--- # Adapted from: # https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml volumes: postgres: nextcloud_src: nextcloud_data: certs: vhost.d: html: redis: jellyfin_config: jellyfin_cache: minidlna_state: minidlna_data: navidrome_cache: navidrome_data: borgmatic-cache: networks: # This is for proxied containers proxy-tier: # This is for containers which need to be host mode lan: name: lan driver: macvlan driver_opts: parent: enp3s0 # our ethernet interface ipam: config: - gateway: 192.168.0.1 subnet: 192.168.0.0/24 ip_range: 192.168.0.240/29 # addresses 240-248 (6 usable) services: postgres: build: ./postgres restart: always healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] volumes: - postgres:/var/lib/postgresql/data env_file: - postgres.env redis: restart: always image: redis:6-alpine healthcheck: test: ["CMD", "redis-cli", "ping"] volumes: - redis:/data nextcloud: image: nextcloud:31-fpm-alpine restart: always volumes: - nextcloud_src:/var/www/html - nextcloud_data:/var/www/data - minidlna_data:/var/www/ext/media - /srv:/srv links: - postgres - redis env_file: - nextcloud.env environment: - POSTGRES_HOST=postgres - REDIS_HOST=redis - POSTGRES_USER=nextcloud # healthcheck: # test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"] nextcloud_cron: image: nextcloud:31-fpm-alpine restart: always volumes: - nextcloud_src:/var/www/html - nextcloud_data:/var/www/data - minidlna_data:/var/www/ext/media - /srv:/srv entrypoint: /cron.sh depends_on: - postgres - redis web: build: ./web restart: always volumes: - nextcloud_src:/var/www/html:ro env_file: - web.env depends_on: - nextcloud - letsencrypt-companion networks: - proxy-tier - default proxy: build: ./proxy restart: always ports: - "80:80" - "443:443" labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - certs:/etc/nginx/certs:ro - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro networks: - proxy-tier letsencrypt-companion: image: jrcs/letsencrypt-nginx-proxy-companion:v1.13.1 restart: always volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro networks: - proxy-tier depends_on: - proxy env_file: - letsencrypt-companion.env navidrome: build: ./navidrome ports: - "4533:4533" volumes: - navidrome_data:/data - navidrome_cache:/cache - minidlna_data:/music networks: proxy-tier: default: group_add: # audio group ID (gid) on host system - "29" devices: - "/dev/snd:/dev/snd" depends_on: - letsencrypt-companion env_file: - navidrome.env bonob: image: simojenki/bonob:latest ports: - "4534:4534" networks: lan: # Static ip for the container on the macvlan net ipv4_address: 192.168.0.244 restart: unless-stopped environment: BNB_PORT: 4534 # ip address of your machine running bonob BNB_URL: http://192.168.0.244:4534 BNB_SONOS_AUTO_REGISTER: "true" BNB_SONOS_DEVICE_DISCOVERY: "true" BNB_SUBSONIC_URL: http://navidrome:4533 depends_on: - navidrome jellyfin: image: jellyfin/jellyfin:latest restart: always user: daemon:daemon volumes: - jellyfin_config:/config - jellyfin_cache:/cache - minidlna_data:/media networks: proxy-tier: default: lan: # Static ip for the container on the macvlan net ipv4_address: 192.168.0.241 env_file: - jellyfin.env minidlna: image: vladgh/minidlna:latest restart: always volumes: - minidlna_state:/minidlna - minidlna_data:/media:ro networks: default: lan: # Static ip for the container on the macvlan net ipv4_address: 192.168.0.242 environment: # UID/GID are assumed to both be 2000 in other containers, to allow access - UPID=2000 - UGID=2000 - MINIDLNA_INOTIFY=yes - MINIDLNA_MEDIA_DIR_1=A,/media/audio - MINIDLNA_MEDIA_DIR_2=V,/media/video - MINIDLNA_FRIENDLY_NAME=MiniDLNA@Snackpot upmpdcli: build: ./upmpdcli networks: default: lan: # Static ip for the container on the macvlan net ipv4_address: 192.168.0.243 restart: always # a dummy container to start the main services as deps # This allows the borgmatic image to be excluded when run as: # docker-compose up main-services main-services: image: alpine:latest # a small dumy image command: sh -c "sleep infinity" depends_on: - bonob - nextcloud - nextcloud_cron - web - jellyfin - minidlna - navidrome - upmpdcli borgmatic: build: ./borgmatic restart: 'no' # This container is only run when required depends_on: # These containers need to be up for dumps - postgres networks: # Networks for DB access for backups - default volumes: # Backup mount - /mnt/c/backup/nick:/mnt/borg-repository # Volumes to back up - certs:/mnt/source/certs:ro - nextcloud_data:/mnt/source/nextcloud_data:ro - vhost.d:/mnt/source/vhost.d:ro - html:/mnt/source/html:ro - jellyfin_config:/mnt/source/jellyfin_config:ro - minidlna_state:/mnt/source/minidlna_state:ro - minidlna_data:/mnt/source/minidlna_data:ro - navidrome_data:/mnt/source/navidrome_data:ro # System volumes - /etc/timezone:/etc/timezone:ro # timezone - /etc/localtime:/etc/localtime:ro # localtime - borgmatic-cache:/root/.cache/borg # non-volatile borg chunk cache # Config volumes - ./volumes/borgmatic-config:/etc/borgmatic.d/:ro # config.yaml, crontab.txt, mstmp.env - ./volumes/borg-config:/root/.config/borg/ # borg encryption keys, other config written here - ./volumes/borg-ssh-config:/root/.ssh/ # ssh keys; sshd writes knownhosts etc here environment: POSTGRES_USER: nextcloud POSTGRES_DB: nextcloud POSTGRES_HOST: postgres BORG_ARCHIVE: nick BORG_ARCHIVE_LABEL: snackpot MAIL_RELAY_HOST: mail.noodlefactory.co.uk MAIL_PORT: 25 MAIL_AUTH_METHOD: login MAIL_STARTTLS: 'on' MAIL_USER: nc.noodlefactory.co.uk MAIL_FROM: borgmatic@snackpot.noodlefactory.co.uk MAIL_TO: nick@noodlefactory.co.uk MAIL_SUBJECT: Borgmatic Backup # MAIL_PASSWORD is set via volumes/borgmatic-config/msmtp.env, created via ansible # Test SMTP auth on the server https://doc.dovecot.org/admin_manual/debugging/debugging_authentication/ env_file: - ./borgmatic.env