local compose = import 'compose.libsonnet'; local Compose = compose.Compose; local Command = compose.Command; local Port = compose.Port; local MediaService = compose.MediaService; local MediaMounts = compose.MediaMounts; function(secrets={}) Compose({ gluetun: { image: 'qmcgaw/gluetun', cap_add: ['NET_ADMIN'], devices: ['/dev/net/tun:/dev/net/tun'], environment: { TZ: 'America/New_York', VPN_SERVICE_PROVIDER: 'custom', VPN_TYPE: 'wireguard', // VPN_PORT_FORWARDING: 'on', // VPN_PORT_FORWARDING_PROVIDER: 'protonvpn', VPN_ENDPOINT_IP: std.get(secrets, 'VPN_ENDPOINT_IP'), VPN_ENDPOINT_PORT: std.get(secrets, 'VPN_ENDPOINT_PORT'), WIREGUARD_PUBLIC_KEY: std.get(secrets, 'WIREGUARD_PUBLIC_KEY'), WIREGUARD_PRIVATE_KEY: std.get(secrets, 'WIREGUARD_PRIVATE_KEY'), WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'), }, ports: [ // http proxy // Port(8888), // shadowsocks proxy // Port(8388), // Port(8388, kind='udp'), ], webPort:: 8000, volumes: { gluetun_data: '/gluetun' }, }, traefik: { image: 'traefik:latest', command: Command({ 'log.level': 'ERROR', 'api.insecure': 'true', 'providers.docker': 'true', 'providers.docker.exposedbydefault': 'false', 'entrypoints.web.address': ':80', 'entrypoints.web-tls.address': ':443', 'entrypoints.web-tls.http.tls.domains[0].main': 'home.mat.services', 'entrypoints.web-tls.http.tls.domains[0].sans': '*.home.mat.services', 'entrypoints.web-tls.http.tls.certresolver': 'letsencrypt', 'certificatesresolvers.letsencrypt.acme.dnschallenge': true, 'certificatesresolvers.letsencrypt.acme.dnschallenge.provider': 'luadns', 'certificatesresolvers.letsencrypt.acme.email': 'mat@mat.services', 'certificatesresolvers.letsencrypt.acme.storage': '/letsencrypt/acme.json', }), docker:: true, webPort:: 8080, ports: [ Port(80), Port(443), ], environment: { LUADNS_API_USERNAME: 'mat@mat.services', LUADNS_API_TOKEN: std.get(secrets, 'LUADNS_API_TOKEN'), }, traefik:: { // 'traefik.http.routers.http-catchall.rule': 'hostregexp(`{host:.+}`)' // 'traefik.http.routers.http-catchall.entrypoints': 'web' // 'traefik.http.routers.http-catchall.middlewares': 'redirect-to-https' // 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme': 'https' }, volumes: { letsencrypt_data: '/letsencrypt' } }, portainer: { image: 'portainer/portainer-ce:latest', docker:: true, volumes: { portainer_portainer_data: '/data' }, webPort:: 9000, // useful when traefik is having issues // ports: [Port(9443)], }, deluge: MediaService( name='deluge', env={ DELUGE_LOGLEVEL: 'error' }, mounts={ torrents: '/downloads' }, webPort=8112, extras={ gluetun:: true }, ), prowlarr: MediaService( name='prowlarr', tag='develop', webPort=9696, mounts={ torrents: '/downloads', 'passport-5tb': '/passport-5tb', 'passport-1tb': '/passport-1tb', }, extras={ gluetun:: true }, ), bazarr: MediaService( name='bazarr', webPort=6767, mounts={ 'passport-5tb': '/passport-5tb', 'passport-1tb': '/passport-1tb', }, extras={ gluetun:: true }, ), radarr: MediaService( name='radarr', webPort=7878, mounts={ 'passport-5tb/movies': '/passport-5tb', 'passport-1tb/movies': '/passport-1tb', torrents: '/downloads', }, extras={ gluetun:: true }, ), sonarr: MediaService( name='sonarr', webPort=8989, mounts={ 'passport-5tb/tv': '/passport-5tb', 'passport-1tb/tv': '/passport-1tb', torrents: '/downloads', }, extras={ gluetun:: true }, ), plex: { image: 'plexinc/pms-docker', environment: { TZ: 'America/New_York', PLEX_CLAIM: std.get(secrets, 'PLEX_CLAIM'), // ADVERTISE_IP: std.get(secrets, 'PLEX_ADVERTISE_IP'), }, volumes: { media_plex_config: '/config' }, mounts:: MediaMounts({ 'torrents/plex-transcode': '/transcode', 'passport-5tb': '/passport-5tb', 'passport-1tb': '/passport-1tb', }), devices: ['/dev/dri:/dev/dri'], webPort:: 32400, ports: [ // plex Port(32400), // companion Port(3005), // dlna Port(32469), Port(1900, kind='udp'), // gdm network discovery Port(32410, kind='udp'), Port(32412, kind='udp'), Port(32413, kind='udp'), Port(32414, kind='udp'), // bonjour/avahi // Port(5353, kind='udp'), // plex for roku via companion // Port(8324), ], }, archivebox: { image: 'archivebox/archivebox:dev', command: 'server --quick-init 0.0.0.0:8000', // TODO: hack to workaround https://github.com/ArchiveBox/ArchiveBox/issues/1002 // entrypoint: '/bin/bash', // command: '-c "chown -R archivebox:archivebox /app/archivebox/core/migrations && /app/bin/docker_entrypoint.sh server --quick-init 0.0.0.0:8000"', environment: { ALLOWED_HOSTS: '*', MEDIA_MAX_SIZE: '750m', RESOLUTION: '1024,768', }, mounts:: MediaMounts({ 'passport-5tb/archivebox': '/data' }), webPort:: 8000, host:: 'archive', }, firefly: { image: 'fireflyiii/core:latest', environment: { DB_CONNECTION: 'sqlite', APP_DEBUG: true, SITE_OWNER: 'mat@mat.services', APP_KEY: std.get(secrets, 'FIREFLY_APP_KEY'), TZ: 'America/New_York', TRUSTED_PROXIES: '**', }, volumes: { firefly_data: '/storage', firefly_uploads: '/var/www/html/storage/upload', }, webPort:: 8080, }, actual: { image: 'jlongster/actual-server:latest', environment: { userFilesPath: '/data/user', serverFilesPath: '/data/server', externalPort: 5006, }, volumes: { actual_data: '/data' }, webPort:: 5006, }, })