jamie/dao_hades
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9c3274881e1c396adfe560271f5cb10985cc3ec0
dao_hades/servers/hestia/dao/docker/backup.compose.yml
Jamie Albert 9c3274881e syncing servers
2025-12-07 17:31:31 +00:00

321 lines
11 KiB
YAML
Raw Blame History

services:
traefik:
image: traefik:v3.2
container_name: traefik
command:
- "--api.insecure=true"
- "--api.dashboard=true"
- "--api.debug=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.email=webmaster@do-bbs.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
- "--accesslog.filepath=/data/access.log"
- "--accesslog.format=json"
- --providers.file.filename=/dynamic.yml
- --providers.file.watch=true
ports:
- "80:80"
- "443:443"
- "8080:8080"
networks:
- external
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
- ./data/traefik:/data
- ./dynamic.yml:/dynamic.yml:ro
- ./data/calibre/htpasswd.list:/htpasswd.list
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
- "traefik.http.routers.traefik-dashboard.service=api@internal"
- "traefik.http.routers.traefik-dashboard.tls=true"
restart: unless-stopped
dav:
image: ckulka/baikal:nginx
container_name: baikal
environment:
MSMTPRC: |
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account default
host smtp.protonmail.ch
port 587
from mail@do-bbs.com
user mail@do-bbs.com
password ${BAIKAL_ADMIN_TOKEN}
networks:
- external
volumes:
- ./data/baikal/Specific:/var/www/baikal/Specific
- ./data/baikal/config:/var/www/baikal/config
- ./data/baikal/50-add-sharing-plugin.sh:/docker-entrypoint.d/50-add-sharing-plugin.sh
labels:
- "traefik.enable=true"
- "traefik.http.routers.baikal.entrypoints=websecure"
- "traefik.http.routers.baikal.rule=Host(`dav.do-bbs.com`)"
- "traefik.http.routers.baikal.tls=true"
- "traefik.http.routers.baikal.tls.certresolver=letsencrypt"
- "traefik.http.services.baikal.loadbalancer.server.port=80"
healthcheck:
test: ["CMD", "curl", "-f", "https://hc-ping.com/d15fee2e-17ad-42bb-a573-591f45d3532b"]
interval: 3600s
timeout: 10s
retries: 5
start_period: 30s
restart: unless-stopped
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
environment:
- SIGNUPS_ALLOWED=false
- INVITES_ALLOWED=false
# - ADMIN_TOKEN=${VAULT_ADMIN_TOKEN}
- ADMIN_TOKEN=IFdsg.ORGOTARON123nsl
- DOMAIN=https://vault.do-bbs.com
- LOG_LEVEL=warn
- LOG_FILE=/data/vaultwarden.log
- TZ=Europe/London
networks:
- external
volumes:
- ./data/vaultwarden:/data
labels:
- traefik.enable=true
- traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
- traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
- traefik.http.routers.vaultwarden-https.rule=Host(`vault.do-bbs.com`)
- traefik.http.routers.vaultwarden-https.entrypoints=websecure
- traefik.http.routers.vaultwarden-https.tls=true
- traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt
- traefik.http.routers.vaultwarden-https.service=vaultwarden
- traefik.http.routers.vaultwarden-http.rule=Host(`vault.do-bbs.com`)
- traefik.http.routers.vaultwarden-http.entrypoints=web
- traefik.http.routers.vaultwarden-http.middlewares=redirect-https
- traefik.http.routers.vaultwarden-http.service=vaultwarden
- traefik.http.services.vaultwarden.loadbalancer.server.port=80
healthcheck:
test: ["CMD", "curl", "-f", "https://hc-ping.com/8d7c299a-9594-4f5b-bc1f-9d916ef530e6"]
interval: 3600s
timeout: 10s
retries: 5
start_period: 30s
restart: unless-stopped
vaultwarden_backup:
image: ttionya/vaultwarden-backup:latest
container_name: vaultwarden-backup
restart: always
environment:
RCLONE_REMOTE_DIR: '/system/backups/vaultwarden/'
PING_URL_WHEN_SUCCESS: 'https://hc-ping.com/c03ac1a9-076a-415b-a378-bca245118672'
labels:
- traefik.enable=false
volumes:
- ./data/vaultwarden:/bitwarden/data/
- vaultwarden-rclone-data:/config/
immich_server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
volumes:
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
env_file:
.env
environment:
- REDIS_HOSTNAME=immich_redis
- DB_HOSTNAME=immich_database
networks:
- external
- internal
labels:
- "traefik.enable=true"
- "traefik.docker.network=external"
- "traefik.http.routers.immich.rule=Host(`photos.do-bbs.com`)"
- "traefik.http.routers.immich.entrypoints=websecure"
- "traefik.http.services.immich.loadbalancer.server.port=2283"
- "traefik.http.routers.immich.tls=true"
- "traefik.http.routers.immich.tls.certresolver=letsencrypt"
depends_on:
- immich_redis
- immich_database
healthcheck:
test: ["CMD", "curl", "-f", "https://hc-ping.com/583d761e-8899-4b15-be2c-d0a11f6c3f6a"]
interval: 3600s
timeout: 10s
retries: 5
start_period: 30s
restart: always
immich_machine_learning:
container_name: immich-machine-learning
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
volumes:
- model-cache:/cache
env_file:
- .env
networks:
- internal
restart: always
immich_redis:
container_name: immich_redis
image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
healthcheck:
test: redis-cli ping || exit 1
networks:
- internal
restart: always
immich_database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
networks:
- internal
restart: always
obsidian_db:
image: couchdb:latest
container_name: couchdb-ols
env_file:
.env
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.couchdb.rule=Host(`couchdb.do-bbs.com`)"
- "traefik.http.routers.couchdb.entrypoints=websecure"
- "traefik.http.services.couchdb.loadbalancer.server.port=5984"
- "traefik.http.routers.couchdb.tls=true"
- "traefik.http.routers.couchdb.tls.certresolver=letsencrypt"
- "traefik.http.routers.couchdb.middlewares=obsidiancors"
- "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowmethods=GET,PUT,POST,HEAD,DELETE"
- "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowheaders=accept,authorization,content-type,origin,referer"
- "traefik.http.middlewares.obsidiancors.headers.accesscontrolalloworiginlist=app://obsidian.md,capacitor://localhost,http://localhost"
- "traefik.http.middlewares.obsidiancors.headers.accesscontrolmaxage=3600"
- "traefik.http.middlewares.obsidiancors.headers.addvaryheader=true"
- "traefik.http.middlewares.obsidiancors.headers.accessControlAllowCredentials=true"
environment:
- COUCHDB_USER=${COUCHDB_USER}
- COUCHDB_PASSWORD=${COUCHDB_PASSWORD}
volumes:
- ./data/couchdb/couchdb-data:/opt/couchdb/data
- ./data/couchdb/couchdb-etc:/opt/couchdb/etc/local.d
networks:
- external
healthcheck:
test: ["CMD", "curl", "-f", "https://hc-ping.com/abbaa192-dadc-4241-b1a5-b2e4dbb50735"]
interval: 3600s
timeout: 10s
retries: 5
start_period: 30s
restart: always
calibre_web:
image: crocodilestick/calibre-web-automated:dev
container_name: calibre-web-automated
env_file:
- .env
environment:
- PUID=33
- PGID=33
- TZ=UTC
- HARDCOVER_TOKEN=${HARD_API}
- NETWORK_SHARE_MODE=true
- CWA_PORT_OVERRIDE=8083
- DOCKER_MODS=lscr.io/linuxserver/mods:universal-calibre-v8.7.0
volumes:
- ./data/calibre-web/data:/config
- ./data/calibre-web/meta:/calibre-library
- /mnt/athena/books/library:/calibre-library/athena
- ./data/calibre-web/ingest:/cwa-book-ingest
- ./data/calibre-web/plugins:/config/.config/calibre/plugins
labels:
- "traefik.enable=true"
- "traefik.docker.network=external"
- "traefik.http.routers.cwa.rule=Host(`cwa.do-bbs.com`)"
- "traefik.http.routers.cwa.entrypoints=websecure"
- "traefik.http.services.cwa.loadbalancer.server.port=8083"
- "traefik.http.routers.cwa.tls=true"
- "traefik.http.routers.cwa.tls.certresolver=letsencrypt"
networks:
- external
healthcheck:
test: ["CMD", "curl", "-f", "https://hc-ping.com/313b09fb-f4c6-4fe8-b3d8-47929974c247"]
interval: 3600s
timeout: 10s
retries: 5
start_period: 30s
restart: unless-stopped
calibre_web_downloader:
image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest
container_name: calibre-web-automated-book-downloader
env_file:
.env
environment:
FLASK_PORT: 8084
FLASK_DEBUG: false
LOG_LEVEL: info
BOOK_LANGUAGE: en
USE_BOOK_TITLE: true
TZ: UTC
APP_ENV: prod
UID: 33
GID: 33
CWA_DB_PATH: /auth/app.db
INGEST_DIR: /cwa-book-ingest
MAX_CONCURRENT_DOWNLOADS: 3
DOWNLOAD_PROGRESS_UPDATE_INTERVAL: 5
AA_DONATOR_KEY: ${AA_KEY}
USE_CF_BYPASS: false
labels:
- "traefik.enable=true"
- "traefik.docker.network=external"
- "traefik.http.routers.cwabd.rule=Host(`cwabd.do-bbs.com`)"
- "traefik.http.routers.cwabd.entrypoints=websecure"
- "traefik.http.services.cwabd.loadbalancer.server.port=8084"
- "traefik.http.routers.cwabd.tls=true"
- "traefik.http.routers.cwabd.tls.certresolver=letsencrypt"
volumes:
- ./data/calibre-web/ingest:/cwa-book-ingest
- ./data/calibre-web/data/app.db:/auth/app.db:ro
networks:
- external
- internal
restart: unless-stopped
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:latest
networks:
- internal
volumes:
model-cache:
vaultwarden-rclone-data:
external: true
name: vaultwarden-rclone-data
networks:
external:
name: external
internal:
name: internal
Reference in New Issue View Git Blame Copy Permalink