer/volumes/prowlarr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/irc/docker-compose.yml b/irc/compose.yaml similarity index 57% rename from irc/docker-compose.yml rename to irc/compose.yaml index ff0d185..3c276e5 100644 --- a/irc/docker-compose.yml +++ b/irc/compose.yaml @@ -1,23 +1,22 @@ -name: irc +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: thelounge: - hostname: thelounge + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: thelounge image: lscr.io/linuxserver/thelounge environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} - networks: - - reverse-proxy dns: # Work around DNS blocks in various regions - 1.1.1.1 - 1.0.0.1 volumes: - - ${NASCOMPOSE_SERVICES?}/irc/volumes/thelounge_config/:/config/ - restart: unless-stopped + - ./volumes/thelounge_config/:/config/ labels: - traefik.enable: true traefik.http.routers.thelounge.middlewares: authelia@file networks: diff --git a/irc/volumes/thelounge_config/.gitkeep b/irc/volumes/thelounge_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/media-player/docker-compose.hwaccl.yml b/media-player/compose.hwaccl.yaml similarity index 100% rename from media-player/docker-compose.hwaccl.yml rename to media-player/compose.hwaccl.yaml diff --git a/media-player/docker-compose.macvlan.yml b/media-player/compose.macvlan.yaml similarity index 100% rename from media-player/docker-compose.macvlan.yml rename to media-player/compose.macvlan.yaml diff --git a/media-player/compose.yaml b/media-player/compose.yaml new file mode 100644 index 0000000..a3ebea0 --- /dev/null +++ b/media-player/compose.yaml @@ -0,0 +1,76 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + plex: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: plex + image: plexinc/pms-docker + environment: + PLEX_UID: ${NASCOMPOSE_UID?} + PLEX_GID: ${NASCOMPOSE_GID?} + networks: + - media-player + volumes: + - ./volumes/plex_config/:/config/ + - ${NASCOMPOSE_DATA?}/media/:/data/:ro + labels: + traefik.http.services.plex.loadbalancer.server.port: 32400 + traefik.http.services.plex.loadbalancer.server.scheme: https + tautulli: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: tautulli + image: ghcr.io/tautulli/tautulli + environment: + PUID: ${NASCOMPOSE_UID?} + PGID: ${NASCOMPOSE_GID?} + networks: + - media-player + volumes: + - ./volumes/tautulli_config/:/config/ + labels: + traefik.http.routers.tautulli.middlewares: authelia@file + plaxt: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: plaxt + image: xanderstrike/goplaxt + profiles: + - plaxt + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + environment: + TRAKT_ID_FILE: /run/secrets/trakt_id + TRAKT_SECRET_FILE: /run/secrets/trakt_secret + networks: + - media-player + volumes: + - ./volumes/plaxt_keystore/:/app/keystore/ + - ./secrets/trakt_id:/run/secrets/trakt_id:ro + - ./secrets/trakt_secret:/run/secrets/trakt_secret:ro + audiobookshelf: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: audiobookshelf + image: advplyr/audiobookshelf + profiles: + - ebooks + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + environment: + PORT: 13378 + volumes: + - ./volumes/audiobookshelf_config/:/config/ + - ./volumes/audiobookshelf_metadata/:/metadata/ + - ${NASCOMPOSE_DATA?}/media/audiobooks/:/audiobooks/ + labels: + traefik.http.routers.audiobookshelf.middlewares: authelia@file + traefik.http.services.audiobookshelf.loadbalancer.server.port: 13378 +networks: + media-player: + name: media-player + reverse-proxy: + external: true diff --git a/media-player/docker-compose.yml b/media-player/docker-compose.yml deleted file mode 100644 index 7102dbc..0000000 --- a/media-player/docker-compose.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: media-player - -services: - plex: - hostname: plex - image: plexinc/pms-docker - environment: - PLEX_UID: ${NASCOMPOSE_UID?} - PLEX_GID: ${NASCOMPOSE_GID?} - networks: - - reverse-proxy - - media-player - volumes: - - ${NASCOMPOSE_SERVICES?}/media-player/volumes/plex_config/:/config/ - - ${NASCOMPOSE_DATA?}/media/:/data/:ro - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.services.plex.loadbalancer.server.port: 32400 - traefik.http.services.plex.loadbalancer.server.scheme: https - - tautulli: - hostname: tautulli - image: lscr.io/linuxserver/tautulli - environment: - PUID: ${NASCOMPOSE_UID?} - PGID: ${NASCOMPOSE_GID?} - networks: - - reverse-proxy - - media-player - volumes: - - ${NASCOMPOSE_SERVICES?}/media-player/volumes/tautulli_config/:/config/ - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.routers.tautulli.middlewares: authelia@file - - plaxt: - hostname: plaxt - image: xanderstrike/goplaxt - profiles: [ plaxt ] - user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} - environment: - TRAKT_ID_FILE: /run/secrets/trakt_id - TRAKT_SECRET_FILE: /run/secrets/trakt_secret - networks: - - reverse-proxy - - media-player - volumes: - - ${NASCOMPOSE_SERVICES?}/media-player/volumes/plaxt_keystore/:/app/keystore/ - # Secrets - - ${NASCOMPOSE_SERVICES?}/media-player/secrets/trakt_id:/run/secrets/trakt_id:ro - - ${NASCOMPOSE_SERVICES?}/media-player/secrets/trakt_secret:/run/secrets/trakt_secret:ro - restart: unless-stopped - labels: - traefik.enable: true - - audiobookshelf: - hostname: audiobookshelf - image: advplyr/audiobookshelf - profiles: [ ebooks ] - environment: - AUDIOBOOKSHELF_UID: ${NASCOMPOSE_UID?} - AUDIOBOOKSHELF_GID: ${NASCOMPOSE_GID?} - networks: - - reverse-proxy - volumes: - - ${NASCOMPOSE_SERVICES?}/media-player/volumes/audiobookshelf_config/:/config/ - - ${NASCOMPOSE_SERVICES?}/media-player/volumes/audiobookshelf_metadata/:/metadata/ - - ${NASCOMPOSE_DATA?}/media/audiobooks/:/audiobooks/ - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.routers.audiobookshelf.middlewares: authelia@file - -networks: - media-player: - name: media-player - - reverse-proxy: - external: true diff --git a/media-player/secrets/.gitkeep b/media-player/secrets/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/media-player/volumes/audiobookshelf_config/.gitkeep b/media-player/volumes/audiobookshelf_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/media-player/volumes/audiobookshelf_metadata/.gitkeep b/media-player/volumes/audiobookshelf_metadata/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/media-player/volumes/plaxt_keystore/.gitkeep b/media-player/volumes/plaxt_keystore/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/media-player/volumes/plex_config/.gitkeep b/media-player/volumes/plex_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/media-player/volumes/tautulli_config/.gitkeep b/media-player/volumes/tautulli_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/media-requester/docker-compose.yml b/media-requester/compose.yaml similarity index 55% rename from media-requester/docker-compose.yml rename to media-requester/compose.yaml index ce7dca4..437e8ac 100644 --- a/media-requester/docker-compose.yml +++ b/media-requester/compose.yaml @@ -1,21 +1,19 @@ -name: media-requester +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: overseerr: - hostname: overseerr + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: overseerr image: sctx/overseerr user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} networks: - - reverse-proxy - media-player - tv-collector - movie-collector volumes: - - ${NASCOMPOSE_SERVICES?}/media-requester/volumes/overseerr_config/:/app/config - restart: unless-stopped - labels: - traefik.enable: true - + - ./volumes/overseerr_config/:/app/config networks: reverse-proxy: external: true diff --git a/media-requester/volumes/overseerr_config/.gitkeep b/media-requester/volumes/overseerr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/monitoring/compose.macvlan.yaml b/monitoring/compose.macvlan.yaml new file mode 100644 index 0000000..162b73e --- /dev/null +++ b/monitoring/compose.macvlan.yaml @@ -0,0 +1,11 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + loki: + networks: + macvlan: + ipv4_address: ${NASCOMPOSE_MACVLAN_LOKI_IP?} + +networks: + macvlan: + external: true diff --git a/monitoring/compose.yml b/monitoring/compose.yaml similarity index 50% rename from monitoring/compose.yml rename to monitoring/compose.yaml index b499ba7..2d852de 100644 --- a/monitoring/compose.yml +++ b/monitoring/compose.yaml @@ -1,36 +1,47 @@ -version: "3.8" +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + services: loki: + extends: + file: ../compose.base.yaml + service: base-service + container_name: loki image: grafana/loki + #user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} command: -config.file=/etc/loki/local-config.yaml networks: - default: null - macvlan: - ipv4_address: ${NASCOMPOSE_MACVLAN_LOKI_IP?} - restart: unless-stopped + - default promtail: + extends: + file: ../compose.base.yaml + service: base-service + container_name: promtail image: grafana/promtail + command: -config.file=/etc/promtail/config.yaml + #user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} volumes: - /var/log:/var/log - - ${NASCOMPOSE_SERVICES?}/monitoring/config/promtail_config.yaml:/etc/promtail/config.yaml - - ${NASCOMPOSE_SERVICES?}/monitoring/volumes/promtail_logs/:/data/logs/ - command: -config.file=/etc/promtail/config.yaml - restart: unless-stopped + - ./config/promtail_config.yaml:/etc/promtail/config.yaml + - ./volumes/promtail_logs/:/data/logs/ grafana: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: grafana image: grafana/grafana-oss user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} volumes: - - ${NASCOMPOSE_SERVICES?}/monitoring/volumes/grafana_data/:/var/lib/grafana - - ${NASCOMPOSE_SERVICES?}/monitoring/config/grafana.ini:/etc/grafana/grafana.ini:ro + - ./volumes/grafana_data/:/var/lib/grafana + - ./config/grafana.ini:/etc/grafana/grafana.ini:ro networks: - - reverse-proxy - default - restart: unless-stopped - labels: - traefik.enable: true cadvisor: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: cadvisor image: gcr.io/cadvisor/cadvisor - hostname: cadvisor + #user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} command: - --enable_metrics=app,cpu,memory,network,oom_event,percpu - --store_container_labels=false @@ -42,27 +53,23 @@ services: - /sys:/sys:ro - /var/packages/ContainerManager/var/docker/:/var/lib/docker:ro networks: - - reverse-proxy - default - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.cadvisor.middlewares: authelia@file prometheus: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: prometheus image: prom/prometheus user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} volumes: - - ${NASCOMPOSE_SERVICES?}/monitoring/config/prometheus_config/prometheus.yml:/etc/prometheus/prometheus.yml - - ${NASCOMPOSE_SERVICES?}/monitoring/volumes/prometheus_data/:/prometheus/ - restart: unless-stopped + - ./config/prometheus_config/prometheus.yml:/etc/prometheus/prometheus.yml + - ./volumes/prometheus_data/:/prometheus/ networks: - - reverse-proxy - default labels: - traefik.enable: true traefik.http.routers.prometheus.middlewares: authelia@file networks: reverse-proxy: external: true - macvlan: - external: true diff --git a/monitoring/volumes/grafana_data/.gitkeep b/monitoring/volumes/grafana_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/monitoring/volumes/prometheus_data/.gitkeep b/monitoring/volumes/prometheus_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/monitoring/volumes/promtail_logs/.gitignore b/monitoring/volumes/promtail_logs/.gitignore new file mode 100644 index 0000000..6690688 --- /dev/null +++ b/monitoring/volumes/promtail_logs/.gitignore @@ -0,0 +1,6 @@ +# Promtail logs volume is special as it contains folders which are symlinked to as volumes for other containers +# Stop the parent .gitignore from impacting subfolders +!*/ +# Ignore the content of all the subfolders +*/* +!.gitkeep diff --git a/monitoring/volumes/promtail_logs/traefik/.gitkeep b/monitoring/volumes/promtail_logs/traefik/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/movie-collector/docker-compose.yml b/movie-collector/compose.yaml similarity index 64% rename from movie-collector/docker-compose.yml rename to movie-collector/compose.yaml index eb333fc..36a1264 100644 --- a/movie-collector/docker-compose.yml +++ b/movie-collector/compose.yaml @@ -1,29 +1,27 @@ -name: movie-collector +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: radarr: - hostname: radarr + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: radarr image: lscr.io/linuxserver/radarr environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - movie-collector - torrents - usenet volumes: - - ${NASCOMPOSE_SERVICES?}/movie-collector/volumes/radarr_config/:/config/ + - ./volumes/radarr_config/:/config/ - ${NASCOMPOSE_DATA?}/:/data/ - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.radarr.middlewares: authelia@file - networks: movie-collector: name: movie-collector - reverse-proxy: external: true torrents: diff --git a/movie-collector/volumes/radarr_config/.gitkeep b/movie-collector/volumes/radarr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/network-monitoring/docker-compose.yml b/network-monitoring/compose.yaml similarity index 100% rename from network-monitoring/docker-compose.yml rename to network-monitoring/compose.yaml diff --git a/network-monitoring/volumes/smokeping_config/.gitkeep b/network-monitoring/volumes/smokeping_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/network-monitoring/volumes/smokeping_data/.gitkeep b/network-monitoring/volumes/smokeping_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/notifiarr/compose.yaml b/notifiarr/compose.yaml new file mode 100644 index 0000000..3ce52ad --- /dev/null +++ b/notifiarr/compose.yaml @@ -0,0 +1,28 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + notifiarr: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: notifiarr + image: golift/notifiarr + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + volumes: + - ./volumes/notifiarr_config/:/config/ + labels: + traefik.http.routers.notifiarr.middlewares: authelia@file + recyclarr: + extends: + file: ../compose.base.yaml + service: base-service + container_name: recyclarr + image: ghcr.io/recyclarr/recyclarr + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + networks: + - reverse-proxy #Hack to get access to the right containers + volumes: + - ./volumes/recyclarr_config/:/config/ +networks: + reverse-proxy: + external: true diff --git a/notifiarr/docker-compose.yml b/notifiarr/docker-compose.yml deleted file mode 100644 index 545f6dd..0000000 --- a/notifiarr/docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: notifiarr - -services: - notifiarr: - hostname: notifiarr - image: golift/notifiarr - environment: - PUID: ${NASCOMPOSE_UID?} - PGID: ${NASCOMPOSE_GID?} - networks: - - reverse-proxy - volumes: - - ${NASCOMPOSE_SERVICES?}/notifiarr/volumes/notifiarr_config/:/config/ - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.routers.notifiarr.middlewares: authelia@file - - recyclarr: - hostname: recyclarr - image: ghcr.io/recyclarr/recyclarr - user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} - networks: - - reverse-proxy - volumes: - - ${NASCOMPOSE_SERVICES?}/notifiarr/volumes/recyclarr_config/:/config/ - restart: unless-stopped - -networks: - reverse-proxy: - external: true diff --git a/notifiarr/volumes/notifiarr_config/.gitkeep b/notifiarr/volumes/notifiarr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/notifiarr/volumes/recyclarr_config/.gitkeep b/notifiarr/volumes/recyclarr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/photo-collector/compose.yaml b/photo-collector/compose.yaml new file mode 100644 index 0000000..4e30a5b --- /dev/null +++ b/photo-collector/compose.yaml @@ -0,0 +1,82 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + immich: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: immich + image: ghcr.io/immich-app/immich-server:release + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + networks: + - smtp-server + - default + depends_on: + - immich_redis + - immich_postgres + environment: + DB_USERNAME: postgres + DB_PASSWORD: postgres + DB_DATABASE_NAME: immich + volumes: + - ${NASCOMPOSE_DATA?}/media/photos/:/usr/src/app/upload/ + labels: + traefik.http.routers.immich.middlewares: authelia@file + immich-machine-learning: + extends: + file: ../compose.base.yaml + service: base-service + hostname: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:release + volumes: + - ./volumes/immich_ml_cache/:/cache/ + immich_redis: + extends: + file: ../compose.base.yaml + service: base-service + hostname: redis + image: redis:6.2-alpine + healthcheck: + test: redis-cli ping || exit 1 + immich_postgres: + extends: + file: ../compose.base.yaml + service: base-service + hostname: database + image: tensorchord/pgvecto-rs:pg14-v0.2.0 + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_DB: immich + POSTGRES_INITDB_ARGS: --data-checksums + volumes: + - ./volumes/immich_postgres_data/:/var/lib/postgresql/data/ + healthcheck: + test: pg_isready --dbname='immich' --username='postgres' || exit 1; + Chksum="$$(psql --dbname='immich' --username='postgres' --tuples-only + --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM + pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ + "$$Chksum" = '0' ] || exit 1 + interval: 5m + #start_interval: 30s + start_period: 5m + command: + - postgres + - -c + - shared_preload_libraries=vectors.so + - -c + - search_path="$$user", public, vectors + - -c + - logging_collector=on + - -c + - max_wal_size=2GB + - -c + - shared_buffers=512MB + - -c + - wal_compression=on +networks: + reverse-proxy: + external: true + smtp-server: + external: true diff --git a/photo-collector/docker-compose.yml b/photo-collector/docker-compose.yml deleted file mode 100644 index 5cca69c..0000000 --- a/photo-collector/docker-compose.yml +++ /dev/null @@ -1,59 +0,0 @@ -version: "3.8" -services: - immich: - hostname: immich - image: ghcr.io/immich-app/immich-server:release - user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} - networks: - - reverse-proxy - - default - depends_on: - - immich_redis - - immich_postgres - environment: - DB_USERNAME: postgres - DB_PASSWORD: postgres - DB_DATABASE_NAME: immich - volumes: - - ${NASCOMPOSE_DATA?}/media/photos/:/usr/src/app/upload/ - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.routers.immich.middlewares: authelia@file - - immich-machine-learning: - hostname: immich-machine-learning - image: ghcr.io/immich-app/immich-machine-learning:release - volumes: - - ${NASCOMPOSE_SERVICES?}/photo-collector/volumes/immich_ml_cache/:/cache/ - restart: unless-stopped - - immich_redis: - hostname: redis - image: redis:6.2-alpine - healthcheck: - test: redis-cli ping || exit 1 - restart: unless-stopped - - immich_postgres: - hostname: database - image: tensorchord/pgvecto-rs:pg14-v0.2.0 - user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - POSTGRES_DB: immich - POSTGRES_INITDB_ARGS: --data-checksums - volumes: - - ${NASCOMPOSE_SERVICES?}/photo-collector/volumes/immich_postgres_data/:/var/lib/postgresql/data/ - healthcheck: - test: pg_isready --dbname='immich' --username='postgres' || exit 1; Chksum="$$(psql --dbname='immich' --username='postgres' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1 - interval: 5m - start_interval: 30s - start_period: 5m - command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"] - restart: unless-stopped - -networks: - reverse-proxy: - external: true diff --git a/photo-collector/volumes/immich_ml_cache/.gitkeep b/photo-collector/volumes/immich_ml_cache/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/photo-collector/volumes/immich_postgres_data/.gitkeep b/photo-collector/volumes/immich_postgres_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/recipe-collector/compose.yaml b/recipe-collector/compose.yaml new file mode 100644 index 0000000..1df5fe8 --- /dev/null +++ b/recipe-collector/compose.yaml @@ -0,0 +1,16 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + mealie: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: mealie + image: ghcr.io/mealie-recipes/mealie + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + env_file: ./config/mealie.env + volumes: + - ./volumes/mealie_data/:/app/data/ +networks: + reverse-proxy: + external: true diff --git a/recipe-collector/docker-compose.yml b/recipe-collector/docker-compose.yml deleted file mode 100644 index 70b8c79..0000000 --- a/recipe-collector/docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: recipe-collector - -services: - mealie: - hostname: mealie - image: ghcr.io/mealie-recipes/mealie - networks: - - reverse-proxy - environment: - PUID: ${NASCOMPOSE_UID?} - PGID: ${NASCOMPOSE_GID?} - volumes: - - ${NASCOMPOSE_SERVICES?}/recipe-collector/volumes/mealie_data/:/app/data/ - restart: unless-stopped - labels: - traefik.enable: true - # Embedded authentication - # traefik.http.routers.mealie.middlewares: authelia@file - -networks: - reverse-proxy: - external: true diff --git a/recipe-collector/volumes/mealie_data/.gitkeep b/recipe-collector/volumes/mealie_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/reverse-proxy/docker-compose.macvlan.yml b/reverse-proxy/compose.macvlan.yaml similarity index 71% rename from reverse-proxy/docker-compose.macvlan.yml rename to reverse-proxy/compose.macvlan.yaml index b4ee598..f06d682 100644 --- a/reverse-proxy/docker-compose.macvlan.yml +++ b/reverse-proxy/compose.macvlan.yaml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + services: traefik: environment: diff --git a/reverse-proxy/docker-compose.yml b/reverse-proxy/compose.yaml similarity index 57% rename from reverse-proxy/docker-compose.yml rename to reverse-proxy/compose.yaml index d892424..006fb96 100644 --- a/reverse-proxy/docker-compose.yml +++ b/reverse-proxy/compose.yaml @@ -1,33 +1,40 @@ -name: reverse-proxy +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: traefik: - hostname: traefik + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: traefik image: traefik # TODO: Run as non root user #user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} environment: NASCOMPOSE_DOMAIN: ${NASCOMPOSE_DOMAIN?} - CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_token TRAEFIK_CERTIFICATESRESOLVERS_DEFAULTRESOLVER_ACME_EMAIL: admin@${NASCOMPOSE_DOMAIN?} - TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_DOMAINS_0_MAIN: '*.${NASCOMPOSE_DOMAIN?}' - LEGO_DISABLE_CNAME_SUPPORT: true - networks: - - reverse-proxy volumes: - /var/run/docker.sock:/var/run/docker.sock - - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_acme/:/etc/traefik/acme/ - - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/ - # Config - - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml:/etc/traefik/traefik.yml:ro - - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic:/etc/traefik/dynamic:ro - # Secrets - - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/cf_dns_token:/run/secrets/cf_dns_token:ro - restart: unless-stopped + - ./volumes/traefik_acme/:/etc/traefik/acme/ + - ./volumes/traefik_logs/:/var/log/traefik/ + - ./configs/traefik.yml:/etc/traefik/traefik.yml:ro + - ./configs/dynamic:/etc/traefik/dynamic:ro + - ./secrets/cf_dns_token:/run/secrets/cf_dns_token:ro labels: - traefik.enable: true traefik.http.routers.traefik.service: api@internal traefik.http.routers.traefik.middlewares: authelia@file + traefik.http.services.traefik.loadbalancer.server.port: 8081 + endlessh: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: endlessh + image: lscr.io/linuxserver/endlessh + environment: + PUID: ${NASCOMPOSE_UID?} + PGID: ${NASCOMPOSE_GID?} + labels: + traefik.tcp.routers.endlessh.entryPoints: ssh-tarpit + traefik.tcp.routers.endlessh.rule: HostSNI(`*`) # crowdsec: # hostname: crowdsec # image: crowdsecurity/crowdsec diff --git a/reverse-proxy/configs/dynamic/authelia.yml b/reverse-proxy/configs/dynamic/authelia.yml index 56049ab..7d9615d 100644 --- a/reverse-proxy/configs/dynamic/authelia.yml +++ b/reverse-proxy/configs/dynamic/authelia.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json + http: middlewares: authelia: diff --git a/reverse-proxy/configs/dynamic/compress.yml b/reverse-proxy/configs/dynamic/compress.yml index 145c0ec..c2dfc3b 100644 --- a/reverse-proxy/configs/dynamic/compress.yml +++ b/reverse-proxy/configs/dynamic/compress.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json + http: middlewares: compress: diff --git a/reverse-proxy/configs/dynamic/hsts.yml b/reverse-proxy/configs/dynamic/hsts.yml index 27e3bd8..4fc4dbc 100644 --- a/reverse-proxy/configs/dynamic/hsts.yml +++ b/reverse-proxy/configs/dynamic/hsts.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json + http: middlewares: hsts: diff --git a/reverse-proxy/configs/dynamic/portainer.yml b/reverse-proxy/configs/dynamic/portainer.yml deleted file mode 100644 index 8d84261..0000000 --- a/reverse-proxy/configs/dynamic/portainer.yml +++ /dev/null @@ -1,11 +0,0 @@ -http: - #TODO: Convert to inline configuration for portainer - routers: - portainer: - rule: 'Host(`portainer.{{ env `NASCOMPOSE_DOMAIN` }}`)' - service: portainer@file - services: - portainer: - loadBalancer: - servers: - - url: https://{{ env `NASCOMPOSE_MACVLAN_PORTAINER_IP` }}:9443/ diff --git a/reverse-proxy/configs/dynamic/synology.yml b/reverse-proxy/configs/dynamic/synology.yml index 4d1bd46..f4ecff8 100644 --- a/reverse-proxy/configs/dynamic/synology.yml +++ b/reverse-proxy/configs/dynamic/synology.yml @@ -1,7 +1,9 @@ +# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json + http: routers: synology: - rule: 'Host(`synology.{{ env `NASCOMPOSE_DOMAIN` }}`)' + rule: "Host(`synology.{{ env `NASCOMPOSE_DOMAIN` }}`)" service: synology@file services: synology: diff --git a/reverse-proxy/configs/traefik.yml b/reverse-proxy/configs/traefik.yml index 6c4fbf6..041d4da 100644 --- a/reverse-proxy/configs/traefik.yml +++ b/reverse-proxy/configs/traefik.yml @@ -1,3 +1,5 @@ +# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2.json + providers: docker: exposedByDefault: false @@ -44,7 +46,7 @@ entryPoints: to: websecure scheme: https permanent: true - websecure: + websecure: address: :8443 asDefault: true http: @@ -59,6 +61,10 @@ entryPoints: address: :8022 ssh-tarpit: address: :8222 + transport: + respondingTimeouts: + readTimeout: 0 + idleTimeout: 0 metrics: address: :9982 traefik: diff --git a/reverse-proxy/secrets/.gitkeep b/reverse-proxy/secrets/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/reverse-proxy/volumes/traefik_acme/.gitkeep b/reverse-proxy/volumes/traefik_acme/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/reverse-proxy/volumes/traefik_logs b/reverse-proxy/volumes/traefik_logs new file mode 120000 index 0000000..3cb6a96 --- /dev/null +++ b/reverse-proxy/volumes/traefik_logs @@ -0,0 +1 @@ +../../monitoring/volumes/promtail_logs/traefik \ No newline at end of file diff --git a/ssh-protection/docker-compose.yml b/ssh-protection/docker-compose.yml deleted file mode 100644 index c2d83c0..0000000 --- a/ssh-protection/docker-compose.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: ssh-protection - -services: - endlessh: - hostname: endlessh - image: lscr.io/linuxserver/endlessh - environment: - PUID: ${NASCOMPOSE_UID?} - PGID: ${NASCOMPOSE_GID?} - networks: - - reverse-proxy - restart: unless-stopped - labels: - traefik.enable: true - traefik.tcp.routers.endlessh.entryPoints: ssh - traefik.tcp.routers.endlessh.rule: HostSNI(`*`) - traefik.tcp.services.endlessh.loadbalancer.server.port: 2222 - -networks: - reverse-proxy: - external: true diff --git a/subtitle-collector/docker-compose.yml b/subtitle-collector/compose.yaml similarity index 65% rename from subtitle-collector/docker-compose.yml rename to subtitle-collector/compose.yaml index 34388c5..cfcc2be 100644 --- a/subtitle-collector/docker-compose.yml +++ b/subtitle-collector/compose.yaml @@ -1,25 +1,24 @@ -name: subtitle-collector +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: bazarr: - hostname: bazarr + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: bazarr image: lscr.io/linuxserver/bazarr environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - movie-collector - tv-collector volumes: - - ${NASCOMPOSE_SERVICES?}/subtitle-collector/volumes/bazarr_config/:/config/ + - ./volumes/bazarr_config/:/config/ - ${NASCOMPOSE_DATA?}/media/movies/:/data/media/movies/ - ${NASCOMPOSE_DATA?}/media/tv/:/data/media/tv/ - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.bazarr.middlewares: authelia@file - networks: reverse-proxy: external: true diff --git a/subtitle-collector/volumes/bazarr_config/.gitkeep b/subtitle-collector/volumes/bazarr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/torrents/compose.yaml b/torrents/compose.yaml new file mode 100644 index 0000000..838ee31 --- /dev/null +++ b/torrents/compose.yaml @@ -0,0 +1,116 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +x-qbittorrent: &a1 + extends: + file: ../compose.base.yaml + service: exposed-service + image: hotio/qbittorrent + environment: + PUID: ${NASCOMPOSE_UID?} + PGID: ${NASCOMPOSE_GID?} + VPN_ENABLED: true + VPN_CONF: wg0-fix + VPN_PROVIDER: ${TORRENT_VPN?} + VPN_LAN_NETWORK: 192.168.0.0/23 + VPN_AUTO_PORT_FORWARD: true + VPN_KEEP_LOCAL_DNS: true + VPN_FIREWALL_TYPE: legacy + cap_add: + - NET_ADMIN + sysctls: + net.ipv4.conf.all.src_valid_mark: 1 + networks: + - torrents + dns: + - 1.1.1.1 + - 1.0.0.1 +x-qbitmanage: &a2 + extends: + file: ../compose.base.yaml + service: base-service + image: bobokun/qbit_manage + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + environment: + QBT_SCHEDULE: 30 + QBT_WIDTH: 170 + networks: + - torrents +services: + qbittorrent: + <<: *a1 + container_name: qbittorrent + volumes: + - ./volumes/qbittorrent_config/:/config/ + - ${NASCOMPOSE_DATA?}/torrents/:/data/torrents/ + - ./config/99-cron-start:/etc/cont-init.d/99-cron-start:ro + - ./config/updateMaMIP:/etc/periodic/hourly/updateMaMIP:ro + - ./secrets/wg0.conf:/config/wireguard/wg0-fix.conf:ro + labels: + traefik.http.routers.qbittorrent.middlewares: authelia@file + qbitmanage: + <<: *a2 + container_name: qbitmanage + volumes: + - ./volumes/qbitmanage_config/:/config/ + - ./volumes/qbittorrent_config/data/BT_backup/:/torrents/:ro + - ${NASCOMPOSE_DATA?}/torrents/:/data/torrents/ + cross-seed: + extends: + file: ../compose.base.yaml + service: base-service + container_name: cross-seed + image: crossseed/cross-seed:master + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + networks: + - torrents + #- indexer + dns: + - 1.1.1.1 + - 1.0.0.1 + volumes: + - ./volumes/cross-seed_config/:/config/ + - ./volumes/qbittorrent_config/data/BT_backup/:/torrents/:ro + - ${NASCOMPOSE_DATA?}/:/data/ + command: daemon + unpackerr: + extends: + file: ../compose.base.yaml + service: base-service + container_name: unpackerr + image: golift/unpackerr + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + networks: + - torrents + volumes: + - ./volumes/unpackerr_config/:/etc/unpackerr/ + - ${NASCOMPOSE_DATA?}/torrents/completed/:/data/torrents/completed/ + qbittorrent-seeding: + <<: *a1 + container_name: qbittorrent-seeding + profiles: + - torrents-seeding + volumes: + - ./volumes/qbittorrent-seeding_config/:/config/ + - ${NASCOMPOSE_DATA?}/torrents-seeding/:/data/torrents/ + - ./config/99-cron-start:/etc/cont-init.d/99-cron-start:ro + - ./config/updateMaMIP:/etc/periodic/hourly/updateMaMIP:ro + - ./secrets/wg0-seeding.conf:/config/wireguard/wg0-fix.conf:ro + labels: + traefik.http.routers.qbittorrent-seeding.middlewares: authelia@file + qbitmanage-seeding: + <<: *a2 + container_name: qbitmanage-seeding + profiles: + - torrents-seeding + volumes: + - ./volumes/qbitmanage-seeding_config/:/config/ + - ./volumes/qbittorrent-seeding_config/data/BT_backup/:/torrents/:ro + - ${NASCOMPOSE_DATA?}/torrents-seeding/:/data/torrents/ +networks: + torrents: + name: torrents + reverse-proxy: + external: true + +# indexer: +# external: true diff --git a/torrents/config/98-gateway-setup b/torrents/config/98-gateway-setup deleted file mode 100755 index 0452b67..0000000 --- a/torrents/config/98-gateway-setup +++ /dev/null @@ -1,11 +0,0 @@ -#!/command/with-contenv bash -echo "Allow DNS resolution locally" -iptables -A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT -iptables -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT - -echo "Allow docker networks to connect" -docker_cirds=$(ip -o -4 route show proto kernel | awk '{print $1}') -for cidr in $docker_cirds; do - iptables -A INPUT -s "${cidr}" -d "${cidr}" -j ACCEPT - iptables -A OUTPUT -s "${cidr}" -d "${cidr}" -j ACCEPT -done diff --git a/torrents/config/99-cron-start b/torrents/config/99-cron-start index 0314602..fa8d4c9 100755 --- a/torrents/config/99-cron-start +++ b/torrents/config/99-cron-start @@ -1,4 +1,3 @@ #!/command/with-contenv bash -(crontab -l ; echo "* * * * * run-parts /etc/periodic/1min") | sort - | uniq - | crontab - crond diff --git a/torrents/docker-compose.yml b/torrents/docker-compose.yml deleted file mode 100644 index daffc2b..0000000 --- a/torrents/docker-compose.yml +++ /dev/null @@ -1,102 +0,0 @@ -name: torrents${TORRENT_SUFFIX?TORRENT_SUFFIX variable required} - -services: - qbittorrent: - # Set hostname to "SERVICE-main" if not suffix is provided. This avoids collisions with other instances using the service name as hostname (default on compose) - hostname: qbittorrent${TORRENT_SUFFIX:--main} - image: hotio/qbittorrent - environment: - PUID: ${NASCOMPOSE_UID?} - PGID: ${NASCOMPOSE_GID?} - VPN_ENABLED: true - VPN_CONF: wg0-fix - VPN_PROVIDER: ${TORRENT_VPN?} - VPN_LAN_NETWORK: 192.168.0.0/23 - VPN_AUTO_PORT_FORWARD: true - VPN_KEEP_LOCAL_DNS: true - VPN_FIREWALL_TYPE: legacy - cap_add: - - NET_ADMIN - sysctls: - net.ipv4.conf.all.src_valid_mark: 1 - networks: - - reverse-proxy - - torrents - dns: - - 1.1.1.1 - - 1.0.0.1 - volumes: - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/volumes/qbittorrent_config/:/config/ - - ${NASCOMPOSE_DATA?}/torrents${TORRENT_SUFFIX?}/:/data/torrents/ - # Configuration - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/config/98-gateway-setup:/etc/cont-init.d/98-gateway-setup:ro - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/config/99-cron-start:/etc/cont-init.d/99-cron-start:ro - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/config/updateMaMIP:/etc/periodic/hourly/updateMaMIP:ro - # Secrets - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/secrets/wg0.conf:/config/wireguard/wg0-fix.conf:ro - restart: unless-stopped - labels: - - traefik.enable=true - - traefik.http.routers.qbittorrent${TORRENT_SUFFIX?}.rule=Host(`qbittorrent${TORRENT_SUFFIX?}.${NASCOMPOSE_DOMAIN?}`) - - traefik.http.routers.qbittorrent${TORRENT_SUFFIX?}.middlewares=authelia@file - # API access for nzb360 - - traefik.http.routers.qbittorrent${TORRENT_SUFFIX?}-api.rule=Host(`qbittorrent${TORRENT_SUFFIX?}-api.${NASCOMPOSE_DOMAIN?}`) - - traefik.http.routers.qbittorrent${TORRENT_SUFFIX?}-api.middlewares=authelia-basic@file - - cross-seed: - # Set hostname to "SERVICE-main" if not suffix is provided. This avoids collisions with other instances using the service name as hostname (default on compose) - hostname: cross-seed${TORRENT_SUFFIX:--main} - image: crossseed/cross-seed:master - profiles: [ "torrents${TORRENT_SUFFIX?}-xseed" ] - user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} - networks: - - torrents - #- indexer - dns: - - 1.1.1.1 - - 1.0.0.1 - volumes: - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/volumes/cross-seed_config/:/config/ - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/volumes/qbittorrent_config/data/BT_backup/:/torrents/:ro - - ${NASCOMPOSE_DATA?}/:/data/ - command: daemon - restart: unless-stopped - - qbitmanage: - # Set hostname to "SERVICE-main" if not suffix is provided. This avoids collisions with other instances using the service name as hostname (default on compose) - hostname: qbitmanage${TORRENT_SUFFIX:--main} - image: bobokun/qbit_manage - user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} - environment: - QBT_SCHEDULE: 30 - QBT_WIDTH: 170 - networks: - - torrents - volumes: - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/volumes/qbitmanage_config/:/config/ - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/volumes/qbittorrent_config/data/BT_backup/:/torrents/:ro - - ${NASCOMPOSE_DATA?}/torrents${TORRENT_SUFFIX?}/:/data/torrents/ - restart: unless-stopped - - unpackerr: - # Set hostname to "SERVICE-main" if not suffix is provided. This avoids collisions with other instances using the service name as hostname (default on compose) - hostname: unpackerr{TORRENT_SUFFIX:--main} - image: golift/unpackerr - profiles: [ "torrents${TORRENT_SUFFIX?}-unpackerr" ] - user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} - networks: - - torrents - volumes: - - ${NASCOMPOSE_SERVICES?}/torrents${TORRENT_SUFFIX?}/volumes/unpackerr_config/:/etc/unpackerr/ - - ${NASCOMPOSE_DATA?}/torrents${TORRENT_SUFFIX?}/completed/:/data/torrents/completed/ - restart: unless-stopped - -networks: - torrents: - name: torrents${TORRENT_SUFFIX?} - - reverse-proxy: - external: true - -# indexer: -# external: true diff --git a/torrents/secrets/.gitkeep b/torrents/secrets/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/torrents/volumes/cross-seed_config/.gitkeep b/torrents/volumes/cross-seed_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/torrents/volumes/qbitmanage-seeding_config/.gitkeep b/torrents/volumes/qbitmanage-seeding_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/torrents/volumes/qbitmanage_config/.gitkeep b/torrents/volumes/qbitmanage_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/torrents/volumes/qbittorrent-seeding_config/.gitkeep b/torrents/volumes/qbittorrent-seeding_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/torrents/volumes/qbittorrent_config/.gitkeep b/torrents/volumes/qbittorrent_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/torrents/volumes/unpackerr_config/.gitkeep b/torrents/volumes/unpackerr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tv-collector/docker-compose.yml b/tv-collector/compose.yaml similarity index 65% rename from tv-collector/docker-compose.yml rename to tv-collector/compose.yaml index bb8b4d2..0c17863 100644 --- a/tv-collector/docker-compose.yml +++ b/tv-collector/compose.yaml @@ -1,23 +1,25 @@ -name: tv-collector +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + services: sonarr: - hostname: sonarr + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: sonarr image: lscr.io/linuxserver/sonarr environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - tv-collector - torrents - usenet volumes: - - ${NASCOMPOSE_SERVICES?}/tv-collector/volumes/sonarr_config/:/config/ + - ./volumes/sonarr_config/:/config/ - ${NASCOMPOSE_DATA?}/:/data/ - restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.sonarr.middlewares: authelia@file + networks: tv-collector: name: tv-collector diff --git a/tv-collector/volumes/sonarr_config/.gitkeep b/tv-collector/volumes/sonarr_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/usenet/docker-compose.yml b/usenet/compose.yaml similarity index 66% rename from usenet/docker-compose.yml rename to usenet/compose.yaml index 8d4ad87..86a42f9 100644 --- a/usenet/docker-compose.yml +++ b/usenet/compose.yaml @@ -1,4 +1,4 @@ -name: usenet +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: # Always create the usenet network even if the usenet profile is disabled @@ -6,31 +6,30 @@ services: image: tianon/true networks: - usenet - sabnzbd: - hostname: sabnzbd + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: sabnzbd image: lscr.io/linuxserver/sabnzbd - profiles: [ usenet ] + profiles: + - usenet environment: PUID: ${NASCOMPOSE_UID?} PGID: ${NASCOMPOSE_GID?} networks: - - reverse-proxy - usenet dns: - 1.1.1.1 - 1.0.0.1 volumes: - - ${NASCOMPOSE_SERVICES?}/usenet/volumes/sabnzbd_config/:/config/ + - ./volumes/sabnzbd_config/:/config/ - ${NASCOMPOSE_DATA?}/usenet/:/data/usenet/ restart: unless-stopped labels: - traefik.enable: true traefik.http.routers.sabnzbd.middlewares: authelia@file - networks: usenet: name: usenet - reverse-proxy: external: true diff --git a/usenet/volumes/sabnzbd_config/.gitkeep b/usenet/volumes/sabnzbd_config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/youtube-dl/compose.yaml b/youtube-dl/compose.yaml new file mode 100644 index 0000000..91af5dc --- /dev/null +++ b/youtube-dl/compose.yaml @@ -0,0 +1,21 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json + +services: + ytdl: + extends: + file: ../compose.base.yaml + service: exposed-service + container_name: ytdl + image: alexta69/metube + user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?} + environment: + YTDL_OPTIONS_FILE: /etc/ytdl_options.json + DELETE_FILE_ON_TRASHCAN: true + volumes: + - ./config/ytdl_options.json:/etc/ytdl_options.json:ro + - ${NASCOMPOSE_DATA?}/ytdl/:/downloads/ + labels: + traefik.http.routers.ytdl.middlewares: authelia@file +networks: + reverse-proxy: + external: true diff --git a/youtube-dl/docker-compose.yml b/youtube-dl/docker-compose.yml deleted file mode 100644 index 16cf61b..0000000 --- a/youtube-dl/docker-compose.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: youtube-dl - -services: - ytdl: - hostname: ytdl - image: alexta69/metube - environment: - UID: ${NASCOMPOSE_UID?} - GID: ${NASCOMPOSE_GID?} - YTDL_OPTIONS_FILE: /etc/ytdl_options.json - DELETE_FILE_ON_TRASHCAN: true - networks: - - reverse-proxy - volumes: - - ${NASCOMPOSE_SERVICES?}/youtube-dl/config/ytdl_options.json:/etc/ytdl_options.json:ro - - ${NASCOMPOSE_DATA?}/ytdl/:/downloads/ - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.routers.ytdl.middlewares: authelia@file - - mkvtoolnix: - hostname: mkvtoolnix - image: jlesage/mkvtoolnix - environment: - USER_ID: ${NASCOMPOSE_UID?} - GROUP_ID: ${NASCOMPOSE_GID?} - networks: - - reverse-proxy - volumes: - - ${NASCOMPOSE_SERVICES?}/youtube-dl/volumes/mkvtoolnix_config/:/config/ - - ${NASCOMPOSE_DATA?}/ytdl/:/storage/ - restart: unless-stopped - labels: - traefik.enable: true - traefik.http.routers.mkvtoolnix.middlewares: authelia@file - -networks: - reverse-proxy: - external: true