media-stack/docker-compose.yml
2023-12-18 23:56:44 -05:00

404 lines
18 KiB
YAML

version: "3.9"
services:
traefik:
image: traefik:v2.10
container_name: traefik
restart: always
environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
- CLOUDFLARE_ZONE_API_TOKEN=${CLOUDFLARE_ZONE_API_TOKEN}
- LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL}
command:
- --ping=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=web-secure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --experimental.plugins.rewrite-body.modulename=github.com/packruler/rewrite-body
- --experimental.plugins.rewrite-body.version=v1.2.0
- --experimental.plugins.rewriteHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers
- --experimental.plugins.rewriteHeaders.version=v0.0.3
- --certificatesresolvers.myresolver.acme.dnschallenge=${DNS_CHALLENGE:-true}
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=${DNS_CHALLENGE_PROVIDER:-cloudflare}
- --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
- --certificatesresolvers.myresolver.acme.caserver=${LETS_ENCRYPT_CA_SERVER:-https://acme-v02.api.letsencrypt.org/directory}
- --certificatesresolvers.myresolver.acme.email=${LETS_ENCRYPT_EMAIL}
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
ports:
- "80:80"
- "443:443"
volumes:
- ./letsencrypt:/letsencrypt
- "/var/run/docker.sock:/var/run/docker.sock:ro"
healthcheck:
test: [ "CMD", "traefik", "healthcheck", "--ping" ]
interval: 5s
retries: 10
sonarr:
image: lscr.io/linuxserver/sonarr
container_name: sonarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./sonarr:/config
- ${DATA_ROOT}:/data
restart: always
healthcheck:
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8989/sonarr/ping" ]
interval: 5s
retries: 10
labels:
- traefik.enable=true
- traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`))
- traefik.http.routers.sonarr.tls=true
- traefik.http.routers.sonarr.tls.certresolver=myresolver
- traefik.http.services.sonarr.loadbalancer.server.port=8989
- homepage.group=Media
- homepage.name=Sonarr
- homepage.icon=sonarr.png
- homepage.href=/sonarr
- homepage.description=Series management
- homepage.weight=0
- homepage.widget.type=sonarr
- homepage.widget.url=http://sonarr:8989/sonarr
- homepage.widget.key=${SONARR_API_KEY}
radarr:
image: lscr.io/linuxserver/radarr
container_name: radarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./radarr:/config
- ${DATA_ROOT}:/data
restart: always
healthcheck:
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:7878/radarr/ping" ]
interval: 5s
retries: 10
labels:
- traefik.enable=true
- traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`))
- traefik.http.routers.radarr.tls=true
- traefik.http.routers.radarr.tls.certresolver=myresolver
- traefik.http.services.radarr.loadbalancer.server.port=7878
- homepage.group=Media
- homepage.name=Radarr
- homepage.icon=radarr.png
- homepage.href=/radarr
- homepage.description=Movies management
- homepage.weight=1
- homepage.widget.type=radarr
- homepage.widget.url=http://radarr:7878/radarr
- homepage.widget.key=${RADARR_API_KEY}
lidarr:
image: lscr.io/linuxserver/lidarr
container_name: lidarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./lidarr:/config
- ${DATA_ROOT}:/data
restart: always
healthcheck:
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8686/lidarr/ping" ]
interval: 5s
retries: 10
labels:
- traefik.enable=true
- traefik.http.routers.lidarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/lidarr`))
- traefik.http.routers.lidarr.tls=true
- traefik.http.routers.lidarr.tls.certresolver=myresolver
- traefik.http.services.lidarr.loadbalancer.server.port=8686
- homepage.group=Media
- homepage.name=Lidarr
- homepage.icon=lidarr.png
- homepage.href=/lidarr
- homepage.description=Music management
- homepage.weight=2
- homepage.widget.type=lidarr
- homepage.widget.url=http://lidarr:8686/lidarr
- homepage.widget.key=${LIDARR_API_KEY}
jellyseerr:
image: fallenbagel/jellyseerr:latest
container_name: jellyseerr
environment:
- LOG_LEVEL=debug
- TZ=${TIMEZONE}
volumes:
- ./jellyseerr:/app/config
restart: always
healthcheck:
test: ["CMD", "wget", "http://127.0.0.1:5055/api/v1/status", "-qO", "/dev/null"]
interval: 5s
retries: 10
labels:
- traefik.enable=true
- traefik.http.routers.jellyseerr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyseerr`))
- traefik.http.routers.jellyseerr.tls=true
- traefik.http.routers.jellyseerr.tls.certresolver=myresolver
- traefik.http.services.jellyseerr.loadbalancer.server.port=5055
- traefik.http.routers.jellyseerr.middlewares=jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders
- traefik.http.middlewares.jellyseerr-stripprefix.stripPrefix.prefixes=/jellyseerr
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[0].header=location
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[0].regex=^/(.+)$
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[0].replacement=/jellyseerr/$1
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[1].header=location
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[1].regex=^/$
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[1].replacement=/jellyseerr
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.monitoring.types[0]=text/html
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.monitoring.types[1]=application/javascript
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.monitoring.types[2]=*/*
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[1].regex=/_next
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[1].replacement=/jellyseerr/_next
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[2].regex=\/_next\\/data\\//
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[2].replacement=\/jellyseerr\/_next\/data\//
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[3].regex=/api/v1
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[3].replacement=/jellyseerr/api/v1
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[4].regex=/login/plex/loading
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[4].replacement=/jellyseerr/login/plex/loading
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[5].regex=/images/
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[5].replacement=/jellyseerr/images/
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[6].regex=/favicon
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[6].replacement=/jellyseerr/favicon
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[7].regex=/logo_
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[7].replacement=/jellyseerr/logo_
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[8].regex=/site.webmanifest
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[8].replacement=/jellyseerr/site.webmanifest
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[9].regex=/sw.js
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[9].replacement=/jellyseerr/sw.js
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[10].regex=/offline.html
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[10].replacement=/jellyseerr/offline.html
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[11].regex=src="/os_logo_square.png"
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[11].replacement=src="/jellyseerr/os_logo_square.png"
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[12].regex=href="/(.*)"
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[12].replacement=href="/jellyseerr/$1"
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[13].regex=linkUrl:"/(.*)"
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[13].replacement=linkUrl:"/jellyseerr/$1"
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[14].regex="/([a-z]+)/".concat
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[14].replacement="/jellyseerr/$1/".concat
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[15].regex=url:"/(.*)"
- traefik.http.middlewares.jellyseerr-rewrite.plugin.rewrite-body.rewrites[15].replacement=url:"/jellyseerr/$1"
- homepage.group=Media
- homepage.name=JellySeerr
- homepage.icon=jellyseerr.png
- homepage.href=/jellyseerr
- homepage.description=Content Recommendations and Request Management
- homepage.weight=2
- homepage.widget.type=jellyseerr
- homepage.widget.url=http://jellyseerr:5055
- homepage.widget.key=${JELLYSEERR_API_KEY}
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
container_name: prowlarr
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./prowlarr:/config
restart: always
healthcheck:
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:9696/prowlarr/ping" ]
interval: 5s
retries: 10
labels:
- traefik.enable=true
- traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`))
- traefik.http.routers.prowlarr.tls=true
- traefik.http.routers.prowlarr.tls.certresolver=myresolver
- traefik.http.services.prowlarr.loadbalancer.server.port=9696
- homepage.group=Download
- homepage.name=Prowlarr
- homepage.icon=prowlarr.png
- homepage.href=/prowlarr
- homepage.description=Indexers management
- homepage.weight=4
- homepage.widget.type=prowlarr
- homepage.widget.url=http://prowlarr:9696/prowlarr
- homepage.widget.key=${PROWLARR_API_KEY}
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:libtorrentv1
container_name: qbittorrent
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
- WEBUI_PORT=8080
volumes:
- ./qbittorrent:/config
- ${DOWNLOAD_ROOT}:/data/torrents
restart: always
healthcheck:
# Container may fail if the PIA's token expired, so mark as unhealthy when there is no internet connection
# see: https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8080", "https://google.com" ]
interval: 5s
retries: 10
network_mode: "service:vpn"
depends_on:
vpn:
condition: service_healthy
labels:
- traefik.enable=true
- traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
- traefik.http.routers.qbittorrent.tls=true
- traefik.http.routers.qbittorrent.tls.certresolver=myresolver
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
# https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296
- traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent
# https://community.traefik.io/t/middleware-to-add-the-if-needed/1895/19
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$)
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.permanent=false
#- com.centurylinklabs.watchtower.depends-on=/vpn
- homepage.group=Download
- homepage.name=qBittorrent
- homepage.icon=qbittorrent.png
- homepage.href=/qbittorrent
- homepage.description=Bittorrent client
- homepage.weight=5
- homepage.widget.type=qbittorrent
- homepage.widget.url=http://vpn:8080
- homepage.widget.username=${QBITTORRENT_USERNAME}
- homepage.widget.password=${QBITTORRENT_PASSWORD}
vpn:
image: thrnz/docker-wireguard-pia
container_name: vpn
volumes:
- ./pia:/pia
- ./pia-shared:/pia-shared
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- LOC=${PIA_LOCATION}
- USER=${PIA_USER}
- PASS=${PIA_PASS}
- LOCAL_NETWORK=${PIA_LOCAL_NETWORK}
- PORT_FORWARDING=1
- PORT_PERSIST=1
- PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.default.disable_ipv6=1
- net.ipv6.conf.all.disable_ipv6=1
- net.ipv6.conf.lo.disable_ipv6=1
healthcheck:
test: ping -c 1 www.google.com || exit 1
interval: 30s
timeout: 10s
retries: 3
restart: always
labels:
# network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660
- com.centurylinklabs.watchtower.enable=false
unpackerr:
image: golift/unpackerr
container_name: unpackerr
volumes:
- ${DOWNLOAD_ROOT}:/data/torrents
restart: always
user: ${USER_ID}:${GROUP_ID}
environment:
- TZ=${TIMEZONE}
- UN_SONARR_0_URL=http://sonarr:8989/sonarr
- UN_SONARR_0_API_KEY=${SONARR_API_KEY}
- UN_RADARR_0_URL=http://radarr:7878/radarr
- UN_RADARR_0_API_KEY=${RADARR_API_KEY}
- UN_LIDARR_0_URL=http://lidarr:8686/lidarr
- UN_LIDARR_0_API_KEY=${LIDARR_API_KEY}
security_opt:
- no-new-privileges:true
jellyfin:
image: lscr.io/linuxserver/jellyfin
container_name: jellyfin
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
- JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
volumes:
- ./jellyfin:/config
- ${DATA_ROOT}:/data
ports:
- "7359:7359/udp"
- "1900:1900/udp"
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
- /dev/dri/card0:/dev/dri/card0
restart: always
healthcheck:
test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8096/jellyfin/health" ]
interval: 5s
retries: 10
labels:
- traefik.enable=true
- traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`))
- traefik.http.routers.jellyfin.tls=true
- traefik.http.routers.jellyfin.tls.certresolver=myresolver
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
- homepage.group=Media
- homepage.name=Jellyfin
- homepage.icon=jellyfin.png
- homepage.href=/jellyfin
- homepage.description=Media server
- homepage.weight=3
- homepage.widget.type=jellyfin
- homepage.widget.url=http://jellyfin:8096/jellyfin
- homepage.widget.key=${JELLYFIN_API_KEY}
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
environment:
- HOMEPAGE_VAR_TITLE=${HOMEPAGE_VAR_TITLE}
- HOMEPAGE_VAR_SEARCH_PROVIDER=${HOMEPAGE_VAR_SEARCH_PROVIDER}
- HOMEPAGE_VAR_HEADER_STYLE=${HOMEPAGE_VAR_HEADER_STYLE}
- HOMEPAGE_VAR_WEATHER_CITY=${HOMEPAGE_VAR_WEATHER_CITY}
- HOMEPAGE_VAR_WEATHER_LAT=${HOMEPAGE_VAR_WEATHER_LAT}
- HOMEPAGE_VAR_WEATHER_LONG=${HOMEPAGE_VAR_WEATHER_LONG}
- HOMEPAGE_VAR_WEATHER_TIME=${TIMEZONE}
- HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT}
volumes:
- ./homepage:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${DATA_ROOT}:/data
restart: always
command: [sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"]
labels:
- traefik.enable=true
- traefik.http.routers.homepage.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
- traefik.http.routers.homepage.tls=true
- traefik.http.routers.homepage.tls.certresolver=myresolver
- traefik.http.services.homepage.loadbalancer.server.port=3000
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: always
environment:
- WATCHTOWER_CLEANUP=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
autoheal:
image: willfarrell/autoheal:latest
container_name: autoheal
restart: always
environment:
- AUTOHEAL_CONTAINER_LABEL=all
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
default:
name: docker-compose-nas