wompmacho/configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding all my compose files

Browse Source
This commit is contained in:
Michael
2026-03-29 02:37:51 +00:00
parent 76852b403b
commit 07b2f20ca9
30 changed files with 1012 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docker_compose/cabernet/docker-compose.yaml Normal file
View File

@@ -0,0 +1,31 @@
################################################################################
# cabernetwork
# https://github.com/cabernetwork/cabernet/blob/master/docker-compose.yml
################################################################################
version: "3.8"
services:
cabernet:
image: ghcr.io/cabernetwork/cabernet:latest # Or a specific version
container_name: cabernet
ports:
- "6077:6077" # Web UI port
- "5004:5004" # Stream port
volumes:
- cabernet_data:/app/data # Persist configuration and data
- cabernet_plugins:/app/plugins_ext # Persist plugins
restart: unless-stopped
volumes:
cabernet_data:
name: cabernet_data
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/cabernet/cabernet_data
cabernet_plugins:
name: cabernet_plugins
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/cabernet/cabernet_plugins

10
docker_compose/cloudflare-ddns/docker-compose.yaml Normal file
View File

@@ -0,0 +1,10 @@
# Cloudflare DDNS -- https://github.com/favonia/cloudflare-ddns
services:
cloudflare-ddns:
container_name: cloudflare-ddns
image: oznu/cloudflare-ddns:latest
environment:
- API_KEY=${API_KEY}
- ZONE=wompmacho.com
- PROXIED=true
restart: unless-stopped

35
docker_compose/code-server/docker-compose.yaml Normal file
View File

@@ -0,0 +1,35 @@
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#
# CODE SERVER IS RUNNING ON UBUNTU HOST
# we had issues with things functionoing right in the past
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#
# code-server -- https://hub.docker.com/r/linuxserver/code-server
services:
code-server:
image: lscr.io/linuxserver/code-server:latest
container_name: code-server
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- PASSWORD=${PASSWORD} #optional
- SUDO_PASSWORD=${SUDO_PASSWORD} #optional
- PROXY_DOMAIN=dev.wompmacho.com #optional
- DEFAULT_WORKSPACE=/apps
volumes:
- /srv/code-server/config:/config # code-server expects /code-server as default dir?
- /srv:/apps
# docker socket
- /var/run/docker.sock:/var/run/docker.sock
# podman socket
#- /run/user/1000/podman/podman.sock:/var/run/docker.sock
ports:
- 8443:8443
restart: unless-stopped
networks:
- frontend
networks:
frontend:
external: true

10
docker_compose/dozzel/docker-compose.yaml Normal file
View File

@@ -0,0 +1,10 @@
# dozzle - https://github.com/amir20/dozzle
services:
dozzle:
container_name: dozzle
image: ghcr.io/amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 4343:8080
restart: always

23
docker_compose/freshrss/docker-compose.yaml Normal file
View File

@@ -0,0 +1,23 @@
# freshrss -- https://hub.docker.com/r/linuxserver/freshrss
---
services:
freshrss:
image: lscr.io/linuxserver/freshrss:latest
container_name: freshrss
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
volumes:
- freshrss_nfs:/config
ports:
- 6464:80
restart: unless-stopped
volumes:
freshrss_nfs:
name: freshrss_nfs
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/freshrss

26
docker_compose/frigate/docker-compose.yaml Normal file
View File

@@ -0,0 +1,26 @@
# frigate -- https://docs.frigate.video/frigate/installation/
---
services:
frigate:
container_name: frigate
#privileged: true # this may not be necessary for all setups
stop_grace_period: 30s # allow enough time to shut down the various services
restart: unless-stopped
image: ghcr.io/blakeblackshear/frigate:stable
shm_size: "512mb" # update for your cameras based on calculation above
volumes:
- /etc/localtime:/etc/localtime:ro
- /srv/frigate/config:/config
- /srv/frigate/media:/media/frigate
- type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
target: /tmp/cache
tmpfs:
size: 1000000000
ports:
- "8971:8971"
- "5000:5000" # Internal unauthenticated access. Expose carefully.
- "8554:8554" # RTSP feeds
- "8555:8555/tcp" # WebRTC over tcp
- "8555:8555/udp" # WebRTC over udp
environment:
FRIGATE_RTSP_PASSWORD: '${FRIGATE_RTSP_PASSWORD}'

89
docker_compose/gitea/docker-compose.yaml Normal file
View File

@@ -0,0 +1,89 @@
################################################################################
# gitea -- https://docs.gitea.com/installation/install-with-docker
################################################################################
networks:
gitea_net:
driver: bridge
services:
# --- Gitea ---
server:
image: docker.gitea.com/gitea:1.25.4
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
restart: always
networks:
- gitea_net
volumes:
- "${GITEA_HOME}/data:/data"
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
ports:
- "3001:3000"
- "222:22"
depends_on:
- db
# --- Gitea postgres db ---
db:
image: docker.io/library/postgres:14
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- gitea_net
volumes:
- "${GITEA_HOME}/postgres:/var/lib/postgresql/data"
# --- Gitea Actions Runner ---
runner:
image: gitea/act_runner:latest
container_name: gitea_runner
restart: always
environment:
- GITEA_INSTANCE_URL=https://git.wompmacho.com
- GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN}
- GITEA_RUNNER_NAME=gitea-runner-01
- CONFIG_FILE=/data/config.yaml
volumes:
- "${GITEA_HOME}/runner:/data"
- "/srv/www:/deploy"
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- gitea_net
depends_on:
- server
# --- Nginx Web Server (Public) ---
docs-public:
image: nginx:alpine
container_name: docs-public
restart: always
ports:
- "9895:80"
volumes:
- "/srv/www/docs-public:/usr/share/nginx/html:ro"
networks:
- gitea_net
# --- Nginx Web Server (Private) ---
docs-private:
image: nginx:alpine
container_name: docs-private
restart: always
ports:
- "9897:80"
volumes:
- "/srv/www/docs-private:/usr/share/nginx/html:ro"
networks:
- gitea_net

11
docker_compose/gitlab/configuring_runner.md Normal file
View File

@@ -0,0 +1,11 @@
Need to set to http over https because local
```
docker exec -it gitlab-runner gitlab-runner register \
--url "http://git.wompmacho.com/" \
--registration-token "glrt-LCZEyPXJs96sb4VL9LrOvm86MQp0OjEKdToxCw.01.120rimamb" \
--executor "docker" \
--docker-image "alpine:latest" \
--description "job-runner" \
--docker-volumes /var/run/docker.sock:/var/run/docker.sock
```

64
docker_compose/gitlab/docker-compose.yaml Normal file
View File

@@ -0,0 +1,64 @@
# gitlab/gitlab-ce:18.1.2-ce.0 - https://hub.docker.com/r/gitlab/gitlab-ce/tags
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
hostname: "git.wompmacho.com" # This hostname is mostly for internal consistency
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://git.wompmacho.com'
gitlab_rails['gitlab_shell_ssh_port'] = 4446
letsencrypt['enable'] = false # Assuming your external Nginx handles Let's Encrypt
puma['worker_processes'] = 2 # Reduce Puma worker processes
prometheus_monitoring['enable'] = false # Disable Prometheus monitoring
sidekiq['max_concurrency'] = 10 # Reduce Sidekiq concurrency
# --- Settings for Nginx Reverse Proxy with SSL termination ---
nginx['listen_port'] = 80 # GitLab's internal Nginx listens on HTTP port 80 (inside the container)
nginx['listen_https'] = false # GitLab's internal Nginx should NOT listen for HTTPS
# Tell GitLab that it's behind an HTTPS proxy
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
# Add your Nginx proxy's internal IP address to trusted proxies
# Replace 172.x.x.x/xx with the actual network range of your Docker bridge or external Nginx IP
gitlab_rails['trusted_proxies'] = ['172.17.0.0/16'] # Example: Docker default bridge network range
ports:
# Map container port 80 (HTTP) to your desired host port, e.g., 4444.
# Your external Nginx will then proxy to this host port (or directly to the container's IP:80 if on the same Docker network).
- "4444:80"
- "4446:22" # SSH port (usually handled directly, not proxied by Nginx for Git over SSH)
# Port 443 mapping is usually removed from GitLab's side if Nginx handles it,
# or used for internal communication if your Nginx connects to GitLab over HTTPS internally.
# For simplicity, if Nginx terminates SSL, GitLab listens HTTP.
# So, no need for 4445:443 mapping here.
volumes:
- "${GITLAB_HOME}/config:/etc/gitlab"
- "${GITLAB_HOME}/logs:/var/log/gitlab"
- "${GITLAB_HOME}/data:/var/opt/gitlab"
deploy:
resources:
limits:
memory: 8g
logging:
driver: "json-file"
options:
max-size: "512m"
max-file: "3"
shm_size: "4g"
env_file:
- path: ./.env
required: true
restart: unless-stopped
gitlab-runner:
image: gitlab/gitlab-runner:latest
container_name: gitlab-runner
restart: unless-stopped
volumes:
- "${GITLAB_HOME}/gitlab-runner/config:/etc/gitlab-runner"
- /var/run/docker.sock:/var/run/docker.sock

75
docker_compose/headscale/docker-compose.yaml Normal file
View File

@@ -0,0 +1,75 @@
################################################################################
# headscale - Orchistration server for tailnet clients
# https://blog.gurucomputing.com.au/Smart%20VPNS%20with%20Headscale/Setting%20up%20Headscale/
# --
# Tailscale for local exit node / home network
################################################################################
services:
headscale:
container_name: headscale
image: headscale/headscale:latest
restart: unless-stopped
ports:
- 4545:8080
- 9090:9090
volumes:
- headscale_config_nfs:/etc/headscale
- headscale_data_nfs:/var/lib/headscale
- headscale_run_nfs:/var/run/headscale
command: serve
headscale-ui:
container_name: headscale-ui
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
ports:
- 6262:8080
# tailscale:
# container_name: tailscale
# image: tailscale/tailscale:latest
# hostname: tailscale # Replace with a descriptive name for your device
# volumes:
# - tailscale-data:/var/lib/tailscale # Persist Tailscale data
# - /dev/net/tun:/dev/net/tun # Required for Tailscale to function
# cap_add:
# - NET_ADMIN # Required for Tailscale to manage network interfaces
# - SYS_MODULE # Required for Tailscale to load kernel modules if needed
# environment:
# # Set to 'true' to enable subnet routing (allowing other devices on your home network to be accessible)
# # You will need to approve the subnet routes in the Tailscale admin console after starting.
# # Also enables this device as an exit node.
# # IMPORTANT: Replace https://your-headscale-url.com with the actual URL of your Headscale instance.
# - TS_EXTRA_ARGS=--advertise-routes=10.0.0.0/24 --accept-dns=true
# --login-server=https://headscale.wompmacho.com
# - TS_AUTHKEY=e9f24a0815451a5b164cc17715ff457bf6447095dbbe7db4 # OPTIONAL: Use an auth key for unattended authentication
# # - TS_USERSPACE=true # Uncomment if you encounter issues with kernel module loading
# network_mode: host # Use host network mode for direct network access
# restart: unless-stopped
volumes:
headscale_config_nfs:
name: headscale_config_nfs
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/headscale/container-config
headscale_data_nfs:
name: headscale_data_nfs
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/headscale/container-data
headscale_run_nfs:
name: headscale_run_nfs
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/headscale/container-run
# tailscale-data:
# name: tailscale-data
# driver_opts:
# type: nfs
# o: addr=truenas,nolock,soft,rw
# device: :/mnt/store/vault/app/tailscale

20
docker_compose/homepage/docker-compose.yaml Normal file
View File

@@ -0,0 +1,20 @@
# homepage -- https://gethomepage.dev/
services:
homepage:
container_name: homepage
image: ghcr.io/gethomepage/homepage:latest
environment:
- PUID=1000
- PGID=1000
- HOMEPAGE_ALLOWED_HOSTS=*
env_file:
- .env
volumes:
- /srv/homepage/config:/app/config
- /srv/homepage/background:/app/public/images
- /var/run/docker.sock:/var/run/docker.sock:ro # docker socket
ports:
- 7676:3000
restart: unless-stopped

79
docker_compose/immich/docker-compose.yaml Normal file
View File

@@ -0,0 +1,79 @@
# immich - https://docs.immich.app/overview/quick-start/
# disable-machine-learning - https://docs.immich.app/FAQ/#how-can-i-disable-machine-learning
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/data
- ${EXTERNAL_FILES}:/photos:ro
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- "2283:2283"
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
# immich-machine-learning:
# container_name: immich_machine_learning
# # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# # Example tag: ${IMMICH_VERSION:-release}-cuda
# image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# # file: hwaccel.ml.yml
# # service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
# volumes:
# - model-cache:/cache
# env_file:
# - .env
# restart: always
# healthcheck:
# disable: false
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: "--data-checksums"
DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: always
volumes:
#model-cache:
immich-library:
name: immich-library
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/immich/library
networks:
frontend:
external: true

23
docker_compose/linkstacks/docker-compose.yaml Normal file
View File

@@ -0,0 +1,23 @@
# Linkstacks -- https://github.com/LinkStackOrg/linkstack-docker
services:
linkstack:
container_name: 'linkstack'
hostname: 'linkstack'
image: 'linkstackorg/linkstack:latest'
user: '0:0'
environment:
TZ: '${TIMEZONE}'
SERVER_ADMIN: '${SERVER_ADMIN_EMAIL}'
HTTP_SERVER_NAME: '${HTTP_SERVER_NAME_ADDRESS}'
HTTPS_SERVER_NAME: '${HTTPS_SERVER_NAME_ADDRESS}'
LOG_LEVEL: 'info'
PHP_MEMORY_LIMIT: '256M'
UPLOAD_MAX_FILESIZE: '8M'
volumes:
- 'linkstack_data:/htdocs'
ports:
- '8190:443'
restart: unless-stopped
volumes:
linkstack_data:

34
docker_compose/matrix/docker-compose.yaml Normal file
View File

@@ -0,0 +1,34 @@
# Synapse: https://github.com/element-hq/synapse
# Matrix guide: https://element-hq.github.io/synapse/latest/setup/installation.html#installation-instructions
# Docker Image: https://hub.docker.com/r/avhost/docker-matrix
# Example: https://github.com/AVENTER-UG/docker-matrix/blob/master/Example.configs.md
# # generate
# version: "3"
# services:
# docker-matrix:
# container_name: 'matrix'
# volumes:
# - /app/matrix/media:/media_store
# - /app/matrix/data:/data
# user: 0:0 # need perms to write files?
# environment:
# - SERVER_NAME=wompmacho.com
# - REPORT_STATS=no
# image: avhost/docker-matrix:v1.133
# command: generate
# start
version: "3"
services:
docker-matrix:
container_name: "matrix"
user: 991:991
ports:
- 8448:8448
- 8008:8008
- 3478:3478
volumes:
- /app/matrix/media:/media_store
- /app/matrix/data:/data
image: avhost/docker-matrix:v1.133
command: start

68
docker_compose/mkdocs/docker-compose.yaml Normal file
View File

@@ -0,0 +1,68 @@
# mkdocs -- https://squidfunk.github.io/mkdocs-material/
services:
public-mkdocs:
container_name: "public-mkdocs"
image: material2:latest
environment:
- PUID=1000
- PGID=1000
volumes:
- /srv/mkdocs/public:/docs
stdin_open: true
tty: true
ports:
- "9896:8000"
networks:
- frontend
labels:
# --- Basic Traefik Enabling ---
- "traefik.enable=true" # MANDATORY because exposedByDefault is false in your Traefik config
# --- HTTP Router Configuration ---
# - "traefik.http.routers.mkdocs-http.rule=Host(`wiki.wompmacho.com`)" # <-- IMPORTANT: Change this to your domain!
# - "traefik.http.routers.mkdocs-http.entrypoints=web" # Use your 'web' entrypoint for HTTP (port 80)
- "traefik.http.routers.mkdocs-https.tls=true"
- "traefik.http.routers.mkdocs-https.tls.certresolver=cloudflare"
- "traefik.http.routers.mkdocs-https.entrypoints=websecure"
- "traefik.http.routers.mkdocs-https.rule=Host(`wiki.wompmacho.com`)" # <-- IMPORTANT: Change this to your domain!
# This label tells Traefik to connect to port 8000 *inside* the MkDocs container.
- "traefik.http.services.mkdocs-service.loadbalancer.server.port=8000"
restart: unless-stopped
# private-mkdocs:
# container_name: 'private-mkdocs'
# restart: unless-stopped
# image: squidfunk/mkdocs-material
# environment:
# - PUID=1000
# - PGID=1000
# volumes:
# - private-mkdocs:/docs
# stdin_open: true
# tty: true
# ports:
# - "9897:8000"
# volumes:
# public-mkdocs:
# name: public-mkdocs
# driver_opts:
# type: nfs
# o: addr=truenas,nolock,soft,rw
# device: :/mnt/store/vault/app/mkdocs/public
# private-mkdocs:
# name: private-mkdocs
# driver_opts:
# type: nfs
# o: addr=truenas,nolock,soft,rw
# device: :/mnt/store/vault/app/mkdocs/private
networks:
frontend:
external: true

7
docker_compose/mkdocs/my_mkdocs.docker Normal file
View File

@@ -0,0 +1,7 @@
FROM squidfunk/mkdocs-material
RUN pip install mkdocs-macros-plugin
RUN pip install mkdocs-glightbox
RUN pip install mkdocs-plugin-commonmark
RUN pip install mkdocs-include-dir-to-nav
RUN pip install mkdocs-git-revision-date-localized-plugin
RUN pip install mkdocs-include-markdown-plugin

26
docker_compose/nginx-proxy-manager/docker-compose.yaml Normal file
View File

@@ -0,0 +1,26 @@
# nginx-proxy-manager -- https://nginxproxymanager.com/setup/
version: '3.8'
services:
app:
container_name: nginx-proxy-manager
image: 'docker.io/jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
# Uncomment the next line if you uncomment anything in the section
#environment:
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
#DISABLE_IPV6: 'true'
volumes:
- /app/nginxproxy/data:/data
- /app/nginxproxy/letsencrypt:/etc/letsencrypt

9
docker_compose/open-webui/docker-compose.yaml Normal file
View File

@@ -0,0 +1,9 @@
# Open WebUI
# https://docs.openwebui.com/getting-started/quick-start/
services:
openwebui:
image: ghcr.io/open-webui/open-webui:main
ports:
- "3000:8080"
volumes:
- /srv/open-webui:/app/backend/data

23
docker_compose/owncast/docker-compose.yaml Normal file
View File

@@ -0,0 +1,23 @@
# owncast -- https://owncast.online/quickstart/container/
services:
owncast:
image: owncast/owncast:latest
container_name: owncast
ports:
- "3233:8080"
- "1935:1935"
environment:
- PUID=1000
- PGID=1000
volumes:
#- ./data:/app/data
- owncast-mnt:/app/data
restart: unless-stopped
volumes:
owncast-mnt:
name: owncast-mnt
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/owncast

25
docker_compose/portainer/docker-compose.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Portainer
services:
portainer:
container_name: portainer
ports:
- "8000:8000" # For HTTP API access (if needed directly)
- "9000:9000" # HTTP UI access (if needed directly)
- "9443:9443" # HTTPS UI access (if needed directly)
- "9001:9001" # Edge Agent port (if used directly)
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/srv/portainer/data:/data"
image: portainer/portainer-ce:lts
environment:
- "TRUSTED_ORIGINS=portainer" # Set to your local domain
command: --tlsskipverify --base-url="https://portainer" # Portainer's command-line arguments
networks:
- frontend
restart: unless-stopped
networks:
# Define the 'frontend' network as external, meaning it's created elsewhere (e.g., by Traefik's compose file).
frontend:
external: true

42
docker_compose/qbittorrentvpn/docker-compose.yaml Normal file
View File

@@ -0,0 +1,42 @@
########################################
# qbittorrentvpn - https://hub.docker.com/r/dyonr/qbittorrentvpn
# Client with WebUI that connects to OpenVPN with iptables killswitch to
# prevent IP leakage when the tunnel goes down
########################################
services:
qbittorrentvpn:
container_name: torrent
privileged: true
image: dyonr/qbittorrentvpn
environment:
- VPN_ENABLED=true
- VPN_USERNAME=${VPN_USERNAME}
- VPN_PASSWORD=${VPN_PASSWORD}
- LAN_NETWORK=10.0.0.0/24
- WEBUI_PORT_ENV=8080
- INCOMING_PORT_ENV=8999
- TZ=America/New_York
ports:
- 8181:8080
- 8999:8999
- 8999:8999/udp
volumes:
- /srv/qbittorrentvpn/config:/config
- /srv/qbittorrentvpn/theme:/theme
- downloads_nfs:/downloads
restart: unless-stopped
networks:
- frontend
networks:
frontend:
external: true # Or define it if it's not external
volumes:
downloads_nfs:
name: downloads_nfs
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/MediaServer/downloads

44
docker_compose/restarter/restart.sh Normal file
View File

@@ -0,0 +1,44 @@
RESTARTED_TODAY=false # Flag to track if containers have been restarted today
while true; do
CURRENT_TIME=$(date +'%H:%M')
if [ "$CURRENT_TIME" = '04:00' ]; then
if [ "$RESTARTED_TODAY" = false ]; then
echo "$(date): It's 04:00. Initiating Docker container restart process..."
CONTAINER_IDS=$(docker ps -q)
if [ -z "$CONTAINER_IDS" ]; then
echo "$(date): No running Docker containers found to restart."
else
echo "$(date): Found containers: $CONTAINER_IDS"
for CONTAINER_ID in $CONTAINER_IDS; do
echo "$(date): Restarting container: ${CONTAINER_ID}"
docker restart "${CONTAINER_ID}"
# Check if the restart command was successful (optional, but good practice)
if [ $? -eq 0 ]; then
echo "$(date): Successfully restarted ${CONTAINER_ID}."
else
echo "$(date): Failed to restart ${CONTAINER_ID}. Continuing to next container."
fi
echo "$(date): Waiting 10 seconds before next container restart..."
sleep 10
done
echo "$(date): All specified Docker containers have been processed for restart."
fi
RESTARTED_TODAY=true # Set the flag to true to prevent re-running until next day
echo "$(date): Restart cycle for today (04:00) completed."
else
echo "$(date): It's 04:00, but containers already restarted today. Skipping."
fi
else
# Reset the flag once the time passes 04:00, preparing for the next day's restart
if [ "$RESTARTED_TODAY" = true ]; then
echo "$(date): Time is no longer 04:00. Resetting restart flag for tomorrow."
RESTARTED_TODAY=false
fi
fi
# Sleep for a shorter duration (e.g., 30 seconds) to ensure the 04:00 mark is caught reliably,
# but not so short as to consume excessive CPU.
sleep 30
done

59
docker_compose/restarter/restarter.yaml Normal file
View File

@@ -0,0 +1,59 @@
################################################################################
# For restarts @4am
# https://stackoverflow.com/questions/69309747/schedule-daily-docker-container-restart-reset
###############################################################################
version: "3.9"
services:
restart-er:
container_name: restart-er
image: docker:cli
restart: unless-stopped
volumes: ["/var/run/docker.sock:/var/run/docker.sock"]
entrypoint: ["/bin/sh","-c"]
command:
- |
RESTARTED_TODAY=false # Flag to track if containers have been restarted today
while true; do
CURRENT_TIME=$(date +'%H:%M')
if [ "$CURRENT_TIME" = '04:00' ]; then
if [ "$RESTARTED_TODAY" = false ]; then
echo "$(date): It's 04:00. Initiating Docker container restart process..."
CONTAINER_IDS=$(docker ps -q)
if [ -z "$CONTAINER_IDS" ]; then
echo "$(date): No running Docker containers found to restart."
else
echo "$(date): Found containers: $CONTAINER_IDS"
for CONTAINER_ID in $CONTAINER_IDS; do
echo "$(date): Restarting container: ${CONTAINER_ID}"
docker restart "${CONTAINER_ID}"
# Check if the restart command was successful (optional, but good practice)
if [ $? -eq 0 ]; then
echo "$(date): Successfully restarted ${CONTAINER_ID}."
else
echo "$(date): Failed to restart ${CONTAINER_ID}. Continuing to next container."
fi
echo "$(date): Waiting 10 seconds before next container restart..."
sleep 10
done
echo "$(date): All specified Docker containers have been processed for restart."
fi
RESTARTED_TODAY=true # Set the flag to true to prevent re-running until next day
echo "$(date): Restart cycle for today (04:00) completed."
else
echo "$(date): It's 04:00, but containers already restarted today. Skipping."
fi
else
# Reset the flag once the time passes 04:00, preparing for the next day's restart
if [ "$RESTARTED_TODAY" = true ]; then
echo "$(date): Time is no longer 04:00. Resetting restart flag for tomorrow."
RESTARTED_TODAY=false
fi
fi
# Sleep for a shorter duration (e.g., 30 seconds) to ensure the 04:00 mark is caught reliably,
# but not so short as to consume excessive CPU.
sleep 30
done

33
docker_compose/tailscale/docker-compose.yaml Normal file
View File

@@ -0,0 +1,33 @@
# Tailscale for local exit node / home network
---
version: "3.8"
services:
tailscale:
container_name: tailscale
image: tailscale/tailscale:latest
hostname: tailscale # Replace with a descriptive name for your device
volumes:
- tailscale-data:/var/lib/tailscale # Persist Tailscale data
- /dev/net/tun:/dev/net/tun # Required for Tailscale to function
cap_add:
- NET_ADMIN # Required for Tailscale to manage network interfaces
- SYS_MODULE # Required for Tailscale to load kernel modules if needed
environment:
# Set to 'true' to enable subnet routing (allowing other devices on your home network to be accessible)
# You will need to approve the subnet routes in the Tailscale admin console after starting.
# Also enables this device as an exit node.
# IMPORTANT: Replace https://your-headscale-url.com with the actual URL of your Headscale instance.
- TS_EXTRA_ARGS=--advertise-routes=10.0.0.0/24 --advertise-exit-node
--login-server=https://headscale.wompmacho.com
- TS_AUTHKEY=e9f24a0815451a5b164cc17715ff457bf6447095dbbe7db4 # OPTIONAL: Use an auth key for unattended authentication
# - TS_USERSPACE=true # Uncomment if you encounter issues with kernel module loading
network_mode: host # Use host network mode for direct network access
restart: unless-stopped
volumes:
tailscale-data:
name: tailscale-data
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/tailscale

28
docker_compose/teamspeak/docker-compose.yaml Normal file
View File

@@ -0,0 +1,28 @@
################################################################################
# teamspeak
# https://hub.docker.com/_/teamspeak
###############################################################################
services:
teamspeak:
image: teamspeak
restart: always
ports:
- 9987:9987/udp
- 10011:10011
- 30033:30033
environment:
TS3SERVER_DB_PLUGIN: ts3db_mariadb
TS3SERVER_DB_SQLCREATEPATH: create_mariadb
TS3SERVER_DB_HOST: db
TS3SERVER_DB_USER: root
TS3SERVER_DB_PASSWORD: example
TS3SERVER_DB_NAME: teamspeak
TS3SERVER_DB_WAITUNTILREADY: 30
TS3SERVER_LICENSE: accept
db:
image: mariadb
restart: always
environment:
MYSQL_ROOT_PASSWORD: example
MYSQL_DATABASE: teamspeak

29
docker_compose/traefik/docker-compose.yaml Normal file
View File

@@ -0,0 +1,29 @@
# traefik - https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/
services:
traefik:
image: "traefik:v3.4"
container_name: "traefik"
ports:
# http port
- 80:80
# https port
- 443:443
# web ui (insecure)
- 8080:8080
environment:
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
volumes:
# so that traefik can listen to docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
- /srv/traefik/config/traefik.yaml:/etc/traefik/traefik.yaml:ro
- /srv/traefik/data/certs:/var/traefik/certs/:rw
networks:
- frontend
labels:
- "traefik.http.serversTransports.portainer-insecure-transport.insecureSkipVerify=true"
restart: unless-stopped
networks:
frontend:
external: true

11
docker_compose/uptime-kuma/docker-compose.yaml Normal file
View File

@@ -0,0 +1,11 @@
# uptime-kuma -- https://github.com/louislam/uptime-kuma
version: '3.3'
services:
uptime-kuma:
container_name: uptime-kuma
image: louislam/uptime-kuma:1
volumes:
- /app/uptime-kuma/data:/app/data
ports:
- 3001:3001 # <Host Port>:<Container Port>
restart: unless-stopped

24
docker_compose/vaultwarden/docker-compose.yaml Normal file
View File

@@ -0,0 +1,24 @@
# vaultwarden -- https://github.com/dani-garcia/vaultwarden
---
services:
vaultwarden:
image: vaultwarden/server:1.35.2
container_name: vaultwarden
restart: unless-stopped
environment:
DOMAIN: "https://vaultwarden.wompmacho.com"
ROCKET_PORT: 80
ROCKET_ENV: production
volumes:
- vaultwarden-mount:/data/
ports:
- '9998:80'
- '9999:443'
volumes:
vaultwarden-mount:
name: vaultwarden-mount
driver_opts:
type: nfs
o: addr=truenas,nolock,soft,rw
device: :/mnt/store/vault/app/vaultwarden

31
docker_compose/webtop/docker-compose.yaml Normal file
View File

@@ -0,0 +1,31 @@
# webtop -- https://docs.linuxserver.io/images/docker-webtop/#lossless-mode
---
services:
webtop:
image: lscr.io/linuxserver/webtop:latest
container_name: webtop
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- TITLE=Webtop #optional
dns:
- 10.0.0.11
shm_size: "1gb" #optional
volumes:
- /srv/webtop/config:/config
ports:
- 7978:3000
- 7979:3001
networks:
- frontend
labels:
- traefik.enable=true
- traefik.http.routers.nginx-http.rule=Host(`webtop.wompmacho.com`)
- traefik.http.routers.nginx-http.entrypoints=web
restart: unless-stopped
networks:
frontend:
external: true

23
docker_compose/wikijs/wikijs.yaml Normal file
View File

@@ -0,0 +1,23 @@
# wikijs -- https://github.com/linuxserver/docker-wikijs
---
version: "3.8"
services:
wikijs:
image: lscr.io/linuxserver/wikijs:latest
container_name: wikijs
environment:
- PUID=0
- PGID=0
- TZ=Etc/UTC
- DB_TYPE=sqlite #optional
- DB_HOST= #optional
- DB_PORT= #optional
- DB_NAME= #optional
- DB_USER= #optional
- DB_PASS= #optional
volumes:
- /app/wiki/config:/config
- /app/wiki/data:/data
ports:
- 3000:3000
restart: unless-stopped