From cf653b2667c4590ead021ca723897f2a295b7f6b Mon Sep 17 00:00:00 2001 From: anandslab Date: Fri, 6 Dec 2024 11:40:59 +0100 Subject: [PATCH] adding v4 archives --- archives/deployarr_v4/compose/adminer.yml | 22 + .../compose/airsonic-advanced.yml | 35 + archives/deployarr_v4/compose/authelia.yml | 41 + archives/deployarr_v4/compose/baikal.yml | 26 + archives/deployarr_v4/compose/bazarr.yml | 32 + archives/deployarr_v4/compose/cadvisor.yml | 32 + .../deployarr_v4/compose/change-detection.yml | 31 + archives/deployarr_v4/compose/chromium.yml | 33 + archives/deployarr_v4/compose/custom.yml | 4 + archives/deployarr_v4/compose/cyberchef.yml | 23 + archives/deployarr_v4/compose/dashy.yml | 36 + .../deployarr_v4/compose/ddns-updater.yml | 41 + archives/deployarr_v4/compose/deunhealth.yml | 16 + archives/deployarr_v4/compose/docker-gc.yml | 24 + archives/deployarr_v4/compose/dozzle.yml | 32 + archives/deployarr_v4/compose/flame.yml | 29 + archives/deployarr_v4/compose/freshrss.yml | 29 + archives/deployarr_v4/compose/glances.yml | 36 + archives/deployarr_v4/compose/gluetun.yml | 32 + archives/deployarr_v4/compose/grafana.yml | 28 + archives/deployarr_v4/compose/grocy.yml | 29 + archives/deployarr_v4/compose/guacamole.yml | 35 + archives/deployarr_v4/compose/guacd.yml | 9 + archives/deployarr_v4/compose/heimdall.yml | 29 + archives/deployarr_v4/compose/homarr.yml | 31 + archives/deployarr_v4/compose/homebridge.yml | 25 + archives/deployarr_v4/compose/homepage.yml | 30 + archives/deployarr_v4/compose/influxdb.yml | 27 + archives/deployarr_v4/compose/it-tools.yml | 21 + archives/deployarr_v4/compose/jackett.yml | 30 + archives/deployarr_v4/compose/jellyfin.yml | 36 + archives/deployarr_v4/compose/jellyseerr.yml | 28 + archives/deployarr_v4/compose/kasm.yml | 35 + archives/deployarr_v4/compose/kavita.yml | 30 + archives/deployarr_v4/compose/kometa.yml | 21 + archives/deployarr_v4/compose/lidarr.yml | 36 + archives/deployarr_v4/compose/maintainerr.yml | 29 + archives/deployarr_v4/compose/mariadb.yml | 26 + archives/deployarr_v4/compose/mosquitto.yml | 26 + archives/deployarr_v4/compose/mqttx-web.yml | 24 + archives/deployarr_v4/compose/navidrome.yml | 35 + archives/deployarr_v4/compose/netdata.yml | 27 + archives/deployarr_v4/compose/nextcloud.yml | 42 + archives/deployarr_v4/compose/node-red.yml | 25 + archives/deployarr_v4/compose/nzbget.yml | 34 + archives/deployarr_v4/compose/oauth.yml | 41 + archives/deployarr_v4/compose/ombi.yml | 30 + archives/deployarr_v4/compose/overseerr.yml | 29 + archives/deployarr_v4/compose/pgadmin.yml | 27 + archives/deployarr_v4/compose/phpmyadmin.yml | 30 + archives/deployarr_v4/compose/piwigo.yml | 30 + archives/deployarr_v4/compose/plex.yml | 48 ++ archives/deployarr_v4/compose/portainer.yml | 31 + archives/deployarr_v4/compose/postgresql.yml | 27 + archives/deployarr_v4/compose/prometheus.yml | 35 + archives/deployarr_v4/compose/prowlarr.yml | 30 + archives/deployarr_v4/compose/qbittorrent.yml | 25 + archives/deployarr_v4/compose/radarr.yml | 36 + archives/deployarr_v4/compose/readarr.yml | 36 + archives/deployarr_v4/compose/redis.yml | 24 + .../deployarr_v4/compose/resilio-sync.yml | 32 + archives/deployarr_v4/compose/sabnzbd.yml | 34 + archives/deployarr_v4/compose/scrutiny.yml | 26 + archives/deployarr_v4/compose/smokeping.yml | 30 + .../deployarr_v4/compose/socket-proxy.yml | 53 ++ archives/deployarr_v4/compose/sonarr.yml | 36 + .../compose/speedtest-tracker.yml | 36 + archives/deployarr_v4/compose/starter.yml | 25 + archives/deployarr_v4/compose/tautulli.yml | 30 + archives/deployarr_v4/compose/thelounge.yml | 29 + .../compose/traefik-access-log.yml | 13 + .../compose/traefik-certs-dumper.yml | 17 + .../compose/traefik-error-log.yml | 13 + archives/deployarr_v4/compose/traefik.yml | 95 +++ archives/deployarr_v4/compose/traefik2.yml | 94 +++ archives/deployarr_v4/compose/uptime-kuma.yml | 26 + archives/deployarr_v4/compose/vaultwarden.yml | 27 + archives/deployarr_v4/compose/vscode.yml | 37 + archives/deployarr_v4/compose/wg-easy.yml | 44 + .../includes/authelia/chain-authelia.yml | 8 + .../includes/authelia/configuration.yml | 95 +++ .../deployarr_v4/includes/authelia/duo.yml | 8 + .../authelia/middlewares-authelia.yml | 9 + .../deployarr_v4/includes/authelia/redis.yml | 6 + .../deployarr_v4/includes/authelia/users.yml | 15 + .../deployarr_v4/includes/authentik/email.env | 13 + .../includes/authentik/postgresql.sh | 8 + .../includes/dashy/starter-conf.yml | 45 + .../includes/ddns-updater/config.json | 13 + .../deployarr_v4/includes/devices_gpu.yml | 2 + .../includes/docker-gc/docker-gc-exclude | 9 + archives/deployarr_v4/includes/docker_aliases | 142 ++++ .../includes/docker_aliases_bashrc | 5 + .../includes/glances/glances.conf | 771 ++++++++++++++++++ .../includes/mariadb/db_create.sql | 5 + .../includes/mosquitto/mosquitto.conf | 15 + .../includes/oauth/chain-oauth.yml | 8 + .../includes/oauth/middlewares-oauth.yml | 8 + .../includes/oauth/oauth-secrets-template | 3 + .../includes/prometheus/prometheus.yml | 3 + .../includes/qbittorrent/qBittorrent.conf | 39 + .../rclone/rclone-mount-template.service | 43 + .../includes/rclone/rclone-template.conf | 6 + .../rclone/start-media-after-boot.service | 9 + .../includes/rclone/start-media-after-boot.sh | 57 ++ .../includes/scrutiny/scrutiny.yaml | 107 +++ .../includes/traefik/app-http-template.yml | 17 + .../traefik/app-https-ssc-template.yml | 22 + .../includes/traefik/chain-basic-auth.yml | 9 + .../includes/traefik/chain-no-auth.yml | 8 + .../traefik/domain-passthrough-template.yml | 14 + .../traefik/labels-auth-bypass-template.yml | 6 + .../traefik/middlewares-basic-auth.yml | 8 + .../traefik/middlewares-buffering.yml | 9 + .../includes/traefik/middlewares-compress.yml | 4 + .../traefik/middlewares-rate-limit.yml | 6 + .../traefik/middlewares-secure-headers.yml | 25 + .../includes/traefik/t2_proxy_network.yml | 8 + .../includes/traefik/t3_proxy_network.yml | 8 + .../includes/traefik/tls-opts.yml | 19 + .../deployarr_v4/includes/traefik/traefik.yml | 123 +++ .../traefik_global_secrets_template.yml | 4 + .../deployarr_v4/scripts/iptables-reset.sh | 29 + 123 files changed, 4249 insertions(+) create mode 100755 archives/deployarr_v4/compose/adminer.yml create mode 100755 archives/deployarr_v4/compose/airsonic-advanced.yml create mode 100755 archives/deployarr_v4/compose/authelia.yml create mode 100755 archives/deployarr_v4/compose/baikal.yml create mode 100755 archives/deployarr_v4/compose/bazarr.yml create mode 100755 archives/deployarr_v4/compose/cadvisor.yml create mode 100755 archives/deployarr_v4/compose/change-detection.yml create mode 100755 archives/deployarr_v4/compose/chromium.yml create mode 100755 archives/deployarr_v4/compose/custom.yml create mode 100755 archives/deployarr_v4/compose/cyberchef.yml create mode 100755 archives/deployarr_v4/compose/dashy.yml create mode 100755 archives/deployarr_v4/compose/ddns-updater.yml create mode 100755 archives/deployarr_v4/compose/deunhealth.yml create mode 100755 archives/deployarr_v4/compose/docker-gc.yml create mode 100755 archives/deployarr_v4/compose/dozzle.yml create mode 100755 archives/deployarr_v4/compose/flame.yml create mode 100755 archives/deployarr_v4/compose/freshrss.yml create mode 100755 archives/deployarr_v4/compose/glances.yml create mode 100755 archives/deployarr_v4/compose/gluetun.yml create mode 100755 archives/deployarr_v4/compose/grafana.yml create mode 100755 archives/deployarr_v4/compose/grocy.yml create mode 100644 archives/deployarr_v4/compose/guacamole.yml create mode 100755 archives/deployarr_v4/compose/guacd.yml create mode 100755 archives/deployarr_v4/compose/heimdall.yml create mode 100755 archives/deployarr_v4/compose/homarr.yml create mode 100755 archives/deployarr_v4/compose/homebridge.yml create mode 100755 archives/deployarr_v4/compose/homepage.yml create mode 100755 archives/deployarr_v4/compose/influxdb.yml create mode 100755 archives/deployarr_v4/compose/it-tools.yml create mode 100755 archives/deployarr_v4/compose/jackett.yml create mode 100755 archives/deployarr_v4/compose/jellyfin.yml create mode 100755 archives/deployarr_v4/compose/jellyseerr.yml create mode 100755 archives/deployarr_v4/compose/kasm.yml create mode 100755 archives/deployarr_v4/compose/kavita.yml create mode 100755 archives/deployarr_v4/compose/kometa.yml create mode 100755 archives/deployarr_v4/compose/lidarr.yml create mode 100755 archives/deployarr_v4/compose/maintainerr.yml create mode 100755 archives/deployarr_v4/compose/mariadb.yml create mode 100755 archives/deployarr_v4/compose/mosquitto.yml create mode 100755 archives/deployarr_v4/compose/mqttx-web.yml create mode 100755 archives/deployarr_v4/compose/navidrome.yml create mode 100755 archives/deployarr_v4/compose/netdata.yml create mode 100755 archives/deployarr_v4/compose/nextcloud.yml create mode 100755 archives/deployarr_v4/compose/node-red.yml create mode 100755 archives/deployarr_v4/compose/nzbget.yml create mode 100755 archives/deployarr_v4/compose/oauth.yml create mode 100755 archives/deployarr_v4/compose/ombi.yml create mode 100755 archives/deployarr_v4/compose/overseerr.yml create mode 100755 archives/deployarr_v4/compose/pgadmin.yml create mode 100755 archives/deployarr_v4/compose/phpmyadmin.yml create mode 100755 archives/deployarr_v4/compose/piwigo.yml create mode 100755 archives/deployarr_v4/compose/plex.yml create mode 100755 archives/deployarr_v4/compose/portainer.yml create mode 100755 archives/deployarr_v4/compose/postgresql.yml create mode 100755 archives/deployarr_v4/compose/prometheus.yml create mode 100755 archives/deployarr_v4/compose/prowlarr.yml create mode 100755 archives/deployarr_v4/compose/qbittorrent.yml create mode 100755 archives/deployarr_v4/compose/radarr.yml create mode 100755 archives/deployarr_v4/compose/readarr.yml create mode 100755 archives/deployarr_v4/compose/redis.yml create mode 100755 archives/deployarr_v4/compose/resilio-sync.yml create mode 100755 archives/deployarr_v4/compose/sabnzbd.yml create mode 100755 archives/deployarr_v4/compose/scrutiny.yml create mode 100755 archives/deployarr_v4/compose/smokeping.yml create mode 100755 archives/deployarr_v4/compose/socket-proxy.yml create mode 100755 archives/deployarr_v4/compose/sonarr.yml create mode 100755 archives/deployarr_v4/compose/speedtest-tracker.yml create mode 100755 archives/deployarr_v4/compose/starter.yml create mode 100755 archives/deployarr_v4/compose/tautulli.yml create mode 100755 archives/deployarr_v4/compose/thelounge.yml create mode 100755 archives/deployarr_v4/compose/traefik-access-log.yml create mode 100755 archives/deployarr_v4/compose/traefik-certs-dumper.yml create mode 100755 archives/deployarr_v4/compose/traefik-error-log.yml create mode 100755 archives/deployarr_v4/compose/traefik.yml create mode 100644 archives/deployarr_v4/compose/traefik2.yml create mode 100755 archives/deployarr_v4/compose/uptime-kuma.yml create mode 100755 archives/deployarr_v4/compose/vaultwarden.yml create mode 100755 archives/deployarr_v4/compose/vscode.yml create mode 100755 archives/deployarr_v4/compose/wg-easy.yml create mode 100644 archives/deployarr_v4/includes/authelia/chain-authelia.yml create mode 100644 archives/deployarr_v4/includes/authelia/configuration.yml create mode 100755 archives/deployarr_v4/includes/authelia/duo.yml create mode 100644 archives/deployarr_v4/includes/authelia/middlewares-authelia.yml create mode 100755 archives/deployarr_v4/includes/authelia/redis.yml create mode 100644 archives/deployarr_v4/includes/authelia/users.yml create mode 100755 archives/deployarr_v4/includes/authentik/email.env create mode 100755 archives/deployarr_v4/includes/authentik/postgresql.sh create mode 100755 archives/deployarr_v4/includes/dashy/starter-conf.yml create mode 100755 archives/deployarr_v4/includes/ddns-updater/config.json create mode 100755 archives/deployarr_v4/includes/devices_gpu.yml create mode 100755 archives/deployarr_v4/includes/docker-gc/docker-gc-exclude create mode 100644 archives/deployarr_v4/includes/docker_aliases create mode 100755 archives/deployarr_v4/includes/docker_aliases_bashrc create mode 100755 archives/deployarr_v4/includes/glances/glances.conf create mode 100755 archives/deployarr_v4/includes/mariadb/db_create.sql create mode 100755 archives/deployarr_v4/includes/mosquitto/mosquitto.conf create mode 100644 archives/deployarr_v4/includes/oauth/chain-oauth.yml create mode 100644 archives/deployarr_v4/includes/oauth/middlewares-oauth.yml create mode 100644 archives/deployarr_v4/includes/oauth/oauth-secrets-template create mode 100755 archives/deployarr_v4/includes/prometheus/prometheus.yml create mode 100755 archives/deployarr_v4/includes/qbittorrent/qBittorrent.conf create mode 100755 archives/deployarr_v4/includes/rclone/rclone-mount-template.service create mode 100755 archives/deployarr_v4/includes/rclone/rclone-template.conf create mode 100755 archives/deployarr_v4/includes/rclone/start-media-after-boot.service create mode 100755 archives/deployarr_v4/includes/rclone/start-media-after-boot.sh create mode 100755 archives/deployarr_v4/includes/scrutiny/scrutiny.yaml create mode 100755 archives/deployarr_v4/includes/traefik/app-http-template.yml create mode 100755 archives/deployarr_v4/includes/traefik/app-https-ssc-template.yml create mode 100644 archives/deployarr_v4/includes/traefik/chain-basic-auth.yml create mode 100644 archives/deployarr_v4/includes/traefik/chain-no-auth.yml create mode 100755 archives/deployarr_v4/includes/traefik/domain-passthrough-template.yml create mode 100755 archives/deployarr_v4/includes/traefik/labels-auth-bypass-template.yml create mode 100644 archives/deployarr_v4/includes/traefik/middlewares-basic-auth.yml create mode 100644 archives/deployarr_v4/includes/traefik/middlewares-buffering.yml create mode 100644 archives/deployarr_v4/includes/traefik/middlewares-compress.yml create mode 100644 archives/deployarr_v4/includes/traefik/middlewares-rate-limit.yml create mode 100644 archives/deployarr_v4/includes/traefik/middlewares-secure-headers.yml create mode 100755 archives/deployarr_v4/includes/traefik/t2_proxy_network.yml create mode 100755 archives/deployarr_v4/includes/traefik/t3_proxy_network.yml create mode 100644 archives/deployarr_v4/includes/traefik/tls-opts.yml create mode 100644 archives/deployarr_v4/includes/traefik/traefik.yml create mode 100755 archives/deployarr_v4/includes/traefik/traefik_global_secrets_template.yml create mode 100755 archives/deployarr_v4/scripts/iptables-reset.sh diff --git a/archives/deployarr_v4/compose/adminer.yml b/archives/deployarr_v4/compose/adminer.yml new file mode 100755 index 0000000..a19e2b6 --- /dev/null +++ b/archives/deployarr_v4/compose/adminer.yml @@ -0,0 +1,22 @@ +services: + # Adminer - Frontend for Various Databases (MariaDB, PostgreSQL, etc.) + adminer: + image: adminer:latest + container_name: adminer + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - default + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.adminer-rtr.entrypoints=websecure" + - "traefik.http.routers.adminer-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.adminer-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.adminer-rtr.service=adminer-svc" + - "traefik.http.services.adminer-svc.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/airsonic-advanced.yml b/archives/deployarr_v4/compose/airsonic-advanced.yml new file mode 100755 index 0000000..ab01958 --- /dev/null +++ b/archives/deployarr_v4/compose/airsonic-advanced.yml @@ -0,0 +1,35 @@ +services: + # Airsonic Advanced - Music Server + airsonic-advanced: + image: lscr.io/linuxserver/airsonic-advanced + container_name: airsonic-advanced + networks: + - t3_proxy + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + volumes: + - $DOCKERDIR/appdata/airsonic/podcasts:/data/podcasts + - $DOCKERDIR/appdata/airsonic/playlists:/data/playlists + - $DOCKERDIR/appdata/airsonic/config:/config + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + ports: + - "4040:4040" + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + JAVA_OPTS: '-Dserver.forward-headers-strategy=native' # optional - if you use a reverse-proxy + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.airsonic-advanced-rtr.entrypoints=websecure" + - "traefik.http.routers.airsonic-advanced-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.airsonic-advanced-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.airsonic-advanced-rtr.service=airsonic-advanced-svc" + - "traefik.http.services.airsonic-advanced-svc.loadbalancer.server.port=4040" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/authelia.yml b/archives/deployarr_v4/compose/authelia.yml new file mode 100755 index 0000000..0fc2bbb --- /dev/null +++ b/archives/deployarr_v4/compose/authelia.yml @@ -0,0 +1,41 @@ +services: + # Authelia (Lite) - Self-Hosted Single Sign-On and Two-Factor Authentication + authelia: + container_name: authelia + image: authelia/authelia:4.38.8 + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + - default + # ports: + # - "9091:9091" + volumes: + - $DOCKERDIR/appdata/authelia:/config + environment: + - TZ=$TZ + - PUID=$PUID + - PGID=$PGID + - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret + - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret + - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/authelia_storage_encryption_key + # - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/run/secrets/authelia_storage_mysql_password + # - AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/run/secrets/authelia_session_redis_password + # - AUTHELIA_DUO_API_INTEGRATION_KEY_FILE=/run/secrets/authelia_duo_api_integration_key + # - AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key + secrets: + - authelia_jwt_secret + - authelia_storage_encryption_key + - authelia_session_secret + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.authelia-rtr.entrypoints=websecure" + - "traefik.http.routers.authelia-rtr.rule=Host(`authelia.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.authelia-rtr.middlewares=chain-no-auth@file" # Should be chain-no-auth and not chain-authelia + ## HTTP Services + - "traefik.http.routers.authelia-rtr.service=authelia-svc" + - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/baikal.yml b/archives/deployarr_v4/compose/baikal.yml new file mode 100755 index 0000000..afdde38 --- /dev/null +++ b/archives/deployarr_v4/compose/baikal.yml @@ -0,0 +1,26 @@ +services: + # Baikal - Users, Address Books, Calendars + baikal: + image: ckulka/baikal:nginx + container_name: baikal + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "80:80" + volumes: + - $DOCKERDIR/appdata/baikal/config:/var/www/baikal/config + - $DOCKERDIR/appdata/baikal/data:/var/www/baikal/Specific + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.baikal-rtr.entrypoints=websecure" + - "traefik.http.routers.baikal-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.baikal-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.baikal-rtr.service=baikal-svc" + - "traefik.http.services.baikal-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/bazarr.yml b/archives/deployarr_v4/compose/bazarr.yml new file mode 100755 index 0000000..6c7f238 --- /dev/null +++ b/archives/deployarr_v4/compose/bazarr.yml @@ -0,0 +1,32 @@ +services: + # Bazarr - Subtitle Management + bazarr: + image: lscr.io/linuxserver/bazarr + container_name: bazarr + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "starr", "all"] + networks: + - t3_proxy + # ports: + # - "6767:6767" + volumes: + - $DOCKERDIR/appdata/bazarr:/config + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + # HTTP Routers Auth + - "traefik.http.routers.bazarr-rtr.entrypoints=websecure" + - "traefik.http.routers.bazarr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.bazarr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.bazarr-rtr.service=bazarr-svc" + - "traefik.http.services.bazarr-svc.loadbalancer.server.port=6767" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/cadvisor.yml b/archives/deployarr_v4/compose/cadvisor.yml new file mode 100755 index 0000000..7360bf5 --- /dev/null +++ b/archives/deployarr_v4/compose/cadvisor.yml @@ -0,0 +1,32 @@ +services: + # cAdvisor - Container Advisor + cadvisor: + container_name: cadvisor + image: gcr.io/cadvisor/cadvisor:latest + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "$CADVISOR_PORT:8080" + # privileged: true # Only needed for CentOS, Fedora, Red Hat, etc. + # devices: + # - /dev/kmsg + volumes: + - /:/rootfs:ro + - /var/run:/var/run:rw + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + - /dev/disk/:/dev/disk:ro + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.cadvisor-rtr.entrypoints=websecure" + - "traefik.http.routers.cadvisor-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.cadvisor-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.cadvisor-rtr.service=cadvisor-svc" + - "traefik.http.services.cadvisor-svc.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/change-detection.yml b/archives/deployarr_v4/compose/change-detection.yml new file mode 100755 index 0000000..69e45fa --- /dev/null +++ b/archives/deployarr_v4/compose/change-detection.yml @@ -0,0 +1,31 @@ +services: + # Change-Detection - Webpage Change Monitoring and Notification + change-detection: + image: lscr.io/linuxserver/changedetection.io:latest + container_name: change-detection + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "5000:5000" + volumes: + - $DOCKERDIR/appdata/change-detection:/config + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + BASE_URL: /change-detection #optional + # PLAYWRIGHT_DRIVER_URL: #optional + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.change-detection-rtr.entrypoints=websecure" + - "traefik.http.routers.change-detection-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.change-detection-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.change-detection-rtr.service=change-detection-svc" + - "traefik.http.services.change-detection-svc.loadbalancer.server.port=5000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/chromium.yml b/archives/deployarr_v4/compose/chromium.yml new file mode 100755 index 0000000..29c146d --- /dev/null +++ b/archives/deployarr_v4/compose/chromium.yml @@ -0,0 +1,33 @@ +services: + # Chromium - Web Browser + chromium: + image: lscr.io/linuxserver/chromium:latest + container_name: chromium + security_opt: + - no-new-privileges:true + - seccomp:unconfined #optional + restart: "unless-stopped" + profiles: ["apps", "all"] + shm_size: "1gb" + networks: + - t3_proxy + # ports: + # - 3000:3000 + # - 3001:3001 + volumes: + - $DOCKERDIR/appdata/chromium:/config + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + # CHROME_CLI: https://www.deployarr.app/ #optional + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.chromium-rtr.entrypoints=websecure" + - "traefik.http.routers.chromium-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.chromium-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.chromium-rtr.service=chromium-svc" + - "traefik.http.services.chromium-svc.loadbalancer.server.port=3000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/custom.yml b/archives/deployarr_v4/compose/custom.yml new file mode 100755 index 0000000..977665b --- /dev/null +++ b/archives/deployarr_v4/compose/custom.yml @@ -0,0 +1,4 @@ +# Add all your custom docker compose snippets here. Auto-Traefik will not modify this. +# Uncomment services and the compose below it, following yaml syntax. + +# services: diff --git a/archives/deployarr_v4/compose/cyberchef.yml b/archives/deployarr_v4/compose/cyberchef.yml new file mode 100755 index 0000000..4c6b62e --- /dev/null +++ b/archives/deployarr_v4/compose/cyberchef.yml @@ -0,0 +1,23 @@ +services: + # CyberChef - Encryption, encoding, compression and data analysis + cyberchef: + image: mpepping/cyberchef:latest + container_name: cyberchef + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - 8000:8000 + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.cyberchef-rtr.entrypoints=websecure" + - "traefik.http.routers.cyberchef-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.cyberchef-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.cyberchef-rtr.service=cyberchef-svc" + - "traefik.http.services.cyberchef-svc.loadbalancer.server.port=8000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/dashy.yml b/archives/deployarr_v4/compose/dashy.yml new file mode 100755 index 0000000..8ff5ef0 --- /dev/null +++ b/archives/deployarr_v4/compose/dashy.yml @@ -0,0 +1,36 @@ +services: + # Dashy - Application Dashboard + dashy: + container_name: dashy + image: lissy93/dashy + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + healthcheck: + test: ['CMD', 'node', '/app/services/healthcheck'] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s + # ports: + # - $DASHY_PORT:8080 + volumes: + - $DOCKERDIR/appdata/dashy/conf.yml:/app/public/conf.yml + - $DOCKERDIR/appdata/dashy/item-icons:/app/public/item-icons + environment: + - NODE_ENV=production + - UID=$PUID + - GID=$PGID + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.dashy-rtr.entrypoints=websecure" + - "traefik.http.routers.dashy-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.dashy-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.dashy-rtr.service=dashy-svc" + - "traefik.http.services.dashy-svc.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/ddns-updater.yml b/archives/deployarr_v4/compose/ddns-updater.yml new file mode 100755 index 0000000..02acb92 --- /dev/null +++ b/archives/deployarr_v4/compose/ddns-updater.yml @@ -0,0 +1,41 @@ +services: + # Cloudflare DDNS - Dynamic DNS Updater + ddns-updater: + image: qmcgaw/ddns-updater + container_name: ddns-updater + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + # ports: + # - 8000:8000/tcp + volumes: + - $DOCKERDIR/appdata/ddns-updater:/updater/data # Owned by UID 1000 + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + PERIOD: 12h + UPDATE_COOLDOWN_PERIOD: 5m + PUBLICIP_DNS_TIMEOUT: 3s + HTTP_TIMEOUT: 10s + # Web UI + LISTENING_PORT: 8000 + # Backup + BACKUP_PERIOD: 96h # 0 to disable + BACKUP_DIRECTORY: /updater/data/backups + # Other + LOG_LEVEL: info + # SHOUTRRR_ADDRESSES: $DISCORD_SHOUTRRR_ADDRESS + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.ddns-updater-rtr.entrypoints=websecure" + - "traefik.http.routers.ddns-updater-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.ddns-updater-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.ddns-updater-rtr.service=ddns-updater-svc" + - "traefik.http.services.ddns-updater-svc.loadbalancer.server.port=8000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/deunhealth.yml b/archives/deployarr_v4/compose/deunhealth.yml new file mode 100755 index 0000000..7eb7785 --- /dev/null +++ b/archives/deployarr_v4/compose/deunhealth.yml @@ -0,0 +1,16 @@ +services: + # DeUnhealth - Restart your unhealthy containers safely (e.g. containers depending on VPN and VPN reconnects) + deunhealth: + image: qmcgaw/deunhealth + container_name: deunhealth + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - socket_proxy + environment: + LOG_LEVEL: info + HEALTH_SERVER_ADDRESS: 127.0.0.1:9999 + TZ: $TZ + DOCKER_HOST: tcp://socket-proxy:2375 \ No newline at end of file diff --git a/archives/deployarr_v4/compose/docker-gc.yml b/archives/deployarr_v4/compose/docker-gc.yml new file mode 100755 index 0000000..0aaca94 --- /dev/null +++ b/archives/deployarr_v4/compose/docker-gc.yml @@ -0,0 +1,24 @@ +services: + # Docker-GC - Automatic Docker Garbage Collection + # Create docker-gc-exclude file + docker-gc: + image: clockworksoul/docker-gc-cron:latest + container_name: docker-gc + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - socket_proxy + volumes: + # - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security + - $DOCKERDIR/appdata/docker-gc/docker-gc-exclude:/etc/docker-gc-exclude + environment: + CRON: 0 0 0 * * ? # Everyday at midnight. Previously 0 0 * * * + FORCE_IMAGE_REMOVAL: 1 + FORCE_CONTAINER_REMOVAL: 0 + GRACE_PERIOD_SECONDS: 604800 + DRY_RUN: 0 + CLEAN_UP_VOLUMES: 1 + TZ: $TZ + DOCKER_HOST: tcp://socket-proxy:2375 \ No newline at end of file diff --git a/archives/deployarr_v4/compose/dozzle.yml b/archives/deployarr_v4/compose/dozzle.yml new file mode 100755 index 0000000..b92ffe6 --- /dev/null +++ b/archives/deployarr_v4/compose/dozzle.yml @@ -0,0 +1,32 @@ +services: + # Dozzle - Real-time Docker Log Viewer + dozzle: + image: amir20/dozzle:latest + container_name: dozzle + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - socket_proxy + # ports: + # - "8080:8080" + environment: + DOZZLE_LEVEL: info + DOZZLE_TAILSIZE: 300 + DOZZLE_FILTER: "status=running" + # DOZZLE_FILTER: "label=log_me" # limits logs displayed to containers with this label + DOCKER_HOST: tcp://socket-proxy:2375 + # volumes: + # - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.dozzle-rtr.entrypoints=websecure" + - "traefik.http.routers.dozzle-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.dozzle-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.dozzle-rtr.service=dozzle-svc" + - "traefik.http.services.dozzle-svc.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/flame.yml b/archives/deployarr_v4/compose/flame.yml new file mode 100755 index 0000000..94308fd --- /dev/null +++ b/archives/deployarr_v4/compose/flame.yml @@ -0,0 +1,29 @@ +services: + # Flame - Application Dashboard + flame: + image: pawelmalak/flame + container_name: flame + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - $FLAME_PORT:5005 + volumes: + - $DOCKERDIR/appdata/flame:/app/data + # - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration + environment: + PASSWORD: $FLAME_PASSWORD # optional but required for (1) + DOCKER_HOST: tcp://socket-proxy:2375 + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.flame-rtr.entrypoints=websecure" + - "traefik.http.routers.flame-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.flame-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.flame-rtr.service=flame-svc" + - "traefik.http.services.flame-svc.loadbalancer.server.port=5005" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/freshrss.yml b/archives/deployarr_v4/compose/freshrss.yml new file mode 100755 index 0000000..c2da779 --- /dev/null +++ b/archives/deployarr_v4/compose/freshrss.yml @@ -0,0 +1,29 @@ +services: + # FreshRSS - RSS News Reader + freshrss: + image: lscr.io/linuxserver/freshrss:latest + container_name: freshrss + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "$FRESHRSS_PORT:80" + volumes: + - $DOCKERDIR/appdata/freshrss:/config + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.freshrss-rtr.entrypoints=websecure" + - "traefik.http.routers.freshrss-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.freshrss-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.freshrss-rtr.service=freshrss-svc" + - "traefik.http.services.freshrss-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/glances.yml b/archives/deployarr_v4/compose/glances.yml new file mode 100755 index 0000000..73542e6 --- /dev/null +++ b/archives/deployarr_v4/compose/glances.yml @@ -0,0 +1,36 @@ +services: + # Glances - System Information + glances: + image: nicolargo/glances:latest-full + container_name: glances + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["monitoring", "all"] + # privileged: true # Only for VM + networks: + - t3_proxy + - socket_proxy + - default + # ports: + # - "61208:61208" + pid: host + volumes: + - $DOCKERDIR/appdata/glances/glances.conf:/glances/conf/glances.conf # Use this if you want to add a glances.conf file + - $DOCKERDIR:/data/docker:ro + # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security + environment: + # GLANCES_OPT: "-C /glances/conf/glances.conf --quiet --export influxdb" + # GLANCES_OPT: "--export influxdb" + GLANCES_OPT: "-w" + DOCKER_HOST: tcp://socket-proxy:2375 + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.glances-rtr.entrypoints=websecure" + - "traefik.http.routers.glances-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.glances-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.glances-rtr.service=glances-svc" + - "traefik.http.services.glances-svc.loadbalancer.server.port=61208" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/gluetun.yml b/archives/deployarr_v4/compose/gluetun.yml new file mode 100755 index 0000000..6e74871 --- /dev/null +++ b/archives/deployarr_v4/compose/gluetun.yml @@ -0,0 +1,32 @@ +services: + # Gluetun - VPN Client for Docker Containers and More + # Gluetun only for use by torrent clients + on demand lan devices. + # Arr apps do not need VPN (not recommended), unless you have ISP/country restrictions. + gluetun: + image: qmcgaw/gluetun + container_name: gluetun + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun + ports: + - "8091:8080" # qBittorrent DOCKER-HOST-IP:8091 + # - 8888:8888/tcp # HTTP proxy + # - 8388:8388/tcp # Shadowsocks + # - 8388:8388/udp # Shadowsocks + volumes: + - $DOCKERDIR/appdata/gluetun:/gluetun + environment: + TZ: $TZ + VPN_SERVICE_PROVIDER: $GLUETUN_VPN_SERVICE_PROVIDER + VPN_TYPE: $GLUETUN_VPN_TYPE # wireguard / openvpn + # WIREGUARD_PRIVATE_KEY: $GLUETUN_WIREGUARD_PRIVATE_KEY + # WIREGUARD_ADDRESSES: $GLUETUN_WIREGUARD_ADDRESSES + # OPENVPN_USER: $GLUETUN_OPENVPN_USERNAME + # OPENVPN_PASSWORD: $GLUETUN_OPENVPN_PASSWORD diff --git a/archives/deployarr_v4/compose/grafana.yml b/archives/deployarr_v4/compose/grafana.yml new file mode 100755 index 0000000..17051bc --- /dev/null +++ b/archives/deployarr_v4/compose/grafana.yml @@ -0,0 +1,28 @@ +services: + # Grafana - Graphical data visualization for InfluxDB data + grafana: + image: grafana/grafana:latest + container_name: grafana + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "3000:3000" + user: $PUID + volumes: + - $DOCKERDIR/appdata/grafana:/var/lib/grafana + environment: + GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel,cloudflare-app" + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.grafana-rtr.entrypoints=websecure" + - "traefik.http.routers.grafana-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.grafana-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.grafana-rtr.service=grafana-svc" + - "traefik.http.services.grafana-svc.loadbalancer.server.port=3000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/grocy.yml b/archives/deployarr_v4/compose/grocy.yml new file mode 100755 index 0000000..6ff7e68 --- /dev/null +++ b/archives/deployarr_v4/compose/grocy.yml @@ -0,0 +1,29 @@ +services: + # Grocy - ERP System for the Kitchen + grocy: + image: lscr.io/linuxserver/grocy:latest + container_name: grocy + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "$GROCY_PORT:80" + volumes: + - $DOCKERDIR/appdata/grocy:/config + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.grocy-rtr.entrypoints=websecure" + - "traefik.http.routers.grocy-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.grocy-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.grocy-rtr.service=grocy-svc" + - "traefik.http.services.grocy-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/guacamole.yml b/archives/deployarr_v4/compose/guacamole.yml new file mode 100644 index 0000000..fa957f7 --- /dev/null +++ b/archives/deployarr_v4/compose/guacamole.yml @@ -0,0 +1,35 @@ +services: + # Guacamole - Remote desktop, SSH, on Telnet on any HTML5 Browser + guacamole: + image: guacamole/guacamole:latest + container_name: guacamole + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - default + # ports: + # - "8080:8080" + environment: + GUACD_HOSTNAME: guacd + MYSQL_HOSTNAME: mariadb + MYSQL_PORT: 3306 + MYSQL_DATABASE: guacamole + MYSQL_USER_FILE: /run/secrets/guac_mysql_user + MYSQL_PASSWORD_FILE: /run/secrets/guac_mysql_password + secrets: + - guac_mysql_user + - guac_mysql_password + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.guacamole-rtr.entrypoints=websecure" + - "traefik.http.routers.guacamole-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.guacamole-rtr.middlewares=CHAIN-PLACEHOLDER@file,add-guacamole" + - "traefik.http.middlewares.add-guacamole.addPrefix.prefix=/guacamole" + # HTTP Services + - "traefik.http.routers.guacamole-rtr.service=guacamole-svc" + - "traefik.http.services.guacamole-svc.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/guacd.yml b/archives/deployarr_v4/compose/guacd.yml new file mode 100755 index 0000000..4722af9 --- /dev/null +++ b/archives/deployarr_v4/compose/guacd.yml @@ -0,0 +1,9 @@ +services: + # Guacamole Daemon - Needed for Guacamole + guacd: + image: guacamole/guacd + container_name: guacd + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] \ No newline at end of file diff --git a/archives/deployarr_v4/compose/heimdall.yml b/archives/deployarr_v4/compose/heimdall.yml new file mode 100755 index 0000000..3d7f6aa --- /dev/null +++ b/archives/deployarr_v4/compose/heimdall.yml @@ -0,0 +1,29 @@ +services: + # Heimdall - Application Dashboard + heimdall: + image: lscr.io/linuxserver/heimdall:latest + container_name: heimdall + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "$HEIMDALL_PORT:80" + volumes: + - $DOCKERDIR/appdata/heimdall:/config + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.heimdall-rtr.entrypoints=websecure" + - "traefik.http.routers.heimdall-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.heimdall-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.heimdall-rtr.service=heimdall-svc" + - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/homarr.yml b/archives/deployarr_v4/compose/homarr.yml new file mode 100755 index 0000000..28e71f9 --- /dev/null +++ b/archives/deployarr_v4/compose/homarr.yml @@ -0,0 +1,31 @@ +services: + # Homarr - Application Dashboard + homarr: + image: ghcr.io/ajnart/homarr:latest + container_name: homarr + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - socket_proxy + # ports: + # - "7575:7575" + volumes: + # - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration + - $DOCKERDIR/appdata/homarr/configs:/app/data/configs + - $DOCKERDIR/appdata/homarr/icons:/app/public/icons + - $DOCKERDIR/appdata/homarr/data:/data + environment: + DOCKER_HOST: tcp://socket-proxy:2375 + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.homarr-rtr.entrypoints=websecure" + - "traefik.http.routers.homarr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.homarr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.homarr-rtr.service=homarr-svc" + - "traefik.http.services.homarr-svc.loadbalancer.server.port=7575" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/homebridge.yml b/archives/deployarr_v4/compose/homebridge.yml new file mode 100755 index 0000000..d0d4e3e --- /dev/null +++ b/archives/deployarr_v4/compose/homebridge.yml @@ -0,0 +1,25 @@ +services: + # Homebridge - iOS HomeKit API + homebridge: + image: homebridge/homebridge:latest + container_name: homebridge + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + ports: + - "8581:8581" + volumes: + - $DOCKERDIR/appdata/homebridge:/homebridge + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.homebridge-rtr.entrypoints=websecure" + - "traefik.http.routers.homebridge-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.homebridge-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.homebridge-rtr.service=homebridge-svc" + - "traefik.http.services.homebridge-svc.loadbalancer.server.port=8581" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/homepage.yml b/archives/deployarr_v4/compose/homepage.yml new file mode 100755 index 0000000..33fd2a6 --- /dev/null +++ b/archives/deployarr_v4/compose/homepage.yml @@ -0,0 +1,30 @@ +services: + # Homepage - Application Dashboard + homepage: + image: ghcr.io/gethomepage/homepage:latest + container_name: homepage + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - socket_proxy + # ports: + # - "3000:3000" + volumes: + - $DOCKERDIR/appdata/homepage:/app/config + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.homepage-rtr.entrypoints=websecure" + - "traefik.http.routers.homepage-rtr.rule=Host(`$DOMAINNAME_1`) || Host(`www.$DOMAINNAME_1`) || Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" # Both domain.com and www.domain.com + ## Middlewares + - "traefik.http.routers.homepage-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.homepage-rtr.service=homepage-svc" + - "traefik.http.services.homepage-svc.loadbalancer.server.port=3000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/influxdb.yml b/archives/deployarr_v4/compose/influxdb.yml new file mode 100755 index 0000000..0f7ffb2 --- /dev/null +++ b/archives/deployarr_v4/compose/influxdb.yml @@ -0,0 +1,27 @@ +services: + # InfluxDB - Database for sensor data + influxdb: + image: influxdb:latest + container_name: influxdb + networks: + - t3_proxy + - default + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["dbs", "all"] + # ports: + # - "8086:8086" + volumes: + - $DOCKERDIR/appdata/influxdb2/config:/etc/influxdb2 + - $DOCKERDIR/appdata/influxdb2/db:/var/lib/influxdb2 + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.influxdb-rtr.entrypoints=websecure" + - "traefik.http.routers.influxdb-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.influxdb-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.influxdb-rtr.service=influxdb-svc" + - "traefik.http.services.influxdb-svc.loadbalancer.server.port=8086" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/it-tools.yml b/archives/deployarr_v4/compose/it-tools.yml new file mode 100755 index 0000000..a364e64 --- /dev/null +++ b/archives/deployarr_v4/compose/it-tools.yml @@ -0,0 +1,21 @@ +services: + # IT-Tools - Status Page & Monitoring Server + it-tools: + image: corentinth/it-tools + container_name: it-tools + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.it-tools-rtr.entrypoints=websecure" + - "traefik.http.routers.it-tools-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.it-tools-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.it-tools-rtr.service=it-tools-svc" + - "traefik.http.services.it-tools-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/jackett.yml b/archives/deployarr_v4/compose/jackett.yml new file mode 100755 index 0000000..a9831d3 --- /dev/null +++ b/archives/deployarr_v4/compose/jackett.yml @@ -0,0 +1,30 @@ +services: + # Jackett - Torrent proxy + jackett: + image: lscr.io/linuxserver/jackett:latest + container_name: jackett + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + networks: + - t3_proxy + ports: + - "9117:9117" + volumes: + - $DOCKERDIR/appdata/jackett:/config + - $DOWNLOADSDIR:/data/downloads + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.jackett-rtr.entrypoints=websecure" + - "traefik.http.routers.jackett-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.jackett-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.jackett-rtr.service=jackett-svc" + - "traefik.http.services.jackett-svc.loadbalancer.server.port=9117" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/jellyfin.yml b/archives/deployarr_v4/compose/jellyfin.yml new file mode 100755 index 0000000..af79ee9 --- /dev/null +++ b/archives/deployarr_v4/compose/jellyfin.yml @@ -0,0 +1,36 @@ +services: + # Jellyfin - Media Server + jellyfin: + image: jellyfin/jellyfin:latest + container_name: jellyfin + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + networks: + - t3_proxy + user: $PUID:$PGID + # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE + ports: + - "8096:8096" + # - "8920:8920" # Emby also uses same port if running both + environment: + UMASK_SET: 022 + TZ: $TZ + volumes: + - $DOCKERDIR/appdata/jellyfin:/config + - $DOWNLOADSDIR:/data/downloads + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + - /dev/shm:/data/transcode # Offload transcoding to RAM if you have enough RAM + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.jellyfin-rtr.entrypoints=websecure" + - "traefik.http.routers.jellyfin-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.jellyfin-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc" + - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/jellyseerr.yml b/archives/deployarr_v4/compose/jellyseerr.yml new file mode 100755 index 0000000..386c127 --- /dev/null +++ b/archives/deployarr_v4/compose/jellyseerr.yml @@ -0,0 +1,28 @@ +services: + # Jellyseerr - Media Requests and Discovery for Plex + jellyseerr: + image: fallenbagel/jellyseerr:latest + container_name: jellyseerr + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "$JELLYSEER_PORT:5055" + volumes: + - $DOCKERDIR/appdata/jellyseerr:/app/config + environment: + TZ: $TZ + LOG_LEVEL: info + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.jellyseerr-rtr.entrypoints=websecure" + - "traefik.http.routers.jellyseerr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.jellyseerr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.jellyseerr-rtr.service=jellyseerr-svc" + - "traefik.http.services.jellyseerr-svc.loadbalancer.server.port=5055" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/kasm.yml b/archives/deployarr_v4/compose/kasm.yml new file mode 100755 index 0000000..f3b7ddf --- /dev/null +++ b/archives/deployarr_v4/compose/kasm.yml @@ -0,0 +1,35 @@ +services: + # Kasm - Remote Workspaces + kasm: + image: lscr.io/linuxserver/kasm:latest + container_name: kasm + privileged: true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + ports: + - 7000:3000 + - 7443:443 + volumes: + - $DOCKERDIR/appdata/kasm/data:/opt + - $DOCKERDIR/appdata/kasm/profiles:/profiles #optional + - /dev/input:/dev/input #optional + - /run/udev/data:/run/udev/data #optional + environment: + TZ: $TZ + KASM_PORT: 443 + # DOCKER_HUB_USERNAME: USER #optional + # DOCKER_HUB_PASSWORD: PASS #optional + # DOCKER_MTU: 1500 #optional + UMASK: 022 + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.kasm-rtr.entrypoints=websecure" + - "traefik.http.routers.kasm-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.kasm-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.kasm-rtr.service=kasm-svc" + - "traefik.http.services.kasm-svc.loadbalancer.server.port=3000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/kavita.yml b/archives/deployarr_v4/compose/kavita.yml new file mode 100755 index 0000000..3fab1d1 --- /dev/null +++ b/archives/deployarr_v4/compose/kavita.yml @@ -0,0 +1,30 @@ +services: + # Kavita - Cross-platform Reading Server + kavita: + image: lscr.io/linuxserver/kavita:latest + container_name: kavita + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + networks: + - t3_proxy + # ports: + # - "$KAVITA_PORT:5000" + volumes: + - $DOCKERDIR/appdata/kavita:/config + - $BOOKSDIR:/data + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.kavita-rtr.entrypoints=websecure" + - "traefik.http.routers.kavita-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.kavita-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.kavita-rtr.service=kavita-svc" + - "traefik.http.services.kavita-svc.loadbalancer.server.port=5000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/kometa.yml b/archives/deployarr_v4/compose/kometa.yml new file mode 100755 index 0000000..dd586d9 --- /dev/null +++ b/archives/deployarr_v4/compose/kometa.yml @@ -0,0 +1,21 @@ +services: + # Kometa - Automatic Metadata Manager for Plex (formerly Plex Meta Mananger) + kometa: + image: lscr.io/linuxserver/kometa:latest + container_name: kometa + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + volumes: + - $DOCKERDIR/appdata/kometa:/config + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + KOMETA_CONFIG: /config/config.yml #optional + KOMETA_TIME: 03:00 #optional + KOMETA_RUN: False #optional + KOMETA_TEST: False #optional + KOMETA_NO_MISSING: False #optional + diff --git a/archives/deployarr_v4/compose/lidarr.yml b/archives/deployarr_v4/compose/lidarr.yml new file mode 100755 index 0000000..c77b5d7 --- /dev/null +++ b/archives/deployarr_v4/compose/lidarr.yml @@ -0,0 +1,36 @@ +services: + # Lidarr - Music Management + lidarr: + image: lscr.io/linuxserver/lidarr:latest + container_name: lidarr + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "starr", "all"] + networks: + - t3_proxy + ports: + - "8686:8686" + volumes: + - $DOCKERDIR/appdata/lidarr:/config + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + - $DOWNLOADSDIR:/data/downloads + - "/etc/localtime:/etc/localtime:ro" + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + # HTTP Routers Auth + - "traefik.http.routers.lidarr-rtr.entrypoints=websecure" + - "traefik.http.routers.lidarr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + - "traefik.http.routers.lidarr-rtr.priority=99" + # Middlewares + - "traefik.http.routers.lidarr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.lidarr-rtr.service=lidarr-svc" + - "traefik.http.services.lidarr-svc.loadbalancer.server.port=8686" + # AUTH-BYPASS-PLACEHOLDER-DO-NOT-DELETE \ No newline at end of file diff --git a/archives/deployarr_v4/compose/maintainerr.yml b/archives/deployarr_v4/compose/maintainerr.yml new file mode 100755 index 0000000..40a9591 --- /dev/null +++ b/archives/deployarr_v4/compose/maintainerr.yml @@ -0,0 +1,29 @@ +services: + # Maintainerr - Manage Plex Media + maintainerr: + image: ghcr.io/jorenn92/maintainerr:latest + container_name: maintainerr + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "6246:6246" + user: $PUID:$PGID + volumes: + - $DOCKERDIR/appdata/maintainerr:/opt/data + environment: + TZ: $TZ + DEBUG: true + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.maintainerr-rtr.entrypoints=websecure" + - "traefik.http.routers.maintainerr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.maintainerr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.maintainerr-rtr.service=maintainerr-svc" + - "traefik.http.services.maintainerr-svc.loadbalancer.server.port=6246" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/mariadb.yml b/archives/deployarr_v4/compose/mariadb.yml new file mode 100755 index 0000000..6a507eb --- /dev/null +++ b/archives/deployarr_v4/compose/mariadb.yml @@ -0,0 +1,26 @@ +services: + mariadb: + container_name: mariadb + image: mariadb:latest + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - default + ports: + - "3306:3306" + volumes: + - $DOCKERDIR/appdata/mariadb/data:/var/lib/mysql + - $DOCKERDIR/appdata/mariadb/config:/etc/mysql + environment: + MARIADB_ROOT_PASSWORD_FILE: /run/secrets/mysql_root_password + secrets: + - mysql_root_password + healthcheck: + test: [ "CMD", "healthcheck.sh", "--connect", "--innodb_initialized" ] + start_period: 1m + start_interval: 10s + interval: 1m + timeout: 5s + retries: 3 \ No newline at end of file diff --git a/archives/deployarr_v4/compose/mosquitto.yml b/archives/deployarr_v4/compose/mosquitto.yml new file mode 100755 index 0000000..3ec3992 --- /dev/null +++ b/archives/deployarr_v4/compose/mosquitto.yml @@ -0,0 +1,26 @@ +services: + # Mosquitto - MQTT Broker + # Create mosquitto.conf, passwd, mosquitto.log files and set permissions to 775 user:docker + # dexec mosquitto /bin/sh -> mosquitto_passwd -b /mosquitto/config/passwd username passwd + mosquitto: + container_name: mosquitto + image: eclipse-mosquitto:latest + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - default + ports: + - "1833:1883" #http + - "9001:9001" #websockets + volumes: + - $DOCKERDIR/appdata/mosquitto/config:/mosquitto/config + - $DOCKERDIR/appdata/mosquitto/data:/mosquitto/data + - $DOCKERDIR/appdata/mosquitto/log:/mosquitto/log + - $DOCKERDIR/appdata/mosquitto/config/mosquitto.conf:/mosquitto/config/mosquitto.conf + - $DOCKERDIR/appdata/mosquitto/config/passwd:/mosquitto/config/passwd + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ diff --git a/archives/deployarr_v4/compose/mqttx-web.yml b/archives/deployarr_v4/compose/mqttx-web.yml new file mode 100755 index 0000000..a35f0e6 --- /dev/null +++ b/archives/deployarr_v4/compose/mqttx-web.yml @@ -0,0 +1,24 @@ +services: + # MQTTX Web - Browser-based MQTT WebSocket client + mqttx-web: + image: emqx/mqttx-web:latest + container_name: mqttx-web + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["apps", "all"] + networks: + - t3_proxy + - default + # ports: + # - "80:80" + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.mqttx-web-rtr.entrypoints=websecure" + - "traefik.http.routers.mqttx-web-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.mqttx-web-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.mqttx-web-rtr.service=mqttx-web-svc" + - "traefik.http.services.mqttx-web-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/navidrome.yml b/archives/deployarr_v4/compose/navidrome.yml new file mode 100755 index 0000000..a60f0b2 --- /dev/null +++ b/archives/deployarr_v4/compose/navidrome.yml @@ -0,0 +1,35 @@ +services: + # Navidrome - Music Server + navidrome: + image: deluan/navidrome:latest + container_name: navidrome + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + networks: + - t3_proxy + ports: + - "4533:4533" + user: $PUID:$PGID + volumes: + - $DOCKERDIR/appdata/navidrome:/data + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + environment: + - TZ=$TZ + - ND_SCANSCHEDULE=1h + - ND_LOGLEVEL=info + - ND_SESSIONTIMEOUT=24h + - ND_REVERSEPROXYWHITELIST="0.0.0.0/0" + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.navidrome-rtr.entrypoints=websecure" + - "traefik.http.routers.navidrome-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.navidrome-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.navidrome-rtr.service=navidrome-svc" + - "traefik.http.services.navidrome-svc.loadbalancer.server.port=4533" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/netdata.yml b/archives/deployarr_v4/compose/netdata.yml new file mode 100755 index 0000000..771f724 --- /dev/null +++ b/archives/deployarr_v4/compose/netdata.yml @@ -0,0 +1,27 @@ +services: + # Netdata - System Monitoring + netdata: + image: netdata/netdata + container_name: netdata + pid: host + network_mode: host + restart: unless-stopped + profiles: ["monitoring", "all"] + cap_add: + - SYS_PTRACE + - SYS_ADMIN + security_opt: + - apparmor:unconfined + volumes: + - $DOCKERDIR/appdata/netdata/config:/etc/netdata + - $DOCKERDIR/appdata/netdata/lib:/var/lib/netdata + - $DOCKERDIR/appdata/netdata/cache:/var/cache/netdata + - /:/host/root:ro,rslave + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /etc/localtime:/etc/localtime:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro + - /var/log:/host/var/log:ro + - /var/run/docker.sock:/var/run/docker.sock:ro \ No newline at end of file diff --git a/archives/deployarr_v4/compose/nextcloud.yml b/archives/deployarr_v4/compose/nextcloud.yml new file mode 100755 index 0000000..1a09e31 --- /dev/null +++ b/archives/deployarr_v4/compose/nextcloud.yml @@ -0,0 +1,42 @@ +services: + # Nextcloud - Content Collaboration + nextcloud: + image: nextcloud + container_name: nextcloud + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - default + # ports: + # - "8085:80" + volumes: + - $DOCKERDIR/appdata/nextcloud:/var/www/html + - $NEXTCLOUD_FOLDER:/var/www/html/data + environment: + MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_mariadb_password + MYSQL_DATABASE: nextcloud + MYSQL_USER_FILE: /run/secrets/nextcloud_mariadb_user + MYSQL_HOST: mariadb + REDIS_HOST: redis + REDIS_HOST_PASSWORD: $REDIS_PASSWORD + NEXTCLOUD_ADMIN_USER_FILE: /run/secrets/nextcloud_admin_user + NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/nextcloud_admin_password + NEXTCLOUD_TRUSTED_DOMAINS: SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 + secrets: + - nextcloud_mariadb_password + - nextcloud_mariadb_user + - nextcloud_admin_user + - nextcloud_admin_password + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.nextcloud-rtr.entrypoints=websecure" + - "traefik.http.routers.nextcloud-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.nextcloud-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.nextcloud-rtr.service=nextcloud-svc" + - "traefik.http.services.nextcloud-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/node-red.yml b/archives/deployarr_v4/compose/node-red.yml new file mode 100755 index 0000000..e0de91e --- /dev/null +++ b/archives/deployarr_v4/compose/node-red.yml @@ -0,0 +1,25 @@ +services: + # Node-RED - Programming for event-driven applications + node-red: + image: nodered/node-red + container_name: node-red + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "1880:1880" + volumes: + - $DOCKERDIR/appdata/node-red:/data + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.node-red-rtr.entrypoints=websecure" + - "traefik.http.routers.node-red-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.node-red-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.node-red-rtr.service=node-red-svc" + - "traefik.http.services.node-red-svc.loadbalancer.server.port=1880" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/nzbget.yml b/archives/deployarr_v4/compose/nzbget.yml new file mode 100755 index 0000000..9f90382 --- /dev/null +++ b/archives/deployarr_v4/compose/nzbget.yml @@ -0,0 +1,34 @@ +services: + # NZBGet - Binary newsgrabber (NZB downloader) + nzbget: + image: nzbgetcom/nzbget:latest + container_name: nzbget + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "downloads", "all"] + networks: + - t3_proxy + ports: + - "6789:6789" + volumes: + - $DOCKERDIR/appdata/nzbget:/config + - $DOWNLOADSDIR:/data/downloads + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + # NZBGET_USER: nzbget #optional + # NZBGET_PASS: tegbzn6789 #optional + labels: + - "traefik.enable=true" + # HTTP Routers Auth + - "traefik.http.routers.nzbget-rtr.entrypoints=websecure" + - "traefik.http.routers.nzbget-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + - "traefik.http.routers.nzbget-rtr.priority=99" + # Middlewares + - "traefik.http.routers.nzbget-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.nzbget-rtr.service=nzbget-svc" + - "traefik.http.services.nzbget-svc.loadbalancer.server.port=6789" + # AUTH-BYPASS-PLACEHOLDER-DO-NOT-DELETE \ No newline at end of file diff --git a/archives/deployarr_v4/compose/oauth.yml b/archives/deployarr_v4/compose/oauth.yml new file mode 100755 index 0000000..7296a60 --- /dev/null +++ b/archives/deployarr_v4/compose/oauth.yml @@ -0,0 +1,41 @@ +services: + # Google OAuth - Single Sign On using OAuth 2.0 + oauth: + container_name: oauth + image: thomseddon/traefik-forward-auth:latest + # image: thomseddon/traefik-forward-auth:2.1-arm # Use this image with Raspberry Pi + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + # Allow apps to bypass OAuth. Radarr example below will bypass OAuth if API key is present in the request (eg. from NZB360 mobile app). + # While this is one way, the recommended way is to bypass authentication using Traefik labels shown in some of the apps later. + # command: --rule.radarr.action=allow --rule.radarr.rule="Header(`X-Api-Key`, `$RADARR_API_KEY`)" + # command: --rule.sabnzbd.action=allow --rule.sabnzbd.rule="HeaderRegexp(`X-Forwarded-Uri`, `$SABNZBD_API_KEY`)" + environment: + - CONFIG=/config + - COOKIE_DOMAIN=$DOMAINNAME_1 + - INSECURE_COOKIE=false + - AUTH_HOST=oauth.$DOMAINNAME_1 + - URL_PATH=/_oauth + - LOG_LEVEL=info + - LOG_FORMAT=text + - LIFETIME=86400 # 1 day + - DEFAULT_ACTION=auth + - DEFAULT_PROVIDER=google + secrets: + - source: oauth_secrets + target: /config + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.oauth-rtr.tls=true" + - "traefik.http.routers.oauth-rtr.entrypoints=websecure" + - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.oauth-rtr.middlewares=chain-oauth@file" + # HTTP Services + - "traefik.http.routers.oauth-rtr.service=oauth-svc" + - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/ombi.yml b/archives/deployarr_v4/compose/ombi.yml new file mode 100755 index 0000000..d352612 --- /dev/null +++ b/archives/deployarr_v4/compose/ombi.yml @@ -0,0 +1,30 @@ +services: + # Ombi - Media Requests for Plex and Emby + ombi: + image: lscr.io/linuxserver/ombi:latest + container_name: ombi + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + ports: + - "3579:3579" + volumes: + - $DOCKERDIR/appdata/ombi:/config + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + BASE_URL: /ombi #optional + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.ombi-rtr.entrypoints=websecure" + - "traefik.http.routers.ombi-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.ombi-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.ombi-rtr.service=ombi-svc" + - "traefik.http.services.ombi-svc.loadbalancer.server.port=3579" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/overseerr.yml b/archives/deployarr_v4/compose/overseerr.yml new file mode 100755 index 0000000..fa36fac --- /dev/null +++ b/archives/deployarr_v4/compose/overseerr.yml @@ -0,0 +1,29 @@ +services: + # Overseerr - Media Requests and Discovery for Plex + overseerr: + image: lscr.io/linuxserver/overseerr:latest + container_name: overseerr + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "$OVERSEERR_PORT:5055" + volumes: + - $DOCKERDIR/appdata/overseerr:/config + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.overseerr-rtr.entrypoints=websecure" + - "traefik.http.routers.overseerr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.overseerr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.overseerr-rtr.service=overseerr-svc" + - "traefik.http.services.overseerr-svc.loadbalancer.server.port=5055" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/pgadmin.yml b/archives/deployarr_v4/compose/pgadmin.yml new file mode 100755 index 0000000..482fa30 --- /dev/null +++ b/archives/deployarr_v4/compose/pgadmin.yml @@ -0,0 +1,27 @@ +services: + # pgAdmin - PostgreSQL Administration + pgadmin: + image: dpage/pgadmin4 + container_name: pgadmin + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - default + # ports: + # - "$PGADMIN_PORT:80" + volumes: + - $DOCKERDIR/appdata/pgadmin:/var/lib/pgadmin + environment: + PGADMIN_DEFAULT_EMAIL: $PGADMIN_ADMIN_EMAIL + PGADMIN_DEFAULT_PASSWORD: $PGADMIN_ADMIN_PASSWORD + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.pgadmin-rtr.entrypoints=websecure" + - "traefik.http.routers.pgadmin-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.pgadmin-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.pgadmin-rtr.service=pgadmin-svc" + - "traefik.http.services.pgadmin-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/phpmyadmin.yml b/archives/deployarr_v4/compose/phpmyadmin.yml new file mode 100755 index 0000000..ab2f104 --- /dev/null +++ b/archives/deployarr_v4/compose/phpmyadmin.yml @@ -0,0 +1,30 @@ +services: + # phpMyAdmin - Database management + # Create a new user with admin privileges. Cannot login as MySQL root for some reason. + phpmyadmin: + image: phpmyadmin/phpmyadmin:latest + container_name: phpmyadmin + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + - default + environment: + - PMA_HOST=mariadb + - PMA_PORT=3306 + #- PMA_ARBITRARY=1 + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password + secrets: + - mysql_root_password + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.phpmyadmin-rtr.entrypoints=websecure" + - "traefik.http.routers.phpmyadmin-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.phpmyadmin-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.phpmyadmin-rtr.service=phpmyadmin-svc" + - "traefik.http.services.phpmyadmin-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/piwigo.yml b/archives/deployarr_v4/compose/piwigo.yml new file mode 100755 index 0000000..a901c48 --- /dev/null +++ b/archives/deployarr_v4/compose/piwigo.yml @@ -0,0 +1,30 @@ +services: + # Piwigo - Photo Management + piwigo: + image: lscr.io/linuxserver/piwigo:latest + container_name: piwigo + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "80:80" + volumes: + - $DOCKERDIR/appdata/piwigo/config:/config + - $DOCKERDIR/appdata/piwigo/gallery:/gallery + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.piwigo-rtr.entrypoints=websecure" + - "traefik.http.routers.piwigo-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.piwigo-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.piwigo-rtr.service=piwigo-svc" + - "traefik.http.services.piwigo-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/plex.yml b/archives/deployarr_v4/compose/plex.yml new file mode 100755 index 0000000..395ebc9 --- /dev/null +++ b/archives/deployarr_v4/compose/plex.yml @@ -0,0 +1,48 @@ +services: + # Plex - Media Server + plex: + image: plexinc/pms-docker:latest + container_name: plex + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + networks: + - t3_proxy + ports: + - "32400:32400/tcp" + - "3005:3005/tcp" + - "8324:8324/tcp" + - "32469:32469/tcp" + - "1900:1900/udp" + - "32410:32410/udp" + - "32412:32412/udp" + - "32413:32413/udp" + - "32414:32414/udp" + # DEVICES-GPU-PLACEHOLDER-DO-NOT-DELETE + volumes: + - $DOCKERDIR/appdata/plex:/config + - $DOWNLOADSDIR:/data/downloads + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + - /dev/shm:/transcode + environment: + TZ: $TZ + HOSTNAME: $PLEX_SERVER_NAME + PLEX_CLAIM_FILE: /run/secrets/plex_claim + PLEX_UID: $PUID + PLEX_GID: $PGID + ADVERTISE_IP: "http://$SERVER_LAN_IP:32400/,https://SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1/" + secrets: + - plex_claim + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.plex-rtr.entrypoints=websecure" + - "traefik.http.routers.plex-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.plex-rtr.middlewares=chain-no-auth@file" + # HTTP Services + - "traefik.http.routers.plex-rtr.service=plex-svc" + - "traefik.http.services.plex-svc.loadbalancer.server.port=32400" diff --git a/archives/deployarr_v4/compose/portainer.yml b/archives/deployarr_v4/compose/portainer.yml new file mode 100755 index 0000000..261f2d8 --- /dev/null +++ b/archives/deployarr_v4/compose/portainer.yml @@ -0,0 +1,31 @@ +services: + # Portainer - WebUI for Containers + portainer: + container_name: portainer + image: portainer/portainer-ce:latest + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + - socket_proxy + # command: -H unix:///var/run/docker.sock # Use Docker Socket Proxy instead for improved security + command: -H tcp://socket-proxy:2375 + # ports: # For access from local network using enable this ports block. + # - "9000:9000" # Port 9000 must be free on the Docker host. + volumes: + # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security + - $DOCKERDIR/appdata/portainer/data:/data + environment: + - TZ=$TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.portainer-rtr.entrypoints=websecure" + - "traefik.http.routers.portainer-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.portainer-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.portainer-rtr.service=portainer-svc" + - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/postgresql.yml b/archives/deployarr_v4/compose/postgresql.yml new file mode 100755 index 0000000..61b793b --- /dev/null +++ b/archives/deployarr_v4/compose/postgresql.yml @@ -0,0 +1,27 @@ +services: + # PostgreSQL - Database + postgresql: + container_name: postgresql + image: postgres:16-alpine + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + # healthcheck: + # test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + # start_period: 20s + # interval: 30s + # retries: 5 + # timeout: 5s + networks: + - default + ports: + - "5432:5432" + volumes: + - $DOCKERDIR/appdata/postgresql:/var/lib/postgresql/data + environment: + # - POSTGRES_DB=$POSTGRES_DB + - POSTGRES_USER=$POSTGRES_USER + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_default_passwd + secrets: + - postgres_default_passwd \ No newline at end of file diff --git a/archives/deployarr_v4/compose/prometheus.yml b/archives/deployarr_v4/compose/prometheus.yml new file mode 100755 index 0000000..7b36d80 --- /dev/null +++ b/archives/deployarr_v4/compose/prometheus.yml @@ -0,0 +1,35 @@ +services: + # Prometheus - Database for sensor data + prometheus: + image: prom/prometheus:latest + container_name: prometheus + networks: + - t3_proxy + - default + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["dbs", "all"] + # ports: + # - "9090:9090" + volumes: + - $DOCKERDIR/appdata/prometheus/config:/etc/prometheus + - $DOCKERDIR/appdata/prometheus/data:/prometheus + user: $PUID:$PGID + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/usr/share/prometheus/console_libraries' + - '--web.console.templates=/usr/share/prometheus/consoles' + - '--web.enable-lifecycle' + - '--web.enable-admin-api' + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.prometheus-rtr.entrypoints=websecure" + - "traefik.http.routers.prometheus-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.prometheus-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.prometheus-rtr.service=prometheus-svc" + - "traefik.http.services.prometheus-svc.loadbalancer.server.port=9090" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/prowlarr.yml b/archives/deployarr_v4/compose/prowlarr.yml new file mode 100755 index 0000000..1f2e0af --- /dev/null +++ b/archives/deployarr_v4/compose/prowlarr.yml @@ -0,0 +1,30 @@ +services: + # Prowlarr - Index Manager + prowlarr: + image: ghcr.io/linuxserver/prowlarr:develop + container_name: prowlarr + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "starr", "all"] + networks: + - t3_proxy + # ports: + # - "9696:9696" + volumes: + - $DOCKERDIR/appdata/prowlarr:/config + - "/etc/localtime:/etc/localtime:ro" + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.prowlarr-rtr.entrypoints=websecure" + - "traefik.http.routers.prowlarr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + # Middlewares + - "traefik.http.routers.prowlarr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.prowlarr-rtr.service=prowlarr-svc" + - "traefik.http.services.prowlarr-svc.loadbalancer.server.port=9696" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/qbittorrent.yml b/archives/deployarr_v4/compose/qbittorrent.yml new file mode 100755 index 0000000..086ab37 --- /dev/null +++ b/archives/deployarr_v4/compose/qbittorrent.yml @@ -0,0 +1,25 @@ +services: + # qBittorrent - Torrent downloader + qbittorrent: + image: lscr.io/linuxserver/qbittorrent:latest + container_name: qbittorrent + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "downloads", "all"] + network_mode: "service:gluetun" + volumes: + - $DOCKERDIR/appdata/qbittorrent:/config + - $DOWNLOADSDIR:/data/downloads # Ensure that downloads folder is set to /data/downloads in qBittorrent + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + UMASK_SET: 002 + healthcheck: # https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220 + test: "curl -sf https://example.com || exit 1" + interval: 1m + timeout: 10s + retries: 1 + labels: # Traefik labels added via file provider app-qbittorrent.yml in rules folder + - "deunhealth.restart.on.unhealthy=true" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/radarr.yml b/archives/deployarr_v4/compose/radarr.yml new file mode 100755 index 0000000..af91a0f --- /dev/null +++ b/archives/deployarr_v4/compose/radarr.yml @@ -0,0 +1,36 @@ +services: + # Radarr - Movies Management + radarr: + image: lscr.io/linuxserver/radarr:latest + container_name: radarr + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "starr", "all"] + networks: + - t3_proxy + ports: + - "7878:7878" + volumes: + - $DOCKERDIR/appdata/radarr:/config + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + - $DOWNLOADSDIR:/data/downloads + - "/etc/localtime:/etc/localtime:ro" + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + # HTTP Routers Auth + - "traefik.http.routers.radarr-rtr.entrypoints=websecure" + - "traefik.http.routers.radarr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + - "traefik.http.routers.radarr-rtr.priority=99" + # Middlewares + - "traefik.http.routers.radarr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.radarr-rtr.service=radarr-svc" + - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878" + # AUTH-BYPASS-PLACEHOLDER-DO-NOT-DELETE \ No newline at end of file diff --git a/archives/deployarr_v4/compose/readarr.yml b/archives/deployarr_v4/compose/readarr.yml new file mode 100755 index 0000000..a47329f --- /dev/null +++ b/archives/deployarr_v4/compose/readarr.yml @@ -0,0 +1,36 @@ +services: + # Readarr - eBooks Management + readarr: + image: lscr.io/linuxserver/readarr:develop + container_name: readarr + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "starr", "all"] + networks: + - t3_proxy + ports: + - "8787:8787" + volumes: + - $DOCKERDIR/appdata/readarr:/config + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + - $DOWNLOADSDIR:/data/downloads + - "/etc/localtime:/etc/localtime:ro" + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + # HTTP Routers Auth + - "traefik.http.routers.readarr-rtr.entrypoints=websecure" + - "traefik.http.routers.readarr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + - "traefik.http.routers.readarr-rtr.priority=99" + # Middlewares + - "traefik.http.routers.readarr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.readarr-rtr.service=readarr-svc" + - "traefik.http.services.readarr-svc.loadbalancer.server.port=8787" + # AUTH-BYPASS-PLACEHOLDER-DO-NOT-DELETE \ No newline at end of file diff --git a/archives/deployarr_v4/compose/redis.yml b/archives/deployarr_v4/compose/redis.yml new file mode 100755 index 0000000..e28b109 --- /dev/null +++ b/archives/deployarr_v4/compose/redis.yml @@ -0,0 +1,24 @@ +services: + # Redis - Key-value Store + redis: + container_name: redis + image: redis:latest + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + networks: + - default + entrypoint: redis-server --appendonly yes --requirepass $REDIS_PASSWORD --save 60 1 --loglevel warning + ports: + - "6379:6379" + volumes: + - $DOCKERDIR/appdata/redis/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro \ No newline at end of file diff --git a/archives/deployarr_v4/compose/resilio-sync.yml b/archives/deployarr_v4/compose/resilio-sync.yml new file mode 100755 index 0000000..f5c9551 --- /dev/null +++ b/archives/deployarr_v4/compose/resilio-sync.yml @@ -0,0 +1,32 @@ +services: + # Resilio Sync - File Sync using BitTorrent Protocol + resilio-sync: + image: lscr.io/linuxserver/resilio-sync:latest + container_name: resilio-sync + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["apps", "all"] + networks: + - t3_proxy + ports: + - 8888:8888 + - 55555:55555 + volumes: + - $DOCKERDIR/appdata/resilio-sync/config:/config + - $DOWNLOADSDIR:/downloads + - $DOCKERDIR/appdata/resilio-sync/data:/sync # Change $DOCKERDIR/appdata/resilio-sync/data to your data folder + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.resilio-sync-rtr.entrypoints=websecure" + - "traefik.http.routers.resilio-sync-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.resilio-sync-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.resilio-sync-rtr.service=resilio-sync-svc" + - "traefik.http.services.resilio-sync-svc.loadbalancer.server.port=8888" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/sabnzbd.yml b/archives/deployarr_v4/compose/sabnzbd.yml new file mode 100755 index 0000000..0f8016e --- /dev/null +++ b/archives/deployarr_v4/compose/sabnzbd.yml @@ -0,0 +1,34 @@ +services: + # SABnzbd - Binary newsgrabber (NZB downloader) + # Disable SABNnzbd's built-in HTTPS support for traefik proxy to work + sabnzbd: + image: lscr.io/linuxserver/sabnzbd:latest + container_name: sabnzbd + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "downloads", "all"] + networks: + - t3_proxy + ports: + - "8090:8080" # DOCKER-HOST-IP:8090 + volumes: + - $DOCKERDIR/appdata/sabnzbd:/config + - $DOWNLOADSDIR:/data/downloads + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + UMASK_SET: 002 + labels: + - "traefik.enable=true" + # HTTP Routers Auth + - "traefik.http.routers.sabnzbd-rtr.entrypoints=websecure" + - "traefik.http.routers.sabnzbd-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + - "traefik.http.routers.sabnzbd-rtr.priority=99" + # Middlewares + - "traefik.http.routers.sabnzbd-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.sabnzbd-rtr.service=sabnzbd-svc" + - "traefik.http.services.sabnzbd-svc.loadbalancer.server.port=8080" + # AUTH-BYPASS-PLACEHOLDER-DO-NOT-DELETE \ No newline at end of file diff --git a/archives/deployarr_v4/compose/scrutiny.yml b/archives/deployarr_v4/compose/scrutiny.yml new file mode 100755 index 0000000..13fba35 --- /dev/null +++ b/archives/deployarr_v4/compose/scrutiny.yml @@ -0,0 +1,26 @@ +services: + # Scrutiny - WebUI for smartd S.M.A.R.T monitoring + scrutiny: + image: ghcr.io/analogj/scrutiny:master-web + container_name: scrutiny + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + - default + # ports: + # - 8080:8080 + volumes: + - $DOCKERDIR/appdata/scrutiny:/opt/scrutiny/config + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.scrutiny-rtr.entrypoints=websecure" + - "traefik.http.routers.scrutiny-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.scrutiny-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.scrutiny-rtr.service=scrutiny-svc" + - "traefik.http.services.scrutiny-svc.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/smokeping.yml b/archives/deployarr_v4/compose/smokeping.yml new file mode 100755 index 0000000..b6178cb --- /dev/null +++ b/archives/deployarr_v4/compose/smokeping.yml @@ -0,0 +1,30 @@ +services: + # SmokePing - Network latency Monitoring + smokeping: + image: lscr.io/linuxserver/smokeping:latest + container_name: smokeping + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - "$SMOKEPING_PORT:80" + volumes: + - $DOCKERDIR/appdata/smokeping/config:/config + - $DOCKERDIR/appdata/smokeping/data:/data + environment: + PUID: $PUID + PGID: $PGID + TZ: $TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.smokeping-rtr.entrypoints=websecure" + - "traefik.http.routers.smokeping-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.smokeping-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.smokeping-rtr.service=smokeping-svc" + - "traefik.http.services.smokeping-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/socket-proxy.yml b/archives/deployarr_v4/compose/socket-proxy.yml new file mode 100755 index 0000000..a53cbbe --- /dev/null +++ b/archives/deployarr_v4/compose/socket-proxy.yml @@ -0,0 +1,53 @@ +services: + # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket + socket-proxy: + image: lscr.io/linuxserver/socket-proxy:latest + container_name: socket-proxy + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + socket_proxy: + ipv4_address: 192.168.91.254 # You can specify a static IP + # privileged: true # true for VM. False (default) for unprivileged LXC container. + # ports: + #- "2375:2375" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + read_only: true + tmpfs: + - /run + environment: + - LOG_LEVEL=warning # debug,info,notice,warning,err,crit,alert,emerg + - ALLOW_START=0 #optional + - ALLOW_STOP=0 #optional + - ALLOW_RESTARTS=0 #optional + ## Granted by Default + - EVENTS=1 + - PING=1 + - VERSION=1 + ## Revoked by Default + # Security critical + - AUTH=0 + - SECRETS=0 + - POST=1 # Watchtower + # Not always needed + - BUILD=0 + - COMMIT=0 + - CONFIGS=0 + - CONTAINERS=1 # Traefik, portainer, etc. + - DISTRIBUTION=0 + - EXEC=0 + - IMAGES=1 # Portainer + - INFO=1 # Portainer + - NETWORKS=1 # Portainer + - NODES=0 + - PLUGINS=0 + - SERVICES=1 # Portainer + - SESSION=0 + - SWARM=0 + - SYSTEM=0 + - TASKS=1 # Portainer + - VOLUMES=1 # Portainer + - DISABLE_IPV6=0 #optional \ No newline at end of file diff --git a/archives/deployarr_v4/compose/sonarr.yml b/archives/deployarr_v4/compose/sonarr.yml new file mode 100755 index 0000000..604b9f9 --- /dev/null +++ b/archives/deployarr_v4/compose/sonarr.yml @@ -0,0 +1,36 @@ +services: + # Sonarr - TV Shows Management + sonarr: + image: lscr.io/linuxserver/sonarr:develop + container_name: sonarr + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "starr", "all"] + networks: + - t3_proxy + ports: + - "8989:8989" + volumes: + - $DOCKERDIR/appdata/sonarr:/config + # - $MEDIADIR1:/data/media1 + # - $MEDIADIR2:/data/media2 + # - $MEDIADIR3:/data/media3 + - $DOWNLOADSDIR:/data/downloads + - "/etc/localtime:/etc/localtime:ro" + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + # HTTP Routers Auth + - "traefik.http.routers.sonarr-rtr.entrypoints=websecure" + - "traefik.http.routers.sonarr-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + - "traefik.http.routers.sonarr-rtr.priority=99" + # Middlewares + - "traefik.http.routers.sonarr-rtr.middlewares=CHAIN-PLACEHOLDER@file" + # HTTP Services + - "traefik.http.routers.sonarr-rtr.service=sonarr-svc" + - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989" + # AUTH-BYPASS-PLACEHOLDER-DO-NOT-DELETE \ No newline at end of file diff --git a/archives/deployarr_v4/compose/speedtest-tracker.yml b/archives/deployarr_v4/compose/speedtest-tracker.yml new file mode 100755 index 0000000..8b7c962 --- /dev/null +++ b/archives/deployarr_v4/compose/speedtest-tracker.yml @@ -0,0 +1,36 @@ +services: + speedtest-tracker: + image: lscr.io/linuxserver/speedtest-tracker:latest + container_name: speedtest-tracker + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # - default + # ports: + # - "80:80" + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + DB_CONNECTION: sqlite + APP_KEY: $SPEEDTEST_TRACKER_APP_KEY #optional + # DB_HOST: mariadb #optional + # DB_PORT: 3306 #optional + # DB_DATABASE: speedtest #optional + # DB_USERNAME: speedtest_user #optional + # DB_PASSWORD: ST-DB-PASSWORD-PLACEHOLDER #optional + volumes: + - $DOCKERDIR/appdata/speedtest-tracker:/app/config + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.speedtest-tracker-rtr.entrypoints=websecure" + - "traefik.http.routers.speedtest-tracker-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.speedtest-tracker-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.speedtest-tracker-rtr.service=speedtest-tracker-svc" + - "traefik.http.services.speedtest-tracker-svc.loadbalancer.server.port=80" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/starter.yml b/archives/deployarr_v4/compose/starter.yml new file mode 100755 index 0000000..0fef686 --- /dev/null +++ b/archives/deployarr_v4/compose/starter.yml @@ -0,0 +1,25 @@ +########################### NETWORKS +# You may customize the network subnets (192.168.x.0/24) below as you please. +networks: + default: + driver: bridge + socket_proxy: + name: socket_proxy + driver: bridge + ipam: + config: + - subnet: 192.168.91.0/24 + # NETWORKS-PLACEHOLDER-DO-NOT-DELETE + +########################### SECRETS +# secrets: + # basic_auth_credentials: + # file: $DOCKERDIR/secrets/basic_auth_credentials + # SECRETS-PLACEHOLDER-DO-NOT-DELETE + +include: + ########################### SERVICES + # HOSTNAME defined in .env file + + # - compose/$HOSTNAME/custom.yml + # SERVICE-PLACEHOLDER-DO-NOT-DELETE diff --git a/archives/deployarr_v4/compose/tautulli.yml b/archives/deployarr_v4/compose/tautulli.yml new file mode 100755 index 0000000..33de966 --- /dev/null +++ b/archives/deployarr_v4/compose/tautulli.yml @@ -0,0 +1,30 @@ +services: + # Tautulli - Plex Statistics and Monitoring + tautulli: + image: lscr.io/linuxserver/tautulli:latest + container_name: tautulli + security_opt: + - no-new-privileges:true + restart: "no" + profiles: ["media", "all"] + networks: + - t3_proxy + # ports: + # - "8181:8181" + volumes: + - $DOCKERDIR/appdata/tautulli/config:/config + # - $DOCKERDIR/appdata/plex/Library/Application Support/Plex Media Server/Logs:/logs:ro # For tautulli Plex log viewer + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.tautulli-rtr.entrypoints=websecure" + - "traefik.http.routers.tautulli-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.tautulli-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.tautulli-rtr.service=tautulli-svc" + - "traefik.http.services.tautulli-svc.loadbalancer.server.port=8181" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/thelounge.yml b/archives/deployarr_v4/compose/thelounge.yml new file mode 100755 index 0000000..3ab9a79 --- /dev/null +++ b/archives/deployarr_v4/compose/thelounge.yml @@ -0,0 +1,29 @@ +services: + # The Lounge - Self-hosted web IRC client + thelounge: + image: lscr.io/linuxserver/thelounge:latest + container_name: thelounge + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + # ports: + # - 9000:9000 + volumes: + - $DOCKERDIR/appdata/thelounge:/config + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.thelounge-rtr.entrypoints=websecure" + - "traefik.http.routers.thelounge-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.thelounge-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.thelounge-rtr.service=thelounge-svc" + - "traefik.http.services.thelounge-svc.loadbalancer.server.port=9000" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/traefik-access-log.yml b/archives/deployarr_v4/compose/traefik-access-log.yml new file mode 100755 index 0000000..4a3b199 --- /dev/null +++ b/archives/deployarr_v4/compose/traefik-access-log.yml @@ -0,0 +1,13 @@ +services: + # Traefik Access Log (access.log) for Dozzle + traefik-access-log: + container_name: traefik-access-log + image: alpine + volumes: + - $DOCKERDIR/logs/$HOSTNAME/traefik/access.log:/var/log/stream.log + command: + - tail + - -f + - /var/log/stream.log + network_mode: none + restart: unless-stopped \ No newline at end of file diff --git a/archives/deployarr_v4/compose/traefik-certs-dumper.yml b/archives/deployarr_v4/compose/traefik-certs-dumper.yml new file mode 100755 index 0000000..d40eca7 --- /dev/null +++ b/archives/deployarr_v4/compose/traefik-certs-dumper.yml @@ -0,0 +1,17 @@ +services: + # Traefik Certs Dumper - Extract LetsEncrypt Certificates - Traefik2 Compatible + traefik-certs-dumper: + container_name: traefik-certs-dumper + image: humenius/traefik-certs-dumper:latest + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + network_mode: none + # command: --restart-containers container1,container2,container3 + volumes: + - $DOCKERDIR/appdata/traefik3/acme:/traefik:ro + - $DOCKERDIR/appdata/traefik-certs/$DOMAINNAME_1:/output:rw + # - /var/run/docker.sock:/var/run/docker.sock:ro # Only needed if restarting containers (use Docker Socket Proxy instead) + environment: + DOMAIN: $DOMAINNAME_1 \ No newline at end of file diff --git a/archives/deployarr_v4/compose/traefik-error-log.yml b/archives/deployarr_v4/compose/traefik-error-log.yml new file mode 100755 index 0000000..ec9b206 --- /dev/null +++ b/archives/deployarr_v4/compose/traefik-error-log.yml @@ -0,0 +1,13 @@ +services: + # Traefik Error Log (traefik.log) for Dozzle + traefik-error-log: + container_name: traefik-error-log + image: alpine + volumes: + - $DOCKERDIR/logs/$HOSTNAME/traefik/traefik.log:/var/log/stream.log + command: + - tail + - -f + - /var/log/stream.log + network_mode: none + restart: unless-stopped \ No newline at end of file diff --git a/archives/deployarr_v4/compose/traefik.yml b/archives/deployarr_v4/compose/traefik.yml new file mode 100755 index 0000000..cc2623c --- /dev/null +++ b/archives/deployarr_v4/compose/traefik.yml @@ -0,0 +1,95 @@ +services: + # Traefik 3 - Reverse Proxy + traefik: + container_name: traefik + image: traefik:3.0 + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + depends_on: + - socket-proxy + networks: + t3_proxy: + ipv4_address: 192.168.90.254 # You can specify a static IP + socket_proxy: + command: # CLI arguments + - --global.checkNewVersion=true + - --global.sendAnonymousUsage=false + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --entrypoints.traefik.address=:8080 + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + - --entrypoints.web.http.redirections.entrypoint.permanent=true + - --api=true + - --api.dashboard=true + # - --api.insecure=true + # - --serversTransport.insecureSkipVerify=true + # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/ + - --entrypoints.websecure.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS + - --log=true + - --log.filePath=/logs/traefik.log + - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC + - --accessLog=true + - --accessLog.filePath=/logs/access.log + - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines + - --accessLog.filters.statusCodes=204-299,400-499,500-599 + - --providers.docker=true + # - --providers.docker.endpoint=unix:///var/run/docker.sock # Disable for Socket Proxy. Enable otherwise. + - --providers.docker.endpoint=tcp://socket-proxy:2375 # Enable for Socket Proxy. Disable otherwise. + - --providers.docker.exposedByDefault=false + - --providers.docker.network=t3_proxy + # - --providers.docker.swarmMode=false # Traefik v2 Swarm + # - --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm + - --entrypoints.websecure.http.tls=true + - --entrypoints.websecure.http.tls.options=tls-opts@file + # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services + - --entrypoints.websecure.http.tls.certresolver=dns-cloudflare + - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME_1 + - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME_1 + # - DOMAINS-PLACEHOLDER-DO-NOT-DELETE + - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory + - --providers.file.watch=true # Only works on top level files in the rules folder + - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing + - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json + - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare + - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 + - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=120 # To delay DNS check and reduce LE hitrate + #- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.disablePropagationCheck=true + # - METRICS-PLACEHOLDER-DO-NOT-DELETE + ports: + - target: 80 + published: 80 + protocol: tcp + mode: host + - target: 443 + published: 443 + protocol: tcp + mode: host + # - target: 8080 # need to enable --api.insecure=true + # published: 8080 + # protocol: tcp + # mode: host + volumes: + - $DOCKERDIR/appdata/traefik3/rules/$HOSTNAME:/rules + # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security + - $DOCKERDIR/appdata/traefik3/acme/acme.json:/acme.json + - $DOCKERDIR/logs/$HOSTNAME/traefik:/logs + environment: + - TZ=$TZ + - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token + - HTPASSWD_FILE=/run/secrets/basic_auth_credentials # HTTP Basic Auth Credentials + - DOMAINNAME_1 # Passing the domain name to traefik container to be able to use the variable in rules. + secrets: + - cf_dns_api_token + - basic_auth_credentials + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.traefik-rtr.entrypoints=websecure" + - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_1`)" + # Services - API + - "traefik.http.routers.traefik-rtr.service=api@internal" + # Middlewares + - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication \ No newline at end of file diff --git a/archives/deployarr_v4/compose/traefik2.yml b/archives/deployarr_v4/compose/traefik2.yml new file mode 100644 index 0000000..9a81a86 --- /dev/null +++ b/archives/deployarr_v4/compose/traefik2.yml @@ -0,0 +1,94 @@ +services: + # Traefik 2 - Reverse Proxy + traefik: + container_name: traefik + image: traefik:2.11 + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + depends_on: + - socket-proxy + networks: + t2_proxy: + ipv4_address: 192.168.90.254 # You can specify a static IP + socket_proxy: + command: # CLI arguments + - --global.checkNewVersion=true + - --global.sendAnonymousUsage=true + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --entryPoints.traefik.address=:8080 + - --entrypoints.web.http.redirections.entryPoint.to=websecure + - --entrypoints.web.http.redirections.entryPoint.scheme=https + - --entrypoints.web.http.redirections.entrypoint.permanent=true + - --api=true + - --api.dashboard=true + # - --api.insecure=true + # - --serversTransport.insecureSkipVerify=true + # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/ + - --entrypoints.websecure.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS + - --log=true + - --log.filePath=/logs/traefik.log + - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC + - --accessLog=true + - --accessLog.filePath=/logs/access.log + - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines + - --accessLog.filters.statusCodes=204-299,400-499,500-599 + - --providers.docker=true + # - --providers.docker.endpoint=unix:///var/run/docker.sock # Disable for Socket Proxy. Enable otherwise. + - --providers.docker.endpoint=tcp://socket-proxy:2375 # Enable for Socket Proxy. Disable otherwise. + - --providers.docker.exposedByDefault=false + - --providers.docker.network=t2_proxy + # - --providers.docker.swarmMode=false # Traefik v2 Swarm + # - --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm + - --entrypoints.websecure.http.tls=true + - --entrypoints.websecure.http.tls.options=tls-opts@file + # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services + - --entrypoints.websecure.http.tls.certresolver=dns-cloudflare + - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME_1 + - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME_1 + # - DOMAINS-PLACEHOLDER-DO-NOT-DELETE + - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory + - --providers.file.watch=true # Only works on top level files in the rules folder + - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing + - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json + - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare + - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 + - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=120 # To delay DNS check and reduce LE hitrate + #- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.disablePropagationCheck=true + ports: + - target: 80 + published: 80 + protocol: tcp + mode: host + - target: 443 + published: 443 + protocol: tcp + mode: host + # - target: 8080 # need to enable --api.insecure=true + # published: 8080 + # protocol: tcp + # mode: host + volumes: + - $DOCKERDIR/appdata/traefik2/rules/$HOSTNAME:/rules + # - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security + - $DOCKERDIR/appdata/traefik2/acme/acme.json:/acme.json + - $DOCKERDIR/logs/$HOSTNAME/traefik:/logs + environment: + - TZ=$TZ + - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token + - HTPASSWD_FILE=/run/secrets/basic_auth_credentials # HTTP Basic Auth Credentials + - DOMAINNAME_1 # Passing the domain name to traefik container to be able to use the variable in rules. + secrets: + - cf_dns_api_token + - basic_auth_credentials + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.traefik-rtr.entrypoints=websecure" + - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_1`)" + # Services - API + - "traefik.http.routers.traefik-rtr.service=api@internal" + # Middlewares + - "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication \ No newline at end of file diff --git a/archives/deployarr_v4/compose/uptime-kuma.yml b/archives/deployarr_v4/compose/uptime-kuma.yml new file mode 100755 index 0000000..2a6a0b5 --- /dev/null +++ b/archives/deployarr_v4/compose/uptime-kuma.yml @@ -0,0 +1,26 @@ +services: + # Uptime Kuma - Status Page & Monitoring Server + uptime-kuma: + image: louislam/uptime-kuma + container_name: uptime-kuma + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + - default + # ports: + # - "3001:3001" + volumes: + - $DOCKERDIR/appdata/uptime-kuma:/app/data + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.uptime-kuma-rtr.entrypoints=websecure" + - "traefik.http.routers.uptime-kuma-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.uptime-kuma-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.uptime-kuma-rtr.service=uptime-kuma-svc" + - "traefik.http.services.uptime-kuma-svc.loadbalancer.server.port=3001" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/vaultwarden.yml b/archives/deployarr_v4/compose/vaultwarden.yml new file mode 100755 index 0000000..50b7d3b --- /dev/null +++ b/archives/deployarr_v4/compose/vaultwarden.yml @@ -0,0 +1,27 @@ +services: + # Vaultwarden Password Manager + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["apps", "all"] + networks: + - t3_proxy + environment: + # This is required to allow vaultwarden to verify the TLS certificate! + - DOMAIN=https://SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 + # - ADMIN_TOKEN=ADMIN-TOKEN-PLACEHOLDER + volumes: + - $DOCKERDIR/appdata/vaultwarden/data:/data + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.vaultwarden-rtr.entrypoints=websecure" + - "traefik.http.routers.vaultwarden-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.vaultwarden-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.vaultwarden-rtr.service=vaultwarden-svc" + - "traefik.http.services.vaultwarden-svc.loadbalancer.server.port=80" diff --git a/archives/deployarr_v4/compose/vscode.yml b/archives/deployarr_v4/compose/vscode.yml new file mode 100755 index 0000000..d467ce3 --- /dev/null +++ b/archives/deployarr_v4/compose/vscode.yml @@ -0,0 +1,37 @@ +services: + # VSCode - VSCode Editing + vscode: + image: lscr.io/linuxserver/code-server:latest + container_name: vscode + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + # ports: + # - "8443:8443" + volumes: + - $DOCKERDIR/appdata/vscode:/config + - $USERDIR:/data/docker + environment: + TZ: $TZ + PUID: $PUID + PGID: $PGID + # DOCKER_HOST: tcp://socket-proxy:2375 + # PASSWORD: $VSCODE_PASSWORD + # HASHED_PASSWORD: #optional + # SUDO_PASSWORD: password #optional + # SUDO_PASSWORD_HASH: #optional + # PROXY_DOMAIN: code-server.my.domain #optional + # DEFAULT_WORKSPACE: /config/data/User/Workspaces/Default.code-workspace #optional + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.vscode-rtr.entrypoints=websecure" + - "traefik.http.routers.vscode-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.vscode-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.vscode-rtr.service=vscode-svc" + - "traefik.http.services.vscode-svc.loadbalancer.server.port=8443" \ No newline at end of file diff --git a/archives/deployarr_v4/compose/wg-easy.yml b/archives/deployarr_v4/compose/wg-easy.yml new file mode 100755 index 0000000..a73b1db --- /dev/null +++ b/archives/deployarr_v4/compose/wg-easy.yml @@ -0,0 +1,44 @@ +services: + # WG-EASY - WireGuard Easy + wg-easy: + image: ghcr.io/wg-easy/wg-easy + container_name: wg-easy + security_opt: + - no-new-privileges:true + restart: unless-stopped + profiles: ["core", "all"] + networks: + - t3_proxy + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + ports: + - "51820:51820/udp" + - "51821:51821/tcp" # WebUI + volumes: + - $DOCKERDIR/appdata/wireguard:/etc/wireguard + environment: + - WG_HOST=SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1 + - PASSWORD_HASH=WG-EASY-PASSWORD-HASH-PLACEHOLDER + - WG_DEFAULT_ADDRESS=$WGEASY_DEFAULT_ADDRESS + - WG_DEFAULT_DNS=$WGEASY_DEFAULT_DNS + - WG_ALLOWED_IPS=$WGEASY_ALLOWED_IPS + - UI_TRAFFIC_STATS=true + - UI_CHART_TYPE=3 + # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt + # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt + # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt + # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.wg-easy-rtr.entrypoints=websecure" + - "traefik.http.routers.wg-easy-rtr.rule=Host(`SUBDOMAIN-PLACEHOLDER.$DOMAINNAME_1`)" + ## Middlewares + - "traefik.http.routers.wg-easy-rtr.middlewares=CHAIN-PLACEHOLDER@file" + ## HTTP Services + - "traefik.http.routers.wg-easy-rtr.service=wg-easy-svc" + - "traefik.http.services.wg-easy-svc.loadbalancer.server.port=51821" diff --git a/archives/deployarr_v4/includes/authelia/chain-authelia.yml b/archives/deployarr_v4/includes/authelia/chain-authelia.yml new file mode 100644 index 0000000..60c11d2 --- /dev/null +++ b/archives/deployarr_v4/includes/authelia/chain-authelia.yml @@ -0,0 +1,8 @@ +http: + middlewares: + chain-authelia: + chain: + middlewares: + - middlewares-rate-limit + - middlewares-secure-headers + - middlewares-authelia \ No newline at end of file diff --git a/archives/deployarr_v4/includes/authelia/configuration.yml b/archives/deployarr_v4/includes/authelia/configuration.yml new file mode 100644 index 0000000..8e27c39 --- /dev/null +++ b/archives/deployarr_v4/includes/authelia/configuration.yml @@ -0,0 +1,95 @@ +############################################################### +# Authelia configuration # +############################################################### + +server: + address: tcp://0.0.0.0:9091/ + buffers: + read: 4096 + write: 4096 + endpoints: + enable_pprof: false + enable_expvars: false + disable_healthcheck: false + tls: + key: "" + certificate: "" + +# https://www.authelia.com/configuration/miscellaneous/logging/ +log: + level: info + format: text + file_path: /config/authelia.log + keep_stdout: true + +# https://www.authelia.com/configuration/second-factor/time-based-one-time-password/ +totp: + issuer: example.com + period: 30 + skew: 1 + +# AUTHELIA_DUO_PLACEHOLDER + +# https://www.authelia.com/reference/guides/passwords/ +authentication_backend: + password_reset: + disable: false + refresh_interval: 5m + file: + path: /config/users.yml + password: + algorithm: argon2id + iterations: 1 + salt_length: 16 + parallelism: 8 + memory: 256 # blocks this much of the RAM + +# https://www.authelia.com/overview/authorization/access-control/ +access_control: + default_policy: deny + rules: + # - domain: + # - "*.example.com" + # - "example.com" + # policy: bypass + # networks: # bypass authentication for local networks + # - 10.0.0.0/8 + # - 192.168.0.0/16 + # - 172.16.0.0/12 + - domain: + - "*.example.com" + - "example.com" + policy: two_factor + +# https://www.authelia.com/configuration/session/introduction/ +session: + name: authelia_session + same_site: lax + expiration: 7h + inactivity: 5m + remember_me: 1M + cookies: + - domain: 'example.com' + authelia_url: 'https://authelia.example.com' + default_redirection_url: 'https://example.com' + # AUTHELIA_REDIS_PLACEHOLDER + +# https://www.authelia.com/configuration/security/regulation/ +regulation: + max_retries: 3 + find_time: 10m + ban_time: 12h + +# https://www.authelia.com/configuration/storage/introduction/ +storage: + # For local storage, uncomment lines below and comment out mysql. https://docs.authelia.com/configuration/storage/sqlite.html + # This is good for the beginning. If you have a busy site then switch to other databases. + local: + path: /config/db.sqlite3 + +# https://www.authelia.com/configuration/notifications/introduction/ +notifier: + disable_startup_check: false + # For testing purposes, notifications can be sent in a file. Be sure to map the volume in docker-compose. + filesystem: + filename: /config/notifications.txt diff --git a/archives/deployarr_v4/includes/authelia/duo.yml b/archives/deployarr_v4/includes/authelia/duo.yml new file mode 100755 index 0000000..11d2782 --- /dev/null +++ b/archives/deployarr_v4/includes/authelia/duo.yml @@ -0,0 +1,8 @@ +# Enable the following for Duo Push Notification support +#duo_api: +# disable: false +# hostname: +# integration_key: +# enable_self_enrollment: true +# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE +# # secret_key: SECRET_KEY_GOES_HERE # use docker secret file instead AUTHELIA_DUO_API_SECRET_KEY_FILE \ No newline at end of file diff --git a/archives/deployarr_v4/includes/authelia/middlewares-authelia.yml b/archives/deployarr_v4/includes/authelia/middlewares-authelia.yml new file mode 100644 index 0000000..0cd6408 --- /dev/null +++ b/archives/deployarr_v4/includes/authelia/middlewares-authelia.yml @@ -0,0 +1,9 @@ +http: + middlewares: + middlewares-authelia: + forwardAuth: + address: "http://authelia:9091/api/verify?rd=https://authelia.{{env "DOMAINNAME_1"}}" + trustForwardHeader: true + authResponseHeaders: + - "Remote-User" + - "Remote-Groups" \ No newline at end of file diff --git a/archives/deployarr_v4/includes/authelia/redis.yml b/archives/deployarr_v4/includes/authelia/redis.yml new file mode 100755 index 0000000..2a0b320 --- /dev/null +++ b/archives/deployarr_v4/includes/authelia/redis.yml @@ -0,0 +1,6 @@ + redis: + host: redis + port: 6379 + database_index: 0 + maximum_active_connections: 10 + minimum_idle_connections: 0 \ No newline at end of file diff --git a/archives/deployarr_v4/includes/authelia/users.yml b/archives/deployarr_v4/includes/authelia/users.yml new file mode 100644 index 0000000..369de8f --- /dev/null +++ b/archives/deployarr_v4/includes/authelia/users.yml @@ -0,0 +1,15 @@ +############################################################### +# Users Database # +############################################################### + +# This file can be used if you do not have an LDAP set up. + +# List of users +users: + AUTHELIA_USERNAME: + disabled: false + displayname: "AUTHELIA_USER_DISPLAY_NAME" + email: AUTHELIA_USER_EMAIL + password: AUTHELIA_HASHED_PASSWORD + groups: + - admins \ No newline at end of file diff --git a/archives/deployarr_v4/includes/authentik/email.env b/archives/deployarr_v4/includes/authentik/email.env new file mode 100755 index 0000000..1448e99 --- /dev/null +++ b/archives/deployarr_v4/includes/authentik/email.env @@ -0,0 +1,13 @@ +# SMTP Host Emails are sent to +AUTHENTIK_EMAIL__HOST=localhost +AUTHENTIK_EMAIL__PORT=25 +# Optionally authenticate (don't add quotation marks to your password) +AUTHENTIK_EMAIL__USERNAME= +AUTHENTIK_EMAIL__PASSWORD= +# Use StartTLS +AUTHENTIK_EMAIL__USE_TLS=false +# Use SSL +AUTHENTIK_EMAIL__USE_SSL=false +AUTHENTIK_EMAIL__TIMEOUT=10 +# Email address authentik will send from, should have a correct @domain +AUTHENTIK_EMAIL__FROM=authentik@localhost \ No newline at end of file diff --git a/archives/deployarr_v4/includes/authentik/postgresql.sh b/archives/deployarr_v4/includes/authentik/postgresql.sh new file mode 100755 index 0000000..46aea13 --- /dev/null +++ b/archives/deployarr_v4/includes/authentik/postgresql.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER docker; + CREATE DATABASE docker; + GRANT ALL PRIVILEGES ON DATABASE docker TO docker; +EOSQL \ No newline at end of file diff --git a/archives/deployarr_v4/includes/dashy/starter-conf.yml b/archives/deployarr_v4/includes/dashy/starter-conf.yml new file mode 100755 index 0000000..652d42a --- /dev/null +++ b/archives/deployarr_v4/includes/dashy/starter-conf.yml @@ -0,0 +1,45 @@ +# Page meta info, like heading, footer text and nav links +pageInfo: + title: Dashy + description: Welcome to your new dashboard! + navLinks: + - title: GitHub + path: https://github.com/Lissy93/dashy + - title: Documentation + path: https://dashy.to/docs + +# Optional app settings and configuration +appConfig: + theme: colorful + +# Main content - An array of sections, each containing an array of items +sections: +- name: Getting Started + icon: fas fa-rocket + items: + - title: Dashy Live + description: Development a project management links for Dashy + icon: https://i.ibb.co/qWWpD0v/astro-dab-128.png + url: https://live.dashy.to/ + target: newtab + - title: GitHub + description: Source Code, Issues and Pull Requests + url: https://github.com/lissy93/dashy + icon: favicon + - title: Docs + description: Configuring & Usage Documentation + provider: Dashy.to + icon: far fa-book + url: https://dashy.to/docs + - title: Showcase + description: See how others are using Dashy + url: https://github.com/Lissy93/dashy/blob/master/docs/showcase.md + icon: far fa-grin-hearts + - title: Config Guide + description: See full list of configuration options + url: https://github.com/Lissy93/dashy/blob/master/docs/configuring.md + icon: fas fa-wrench + - title: Support + description: Get help with Dashy, raise a bug, or get in contact + url: https://github.com/Lissy93/dashy/blob/master/.github/SUPPORT.md + icon: far fa-hands-helping \ No newline at end of file diff --git a/archives/deployarr_v4/includes/ddns-updater/config.json b/archives/deployarr_v4/includes/ddns-updater/config.json new file mode 100755 index 0000000..700b117 --- /dev/null +++ b/archives/deployarr_v4/includes/ddns-updater/config.json @@ -0,0 +1,13 @@ +{ + "settings": [ + { + "provider": "cloudflare", + "zone_identifier": "CLOUDFLARE-ZONE-IDENTIFIER-PLACEHOLDER", + "domain": "CLOUDFLARE-DOMAIN-PLACEHOLDER", + "host": "@", + "ttl": 600, + "token": "CLOUDFLARE-API-TOKEN-PLACEHOLDER", + "ip_version": "ipv4" + } + ] +} \ No newline at end of file diff --git a/archives/deployarr_v4/includes/devices_gpu.yml b/archives/deployarr_v4/includes/devices_gpu.yml new file mode 100755 index 0000000..1477791 --- /dev/null +++ b/archives/deployarr_v4/includes/devices_gpu.yml @@ -0,0 +1,2 @@ + devices: + - /dev/dri:/dev/dri # for harware transcoding diff --git a/archives/deployarr_v4/includes/docker-gc/docker-gc-exclude b/archives/deployarr_v4/includes/docker-gc/docker-gc-exclude new file mode 100755 index 0000000..44dd89e --- /dev/null +++ b/archives/deployarr_v4/includes/docker-gc/docker-gc-exclude @@ -0,0 +1,9 @@ +# If there is a dependent image it seems that the docker-gc can only identify them +# using the image id +# If you pull them specifically it will use the tag otherwise it uses the imageid +# +# The file consists of the name of the image followed by the image id (can be either the short version or the long version) +# +#################################################################################################### + +clockworksoul/docker-gc-cron:latest \ No newline at end of file diff --git a/archives/deployarr_v4/includes/docker_aliases b/archives/deployarr_v4/includes/docker_aliases new file mode 100644 index 0000000..c123df4 --- /dev/null +++ b/archives/deployarr_v4/includes/docker_aliases @@ -0,0 +1,142 @@ +# DOCKER - All Docker commands start with "d" AND Docker Compose commands start with "dc" +alias dstop='sudo docker stop $(sudo docker ps -a -q)' # usage: dstop container_name +alias dstopall='sudo docker stop $(sudo docker ps -aq)' # stop all containers +alias drm='sudo docker rm $(sudo docker ps -a -q)' # usage: drm container_name +alias dprunevol='sudo docker volume prune' # remove unused volumes +alias dprunesys='sudo docker system prune -a' # remove unsed docker data +alias ddelimages='sudo docker rmi $(sudo docker images -q)' # remove unused docker images +alias derase='dstopcont ; drmcont ; ddelimages ; dvolprune ; dsysprune' # WARNING: removes everything! +alias dprune='ddelimages ; dprunevol ; dprunesys' # remove unused data, volumes, and images (perfect for safe clean up) +alias dexec='sudo docker exec -ti' # usage: dexec container_name (to access container terminal) +alias dps='sudo docker ps -a' # running docker processes +alias dpss='sudo docker ps -a --format "table {{.Names}}\t{{.State}}\t{{.Status}}\t{{.Image}}" | (sed -u 1q; sort)' # running docker processes as nicer table +alias ddf='sudo docker system df' # docker data usage (/var/lib/docker) +alias dlogs='sudo docker logs -tf --tail="50" ' # usage: dlogs container_name +alias dlogsize='sudo du -ch $(sudo docker inspect --format='{{.LogPath}}' $(sudo docker ps -qa)) | sort -h' # see the size of docker containers +alias dips="sudo docker ps -q | xargs -n 1 sudo docker inspect -f '{{.Name}}%tab%{{range .NetworkSettings.Networks}}{{.IPAddress}}%tab%{{end}}' | sed 's#%tab%#\t#g' | sed 's#/##g' | sort | column -t -N NAME,IP\(s\) -o $'\t'" + +# DOCKER COMPOSE TRAEFIK - All docker-compose commands start with "dc" +alias dcrun='sudo docker compose --profile all -f $HOME/docker/docker-compose-$HOSTNAME.yml' +alias dclogs='dcrun logs -tf --tail="50" ' # usage: dclogs container_name +alias dcup='dcrun up -d --build --remove-orphans' # up the stack +alias dcdown='dcrun down --remove-orphans' # down the stack +alias dcrec='dcrun up -d --force-recreate --remove-orphans' # usage: dcrec container_name +alias dcstop='dcrun stop' # usage: dcstop container_name +alias dcrestart='dcrun restart ' # usage: dcrestart container_name +alias dcstart='dcrun start ' # usage: dcstart container_name +alias dcpull='dcrun pull' # usage: dcpull to pull all new images or dcpull container_name +alias traefiklogs='tail -f $HOME/docker/logs/$HOSTNAME/traefik/traefik.log' # tail traefik logs + +# CROWDSEC +alias cscli='dcrun exec -t crowdsec cscli' +alias csdecisions='cscli decisions list' +alias csalerts='cscli alerts list' +alias csinspect='cscli alerts inspect -d' +alias cshubs='cscli hub list' +alias csparsers='cscli parsers list' +alias cscollections='cscli collections list' +alias cshubupdate='cscli hub update' +alias cshubupgrade='cscli hub update' +alias csmetrics='cscli metrics' +alias csmachines='cscli machines list' +alias csbouncers='cscli bouncers list' +alias csfbstatus='sudo systemctl status crowdsec-firewall-bouncer.service' +alias csfbstart='sudo systemctl start crowdsec-firewall-bouncer.service' +alias csfbstop='sudo systemctl stop crowdsec-firewall-bouncer.service' +alias csfbrestart='sudo systemctl restart crowdsec-firewall-bouncer.service' +alias tailkern='sudo tail -f /var/log/kern.log' +alias tailauth='sudo tail -f /var/log/auth.log' +alias tailcsfb='sudo tail -f /var/log/crowdsec-firewall-bouncer.log' +alias csbrestart='dcrec2 traefik-bouncer ; csfbrestart' + +# COMPRESSION +alias untargz='tar --same-owner -zxvf' +alias untarbz='tar --same-owner -xjvf' +alias lstargz='tar -ztvf' +alias lstarbz='tar -jtvf' +alias targz='tar -zcvf' +alias tarbz='tar -cjvf' + +# NAVIGATION +alias cd..='cd ..' +alias ..='cd ..' +alias ...='cd ../..' +alias .3='cd ../../..' +alias .4='cd ../../../..' +alias .5='cd ../../../../..' + +# FILE SIZE AND STORAGE +alias fdisk='sudo fdisk -l' +alias uuid='sudo vol_id -u' +alias ls='ls -F --color=auto --group-directories-first' +alias ll='ls -alh --color=auto --group-directories-first' +alias lt='ls --human-readable --color=auto --size -1 -S --classify' # file size sorted +alias lsr='ls --color=auto -t -1' # recently modified +alias mnt='mount | grep -E ^/dev | column -t' # show mounted drives +alias dirsize='sudo du -hx --max-depth=1' +alias dirusage='du -ch | grep total' # Grabs the disk usage in the current directory +alias diskusage='df -hl --total | grep total' # Gets the total disk usage on your machine +alias partusage='df -hlT --exclude-type=tmpfs --exclude-type=devtmpfs' # Shows the individual partition usages without the temporary memory values +alias usage10='du -hsx * | sort -rh | head -10' # Gives you what is using the most space. Both directories and files. Varies on current directory + +# BASH ALIASES +alias baupdate='. ~/.bashrc' +alias baedit='nano $HOME/.bash_aliases' + +# UFW FIREWALL +alias ufwenable='sudo ufw enable' +alias ufwdisable='sudo ufw disable' +alias ufwallow='sudo ufw allow' +alias ufwlimit='sudo ufw limit' +alias ufwlist='sudo ufw status numbered' +alias ufwdelete='sudo ufw delete' +alias ufwreload='sudo ufw reload' + +# SYSTEMD START, STOP AND RESTART +alias ctlreload='sudo systemctl daemon-reload' +alias ctlstart='sudo systemctl start' +alias ctlstop='sudo systemctl stop' +alias ctlrestart='sudo systemctl restart' +alias ctlstatus='sudo systemctl status' +alias ctlenable='sudo systemctl enable' +alias ctldisable='sudo systemctl disable' +alias ctlactive='sudo systemctl is-active' + +# INSTALLATION AND UPGRADE +alias update='sudo apt-get update' +alias upgrade='sudo apt-get update && sudo apt-get upgrade' +alias install='sudo apt-get install' +alias finstall='sudo apt-get -f install' +alias rinstall='sudo apt-get -f install --reinstall' +alias uninstall='sudo apt-get remove' +alias search='sudo apt-cache search' +alias addkey='sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com' + +# NETWORKING +alias portsused='sudo netstat -tulpn | grep LISTEN' +alias showports='netstat -lnptu' +alias showlistening='lsof -i -n | egrep "COMMAND|LISTEN"' +alias ping='ping -c 5' +alias ipe='curl ipinfo.io/ip' # external ip +alias ipi='ipconfig getifaddr en0' # internal ip +alias header='curl -I' # get web server headers + +# SYNOLOGY DSM COMMANDS +alias servicelist='sudo synoservicecfg --list' # does not work in DSM 7 +alias servicestatus='sudo synosystemctl status' +alias servicestop='sudo synosystemctl stop' +alias servicehstop='sudo synoservicecfg --hard-stop' # does not work in DSM 7 +alias servicestart='sudo synosystemctl start' +alias servicehstart='sudo synoservicecfg --hard-start' # does not work in DSM 7 +alias servicerestart='sudo synosystemctl restart' +alias restartdocker='sudo synosystemctl restart pkgctl-Docker' + +# SYSTEM MONITORING +alias meminfo='free -m -l -t' # memory usage +alias psmem='ps auxf | sort -nr -k 4' # get top process eating memory +alias psmem10='ps auxf | sort -nr -k 4 | head -10' # get top process eating memory +alias pscpu='ps auxf | sort -nr -k 3' # get top process eating cpu +alias pscpu10='ps auxf | sort -nr -k 3 | head -10' # get top process eating cpu +alias cpuinfo='lscpu' # Get server cpu info +alias gpumeminfo='grep -i --color memory /var/log/Xorg.0.log' # get GPU ram on desktop / laptop +alias free='free -h' \ No newline at end of file diff --git a/archives/deployarr_v4/includes/docker_aliases_bashrc b/archives/deployarr_v4/includes/docker_aliases_bashrc new file mode 100755 index 0000000..e419f18 --- /dev/null +++ b/archives/deployarr_v4/includes/docker_aliases_bashrc @@ -0,0 +1,5 @@ + +# Anand's Docker Bash Aliases added by Deployarr +if [ -f ~/docker/shared/config/docker_aliases ]; then + . ~/docker/shared/config/docker_aliases +fi diff --git a/archives/deployarr_v4/includes/glances/glances.conf b/archives/deployarr_v4/includes/glances/glances.conf new file mode 100755 index 0000000..86ae1c2 --- /dev/null +++ b/archives/deployarr_v4/includes/glances/glances.conf @@ -0,0 +1,771 @@ +############################################################################## +# Globals Glances parameters +############################################################################## + +[global] +# Stats refresh rate (default is a minimum of 2 seconds) +# Can be overwrite by the -t option +# It is also possible to overwrite it in each plugin sections +refresh=2 +# Does Glances should check if a newer version is available on PyPI ? +check_update=true +# History size (maximum number of values) +# Default is 1200 values (~1h with the default refresh rate) +history_size=1200 +# Set the way Glances should display the date (default is %Y-%m-%d %H:%M:%S %Z) +#strftime_format="%Y-%m-%d %H:%M:%S %Z" +# Define external directory for loading additional plugins +# The layout follows the glances standard for plugin definitions +#plugin_dir=/home/user/dev/plugins + +############################################################################## +# User interface +############################################################################## + +[outputs] +# Separator in the Curses and WebUI interface (between top and others plugins) +separator=True +# Set the the Curses and WebUI interface left menu plugin list (comma-separated) +#left_menu=network,wifi,connections,ports,diskio,fs,irq,folders,raid,smart,sensors,now +# Limit the number of processes to display (for the WebUI) +max_processes_display=25 +# Set the URL prefix (for the WebUI and the API) +# Example: url_prefix=/glances/ => http://localhost/glances/ +# The final / is mandatory +# Default is no prefix (/) +#url_prefix=/glances/ + +############################################################################## +# plugins +############################################################################## + +[quicklook] +# Set to true to disable a plugin +# Note: you can also disable it from the command line (see --disable-plugin ) +disable=False +# Stats list (default is cpu,mem,load) +# Available stats are: cpu,mem,load,swap +list=cpu,mem,load +# Graphical bar char used in the terminal user interface (default is |) +bar_char=| +# Define CPU, MEM and SWAP thresholds in % +cpu_careful=50 +cpu_warning=70 +cpu_critical=90 +mem_careful=50 +mem_warning=70 +mem_critical=90 +swap_careful=50 +swap_warning=70 +swap_critical=90 +# Source: http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages +# With 1 CPU core, the load should be lower than 1.00 ~ 100% +load_careful=70 +load_warning=100 +load_critical=500 + +[system] +# This plugin display the first line in the Glances UI with: +# Hostname / Operating system name / Architecture information +# Set to true to disable a plugin +disable=False +# Default refresh rate is 60 seconds +#refresh=60 +# System information to display (a string where {key} will be replaced by the value) +# Available information are: hostname, os_name, os_version, os_arch, linux_distro, platform +#system_info_msg= | My {os_name} system | + +[cpu] +disable=False +# See https://scoutapm.com/blog/slow_server_flow_chart +# +# I/O wait percentage should be lower than 1/# (# = Logical CPU cores) +# Leave commented to just use the default config: +# Careful=1/#*100-20% / Warning=1/#*100-10% / Critical=1/#*100 +#iowait_careful=30 +#iowait_warning=40 +#iowait_critical=50 +# +# Total % is 100 - idle +total_careful=65 +total_warning=75 +total_critical=85 +total_log=True +# +# Default values if not defined: 50/70/90 (except for iowait) +user_careful=50 +user_warning=70 +user_critical=90 +user_log=False +#user_critical_action=echo {{user}} {{value}} {{max}} > /tmp/cpu.alert +# +system_careful=50 +system_warning=70 +system_critical=90 +system_log=False +# +steal_careful=50 +steal_warning=70 +steal_critical=90 +#steal_log=True +# +# Context switch limit (core / second) +# Leave commented to just use the default config (critical is 50000*# (Logical CPU cores) +#ctx_switches_careful=10000 +#ctx_switches_warning=12000 +#ctx_switches_critical=14000 + +[percpu] +disable=False +# Define CPU thresholds in % +# Default values if not defined: 50/70/90 +user_careful=50 +user_warning=70 +user_critical=90 +iowait_careful=50 +iowait_warning=70 +iowait_critical=90 +system_careful=50 +system_warning=70 +system_critical=90 + +[gpu] +disable=False +# Default processor values if not defined: 50/70/90 +proc_careful=50 +proc_warning=70 +proc_critical=90 +# Default memory values if not defined: 50/70/90 +mem_careful=50 +mem_warning=70 +mem_critical=90 +# Temperature +temperature_careful=60 +temperature_warning=70 +temperature_critical=80 + +[mem] +disable=False +# Define RAM thresholds in % +# Default values if not defined: 50/70/90 +careful=50 +#careful_action_repeat=echo {{percent}} >> /tmp/memory.alert +warning=70 +critical=90 + +[memswap] +disable=False +# Define SWAP thresholds in % +# Default values if not defined: 50/70/90 +careful=50 +warning=70 +critical=90 + +[load] +disable=False +# Define LOAD thresholds +# Value * number of cores +# Default values if not defined: 0.7/1.0/5.0 per number of cores +# Source: http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages +# http://www.linuxjournal.com/article/9001 +careful=0.7 +warning=1.0 +critical=5.0 +#log=False + +[network] +disable=False +# Default bitrate thresholds in % of the network interface speed +# Default values if not defined: 70/80/90 +rx_careful=70 +rx_warning=80 +rx_critical=90 +tx_careful=70 +tx_warning=80 +tx_critical=90 +# Define the list of hidden network interfaces (comma-separated regexp) +hide=docker.*,lo +# Define the list of wireless network interfaces to be show (comma-separated) +#show=docker.* +# It is possible to overwrite the bitrate thresholds per interface +# WLAN 0 Default limits (in bits per second aka bps) for interface bitrate +#wlan0_rx_careful=4000000 +#wlan0_rx_warning=5000000 +#wlan0_rx_critical=6000000 +#wlan0_rx_log=True +#wlan0_tx_careful=700000 +#wlan0_tx_warning=900000 +#wlan0_tx_critical=1000000 +#wlan0_tx_log=True +# Alias for network interface name +#alias=wlp2s0:WIFI + +[ip] +disable=False +public_refresh_interval=300 +public_ip_disabled=False +# Configuration for the Censys online service +# Need to create an aacount: https://censys.io/login +censys_url=https://search.censys.io/api +# Get your own credential here: https://search.censys.io/account/api +# Enter your credential and uncomment the following lines +#censys_username= +#censys_password= +# List of fields to be displayed in user interface (comma separated) +censys_fields=location:continent,location:country,autonomous_system:name + +[connections] +# Display additional information about TCP connections +# This plugin is disabled by default +disable=True +# nf_conntrack thresholds in % +nf_conntrack_percent_careful=70 +nf_conntrack_percent_warning=80 +nf_conntrack_percent_critical=90 + +[wifi] +disable=False +# Define SIGNAL thresholds in db (lower is better...) +# Based on: http://serverfault.com/questions/501025/industry-standard-for-minimum-wifi-signal-strength +careful=-65 +warning=-75 +critical=-85 + +[diskio] +disable=False +# Define the list of hidden disks (comma-separated regexp) +#hide=sda2,sda5,loop.* +hide=loop.*,/dev/loop.* +# Define the list of disks to be show (comma-separated) +#show=sda.* +# Alias for sda1 and sdb1 +#alias=sda1:SystemDisk,sdb1:DataDisk + +[fs] +disable=False +# Define the list of file system to hide (comma-separated regexp) +hide=/boot.*,/snap.* +# Define the list of file system to show (comma-separated regexp) +#show=/,/srv +# Define filesystem space thresholds in % +# Default values if not defined: 50/70/90 +# It is also possible to define per mount point value +# Example: /_careful=40 +careful=50 +warning=70 +critical=90 +# Allow additional file system types (comma-separated FS type) +#allow=shm +# Alias for root file system +#alias=/:Root + +[irq] +# Documentation: https://glances.readthedocs.io/en/latest/aoa/irq.html +# This plugin is disabled by default +disable=True + +[folders] +# Documentation: https://glances.readthedocs.io/en/latest/aoa/folders.html +disable=False +# Define a folder list to monitor +# The list is composed of items (list_#nb <= 10) +# An item is defined by: +# * path: absolute path +# * careful: optional careful threshold (in MB) +# * warning: optional warning threshold (in MB) +# * critical: optional critical threshold (in MB) +# * refresh: interval in second between two refreshes +#folder_1_path=/tmp +#folder_1_careful=2500 +#folder_1_warning=3000 +#folder_1_critical=3500 +#folder_1_refresh=60 +#folder_2_path=/home/nicolargo/Videos +#folder_2_warning=17000 +#folder_2_critical=20000 +#folder_3_path=/nonexisting +#folder_4_path=/root + +[cloud] +# Documentation: https://glances.readthedocs.io/en/latest/aoa/cloud.html +# This plugin is disabled by default +disable=True + +[raid] +# Documentation: https://glances.readthedocs.io/en/latest/aoa/raid.html +# This plugin is disabled by default +disable=True + +[smart] +# Documentation: https://glances.readthedocs.io/en/latest/aoa/smart.html +# This plugin is disabled by default +disable=True + +[hddtemp] +disable=False +# Define hddtemp server IP and port (default is 127.0.0.1 and 7634 (TCP)) +host=127.0.0.1 +port=7634 + +[sensors] +# Documentation: https://glances.readthedocs.io/en/latest/aoa/sensors.html +disable=False +# By default refresh every refresh time * 2 +#refresh=6 +# Hide some sensors +#hide=ambient +# Sensors core thresholds (in Celsius...) +# Default values are grabbed from the system +#temperature_core_careful=45 +#temperature_core_warning=65 +#temperature_core_critical=80 +# Temperatures threshold in °C for hddtemp +# Default values if not defined: 45/52/60 +temperature_hdd_careful=45 +temperature_hdd_warning=52 +temperature_hdd_critical=60 +# Battery threshold in % +battery_careful=80 +battery_warning=90 +battery_critical=95 +# Sensors alias +#alias=core 0:CPU Core 0,core 1:CPU Core 1 + +[processcount] +disable=False +# If you want to change the refresh rate of the processing list, please uncomment: +#refresh=10 + +[processlist] +disable=False +# Sort key: if not defined, the sort is automatically done by Glances (recommended) +# Should be one of the following: +# cpu_percent, memory_percent, io_counters, name, cpu_times, username +#sort_key=memory_percent +# Define CPU/MEM (per process) thresholds in % +# Default values if not defined: 50/70/90 +cpu_careful=50 +cpu_warning=70 +cpu_critical=90 +mem_careful=50 +mem_warning=70 +mem_critical=90 +# +# Nice priorities range from -20 to 19. +# Configure nice levels using a comma-separated list. +# +# Nice: Example 1, non-zero is warning (default behavior) +nice_warning=-20,-19,-18,-17,-16,-15,-14,-13,-12,-11,-10,-9,-8,-7,-6,-5,-4,-3,-2,-1,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 +# +# Nice: Example 2, low priority processes escalate from careful to critical +#nice_careful=1,2,3,4,5,6,7,8,9 +#nice_warning=10,11,12,13,14 +#nice_critical=15,16,17,18,19 +# +# Define the list of processes to export using: +# a comma-separated list of Glances filter +#export=.*firefox.*,pid:1234 + +[ports] +disable=False +# Interval in second between two scans +# Ports scanner plugin configuration +refresh=30 +# Set the default timeout (in second) for a scan (can be overwritten in the scan list) +timeout=3 +# If port_default_gateway is True, add the default gateway on top of the scan list +port_default_gateway=True +# +# Define the scan list (1 < x < 255) +# port_x_host (name or IP) is mandatory +# port_x_port (TCP port number) is optional (if not set, use ICMP) +# port_x_description is optional (if not set, define to host:port) +# port_x_timeout is optional and overwrite the default timeout value +# port_x_rtt_warning is optional and defines the warning threshold in ms +# +#port_1_host=192.168.0.1 +#port_1_port=80 +#port_1_description=Home Box +#port_1_timeout=1 +#port_2_host=www.free.fr +#port_2_description=My ISP +#port_3_host=www.google.com +#port_3_description=Internet ICMP +#port_3_rtt_warning=1000 +#port_4_description=Internet Web +#port_4_host=www.google.com +#port_4_port=80 +#port_4_rtt_warning=1000 +# +# Define Web (URL) monitoring list (1 < x < 255) +# web_x_url is the URL to monitor (example: http://my.site.com/folder) +# web_x_description is optional (if not set, define to URL) +# web_x_timeout is optional and overwrite the default timeout value +# web_x_rtt_warning is optional and defines the warning respond time in ms (approximately) +# +#web_1_url=https://blog.nicolargo.com +#web_1_description=My Blog +#web_1_rtt_warning=3000 +#web_2_url=https://github.com +#web_3_url=http://www.google.fr +#web_3_description=Google Fr +#web_4_url=https://blog.nicolargo.com/nonexist +#web_4_description=Intranet + +[containers] +disable=False +# Only show specific containers (comma-separated list of container name or regular expression) +# Comment this line to display all containers (default configuration) +; show=telegraf +# Hide some containers (comma-separated list of container name or regular expression) +# Comment this line to display all containers (default configuration) +; hide=telegraf +# Define the maximum docker size name (default is 20 chars) +max_name_size=20 +; cpu_careful=50 +# Thresholds for CPU and MEM (in %) +; cpu_warning=70 +; cpu_critical=90 +; mem_careful=20 +; mem_warning=50 +; mem_critical=70 +# +# Per container thresholds +; containername_cpu_careful=10 +; containername_cpu_warning=20 +; containername_cpu_critical=30 +# +# By default, Glances only display running containers +# Set the following key to True to display all containers +all=False +# Define Podman sock +; podman_sock=unix:///run/user/1000/podman/podman.sock + +[amps] +# AMPs configuration are defined in the bottom of this file +disable=False + +[alert] +disable=False +# Maximum number of events to display (default is 10 events) +;max_events=10 +# Minimum duration for an event to be taken into account (default is 6 seconds) +;min_duration=6 +# Minimum time between two events of the same type (default is 6 seconds) +# This is used to avoid too many alerts for the same event +# Events will be merged +;min_interval=6 + +############################################################################## +# Client/server +############################################################################## + +[serverlist] +# Define the static servers list +#server_1_name=localhost +#server_1_alias=My local PC +#server_1_port=61209 +#server_2_name=localhost +#server_2_port=61235 +#server_3_name=192.168.0.17 +#server_3_alias=Another PC on my network +#server_3_port=61209 +#server_4_name=pasbon +#server_4_port=61237 + +[passwords] +# Define the passwords list related to the [serverlist] section +# Syntax: host=password +# Where: host is the hostname +# password is the clear password +# Additionally (and optionally) a default password could be defined +#localhost=abc +#default=defaultpassword +# +# Define the path of the local '.pwd' file (default is system one) +#local_password_path=~/.config/glances + +############################################################################## +# Exports +############################################################################## + +[graph] +# Configuration for the --export graph option +# Set the path where the graph (.svg files) will be created +# Can be overwrite by the --graph-path command line option +path=/tmp +# It is possible to generate the graphs automatically by setting the +# generate_every to a non zero value corresponding to the seconds between +# two generation. Set it to 0 to disable graph auto generation. +generate_every=0 +# See following configuration keys definitions in the Pygal lib documentation +# http://pygal.org/en/stable/documentation/index.html +width=800 +height=600 +style=DarkStyle + +[influxdb] +# !!! +# Will be DEPRECATED in future release. +# Please have a look on the new influxdb2 export module (compatible with InfluxDB 1.8.x and 2.x) +# !!! +# Configuration for the --export influxdb option +# https://influxdb.com/ +host=localhost +port=8086 +protocol=http +user=root +password=root +db=glances +# Prefix will be added for all measurement name +# Ex: prefix=foo +# => foo.cpu +# => foo.mem +# You can also use dynamic values +#prefix=foo +# Following tags will be added for all measurements +# You can also use dynamic values. +# Note: hostname is always added as a tag +#tags=foo:bar,spam:eggs,domain:`domainname` + +[influxdb2] +# Configuration for the --export influxdb2 option +# https://influxdb.com/ +host=localhost +port=8086 +protocol=http +org=nicolargo +bucket=glances +token=EjFUTWe8U-MIseEAkaVIgVnej_TrnbdvEcRkaB1imstW7gapSqy6_6-8XD-yd51V0zUUpDy-kAdVD1purDLuxA== +# Set the interval between two exports (in seconds) +# If the interval is set to 0, the Glances refresh time is used (default behavor) +#interval=0 +# Prefix will be added for all measurement name +# Ex: prefix=foo +# => foo.cpu +# => foo.mem +# You can also use dynamic values +#prefix=foo +# Following tags will be added for all measurements +# You can also use dynamic values. +# Note: hostname is always added as a tag +#tags=foo:bar,spam:eggs,domain:`domainname` + +[cassandra] +# Configuration for the --export cassandra option +# Also works for the ScyllaDB +# https://influxdb.com/ or http://www.scylladb.com/ +host=localhost +port=9042 +protocol_version=3 +keyspace=glances +replication_factor=2 +# If not define, table name is set to host key +table=localhost +# If not define, username and password will not be used +#username=cassandra +#password=password + +[opentsdb] +# Configuration for the --export opentsdb option +# http://opentsdb.net/ +host=localhost +port=4242 +#prefix=glances +#tags=foo:bar,spam:eggs + +[statsd] +# Configuration for the --export statsd option +# https://github.com/etsy/statsd +host=localhost +port=8125 +#prefix=glances + +[elasticsearch] +# Configuration for the --export elasticsearch option +# Data are available via the ES RESTful API. ex: URL//cpu +# https://www.elastic.co +scheme=http +host=localhost +port=9200 +index=glances + +[riemann] +# Configuration for the --export riemann option +# http://riemann.io +host=localhost +port=5555 + +[rabbitmq] +# Configuration for the --export rabbitmq option +host=localhost +port=5672 +user=guest +password=guest +queue=glances_queue +#protocol=amqps + +[mqtt] +# Configuration for the --export mqtt option +host=localhost +# Overwrite device name in the topic +#devicename=localhost +port=8883 +tls=false +user=guest +password=guest +topic=glances +topic_structure=per-metric +callback_api_version=2 + +[couchdb] +# Configuration for the --export couchdb option +# https://www.couchdb.org +host=localhost +port=5984 +db=glances +user=admin +password=admin + +[mongodb] +# Configuration for the --export mongodb option +# https://www.mongodb.com +host=localhost +port=27017 +db=glances +user=root +password=example + +[kafka] +# Configuration for the --export kafka option +# http://kafka.apache.org/ +host=localhost +port=9092 +topic=glances +#compression=gzip +# Tags will be added for all events +#tags=foo:bar,spam:eggs +# You can also use dynamic values +#tags=hostname:`hostname -f` + +[zeromq] +# Configuration for the --export zeromq option +# http://www.zeromq.org +# Use * to bind on all interfaces +host=* +port=5678 +# Glances envelopes the stats in a publish message with two frames: +# - First frame containing the following prefix (STRING) +# - Second frame with the Glances plugin name (STRING) +# - Third frame with the Glances plugin stats (JSON) +prefix=G + +[prometheus] +# Configuration for the --export prometheus option +# https://prometheus.io +# Create a Prometheus exporter listening on localhost:9091 (default configuration) +# Metric are exporter using the following name: +# __{labelkey:labelvalue} +# Note: You should add this exporter to your Prometheus server configuration: +# scrape_configs: +# - job_name: 'glances_exporter' +# scrape_interval: 5s +# static_configs: +# - targets: ['localhost:9091'] +# +# Labels will be added for all measurements (default is src:glances) +# labels=foo:bar,spam:eggs +# You can also use dynamic values +# labels=system:`uname -s` +# +host=localhost +port=9091 +#prefix=glances +labels=src:glances + +[restful] +# Configuration for the --export restful option +# Example, export to http://localhost:6789/ +host=localhost +port=6789 +protocol=http +path=/ + +[graphite] +# Configuration for the --export graphite option +# https://graphiteapp.org/ +host=localhost +port=2003 +# Prefix will be added for all measurement name +prefix=glances +# System name added between the prefix and the stats +# By default, system_name = FQDN +#system_name=mycomputer + +############################################################################## +# AMPS +# * enable: Enable (true) or disable (false) the AMP +# * regex: Regular expression to filter the process(es) +# * refresh: The AMP is executed every refresh seconds +# * one_line: (optional) Force (if true) the AMP to be displayed in one line +# * command: (optional) command to execute when the process is detected (thk to the regex) +# * countmin: (optional) minimal number of processes +# A warning will be displayed if number of process < count +# * countmax: (optional) maximum number of processes +# A warning will be displayed if number of process > count +# * : Others variables can be defined and used in the AMP script +############################################################################## + +[amp_dropbox] +# Use the default AMP (no dedicated AMP Python script) +# Check if the Dropbox daemon is running +# Every 3 seconds, display the 'dropbox status' command line +enable=false +regex=.*dropbox.* +refresh=3 +one_line=false +command=dropbox status +countmin=1 + +[amp_python] +# Use the default AMP (no dedicated AMP Python script) +# Monitor all the Python scripts +# Alert if more than 20 Python scripts are running +enable=false +regex=.*python.* +refresh=3 +countmax=20 + +[amp_conntrack] +# Use comma separated for multiple commands (no space around the comma) +# If the regex key is not defined, the AMP will be executed every refresh second +# and the process count will not be displayed (countmin and countmax will be ignore) +enable=false +refresh=30 +one_line=false +command=sysctl net.netfilter.nf_conntrack_count;sysctl net.netfilter.nf_conntrack_max + +[amp_nginx] +# Use the NGinx AMP +# Nginx status page should be enable (https://easyengine.io/tutorials/nginx/status-page/) +enable=false +regex=\/usr\/sbin\/nginx +refresh=60 +one_line=false +status_url=http://localhost/nginx_status + +[amp_systemd] +# Use the Systemd AMP +enable=false +regex=\/lib\/systemd\/systemd +refresh=30 +one_line=true +systemctl_cmd=/bin/systemctl --plain + +[amp_systemv] +# Use the Systemv AMP +enable=false +regex=\/sbin\/init +refresh=30 +one_line=true +service_cmd=/usr/bin/service --status-all \ No newline at end of file diff --git a/archives/deployarr_v4/includes/mariadb/db_create.sql b/archives/deployarr_v4/includes/mariadb/db_create.sql new file mode 100755 index 0000000..8227821 --- /dev/null +++ b/archives/deployarr_v4/includes/mariadb/db_create.sql @@ -0,0 +1,5 @@ +create database DATABASE_NAME_PLACEHOLDER; +CREATE USER 'DATABASE_USERNAME_PLACEHOLDER' IDENTIFIED BY 'DATABASE_PASSWORD_PLACEHOLDER'; +GRANT ALL ON `DATABASE_NAME_PLACEHOLDER%`.* TO 'DATABASE_USERNAME_PLACEHOLDER'; +flush privileges; +quit \ No newline at end of file diff --git a/archives/deployarr_v4/includes/mosquitto/mosquitto.conf b/archives/deployarr_v4/includes/mosquitto/mosquitto.conf new file mode 100755 index 0000000..0f34be8 --- /dev/null +++ b/archives/deployarr_v4/includes/mosquitto/mosquitto.conf @@ -0,0 +1,15 @@ +# DATA +persistence true +persistence_location /mosquitto/data +log_dest file /mosquitto/log/mosquitto.log + +# USERS +allow_anonymous false +password_file /mosquitto/config/passwd + +# MQTT Default listener +listener 1883 0.0.0.0 + +# MQTT over WebSockets +listener 9001 0.0.0.0 +protocol websockets \ No newline at end of file diff --git a/archives/deployarr_v4/includes/oauth/chain-oauth.yml b/archives/deployarr_v4/includes/oauth/chain-oauth.yml new file mode 100644 index 0000000..187f3cd --- /dev/null +++ b/archives/deployarr_v4/includes/oauth/chain-oauth.yml @@ -0,0 +1,8 @@ +http: + middlewares: + chain-oauth: + chain: + middlewares: + - middlewares-rate-limit + - middlewares-secure-headers + - middlewares-oauth \ No newline at end of file diff --git a/archives/deployarr_v4/includes/oauth/middlewares-oauth.yml b/archives/deployarr_v4/includes/oauth/middlewares-oauth.yml new file mode 100644 index 0000000..4e3f964 --- /dev/null +++ b/archives/deployarr_v4/includes/oauth/middlewares-oauth.yml @@ -0,0 +1,8 @@ +http: + middlewares: + middlewares-oauth: + forwardAuth: + address: "http://oauth:4181" # Make sure you have the OAuth service in docker-compose.yml + trustForwardHeader: true + authResponseHeaders: + - "X-Forwarded-User" \ No newline at end of file diff --git a/archives/deployarr_v4/includes/oauth/oauth-secrets-template b/archives/deployarr_v4/includes/oauth/oauth-secrets-template new file mode 100644 index 0000000..00242e5 --- /dev/null +++ b/archives/deployarr_v4/includes/oauth/oauth-secrets-template @@ -0,0 +1,3 @@ +providers.google.client-id=GOOGLE-CLIENT-ID-PLACEHOLDER +providers.google.client-secret=GOOGLE-CLIENT-SECRET-PLACEHOLDER +secret=OAUTH-SECRET-PLACEHOLDER diff --git a/archives/deployarr_v4/includes/prometheus/prometheus.yml b/archives/deployarr_v4/includes/prometheus/prometheus.yml new file mode 100755 index 0000000..f36fdbc --- /dev/null +++ b/archives/deployarr_v4/includes/prometheus/prometheus.yml @@ -0,0 +1,3 @@ +global: + scrape_interval: 60s # By default, scrape targets every 15 seconds. + evaluation_interval: 60s # Evaluate rules every 15 seconds. The default is every 1 minute. \ No newline at end of file diff --git a/archives/deployarr_v4/includes/qbittorrent/qBittorrent.conf b/archives/deployarr_v4/includes/qbittorrent/qBittorrent.conf new file mode 100755 index 0000000..572b4b7 --- /dev/null +++ b/archives/deployarr_v4/includes/qbittorrent/qBittorrent.conf @@ -0,0 +1,39 @@ +[AutoRun] +enabled=false +program= + +[BitTorrent] +Session\Port=6881 +Session\QueueingSystemEnabled=true +Session\TempPath=/data/downloads/torrents/incomplete/ +Session\DefaultSavePath=/data/downloads/torrents/others/ +Session\FinishedTorrentExportDirectory=/data/downloads/torrents/indexes/completed/ +Session\TorrentExportDirectory=/data/downloads/torrents/indexes/ + +[LegalNotice] +Accepted=true + +[Meta] +MigrationVersion=6 + +[Network] +Cookies=@Invalid() +PortForwardingEnabled=false +Proxy\HostnameLookupEnabled=false +Proxy\Profiles\BitTorrent=true +Proxy\Profiles\Misc=true +Proxy\Profiles\RSS=true + +[Preferences] +Connection\PortRangeMin=6881 +Connection\UPnP=false +Downloads\SavePath=/downloads/completed/ +Downloads\TempPath=/downloads/incomplete/ +Downloads\TorrentExportDir=/downloads/indexes/ +Downloads\TempPathEnabled=true +Downloads\FinishedTorrentExportDir=/downloads/indexes/ +WebUI\Address=* +WebUI\Password_PBKDF2="@ByteArray(ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==)" +WebUI\ServerDomains=* +WebUI\HTTPS\Enabled=false +WebUI\HostHeaderValidation=false diff --git a/archives/deployarr_v4/includes/rclone/rclone-mount-template.service b/archives/deployarr_v4/includes/rclone/rclone-mount-template.service new file mode 100755 index 0000000..8986be5 --- /dev/null +++ b/archives/deployarr_v4/includes/rclone/rclone-mount-template.service @@ -0,0 +1,43 @@ +[Unit] +Description=Rclone SMB +Wants=network-online.target +After=network-online.target + +[Service] +Type=notify +ExecStart=/usr/bin/rclone mount REMOTE-NAME-PLACEHOLDER: REMOTE-MOUNTPOINT-PLACEHOLDER \ +#--read-only \ +--config /home/USERNAME-PLACEHOLDER/docker/appdata/rclone/rclone.conf \ +--log-file=/home/USERNAME-PLACEHOLDER/docker/logs/HOSTNAME-PLACEHOLDER/rclone-REMOTE-NAME-PLACEHOLDER.log \ +--log-level NOTICE \ +--allow-other \ +--no-modtime \ +--umask 002 \ +--user-agent HOSTNAME-PLACEHOLDER \ +--dir-cache-time 24h \ +--buffer-size 128M \ +--vfs-fast-fingerprint \ +--vfs-cache-mode full \ +--vfs-cache-max-age 336h \ +--cache-dir=REMOTE-CACHEDIR-PLACEHOLDER \ +--vfs-cache-max-size REMOTE-CACHESIZE-PLACEHOLDERG \ +--vfs-read-chunk-size-limit 10G \ +--vfs-refresh \ +#--rc \ +#--rc-web-gui \ +#--rc-addr :5572 \ +#--rc-web-gui-no-open-browser \ +#--rc-no-auth \ +#--rc-user= \ +#--rc-pass= \ +--use-mmap +ExecStop=/bin/fusermount -uz REMOTE-MOUNTPOINT-PLACEHOLDER +#ExecStartPost=/usr/bin/rclone rc vfs/refresh recursive=true --rc-addr :5572 _async=true +Restart=on-abort +User=USERNAME-PLACEHOLDER +Group=USERNAME-PLACEHOLDER +KillMode=mixed +RestartSec=5 + +[Install] +WantedBy=default.target diff --git a/archives/deployarr_v4/includes/rclone/rclone-template.conf b/archives/deployarr_v4/includes/rclone/rclone-template.conf new file mode 100755 index 0000000..9f65abf --- /dev/null +++ b/archives/deployarr_v4/includes/rclone/rclone-template.conf @@ -0,0 +1,6 @@ +[REMOTE-NAME-PLACEHOLDER] +type = smb +host = REMOTE-HOST-PLACEHOLDER +user = REMOTE-USER-PLACEHOLDER +pass = REMOTE-PASSWORD-HASHED-PLACEHOLDER +idle_timeout = 0s diff --git a/archives/deployarr_v4/includes/rclone/start-media-after-boot.service b/archives/deployarr_v4/includes/rclone/start-media-after-boot.service new file mode 100755 index 0000000..5eded72 --- /dev/null +++ b/archives/deployarr_v4/includes/rclone/start-media-after-boot.service @@ -0,0 +1,9 @@ +[Unit] +Description=start-media-after-boot +After=network.target + +[Service] +ExecStart=SMAB-PATH-PLACEHOLDER + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/archives/deployarr_v4/includes/rclone/start-media-after-boot.sh b/archives/deployarr_v4/includes/rclone/start-media-after-boot.sh new file mode 100755 index 0000000..9f8a381 --- /dev/null +++ b/archives/deployarr_v4/includes/rclone/start-media-after-boot.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# All containers (profile "media") that access rclone/MergerFS mounts set to NOT restart automatically at boot time. +# This is because, rclone can take a few seconds/minutes to mount remote drives. +# This script checks the required mounts every 5 seconds and as soon as required drives are mounted, it starts the "media" containers. + +# CHECKING FOR DRIVE MOUNTS +num_drives=1 # number of mounts to check +# Drive 1 +drive1="REMOTE-MOUNTPOINT-PLACEHOLDER" +drive1_seconds=0 +drive1_status=0 +# Drive 2 - not used +# drive2="" +# drive2_seconds=0 +# drive2_status=0 + +mounted=0 +rounds=0 + +while [[ "$mounted" -ne "$num_drives" ]]; do + if [[ "$(systemctl is-active docker)" == "active" ]]; then + # Drive 1 + if mount | grep ${drive1} > /dev/null; then + if [[ "$drive1_status" -eq 0 ]]; then + mounted=$((mounted+1)) + drive1_seconds=$((rounds * 5)) + drive1_status=1 + fi + fi + + # Drive 2 + # if mount | grep ${drive2} > /dev/null; then + # if [[ "$drive2_status" -eq 0 ]]; then + # mounted=$((mounted+1)) + # drive2_seconds=$((rounds * 5)) + # drive2_status=1 + # fi + # fi + + # Timeout if mounting is not successful after 15 min (180x5) + if [[ $rounds -eq 180 ]]; then + break + fi + sleep 5 + rounds=$((rounds + 1)) + fi +done + +STARTSTOP_DATE=$(date) + +if [[ "$mounted" -eq "$num_drives" ]]; then + sudo docker compose --profile media -f COMPOSE-FILE-PLACEHOLDER up -d + echo "$STARTSTOP_DATE: Media containers started" >> SMAB-LOG-PLACEHOLDER +else + sudo docker compose --profile media -f COMPOSE-FILE-PLACEHOLDER down + echo "$STARTSTOP_DATE: Media containers start failed" >> SMAB-ERR-PLACEHOLDER +fi \ No newline at end of file diff --git a/archives/deployarr_v4/includes/scrutiny/scrutiny.yaml b/archives/deployarr_v4/includes/scrutiny/scrutiny.yaml new file mode 100755 index 0000000..863a57a --- /dev/null +++ b/archives/deployarr_v4/includes/scrutiny/scrutiny.yaml @@ -0,0 +1,107 @@ +# Commented Scrutiny Configuration File +# +# The default location for this file is /opt/scrutiny/config/scrutiny.yaml. +# In some cases to improve clarity default values are specified, +# uncommented. Other example values are commented out. +# +# When this file is parsed by Scrutiny, all configuration file keys are +# lowercased automatically. As such, Configuration keys are case-insensitive, +# and should be lowercase in this file to be consistent with usage. + + +###################################################################### +# Version +# +# version specifies the version of this configuration file schema, not +# the scrutiny binary. There is only 1 version available at the moment +version: 1 + +web: + listen: + port: 8080 + host: 0.0.0.0 + + # if you're using a reverse proxy like apache/nginx, you can override this value to serve scrutiny on a subpath. + # eg. http://example.com/scrutiny/* vs http://example.com:8080 + # see docs/TROUBLESHOOTING_REVERSE_PROXY.md + # basepath: `/scrutiny` + # leave empty unless behind a path prefixed proxy + basepath: '' + database: + # can also set absolute path here + location: /opt/scrutiny/config/scrutiny.db + src: + # the location on the filesystem where scrutiny javascript + css is located + frontend: + path: /opt/scrutiny/web + + # if you're running influxdb on a different host (or using a cloud-provider) you'll need to update the host & port below. + # token, org, bucket are unnecessary for a new InfluxDB installation, as Scrutiny will automatically run the InfluxDB setup, + # and store the information in the config file. If you 're re-using an existing influxdb installation, you'll need to provide + # the `token` + + # Token permissions initially all access. Then 4 buckets and then read only access to all other resources. + influxdb: + scheme: 'http' + host: SCRUTINY-INFLUXDB-HOST-PLACEHOLDER + port: SCRUTINY-INFLUXDB-PORT-PLACEHOLDER + token: 'SCRUTINY-INFLUXDB-TOKEN-PLACEHOLDER' + org: 'SCRUTINY-INFLUXDB-ORG-PLACEHOLDER' + bucket: 'SCRUTINY-INFLUXDB-BUCKET-PLACEHOLDER' + retention_policy: true + # if you wish to disable TLS certificate verification, + # when using self-signed certificates for example, + # then uncomment the lines below and set `insecure_skip_verify: true` + # tls: + # insecure_skip_verify: true + +log: + file: '' #absolute or relative paths allowed, eg. web.log + level: INFO + +# Notification "urls" look like the following. For more information about service specific configuration see +# Shoutrrr's documentation: https://containrrr.dev/shoutrrr/services/overview/ +# +# note, usernames and passwords containing special characters will need to be urlencoded. +# if your username is: "myname@example.com" and your password is "124@34$1" +# your shoutrrr url will look like: "smtp://myname%40example%2Ecom:124%4034%241@ms.my.domain.com:587" + +#notify: +# urls: +# - "discord://token@webhookid" +# - "telegram://token@telegram?channels=channel-1[,channel-2,...]" +# - "pushover://shoutrrr:apiToken@userKey/?priority=1&devices=device1[,device2, ...]" +# - "slack://[botname@]token-a/token-b/token-c" +# - "smtp://username:password@host:port/?fromAddress=fromAddress&toAddresses=recipient1[,recipient2,...]" +# - "teams://token-a/token-b/token-c" +# - "gotify://gotify-host/token" +# - "pushbullet://api-token[/device/#channel/email]" +# - "ifttt://key/?events=event1[,event2,...]&value1=value1&value2=value2&value3=value3" +# - "mattermost://[username@]mattermost-host/token[/channel]" +# - "ntfy://username:password@host:port/topic" +# - "hangouts://chat.googleapis.com/v1/spaces/FOO/messages?key=bar&token=baz" +# - "zulip://bot-mail:bot-key@zulip-domain/?stream=name-or-id&topic=name" +# - "join://shoutrrr:api-key@join/?devices=device1[,device2, ...][&icon=icon][&title=title]" +# - "script:///file/path/on/disk" +# - "https://www.example.com/path" + +######################################################################################################################## +# FEATURES COMING SOON +# +# The following commented out sections are a preview of additional configuration options that will be available soon. +# +######################################################################################################################## + +#limits: +# ata: +# critical: +# error: 10 +# standard: +# error: 20 +# warn: 10 +# scsi: +# critical: true +# standard: true +# nvme: +# critical: true +# standard: true \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/app-http-template.yml b/archives/deployarr_v4/includes/traefik/app-http-template.yml new file mode 100755 index 0000000..9e1d928 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/app-http-template.yml @@ -0,0 +1,17 @@ +http: + routers: + APPNAME-PLACEHOLDER-rtr: + rule: "Host(`APPNAME-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)" + entryPoints: + - websecure + middlewares: + - CHAIN-PLACEHOLDER + service: APPNAME-PLACEHOLDER-svc + tls: + certResolver: dns-cloudflare + options: tls-opts@file + services: + APPNAME-PLACEHOLDER-svc: + loadBalancer: + servers: + - url: "APP-URL-PLACEHOLDER" # http://IP-ADDRESS:PORT \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/app-https-ssc-template.yml b/archives/deployarr_v4/includes/traefik/app-https-ssc-template.yml new file mode 100755 index 0000000..f6593dd --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/app-https-ssc-template.yml @@ -0,0 +1,22 @@ +http: + routers: + APPNAME-PLACEHOLDER-rtr: + rule: "Host(`APPNAME-PLACEHOLDER.{{env "DOMAINNAME_1"}}`)" + entryPoints: + - websecure + middlewares: + - CHAIN-PLACEHOLDER + service: APPNAME-PLACEHOLDER-svc + tls: + certResolver: dns-cloudflare + options: tls-opts@file + services: + APPNAME-PLACEHOLDER-svc: + loadBalancer: + passHostHeader: true + serversTransport: "APPNAME-PLACEHOLDER" + servers: + - url: "APP-URL-PLACEHOLDER" # https://IP-ADDRESS:PORT + serversTransports: + APPNAME-PLACEHOLDER: + insecureSkipVerify: true \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/chain-basic-auth.yml b/archives/deployarr_v4/includes/traefik/chain-basic-auth.yml new file mode 100644 index 0000000..9a337b7 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/chain-basic-auth.yml @@ -0,0 +1,9 @@ +http: + middlewares: + chain-basic-auth: + chain: + middlewares: + - middlewares-rate-limit + - middlewares-secure-headers + - middlewares-basic-auth + # - middlewares-compress diff --git a/archives/deployarr_v4/includes/traefik/chain-no-auth.yml b/archives/deployarr_v4/includes/traefik/chain-no-auth.yml new file mode 100644 index 0000000..89dd68d --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/chain-no-auth.yml @@ -0,0 +1,8 @@ +http: + middlewares: + chain-no-auth: + chain: + middlewares: + - middlewares-rate-limit + - middlewares-secure-headers + # - middlewares-compress diff --git a/archives/deployarr_v4/includes/traefik/domain-passthrough-template.yml b/archives/deployarr_v4/includes/traefik/domain-passthrough-template.yml new file mode 100755 index 0000000..83b9565 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/domain-passthrough-template.yml @@ -0,0 +1,14 @@ +tcp: + routers: + HOST-PLACEHOLDER-rtr: + entryPoints: + - websecure + rule: "HostSNIRegexp(`DOMAINNAME-VARIABLE-PLACEHOLDER`) || HostSNIRegexp(`{subdomain:[a-z]+}.DOMAINNAME-VARIABLE-PLACEHOLDER`)" + service: HOST-PLACEHOLDER-svc + tls: + passthrough: true + services: + HOST-PLACEHOLDER-svc: + loadBalancer: + servers: + - address: "HOST-IP-PLACEHOLDER:443" \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/labels-auth-bypass-template.yml b/archives/deployarr_v4/includes/traefik/labels-auth-bypass-template.yml new file mode 100755 index 0000000..574fcdf --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/labels-auth-bypass-template.yml @@ -0,0 +1,6 @@ + # Auth Bypass + - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.entrypoints=websecure" + - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.rule=Host(`APAPPNAME-PLACEHOLDER.$DOMAINNAME_1`) && Header(`traefik-auth-bypass-key`, `$TRAEFIK_AUTH_BYPASS_KEY`)" # Bypass Auth for LunaSea on iOS + - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.priority=100" + - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.middlewares=chain-no-auth@file" + - "traefik.http.routers.APAPPNAME-PLACEHOLDER-rtr-bypass.service=APAPPNAME-PLACEHOLDER-svc" \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/middlewares-basic-auth.yml b/archives/deployarr_v4/includes/traefik/middlewares-basic-auth.yml new file mode 100644 index 0000000..c0fcab9 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/middlewares-basic-auth.yml @@ -0,0 +1,8 @@ +http: + middlewares: + middlewares-basic-auth: + basicAuth: + # users: + # - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1" + usersFile: "/run/secrets/basic_auth_credentials" + realm: "Traefik Basic Auth" \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/middlewares-buffering.yml b/archives/deployarr_v4/includes/traefik/middlewares-buffering.yml new file mode 100644 index 0000000..9061d71 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/middlewares-buffering.yml @@ -0,0 +1,9 @@ +http: + middlewares: + middlewares-buffering: + buffering: + maxResponseBodyBytes: 2000000 + maxRequestBodyBytes: 10485760 + memRequestBodyBytes: 2097152 + memResponseBodyBytes: 2097152 + retryExpression: "IsNetworkError() && Attempts() <= 2" diff --git a/archives/deployarr_v4/includes/traefik/middlewares-compress.yml b/archives/deployarr_v4/includes/traefik/middlewares-compress.yml new file mode 100644 index 0000000..b4295a3 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/middlewares-compress.yml @@ -0,0 +1,4 @@ +http: + middlewares: + middlewares-compress: + compress: {} diff --git a/archives/deployarr_v4/includes/traefik/middlewares-rate-limit.yml b/archives/deployarr_v4/includes/traefik/middlewares-rate-limit.yml new file mode 100644 index 0000000..35150be --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/middlewares-rate-limit.yml @@ -0,0 +1,6 @@ +http: + middlewares: + middlewares-rate-limit: + rateLimit: + average: 100 + burst: 50 diff --git a/archives/deployarr_v4/includes/traefik/middlewares-secure-headers.yml b/archives/deployarr_v4/includes/traefik/middlewares-secure-headers.yml new file mode 100644 index 0000000..0adc6f2 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/middlewares-secure-headers.yml @@ -0,0 +1,25 @@ +http: + middlewares: + middlewares-secure-headers: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - PUT + accessControlMaxAge: 100 + hostsProxyHeaders: + - "X-Forwarded-Host" + stsSeconds: 63072000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works. + customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: "same-origin" + permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()" + customResponseHeaders: + X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," # disable search engines from indexing home server + server: "" # hide server info from visitors + customRequestHeaders: + X-Forwarded-Proto: https \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/t2_proxy_network.yml b/archives/deployarr_v4/includes/traefik/t2_proxy_network.yml new file mode 100755 index 0000000..54791a0 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/t2_proxy_network.yml @@ -0,0 +1,8 @@ + t2_proxy: + name: t2_proxy + driver: bridge + ipam: + config: + - subnet: 192.168.90.0/24 + # NETWORKS-PLACEHOLDER-DO-NOT-DELETE + \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/t3_proxy_network.yml b/archives/deployarr_v4/includes/traefik/t3_proxy_network.yml new file mode 100755 index 0000000..cc90c98 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/t3_proxy_network.yml @@ -0,0 +1,8 @@ + t3_proxy: + name: t3_proxy + driver: bridge + ipam: + config: + - subnet: 192.168.90.0/24 + # NETWORKS-PLACEHOLDER-DO-NOT-DELETE + \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/tls-opts.yml b/archives/deployarr_v4/includes/traefik/tls-opts.yml new file mode 100644 index 0000000..df38411 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/tls-opts.yml @@ -0,0 +1,19 @@ +tls: + options: + tls-opts: + minVersion: VersionTLS12 + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507 + curvePreferences: + - CurveP521 + - CurveP384 + sniStrict: true diff --git a/archives/deployarr_v4/includes/traefik/traefik.yml b/archives/deployarr_v4/includes/traefik/traefik.yml new file mode 100644 index 0000000..d3c831d --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/traefik.yml @@ -0,0 +1,123 @@ +global: + checkNewVersion: true + sendAnonymousUsage: false + +serversTransport: + insecureSkipVerify: true + +entryPoints: + # HTTP Endpoint + web: + address: ":80" + forwardedHeaders: + trustedIPs: &trustedIps + # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/ + - 173.245.48.0/20 + - 103.21.244.0/22 + - 103.22.200.0/22 + - 103.31.4.0/22 + - 141.101.64.0/18 + - 108.162.192.0/18 + - 190.93.240.0/20 + - 188.114.96.0/20 + - 197.234.240.0/22 + - 198.41.128.0/17 + - 162.158.0.0/15 + - 104.16.0.0/13 + - 104.24.0.0/14 + - 172.64.0.0/13 + - 131.0.72.0/22 + - 2400:cb00::/32 + - 2606:4700::/32 + - 2803:f800::/32 + - 2405:b500::/32 + - 2405:8100::/32 + - 2a06:98c0::/29 + - 2c0f:f248::/32 + # Local IPs + - 127.0.0.1/32 + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/12 + http: + redirections: + entryPoint: + to: websecure + scheme: https + permanent: true + + # HTTPS endpoint, with domain wildcard + websecure: + address: ":443" + forwardedHeaders: + # Reuse list of Cloudflare Trusted IP's above for HTTPS requests + trustedIPs: *trustedIps + http: + tls: + # TLS Options File inside rules folder + options: tls-opts@file + # Add letsencrypt as default certresolver for all services. + # Also enables TLS (see below) and no need to specify on individual services + certResolver: letsencrypt + domains: + - main: {{env "DOMAINNAME"}} + sans: + - '*.{{env "DOMAINNAME"}}' + # traefik: + # address: :8080 + +# Enable Traefik Dashboard +api: + dashboard: true + insecure: true + +# Log level +# (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC +log: + level: DEBUG + filePath: /logs/traefik.log +accessLog: + filePath: /logs/access.log + bufferingSize: 100 + filters: + statusCodes: + - "204-299" + - "400-499" + - "500-599" + retryAttempts: true + minDuration: "10ms" + +providers: + providersThrottleDuration: 2s + docker: + watch: true + # Use Docker Socket Proxy instead for improved security + # endpoint: "unix:///var/run/docker.sock" + endpoint: "tcp://socket-proxy:2375" + exposedByDefault: false + network: traefik_proxy + swarmMode: false + # File provider for connecting things that are outside of docker / defining middleware + file: + # Only works on top level files in the rules folder + watch: true + # Load dynamic configuration from one or more .toml or .yml files in a directory + directory: /rules + +# Use letsencrypt to generate ssl serficiates +certificatesResolvers: + # previously dns-cloudflare + letsencrypt: + acme: + # LetsEncrypt Staging Server - uncomment when testing + # caServer: https://acme-staging-v02.api.letsencrypt.org/directory + email: {{env "CLOUDFLARE_EMAIL"}} + storage: /acme.json + dnsChallenge: + provider: cloudflare + # Used to make sure the dns challenge is propagated to the rights dns servers + resolvers: + - "1.1.1.1:53" + - "1.0.0.1:53" + # To delay DNS check and reduce LE hitrate + delayBeforeCheck: 90 \ No newline at end of file diff --git a/archives/deployarr_v4/includes/traefik/traefik_global_secrets_template.yml b/archives/deployarr_v4/includes/traefik/traefik_global_secrets_template.yml new file mode 100755 index 0000000..d9ab9f3 --- /dev/null +++ b/archives/deployarr_v4/includes/traefik/traefik_global_secrets_template.yml @@ -0,0 +1,4 @@ + SECRET-NAME-PLACEHOLDER: + file: $DOCKERDIR/secrets/SECRET-NAME-PLACEHOLDER + # SECRETS-PLACEHOLDER-DO-NOT-DELETE + \ No newline at end of file diff --git a/archives/deployarr_v4/scripts/iptables-reset.sh b/archives/deployarr_v4/scripts/iptables-reset.sh new file mode 100755 index 0000000..dfc9cff --- /dev/null +++ b/archives/deployarr_v4/scripts/iptables-reset.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# IPv6 + +## +## set default policies to let everything in +ip6tables --policy INPUT ACCEPT; +ip6tables --policy OUTPUT ACCEPT; +ip6tables --policy FORWARD ACCEPT; + +## +## start fresh +ip6tables -Z; # zero counters +ip6tables -F; # flush (delete) rules +ip6tables -X; # delete all extra chains + +# IPv4 + +## +## set default policies to let everything in +iptables --policy INPUT ACCEPT; +iptables --policy OUTPUT ACCEPT; +iptables --policy FORWARD ACCEPT; + +## +## start fresh +iptables -Z; # zero counters +iptables -F; # flush (delete) rules +iptables -X; # delete all extra chains