media-stack/docker-compose.yml

194 lines
6.8 KiB
YAML
Raw Normal View History

2022-02-19 23:17:15 +01:00
version: "3.9"
services:
2022-04-18 00:59:35 +02:00
traefik:
2022-12-30 23:04:46 +01:00
image: traefik:v2.9
2022-04-18 00:59:35 +02:00
container_name: traefik
restart: always
environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
- CLOUDFLARE_ZONE_API_TOKEN=${CLOUDFLARE_ZONE_API_TOKEN}
- LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL}
2022-04-18 00:59:35 +02:00
command:
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=web-secure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER:-cloudflare}
# Uncomment to test your configuration by using Let's Encrypt staging certificates
#- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
2022-04-18 00:59:35 +02:00
ports:
- "80:80"
- "443:443"
volumes:
- ./letsencrypt:/letsencrypt
2022-04-18 00:59:35 +02:00
- "/var/run/docker.sock:/var/run/docker.sock:ro"
2022-02-19 23:17:15 +01:00
sonarr:
image: lscr.io/linuxserver/sonarr
container_name: sonarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
2022-02-19 23:17:15 +01:00
volumes:
- ./sonarr:/config
- ${DATA_ROOT}:/data
restart: always
2022-04-18 00:59:35 +02:00
labels:
- traefik.enable=true
- traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`))
2022-04-18 00:59:35 +02:00
- traefik.http.routers.sonarr.tls=true
- traefik.http.routers.sonarr.tls.certresolver=myresolver
- traefik.http.services.sonarr.loadbalancer.server.port=8989
2022-02-19 23:17:15 +01:00
radarr:
image: lscr.io/linuxserver/radarr
container_name: radarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
2022-02-19 23:17:15 +01:00
volumes:
- ./radarr:/config
- ${DATA_ROOT}:/data
restart: always
2022-04-18 00:59:35 +02:00
labels:
- traefik.enable=true
- traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`))
2022-04-18 00:59:35 +02:00
- traefik.http.routers.radarr.tls=true
- traefik.http.routers.radarr.tls.certresolver=myresolver
2022-04-18 00:59:35 +02:00
- traefik.http.services.radarr.loadbalancer.server.port=7878
2022-02-19 23:17:15 +01:00
prowlarr:
2023-02-17 06:41:26 +01:00
image: lscr.io/linuxserver/prowlarr:latest
2022-02-19 23:17:15 +01:00
container_name: prowlarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
2022-02-19 23:17:15 +01:00
volumes:
- ./prowlarr:/config
restart: always
2022-04-18 00:59:35 +02:00
labels:
- traefik.enable=true
- traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`))
2022-04-18 00:59:35 +02:00
- traefik.http.routers.prowlarr.tls=true
- traefik.http.routers.prowlarr.tls.certresolver=myresolver
2022-04-18 00:59:35 +02:00
- traefik.http.services.prowlarr.loadbalancer.server.port=9696
2022-02-19 23:17:15 +01:00
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:libtorrentv1
2022-02-19 23:17:15 +01:00
container_name: qbittorrent
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
- WEBUI_PORT=8080
volumes:
- ./qbittorrent:/config
- ${DOWNLOAD_ROOT}:/data/torrents
restart: always
2022-02-19 23:17:15 +01:00
network_mode: "service:vpn"
depends_on:
- vpn
2022-04-18 00:59:35 +02:00
labels:
- traefik.enable=true
- traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
2022-04-18 00:59:35 +02:00
- traefik.http.routers.qbittorrent.tls=true
- traefik.http.routers.qbittorrent.tls.certresolver=myresolver
2022-04-18 00:59:35 +02:00
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
# https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296
- traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent
# https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$)
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false
#- com.centurylinklabs.watchtower.depends-on=/vpn
2022-02-19 23:17:15 +01:00
vpn:
image: thrnz/docker-wireguard-pia
container_name: vpn
volumes:
- ./pia:/pia
- ./pia-shared:/pia-shared
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- LOC=${PIA_LOCATION}
- USER=${PIA_USER}
- PASS=${PIA_PASS}
- LOCAL_NETWORK=${PIA_LOCAL_NETWORK}
- PORT_FORWARDING=1
- PORT_PERSIST=1
2022-02-19 23:17:15 +01:00
- PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh
- EXIT_ON_FATAL=1
2022-02-19 23:17:15 +01:00
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.default.disable_ipv6=1
- net.ipv6.conf.all.disable_ipv6=1
- net.ipv6.conf.lo.disable_ipv6=1
healthcheck:
test: ping -c 1 www.google.com || exit 1
interval: 30s
timeout: 10s
retries: 3
restart: always
labels:
# network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660
- com.centurylinklabs.watchtower.enable=false
2023-02-13 06:42:29 +01:00
jellyfin:
image: lscr.io/linuxserver/jellyfin
container_name: jellyfin
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
- JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
volumes:
- ./jellyfin:/config
- ${DATA_ROOT}:/data
ports:
- "7359:7359/udp"
- "1900:1900/udp"
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
- /dev/dri/card0:/dev/dri/card0
restart: always
labels:
- traefik.enable=true
- traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`))
2023-02-13 06:42:29 +01:00
- traefik.http.routers.jellyfin.tls=true
- traefik.http.routers.jellyfin.tls.certresolver=myresolver
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
2022-02-19 23:17:15 +01:00
heimdall:
image: lscr.io/linuxserver/heimdall
container_name: heimdall
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
volumes:
- ./heimdall:/config
restart: always
2022-04-18 00:59:35 +02:00
labels:
- traefik.enable=true
2023-02-15 21:06:19 +01:00
- traefik.http.routers.heimdall.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
2022-07-23 21:41:36 +02:00
- traefik.http.routers.heimdall.tls=true
- traefik.http.routers.heimdall.tls.certresolver=myresolver
- traefik.http.services.heimdall.loadbalancer.server.port=80
2022-08-24 04:16:33 +02:00
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: always
environment:
- WATCHTOWER_CLEANUP=true
2022-08-24 04:16:33 +02:00
volumes:
- /var/run/docker.sock:/var/run/docker.sock
2022-07-23 21:41:36 +02:00
networks:
default:
name: docker-compose-nas