homeserver-iac/roles/containers/templates/docker-compose.yml.j2

140 lines
3.9 KiB
Plaintext
Raw Normal View History

# vim: ft=yaml
# docker doesn't play well with the firewall, so i have it listen on 127.0.0.1
# and have haproxy expose it publicly (won't disrespect firewall rules)
---
networks:
gitea:
driver: bridge
2023-09-04 18:27:08 -04:00
navidrome:
driver: bridge
services:
{% if "gitea" in group_names %}
gitea:
container_name: gitea
image: gitea/gitea:latest
environment:
- USER=gitea
2023-09-02 18:20:46 -04:00
- USER_UID={{ user_gitea.uid }}
- USER_GID={{ user_gitea.group }}
- GITEA__service__DISABLE_REGISTRATION=true
- GITEA__server__DOMAIN={{ gitea_domain }}
- GITEA__server__SSH_DOMAIN={{ gitea_domain }}
ports:
- "127.0.0.1:3000:3000"
- "127.0.0.1:2498:22"
restart: unless-stopped
volumes:
- {{ dataroot }}/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- gitea
{% endif %}
{% if "syncthing" in group_names %}
syncthing:
network_mode: host
container_name: syncthing
image: syncthing/syncthing
environment:
- PUID={{ user_syncthing.uid }}
- PGID={{ user_syncthing.group }}
restart: unless-stopped
volumes:
- {{ vault_path }}/:/vault
- {{ archive_path }}/:/vault_a
- {{ syncthing_conf_dir }}/:/var/syncthing/config
- "{{ music_path }}:/music"
2023-12-09 21:36:36 -05:00
- "{{ dataroot }}/paperless/consume:/paperless"
{% endif %}
2023-09-04 18:27:08 -04:00
{% if "navidrome" in group_names %}
navidrome:
container_name: navidrome
2023-12-09 15:17:31 -05:00
image: ghcr.io/navidrome/navidrome:latest
2023-09-04 18:27:08 -04:00
user: {{ user_navidrome.uid }}:{{ user_navidrome.group }}
environment:
ND_LISTENBRAINZ_ENABLED: true
2024-03-10 21:22:29 -04:00
ND_ENABLESHARING: {{ navidrome_sharing | default("false", true) }}
2023-09-04 18:27:08 -04:00
restart: unless-stopped
volumes:
- "{{ dataroot }}/navidrome:/data"
- "{{ music_path }}/:/music:ro"
networks:
- navidrome
ports:
- "127.0.0.1:4533:4533"
2023-09-04 18:27:08 -04:00
{% endif %}
2023-09-07 21:47:16 -04:00
{% if "synapse" in group_names %}
synapse:
container_name: synapse
image: matrixdotorg/synapse:latest
user: {{ user_synapse.uid }}:{{ user_synapse.group }}
environment:
2023-09-09 09:05:05 -04:00
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
2023-09-07 21:47:16 -04:00
restart: unless-stopped
volumes:
2023-09-09 09:05:05 -04:00
- "{{ dataroot }}/synapse/media_store:/data/media_store"
2023-09-07 21:47:16 -04:00
- "{{ dataroot }}/synapse/data:/data"
networks:
- navidrome
ports:
- "127.0.0.1:8008:8008/tcp"
2023-09-07 21:47:16 -04:00
{% endif %}
2023-12-09 21:36:36 -05:00
{% if "paperless" in group_names %}
paperless-broker:
container_name: paperless-broker
image: docker.io/library/redis:7
restart: unless-stopped
volumes:
- redisdata:/data
paperless-web:
container_name: paperless-web
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- paperless-broker
ports:
- "127.0.0.1:8000:8000"
2023-12-09 21:36:36 -05:00
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- "{{ dataroot }}/paperless/data:/usr/src/paperless/data"
- "{{ dataroot }}/paperless/media:/usr/src/paperless/media"
- paperless-export:/usr/src/paperless/export
- "{{ dataroot }}/paperless/consume:/usr/src/paperless/consume"
env_file: paperless.env
environment:
USERMAP_UID: "{{ user_paperless.uid }}"
# it gets the vault group because otherwise syncthing can't read the consume dir
USERMAP_GID: "{{ user_syncthing.group }}"
PAPERLESS_REDIS: redis://paperless-broker:6379
PAPERLESS_URL: "https://{{ paperless_domain }}"
PAPERLESS_USE_X_FORWARD_HOST: true
PAPERLESS_USE_X_FORWARD_PORT: true
2024-01-02 21:03:31 -05:00
PAPERLESS_OCR_USER_ARGS: '{"continue_on_soft_render_error": true}'
2023-12-09 21:36:36 -05:00
PAPERLESS_OCR_PAGES: 1
PAPERLESS_TASK_WORKERS: 2
PAPERLESS_THREADS_PER_WORKER: 2
PAPERLESS_WEBSERVER_WORKERS: 1
PAPERLESS_ENABLE_NLTK: false
{% endif %}
{% if "paperless" in group_names %}
volumes:
redisdata:
paperless-export:
{% endif %}