homelab-apps/services.jsonnet

202 lines
6.3 KiB
Plaintext

local compose = import 'compose.libsonnet';
local Compose = compose.Compose;
local Command = compose.Command;
local Port = compose.Port;
local MediaService = compose.MediaService;
local MediaMounts = compose.MediaMounts;
function(secrets={})
Compose({
gluetun: {
image: 'qmcgaw/gluetun',
cap_add: ['NET_ADMIN'],
devices: ['/dev/net/tun:/dev/net/tun'],
environment: {
TZ: 'America/New_York',
VPN_SERVICE_PROVIDER: 'custom',
VPN_TYPE: 'wireguard',
// VPN_PORT_FORWARDING: 'on',
// VPN_PORT_FORWARDING_PROVIDER: 'protonvpn',
VPN_ENDPOINT_IP: std.get(secrets, 'VPN_ENDPOINT_IP'),
VPN_ENDPOINT_PORT: std.get(secrets, 'VPN_ENDPOINT_PORT'),
WIREGUARD_PUBLIC_KEY: std.get(secrets, 'WIREGUARD_PUBLIC_KEY'),
WIREGUARD_PRIVATE_KEY: std.get(secrets, 'WIREGUARD_PRIVATE_KEY'),
WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'),
},
ports: [
// http proxy
// Port(8888),
// shadowsocks proxy
// Port(8388),
// Port(8388, kind='udp'),
],
webPort:: 8000,
volumes: { gluetun_data: '/gluetun' },
},
traefik: {
image: 'traefik:latest',
command: Command({
'log.level': 'ERROR',
'api.insecure': 'true',
'providers.docker': 'true',
'providers.docker.exposedbydefault': 'false',
'entrypoints.web.address': ':80',
'entrypoints.web-tls.address': ':443',
'entrypoints.web-tls.http.tls.domains[0].main': 'home.mat.services',
'entrypoints.web-tls.http.tls.domains[0].sans': '*.home.mat.services',
'entrypoints.web-tls.http.tls.certresolver': 'letsencrypt',
'certificatesresolvers.letsencrypt.acme.dnschallenge': true,
'certificatesresolvers.letsencrypt.acme.dnschallenge.provider': 'luadns',
'certificatesresolvers.letsencrypt.acme.email': 'mat@mat.services',
'certificatesresolvers.letsencrypt.acme.storage': '/letsencrypt/acme.json',
}),
docker:: true,
webPort:: 8080,
ports: [
Port(80),
Port(443),
],
environment: {
LUADNS_API_USERNAME: 'mat@mat.services',
LUADNS_API_TOKEN: std.get(secrets, 'LUADNS_API_TOKEN'),
},
traefik:: {
// 'traefik.http.routers.http-catchall.rule': 'hostregexp(`{host:.+}`)'
// 'traefik.http.routers.http-catchall.entrypoints': 'web'
// 'traefik.http.routers.http-catchall.middlewares': 'redirect-to-https'
// 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme': 'https'
},
volumes: { letsencrypt_data: '/letsencrypt' }
},
portainer: {
image: 'portainer/portainer-ce:latest',
docker:: true,
volumes: { portainer_portainer_data: '/data' },
webPort:: 9000,
// useful when traefik is having issues
// ports: [Port(9443)],
},
deluge: MediaService(
name='deluge',
env={ DELUGE_LOGLEVEL: 'error' },
mounts={ torrents: '/downloads' },
webPort=8112,
extras={ gluetun:: true },
),
prowlarr: MediaService(
name='prowlarr',
tag='develop',
webPort=9696,
mounts={
torrents: '/downloads',
'passport-5tb': '/passport-5tb',
'passport-1tb': '/passport-1tb',
},
extras={ gluetun:: true },
),
bazarr: MediaService(
name='bazarr',
webPort=6767,
mounts={
'passport-5tb': '/passport-5tb',
'passport-1tb': '/passport-1tb',
},
extras={ gluetun:: true },
),
radarr: MediaService(
name='radarr',
webPort=7878,
mounts={
'passport-5tb/movies': '/passport-5tb',
'passport-1tb/movies': '/passport-1tb',
torrents: '/downloads',
},
extras={ gluetun:: true },
),
sonarr: MediaService(
name='sonarr',
webPort=8989,
mounts={
'passport-5tb/tv': '/passport-5tb',
'passport-1tb/tv': '/passport-1tb',
torrents: '/downloads',
},
extras={ gluetun:: true },
),
plex: {
image: 'plexinc/pms-docker',
environment: {
TZ: 'America/New_York',
PLEX_CLAIM: std.get(secrets, 'PLEX_CLAIM'),
// ADVERTISE_IP: std.get(secrets, 'PLEX_ADVERTISE_IP'),
},
volumes: { media_plex_config: '/config' },
mounts:: MediaMounts({
'torrents/plex-transcode': '/transcode',
'passport-5tb': '/passport-5tb',
'passport-1tb': '/passport-1tb',
}),
devices: ['/dev/dri:/dev/dri'],
webPort:: 32400,
ports: [
// plex
Port(32400),
// companion
Port(3005),
// dlna
Port(32469),
Port(1900, kind='udp'),
// gdm network discovery
Port(32410, kind='udp'),
Port(32412, kind='udp'),
Port(32413, kind='udp'),
Port(32414, kind='udp'),
// bonjour/avahi
// Port(5353, kind='udp'),
// plex for roku via companion
// Port(8324),
],
},
archivebox: {
image: 'archivebox/archivebox:dev',
command: 'server --quick-init 0.0.0.0:8000',
// TODO: hack to workaround https://github.com/ArchiveBox/ArchiveBox/issues/1002
// entrypoint: '/bin/bash',
// command: '-c "chown -R archivebox:archivebox /app/archivebox/core/migrations && /app/bin/docker_entrypoint.sh server --quick-init 0.0.0.0:8000"',
environment: {
ALLOWED_HOSTS: '*',
MEDIA_MAX_SIZE: '750m',
RESOLUTION: '1024,768',
},
mounts:: MediaMounts({ 'passport-5tb/archivebox': '/data' }),
webPort:: 8000,
host:: 'archive',
},
firefly: {
image: 'fireflyiii/core:latest',
environment: {
DB_CONNECTION: 'sqlite',
APP_DEBUG: true,
SITE_OWNER: 'mat@mat.services',
APP_KEY: std.get(secrets, 'FIREFLY_APP_KEY'),
TZ: 'America/New_York',
TRUSTED_PROXIES: '**',
},
volumes: {
firefly_data: '/storage',
firefly_uploads: '/var/www/html/storage/upload',
},
webPort:: 8080,
},
actual: {
image: 'jlongster/actual-server:latest',
environment: {
userFilesPath: '/data/user',
serverFilesPath: '/data/server',
externalPort: 5006,
},
volumes: { actual_data: '/data' },
webPort:: 5006,
},
})