Homelab/docker-compose.yaml

include:
  - ./karakeep-compose.yaml
  - ./jellyfin-compose.yaml
secrets:
  JWT_SECRET:
    file: './authelia/secrets/JWT_SECRET'
  SESSION_SECRET:
    file: './authelia/secrets/SESSION_SECRET'
  STORAGE_PASSWORD:
    file: './authelia/secrets/STORAGE_PASSWORD'
  STORAGE_ENCRYPTION_KEY:
    file: './authelia/secrets/STORAGE_ENCRYPTION_KEY'
volumes:
  meilisearch:
  karakeep:
networks:
  karakeep:
    external: false
  karakeep-int:
    external: false
  ollama:
    external: false
  ollama-int:
    external: false
  jellyfin:
    external: false
  jellyfin-int:
    external: false
  auth:
    external: false
  gitea:
    external: false
  gpodder:
    external: false
  memos:
    external: false
services:
  web:
    image: "nginx"
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./nginx:/etc/nginx:ro
      - /data/site:/data/site:ro
      - /data/certbot/www/:/var/www/certbot/:ro
      # - /etc/letsencrypt:/etc/letsencrypt:ro
      - /data/certbot/conf:/etc/letsencrypt:ro
    networks:
      - karakeep
      - ollama
      - jellyfin
      - jellyfin-int
      - auth
      - gitea
      - gpodder
      - memos
    depends_on:
      - jellyfin
      - ollama-webui
      - karakeep-web
      - authelia
      - qbittorrent
      - gitea
      - gpodder
      - memos
    logging: &logging
      options:
        max-size: "50m"
      # Optional - extra fonts to be used during transcoding with subtitle burn-in
      # - type: bind
      #   source: /usr/local/share/fonts/cu
      #   target: /usr/local/share/fonts/custom
      #   read_only: true
  certbot:
    image: certbot/certbot:latest
    volumes:
      - /data/certbot/www/:/var/www/certbot/:rw
      - /data/certbot/conf/:/etc/letsencrypt/:rw
  authelia:
    image: 'docker.io/authelia/authelia:latest'
    restart: 'unless-stopped'
    secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_PASSWORD', 'STORAGE_ENCRYPTION_KEY']
    networks:
      - auth
    environment:
      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET'
      AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET'
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION_KEY'
    volumes:
      - './authelia/:/config'
    logging: *logging
  minecraft:
    image: itzg/minecraft-server:latest
    tty: true
    stdin_open: true
    restart: unless-stopped
    ports:
      - "25565:25565"
    environment:
      EULA: "TRUE"
      TYPE: "FABRIC"
      MEMORY: "2048M"
      MOTD: "Loading server..."
      LEVEL: "world"
      USE_MEOWICE_FLAGS: "true"
      DIFFICULTY: "3"
      OPS: |-
        187eca31-2e33-4199-97e0-2286bf35f7f8
      ENABLE_WHITELIST: "true"
      WHITELIST: |-
        187eca31-2e33-4199-97e0-2286bf35f7f8
      PAUSE_WHEN_EMPTY_SECONDS: "20"
      ENABLE_ROLLING_LOGS: "true"
      REMOVE_OLD_MODS: "TRUE"
    logging: *logging
    volumes:
      - "/data/minecraft/data:/data"
      - "/data/mincraft/mods:/mods"
      - "/data/mincraft/plugins:/plugins"
      - "/data/mincraft/config:/config"
  gitea:
    image: docker.gitea.com/gitea:1.24
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: unless-stopped
    networks:
      - gitea
    volumes:
      - /data/gitea/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "222:22"
    logging: *logging
  gitea-runner:
    image: docker.gitea.com/act_runner:latest
    restart: unless-stopped
    networks:
      - gitea
    environment:
      - CONFIG_FILE=/config.yaml
      - GITEA_INSTANCE_URL=https://gitea.loadingm.xyz/
      - GITEA_RUNNER_REGISTRATION_TOKEN=i04H1aJxHByflAjVneA0G5CmPl1ntQDtGDeZCBnM
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /data/gitea/runner/:/data
      - ./gitea-runner.yaml:/config.yaml
    logging: *logging
    depends_on:
      - gitea
  gpodder:
    image: gitea.loadingm.xyz/the10thwiz/gpodder-rs:latest
    restart: unless-stopped
    environment:
      - ROCKET_SECRET_KEY=${GPODDER_SECRET_KEY}
    networks:
      - gpodder
    volumes:
      - /data/gpodder:/data
    logging: *logging
  tftp:
    image: kaczmar2/tftp-server
    restart: unless-stopped
    environment:
      - ENABLE_WEB_SERVER=false
    network_mode: host
    volumes:
      - /data/tftp:/srv/tftp:ro
      - /etc/localtime:/etc/localtime:ro
    logging: *logging
  memos:
    image: neosmemo/memos:stable
    networks:
      - memos
    volumes:
      - /data/memos:/var/opt/memos
    environment:
      - MEMOS_MODE=prod
      - MEMOS_PORT=5230
    restart: unless-stopped
    logging: *logging

  # calibre:
  #   image: "linuxserver/calibre-web"
  # 5d-diplomacy-frontend:
  #   image: ""
  # 5d-diplomacy-backend:
  #   image: ""