version: "3.9" services: traefik: image: traefik:v2.9 container_name: traefik restart: always environment: - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN} - CLOUDFLARE_ZONE_API_TOKEN=${CLOUDFLARE_ZONE_API_TOKEN} - LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL} command: - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.web-secure.address=:443 - --entrypoints.web.http.redirections.entryPoint.to=web-secure - --entrypoints.web.http.redirections.entryPoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.permanent=true - --certificatesresolvers.myresolver.acme.dnschallenge=${DNS_CHALLENGE:-true} - --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER:-cloudflare} - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 - --certificatesresolvers.myresolver.acme.caserver=${LETS_ENCRYPT_CA_SERVER:-https://acme-v02.api.letsencrypt.org/directory} - --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL} - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json ports: - "80:80" - "443:443" volumes: - ./letsencrypt:/letsencrypt - "/var/run/docker.sock:/var/run/docker.sock:ro" sonarr: image: lscr.io/linuxserver/sonarr container_name: sonarr environment: - PUID=${USER_ID} - PGID=${GROUP_ID} - TZ=${TIMEZONE} volumes: - ./sonarr:/config - ${DATA_ROOT}:/data restart: always labels: - traefik.enable=true - traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`)) - traefik.http.routers.sonarr.tls=true - traefik.http.routers.sonarr.tls.certresolver=myresolver - traefik.http.services.sonarr.loadbalancer.server.port=8989 - homepage.group=Media - homepage.name=Sonarr - homepage.icon=sonarr.png - homepage.href=/sonarr - homepage.description=Series management - homepage.weight=0 - homepage.widget.type=sonarr - homepage.widget.url=http://sonarr:8989/sonarr - homepage.widget.key=${SONARR_API_KEY} radarr: image: lscr.io/linuxserver/radarr container_name: radarr environment: - PUID=${USER_ID} - PGID=${GROUP_ID} - TZ=${TIMEZONE} volumes: - ./radarr:/config - ${DATA_ROOT}:/data restart: always labels: - traefik.enable=true - traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`)) - traefik.http.routers.radarr.tls=true - traefik.http.routers.radarr.tls.certresolver=myresolver - traefik.http.services.radarr.loadbalancer.server.port=7878 - homepage.group=Media - homepage.name=Radarr - homepage.icon=radarr.png - homepage.href=/radarr - homepage.description=Movies management - homepage.weight=1 - homepage.widget.type=radarr - homepage.widget.url=http://radarr:7878/radarr - homepage.widget.key=${RADARR_API_KEY} lidarr: image: lscr.io/linuxserver/lidarr container_name: lidarr environment: - PUID=${USER_ID} - PGID=${GROUP_ID} - TZ=${TIMEZONE} volumes: - ./lidarr:/config - ${DATA_ROOT}:/data restart: always labels: - traefik.enable=true - traefik.http.routers.lidarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/lidarr`)) - traefik.http.routers.lidarr.tls=true - traefik.http.routers.lidarr.tls.certresolver=myresolver - traefik.http.services.lidarr.loadbalancer.server.port=8686 - homepage.group=Media - homepage.name=Lidarr - homepage.icon=lidarr.png - homepage.href=/lidarr - homepage.description=Music management - homepage.weight=2 - homepage.widget.type=lidarr - homepage.widget.url=http://lidarr:8686/lidarr - homepage.widget.key=${LIDARR_API_KEY} prowlarr: image: lscr.io/linuxserver/prowlarr:latest container_name: prowlarr environment: - PUID=${USER_ID} - PGID=${GROUP_ID} - TZ=${TIMEZONE} volumes: - ./prowlarr:/config restart: always labels: - traefik.enable=true - traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`)) - traefik.http.routers.prowlarr.tls=true - traefik.http.routers.prowlarr.tls.certresolver=myresolver - traefik.http.services.prowlarr.loadbalancer.server.port=9696 - homepage.group=Download - homepage.name=Prowlarr - homepage.icon=prowlarr.png - homepage.href=/prowlarr - homepage.description=Indexers management - homepage.weight=4 - homepage.widget.type=prowlarr - homepage.widget.url=http://prowlarr:9696/prowlarr - homepage.widget.key=${PROWLARR_API_KEY} qbittorrent: image: lscr.io/linuxserver/qbittorrent:libtorrentv1 container_name: qbittorrent environment: - PUID=${USER_ID} - PGID=${GROUP_ID} - TZ=${TIMEZONE} - WEBUI_PORT=8080 volumes: - ./qbittorrent:/config - ${DOWNLOAD_ROOT}:/data/torrents restart: always network_mode: "service:vpn" depends_on: vpn: condition: service_healthy labels: - traefik.enable=true - traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`)) - traefik.http.routers.qbittorrent.tls=true - traefik.http.routers.qbittorrent.tls.certresolver=myresolver - traefik.http.services.qbittorrent.loadbalancer.server.port=8080 - traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix # https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296 - traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent # https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19 - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$) - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/ - traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false #- com.centurylinklabs.watchtower.depends-on=/vpn - homepage.group=Download - homepage.name=qBittorrent - homepage.icon=qbittorrent.png - homepage.href=/qbittorrent - homepage.description=Bittorrent client - homepage.weight=5 - homepage.widget.type=qbittorrent - homepage.widget.url=http://vpn:8080 - homepage.widget.username=admin - homepage.widget.password=adminadmin vpn: image: thrnz/docker-wireguard-pia container_name: vpn volumes: - ./pia:/pia - ./pia-shared:/pia-shared cap_add: - NET_ADMIN - SYS_MODULE environment: - LOC=${PIA_LOCATION} - USER=${PIA_USER} - PASS=${PIA_PASS} - LOCAL_NETWORK=${PIA_LOCAL_NETWORK} - PORT_FORWARDING=1 - PORT_PERSIST=1 - PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh - EXIT_ON_FATAL=1 sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.default.disable_ipv6=1 - net.ipv6.conf.all.disable_ipv6=1 - net.ipv6.conf.lo.disable_ipv6=1 healthcheck: test: ping -c 1 www.google.com || exit 1 interval: 30s timeout: 10s retries: 3 restart: always labels: # network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660 - com.centurylinklabs.watchtower.enable=false jellyfin: image: lscr.io/linuxserver/jellyfin container_name: jellyfin environment: - PUID=${USER_ID} - PGID=${GROUP_ID} - TZ=${TIMEZONE} - JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin volumes: - ./jellyfin:/config - ${DATA_ROOT}:/data ports: - "7359:7359/udp" - "1900:1900/udp" devices: - /dev/dri/renderD128:/dev/dri/renderD128 - /dev/dri/card0:/dev/dri/card0 restart: always labels: - traefik.enable=true - traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`)) - traefik.http.routers.jellyfin.tls=true - traefik.http.routers.jellyfin.tls.certresolver=myresolver - traefik.http.services.jellyfin.loadbalancer.server.port=8096 - homepage.group=Media - homepage.name=Jellyfin - homepage.icon=jellyfin.png - homepage.href=/jellyfin - homepage.description=Media server - homepage.weight=3 - homepage.widget.type=jellyfin - homepage.widget.url=http://jellyfin:8096/jellyfin - homepage.widget.key=${JELLYFIN_API_KEY} homepage: image: ghcr.io/benphelps/homepage:latest container_name: homepage environment: - HOMEPAGE_VAR_TITLE=${HOMEPAGE_VAR_TITLE} - HOMEPAGE_VAR_SEARCH_PROVIDER=${HOMEPAGE_VAR_SEARCH_PROVIDER} - HOMEPAGE_VAR_HEADER_STYLE=${HOMEPAGE_VAR_HEADER_STYLE} - HOMEPAGE_VAR_WEATHER_CITY=${HOMEPAGE_VAR_WEATHER_CITY} - HOMEPAGE_VAR_WEATHER_LAT=${HOMEPAGE_VAR_WEATHER_LAT} - HOMEPAGE_VAR_WEATHER_LONG=${HOMEPAGE_VAR_WEATHER_LONG} - HOMEPAGE_VAR_WEATHER_TIME=${TIMEZONE} - HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT} volumes: - ./homepage:/app/config - /var/run/docker.sock:/var/run/docker.sock:ro - ${DATA_ROOT}:/data restart: always command: [sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"] labels: - traefik.enable=true - traefik.http.routers.homepage.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`)) - traefik.http.routers.homepage.tls=true - traefik.http.routers.homepage.tls.certresolver=myresolver - traefik.http.services.homepage.loadbalancer.server.port=3000 watchtower: image: containrrr/watchtower container_name: watchtower restart: always environment: - WATCHTOWER_CLEANUP=true volumes: - /var/run/docker.sock:/var/run/docker.sock networks: default: name: docker-compose-nas