All compose files

This commit is contained in:
root 2026-05-04 16:33:38 +01:00
commit e7585272a6
13 changed files with 520 additions and 0 deletions

View file

@ -0,0 +1,14 @@
services:
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
restart: unless-stopped
command: tunnel --no-autoupdate run
environment:
- TUNNEL_TOKEN=eyJhIjoiZjg2YzAzZTQwNzFlNjZhYjc2Yzg5ZDQ3OTNmMGM1YjAiLCJ0IjoiZmMyNWNjMzMtNjZmOC00MDU5LTg4ZDMtM2I5NWY4NDIzODAyIiwicyI6Ill6bGhObVV3TVRjdFpHUXdNaTAwT1RBM0xXRXhaRE10WVRBNE5tUmpOVGszTW1ZNCJ9
networks:
- traefik
networks:
traefik:
external: true

68
immich/docker-compose.yml Normal file
View file

@ -0,0 +1,68 @@
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:release
volumes:
- /mnt/truenas/media/immich:/usr/src/app/upload
- /mnt/truenas/media/immich/library:/mnt/import:ro
- /etc/localtime:/etc/localtime:ro
environment:
- DB_HOSTNAME=immich_postgres
- DB_USERNAME=immich
- DB_PASSWORD=wnAtOcXH+dxG0xLPtZonv2pPTtlkIw1fRz26GMNQ7ag=
- DB_DATABASE_NAME=immich
- REDIS_HOSTNAME=immich_redis
depends_on:
- redis
- database
networks:
- traefik
- internal
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.immich.rule=Host(`immich.lan.krilio.net`) || Host(`immich.krilio.net`)"
- "traefik.http.routers.immich.tls.certresolver=cloudflare"
- "traefik.http.services.immich.loadbalancer.server.port=2283"
immich-machine-learning:
container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:release
volumes:
- immich_model_cache:/cache
networks:
- internal
restart: unless-stopped
redis:
container_name: immich_redis
image: docker.io/redis:6.2-alpine
networks:
- internal
restart: unless-stopped
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
environment:
POSTGRES_PASSWORD: wnAtOcXH+dxG0xLPtZonv2pPTtlkIw1fRz26GMNQ7ag=
POSTGRES_USER: immich
POSTGRES_DB: immich
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
- immich_pgdata:/var/lib/postgresql/data
networks:
- internal
restart: unless-stopped
volumes:
immich_model_cache:
immich_pgdata:
networks:
traefik:
external: true
internal:
internal: true

View file

@ -0,0 +1,29 @@
services:
jellyfin:
image: jellyfin/jellyfin:latest
container_name: jellyfin
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Lisbon
volumes:
- jellyfin_config:/config
- jellyfin_cache:/cache
- /mnt/truenas/media/movies:/media/movies:ro
- /mnt/truenas/media/series:/media/series:ro
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.lan.krilio.net`)"
- "traefik.http.routers.jellyfin.tls.certresolver=cloudflare"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
volumes:
jellyfin_config:
jellyfin_cache:
networks:
traefik:
external: true

View file

@ -0,0 +1,77 @@
name: opencloud
services:
opencloud:
image: opencloudeu/opencloud-rolling:latest
container_name: opencloud
restart: unless-stopped
command: ["server"]
environment:
- OC_URL=https://cloud.krilio.net
- OC_LOG_LEVEL=error
- OC_INSECURE=false
- PROXY_TLS=false
- PROXY_HTTP_ADDR=0.0.0.0:9200
- INITIAL_ADMIN_PASSWORD=dVnzfCKamzuv1RluijV1l59uU/mwtW9O
- COLLABORATION_WOPI_SRC=https://wopiserver.krilio.net
- COLLABORATION_WOPI_SECRET=32522ab288fd6c77bee76d7d304443c5cdbf6a83e007754f62398194a766040f
- OC_WOPI_SECRET=32522ab288fd6c77bee76d7d304443c5cdbf6a83e007754f62398194a766040f
- OC_ADD_RUN_SERVICES=collaboration
- APP_REGISTRY_MIMETYPES_JSON=[{"mime_type":"application/vnd.oasis.opendocument.text","extension":"odt","name":"OpenDocument Text","description":"OpenDocument Text","icon":"","default_app":"Collabora","allow_creation":true},{"mime_type":"application/vnd.oasis.opendocument.spreadsheet","extension":"ods","name":"OpenDocument Spreadsheet","description":"OpenDocument Spreadsheet","icon":"","default_app":"Collabora","allow_creation":true},{"mime_type":"application/vnd.oasis.opendocument.presentation","extension":"odp","name":"OpenDocument Presentation","description":"OpenDocument Presentation","icon":"","default_app":"Collabora","allow_creation":true}]
- COLLABORATION_APP_NAME=Collabora
- COLLABORATION_APP_PRODUCT=Collabora
- COLLABORATION_APP_ICON=image-edit
- COLLABORATION_APP_DESCRIPTION=Collabora Online
- COLLABORATION_APP_ADDR=https://collabora.krilio.net
- PROXY_CSP_CONFIG_FILE_LOCATION=/etc/opencloud/csp.yaml
- COLLABORATION_HTTP_ADDR=0.0.0.0:9300
- COLLABORATION_APP_PROOF_DISABLE=true
volumes:
- /mnt/truenas/services/opencloud:/var/lib/opencloud
- opencloud_config:/etc/opencloud
- /etc/localtime:/etc/localtime:ro
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.opencloud.rule=Host(`cloud.krilio.net`) || Host(`cloud.lan.krilio.net`)"
- "traefik.http.routers.opencloud.tls.certresolver=cloudflare"
- "traefik.http.routers.opencloud.service=opencloud"
- "traefik.http.services.opencloud.loadbalancer.server.port=9200"
- "traefik.http.routers.wopiserver.rule=Host(`wopiserver.krilio.net`)"
- "traefik.http.routers.wopiserver.tls.certresolver=cloudflare"
- "traefik.http.routers.wopiserver.service=wopiserver"
- "traefik.http.services.wopiserver.loadbalancer.server.port=9300"
collabora:
image: collabora/code:latest
container_name: collabora
restart: unless-stopped
environment:
- DONT_GEN_SSL_CERT=YES
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:net.frame_ancestors=https://cloud.krilio.net
- server_name=collabora.krilio.net
- aliasgroup1=https://cloud.krilio.net
- aliasgroup2=https://wopiserver.krilio.net
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.rule=Host(`collabora.krilio.net`)"
- "traefik.http.routers.collabora.tls.certresolver=cloudflare"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
- "traefik.http.middlewares.collabora-ws.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.collabora.middlewares=collabora-ws"
- "traefik.http.middlewares.collabora-ws.headers.customrequestheaders.Upgrade=websocket"
- "traefik.http.middlewares.collabora-ws.headers.customrequestheaders.Connection=Upgrade"
extra_hosts:
- "wopiserver.krilio.net:10.0.0.210"
- "cloud.krilio.net:10.0.0.210"
networks:
traefik:
external: true
volumes:
opencloud_config:
external: true

View file

@ -0,0 +1,21 @@
services:
pingvin:
image: stonith404/pingvin-share:latest
container_name: pingvin
restart: unless-stopped
volumes:
- /mnt/truenas/services/sharing:/opt/app/backend/data
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.pingvin.rule=Host(`share.krilio.net`)"
- "traefik.http.routers.pingvin.tls.certresolver=cloudflare"
- "traefik.http.services.pingvin.loadbalancer.server.port=3000"
volumes:
pingvin_data:
networks:
traefik:
external: true

View file

@ -0,0 +1,22 @@
services:
portainer:
image: portainer/portainer-ee:latest
container_name: portainer
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`docker.lan.krilio.net`)"
- "traefik.http.routers.portainer.tls.certresolver=cloudflare"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
volumes:
portainer_data:
networks:
traefik:
external: true

View file

@ -0,0 +1,27 @@
services:
qbt-luis:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbt-luis
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Lisbon
- WEBUI_PORT=8080
volumes:
- qbt_luis_config:/config
- /mnt/truenas/common/luis/downloads:/downloads
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbt-luis.rule=Host(`qbt-luis.lan.krilio.net`)"
- "traefik.http.routers.qbt-luis.tls.certresolver=cloudflare"
- "traefik.http.services.qbt-luis.loadbalancer.server.port=8080"
volumes:
qbt_luis_config:
networks:
traefik:
external: true

View file

@ -0,0 +1,27 @@
services:
qbt-nuno:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbt-nuno
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Lisbon
- WEBUI_PORT=8080
volumes:
- qbt_nuno_config:/config
- /mnt/truenas/common/nuno/downloads:/downloads
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbt-nuno.rule=Host(`qbt-nuno.lan.krilio.net`)"
- "traefik.http.routers.qbt-nuno.tls.certresolver=cloudflare"
- "traefik.http.services.qbt-nuno.loadbalancer.server.port=8080"
volumes:
qbt_nuno_config:
networks:
traefik:
external: true

View file

@ -0,0 +1,25 @@
services:
syncthing:
image: syncthing/syncthing:latest
container_name: syncthing
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
volumes:
- /mnt/truenas/services/syncthing:/var/syncthing
networks:
- traefik
ports:
- "22000:22000/tcp"
- "22000:22000/udp"
- "21027:21027/udp"
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.rule=Host(`syncthing.lan.krilio.net`)"
- "traefik.http.routers.syncthing.tls.certresolver=cloudflare"
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
networks:
traefik:
external: true

124
traefik/certs/acme.json Normal file

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,26 @@
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- CF_DNS_API_TOKEN=cfut_t2nJ8mVi03MwcOgtWuW6fBblAAHGZO9CKLCorxh692dfbb33
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/traefik.yml:ro
- ./certs:/certs
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.lan.krilio.net`)"
- "traefik.http.routers.dashboard.tls.certresolver=cloudflare"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$05$$OUrPkApOppUOhLW12R5ipOz1.6BffYwGXn3CueSjF59wRRFJIddgS"
networks:
traefik:
external: true

35
traefik/traefik.yml Normal file
View file

@ -0,0 +1,35 @@
global:
checkNewVersion: false
sendAnonymousUsage: false
api:
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
middlewares: []
certificatesResolvers:
cloudflare:
acme:
email: nunoratchet@gmail.com
storage: /certs/acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
providers:
docker:
exposedByDefault: false
network: traefik

View file

@ -0,0 +1,25 @@
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
volumes:
- vaultwarden_data:/data
networks:
- traefik
environment:
- DOMAIN=https://vault.lan.krilio.net
- SIGNUPS_ALLOWED=true
- ADMIN_TOKEN=Ug0dkL40tGjqHvq1rbM0iFP44DjmV3zuhA08jkOy4MJlRmHQW6BkpPeVfsLJ87bu
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.rule=Host(`vault.lan.krilio.net`)"
- "traefik.http.routers.vaultwarden.tls.certresolver=cloudflare"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
volumes:
vaultwarden_data:
networks:
traefik:
external: true