commit c1a4025697b5a667b4046237d827a610c11688bb Author: Enrico Date: Sun Mar 15 01:00:14 2026 +0100 first commit diff --git a/administration/docker-compose.yml b/administration/docker-compose.yml new file mode 100644 index 0000000..26046a9 --- /dev/null +++ b/administration/docker-compose.yml @@ -0,0 +1,50 @@ +services: + portainer: + container_name: portainer + image: portainer/portainer-ce:sts + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + networks: + - administration + - media + - misc + - productivity + - overleaf + + pocket-id: + image: ghcr.io/pocket-id/pocket-id:v2 + container_name: pocketid + restart: unless-stopped + env_file: .env + networks: + - administration + - media + - misc + - productivity + - overleaf + volumes: + - "./pocket-id:/app/data" + healthcheck: + test: [ "CMD", "/app/pocket-id", "healthcheck" ] + interval: 1m30s + timeout: 5s + retries: 2 + start_period: 10s + +volumes: + portainer_data: + name: portainer_data + +networks: + administration: + external: true + media: + external: true + misc: + external: true + productivity: + external: true + overleaf: + external: true diff --git a/media/docker-compose.yml b/media/docker-compose.yml new file mode 100644 index 0000000..171d9e4 --- /dev/null +++ b/media/docker-compose.yml @@ -0,0 +1,162 @@ +services: + radarr: + image: lscr.io/linuxserver/radarr:latest + container_name: radarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./radarr:/config + - /mnt/media/jellyfin/movies:/movies + - /mnt/media/downloads:/downloads + networks: + - media + restart: unless-stopped + + sonarr: + image: lscr.io/linuxserver/sonarr:latest + container_name: sonarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./sonarr:/config + - /mnt/media/jellyfin/series:/tv + - /mnt/media/downloads:/downloads + networks: + - media + restart: unless-stopped + + qbittorrent: + image: lscr.io/linuxserver/qbittorrent:latest + container_name: qbittorrent + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - WEBUI_PORT=8080 + - TORRENTING_PORT=6881 + volumes: + - ./qbittorrent/appdata:/config + - /mnt/media/downloads:/downloads #optional + ports: + - 6881:6881 + - 6881:6881/udp + networks: + - media + restart: unless-stopped + + prowlarr: + image: lscr.io/linuxserver/prowlarr:latest + container_name: prowlarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./prowlarr:/config + networks: + - media + restart: unless-stopped + + bazarr: + image: lscr.io/linuxserver/bazarr:latest + container_name: bazarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./bazarr:/config + - /mnt/media/jellyfin/movies:/movies + - /mnt/media/jellyfin/series:/tv + networks: + - media + restart: unless-stopped + + jellyfin: + image: jellyfin/jellyfin + container_name: jellyfin + user: 1000:1000 + networks: + - media + group_add: + - 992 + restart: unless-stopped + environment: + - JELLYFIN_PublishedServerUrl=https://jellyfin.focaccinacamog.li + extra_hosts: + - "host.docker.internal:host-gateway" + devices: + - /dev/dri:/dev/dri # Intel GPU VAAPI + volumes: + - type: bind + source: ./jellyfin/config + target: /config + - type: bind + source: ./jellyfin/cache + target: /cache + - type: bind + source: /mnt/media/jellyfin + target: /media + read_only: true + - type: bind + source: /usr/share/fonts/truetype + target: /usr/local/share/fonts/custom + read_only: true + + seerr: + image: ghcr.io/seerr-team/seerr:latest + init: true + container_name: seerr + user: 1000:1000 + networks: + - media + environment: + - LOG_LEVEL=debug + - TZ=Etc/UTC + - PORT=5055 + volumes: + - ./seerr:/app/config + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1 + start_period: 20s + timeout: 3s + interval: 15s + retries: 3 + restart: unless-stopped + + navidrome: + image: deluan/navidrome:latest + container_name: navidrome + user: 1000:1000 + restart: unless-stopped + volumes: + - "./navidrome/data:/data" + - "/mnt/media/music:/music:ro" + environment: + - ND_LASTFM_APIKEY=${LASTFM_APIKEY} + - ND_LASTFM_SECRET=${LASTFM_SECRET} + networks: + - media + + lidarr: + image: lscr.io/linuxserver/lidarr:latest + container_name: lidarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./lidarr/config:/config + - /mnt/media/music:/music + - /mnt/media/downloads:/downloads + restart: unless-stopped + networks: + - media + +networks: + media: + external: true diff --git a/misc/docker-compose.yml b/misc/docker-compose.yml new file mode 100644 index 0000000..8ad6b0c --- /dev/null +++ b/misc/docker-compose.yml @@ -0,0 +1,16 @@ +services: + kiwix: + image: ghcr.io/kiwix/kiwix-serve:3.8.2 + container_name: kiwix + restart: unless-stopped + networks: + - misc + ports: + - "8099:8080" + volumes: + - /mnt/media/kiwix:/data + command: ["/data/wikipedia_en_all_maxi_2025-08.zim"] + +networks: + misc: + external: true diff --git a/network/docker-compose.yml b/network/docker-compose.yml new file mode 100644 index 0000000..be7cd5f --- /dev/null +++ b/network/docker-compose.yml @@ -0,0 +1,96 @@ +services: + + nginxpm: + image: jc21/nginx-proxy-manager:latest + container_name: nginxpm + restart: unless-stopped + ports: + - "80:80" + - "81:81" + - "443:443" + environment: + PUID: 1000 + PGID: 1000 + volumes: + - ./nginxpm/data:/data + - ./nginxpm/letsencrypt:/etc/letsencrypt + - ./nginxpm/custom:/data/nginx/custom + networks: + - proxy + - media + - misc + - productivity + - overleaf + - administration + + adguard: + image: adguard/adguardhome:latest + container_name: adguard + restart: unless-stopped + ports: + - "53:53/tcp" + - "53:53/udp" + - "3000:3000" + volumes: + - ./adguard/conf:/opt/adguardhome/conf + - ./adguard/work:/opt/adguardhome/work + networks: + - proxy + + wg-easy: + image: ghcr.io/wg-easy/wg-easy:latest + container_name: wg-easy + restart: unless-stopped + environment: + - LANG=en + - WG_HOST=focaccinacamog.li + - PASSWORD_HASH=${WG_EASY_PW_HASH} + - WG_PORT=51820 + - WG_DEFAULT_ADDRESS=10.8.0.x + - WG_DEFAULT_DNS=172.20.0.2 + - WG_ALLOWED_IPS=0.0.0.0/0 + - WG_PERSISTENT_KEEPALIVE=25 + volumes: + - ./wireguard:/etc/wireguard + ports: + - "51820:51820/udp" + - "51821:51821/tcp" # UI web + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + networks: + - proxy + + fail2ban: + image: lscr.io/linuxserver/fail2ban:latest + container_name: fail2ban + cap_add: + - NET_ADMIN + - NET_RAW + network_mode: host + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - VERBOSITY=-vv + volumes: + - ./fail2ban/config:/config + - /var/log:/var/log:ro + restart: unless-stopped + +networks: + proxy: + driver: bridge + media: + external: true + misc: + external: true + productivity: + external: true + overleaf: + external: true + administration: + external: true diff --git a/productivity/docker-compose.onlyoffice.yml b/productivity/docker-compose.onlyoffice.yml new file mode 100644 index 0000000..e5edc34 --- /dev/null +++ b/productivity/docker-compose.onlyoffice.yml @@ -0,0 +1,75 @@ +services: + onlyoffice-documentserver: + build: + context: . + image: onlyoffice/documentserver + container_name: onlyoffice-documentserver + depends_on: + - onlyoffice-postgresql + - onlyoffice-rabbitmq + environment: + - DB_TYPE=postgres + - DB_HOST=onlyoffice-postgresql + - DB_PORT=5432 + - DB_NAME=onlyoffice + - DB_USER=onlyoffice + - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq + - JWT_ENABLED=true + - JWT_SECRET=${ONLYOFFICE_JWT_SECRET} + - JWT_HEADER= + networks: + - productivity + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"] + interval: 30s + retries: 5 + start_period: 60s + timeout: 10s + stdin_open: true + restart: always + stop_grace_period: 60s + volumes: + - /var/www/onlyoffice/Data + - /var/log/onlyoffice + - /var/lib/onlyoffice/documentserver/App_Data/cache/files + - /var/www/onlyoffice/documentserver-example/public/files + - /usr/share/fonts + + onlyoffice-rabbitmq: + container_name: onlyoffice-rabbitmq + image: rabbitmq:3 + restart: always + networks: + - productivity + healthcheck: + test: ["CMD", "rabbitmq-diagnostics", "status"] + interval: 10s + retries: 3 + start_period: 10s + timeout: 10s + + onlyoffice-postgresql: + container_name: onlyoffice-postgresql + image: postgres:15 + environment: + - POSTGRES_DB=onlyoffice + - POSTGRES_USER=onlyoffice + - POSTGRES_HOST_AUTH_METHOD=trust + restart: always + networks: + - productivity + volumes: + - postgresql_data:/var/lib/postgresql + healthcheck: + test: ["CMD-SHELL", "pg_isready -U onlyoffice"] + interval: 10s + retries: 3 + start_period: 10s + timeout: 10s + +volumes: + postgresql_data: + +networks: + productivity: + external: true diff --git a/productivity/docker-compose.yml b/productivity/docker-compose.yml new file mode 100644 index 0000000..ed406a7 --- /dev/null +++ b/productivity/docker-compose.yml @@ -0,0 +1,130 @@ +services: + nextcloud: + image: nextcloud:latest + container_name: nextcloud + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - POSTGRES_HOST=postgres + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + volumes: + - ./nextcloud/config:/config + - ~/data/nextcloud:/data + ports: + - 9443:80 + restart: unless-stopped + env_file: + - .env + networks: + - productivity + + gitea: + image: docker.gitea.com/gitea:1.25.4-rootless + restart: always + user: 1000:1000 + volumes: + - ~/data/git/data:/var/lib/gitea + - ./gitea/config:/etc/gitea + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + networks: + - productivity + + code-server: + image: lscr.io/linuxserver/code-server:latest + container_name: code-server + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - PASSWORD=${CODE_PASSWORD} + - DEFAULT_WORKSPACE=/repositories + volumes: + - ./code/config:/config + - ~/data/git/data/git/repositories:/repositories + restart: unless-stopped + networks: + - productivity + + sharelatex: + restart: always + image: sharelatex/sharelatex + container_name: sharelatex + depends_on: + mongo: + condition: service_healthy + redis: + condition: service_started + networks: + - overleaf + stop_grace_period: 60s + volumes: + - ./overleaf/sharelatex_data:/var/lib/overleaf + environment: + OVERLEAF_APP_NAME: Overleaf Community Edition + OVERLEAF_MONGO_URL: mongodb://mongo/sharelatex + OVERLEAF_REDIS_HOST: redis + REDIS_HOST: redis + ENABLED_LINKED_FILE_TYPES: "project_file,project_output_file" + ENABLE_CONVERSIONS: "true" + EMAIL_CONFIRMATION_DISABLED: "true" + SANDBOXED_COMPILES: "true" + SANDBOXED_COMPILES_HOST_DIR_COMPILES: "./overleaf/sharelatex_data/data/compiles" + SANDBOXED_COMPILES_HOST_DIR_OUTPUT: "./overleaf/sharelatex_data/data/output" + DOCKER_RUNNER: "true" + SANDBOXED_COMPILES_SIBLING_CONTAINERS: "true" + + mongo: + restart: always + image: mongo + container_name: mongo + command: "--replSet overleaf" + volumes: + - ./overleaf/mongo_data:/data/db + - ./overleaf/bin/shared/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js + environment: + MONGO_INITDB_DATABASE: sharelatex + extra_hosts: + - mongo:127.0.0.1 + networks: + - overleaf + healthcheck: + test: echo 'db.stats().ok' | mongosh localhost:27017/test --quiet + interval: 10s + timeout: 10s + retries: 5 + + redis: + restart: always + image: redis:6.2 + container_name: redis + networks: + - overleaf + volumes: + - ./overleaf/redis_data:/data + + postgres: + image: postgres:11 + container_name: postgres_nextcloud + restart: unless-stopped + volumes: + - ./postgres/dbdata:/var/lib/postgresql/data + - ./postgres/dbdata/init:/docker-entrypoint-initdb.d + env_file: + - .env + environment: + - PGDATA=/var/lib/postgresql/data/nextcloud/ + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + networks: + - productivity + +networks: + productivity: + external: true + overleaf: + external: true