enstrayed/misc-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add and update stuff

Browse Source
This commit is contained in:
Enstrayed
2026-05-22 02:22:23 -07:00
parent 6bcadb4138
commit bc6ed1ae49
12 changed files with 703 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
beszel/docker-compose.yml
+18
View File
@@ -0,0 +1,18 @@
---
services:
beszel:
image: henrygd/beszel
container_name: beszel
restart: unless-stopped
volumes:
- data:/beszel_data
networks:
- caddy
volumes:
data:
networks:
caddy:
name: "caddy"
external: true
beszel/readme.md
+2
View File
@@ -0,0 +1,2 @@
* SMART monitoring requires some bullshit to get working, see service file for example and follow https://beszel.dev/guide/smart-data#troubleshooting
* You can bind the agents listening port to tailscale with the LISTEN variable, see service file
beszel/with-smart.service
+27
View File
@@ -0,0 +1,27 @@
[Unit]
Description=Beszel Agent Service
After=network.target
[Service]
Environment="LISTEN=100.70.0.2:45876"
Environment="KEY="
Environment="TOKEN="
Environment="HUB_URL="
Environment="SMART_DEVICES=/dev/sda:sat,/dev/sdb:sat,/dev/sdc:sat,/dev/sdd:sat,/dev/sde:sat,/dev/sdf:sat,/dev/sdg:sat,/dev/sdh:sat"
ExecStart=/opt/beszel-agent/beszel-agent
User=beszel
Restart=always
RestartSec=5
DeviceAllow=/dev/sda r
DeviceAllow=/dev/sdb r
DeviceAllow=/dev/sdc r
DeviceAllow=/dev/sdd r
DeviceAllow=/dev/sde r
DeviceAllow=/dev/sdf r
DeviceAllow=/dev/sdg r
DeviceAllow=/dev/sdh r
[Install]
WantedBy=multi-user.target
jellyfin/docker-compose.yml
+2 -9
View File
@@ -5,23 +5,16 @@ services:
container_name: jellyfin
user: 1000:1000
group_add:
- "993"
- "993" # For hw accelerated transcoding
volumes:
- config:/config
- cache:/cache
- /srv/media:/media
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
- /dev/dri/renderD128:/dev/dri/renderD128 # for hw accelerated transcoding
ports:
- 8096:8096
networks:
- caddy
volumes:
config:
cache:
networks:
caddy:
name: caddy
external: true
nextcloud-and-onlyoffice/nextcloud.yml
+391
View File
@@ -0,0 +1,391 @@
services:
nextcloud-aio-apache:
depends_on:
nextcloud-aio-notify-push:
condition: service_started
required: false
nextcloud-aio-nextcloud:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-apache:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
ports:
- 100.70.0.2:41443:41443
# - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
# - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp
environment:
- NC_DOMAIN
- NEXTCLOUD_HOST=nextcloud-nextcloud
- APACHE_HOST=nextcloud-apache
- COLLABORA_HOST=nextcloud-collabora
- TALK_HOST=nextcloud-talk
- APACHE_PORT
- ONLYOFFICE_HOST=onlyoffice-documentserver
- TZ=${TIMEZONE}
- APACHE_MAX_SIZE
- APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- NOTIFY_PUSH_HOST=nextcloud-notifypush
- WHITEBOARD_HOST=nextcloud-whiteboard
- HARP_HOST=nextcloud-harp
- AIO_LOG_LEVEL # added 2026-05-15
volumes:
- nextcloud_aio_nextcloud:/var/www/html:ro
- nextcloud_aio_apache:/mnt/data:rw
restart: unless-stopped
read_only: true
tmpfs:
- /var/log/supervisord
- /var/run/supervisord
- /usr/local/apache2/logs
- /tmp
- /home/www-data
cap_drop:
- NET_RAW
networks:
- nextcloud
container_name: nextcloud-apache
# nextcloud-aio-database:
# image: ghcr.io/nextcloud-releases/aio-postgresql:latest
# user: "999"
# init: true
# healthcheck:
# start_period: 0s
# test: /healthcheck.sh
# interval: 30s
# timeout: 30s
# start_interval: 5s
# retries: 3
# expose:
# - "5432"
# volumes:
# - nextcloud_aio_database:/var/lib/postgresql/data:rw
# - nextcloud_aio_database_dump:/mnt/data:rw
# environment:
# - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
# - POSTGRES_DB=nextcloud_database
# - POSTGRES_USER=nextcloud
# - TZ=${TIMEZONE}
# - PGTZ=${TIMEZONE}
# stop_grace_period: 1800s
# restart: unless-stopped
# shm_size: 268435456
# read_only: true
# tmpfs:
# - /var/run/postgresql
# cap_drop:
# - NET_RAW
nextcloud-aio-nextcloud:
depends_on:
# nextcloud-aio-database:
# condition: service_started
# required: false
nextcloud-aio-redis:
condition: service_started
required: false
nextcloud-aio-fulltextsearch:
condition: service_started
required: false
nextcloud-aio-imaginary:
condition: service_started
required: false
image: ghcr.io/nextcloud-releases/aio-nextcloud:latest
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
- "9001"
volumes:
- nextcloud_aio_nextcloud:/var/www/html:rw
- ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
# - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
- /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro #modified
environment:
- NEXTCLOUD_HOST=nextcloud-nextcloud
- POSTGRES_HOST=postgres # modified
- POSTGRES_PORT=5432
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_DB=nextcloud # modified
- POSTGRES_USER=nextcloud
- REDIS_HOST=nextcloud-redis
- REDIS_PORT=6379
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- APACHE_HOST=nextcloud-apache
- APACHE_PORT
- NC_DOMAIN
- ADMIN_USER=admin
- ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
- NEXTCLOUD_DATA_DIR=/mnt/ncdata
- OVERWRITEHOST=${NC_DOMAIN}
- OVERWRITEPROTOCOL=https
- TURN_SECRET
- SIGNALING_SECRET
- ONLYOFFICE_SECRET
- NEXTCLOUD_MOUNT
- CLAMAV_ENABLED
- CLAMAV_HOST=nextcloud-aio-clamav
- ONLYOFFICE_ENABLED
- COLLABORA_ENABLED
- COLLABORA_HOST=nextcloud-aio-collabora
- TALK_ENABLED
- ONLYOFFICE_HOST=onlyoffice-documentserver
- UPDATE_NEXTCLOUD_APPS
- TZ=${TIMEZONE}
- TALK_PORT
- IMAGINARY_ENABLED
- IMAGINARY_HOST=nextcloud-imaginary
- PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
- PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
- FULLTEXTSEARCH_ENABLED
- FULLTEXTSEARCH_HOST=nextcloud-fulltextsearch
- FULLTEXTSEARCH_PROTOCOL=http
- FULLTEXTSEARCH_PORT=9200
- FULLTEXTSEARCH_USER=elastic
- FULLTEXTSEARCH_INDEX=nextcloud-aio
- PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
- STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
- ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
- ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
- INSTALL_LATEST_MAJOR
- TALK_RECORDING_ENABLED
- RECORDING_SECRET
- TALK_RECORDING_HOST=nextcloud-aio-talk-recording
- FULLTEXTSEARCH_PASSWORD
- REMOVE_DISABLED_APPS
- IMAGINARY_SECRET
- WHITEBOARD_SECRET
- WHITEBOARD_ENABLED
- AIO_LOG_LEVEL # added 2026-05-15
stop_grace_period: 600s
restart: unless-stopped
cap_drop:
- NET_RAW
networks:
- nextcloud
- postgres
container_name: nextcloud-nextcloud
nextcloud-aio-notify-push:
image: ghcr.io/nextcloud-releases/aio-notify-push:latest
user: "33"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "7867"
volumes:
- nextcloud_aio_nextcloud:/var/www/html:ro
environment:
- NEXTCLOUD_HOST=nextcloud-nextcloud
- POSTGRES_HOST=postgres
- REDIS_HOST=nextcloud-redis
- TZ=${TIMEZONE}
- AIO_LOG_LEVEL # added 2026-05-15
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
networks:
- nextcloud
- postgres
container_name: nextcloud-notifypush
nextcloud-aio-redis:
image: ghcr.io/nextcloud-releases/aio-redis:latest
user: "999"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "6379"
environment:
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- TZ=${TIMEZONE}
- AIO_LOG_LEVEL # added 2026-05-15
volumes:
- nextcloud_aio_redis:/data:rw
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
networks:
- nextcloud
container_name: nextcloud-redis
# nextcloud-aio-onlyoffice:
# image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest
# init: true
# healthcheck:
# start_period: 60s
# test: /healthcheck.sh
# interval: 30s
# timeout: 30s
# start_interval: 5s
# retries: 9
# expose:
# - "80"
# environment:
# - TZ=${TIMEZONE}
# - JWT_ENABLED=true
# - JWT_HEADER=AuthorizationJwt
# - JWT_SECRET=${ONLYOFFICE_SECRET}
# volumes:
# - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
# restart: unless-stopped
# # profiles:
# # - onlyoffice
# cap_drop:
# - NET_RAW
# networks:
# - nextcloud
# container_name: nextcloud-onlyoffice
nextcloud-aio-imaginary:
image: ghcr.io/nextcloud-releases/aio-imaginary:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "9000"
environment:
- TZ=${TIMEZONE}
- IMAGINARY_SECRET
- AIO_LOG_LEVEL # added 2026-05-15
restart: unless-stopped
cap_add:
- SYS_NICE
cap_drop:
- NET_RAW
# profiles:
# - imaginary
read_only: true
tmpfs:
- /tmp
networks:
- nextcloud
container_name: nextcloud-imaginary
nextcloud-aio-fulltextsearch:
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest
init: false
healthcheck:
start_period: 60s
test: /healthcheck.sh
interval: 10s
timeout: 5s
start_interval: 5s
retries: 5
expose:
- "9200"
environment:
- TZ=${TIMEZONE}
- ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
- bootstrap.memory_lock=false
- cluster.name=nextcloud-aio
- discovery.type=single-node
- logger.level=WARN
- http.port=9200
- xpack.license.self_generated.type=basic
- xpack.security.enabled=false
- FULLTEXTSEARCH_PASSWORD
- AIO_LOG_LEVEL # added 2026-05-15
volumes:
- nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
restart: unless-stopped
# profiles:
# - fulltextsearch
cap_drop:
- NET_RAW
networks:
- nextcloud
container_name: nextcloud-fulltextsearch
nextcloud-aio-whiteboard:
image: ghcr.io/nextcloud-releases/aio-whiteboard:latest
user: "65534"
init: true
healthcheck:
start_period: 0s
test: /healthcheck.sh
interval: 30s
timeout: 30s
start_interval: 5s
retries: 3
expose:
- "3002"
tmpfs:
- /tmp
environment:
- TZ=${TIMEZONE}
- NEXTCLOUD_URL=https://${NC_DOMAIN}
- JWT_SECRET_KEY=${WHITEBOARD_SECRET}
- STORAGE_STRATEGY=redis
- REDIS_HOST=nextcloud-redis
- REDIS_PORT=6379
- REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
- BACKUP_DIR=/tmp
- AIO_LOG_LEVEL # added 2026-05-15
restart: unless-stopped
read_only: true
cap_drop:
- NET_RAW
networks:
- nextcloud
container_name: nextcloud-whiteboard
volumes:
nextcloud_aio_apache:
name: nextcloud_aio_apache
# nextcloud_aio_database:
# name: nextcloud_aio_database
# nextcloud_aio_database_dump:
# name: nextcloud_aio_database_dump
nextcloud_aio_elasticsearch:
name: nextcloud_aio_elasticsearch
nextcloud_aio_nextcloud:
name: nextcloud_aio_nextcloud
# nextcloud_aio_onlyoffice:
# name: nextcloud_aio_onlyoffice
nextcloud_aio_redis:
name: nextcloud_aio_redis
nextcloud_aio_nextcloud_data:
name: nextcloud_aio_nextcloud_data
networks:
nextcloud:
name: "nextcloud"
postgres:
name: "postgres"
external: true
nextcloud-and-onlyoffice/onlyoffice.yml
+87
View File
@@ -0,0 +1,87 @@
services:
onlyoffice-documentserver:
# build:
# context: .
image: onlyoffice/documentserver #[-de,-ee]
container_name: onlyoffice-documentserver
depends_on:
# - onlyoffice-postgresql
- onlyoffice-rabbitmq
environment:
- DB_TYPE=postgres
- DB_HOST=postgres
- DB_PORT=5432
- DB_NAME=onlyoffice
- DB_USER=onlyoffice
- DB_PWD= # database password here (maybe use an env file?)
- AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
# Uncomment strings below to enable the JSON Web Token validation.
- JWT_ENABLED=true
- JWT_SECRET= # random sufficiently long string here, save it for later you'll need to give this to nextcloud
- JWT_HEADER=Authorization
- JWT_IN_BODY=true
# ports:
# - '80:80'
# - '443:443'
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"]
interval: 30s
retries: 5
start_period: 60s
timeout: 10s
stdin_open: true
restart: unless-stopped
stop_grace_period: 60s
volumes:
- ./certs:/var/www/onlyoffice/Data
- onlyoffice_log:/var/log/onlyoffice
- onlyoffice_cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
networks:
- nextcloud
- postgres
onlyoffice-rabbitmq:
container_name: onlyoffice-rabbitmq
image: rabbitmq:3
restart: unless-stopped
# expose:
# - '5672'
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "status"]
interval: 10s
retries: 3
start_period: 10s
timeout: 10s
networks:
- nextcloud
# onlyoffice-postgresql:
# container_name: onlyoffice-postgresql
# image: postgres:15
# environment:
# - POSTGRES_DB=onlyoffice
# - POSTGRES_USER=onlyoffice
# - POSTGRES_HOST_AUTH_METHOD=trust
# restart: always
# expose:
# - '5432'
# volumes:
# - postgresql_data:/var/lib/postgresql
# healthcheck:
# test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
# interval: 10s
# retries: 3
# start_period: 10s
# timeout: 10s
volumes:
onlyoffice_log:
onlyoffice_cache:
networks:
nextcloud:
name: "nextcloud"
external: true
postgres:
name: "postgres"
external: true
nextcloud-and-onlyoffice/readme.md
+13
View File
@@ -0,0 +1,13 @@
# this is a clusterfuck and I do not recommend using this
The only reason I did this was because I was annoyed by the Nextcloud AIO interface, but it is a *bitch* to maintain this because they make breaking changes upstream that you need to investigate later when it blows up
This is also pretty hacked together and the onlyoffice compose relies on the nextcloud compose to be up and running first. yes nextcloud has the onlyoffice container in the upstream compose but it didn't work for me, hence this nonsense
**this also depends on an already running postgres container; nextcloud ignores the POSTGRES_USER variable and expects to logon to the database as `oc_nextcloud`**
onlyoffice settings in nextcloud:
* onlyoffice docs address: URL as the *user* accesses it, e.g. cloud.meow.tld
* secret key: the JWT_SECRET variable as set in onlyoffice.yml line 20
* authorization header: leave blank for default
* **onlyoffice address for internal requests**: http://onlyoffice-documentserver/
* **server address for internal requests**: http://nextcloud-apache:41443/
qbittorrent-gluetun/docker-compose.yml
+37
View File
@@ -0,0 +1,37 @@
---
services:
gluetun:
image: qmcgaw/gluetun
restart: unless-stopped
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
environment:
- TZ=America/Vancouver
- VPN_TYPE=wireguard
- VPN_SERVICE_PROVIDER=mullvad
- SERVER_HOSTNAMES= # Mullvad server id, eg us-sea-wg-001, from https://mullvad.net/en/servers
- WIREGUARD_PRIVATE_KEY= # Download a wireguard configuration file from mullvads website and copy the private key here
- WIREGUARD_ADDRESSES= # and the address here
- DNS_ADDRESS=1.1.1.1
- DNS_UPSTREAM_RESOLVER_TYPE=doh
- BLOCK_MALICIOUS=off
ports:
- 15000:15000 # All traffic to qbittorrent goes through gluetun; set qbits WEBUI_PORT here and on line 30; see https://github.com/qdm12/gluetun-wiki/blob/main/setup/port-mapping.md
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=America/Vancouver
- WEBUI_PORT=15000 # This needs to match the port mapping on line 21
volumes:
- config:/config
- /srv/bittorrent/:/downloads # Downloads folder from host shared between qbit and servarr containers; set UID/GID on line 27 & 28 to match the owner/group on host
network_mode: "service:gluetun"
volumes:
config:
servarr/docker-compose.yml
+7 -18
View File
@@ -13,10 +13,9 @@ services:
- radarr_config:/config
- /srv/media/movies:/movies
- /srv/bittorrent/:/downloads
networks:
- servarr
- caddy
ports:
- "100.70.0.2:7878:7878"
sonarr:
image: linuxserver/sonarr
restart: unless-stopped
@@ -29,9 +28,8 @@ services:
- sonarr_config:/config
- /srv/media/tv:/tv
- /srv/bittorrent/:/downloads
networks:
- servarr
- caddy
ports:
- "100.70.0.2:8989:8989"
prowlarr:
image: linuxserver/prowlarr
@@ -39,9 +37,8 @@ services:
container_name: servarr-prowlarr
volumes:
- prowlarr_config:/config
networks:
- servarr
- caddy
ports:
- "100.70.0.2:9696:9696"
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr
@@ -49,8 +46,6 @@ services:
container_name: servarr-flaresolverr
environment:
- LOG_LEVEL=info
networks:
- servarr
volumes:
sonarr_config:
@@ -62,9 +57,3 @@ volumes:
prowlarr_config:
external: true
name: servarr_prowlarr_config
networks:
servarr:
caddy:
name: caddy
external: true
stalwart/docker-compose.yml
+84
View File
@@ -0,0 +1,84 @@
---
services:
stalwart:
image: stalwartlabs/stalwart:latest
container_name: stalwart
restart: unless-stopped
depends_on:
- postgres
volumes:
- ./stalwart-etc:/etc/stalwart
- stalwart-var:/var/lib/stalwart
ports:
- 25:25
- 465:465
# - 443:443
- 993:993
- 100.70.0.4:8080:8080
networks:
- caddy
- postgres
# environment:
# - STALWART_RECOVERY_MODE=true
# - STALWART_RECOVERY_ADMIN=admin:bruhmoment
postgres:
image: postgres:18-alpine
container_name: postgres
restart: unless-stopped
shm_size: 256mb
volumes:
- ./postgres-data:/var/lib/postgresql
environment:
- POSTGRES_USER=stalwart
- POSTGRES_DB=stalwart
- POSTGRES_PASSWORD
networks:
- postgres
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
volumes:
- caddy-data:/data
- caddy-config:/config
- ./Caddyfile:/etc/caddy/Caddyfile
ports:
- 80:80
- 443:443
- 443:443/udp
networks:
- caddy
bulwark:
image: ghcr.io/bulwarkmail/webmail:latest
container_name: bulwark
restart: unless-stopped
# ports:
# - 3000:3000
volumes:
- ./bulwark-settings:/app/data/settings
environment:
- JMAP_SERVER_URL=https://postoffice.enstrayed.com
- STALWART_FEATURES=true
- OAUTH_ENABLED=true
- OAUTH_ONLY=true
- OAUTH_CLIENT_ID=stalwart-webui
- OAUTH_ISSUER_URL
- SESSION_SECRET
- SETTINGS_SYNC_ENABLED=true
networks:
- caddy
networks:
caddy:
name: "caddy"
postgres:
name: "postgres"
volumes:
caddy-data:
caddy-config:
stalwart-var:
vaultwarden/docker-compose.yml
+23
View File
@@ -0,0 +1,23 @@
---
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
env_file: .env
volumes:
- data:/data/
networks:
- caddy
- postgres
volumes:
data:
networks:
caddy:
external: true
name: "caddy"
postgres:
external: true
name: "postgres"
vaultwarden/env.example
+12
View File
@@ -0,0 +1,12 @@
ADMIN_TOKEN=''
DOMAIN=''
DATABASE_URL='postgresql://vaultwarden:nowaybuddy@postgres:5432/vaultwarden'
SSO_ENABLED='true'
SSO_AUTHORITY=''
SSO_SCOPES='email profile offline_access'
SSO_CLIENT_ID=''
SSO_CLIENT_SECRET=''
SSO_ONLY='true'
SSO_SIGNUPS_MATCH_EMAIL='false'
SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION='true'