diff --git a/freeipa.yml b/freeipa.yml new file mode 100644 index 0000000..75eb50a --- /dev/null +++ b/freeipa.yml @@ -0,0 +1,25 @@ +version: "3" +services: + master: + image: freeipa/freeipa-server:fedora-36 + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + - "/containers/data/freeipa/data:/data" + - "/opt/ipabackups:/var/lib/ipa/backup" + read_only: true + ports: + - 60443:443 + - 389:389 + - 636:636 + - 88:88 + - 88:88/udp + - 464:464 + - 464:464/udp + - 123:123/udp + hostname: central.ipa.example.com + sysctls: + net.ipv6.conf.all.disable_ipv6: 0 + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" diff --git a/gitlab.yml b/gitlab.yml new file mode 100644 index 0000000..3ae753a --- /dev/null +++ b/gitlab.yml @@ -0,0 +1,18 @@ +services: + gitlab: + image: 'gitlab/gitlab-ce:latest' + restart: always + hostname: 'gitlab.example.com' + volumes: + - /containers/data/gitlab/config:/etc/gitlab + - /containers/data/gitlab/logs:/var/log/gitlab + - /containers/data/gitlab/data:/var/opt/gitlab + - /containers/data/gitlab/backup:/backup + ports: + - "10022:22" + - "60099:80" + - "60098:443" + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" diff --git a/gogs.yml b/gogs.yml new file mode 100644 index 0000000..52c1936 --- /dev/null +++ b/gogs.yml @@ -0,0 +1,30 @@ +version: "3" + +services: + gogs: + image: gogs/gogs + volumes: + - /containers/data/gogs/gogs:/data + ports: + - '10022:22' + - 60086:3000 + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + gogs-db_postgres: + image: postgres:12-alpine + restart: always + volumes: + - /containers/data/gogs/pgsql:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD= + - POSTGRES_USER=gogs + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + diff --git a/media.yml b/media.yml new file mode 100644 index 0000000..e4a3daf --- /dev/null +++ b/media.yml @@ -0,0 +1,125 @@ +services: + sonarr: + image: linuxserver/sonarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Detroit + ports: + - '8989:8989' + volumes: + - /data/datastor/Videos/TV:/tv + - /containers/data/sonarr:/config + - /data/datastor/Downloads:/downloads + - /etc/localtime:/etc/localtime + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + radarr: + image: linuxserver/radarr:nightly + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Detroit + ports: + - '7878:7878' + volumes: + - /data/datastor/Videos/Movies:/movies + - /containers/data/radarr/config:/config + - /data/datastor/Downloads:/downloads + - /etc/localtime:/etc/localtime + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + plex: + image: linuxserver/plex:latest + environment: + - VERSION=latest + - PUID=1000 + - PGID=1000 + - TZ=America/Detroit + volumes: + - /data/datastor/Videos/TV:/data/tvshows + - /containers/data/plex:/config + - /data/datastor/Videos/Movies:/data/movies + - /data/datastor/Music/Library:/data/music + restart: always + network_mode: host + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + jackett: + image: linuxserver/jackett + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Detroit + - RUN_OPTS=-chttpclient2 + ports: + - '9117:9117' + volumes: + - /containers/data/jackett/config:/config + - /containers/data/jackett/downloads:/download + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + deluge: + image: linuxserver/deluge + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Detroit + ports: + - '8112:8112' + volumes: + - /data/datastor/Downloads:/downloads + - /containers/data/deluge:/config + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + prowlarr: + image: ghcr.io/linuxserver/prowlarr:develop + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Detroit + volumes: + - /containers/data/prowlarr:/config + ports: + - 60094:9696 + restart: unless-stopped + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: flaresolverr + environment: + - LOG_LEVEL=${LOG_LEVEL:-info} + - LOG_HTML=${LOG_HTML:-false} + - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} + - TZ=America/Detroit + ports: + - 60095:8191 + restart: unless-stopped + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + diff --git a/nextcloud.yml b/nextcloud.yml new file mode 100644 index 0000000..a208e61 --- /dev/null +++ b/nextcloud.yml @@ -0,0 +1,47 @@ +services: + db_postgres: + image: postgres:12-alpine + restart: always + volumes: + - /containers/data/nextcloud/pgsql:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD= + - POSTGRES_USER=nextcloud + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + app: + image: linuxserver/nextcloud:latest + environment: + PUID: 1000 + PGID: 1000 + links: + - db_postgres + ports: + - '60080:443' + volumes: + - /containers/data/nextcloud/data:/data + - /containers/data/nextcloud/confs:/config + - /data/datastor:/nfs + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + collabora_code: + image: collabora/code + environment: + - domain=drive.example.com + ports: + - '9980:9980' + cap_add: + - MKNOD + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + diff --git a/nginxproxy.yml b/nginxproxy.yml new file mode 100644 index 0000000..ec7f4fa --- /dev/null +++ b/nginxproxy.yml @@ -0,0 +1,34 @@ +version: "2" + +services: + nginx-proxy: + image: jc21/nginx-proxy-manager:latest + restart: always + ports: + - '80:80' + - '81:81' + - '443:443' + volumes: + - /containers/data/nginxproxy/config/config.json:/app/config/production.json + - /containers/data/nginxproxy/data:/data + - /containers/data/nginxproxy/letsencrypt:/etc/letsencrypt + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + nginx-proxy-db: + image: mariadb + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + restart: always + volumes: + - /containers/data/nginxproxy/mariadbdata:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + - MYSQL_PASSWORD= + - MYSQL_DATABASE=nginxproxy + - MYSQL_USER=nginxproxy + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" diff --git a/opensearch.yml b/opensearch.yml new file mode 100644 index 0000000..9ba8cc8 --- /dev/null +++ b/opensearch.yml @@ -0,0 +1,114 @@ +services: + + opensearch-node1: + image: opensearchproject/opensearch:2.1.0 + container_name: opensearch-node1 + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch-node1 + - discovery.seed_hosts=opensearch-node1 + - cluster.initial_master_nodes=opensearch-node1 + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - "DISABLE_INSTALL_DEMO_CONFIG=true" # disable demo config see https://opensearch.org/docs/latest/opensearch/install/docker-security/ + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems + hard: 65536 + ports: + - 60092:9200 + - 60096:9600 + expose: + - "60096" + volumes: + - /containers/data/opensearch/os-data:/usr/share/opensearch/data + - /containers/data/opensearch/confs/secconfig:/usr/share/opensearch/plugins/opensearch-security/securityconfig + - /containers/data/opensearch/confs/opensearch.yml:/usr/share/opensearch/config/opensearch.yml + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-rootCA.pem:/usr/share/opensearch/config/root-ca.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-01.pem:/usr/share/opensearch/config/node1.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-01.key:/usr/share/opensearch/config/node1.key + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-admin.pem:/usr/share/opensearch/config/admin.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-admin.key:/usr/share/opensearch/config/admin.key + - /containers/data/opensearch/confs/tfmm-local/ssl/trustedcas.pem:/usr/share/opensearch/config/trustedcas.pem + dns: + - 192.168.1.1 + dns_search: + - example.com + - example.local + networks: + - opensearch-net + + opensearch-node2: + image: opensearchproject/opensearch:2.1.0 + container_name: opensearch-node2 + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch-node2 + - discovery.seed_hosts=opensearch-node1,opensearch-node2 + - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - "DISABLE_INSTALL_DEMO_CONFIG=true" # disable demo config see https://opensearch.org/docs/latest/opensearch/install/docker-security/ + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems + hard: 65536 + volumes: + - /containers/data/opensearch/os-data-2:/usr/share/opensearch/data + - /containers/data/opensearch/confs/secconfig:/usr/share/opensearch/plugins/opensearch-security/securityconfig + - /containers/data/opensearch/confs/opensearch-2.yml:/usr/share/opensearch/config/opensearch.yml + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-rootCA.pem:/usr/share/opensearch/config/root-ca.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-02.pem:/usr/share/opensearch/config/node2.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-02.key:/usr/share/opensearch/config/node2.key + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-admin.pem:/usr/share/opensearch/config/admin.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-admin.key:/usr/share/opensearch/config/admin.key + - /containers/data/opensearch/confs/tfmm-local/ssl/trustedcas.pem:/usr/share/opensearch/config/trustedcas.pem + + dns: + - 192.168.1.1 + dns_search: + - example.com + - example.local + networks: + - opensearch-net + + opensearch-dashboards: + image: opensearchproject/opensearch-dashboards:2.1.0 + container_name: opensearch-dashboards + volumes: + - /containers/data/opensearch/confs/dashboards-config:/usr/share/opensearch-dashboards/config + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-dashboards.key:/usr/share/opensearch-dashboards/config/certs/dashboards-key.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-dashboards.pem:/usr/share/opensearch-dashboards/config/certs/dashboards.pem + - /containers/data/opensearch/confs/tfmm-local/ssl/tfmm-local-rootCA.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem + ports: + - 60056:5601 + dns: + - 192.168.1.1 + expose: + - "60056" + environment: + OPENSEARCH_HOSTS: '["https://opensearch-node1:9200"]' # must be a string with no spaces when specified as an environment variable + networks: + - opensearch-net + + opensearch-fluentbit-dockerserver: + image: fluent/fluent-bit:latest + volumes: + - /containers/data/fluent-bit-docker/data:/data + - /containers/data/fluent-bit-docker/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf + dns: + - 192.168.1.1 + ports: + - 24224:24224 + networks: + - opensearch-net + labels: + - com.centurylinklabs.watchtower.enable="false" +networks: + opensearch-net: diff --git a/paperless-ngx.yml b/paperless-ngx.yml new file mode 100644 index 0000000..8d4e8db --- /dev/null +++ b/paperless-ngx.yml @@ -0,0 +1,77 @@ +services: + broker: + image: redis:6.0 + restart: unless-stopped + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + db: + image: postgres:13 + restart: unless-stopped + volumes: + - /containers/data/paperless/pgsql:/var/lib/postgresql/data + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: unless-stopped + depends_on: + - db + - broker + - gotenberg + - tika + ports: + - '60087:8000' + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /containers/data/paperless/data:/usr/src/paperless/data + - /containers/data/paperless/media:/usr/src/paperless/media + - /containers/data/paperless/export:/usr/src/paperless/export + - /containers/data/paperless/consume:/usr/src/paperless/consume + #env_file: docker-compose.env + environment: + PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_DBHOST: db + PAPERLESS_TIKA_ENABLED: 1 + PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 + PAPERLESS_TIKA_ENDPOINT: http://tika:9998 + USERMAP_UID: 1000 + USERMAP_GID: 1000 + PAPERLESS_SECRET_KEY: + PAPERLESS_TIME_ZONE: America/Detroit + PAPERLESS_URL: https://paper.example.com + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + gotenberg: + image: thecodingmachine/gotenberg + restart: unless-stopped + environment: + DISABLE_GOOGLE_CHROME: 1 + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + tika: + image: apache/tika + restart: unless-stopped + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" diff --git a/updater.yml b/updater.yml new file mode 100644 index 0000000..64c1118 --- /dev/null +++ b/updater.yml @@ -0,0 +1,14 @@ +services: + watchtower: + image: containrrr/watchtower + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + WATCHTOWER_SCHEDULE: "0 0 1 * * 1" + TZ: America/Detroit + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + diff --git a/utlities.yml b/utlities.yml new file mode 100644 index 0000000..a5a6536 --- /dev/null +++ b/utlities.yml @@ -0,0 +1,89 @@ +services: + unifi: + image: linuxserver/unifi-controller:latest + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Detroit + ports: + - 10001:10001/udp + - 3478:3478/udp + - 6789:6789/tcp + - 8080:8080/tcp + - 8081:8081/tcp + - 8443:8443/tcp + - 8843:8843/tcp + - 8880:8880/tcp + volumes: + - /containers/data/unifi:/config + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + samba: + image: dperson/samba:latest + environment: + TZ: 'EST5EDT' + USERID: 1000 + GROUPID: 1000 + ports: + - "137:137/udp" + - "138:138/udp" + - "139:139/tcp" + - "445:445/tcp" + read_only: true + tmpfs: + - /tmp + restart: unless-stopped + stdin_open: true + tty: true + volumes: + - /containers/data/paperless/consume:/mnt/paperlessconsume:z + - /containers/data/samba/logs:/var/log + command: + -w "HOME" + -s "Paperless;/mnt/paperlessconsume;yes;no;no;printer" + -u "printer;password_here" + -g "ea support = yes" + -g "fruit:advertise_fullsync = true" + -g "durable handles = yes" + -g "kernel oplocks = no" + -g "kernel share modes = no" + -g "posix locking = no" + -g "inherit acls = yes" + -p + -S + -r + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + + hastypaste: + image: ghcr.io/enchant97/hasty-paste:latest + restart: unless-stopped + environment: + - NEW_AT_INDEX=True + volumes: + - /containers/data/hastypaste:/app/data + ports: + - 60097:8000 + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + gitlab-runner: + image: gitlab/gitlab-runner:latest + restart: unless-stopped + volumes: + - /containers/data/gitlab-runner:/etc/gitlab-runner + - /var/run/docker.sock:/var/run/docker.sock + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + diff --git a/vaultwarden.yml b/vaultwarden.yml new file mode 100644 index 0000000..34b6ce5 --- /dev/null +++ b/vaultwarden.yml @@ -0,0 +1,31 @@ +version: '2' +services: + vw: + image: vaultwarden/server:alpine + environment: + - DATABASE_URL=postgresql://bitwarden:password_here@vw-db_postgres:5432/bitwarden?sslmode=disable + - ADMIN_TOKEN= + - WEBSOCKETS_ENABLED=true + volumes: + - /containers/data/bitwarden/bwdata:/data + ports: + - '60093:80' + - '3012:3012' + restart: always + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" + + vw-db_postgres: + image: postgres:12-alpine + restart: always + volumes: + - /containers/data/bitwarden/pgsql:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=password_here + - POSTGRES_USER=bitwarden + logging: + driver: fluentd + options: + tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}"