From 2bb4bfa3370331da5358c4334688b11f6669f4f9 Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 11 Oct 2025 15:52:07 +0200 Subject: [PATCH] music stack and general improvements --- docker-compose.yml | 6 +++- .../infrastructure/headscale/headscale.yml | 33 +++++++++++++++++++ .../uptime-kuma/uptime-kuma.yml | 3 +- .../infrastructure/web-finger/webfinger.yml | 21 ++++++++++++ project/media/calibre/calibre.yml | 1 - project/media/slskd/slskd.yml | 29 ++++++++++++++++ project/media/soularr/soularr.yml | 13 ++++++++ project/service/vaultwarden/vaultwarden.yml | 11 +++++-- 8 files changed, 111 insertions(+), 6 deletions(-) create mode 100644 project/infrastructure/headscale/headscale.yml create mode 100644 project/infrastructure/web-finger/webfinger.yml create mode 100644 project/media/slskd/slskd.yml create mode 100644 project/media/soularr/soularr.yml diff --git a/docker-compose.yml b/docker-compose.yml index a7bb5aa..d5e0484 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,12 +17,14 @@ include: - path: - ${INFRA_PATH}/authelia/authelia.yml - ${INFRA_PATH}/crowdsec/crowdsec.yml + # - ${INFRA_PATH}/headscale/headscale.yml - ${INFRA_PATH}/homepage/homepage.yml - ${INFRA_PATH}/speedtest/speedtest.yml - ${INFRA_PATH}/syncthing/syncthing.yml - ${INFRA_PATH}/traefik/traefik.yml - ${INFRA_PATH}/uptime-kuma/uptime-kuma.yml - ${INFRA_PATH}/watchtower/watchtower.yml + # - ${INFRA_PATH}/web-finger/webfinger.yml env_file: ${INFRA_PATH}/.env - path: @@ -35,12 +37,14 @@ include: - ${MEDIA_PATH}/audiobookshelf/audiobookshelf.yml - ${MEDIA_PATH}/calibre/calibre.yml - ${MEDIA_PATH}/immich/immich.yml + - ${MEDIA_PATH}/kiwix/kiwix.yml - ${MEDIA_PATH}/lidarr/lidarr.yml - ${MEDIA_PATH}/navidrome/navidrome.yml - ${MEDIA_PATH}/prowlarr/prowlarr.yml - ${MEDIA_PATH}/qbittorrent/qbittorrent.yml - ${MEDIA_PATH}/readarr/readarr.yml - - ${MEDIA_PATH}/kiwix/kiwix.yml + - ${MEDIA_PATH}/slskd/slskd.yml + - ${MEDIA_PATH}/soularr/soularr.yml env_file: ${MEDIA_PATH}/.env - path: diff --git a/project/infrastructure/headscale/headscale.yml b/project/infrastructure/headscale/headscale.yml new file mode 100644 index 0000000..2f97b6a --- /dev/null +++ b/project/infrastructure/headscale/headscale.yml @@ -0,0 +1,33 @@ +services: + headscale: + extends: + file: ${TEMPLATES_PATH} + service: default + image: docker.io/headscale/headscale:sha-474ea236-debug + container_name: headscale + ports: + - 3001:8080 + - 3002:9090 + networks: + - ip4net + - ip6net + environment: + - DOMAIN=${PUBLIC_DOMAIN} + - CLIENT_SECRET_OIDC=${HEADSCALE_CLIENT_SECRET_OIDC} + - HEADSCALE_CLI_ADDRESS="https://headscale.${PUBLIC_DOMAIN}:443" + - HEADSCALE_CLI_API_KEY="ksC2HnX.3Rv5a2n32Rfgi8aWeaXhp6lAfAwG_NAq" + volumes: + - ${INFRA_PATH}/headscale/config:/etc/headscale + - ${INFRA_PATH}/headscale/lib:/var/lib/headscale + - ${INFRA_PATH}/headscale/data:/var/lib/headscale + command: serve + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.headscale.entrypoints=https" + - "traefik.http.routers.headscale.tls=true" + - "traefik.http.services.headscale.loadbalancer.server.port=8080" + - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file" diff --git a/project/infrastructure/uptime-kuma/uptime-kuma.yml b/project/infrastructure/uptime-kuma/uptime-kuma.yml index 8c4844d..7dca4fc 100644 --- a/project/infrastructure/uptime-kuma/uptime-kuma.yml +++ b/project/infrastructure/uptime-kuma/uptime-kuma.yml @@ -14,6 +14,7 @@ services: TZ: ${TZ} volumes: - ${INFRA_PATH}/uptime-kuma/config:/app/data + - /var/run/docker.sock:/var/run/docker.sock ports: - 5001:3001 networks: @@ -26,4 +27,4 @@ services: - "traefik.enable=true" - "traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.${LOCAL_DOMAIN}`)" - "traefik.http.routers.uptime-kuma.entrypoints=https" - - "traefik.http.routers.uptime-kuma.tls=true" \ No newline at end of file + - "traefik.http.routers.uptime-kuma.tls=true" diff --git a/project/infrastructure/web-finger/webfinger.yml b/project/infrastructure/web-finger/webfinger.yml new file mode 100644 index 0000000..b38b35d --- /dev/null +++ b/project/infrastructure/web-finger/webfinger.yml @@ -0,0 +1,21 @@ +services: + webfinger: + extends: + file: ${TEMPLATES_PATH} + service: default + image: peeley/carpal + container_name: webfinger + ports: + - 8888:8008 + networks: + - ip6net + volumes: + - ${INFRA_PATH}/web-finger/config/:/etc/carpal/resources + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.webfinger.rule=Host(`${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.webfinger.entrypoints=https" + - "traefik.http.routers.webfinger.tls=true" diff --git a/project/media/calibre/calibre.yml b/project/media/calibre/calibre.yml index 4963eb0..ee7c0b3 100644 --- a/project/media/calibre/calibre.yml +++ b/project/media/calibre/calibre.yml @@ -39,7 +39,6 @@ services: volumes: - ${EXTERNAL_STORAGE}/media/books:/books - ${MEDIA_PATH}/calibre/data:/config - # - ${MEDIA_PATH}/data/media/ebooks:/books ports: - 2008:8083 networks: diff --git a/project/media/slskd/slskd.yml b/project/media/slskd/slskd.yml new file mode 100644 index 0000000..dcf76b3 --- /dev/null +++ b/project/media/slskd/slskd.yml @@ -0,0 +1,29 @@ +services: + slskd: + extends: + file: ${TEMPLATES_PATH} + service: default + image: slskd/slskd + container_name: slskd + user: ${PUID}:${PGID} + ports: + - 2013:5031 # http + - 2014:5030 # https + - 50300:50300 # incoming connections + networks: + - ip4net + environment: + - SLSKD_REMOTE_CONFIGURATION=true + volumes: + - ${MEDIA_PATH}/slskd/config/slskd.yml:/app/slskd.yml + - ${MEDIA_PATH}/data/slskd_downloads:/app/downloads + - ${EXTERNAL_STORAGE}/media/music:/app/library + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.slskd.rule=Host(`slskd.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.slskd.entrypoints=https" + - 'traefik.http.routers.slskd.tls=true' + - 'traefik.http.services.slskd.loadbalancer.server.port=5030' diff --git a/project/media/soularr/soularr.yml b/project/media/soularr/soularr.yml new file mode 100644 index 0000000..6a8a5d6 --- /dev/null +++ b/project/media/soularr/soularr.yml @@ -0,0 +1,13 @@ +services: + soularr: + extends: + file: ${TEMPLATES_PATH} + service: default + image: mrusse08/soularr + container_name: soularr + user: ${PUID}:${PGID} + networks: + - ip4net + volumes: + - ${MEDIA_PATH}/soularr/data:/data + - ${MEDIA_PATH}/data/slskd_downloads:/downloads diff --git a/project/service/vaultwarden/vaultwarden.yml b/project/service/vaultwarden/vaultwarden.yml index 6b419d8..d56f8eb 100644 --- a/project/service/vaultwarden/vaultwarden.yml +++ b/project/service/vaultwarden/vaultwarden.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: vaultwarden/server:latest + image: vaultwarden/server container_name: vaultwarden ports: - 4018:80 @@ -11,10 +11,15 @@ services: - ip6net environment: DOMAIN: "https://vaultwarden.${PUBLIC_DOMAIN}" - SIGNUPS_ALLOWED: false + SIGNUPS_ALLOWED: false INVITATIONS_ALLOWED: false + SSO_ENABLED: false # for now sso does only help companies for role management and the master password is still necessary + SSO_ONLY: false + SSO_AUTHORITY: https://auth.${PUBLIC_DOMAIN} + SSO_SCOPES: profile email offline_access + SSO_CLIENT_ID: vaultwarden + SSO_CLIENT_SECRET: ${VAULTWARDEN_SSO_SECRET} volumes: - # - ${SERVICE_PATH}/vaultwarden/data:/data/ - ${EXTERNAL_STORAGE}/passwords:/data/ labels: # Watchtower