inital copy from github repo

docker-compose.yml

@@ -0,0 +1,486 @@
+# /opt/docker-compose.yml
+---
+version: '2'
+services:
+#Plex server stats page
+  tautulli:
+    image: linuxserver/tautulli:latest
+    container_name: tautulli
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+    volumes:
+      - /opt/appdata/tautulli:/config
+      - /opt/appdata/tautulli/Library/Application\ Support/Plex\ Media\ Server/Logs:/logs
+    ports:
+      - 8181:8181
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=tautulli"
+      - "traefik.frontend.rule=Host:plexstats.${DOMAINNAME}"
+      - "traefik.port=8181"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    restart: unless-stopped
+#Grabber, manage TV shows  
+  sonarr:
+    image: linuxserver/sonarr:latest
+    container_name: sonarr
+    volumes:
+      - /opt/appdata/sonarr:/config
+      - /mnt/storage/tv:/tv
+      - /downloads/:/downloads
+      - /downloads/complete/tv_import:/tv_import
+    ports:
+      - 27021:8989
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=sonarr"
+      - "traefik.frontend.rule=Host:sonarr.${DOMAINNAME}"  #
+      - "traefik.port=8989"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    restart: always
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+#Grabber, manage movies 
+  radarr:
+    image: linuxserver/radarr:latest
+    container_name: radarr
+    volumes:
+      - /opt/appdata/radarr:/config
+      - /downloads:/downloads
+      - /mnt/storage/movies:/movies
+      - /downloads/watch:/watch
+    ports:
+      - 7878:7878
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=radarr"
+      - "traefik.frontend.rule=Host:radarr.${DOMAINNAME}"  #
+      - "traefik.port=7878"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    restart: always
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+#Manager, Used to maintain docker containers  
+  portainer:
+    image: portainer/portainer:latest
+    container_name: portainer
+    ports:
+      - 9000:9000
+    volumes:
+      - /opt/appdata/portainer:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /opt/appdata/shared:/shared
+    environment:
+      - TZ=${TZ}
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=false"
+      - "traefik.backend=portainer"
+      - "traefik.frontend.rule=Host:portainer.${DOMAINNAME}"
+      - "traefik.port=9000"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true" 
+      - "docker.group=internal"
+    restart:
+      always   
+#Indexer, Used by managers to query sites for content  
+  jackett:
+    image: linuxserver/jackett:latest
+    container_name: jackett
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ} 
+    volumes:
+      - /opt/appdata/jackett:/config
+      - /downloads:/downloads
+    ports:
+      - 9117:9117
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=jackett"
+      - "traefik.frontend.rule=Host:jackett.${DOMAINNAME}"  #
+      - "traefik.port=9117"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=internal"
+    restart: always
+#Reverse Proxy, Used to route applications to domain  
+  traefik:
+    hostname: traefik
+    image: traefik:v1.7
+    container_name: traefik
+    restart: always
+    domainname: ${DOMAINNAME}
+    networks:
+      - default
+      - traefik_proxy1
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=traefik"
+      - "traefik.frontend.rule=Host:traefik.${DOMAINNAME}" 
+      - "traefik.port=80"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}"
+      - "docker.group=internal"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /home/dockeruser/traefik:/etc/traefik
+      - /opt/appdata/shared:/shared
+      - /opt/appdata/traefik:/var/log
+      - /opt/appdata/traefik/tmp:/tmp    
+#fail2ban - ban IPs after so many failed attempts
+  fail2ban:
+    hostname: fail2ban
+    image: crazymax/fail2ban:latest
+    container_name: fail2ban
+    network_mode: "host"
+    cap_add:
+    - NET_ADMIN
+    - NET_RAW
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ} 
+    volumes:
+    - /var/log:/var/log:ro
+    - /opt/appdata/fail2ban/data:/data
+    - /opt/appdata/shared:/shared
+    restart: always  
+#Downloader, pull in content from torrents & hide traffic behind VPN  
+  arch-deluge:
+    image: binhex/arch-delugevpn:latest
+    container_name: arch-deluge
+    ports:
+      - 8112:8112 
+      - 8118:8118 
+      - 58846:58846 
+      - 58946:58946 
+    cap_add:
+      - NET_ADMIN
+    networks:
+      - traefik_proxy1
+    volumes:
+      - /opt/appdata/arch-deluge:/config
+      - /downloads:/downloads
+      - /mnt/storage:/mnt/storage
+      - /opt/appdata/shared:/shared
+      - /opt/appdata/arch-deluge/data:/data
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}    
+      - VPN_ENABLED=yes
+      - VPN_USER=${VPN_USER}
+      - VPN_PASS=${VPN_PASS}
+      - VPN_PROV=custom
+     #- VPN_OPTIONS=<additional openvpn cli options> 
+      - STRICT_PORT_FORWARD=yes
+      - ENABLE_PRIVOXY=yes
+      - LAN_NETWORK=192.168.0.100/24
+      - NAME_SERVERS=103.86.96.100, 103.86.99.100
+      - DELUGE_DAEMON_LOG_LEVEL=error
+      - DELUGE_WEB_LOG_LEVEL=error
+      - DEBUG=true
+      - UMASK=000
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=arch-deluge"
+      - "traefik.frontend.rule=Host:deluge.${DOMAINNAME}"
+      - "traefik.port=8112"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    privileged: true
+    restart: unless-stopped
+#updated version of plex requests  
+  ombi:
+    image: linuxserver/ombi
+    container_name: ombi
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+      - BASE_URL=/ombi #optional
+    volumes:
+      - /opt/appdata/ombi:/config
+      - /opt/appdata/shared:/shared
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=ombi"
+      - "traefik.frontend.rule=Host:requests.${DOMAINNAME}"  #
+      - "traefik.port=3579"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    ports:
+      - 3579:3579
+    restart: unless-stopped
+#NZBGet - usenet downloader
+  nzbget:
+    image: linuxserver/nzbget:latest
+    container_name: nzbget
+    volumes:
+      - /opt/appdata/nzbget/config:/config
+      - /opt/appdata/nzbget/data:/data
+      - /downloads:/downloads
+      - /opt/appdata/shared:/shared
+    ports:
+      - 27020:6789
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=nzbget"
+      - "traefik.frontend.rule=Host:nzbget.${DOMAINNAME}"  #
+      - "traefik.port=6789"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    restart: always
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+#Data Metrics: https://docs.docker.com/samples/library/influxdb/ 
+  influxdb:
+    image: influxdb:latest
+    container_name: influxdb
+    restart: always
+    ports:
+      - 8086:8086
+      - 8083:8083
+      - 8090:8090/udp
+    volumes:
+      - /opt/appdata/influxdb/lib:/var/lib/influxdb
+      - /opt/appdata/influxdb/:/etc/influxdb/
+      - /opt/appdata/shared:/shared
+    restart:
+      always
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+ #Server Metrics: https://github.com/grafana/grafana/tree/master/packaging/docker
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: always
+    user: "104"
+    links:
+      - influxdb
+    ports:
+      - 3001:3000
+    networks:
+      - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=grafana"
+      - "traefik.frontend.rule=Host:grafana.${DOMAINNAME}"  #
+      - "traefik.port=3000"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    volumes:
+      - /opt/appdata/grafana/var:/var/lib/grafana
+      - /opt/appdata/grafana:/etc/grafana
+      - /opt/appdata/shared:/shared
+    restart:
+      always
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+      - GF_INSTALL_PLUGINS=${GF_INSTALL_PLUGINS}
+ #Server Metrics: feeds to influxdb 
+  telegraf:
+    image: telegraf:latest
+    container_name: telegraf
+    links:
+      - influxdb
+    volumes:
+      - /opt/appdata/telegraf:/var/lib/telegraf
+      - /opt/appdata/telegraf/:/etc/telegraf/
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart:
+      always
+ #tdarr - convert / transcode video files 
+  tdarr_aio:
+    image: haveagitgat/tdarr_aio
+    container_name: tdarr_aio
+    ports:
+      -  8265:8265
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+    volumes:
+      - /opt/appdata/tdarr:/home/Tdarr/Documents/Tdarr
+      - /downloads/tdarrDB:/var/lib/mongodb
+      - /mnt/storage:/home/Tdarr/media
+      - /mnt/storage/movies:/home/Tdarr/media/movies
+      - /mnt/storage/tv:/home/Tdarr/media/tv
+      - /downloads/tdarrDB/cache:/home/Tdarr/cache
+      - /etc/localtime:/etc/localtime:ro
+    restart:
+      always
+  lidarr:
+    image: linuxserver/lidarr
+    container_name: lidarr
+    ports:
+      -  8686:8686
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+    volumes:
+      - /opt/appdata/lidarr:/config
+      - /mnt/storage/music:/music
+      - /downloads:/downloads
+    restart:
+      always
+  gitea:
+    image: gitea/gitea:1.13.0
+    container_name: gitea
+    environment:
+      - USER_UID=${PUID}
+      - USER_GID=${PGID}
+    restart: always
+    networks:
+       - traefik_proxy1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.backend=gitea"
+      - "traefik.frontend.rule=Host:gitea.${DOMAINNAME}"  #
+      - "traefik.port=3000"
+      - "traefik.docker.network=traefik_proxy1"
+      - "traefik.frontend.headers.SSLRedirect=true"
+      - "traefik.frontend.headers.STSSeconds=315360000"
+      - "traefik.frontend.headers.browserXSSFilter=true"
+      - "traefik.frontend.headers.contentTypeNosniff=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.SSLHost=example.com"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.headers.STSPreload=true"
+      - "traefik.frontend.headers.frameDeny=true"
+      - "docker.group=external"
+    volumes:
+      - /opt/appdata/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "222:22"
+#Networks, Needed for Traefik    
+networks:
+  traefik_proxy1:
+      external: true
+  default:
+      driver: bridge