diff --git a/TGJ Home/docker.internal/docker-compose.yml b/TGJ Home/docker.internal/docker-compose.yml new file mode 100644 index 0000000..6f6a330 --- /dev/null +++ b/TGJ Home/docker.internal/docker-compose.yml @@ -0,0 +1,658 @@ +version: '3' +networks: + default: + enable_ipv6: true + driver: bridge + driver_opts: + com.docker.network.enable_ipv6: "true" + ipam: + driver: default + config: + - subnet: fd00:0:0:0:2::/64 + gateway: fd00:0:0:0:2::1 + - subnet: 172.18.0.0/16 + gateway: 172.18.0.1 +services: + ipv6nat: + container_name: mainstack-ipv6nat + restart: unless-stopped + image: robbertkl/ipv6nat + privileged: true + network_mode: host + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /lib/modules:/lib/modules:ro + + nginx-proxy-manager: + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + container_name: mainstack-nginxproxymanager + ports: + - '80:80' + - '443:443' + - '8448:8448' + volumes: + - ./nginx-proxy-manager/data:/data + - ./nginx-proxy-manager/letsencrypt:/etc/letsencrypt + networks: + default: + ipv6_address: "fd00:0:0:0:2::2" + depends_on: + - nginx-web + + nginx-web: + container_name: mainstack-nginx-web + image: tgj-nginx:latest + build: ./nginx-web/ + restart: unless-stopped + volumes: + - ./nginx-web/configs/nginx.conf:/etc/nginx/nginx.conf:ro + - ./nginx-web/configs/sites/:/etc/nginx/conf.d/ + - ./nginx-web/certs/:/certs/ + - ./nginx-web/certs/:/home/jack/SELF-SSL/ + - ./nginx-web/webdir/:/var/www/ + - /mnt/local-websites/:/mnt/local-websites/ + - ./nginx-web/logs:/var/log/nginx/ + - ./nginx-web/snippets/:/etc/nginx/snippets/ + - ./nginx-web/fastcgi.conf:/etc/nginx/fastcgi.conf + - ./nginx-web/logs/:/etc/nginx/logs/ + #files-share + - /mnt/files/:/var/www/Jack/files/ + - /mnt/Jacks-Share/OS IMGS/:/var/www/Jack/files/OS-IMG + networks: + default: + ipv6_address: "fd00:0:0:0:2::3" + links: + - nginx-php + - mariadb + - nginx-php-cli + - nginx-redis + depends_on: + - mariadb + - nginx-php + - onlyoffice + - grafana + - vaultwarden + - nginx-php-cli + - tautulli + - overseerr + - tgj-matrix + - mastodon + - immich-server + - heimdall + - list-community + - frigate + - gitea + + nginx-php: + container_name: nginx-php + image: tgj-php:8.1 + build: ./nginx-web/php/ + restart: unless-stopped + volumes: + - ./nginx-web/webdir:/var/www/ + - /mnt/local-websites/:/mnt/local-websites/ + - /mnt/files/:/var/www/Jack/files/ + networks: + default: + ipv6_address: "fd00:0:0:0:2::4" + links: + - nginx-redis + + nginx-php-cli: + container_name: nginx-php-cli + image: tgj-php-cli:8.1 + build: ./nginx-web/php-cli/ + restart: unless-stopped + entrypoint: [ "bash", "-c", "cron -f"] + volumes: + - ./nginx-web/webdir:/var/www/ + - /mnt/local-websites/:/mnt/local-websites/ + links: + - nginx-redis + + nginx-redis: + image: redis:latest + restart: unless-stopped + container_name: nginx_redis + environment: + - ALLOW_EMPTY_PASSWORD=yes + volumes: + - ./nginx-web/redis:/data + + mariadb: + image: mariadb:latest + restart: unless-stopped + container_name: mainstack-mariadb + volumes: + - ./mariadb/data:/var/lib/mysql + - ./mariadb/config:/etc/mysql + ports: + - 3306:3306 + environment: + - MARIADB_AUTO_UPGRADE= true + - MARIADB_ROOT_PASSWORD= + - MARIADB_ROOT_HOST=% + +#grafana Stack + grafana: + user: "1000" + image: grafana/grafana-oss:latest + container_name: mainstack-grafana + volumes: + - ./grafana/etc-grafana/:/etc/grafana/ + - ./grafana/grafana_data/:/var/lib/grafana/ + restart: unless-stopped + environment: + GF_RENDERING_SERVER_URL: http://mainstack-grafana-renderer:8081/render + GF_RENDERING_CALLBACK_URL: http://mainstack-grafana:3000/ + GF_LOG_FILTERS: rendering:debug + GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel,grafana-worldmap-panel" + PUID: 0 + PGID: 0 + depends_on: + - renderer + - influxdb + - prometheus + + renderer: + container_name: mainstack-grafana-renderer + image: grafana/grafana-image-renderer:latest + restart: unless-stopped + + influxdb: + image: influxdb:latest + container_name: grafana-influx + restart: unless-stopped + ports: + - 8086:8086 + volumes: + - ./grafana/influxdb/data/:/var/lib/influxdb2/ + - ./grafana/influxdb/config/:/etc/influxdb2/ + + prometheus: + user: "0" + image: prom/prometheus:latest + restart: unless-stopped + container_name: grafana-prometeus + volumes: + - ./grafana/prometheus/:/etc/prometheus/ + - ./grafana/prometheus_data:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--web.config.file=/etc/prometheus/web-config.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/usr/share/prometheus/console_libraries' + - '--web.console.templates=/usr/share/prometheus/consoles' + - '--web.external-url=/graph/prometeus/' + +#misc web + list-community: + container_name: list-community + restart: unless-stopped + image: wingysam/christmas-community + volumes: + - ./lists/data:/data + ports: + - 8982:80 + environment: + SMILE: 'true' + TABLE: 'true' + SINGLE_LIST: 'false' + ROOT_PATH: '/list/' + SITE_TITLE: "TGJ lists" + LISTS_PUBLIC: "true" + BULMASWATCH: "darkly" + DEFAULT_FAILURE_REDIRECT: "/list/login" + + heimdall: + image: lscr.io/linuxserver/heimdall:latest + container_name: heimdall + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./heimdall/config:/config + + onlyoffice: + container_name: mainstack-onlyoffice + image: onlyoffice/documentserver:latest + restart: unless-stopped + environment: + - JWT_ENABLED=true + - JWT_SECRET= + volumes: + - ./onlyoffice/data:/var/www/onlyoffice/Data + - ./onlyoffice/fonts:/usr/share/fonts/truetype/custom + - ./onlyoffice/lib-data:/var/lib/onlyoffice + - ./onlyoffice/postgressql:/var/lib/postgresql + - ./onlyoffice/rabbitmq:/var/lib/rabbitmq + - ./onlyoffice/redis:/var/lib/redis + - ./onlyoffice/log:/var/log/onlyoffice + + vaultwarden: + image: vaultwarden/server:latest + container_name: mainstack-vaultwarden + restart: unless-stopped + environment: + - WEBSOCKET_ENABLED=true # Enable WebSocket notifications. + - DATABASE_URL=mysql://vault:@mainstack-mariadb:3306/vault_db + - ADMIN_TOKEN=K2M3BvMPXCDkHsZ + - YUBICO_CLIENT_ID=83790 + - YUBICO_SECRET_KEY=fI63/7kRNrJYXIgGdxsYgsYgsB07nA= + - VAULTWARDEN_URL=https://vault.tgj.services + volumes: + - ./vaultwarden/vw-data:/data + depends_on: + - mariadb + + tgj-matrix: + image: matrixdotorg/synapse:v1.85.2 + restart: unless-stopped + container_name: mainstack-matrix + volumes: + - ./matrix/tgj-matrix:/data + depends_on: + - authentik-server + + synapse-admin: + container_name: matrix-synapse-admin + image: awesometechnologies/synapse-admin:latest + restart: unless-stopped + depends_on: + - tgj-matrix + + element-webgui: + image: vectorim/element-web + container_name: matrix-element-webgui + restart: unless-stopped + volumes: + - ./matrix/element-webgui/config.json:/app/config.json + depends_on: + - tgj-matrix + + portainer: + image: portainer/portainer-ee:latest + container_name: portainer + restart: unless-stopped + security_opt: + - no-new-privileges:true + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./portainer-data:/data + ports: + - 8000:8000 + + frigate: + container_name: frigate +# privileged: true # this may not be necessary for all setups + restart: unless-stopped + image: ghcr.io/blakeblackshear/frigate:stable + shm_size: "256mb" # update for your cameras based on calculation above +# devices: +# - /dev/bus/usb:/dev/bus/usb # passes the USB Coral, needs to be modified for other versions +# - /dev/apex_0:/dev/apex_0 # passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux +# - /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware + volumes: + - /etc/localtime:/etc/localtime:ro + - ./frigate/config.yml:/config/config.yml + - /mnt/cctv/frigate/storage:/media/frigate + - type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear + target: /tmp/cache + tmpfs: + size: 500000000 + ports: + - "5000:5000" + - "1935:1935" + - "8554:8554" # RTSP feeds + - "8555:8555/tcp" # WebRTC over tcp + - "8555:8555/udp" # WebRTC over udp + environment: + FRIGATE_RTSP_PASSWORD: "" + + mastodon: + image: lscr.io/linuxserver/mastodon:latest + container_name: mainstack-mastodon + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - LOCAL_DOMAIN=social.tgj.services + - REDIS_HOST=nginx-redis + - REDIS_PORT=6379 + - DB_HOST=mastodon-postgress + - DB_USER=mastodon + - DB_NAME=mastodon + - DB_PASS= + - DB_PORT=5432 + - ES_ENABLED=false + - SECRET_KEY_BASE= + - OTP_SECRET= + - VAPID_PRIVATE_KEY= + - VAPID_PUBLIC_KEY= + - SMTP_SERVER=mail.uk.tgj.services + - SMTP_PORT=587 + - SMTP_LOGIN=@tgj.services + - SMTP_PASSWORD= + - SMTP_FROM_ADDRESS=no-reply@tgj.services + - S3_ENABLED=false + - WEB_DOMAIN=social.tgj.services #optional + - OIDC_ENABLED=true + - OIDC_DISPLAY_NAME=TGJ SSO + - OIDC_DISCOVERY=true + - OIDC_ISSUER=https://auth.tgj.services/application/o/mastodon/ + - OIDC_AUTH_ENDPOINT=https://auth.tgj.services/application/o/authorize/ + - OIDC_SCOPE=openid,profile,email + - OIDC_UID_FIELD=preferred_username + - OIDC_CLIENT_ID= + - OIDC_CLIENT_SECRET= + - OIDC_REDIRECT_URI=https://social.tgj.services/auth/auth/openid_connect/callback + - OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true + - OAUTH_REDIRECT_AT_SIGN_IN=true + volumes: + - ./mastodon/config:/config + depends_on: + - mastodon-postgress + + mastodon-postgress: + container_name: mastodon-postgress + image: postgres:latest + restart: unless-stopped + environment: + POSTGRES_PASSWORD: SjaNDhiiLVLZkfsV + POSTGRES_DB: mastodon + POSTGRES_USER: mastodon + PGDATA: /var/lib/postgresql/data/pgdata + volumes: + - ./mastodon/postgresql:/var/lib/postgresql/data + + gitea: + image: gitea/gitea:latest + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: unless-stopped + volumes: + - ./gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "222:222" + + +#Media Stack + overseerr: + image: sctx/overseerr:latest + container_name: media-stack-overseerr + environment: + - LOG_LEVEL=error + - TZ=Europe/London + volumes: + - ./media-stack/overseerr/config:/app/config + restart: unless-stopped + depends_on: + - qbittorrent + - sonarr + - radarr + - prowlarr + + prowlarr: + image: lscr.io/linuxserver/prowlarr:develop + container_name: media-stack-prowlarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/London + volumes: + - ./media-stack/prowlarr/config:/config + restart: unless-stopped + depends_on: + - qbittorrent + - flaresolverr + + qbittorrent: + image: lscr.io/linuxserver/qbittorrent:latest + container_name: media-stack-qbittorrent + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - WEBUI_PORT=9697 + volumes: + - ./media-stack/qbittorent/config:/config + - /mnt/qbit/:/mnt/qbit/ + ports: + - 34432:34432 + - 34432:34432/udp + + tautulli: + image: ghcr.io/tautulli/tautulli + container_name: media-stack-tautulli + restart: unless-stopped + volumes: + - ./media-stack/tautulli/config:/config + environment: + - PUID=1000 + - PGID=1000 + - TZ=GB + + sonarr: + image: lscr.io/linuxserver/sonarr + container_name: media-stack-sonarr + environment: + - PUID=0 + - PGID=0 + - TZ=Europe/London + volumes: + - ./media-stack/sonarr/config:/config + - /mnt/media/:/mnt/plex + - /mnt/qbit/:/mnt/qbit/ + restart: unless-stopped + depends_on: + - prowlarr + + radarr: + image: lscr.io/linuxserver/radarr + container_name: media-stack-radarr + environment: + - PUID=0 + - PGID=0 + - TZ=Europe/London + volumes: + - ./media-stack/radarr/config:/config + - /mnt/media/:/mnt/plex + - /mnt/qbit/:/mnt/qbit/ + restart: unless-stopped + depends_on: + - prowlarr + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: media-stack-flaresolverr + environment: + - LOG_LEVEL=${LOG_LEVEL:-info} + - LOG_HTML=${LOG_HTML:-false} + - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} + - TZ=Europe/London + restart: unless-stopped + +# authentik + authentik-server: + image: ghcr.io/goauthentik/server:2023.8.1 + restart: unless-stopped + container_name: mainstack-authentik + command: server + environment: + AUTHENTIK_FOOTER__LINKS: '[{"name"="TGJ - IT & Networking","href":"https://tgj.services"}]' + AUTHENTIK_REDIS__HOST: "authentik-redis" + AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql" + AUTHENTIK_POSTGRESQL__USER: "authentik" + AUTHENTIK_POSTGRESQL__NAME: "authentik" + AUTHENTIK_POSTGRESQL__PASSWORD: "" + AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: "false" + AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: "false" + AUTHENTIK_GDPR_COMPLIANCE: "true" + AUTHENTIK_EMAIL__FROM: "no-reply@tgj.services" + AUTHENTIK_EMAIL__USE_SSL: "true" + AUTHENTIK_EMAIL__TIMEOUT: "10" + AUTHENTIK_EMAIL__USE_TLS: "false" + AUTHENTIK_EMAIL__USERNAME: "@tgj.services" + AUTHENTIK_EMAIL__PASSWORD: "" + AUTHENTIK_EMAIL__HOST: "mail.tgj.services" + AUTHENTIK_EMAIL__PORT: "465" + AUTHENTIK_SECRET_KEY: "" + AUTHENTIK_ERROR_REPORTING__ENABLED: "false" + # WORKERS: 2 + volumes: + - ./authentik/media:/media + - ./authentik/custom-templates:/templates + - ./authentik/geoip:/geoip + - ./authentik/custom.css:/web/dist/custom.css + + authentik-worker: + container_name: authentik-worker + image: ghcr.io/goauthentik/server:2023.8.1 + restart: unless-stopped + command: worker + environment: + AUTHENTIK_FOOTER__LINKS: '[{"name"="TGJ - IT & Networking","href":"https://tgj.services"}]' + AUTHENTIK_REDIS__HOST: "authentik-redis" + AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql" + AUTHENTIK_POSTGRESQL__USER: "authentik" + AUTHENTIK_POSTGRESQL__NAME: "authentik" + AUTHENTIK_POSTGRESQL__PASSWORD: "" + AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: "false" + AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: "false" + AUTHENTIK_GDPR_COMPLIANCE: "true" + AUTHENTIK_EMAIL__FROM: "no-reply@tgj.services" + AUTHENTIK_EMAIL__USE_SSL: "true" + AUTHENTIK_EMAIL__TIMEOUT: "10" + AUTHENTIK_EMAIL__USE_TLS: "false" + AUTHENTIK_EMAIL__USERNAME: "@tgj.services" + AUTHENTIK_EMAIL__PASSWORD: "" + AUTHENTIK_EMAIL__HOST: "mail.tgj.services" + AUTHENTIK_EMAIL__PORT: "465" + AUTHENTIK_SECRET_KEY: "" + AUTHENTIK_ERROR_REPORTING__ENABLED: "false" + user: root + volumes: + - ./authentik/media:/media + - ./authentik/certs:/certs + - /var/run/docker.sock:/var/run/docker.sock + - ./authentik/custom-templates:/templates + - ./authentik/geoip:/geoip + + geoipupdate: + image: "maxmindinc/geoipupdate:latest" + volumes: + - "./authentik/geoip:/usr/share/GeoIP" + environment: + GEOIPUPDATE_EDITION_IDS: "GeoLite2-City" + GEOIPUPDATE_FREQUENCY: "8" + GEOIPUPDATE_ACCOUNT_ID: "" + GEOIPUPDATE_LICENSE_KEY: "" + AUTHENTIK_AUTHENTIK__GEOIP: "/geoip/GeoLite2-City.mmdb" + + authentik-postgresql: + image: postgres:12-alpine + restart: unless-stopped + container_name: authentik-postgresql + volumes: + - ./authentik/database:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD= + - POSTGRES_USER=authentik + - POSTGRES_DB=authentik + ports: + - 5432:5432 + + authentik-redis: + container_name: authentik-redis + image: redis:alpine + restart: unless-stopped + volumes: + - ./authentik/redis-data:/data + +#immich + immich-server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:release + entrypoint: ["/bin/sh", "./start-server.sh"] + env_file: + - immich.env + volumes: + - /mnt/local-websites/immich/upload:/usr/src/app/upload + depends_on: + - nginx-redis + - immich-database + - immich-typesense + restart: unless-stopped + + immich-microservices: + container_name: immich_microservices + image: ghcr.io/immich-app/immich-server:release + entrypoint: ["/bin/sh", "./start-microservices.sh"] + env_file: + - immich.env + volumes: + - /mnt/local-websites/immich/upload:/usr/src/app/upload + depends_on: + - nginx-redis + - immich-database + - immich-typesense + restart: unless-stopped + + immich-machine-learning: + container_name: immich_machine_learning + image: ghcr.io/immich-app/immich-machine-learning:release + env_file: + - immich.env + volumes: + - /mnt/local-websites/immich/upload:/usr/src/app/upload + - ./immich/model-cache:/cache + restart: unless-stopped + networks: + default: + ipv4_address: "172.18.0.251" + + + immich-web: + container_name: immich_web + env_file: + - immich.env + image: ghcr.io/immich-app/immich-web:release + entrypoint: ["/bin/sh", "./entrypoint.sh"] + restart: unless-stopped + + immich-typesense: + container_name: typesense +# image: typesense/typesense:0.24.0 + env_file: + - immich.env + environment: + - TYPESENSE_DATA_DIR=/data + logging: + driver: none + volumes: + - ./immich/tsdata:/data + restart: unless-stopped + networks: + default: + ipv4_address: "172.18.0.250" + + immich-database: + container_name: immich_database + image: postgres:14 + env_file: + - immich.env + environment: + PG_DATA: /var/lib/postgresql/data + volumes: + - ./immich/pgdata:/var/lib/postgresql/data + restart: unless-stopped \ No newline at end of file