# vim: ft=yaml # docker doesn't play well with the firewall, so i have it listen on 127.0.0.1 # and have haproxy expose it publicly (won't disrespect firewall rules) --- networks: gitea: driver: bridge navidrome: driver: bridge services: {% if "gitea" in group_names %} gitea: container_name: gitea image: gitea/gitea:latest environment: - USER=gitea - USER_UID={{ user_gitea.uid }} - USER_GID={{ user_gitea.group }} - GITEA__service__DISABLE_REGISTRATION=true - GITEA__server__DOMAIN={{ gitea_domain }} - GITEA__server__SSH_DOMAIN={{ gitea_domain }} ports: - "127.0.0.1:3000:3000" - "127.0.0.1:2498:22" restart: unless-stopped volumes: - {{ dataroot }}/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro networks: - gitea {% endif %} {% if "syncthing" in group_names %} syncthing: network_mode: host container_name: syncthing image: syncthing/syncthing environment: - PUID={{ user_syncthing.uid }} - PGID={{ user_syncthing.group }} restart: unless-stopped volumes: - {{ vault_path }}/:/vault - {{ archive_path }}/:/vault_a - {{ syncthing_conf_dir }}/:/var/syncthing/config - "{{ music_path }}:/music" - "{{ dataroot }}/paperless/consume:/paperless" {% endif %} {% if "navidrome" in group_names %} navidrome: container_name: navidrome image: ghcr.io/navidrome/navidrome:latest user: {{ user_navidrome.uid }}:{{ user_navidrome.group }} environment: ND_LISTENBRAINZ_ENABLED: true ND_ENABLESHARING: {{ navidrome_sharing | default("false", true) }} ND_SESSIONTIMEOUT: "168h" restart: unless-stopped volumes: - "{{ dataroot }}/navidrome:/data" - "{{ music_path }}/:/music:ro" networks: - navidrome ports: - "127.0.0.1:4533:4533" {% endif %} {% if "synapse" in group_names %} synapse: container_name: synapse image: matrixdotorg/synapse:latest user: {{ user_synapse.uid }}:{{ user_synapse.group }} environment: SYNAPSE_CONFIG_PATH: /data/homeserver.yaml restart: unless-stopped volumes: - "{{ dataroot }}/synapse/media_store:/data/media_store" - "{{ dataroot }}/synapse/data:/data" networks: - navidrome ports: - "127.0.0.1:8008:8008/tcp" {% endif %} {% if "paperless" in group_names %} paperless-broker: container_name: paperless-broker image: docker.io/library/redis:7 restart: unless-stopped volumes: - redisdata:/data paperless-web: container_name: paperless-web image: ghcr.io/paperless-ngx/paperless-ngx:latest restart: unless-stopped depends_on: - paperless-broker ports: - "127.0.0.1:8000:8000" healthcheck: test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] interval: 30s timeout: 10s retries: 5 volumes: - "{{ dataroot }}/paperless/data:/usr/src/paperless/data" - "{{ dataroot }}/paperless/media:/usr/src/paperless/media" - paperless-export:/usr/src/paperless/export - "{{ dataroot }}/paperless/consume:/usr/src/paperless/consume" env_file: paperless.env environment: USERMAP_UID: "{{ user_paperless.uid }}" # it gets the vault group because otherwise syncthing can't read the consume dir USERMAP_GID: "{{ user_syncthing.group }}" PAPERLESS_REDIS: redis://paperless-broker:6379 PAPERLESS_URL: "https://{{ paperless_domain }}" PAPERLESS_USE_X_FORWARD_HOST: true PAPERLESS_USE_X_FORWARD_PORT: true PAPERLESS_OCR_USER_ARGS: '{"continue_on_soft_render_error": true}' PAPERLESS_OCR_PAGES: 1 PAPERLESS_TASK_WORKERS: 2 PAPERLESS_THREADS_PER_WORKER: 2 PAPERLESS_WEBSERVER_WORKERS: 1 PAPERLESS_ENABLE_NLTK: false {% endif %} {% if "paperless" in group_names %} volumes: redisdata: paperless-export: {% endif %}