music stack and general improvements

docker-compose.yml

@@ -17,12 +17,14 @@ include:
   - path:
       - ${INFRA_PATH}/authelia/authelia.yml
       - ${INFRA_PATH}/crowdsec/crowdsec.yml
+      # - ${INFRA_PATH}/headscale/headscale.yml
       - ${INFRA_PATH}/homepage/homepage.yml
       - ${INFRA_PATH}/speedtest/speedtest.yml
       - ${INFRA_PATH}/syncthing/syncthing.yml
       - ${INFRA_PATH}/traefik/traefik.yml
       - ${INFRA_PATH}/uptime-kuma/uptime-kuma.yml
       - ${INFRA_PATH}/watchtower/watchtower.yml
+      # - ${INFRA_PATH}/web-finger/webfinger.yml
     env_file: ${INFRA_PATH}/.env
 
   - path:
@@ -35,12 +37,14 @@ include:
       - ${MEDIA_PATH}/audiobookshelf/audiobookshelf.yml
       - ${MEDIA_PATH}/calibre/calibre.yml
       - ${MEDIA_PATH}/immich/immich.yml
+      - ${MEDIA_PATH}/kiwix/kiwix.yml
       - ${MEDIA_PATH}/lidarr/lidarr.yml
       - ${MEDIA_PATH}/navidrome/navidrome.yml
       - ${MEDIA_PATH}/prowlarr/prowlarr.yml
       - ${MEDIA_PATH}/qbittorrent/qbittorrent.yml
       - ${MEDIA_PATH}/readarr/readarr.yml
-      - ${MEDIA_PATH}/kiwix/kiwix.yml
+      - ${MEDIA_PATH}/slskd/slskd.yml
+      - ${MEDIA_PATH}/soularr/soularr.yml
     env_file: ${MEDIA_PATH}/.env
 
   - path:

project/infrastructure/headscale/headscale.yml

@@ -0,0 +1,33 @@
+services:
+  headscale:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: docker.io/headscale/headscale:sha-474ea236-debug
+    container_name: headscale 
+    ports:
+      - 3001:8080
+      - 3002:9090
+    networks: 
+      - ip4net
+      - ip6net
+    environment:
+      - DOMAIN=${PUBLIC_DOMAIN}
+      - CLIENT_SECRET_OIDC=${HEADSCALE_CLIENT_SECRET_OIDC}
+      - HEADSCALE_CLI_ADDRESS="https://headscale.${PUBLIC_DOMAIN}:443"
+      - HEADSCALE_CLI_API_KEY="ksC2HnX.3Rv5a2n32Rfgi8aWeaXhp6lAfAwG_NAq"
+    volumes:
+      - ${INFRA_PATH}/headscale/config:/etc/headscale
+      - ${INFRA_PATH}/headscale/lib:/var/lib/headscale
+      - ${INFRA_PATH}/headscale/data:/var/lib/headscale
+    command: serve
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.headscale.entrypoints=https"
+      - "traefik.http.routers.headscale.tls=true"
+      - "traefik.http.services.headscale.loadbalancer.server.port=8080"
+      - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"

project/infrastructure/uptime-kuma/uptime-kuma.yml

@@ -14,6 +14,7 @@ services:
       TZ: ${TZ}
     volumes:
       - ${INFRA_PATH}/uptime-kuma/config:/app/data
+      - /var/run/docker.sock:/var/run/docker.sock
     ports:
       - 5001:3001
     networks:

project/infrastructure/web-finger/webfinger.yml

@@ -0,0 +1,21 @@
+services:
+  webfinger:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: peeley/carpal 
+    container_name: webfinger 
+    ports:
+      - 8888:8008
+    networks: 
+      - ip6net
+    volumes:
+      - ${INFRA_PATH}/web-finger/config/:/etc/carpal/resources
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.webfinger.rule=Host(`${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.webfinger.entrypoints=https"
+      - "traefik.http.routers.webfinger.tls=true"

project/media/calibre/calibre.yml

@@ -39,7 +39,6 @@ services:
     volumes:
       - ${EXTERNAL_STORAGE}/media/books:/books
       - ${MEDIA_PATH}/calibre/data:/config
-      # - ${MEDIA_PATH}/data/media/ebooks:/books
     ports:
       - 2008:8083
     networks:

project/media/slskd/slskd.yml

@@ -0,0 +1,29 @@
+services:
+  slskd:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: slskd/slskd 
+    container_name: slskd
+    user: ${PUID}:${PGID}  
+    ports:
+      - 2013:5031 # http
+      - 2014:5030 # https
+      - 50300:50300 # incoming connections
+    networks:
+      - ip4net
+    environment:
+      - SLSKD_REMOTE_CONFIGURATION=true
+    volumes:
+      - ${MEDIA_PATH}/slskd/config/slskd.yml:/app/slskd.yml
+      - ${MEDIA_PATH}/data/slskd_downloads:/app/downloads
+      - ${EXTERNAL_STORAGE}/media/music:/app/library
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.slskd.rule=Host(`slskd.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.slskd.entrypoints=https"
+      - 'traefik.http.routers.slskd.tls=true'
+      - 'traefik.http.services.slskd.loadbalancer.server.port=5030'

project/media/soularr/soularr.yml

@@ -0,0 +1,13 @@
+services:
+  soularr:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: mrusse08/soularr 
+    container_name: soularr
+    user: ${PUID}:${PGID}  
+    networks:
+      - ip4net
+    volumes:
+      - ${MEDIA_PATH}/soularr/data:/data
+      - ${MEDIA_PATH}/data/slskd_downloads:/downloads

project/service/vaultwarden/vaultwarden.yml

@@ -3,7 +3,7 @@ services:
     extends:
       file: ${TEMPLATES_PATH}
       service: default
-    image: vaultwarden/server:latest 
+    image: vaultwarden/server
     container_name: vaultwarden 
     ports:
       - 4018:80
@@ -13,8 +13,13 @@ services:
       DOMAIN: "https://vaultwarden.${PUBLIC_DOMAIN}"
       SIGNUPS_ALLOWED: false 
       INVITATIONS_ALLOWED: false
+      SSO_ENABLED: false # for now sso does only help companies for role management and the master password is still necessary 
+      SSO_ONLY: false 
+      SSO_AUTHORITY: https://auth.${PUBLIC_DOMAIN}
+      SSO_SCOPES: profile email offline_access
+      SSO_CLIENT_ID: vaultwarden
+      SSO_CLIENT_SECRET: ${VAULTWARDEN_SSO_SECRET}
     volumes:
-      # - ${SERVICE_PATH}/vaultwarden/data:/data/
       - ${EXTERNAL_STORAGE}/passwords:/data/
     labels:
       # Watchtower