# /opt/docker-compose.yml # edited via neovim --- services: #Plex server stats page tautulli: image: linuxserver/tautulli:latest container_name: tautulli environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /opt/appdata/tautulli:/config - /opt/appdata/tautulli/Library/Application\ Support/Plex\ Media\ Server/Logs:/logs ports: - 8181:8181 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=tautulli" - "traefik.frontend.rule=Host:plexstats.${DOMAINNAME}" - "traefik.port=8181" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: unless-stopped #Grabber, manage TV shows sonarr: image: linuxserver/sonarr:latest container_name: sonarr volumes: - /opt/appdata/sonarr:/config - /mnt/storage/tv:/tv - /downloads/:/downloads - /download_portable/:/download_portable #- /downloads/complete/tv_import:/tv_import ports: - 27021:8989 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=sonarr" - "traefik.frontend.rule=Host:sonarr.${DOMAINNAME}" # - "traefik.port=8989" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} #Grabber, manage movies radarr: image: linuxserver/radarr:latest container_name: radarr volumes: - /opt/appdata/radarr:/config - /downloads:/downloads - /mnt/storage/movies:/movies - /downloads/watch:/watch - /download_portable/:/download_portable ports: - 7878:7878 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=radarr" - "traefik.frontend.rule=Host:radarr.${DOMAINNAME}" # - "traefik.port=7878" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} #Manager, Used to maintain docker containers portainer: image: portainer/portainer:latest container_name: portainer ports: - 9000:9000 volumes: - /opt/appdata/portainer:/data - /var/run/docker.sock:/var/run/docker.sock - /opt/appdata/shared:/shared environment: - TZ=${TZ} networks: - traefik_proxy1 labels: - "traefik.enable=false" - "traefik.backend=portainer" - "traefik.frontend.rule=Host:portainer.${DOMAINNAME}" - "traefik.port=9000" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=internal" restart: always #Indexer, Used by managers to query sites for content jackett: image: linuxserver/jackett:latest container_name: jackett environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /opt/appdata/jackett:/config - /downloads:/downloads ports: - 9117:9117 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=jackett" - "traefik.frontend.rule=Host:jackett.${DOMAINNAME}" # - "traefik.port=9117" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=internal" restart: always #Reverse Proxy, Used to route applications to domain traefik: hostname: traefik image: traefik:v1.7 container_name: traefik restart: always domainname: ${DOMAINNAME} networks: - default - traefik_proxy1 ports: - "80:80" - "443:443" - "8080:8080" labels: - "traefik.enable=true" - "traefik.backend=traefik" - "traefik.frontend.rule=Host:traefik.${DOMAINNAME}" - "traefik.port=80" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}" - "docker.group=internal" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /home/dockeruser/traefik:/etc/traefik - /opt/appdata/shared:/shared - /opt/appdata/traefik:/var/log - /opt/appdata/traefik/tmp:/tmp #fail2ban - ban IPs after so many failed attempts fail2ban: hostname: fail2ban image: crazymax/fail2ban:latest container_name: fail2ban network_mode: "host" cap_add: - NET_ADMIN - NET_RAW environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} volumes: - /var/log:/var/log:ro - /opt/appdata/fail2ban/data:/data - /opt/appdata/shared:/shared - /opt/appdata/traefik:/var/log/traefik restart: always #Downloader, pull in content from torrents & hide traffic behind VPN arch-deluge: image: binhex/arch-delugevpn:latest container_name: arch-deluge ports: - 8112:8112 - 8118:8118 - 58846:58846 - 58946:58946 cap_add: - NET_ADMIN networks: - traefik_proxy1 volumes: - /opt/appdata/arch-deluge:/config - /downloads:/downloads - /download_portable/complete:/downloads/complete - /mnt/storage:/mnt/storage - /opt/appdata/shared:/shared - /opt/appdata/arch-deluge/data:/data environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - VPN_ENABLED=yes - VPN_USER=${VPN_USER} - VPN_PASS=${VPN_PASS} - VPN_PROV=custom #- VPN_OPTIONS= - STRICT_PORT_FORWARD=yes - ENABLE_PRIVOXY=yes - LAN_NETWORK=192.168.0.100/24 - NAME_SERVERS=103.86.96.100, 103.86.99.100 - DELUGE_DAEMON_LOG_LEVEL=error - DELUGE_WEB_LOG_LEVEL=error - DEBUG=true - UMASK=000 labels: - "traefik.enable=true" - "traefik.backend=arch-deluge" - "traefik.frontend.rule=Host:deluge.${DOMAINNAME}" - "traefik.port=8112" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" privileged: true restart: unless-stopped #updated version of plex requests ombi: image: linuxserver/ombi container_name: ombi environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - BASE_URL=/ombi #optional volumes: - /opt/appdata/ombi:/config - /opt/appdata/shared:/shared networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=ombi" - "traefik.frontend.rule=Host:requests.${DOMAINNAME}" # - "traefik.port=3579" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" ports: - 3579:3579 restart: unless-stopped #NZBGet - usenet downloader nzbget: image: linuxserver/nzbget:latest container_name: nzbget volumes: - /opt/appdata/nzbget/config:/config - /opt/appdata/nzbget/data:/data - /downloads:/downloads - /opt/appdata/shared:/shared ports: - 27020:6789 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=nzbget" - "traefik.frontend.rule=Host:nzbget.${DOMAINNAME}" # - "traefik.port=6789" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} gitea: image: gitea/gitea:latest container_name: gitea environment: - USER_UID=${PUID} - USER_GID=${PGID} restart: always networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=gitea" - "traefik.frontend.rule=Host:gitea.${DOMAINNAME}" # - "traefik.port=3000" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" volumes: - /opt/appdata/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "222:22" book-readarr: image: lscr.io/linuxserver/readarr:develop container_name: book-readarr volumes: - /opt/appdata/book-readarr:/config - /downloads:/downloads - /mnt/storage/books:/books - /downloads/watch:/watch - /download_portable/:/download_portable ports: - 8787:8787 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=book-readarr" - "traefik.frontend.rule=Host:book-readarr.${DOMAINNAME}" # - "traefik.port=8787" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} audio-readarr: image: lscr.io/linuxserver/readarr:develop container_name: audio-readarr volumes: - /opt/appdata/audio-readarr:/config - /downloads:/downloads - /mnt/storage/books:/books - /downloads/watch:/watch - /download_portable/:/download_portable ports: - 8888:8787 networks: - traefik_proxy1 labels: - "traefik.enable=true" - "traefik.backend=audio-readarr" - "traefik.frontend.rule=Host:audio-readarr.${DOMAINNAME}" # - "traefik.port=8787" - "traefik.docker.network=traefik_proxy1" - "traefik.frontend.headers.SSLRedirect=true" - "traefik.frontend.headers.STSSeconds=315360000" - "traefik.frontend.headers.browserXSSFilter=true" - "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.frontend.headers.forceSTSHeader=true" - "traefik.frontend.headers.SSLHost=example.com" - "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.frontend.headers.STSPreload=true" - "traefik.frontend.headers.frameDeny=true" - "docker.group=external" restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} calibre: image: lscr.io/linuxserver/calibre:latest container_name: calibre volumes: - /opt/appdata/calibre:/config - /mnt/storage/books:/books ports: - 8090:8080 - 8191:8181 - 8091:8081 networks: - traefik_proxy1 restart: always environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} #Networks, Needed for Traefik networks: traefik_proxy1: #external: true default: driver: bridge