version: '3' networks: default: enable_ipv6: true driver: bridge driver_opts: com.docker.network.enable_ipv6: "true" ipam: driver: default config: - subnet: fd00:0:0:0:2::/64 gateway: fd00:0:0:0:2::1 - subnet: 172.18.0.0/16 gateway: 172.18.0.1 services: ipv6nat: container_name: mainstack-ipv6nat restart: unless-stopped image: robbertkl/ipv6nat privileged: true network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /lib/modules:/lib/modules:ro nginx-proxy-manager: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped container_name: mainstack-nginxproxymanager ports: - '80:80' - '443:443' - '8448:8448' volumes: - ./nginx-proxy-manager/data:/data - ./nginx-proxy-manager/letsencrypt:/etc/letsencrypt networks: default: ipv6_address: "fd00:0:0:0:2::2" depends_on: - nginx-web nginx-web: container_name: mainstack-nginx-web image: tgj-nginx:latest build: ./nginx-web/ restart: unless-stopped volumes: - ./nginx-web/configs/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx-web/configs/sites/:/etc/nginx/conf.d/ - ./nginx-web/certs/:/certs/ - ./nginx-web/certs/:/home/jack/SELF-SSL/ - ./nginx-web/webdir/:/var/www/ - /mnt/local-websites/:/mnt/local-websites/ - ./nginx-web/logs:/var/log/nginx/ - ./nginx-web/snippets/:/etc/nginx/snippets/ - ./nginx-web/fastcgi.conf:/etc/nginx/fastcgi.conf - ./nginx-web/logs/:/etc/nginx/logs/ #files-share - /mnt/files/:/var/www/Jack/files/ - /mnt/Jacks-Share/OS IMGS/:/var/www/Jack/files/OS-IMG networks: default: ipv6_address: "fd00:0:0:0:2::3" links: - nginx-php - mariadb - nginx-php-cli - nginx-redis depends_on: - mariadb - nginx-php - onlyoffice - grafana - vaultwarden - nginx-php-cli - tautulli - overseerr - tgj-matrix - mastodon - immich-server - heimdall - list-community - frigate - gitea nginx-php: container_name: nginx-php image: tgj-php:8.1 build: ./nginx-web/php/ restart: unless-stopped volumes: - ./nginx-web/webdir:/var/www/ - /mnt/local-websites/:/mnt/local-websites/ - /mnt/files/:/var/www/Jack/files/ networks: default: ipv6_address: "fd00:0:0:0:2::4" links: - nginx-redis nginx-php-cli: container_name: nginx-php-cli image: tgj-php-cli:8.1 build: ./nginx-web/php-cli/ restart: unless-stopped entrypoint: [ "bash", "-c", "cron -f"] volumes: - ./nginx-web/webdir:/var/www/ - /mnt/local-websites/:/mnt/local-websites/ links: - nginx-redis nginx-redis: image: redis:latest restart: unless-stopped container_name: nginx_redis environment: - ALLOW_EMPTY_PASSWORD=yes volumes: - ./nginx-web/redis:/data mariadb: image: mariadb:latest restart: unless-stopped container_name: mainstack-mariadb volumes: - ./mariadb/data:/var/lib/mysql - ./mariadb/config:/etc/mysql ports: - 3306:3306 environment: - MARIADB_AUTO_UPGRADE= true - MARIADB_ROOT_PASSWORD= - MARIADB_ROOT_HOST=% #grafana Stack grafana: user: "1000" image: grafana/grafana-oss:latest container_name: mainstack-grafana volumes: - ./grafana/etc-grafana/:/etc/grafana/ - ./grafana/grafana_data/:/var/lib/grafana/ restart: unless-stopped environment: GF_RENDERING_SERVER_URL: http://mainstack-grafana-renderer:8081/render GF_RENDERING_CALLBACK_URL: http://mainstack-grafana:3000/ GF_LOG_FILTERS: rendering:debug GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel,grafana-worldmap-panel" PUID: 0 PGID: 0 depends_on: - renderer - influxdb - prometheus renderer: container_name: mainstack-grafana-renderer image: grafana/grafana-image-renderer:latest restart: unless-stopped influxdb: image: influxdb:latest container_name: grafana-influx restart: unless-stopped ports: - 8086:8086 volumes: - ./grafana/influxdb/data/:/var/lib/influxdb2/ - ./grafana/influxdb/config/:/etc/influxdb2/ prometheus: user: "0" image: prom/prometheus:latest restart: unless-stopped container_name: grafana-prometeus volumes: - ./grafana/prometheus/:/etc/prometheus/ - ./grafana/prometheus_data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--web.config.file=/etc/prometheus/web-config.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/usr/share/prometheus/console_libraries' - '--web.console.templates=/usr/share/prometheus/consoles' - '--web.external-url=/graph/prometeus/' #misc web list-community: container_name: list-community restart: unless-stopped image: wingysam/christmas-community volumes: - ./lists/data:/data ports: - 8982:80 environment: SMILE: 'true' TABLE: 'true' SINGLE_LIST: 'false' ROOT_PATH: '/list/' SITE_TITLE: "TGJ lists" LISTS_PUBLIC: "true" BULMASWATCH: "darkly" DEFAULT_FAILURE_REDIRECT: "/list/login" heimdall: image: lscr.io/linuxserver/heimdall:latest container_name: heimdall restart: unless-stopped environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - ./heimdall/config:/config onlyoffice: container_name: mainstack-onlyoffice image: onlyoffice/documentserver:latest restart: unless-stopped environment: - JWT_ENABLED=true - JWT_SECRET= volumes: - ./onlyoffice/data:/var/www/onlyoffice/Data - ./onlyoffice/fonts:/usr/share/fonts/truetype/custom - ./onlyoffice/lib-data:/var/lib/onlyoffice - ./onlyoffice/postgressql:/var/lib/postgresql - ./onlyoffice/rabbitmq:/var/lib/rabbitmq - ./onlyoffice/redis:/var/lib/redis - ./onlyoffice/log:/var/log/onlyoffice vaultwarden: image: vaultwarden/server:latest container_name: mainstack-vaultwarden restart: unless-stopped environment: - WEBSOCKET_ENABLED=true # Enable WebSocket notifications. - DATABASE_URL=mysql://vault:@mainstack-mariadb:3306/vault_db - ADMIN_TOKEN=K2M3BvMPXCDkHsZ - YUBICO_CLIENT_ID=83790 - YUBICO_SECRET_KEY=fI63/7kRNrJYXIgGdxsYgsYgsB07nA= - VAULTWARDEN_URL=https://vault.tgj.services volumes: - ./vaultwarden/vw-data:/data depends_on: - mariadb tgj-matrix: image: matrixdotorg/synapse:v1.85.2 restart: unless-stopped container_name: mainstack-matrix volumes: - ./matrix/tgj-matrix:/data depends_on: - authentik-server synapse-admin: container_name: matrix-synapse-admin image: awesometechnologies/synapse-admin:latest restart: unless-stopped depends_on: - tgj-matrix element-webgui: image: vectorim/element-web container_name: matrix-element-webgui restart: unless-stopped volumes: - ./matrix/element-webgui/config.json:/app/config.json depends_on: - tgj-matrix portainer: image: portainer/portainer-ee:latest container_name: portainer restart: unless-stopped security_opt: - no-new-privileges:true volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./portainer-data:/data ports: - 8000:8000 frigate: container_name: frigate # privileged: true # this may not be necessary for all setups restart: unless-stopped image: ghcr.io/blakeblackshear/frigate:stable shm_size: "256mb" # update for your cameras based on calculation above # devices: # - /dev/bus/usb:/dev/bus/usb # passes the USB Coral, needs to be modified for other versions # - /dev/apex_0:/dev/apex_0 # passes a PCIe Coral, follow driver instructions here https://coral.ai/docs/m2/get-started/#2a-on-linux # - /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware volumes: - /etc/localtime:/etc/localtime:ro - ./frigate/config.yml:/config/config.yml - /mnt/cctv/frigate/storage:/media/frigate - type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear target: /tmp/cache tmpfs: size: 500000000 ports: - "5000:5000" - "1935:1935" - "8554:8554" # RTSP feeds - "8555:8555/tcp" # WebRTC over tcp - "8555:8555/udp" # WebRTC over udp environment: FRIGATE_RTSP_PASSWORD: "" mastodon: image: lscr.io/linuxserver/mastodon:latest container_name: mainstack-mastodon restart: unless-stopped environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - LOCAL_DOMAIN=social.tgj.services - REDIS_HOST=nginx-redis - REDIS_PORT=6379 - DB_HOST=mastodon-postgress - DB_USER=mastodon - DB_NAME=mastodon - DB_PASS= - DB_PORT=5432 - ES_ENABLED=false - SECRET_KEY_BASE= - OTP_SECRET= - VAPID_PRIVATE_KEY= - VAPID_PUBLIC_KEY= - SMTP_SERVER=mail.uk.tgj.services - SMTP_PORT=587 - SMTP_LOGIN=@tgj.services - SMTP_PASSWORD= - SMTP_FROM_ADDRESS=no-reply@tgj.services - S3_ENABLED=false - WEB_DOMAIN=social.tgj.services #optional - OIDC_ENABLED=true - OIDC_DISPLAY_NAME=TGJ SSO - OIDC_DISCOVERY=true - OIDC_ISSUER=https://auth.tgj.services/application/o/mastodon/ - OIDC_AUTH_ENDPOINT=https://auth.tgj.services/application/o/authorize/ - OIDC_SCOPE=openid,profile,email - OIDC_UID_FIELD=preferred_username - OIDC_CLIENT_ID= - OIDC_CLIENT_SECRET= - OIDC_REDIRECT_URI=https://social.tgj.services/auth/auth/openid_connect/callback - OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true - OAUTH_REDIRECT_AT_SIGN_IN=true volumes: - ./mastodon/config:/config depends_on: - mastodon-postgress mastodon-postgress: container_name: mastodon-postgress image: postgres:latest restart: unless-stopped environment: POSTGRES_PASSWORD: SjaNDhiiLVLZkfsV POSTGRES_DB: mastodon POSTGRES_USER: mastodon PGDATA: /var/lib/postgresql/data/pgdata volumes: - ./mastodon/postgresql:/var/lib/postgresql/data gitea: image: gitea/gitea:latest container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 restart: unless-stopped volumes: - ./gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "222:222" #Media Stack overseerr: image: sctx/overseerr:latest container_name: media-stack-overseerr environment: - LOG_LEVEL=error - TZ=Europe/London volumes: - ./media-stack/overseerr/config:/app/config restart: unless-stopped depends_on: - qbittorrent - sonarr - radarr - prowlarr prowlarr: image: lscr.io/linuxserver/prowlarr:develop container_name: media-stack-prowlarr environment: - PUID=1000 - PGID=1000 - TZ=Europe/London volumes: - ./media-stack/prowlarr/config:/config restart: unless-stopped depends_on: - qbittorrent - flaresolverr qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: media-stack-qbittorrent restart: unless-stopped environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - WEBUI_PORT=9697 volumes: - ./media-stack/qbittorent/config:/config - /mnt/qbit/:/mnt/qbit/ ports: - 34432:34432 - 34432:34432/udp tautulli: image: ghcr.io/tautulli/tautulli container_name: media-stack-tautulli restart: unless-stopped volumes: - ./media-stack/tautulli/config:/config environment: - PUID=1000 - PGID=1000 - TZ=GB sonarr: image: lscr.io/linuxserver/sonarr container_name: media-stack-sonarr environment: - PUID=0 - PGID=0 - TZ=Europe/London volumes: - ./media-stack/sonarr/config:/config - /mnt/media/:/mnt/plex - /mnt/qbit/:/mnt/qbit/ restart: unless-stopped depends_on: - prowlarr radarr: image: lscr.io/linuxserver/radarr container_name: media-stack-radarr environment: - PUID=0 - PGID=0 - TZ=Europe/London volumes: - ./media-stack/radarr/config:/config - /mnt/media/:/mnt/plex - /mnt/qbit/:/mnt/qbit/ restart: unless-stopped depends_on: - prowlarr flaresolverr: image: ghcr.io/flaresolverr/flaresolverr:latest container_name: media-stack-flaresolverr environment: - LOG_LEVEL=${LOG_LEVEL:-info} - LOG_HTML=${LOG_HTML:-false} - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} - TZ=Europe/London restart: unless-stopped # authentik authentik-server: image: ghcr.io/goauthentik/server:2023.8.1 restart: unless-stopped container_name: mainstack-authentik command: server environment: AUTHENTIK_FOOTER__LINKS: '[{"name"="TGJ - IT & Networking","href":"https://tgj.services"}]' AUTHENTIK_REDIS__HOST: "authentik-redis" AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql" AUTHENTIK_POSTGRESQL__USER: "authentik" AUTHENTIK_POSTGRESQL__NAME: "authentik" AUTHENTIK_POSTGRESQL__PASSWORD: "" AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: "false" AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: "false" AUTHENTIK_GDPR_COMPLIANCE: "true" AUTHENTIK_EMAIL__FROM: "no-reply@tgj.services" AUTHENTIK_EMAIL__USE_SSL: "true" AUTHENTIK_EMAIL__TIMEOUT: "10" AUTHENTIK_EMAIL__USE_TLS: "false" AUTHENTIK_EMAIL__USERNAME: "@tgj.services" AUTHENTIK_EMAIL__PASSWORD: "" AUTHENTIK_EMAIL__HOST: "mail.tgj.services" AUTHENTIK_EMAIL__PORT: "465" AUTHENTIK_SECRET_KEY: "" AUTHENTIK_ERROR_REPORTING__ENABLED: "false" # WORKERS: 2 volumes: - ./authentik/media:/media - ./authentik/custom-templates:/templates - ./authentik/geoip:/geoip - ./authentik/custom.css:/web/dist/custom.css authentik-worker: container_name: authentik-worker image: ghcr.io/goauthentik/server:2023.8.1 restart: unless-stopped command: worker environment: AUTHENTIK_FOOTER__LINKS: '[{"name"="TGJ - IT & Networking","href":"https://tgj.services"}]' AUTHENTIK_REDIS__HOST: "authentik-redis" AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql" AUTHENTIK_POSTGRESQL__USER: "authentik" AUTHENTIK_POSTGRESQL__NAME: "authentik" AUTHENTIK_POSTGRESQL__PASSWORD: "" AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: "false" AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: "false" AUTHENTIK_GDPR_COMPLIANCE: "true" AUTHENTIK_EMAIL__FROM: "no-reply@tgj.services" AUTHENTIK_EMAIL__USE_SSL: "true" AUTHENTIK_EMAIL__TIMEOUT: "10" AUTHENTIK_EMAIL__USE_TLS: "false" AUTHENTIK_EMAIL__USERNAME: "@tgj.services" AUTHENTIK_EMAIL__PASSWORD: "" AUTHENTIK_EMAIL__HOST: "mail.tgj.services" AUTHENTIK_EMAIL__PORT: "465" AUTHENTIK_SECRET_KEY: "" AUTHENTIK_ERROR_REPORTING__ENABLED: "false" user: root volumes: - ./authentik/media:/media - ./authentik/certs:/certs - /var/run/docker.sock:/var/run/docker.sock - ./authentik/custom-templates:/templates - ./authentik/geoip:/geoip geoipupdate: image: "maxmindinc/geoipupdate:latest" volumes: - "./authentik/geoip:/usr/share/GeoIP" environment: GEOIPUPDATE_EDITION_IDS: "GeoLite2-City" GEOIPUPDATE_FREQUENCY: "8" GEOIPUPDATE_ACCOUNT_ID: "" GEOIPUPDATE_LICENSE_KEY: "" AUTHENTIK_AUTHENTIK__GEOIP: "/geoip/GeoLite2-City.mmdb" authentik-postgresql: image: postgres:12-alpine restart: unless-stopped container_name: authentik-postgresql volumes: - ./authentik/database:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD= - POSTGRES_USER=authentik - POSTGRES_DB=authentik ports: - 5432:5432 authentik-redis: container_name: authentik-redis image: redis:alpine restart: unless-stopped volumes: - ./authentik/redis-data:/data #immich immich-server: container_name: immich_server image: ghcr.io/immich-app/immich-server:release entrypoint: ["/bin/sh", "./start-server.sh"] env_file: - immich.env volumes: - /mnt/local-websites/immich/upload:/usr/src/app/upload depends_on: - nginx-redis - immich-database - immich-typesense restart: unless-stopped immich-microservices: container_name: immich_microservices image: ghcr.io/immich-app/immich-server:release entrypoint: ["/bin/sh", "./start-microservices.sh"] env_file: - immich.env volumes: - /mnt/local-websites/immich/upload:/usr/src/app/upload depends_on: - nginx-redis - immich-database - immich-typesense restart: unless-stopped immich-machine-learning: container_name: immich_machine_learning image: ghcr.io/immich-app/immich-machine-learning:release env_file: - immich.env volumes: - /mnt/local-websites/immich/upload:/usr/src/app/upload - ./immich/model-cache:/cache restart: unless-stopped networks: default: ipv4_address: "172.18.0.251" immich-web: container_name: immich_web env_file: - immich.env image: ghcr.io/immich-app/immich-web:release entrypoint: ["/bin/sh", "./entrypoint.sh"] restart: unless-stopped immich-typesense: container_name: typesense # image: typesense/typesense:0.24.0 env_file: - immich.env environment: - TYPESENSE_DATA_DIR=/data logging: driver: none volumes: - ./immich/tsdata:/data restart: unless-stopped networks: default: ipv4_address: "172.18.0.250" immich-database: container_name: immich_database image: postgres:14 env_file: - immich.env environment: PG_DATA: /var/lib/postgresql/data volumes: - ./immich/pgdata:/var/lib/postgresql/data restart: unless-stopped