akanealw/dockerserver-scott
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rearranged

Browse Source
This commit is contained in:
akanealw
2024-04-07 06:57:00 -05:00
parent 590dabe3dd
commit 65f2f22676
11 changed files with 50 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
mixed/.env Executable file
View File

@@ -0,0 +1,16 @@
#GLOBAL SETTINGS
COMPOSE_HTTP_TIMEOUT=120
COMPOSE_IGNORE_ORPHANS=1
DOCKER_CONFIGS=.
DOCKERGID=999
DOCKERHOSTNAME=DockerServer
DOCKERLOGGING_MAXFILE=10
DOCKERLOGGING_MAXSIZE=200k
PGID=1000
PUID=1000
UMASK=000
TZ=America/Chicago
#DIRECTORY PATHS
MEDIA_DIR=/mnt/media
STORAGE_DIR=/mnt/storage

10
mixed/authelia/add-to-protected-domains.conf Executable file
View File

@@ -0,0 +1,10 @@
include /snippets/authelia-location.conf;
location / {
include /snippets/authelia-proxy.conf;
include /snippets/authelia-authrequest.conf;
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
}

4
mixed/authelia/auth.domain.conf Executable file
View File

@@ -0,0 +1,4 @@
location / {
include /snippets/authelia-proxy.conf;
proxy_pass $forward_scheme://$server:$port;
}

120
mixed/authelia/configuration.yml Executable file
View File

@@ -0,0 +1,120 @@
theme: dark
jwt_secret: yyArMUrcQx4KXJLZm454NS
default_redirection_url: https://auth.wettsten.com
server:
host: 0.0.0.0
port: 9091
path: ""
read_buffer_size: 4096
write_buffer_size: 4096
enable_pprof: false
enable_expvars: false
disable_healthcheck: false
tls:
key: ""
certificate: ""
ntp:
address: "0.debian.pool.ntp.org:123"
version: 3
max_desync: 3s
disable_startup_check: true
disable_failure: true
log:
level: info
totp:
disable: false
issuer: wettsten.com
algorithm: sha1
digits: 6
period: 30
skew: 1
secret_size: 32
authentication_backend:
disable_reset_password: true
refresh_interval: 5m
file:
path: /config/users_database.yml
password:
algorithm: argon2id
iterations: 1
salt_length: 16
parallelism: 8
memory: 65536
access_control:
default_policy: deny
networks:
- name: internal
networks:
- '10.8.0.0/24'
- '172.16.0.0/12'
- '192.168.0.0/16'
rules:
## bypass all domains and subdomains from local ips
- domain:
- wettsten.com
- "*.wettsten.com"
networks:
- 'internal'
policy: bypass
## bypass api for subdomains
- domain:
- "*.wettsten.com"
resources:
- "^/api([/?].*)?$"
- "^/add([/?].*)?$"
- "^/public([/?].*)?$"
policy: bypass
# bypass subdomains
- domain:
- auth.wettsten.com
- bitwarden.wettsten.com
- jellyfin.wettsten.com
policy: bypass
# two_factor subdomains
- domain:
- wettsten.com
- "*.wettsten.com"
policy: two_factor
session:
name: authelia_session
domain: wettsten.com
same_site: lax
secret: MEMPBs5aRRDfWNRJLX6E
expiration: 6h
inactivity: 5m
remember_me_duration: 1w
regulation:
max_retries: 3
find_time: 10m
ban_time: 12h
storage:
local:
path: /config/db.sqlite3
encryption_key: iY7wSMosjZFQDAunYob3oShTcYCHtXx9
notifier:
disable_startup_check: true
smtp:
username: scott.wettstein@gmail.com
password: jsnwubgxkgaffjhf
host: smtp.gmail.com
port: 587
sender: scott.wettstein@gmail.com
identifier: dockerserver
subject: "[Authelia] {title}"
startup_check_address: scott.wettstein@gmail.com
disable_require_tls: false
disable_html_emails: false
tls:
skip_verify: false
minimum_version: TLS1.2

25
mixed/authelia/npnmsnippets/authelia-authrequest.conf Executable file
View File

@@ -0,0 +1,25 @@
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /authelia;
## Set the $target_url variable based on the original request.
## Comment this line if you're using nginx without the http_set_misc module.
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Uncomment this line if you're using NGINX without the http_set_misc module.
# set $target_url $scheme://$http_host$request_uri;
## Save the upstream response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the response headers from the variables into the request made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 =302 https://auth.wettsten.com/?rd=$target_url;

36
mixed/authelia/npnmsnippets/authelia-location.conf Executable file
View File

@@ -0,0 +1,36 @@
set $upstream_authelia http://authelia:9091/api/verify;
## Virtual endpoint created by nginx to forward auth requests.
location /authelia {
## Essential Proxy Configuration
internal;
proxy_pass $upstream_authelia;
## Headers
## The headers starting with X-* are required.
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Content-Length "";
proxy_set_header Connection "";
## Basic Proxy Configuration
proxy_pass_request_body off;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Timeout if the real server is dead
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
client_body_buffer_size 128k;
## Advanced Proxy Configuration
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

8
mixed/authelia/npnmsnippets/authelia-proxy.conf Executable file
View File

@@ -0,0 +1,8 @@
## Headers
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;

14
mixed/authelia/users_database.yml Executable file
View File

@@ -0,0 +1,14 @@
users:
wettsten:
displayname: "wettsten"
password: "$argon2id$v=19$m=65536,t=3,p=4$pdeSOsqnVZB7I03tvC5JvA$gfiVxDvz1NVQw2yqGwgcz/fOumms2+asiFi8QVk2D38"
email: scott.wettstein@gmail.com
groups:
- admins
akanealw:
displayname: "akanealw"
password: "$argon2id$v=19$m=65536,t=1,p=8$ZWJ2UGVPUDE2SnU0YXNvNg$Q3LQfN90kPI5/3Yr06WmTUjFbvIBBZPJP44YLhysT0M"
email: akanealw@gmail.com
groups:
- admins

12
mixed/ddclient/ddclient.conf Executable file
View File

@@ -0,0 +1,12 @@
# Even though we use -foreground, daemon= is still needed.
# It's value here is ignored, but it's needed. The value used is set in
# ddclient.in in the dockerfile.
daemon=0
verbose=no
ssl=yes
use=web, web=he # checkip.dns.he.net
protocol=cloudflare
login=token
password=zo9ZmkECbgjvucm21XI8oYIMwrnuJmSU7q8PM8jL
zone=wettsten.com
wettsten.com

432
mixed/docker-compose.yml Executable file
View File

@@ -0,0 +1,432 @@
services:
archivebox:
container_name: archivebox
image: archivebox/archivebox:dev
command: server --quick-init 0.0.0.0:8000
environment:
- ALLOWED_HOSTS=*
- MEDIA_MAX_SIZE=750m
- PUBLIC_ADD_VIEW=True
- PUBLIC_INDEX=True
- PUBLIC_SNAPSHOTS=False
- SAVE_TITLE=True
- SAVE_FAVICON=True
- SAVE_WGET=False
- SAVE_WARC=False
- SAVE_PDF=True
- SAVE_SCREENSHOT=True
- SAVE_DOM=False
- SAVE_SINGLEFILE=True
- SAVE_READABILITY=True
- SAVE_MERCURY=False
- SAVE_GIT=False
- SAVE_MEDIA=False
- SAVE_ARCHIVE_DOT_ORG=False
ports:
- 8000:8000
restart: always
volumes:
- ${DOCKER_CONFIGS}/archivebox/data:/data
authelia:
container_name: authelia
image: authelia/authelia
environment:
- TZ=${TZ}
ports:
- 9091:9091
restart: always
volumes:
- ${DOCKER_CONFIGS}/authelia/config:/config
bazarr:
container_name: bazarr
image: lscr.io/linuxserver/bazarr:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
- 6767:6767
restart: always
volumes:
- ${DOCKER_CONFIGS}/bazarr/config:/config
- ${MEDIA_DIR}:/media
ddclient:
container_name: ddclient
image: lscr.io/linuxserver/ddclient:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
restart: always
volumes:
- ${DOCKER_CONFIGS}/ddclient/config:/config
filebrowser:
container_name: filebrowser
image: filebrowser/filebrowser:latest
ports:
- 8484:80
restart: always
volumes:
- ${DOCKER_CONFIGS}/filebrowser/config/filebrowser.db:/database/filebrowser.db
- ${DOCKER_CONFIGS}/filebrowser/config/.filebrowser.json:/.filebrowser.json
- ${DOCKER_CONFIGS}/filebrowser/files:/srv
- ${STORAGE_DIR}:/storage
flaresolverr:
container_name: flaresolverr
image: ghcr.io/flaresolverr/flaresolverr:latest
environment:
- LOG_LEVEL=info
- LOG_HTML=false
- CAPTCHA_SOLVER=none
- TZ=${TZ}
ports:
- 9191:8191
restart: always
gluetun:
container_name: gluetun
image: qmcgaw/gluetun:v3.34
environment:
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=MLS9MpXipZq7mmFB0wfb7Guj8LUea4OSs8guHVlVfW8=
- WIREGUARD_ADDRESSES=10.64.173.92/32
- HTTPPROXY=on
- SERVER_COUNTRIES=USA
- TZ=${TZ}
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 3129:3129/tcp # Jdownloader
- 5800:5800/tcp # Jdownloader
- 8888:8888/tcp # HTTP proxy
- 8181:8080/tcp # SABnzbd
- 8282:8282/tcp # qBittorrent
restart: always
volumes:
- ${DOCKER_CONFIGS}/gluetun:/gluetun
jackett:
container_name: jackett
image: lscr.io/linuxserver/jackett:latest
environment:
- PGID=${PGID}
- PUID=${PUID}
- TZ=${TZ}
- UMASK=${UMASK}
- AUTO_UPDATE=true
ports:
- 9117:9117/tcp
restart: always
volumes:
- ${DOCKER_CONFIGS}/jackett/config:/config
- ${MEDIA_DIR}/downloads/torrents:/torrents
jdownloader:
container_name: jdownloader
image: jlesage/jdownloader-2:latest
environment:
- PGID=${PGID}
- PUID=${PUID}
- UMASK=${UMASK}
- TZ=${TZ}
- KEEP_APP_RUNNING=1
- CLEAN_TMP_DIR=1
- XDG_DOWNLOAD_DIR=/output
# - MYJD_USER=
# - MYJD_PASSWORD=
# - MYJD_DEVICE_NAME=dockerserver
network_mode: "service:gluetun"
depends_on:
- gluetun
restart: always
volumes:
- ${DOCKER_CONFIGS}/jdownloader/config:/config
- ${MEDIA_DIR}/downloads/jdownloader:/output
- /etc/localtime:/etc/localtime:ro
jellyfin:
container_name: jellyfin
image: lscr.io/linuxserver/jellyfin:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- JELLYFIN_PublishedServerUrl=192.168.86.243
network_mode: "host"
# ports:
# - 8096:8096
# - 8920:8920
# - 7359:7359/udp
# - 1900:1900/udp
restart: always
volumes:
- ${DOCKER_CONFIGS}/jellyfin/config:/config
- ${MEDIA_DIR}:/media
# jellyseerr:
# container_name: jellyseerr
# image: fallenbagel/jellyseerr:latest
# environment:
# - LOG_LEVEL=info
# - TZ=${TZ}
# ports:
# - 5056:5055
# restart: always
# volumes:
# - ${DOCKER_CONFIGS}/jellyseerr/config:/app/config
lidarr:
container_name: lidarr
image: lscr.io/linuxserver/lidarr:latest
environment:
- PGID=${PGID}
- PUID=${PUID}
- TZ=${TZ}
ports:
- 8686:8686
restart: always
volumes:
- ${DOCKER_CONFIGS}/lidarr/config:/config
- ${MEDIA_DIR}/Music:/music
- ${MEDIA_DIR}/downloads:/downloads
metube:
container_name: metube
image: alexta69/metube
environment:
- STATE_DIR=/config
- PUID=${PUID}
- PGID=${PGID}
ports:
- 8082:8081
restart: always
volumes:
- ${MEDIA_DIR}/downloads/youtubedl:/downloads
- ${DOCKER_CONFIGS}/metube/config:/config
monitorr:
container_name: monitorr
image: monitorr/monitorr:latest
environment:
- PGID=${PGID}
- PUID=${PUID}
- TZ=${TZ}
ports:
- 8084:80/tcp
restart: always
volumes:
- ${MEDIA_DIR}:/HD:ro
- ${DOCKER_CONFIGS}/monitorr/app:/app
- ${DOCKER_CONFIGS}/monitorr/config:/config
- /etc/localtime:/etc/localtime:ro
mstream:
container_name: mstream
image: lscr.io/linuxserver/mstream:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
- 3001:3000
restart: always
volumes:
- ${DOCKER_CONFIGS}/mstream/config:/config
- ${MEDIA_DIR}/Music:/music
nginxproxymanager:
container_name: nginxproxymanager
image: jc21/nginx-proxy-manager:2.9.22
environment:
- X_FRAME_OPTIONS=sameorigin
- DB_SQLITE_FILE=/data/database.sqlite
ports:
- 443:443/tcp
- 80:80/tcp
- 81:81/tcp
restart: always
volumes:
- ${DOCKER_CONFIGS}/nginxproxymanager/data:/data
- ${DOCKER_CONFIGS}/nginxproxymanager/letsencrypt:/etc/letsencrypt
- ${DOCKER_CONFIGS}/nginxproxymanager/snippets:/snippets:ro
- /etc/localtime:/etc/localtime:ro
nzbhydra:
container_name: nzbhydra
image: lscr.io/linuxserver/nzbhydra2:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
- 5076:5076
restart: always
volumes:
- ${DOCKER_CONFIGS}/nzbhydra/config:/config
- ${MEDIA_DIR}/downloads:/downloads
olivetin:
container_name: olivetin
image: jamesread/olivetin
user: root
ports:
- 1337:1337
restart: always
volumes:
- ${DOCKER_CONFIGS}/olivetin/config:/config
- /var/run/docker.sock:/var/run/docker.sock
organizr:
container_name: organizr
image: organizr/organizr:latest
environment:
- PGID=${PGID}
- PUID=${PUID}
- FPM=true
ports:
- 8085:80/tcp
restart: always
volumes:
- ${DOCKER_CONFIGS}/organizr/config:/config
- /etc/localtime:/etc/localtime:ro
prowlarr:
container_name: prowlarr
image: ghcr.io/linuxserver/prowlarr:develop
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
- 9696:9696
restart: always
volumes:
- ${DOCKER_CONFIGS}/prowlarr/config:/config
qbittorrent:
container_name: qbittorrent
image: lscr.io/linuxserver/qbittorrent:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- WEBUI_PORT=8282
network_mode: "service:gluetun"
depends_on:
- gluetun
restart: always
volumes:
- ${DOCKER_CONFIGS}/qbittorrent/config:/config
- ${MEDIA_DIR}/downloads:/downloads
- ${MEDIA_DIR}/downloads/torrents:/torrents
radarr:
container_name: radarr
image: lscr.io/linuxserver/radarr:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
- 7878:7878
restart: always
volumes:
- ${DOCKER_CONFIGS}/radarr/config:/config
- ${MEDIA_DIR}:/data
s-pdf:
container_name: spdf
image: frooodle/s-pdf
ports:
- 8086:8080
restart: always
sabnzbd:
container_name: sabnzbd
image: lscr.io/linuxserver/sabnzbd:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
network_mode: "service:gluetun"
depends_on:
- gluetun
restart: always
volumes:
- ${DOCKER_CONFIGS}/sabnzbd/config:/config
- ${MEDIA_DIR}/downloads:/downloads
- ${MEDIA_DIR}/downloads/nzbs:/nzbs
sonarr:
container_name: sonarr
image: lscr.io/linuxserver/sonarr:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
- 8989:8989
restart: always
volumes:
- ${DOCKER_CONFIGS}/sonarr/config:/config
- ${MEDIA_DIR}:/data
uptime-kuma:
container_name: uptime-kuma
image: louislam/uptime-kuma:1
ports:
- 3002:3001
restart: always
volumes:
- ${DOCKER_CONFIGS}/uptimekuma/data:/app/data
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
environment:
- TZ=${TZ}
# - ADMIN_TOKEN=x/7NNVrKQ4DwYhUGgZjMNWiZG32GZGH149xG2C8gYgIWkRDSOJvgpu4eNKsgt0Wf
- DATABASE_URL=data/db.sqlite3
- DISABLE_ADMIN_TOKEN=true
- DOMAIN=https://bitwarden.wettsten.com
- ENABLE_DB_WAL=true
- INVITATIONS_ALLOWED=false
- SHOW_PASSWORD_HINT=false
- SIGNUPS_ALLOWED=false
- SIGNUPS_VERIFY=false
- SMTP_PORT=587
- SMTP_SSL=true
ports:
- 8089:80/tcp
restart: always
volumes:
- ${DOCKER_CONFIGS}/vaultwarden/data:/data
- /etc/localtime:/etc/localtime:ro
vaultwarden-backup:
container_name: vaultwarden-backup
image: bruceforce/vaultwarden-backup
environment:
- BACKUP_DIR=/data/backups
- CRON_TIME=15 * * * *
- TIMESTAMP=true
- UID=${PUID}
- GID=${PGID}
depends_on:
- vaultwarden
init: true
restart: always
volumes:
- ${DOCKER_CONFIGS}/vaultwarden/data:/data
- /home/wettsten/backups/vaultwardenbackups:/data/backups
networks:
default:

8
mixed/filebrowser/.filebrowser.json Executable file
View File

@@ -0,0 +1,8 @@
{
"port": 80,
"baseURL": "",
"address": "",
"log": "stdout",
"database": "/database/filebrowser.db",
"root": "/truenas-storage"
}