ThatGuyJack/networking-layout
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create docker-compose.yml

Browse Source
This commit is contained in:
Jack 2023-08-31 21:22:24 +01:00
parent c5ce51091f
commit 47fd6c7eac
1 changed files with 658 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

658
TGJ Home/docker.internal/docker-compose.yml Normal file
View File

@ -0,0 +1,658 @@
version: '3'
networks:
default:
enable_ipv6: true
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: fd00:0:0:0:2::/64
gateway: fd00:0:0:0:2::1
- subnet: 172.18.0.0/16
gateway: 172.18.0.1
services:
ipv6nat:
container_name: mainstack-ipv6nat
restart: unless-stopped
image: robbertkl/ipv6nat
privileged: true
network_mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /lib/modules:/lib/modules:ro
nginx-proxy-manager:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
container_name: mainstack-nginxproxymanager
ports:
- '80:80'
- '443:443'
- '8448:8448'
volumes:
- ./nginx-proxy-manager/data:/data
- ./nginx-proxy-manager/letsencrypt:/etc/letsencrypt
networks:
default:
ipv6_address: "fd00:0:0:0:2::2"
depends_on:
- nginx-web
nginx-web:
container_name: mainstack-nginx-web
image: tgj-nginx:latest
build: ./nginx-web/
restart: unless-stopped
volumes:
- ./nginx-web/configs/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx-web/configs/sites/:/etc/nginx/conf.d/
- ./nginx-web/certs/:/certs/
- ./nginx-web/certs/:/home/jack/SELF-SSL/
- ./nginx-web/webdir/:/var/www/
- /mnt/local-websites/:/mnt/local-websites/
- ./nginx-web/logs:/var/log/nginx/
- ./nginx-web/snippets/:/etc/nginx/snippets/
- ./nginx-web/fastcgi.conf:/etc/nginx/fastcgi.conf
- ./nginx-web/logs/:/etc/nginx/logs/
#files-share
- /mnt/files/:/var/www/Jack/files/
- /mnt/Jacks-Share/OS IMGS/:/var/www/Jack/files/OS-IMG
networks:
default:
ipv6_address: "fd00:0:0:0:2::3"
links:
- nginx-php
- mariadb
- nginx-php-cli
- nginx-redis
depends_on:
- mariadb
- nginx-php
- onlyoffice
- grafana
- vaultwarden
- nginx-php-cli
- tautulli
- overseerr
- tgj-matrix
- mastodon
- immich-server
- heimdall
- list-community
- frigate
- gitea
nginx-php:
container_name: nginx-php
image: tgj-php:8.1
build: ./nginx-web/php/
restart: unless-stopped
volumes:
- ./nginx-web/webdir:/var/www/
- /mnt/local-websites/:/mnt/local-websites/
- /mnt/files/:/var/www/Jack/files/
networks:
default:
ipv6_address: "fd00:0:0:0:2::4"
links:
- nginx-redis
nginx-php-cli:
container_name: nginx-php-cli
image: tgj-php-cli:8.1
build: ./nginx-web/php-cli/
restart: unless-stopped
entrypoint: [ "bash", "-c", "cron -f"]
volumes:
- ./nginx-web/webdir:/var/www/
- /mnt/local-websites/:/mnt/local-websites/
links:
- nginx-redis
nginx-redis:
image: redis:latest
restart: unless-stopped
container_name: nginx_redis
environment:
- ALLOW_EMPTY_PASSWORD=yes
volumes:
- ./nginx-web/redis:/data
mariadb:
image: mariadb:latest
restart: unless-stopped
container_name: mainstack-mariadb
volumes:
- ./mariadb/data:/var/lib/mysql
- ./mariadb/config:/etc/mysql
ports:
- 3306:3306
environment:
- MARIADB_AUTO_UPGRADE= true
- MARIADB_ROOT_PASSWORD=
- MARIADB_ROOT_HOST=%
#grafana Stack
grafana:
user: "1000"
image: grafana/grafana-oss:latest
container_name: mainstack-grafana
volumes:
- ./grafana/etc-grafana/:/etc/grafana/
- ./grafana/grafana_data/:/var/lib/grafana/
restart: unless-stopped
environment:
GF_RENDERING_SERVER_URL: http://mainstack-grafana-renderer:8081/render
GF_RENDERING_CALLBACK_URL: http://mainstack-grafana:3000/
GF_LOG_FILTERS: rendering:debug
GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel,grafana-worldmap-panel"
PUID: 0
PGID: 0
depends_on:
- renderer
- influxdb
- prometheus
renderer:
container_name: mainstack-grafana-renderer
image: grafana/grafana-image-renderer:latest
restart: unless-stopped
influxdb:
image: influxdb:latest
container_name: grafana-influx
restart: unless-stopped
ports:
- 8086:8086
volumes:
- ./grafana/influxdb/data/:/var/lib/influxdb2/
- ./grafana/influxdb/config/:/etc/influxdb2/
prometheus:
user: "0"
image: prom/prometheus:latest
restart: unless-stopped
container_name: grafana-prometeus
volumes:
- ./grafana/prometheus/:/etc/prometheus/
- ./grafana/prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--web.config.file=/etc/prometheus/web-config.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
- '--web.external-url=/graph/prometeus/'
#misc web
list-community:
container_name: list-community
restart: unless-stopped
image: wingysam/christmas-community
volumes:
- ./lists/data:/data
ports:
- 8982:80
environment:
SMILE: 'true'
TABLE: 'true'
SINGLE_LIST: 'false'
ROOT_PATH: '/list/'
SITE_TITLE: "TGJ lists"
LISTS_PUBLIC: "true"
BULMASWATCH: "darkly"
DEFAULT_FAILURE_REDIRECT: "/list/login"
heimdall:
image: lscr.io/linuxserver/heimdall:latest
container_name: heimdall
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- ./heimdall/config:/config
onlyoffice:
container_name: mainstack-onlyoffice
image: onlyoffice/documentserver:latest
restart: unless-stopped
environment:
- JWT_ENABLED=true
- JWT_SECRET=
volumes:
- ./onlyoffice/data:/var/www/onlyoffice/Data
- ./onlyoffice/fonts:/usr/share/fonts/truetype/custom
- ./onlyoffice/lib-data:/var/lib/onlyoffice
- ./onlyoffice/postgressql:/var/lib/postgresql
- ./onlyoffice/rabbitmq:/var/lib/rabbitmq
- ./onlyoffice/redis:/var/lib/redis
- ./onlyoffice/log:/var/log/onlyoffice
vaultwarden:
image: vaultwarden/server:latest
container_name: mainstack-vaultwarden
restart: unless-stopped
environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
- DATABASE_URL=mysql://vault:@mainstack-mariadb:3306/vault_db
- ADMIN_TOKEN=K2M3BvMPXCDkHsZ
- YUBICO_CLIENT_ID=83790
- YUBICO_SECRET_KEY=fI63/7kRNrJYXIgGdxsYgsYgsB07nA=
- VAULTWARDEN_URL=https://vault.tgj.services
volumes:
- ./vaultwarden/vw-data:/data
depends_on:
- mariadb
tgj-matrix:
image: matrixdotorg/synapse:v1.85.2
restart: unless-stopped
container_name: mainstack-matrix
volumes:
- ./matrix/tgj-matrix:/data
depends_on:
- authentik-server
synapse-admin:
container_name: matrix-synapse-admin
image: awesometechnologies/synapse-admin:latest
restart: unless-stopped
depends_on:
- tgj-matrix
element-webgui:
image: vectorim/element-web
container_name: matrix-element-webgui
restart: unless-stopped
volumes:
- ./matrix/element-webgui/config.json:/app/config.json
depends_on:
- tgj-matrix
portainer:
image: portainer/portainer-ee:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./portainer-data:/data
ports:
- 8000:8000
frigate:
container_name: frigate
# privileged: true # this may not be necessary for all setups
restart: unless-stopped
image: ghcr.io/blakeblackshear/frigate:stable
shm_size: "256mb" # update for your cameras based on calculation above
# devices:
# - /dev/bus/usb:/dev/bus/usb # passes the USB Coral, needs to be modified for other versions
# - /dev/apex_0:/dev/apex_0 # passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux
# - /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware
volumes:
- /etc/localtime:/etc/localtime:ro
- ./frigate/config.yml:/config/config.yml
- /mnt/cctv/frigate/storage:/media/frigate
- type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
target: /tmp/cache
tmpfs:
size: 500000000
ports:
- "5000:5000"
- "1935:1935"
- "8554:8554" # RTSP feeds
- "8555:8555/tcp" # WebRTC over tcp
- "8555:8555/udp" # WebRTC over udp
environment:
FRIGATE_RTSP_PASSWORD: ""
mastodon:
image: lscr.io/linuxserver/mastodon:latest
container_name: mainstack-mastodon
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- LOCAL_DOMAIN=social.tgj.services
- REDIS_HOST=nginx-redis
- REDIS_PORT=6379
- DB_HOST=mastodon-postgress
- DB_USER=mastodon
- DB_NAME=mastodon
- DB_PASS=
- DB_PORT=5432
- ES_ENABLED=false
- SECRET_KEY_BASE=
- OTP_SECRET=
- VAPID_PRIVATE_KEY=
- VAPID_PUBLIC_KEY=
- SMTP_SERVER=mail.uk.tgj.services
- SMTP_PORT=587
- SMTP_LOGIN=@tgj.services
- SMTP_PASSWORD=
- SMTP_FROM_ADDRESS=no-reply@tgj.services
- S3_ENABLED=false
- WEB_DOMAIN=social.tgj.services #optional
- OIDC_ENABLED=true
- OIDC_DISPLAY_NAME=TGJ SSO
- OIDC_DISCOVERY=true
- OIDC_ISSUER=https://auth.tgj.services/application/o/mastodon/
- OIDC_AUTH_ENDPOINT=https://auth.tgj.services/application/o/authorize/
- OIDC_SCOPE=openid,profile,email
- OIDC_UID_FIELD=preferred_username
- OIDC_CLIENT_ID=
- OIDC_CLIENT_SECRET=
- OIDC_REDIRECT_URI=https://social.tgj.services/auth/auth/openid_connect/callback
- OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
- OAUTH_REDIRECT_AT_SIGN_IN=true
volumes:
- ./mastodon/config:/config
depends_on:
- mastodon-postgress
mastodon-postgress:
container_name: mastodon-postgress
image: postgres:latest
restart: unless-stopped
environment:
POSTGRES_PASSWORD: SjaNDhiiLVLZkfsV
POSTGRES_DB: mastodon
POSTGRES_USER: mastodon
PGDATA: /var/lib/postgresql/data/pgdata
volumes:
- ./mastodon/postgresql:/var/lib/postgresql/data
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: unless-stopped
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "222:222"
#Media Stack
overseerr:
image: sctx/overseerr:latest
container_name: media-stack-overseerr
environment:
- LOG_LEVEL=error
- TZ=Europe/London
volumes:
- ./media-stack/overseerr/config:/app/config
restart: unless-stopped
depends_on:
- qbittorrent
- sonarr
- radarr
- prowlarr
prowlarr:
image: lscr.io/linuxserver/prowlarr:develop
container_name: media-stack-prowlarr
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- ./media-stack/prowlarr/config:/config
restart: unless-stopped
depends_on:
- qbittorrent
- flaresolverr
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: media-stack-qbittorrent
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- WEBUI_PORT=9697
volumes:
- ./media-stack/qbittorent/config:/config
- /mnt/qbit/:/mnt/qbit/
ports:
- 34432:34432
- 34432:34432/udp
tautulli:
image: ghcr.io/tautulli/tautulli
container_name: media-stack-tautulli
restart: unless-stopped
volumes:
- ./media-stack/tautulli/config:/config
environment:
- PUID=1000
- PGID=1000
- TZ=GB
sonarr:
image: lscr.io/linuxserver/sonarr
container_name: media-stack-sonarr
environment:
- PUID=0
- PGID=0
- TZ=Europe/London
volumes:
- ./media-stack/sonarr/config:/config
- /mnt/media/:/mnt/plex
- /mnt/qbit/:/mnt/qbit/
restart: unless-stopped
depends_on:
- prowlarr
radarr:
image: lscr.io/linuxserver/radarr
container_name: media-stack-radarr
environment:
- PUID=0
- PGID=0
- TZ=Europe/London
volumes:
- ./media-stack/radarr/config:/config
- /mnt/media/:/mnt/plex
- /mnt/qbit/:/mnt/qbit/
restart: unless-stopped
depends_on:
- prowlarr
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:latest
container_name: media-stack-flaresolverr
environment:
- LOG_LEVEL=${LOG_LEVEL:-info}
- LOG_HTML=${LOG_HTML:-false}
- CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
- TZ=Europe/London
restart: unless-stopped
# authentik
authentik-server:
image: ghcr.io/goauthentik/server:2023.8.1
restart: unless-stopped
container_name: mainstack-authentik
command: server
environment:
AUTHENTIK_FOOTER__LINKS: '[{"name"="TGJ - IT & Networking","href":"https://tgj.services"}]'
AUTHENTIK_REDIS__HOST: "authentik-redis"
AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql"
AUTHENTIK_POSTGRESQL__USER: "authentik"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: ""
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: "false"
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: "false"
AUTHENTIK_GDPR_COMPLIANCE: "true"
AUTHENTIK_EMAIL__FROM: "no-reply@tgj.services"
AUTHENTIK_EMAIL__USE_SSL: "true"
AUTHENTIK_EMAIL__TIMEOUT: "10"
AUTHENTIK_EMAIL__USE_TLS: "false"
AUTHENTIK_EMAIL__USERNAME: "@tgj.services"
AUTHENTIK_EMAIL__PASSWORD: ""
AUTHENTIK_EMAIL__HOST: "mail.tgj.services"
AUTHENTIK_EMAIL__PORT: "465"
AUTHENTIK_SECRET_KEY: ""
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
# WORKERS: 2
volumes:
- ./authentik/media:/media
- ./authentik/custom-templates:/templates
- ./authentik/geoip:/geoip
- ./authentik/custom.css:/web/dist/custom.css
authentik-worker:
container_name: authentik-worker
image: ghcr.io/goauthentik/server:2023.8.1
restart: unless-stopped
command: worker
environment:
AUTHENTIK_FOOTER__LINKS: '[{"name"="TGJ - IT & Networking","href":"https://tgj.services"}]'
AUTHENTIK_REDIS__HOST: "authentik-redis"
AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql"
AUTHENTIK_POSTGRESQL__USER: "authentik"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: ""
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: "false"
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: "false"
AUTHENTIK_GDPR_COMPLIANCE: "true"
AUTHENTIK_EMAIL__FROM: "no-reply@tgj.services"
AUTHENTIK_EMAIL__USE_SSL: "true"
AUTHENTIK_EMAIL__TIMEOUT: "10"
AUTHENTIK_EMAIL__USE_TLS: "false"
AUTHENTIK_EMAIL__USERNAME: "@tgj.services"
AUTHENTIK_EMAIL__PASSWORD: ""
AUTHENTIK_EMAIL__HOST: "mail.tgj.services"
AUTHENTIK_EMAIL__PORT: "465"
AUTHENTIK_SECRET_KEY: ""
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
user: root
volumes:
- ./authentik/media:/media
- ./authentik/certs:/certs
- /var/run/docker.sock:/var/run/docker.sock
- ./authentik/custom-templates:/templates
- ./authentik/geoip:/geoip
geoipupdate:
image: "maxmindinc/geoipupdate:latest"
volumes:
- "./authentik/geoip:/usr/share/GeoIP"
environment:
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
GEOIPUPDATE_FREQUENCY: "8"
GEOIPUPDATE_ACCOUNT_ID: ""
GEOIPUPDATE_LICENSE_KEY: ""
AUTHENTIK_AUTHENTIK__GEOIP: "/geoip/GeoLite2-City.mmdb"
authentik-postgresql:
image: postgres:12-alpine
restart: unless-stopped
container_name: authentik-postgresql
volumes:
- ./authentik/database:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=
- POSTGRES_USER=authentik
- POSTGRES_DB=authentik
ports:
- 5432:5432
authentik-redis:
container_name: authentik-redis
image: redis:alpine
restart: unless-stopped
volumes:
- ./authentik/redis-data:/data
#immich
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:release
entrypoint: ["/bin/sh", "./start-server.sh"]
env_file:
- immich.env
volumes:
- /mnt/local-websites/immich/upload:/usr/src/app/upload
depends_on:
- nginx-redis
- immich-database
- immich-typesense
restart: unless-stopped
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:release
entrypoint: ["/bin/sh", "./start-microservices.sh"]
env_file:
- immich.env
volumes:
- /mnt/local-websites/immich/upload:/usr/src/app/upload
depends_on:
- nginx-redis
- immich-database
- immich-typesense
restart: unless-stopped
immich-machine-learning:
container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:release
env_file:
- immich.env
volumes:
- /mnt/local-websites/immich/upload:/usr/src/app/upload
- ./immich/model-cache:/cache
restart: unless-stopped
networks:
default:
ipv4_address: "172.18.0.251"
immich-web:
container_name: immich_web
env_file:
- immich.env
image: ghcr.io/immich-app/immich-web:release
entrypoint: ["/bin/sh", "./entrypoint.sh"]
restart: unless-stopped
immich-typesense:
container_name: typesense
# image: typesense/typesense:0.24.0
env_file:
- immich.env
environment:
- TYPESENSE_DATA_DIR=/data
logging:
driver: none
volumes:
- ./immich/tsdata:/data
restart: unless-stopped
networks:
default:
ipv4_address: "172.18.0.250"
immich-database:
container_name: immich_database
image: postgres:14
env_file:
- immich.env
environment:
PG_DATA: /var/lib/postgresql/data
volumes:
- ./immich/pgdata:/var/lib/postgresql/data
restart: unless-stopped