qbittorrent config

.gitignore

@@ -9,84 +9,16 @@
 .idea/
 .ipynb_checkpoints/
 .ruff_cache/
+beszel/
 log/
 logs/
-authentik/database/PG_VERSION
+dagster/
-authentik/database/base/
+gitea/
-authentik/database/global/
-authentik/database/pg_*/
-authentik/redis/
-bazarr/backup/
-bazarr/config/analytics_visitor_id.txt
-bazarr/config/announcements.json
-bazarr/config/releases.txt
-borgmatic/borg/
-caddy/data/
-collectd/var/
-dagster/storage/
-dns-ad-blocker/dnscrypt-proxy.toml
-dns-ad-blocker/dnsmasq.hosts
-droppy/db.json
-dsmr/data/PG_VERSION
-dsmr/data/base/
-dsmr/data/core
-dsmr/data/global/
-dsmr/data/pg_*/
-esphome/.esphome/
-esphome/secrets.yaml
-esphome/tuya
-facette/var/
 grafana/
 gw2pvo/
-homarr/data/
-homarr/icons/
-homeassistant/.HA_VERSION
-homeassistant/.storage/
-homeassistant/blueprints/
-homeassistant/components/
-homeassistant/core
-homeassistant/custom_components/
-homeassistant/home-assistant-3*.json
-homeassistant/home-assistant.log.*
-homeassistant/secrets.yaml
-homeassistant/tts/
 jackett/
 jellyfin/
 jellyseerr/
-openvpn-server/crl.pem
+minio/
-openvpn-server/pki/
-openvpn-server/shuttle.ovpn
 pgadmin/
-photoprism/**/.*
+
-photoprism/albums/
-photoprism/backup/
-photoprism/config/hub.yml
-photoprism/serial
-photoprism/sidecar/
-postgis/PG_VERSION
-postgis/base/
-postgis/core
-postgis/global/
-postgis/pg_*/
-qbittorrent/qBittorrent/GeoDB/
-qbittorrent/qBittorrent/lockfile
-qbittorrent/qBittorrent/rss/
-qbittorrent/qBittorrent/qBittorrent-data.conf
-radarr/Backups/
-radarr/MediaCover/
-radarr/Sentry/
-radarr/asp/
-radarr/xdg/
-rsnapshot/default.conf
-rsnapshot/rsnapshot.conf
-seafile/database/
-seafile/server/
-sonarr/Backups/
-sonarr/MediaCover/
-sonarr/Sentry/
-sonarr/asp/
-sonarr/xdg/
-transmission/settings.json
-transmission/stats.json
-transmission/etc/transmission/stats.json
-transmission/resume/

.yamllint

@@ -0,0 +1,32 @@
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+rules:
+  anchors: enable
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start: disable
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning

authentik/.gitignore

@@ -0,0 +1,6 @@
+database/PG_VERSION
+database/base
+database/global
+database/pg_*
+database/core
+redis

bazarr/.gitignore

@@ -0,0 +1,5 @@
+backup
+config/analytics_visitor_id.txt
+config/announcements.json
+config/releases.txt
+cache

borgmatic/.gitignore

@@ -0,0 +1 @@
+borg

borgmatic/Dockerfile

@@ -0,0 +1,4 @@
+FROM b3vis/borgmatic:2.0.7
+
+RUN apk update && apk add --no-cache jq mosquitto-clients
+

borgmatic/config/bram.yaml

@@ -1,38 +1,53 @@
-location:
+source_directories:
-    source_directories:
     - /remote/server/bram
-    repositories:
-        - /repo/bram
 
-storage:
+repositories:
-    encryption_passcommand: cat /keys/bram.key
+    - path: /repo/bram
-    compression: lz4
-    archive_name_format: '{now:%Y-%m-%d}'
 
-retention:
+encryption_passcommand: cat /keys/bram.key
-    keep_daily: 7
-    keep_weekly: 4
-    keep_monthly: 6
-    prefix: '20'
 
-consistency:
+umask: 22
-    checks:
-        - repository
-        - archives
-    check_last: 3
-    prefix: '20'
 
-hooks:
+compression: lz4
-    before_backup:
+archive_name_format: '{now:%Y-%m-%d}'
-        - echo -e "\n\n"
+unknown_unencrypted_repo_access_is_ok: true
-        - echo "#"
+relocated_repo_access_is_ok: true
-        - echo "# `date` - Starting a backup job."
+
-        - echo "#"
+keep_daily: 7
-    after_backup:
+keep_weekly: 4
-        - echo "#"
+keep_monthly: 6
-        - echo "# `date` - Backup created."
+
-        - echo "#"
+checks:
-    on_error:
+    - name: repository
-        - echo "#"
+    - name: archives
-        - echo "# `date` - Error while creating a backup."
+check_last: 3
-        - echo "#"
+
+commands:
+  - before: action
+    when:
+      - create
+    run:
+      - |
+        set -euo pipefail
+        REMOTE=/remote/server/bram
+        echo "Mounting $REMOTE..."
+        mkdir -p "$REMOTE"
+        sshfs user@bram.veenboer.xyz:/media/helios/Bram "$REMOTE"
+
+  - after: action
+    when:
+      - create
+    run:
+      - |
+        set -eu
+        REMOTE=/remote/server/bram
+        echo "Unmounting $REMOTE..."
+        if mountpoint -q "$REMOTE"; then
+          if command -v fusermount >/dev/null 2>&1; then
+            fusermount -u "$REMOTE"
+          else
+            umount "$REMOTE"
+          fi
+        else
+          echo "$REMOTE is not a mountpoint, nothing to unmount."
+        fi

borgmatic/config/config.yaml.default

@@ -1,170 +0,0 @@
-# Where to look for files to backup, and where to store those backups. See
-# https://borgbackup.readthedocs.io/en/stable/quickstart.html and
-# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create for details.
-location:
-    # List of source directories to backup (required). Globs and tildes are expanded.
-    source_directories:
-        - /home
-        - /etc
-        - /var/log/syslog*
-
-    # Stay in same file system (do not cross mount points).
-    one_file_system: true
-
-    # Mode in which to operate the files cache. See
-    # https://borgbackup.readthedocs.io/en/stable/usage/create.html#description for
-    # details.
-    files_cache: ctime,size,inode
-
-    # Alternate Borg local executable. Defaults to "borg".
-    local_path: borg1
-
-    # Alternate Borg remote executable. Defaults to "borg".
-    remote_path: borg1
-
-    # Paths to local or remote repositories (required). Tildes are expanded. Multiple
-    # repositories are backed up to in sequence. See ssh_command for SSH options like
-    # identity file or port.
-    repositories:
-        - user@backupserver:sourcehostname.borg
-
-    # Any paths matching these patterns are included/excluded from backups. Globs are
-    # expanded. (Tildes are not.) Note that Borg considers this option experimental.
-    # See the output of "borg help patterns" for more details. Quote any value if it
-    # contains leading punctuation, so it parses correctly.
-    patterns:
-        - R /
-        - '- /home/*/.cache'
-        - + /home/susan
-        - '- /home/*'
-
-    # Read include/exclude patterns from one or more separate named files, one pattern
-    # per line. Note that Borg considers this option experimental. See the output of
-    # "borg help patterns" for more details.
-    patterns_from:
-        - /etc/borgmatic/patterns
-
-    # Any paths matching these patterns are excluded from backups. Globs and tildes
-    # are expanded. See the output of "borg help patterns" for more details.
-    exclude_patterns:
-        - '*.pyc'
-        - ~/*/.cache
-        - /etc/ssl
-
-    # Read exclude patterns from one or more separate named files, one pattern per
-    # line. See the output of "borg help patterns" for more details.
-    exclude_from:
-        - /etc/borgmatic/excludes
-
-    # Exclude directories that contain a CACHEDIR.TAG file. See
-    # http://www.brynosaurus.com/cachedir/spec.html for details.
-    exclude_caches: true
-
-    # Exclude directories that contain a file with the given filename.
-    exclude_if_present: .nobackup
-
-# Repository storage options. See
-# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and
-# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
-# details.
-storage:
-    # The standard output of this command is used to unlock the encryption key. Only
-    # use on repositories that were initialized with passcommand/repokey encryption.
-    # Note that if both encryption_passcommand and encryption_passphrase are set,
-    # then encryption_passphrase takes precedence.
-    encryption_passcommand: secret-tool lookup borg-repository repo-name
-
-    # Passphrase to unlock the encryption key with. Only use on repositories that were
-    # initialized with passphrase/repokey encryption. Quote the value if it contains
-    # punctuation, so it parses correctly. And backslash any quote or backslash
-    # literals as well.
-    encryption_passphrase: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
-
-    # Type of compression to use when creating archives. See
-    # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
-    # Defaults to no compression.
-    compression: lz4
-
-    # Remote network upload rate limit in kiBytes/second.
-    remote_rate_limit: 100
-
-    # Command to use instead of just "ssh". This can be used to specify ssh options.
-    ssh_command: ssh -i /path/to/private/key
-
-    # Umask to be used for borg create.
-    umask: 0077
-
-    # Maximum seconds to wait for acquiring a repository/cache lock.
-    lock_wait: 5
-
-    # Name of the archive. Borg placeholders can be used. See the output of
-    # "borg help placeholders" for details. Default is
-    # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
-    # also specify a prefix in the retention section to avoid accidental pruning of
-    # archives with a different archive name format.
-    archive_name_format: '{hostname}-documents-{now}'
-	
-    unknown_unencrypted_repo_access_is_ok: true
-
-# Retention policy for how many backups to keep in each category. See
-# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
-# At least one of the "keep" options is required for pruning to work.
-retention:
-    # Keep all archives within this time interval.
-    keep_within: 3H
-
-    # Number of minutely archives to keep.
-    keep_minutely: 60
-
-    # Number of hourly archives to keep.
-    keep_hourly: 24
-
-    # Number of daily archives to keep.
-    keep_daily: 7
-
-    # Number of weekly archives to keep.
-    keep_weekly: 4
-
-    # Number of monthly archives to keep.
-    keep_monthly: 6
-
-    # Number of yearly archives to keep.
-    keep_yearly: 1
-
-    # When pruning, only consider archive names starting with this prefix.
-    # Borg placeholders can be used. See the output of "borg help placeholders" for
-    # details. Default is "{hostname}-".
-    prefix: sourcehostname
-
-# Consistency checks to run after backups. See
-# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and
-# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details.
-consistency:
-    # List of one or more consistency checks to run: "repository", "archives", and/or
-    # "extract". Defaults to "repository" and "archives". Set to "disabled" to disable
-    # all consistency checks. "repository" checks the consistency of the repository,
-    # "archive" checks all of the archives, and "extract" does an extraction dry-run
-    # of just the most recent archive.
-    checks:
-        - repository
-        - archives
-
-    # Restrict the number of checked archives to the last n. Applies only to the "archives" check.
-    check_last: 3
-
-# Shell commands or scripts to execute before and after a backup or if an error has occurred.
-# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
-# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
-# prevent potential shell injection or privilege escalation.
-hooks:
-    # List of one or more shell commands or scripts to execute before creating a backup.
-    before_backup:
-        - echo "`date` - Starting a backup job."
-
-    # List of one or more shell commands or scripts to execute after creating a backup.
-    after_backup:
-        - echo "`date` - Backup created."
-
-    # List of one or more shell commands or scripts to execute in case an exception has occurred.
-    on_error:
-        - echo "`date` - Error while creating a backup."

borgmatic/config/crontab.txt

@@ -1 +0,0 @@
-0 2 * * * /config/run.sh

borgmatic/config/etc.yaml

@@ -1,38 +1,21 @@
-location:
+source_directories:
-    source_directories:
     - /shuttle/etc
-    repositories:
-        - /repo/etc
 
-storage:
+repositories:
-    compression: lz4
+    - path: /repo/etc
-    archive_name_format: '{now:%Y-%m-%d}'
-    unknown_unencrypted_repo_access_is_ok: true
 
-retention:
+umask: 22
-    keep_daily: 7
-    keep_weekly: 4
-    keep_monthly: 6
-    prefix: '20'
 
-consistency:
+compression: lz4
-    checks:
+archive_name_format: '{now:%Y-%m-%d}'
-        - repository
+unknown_unencrypted_repo_access_is_ok: true
-        - archives
+relocated_repo_access_is_ok: true
-    check_last: 3
-    prefix: '20'
 
-hooks:
+keep_daily: 7
-    before_backup:
+keep_weekly: 4
-        - echo -e "\n\n"
+keep_monthly: 6
-        - echo "#"
+
-        - echo "# `date` - Starting a backup job."
+checks:
-        - echo "#"
+    - name: repository
-    after_backup:
+    - name: archives
-        - echo "#"
+check_last: 3
-        - echo "# `date` - Backup created."
-        - echo "#"
-    on_error:
-        - echo "#"
-        - echo "# `date` - Error while creating a backup."
-        - echo "#"

borgmatic/config/home.yaml

@@ -1,41 +1,25 @@
-location:
+source_directories:
-    source_directories:
     - /shuttle/home
-    patterns:
-        - '- /shuttle/home/.snapshot'
-        - '- /shuttle/home/*/.cache'
-    repositories:
-        - /repo/home
 
-storage:
+exclude_patterns:
-    compression: lz4
+    - /shuttle/home/.snapshot
-    archive_name_format: '{now:%Y-%m-%d}'
+    - /shuttle/home/*/.cache
-    unknown_unencrypted_repo_access_is_ok: true
 
-retention:
+repositories:
-    keep_daily: 7
+    - path: /repo/home
-    keep_weekly: 4
-    keep_monthly: 6
-    prefix: '20'
 
-consistency:
+umask: 22
-    checks:
-        - repository
-        - archives
-    check_last: 3
-    prefix: '20'
 
-hooks:
+compression: lz4
-    before_backup:
+archive_name_format: '{now:%Y-%m-%d}'
-        - echo -e "\n\n"
+unknown_unencrypted_repo_access_is_ok: true
-        - echo "#"
+relocated_repo_access_is_ok: true
-        - echo "# `date` - Starting a backup job."
+
-        - echo "#"
+keep_daily: 7
-    after_backup:
+keep_weekly: 4
-        - echo "#"
+keep_monthly: 6
-        - echo "# `date` - Backup created."
+
-        - echo "#"
+checks:
-    on_error:
+    - name: repository
-        - echo "#"
+    - name: archives
-        - echo "# `date` - Error while creating a backup."
+check_last: 3
-        - echo "#"

borgmatic/config/opt.yaml

@@ -1,44 +1,28 @@
-location:
+source_directories:
-    source_directories:
     - /shuttle/opt
-    patterns:
-        - '- /shuttle/opt/.snapshot'
-        - '- /shuttle/opt/jupyter/conda'
-        - '- /shuttle/opt/emby/metadata'
-        - '- /shuttle/opt/btsync/var/*.journal*'
-        - '- /shuttle/opt/openvpn-server/*.log'
-    repositories:
-        - /repo/opt
 
-storage:
+exclude_patterns:
-    compression: lz4
+    - /shuttle/opt/.snapshot
-    archive_name_format: '{now:%Y-%m-%d}'
+    - /shuttle/opt/jupyter/conda
-    unknown_unencrypted_repo_access_is_ok: true
+    - /shuttle/opt/emby/metadata
+    - /shuttle/opt/btsync/var/*.journal*
+    - /shuttle/opt/openvpn-server/*.log
 
-retention:
+repositories:
-    keep_daily: 7
+    - path: /repo/opt
-    keep_weekly: 4
-    keep_monthly: 6
-    prefix: '20'
 
-consistency:
+umask: 22
-    checks:
-        - repository
-        - archives
-    check_last: 3
-    prefix: '20'
 
-hooks:
+compression: lz4
-    before_backup:
+archive_name_format: '{now:%Y-%m-%d}'
-        - echo -e "\n\n"
+unknown_unencrypted_repo_access_is_ok: true
-        - echo "#"
+relocated_repo_access_is_ok: true
-        - echo "# `date` - Starting a backup job."
+
-        - echo "#"
+keep_daily: 7
-    after_backup:
+keep_weekly: 4
-        - echo "#"
+keep_monthly: 6
-        - echo "# `date` - Backup created."
+
-        - echo "#"
+checks:
-    on_error:
+    - name: repository
-        - echo "#"
+    - name: archives
-        - echo "# `date` - Error while creating a backup."
+check_last: 3
-        - echo "#"

borgmatic/config/root.yaml

@@ -1,40 +1,24 @@
-location:
+source_directories:
-    source_directories:
     - /shuttle/root
-    patterns:
-        - '- /shuttle/root/.cache'
-    repositories:
-        - /repo/root
 
-storage:
+exclude_patterns:
-    compression: lz4
+    - /shuttle/root/.cache
-    archive_name_format: '{now:%Y-%m-%d}'
-    unknown_unencrypted_repo_access_is_ok: true
 
-retention:
+repositories:
-    keep_daily: 7
+    - path: /repo/root
-    keep_weekly: 4
-    keep_monthly: 6
-    prefix: '20'
 
-consistency:
+umask: 22
-    checks:
-        - repository
-        - archives
-    check_last: 3
-    prefix: '20'
 
-hooks:
+compression: lz4
-    before_backup:
+archive_name_format: '{now:%Y-%m-%d}'
-        - echo -e "\n\n"
+unknown_unencrypted_repo_access_is_ok: true
-        - echo "#"
+relocated_repo_access_is_ok: true
-        - echo "# `date` - Starting a backup job."
+
-        - echo "#"
+keep_daily: 7
-    after_backup:
+keep_weekly: 4
-        - echo "#"
+keep_monthly: 6
-        - echo "# `date` - Backup created."
+
-        - echo "#"
+checks:
-    on_error:
+    - name: repository
-        - echo "#"
+    - name: archives
-        - echo "# `date` - Error while creating a backup."
+check_last: 3
-        - echo "#"

borgmatic/config/run.sh

@@ -1,10 +0,0 @@
-/usr/bin/borgmatic --stats -v 0 -c /config/home.yaml >> /log/home.log 2>&1
-/usr/bin/borgmatic --stats -v 0 -c /config/root.yaml >> /log/root.log 2>&1
-/usr/bin/borgmatic --stats -v 0 -c /config/opt.yaml >> /log/opt.log 2>&1
-/usr/bin/borgmatic --stats -v 0 -c /config/etc.yaml >> /log/etc.log 2>&1
-
-export REMOTE=/remote/server/bram
-mkdir -p ${REMOTE}
-sshfs user@bram.veenboer.xyz:/media/helios/Bram ${REMOTE}
-/usr/bin/borgmatic --stats -v 0 -c /config/bram.yaml >> /log/bram.log 2>&1
-umount ${REMOTE}

borgmatic/config/test.yaml

@@ -0,0 +1,18 @@
+source_directories:
+    - /tmp/
+
+repositories:
+    - path: /repo/test
+
+umask: 22
+
+compression: lz4
+archive_name_format: '{now:%Y-%m-%d_%H%M%S}'
+
+unknown_unencrypted_repo_access_is_ok: true
+relocated_repo_access_is_ok: true
+
+keep_hourly: 24
+keep_daily: 7
+keep_weekly: 4
+keep_monthly: 6

borgmatic/crontab.txt

@@ -0,0 +1 @@
+0 2 * * * /scripts/run_all.sh

borgmatic/scripts/run_all.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+for name in home root opt etc bram; do
+    echo $name
+    /scripts/run_one.sh "$name" >> "/log/$name.log" 2>&1
+done

borgmatic/scripts/run_one.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+set -euo pipefail
+
+CONFIG_FILE="$1"
+
+LOKI_HOST=host
+
+MQTT_BROKER=host
+MQTT_TOPIC="borgmatic/stats/$CONFIG_FILE"
+MQTT_USER="borgmatic"
+MQTT_PASSWORD="eH2dAiG7siCIFdB7qX0MHwEFzcr9aqUi"
+
+# Run Borgmatic and extract archive stats as JSON
+ARCHIVE_JSON=$(borgmatic \
+    --stats \
+    -v 0 \
+    -c "/config/$CONFIG_FILE.yaml" \
+    --log-json \
+    --no-color \
+    --json \
+    | tail -n1 \
+    | jq '.[0].archive'
+)
+echo $ARCHIVE_JSON
+
+echo "----- ARCHIVE_JSON"
+echo $ARCHIVE_JSON
+echo "-----"
+
+# Publish to MQTT
+mosquitto_pub -h "$MQTT_BROKER" \
+               -t "$MQTT_TOPIC" \
+               -u "$MQTT_USER" \
+               -P "$MQTT_PASSWORD" \
+               -m "$ARCHIVE_JSON"
+
+# Build Loki payload
+LOKI_PAYLOAD=$(jq -n \
+  --arg config "$CONFIG_FILE" \
+  --argjson archive "$ARCHIVE_JSON" \
+  --arg now "$(date +%s%N)" \
+  '{streams: [
+      {
+        stream: {job: "borgmatic", config: $config},
+        values: [[$now, ($archive | tostring)]]
+      }
+    ]}')
+
+echo "----- LOKI_PAYLOAD"
+echo $LOKI_PAYLOAD
+echo "-----"
+
+# Send to Loki
+curl -s -X POST "http://$LOKI_HOST:3100/loki/api/v1/push" \
+  -H "Content-Type: application/json" \
+  -d "$LOKI_PAYLOAD"

caddy/.gitignore

@@ -0,0 +1 @@
+data

caddy/Caddyfile

@@ -25,15 +25,20 @@ import unprotected authentik host:19000
 import unprotected vouch host:9090
 import unprotected jellyfin host:8097
 import unprotected seafile host:8082
-import unprotected grafana host:3333
 import unprotected pgadmin host:5050
 import unprotected homarr host:17575
 import unprotected jellyseerr host:15055
+import unprotected minio host:9000
+import unprotected gitea host:3003
+import unprotected minio-admin host:9001
+import unprotected loki host:3100
 
+import protected grafana host:3333
 import protected sonarr host:18989
 import protected radarr host:17878
 import protected bazarr host:16767
 import protected jackett host:9117
+import protected prowlarr host:9696
 import protected dagster host:3000
 import protected photoprism host:2342
 import protected qbittorrent host:9092
@@ -43,10 +48,14 @@ import protected transmission host:9091
 import protected droppy host:8989
 import protected filebrowser host:8002
 import protected jupyter host:9999
+import protected nodered host:1880
+import protected teslamate host:4000
+import protected beszel host:8090
 
 import sites/root.caddy
 import sites/authentik.caddy
 import sites/ha.caddy
+import sites/tesla.caddy
 import sites/geo.caddy
 import sites/auth.caddy
 import sites/test.caddy

caddy/Dockerfile

@@ -1,12 +1,12 @@
-FROM caddy:2.9-builder AS builder
+FROM caddy:2.10-builder AS builder
 
 RUN xcaddy build \
     --with github.com/caddy-dns/route53 \
-    --with github.com/mholt/caddy-dynamicdns \
+    --with github.com/mholt/caddy-dynamicdns@b846b9e \
-    --with github.com/zhangjiayin/caddy-geoip2 \
+    --with github.com/zhangjiayin/caddy-geoip2@0de3173 \
-    --with github.com/mholt/caddy-l4 \
+    --with github.com/mholt/caddy-l4@4a517a9 \
-    --with github.com/greenpau/caddy-security
+    --with github.com/greenpau/caddy-security@v1.1.31
 
-FROM caddy:2.9-alpine
+FROM caddy:2.10-alpine
 
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy

caddy/sites/tesla.caddy

@@ -0,0 +1,24 @@
+tesla.{$SUBDOMAIN}.{$DOMAIN} {
+	log {
+		output file /var/log/tesla.log
+	}
+
+	import ../conf/authentik.caddy
+	reverse_proxy host:3004
+
+	handle /assets/* {
+		reverse_proxy http://host:4000
+	}
+
+	handle /live/* {
+		reverse_proxy http://host:4000
+	}
+
+	handle /settings {
+		reverse_proxy http://host:4000
+	}
+
+	handle_path /mate* {
+		reverse_proxy http://host:4000
+	}
+}

collectd/.gitignore

@@ -0,0 +1 @@
+var

collectd/etc/collectd.conf

@@ -84,6 +84,7 @@ LoadPlugin uptime
 LoadPlugin users
 LoadPlugin smart
 LoadPlugin pg_collectd
+LoadPlugin mqtt
 
 ##############################################################################
 # Plugin configuration                                                       #
@@ -112,6 +113,7 @@ LoadPlugin pg_collectd
 <Plugin disk>
     Disk "sda"
     Disk "sdb"
+    Disk "sdc"
     Disk "nvme0n1"
     IgnoreSelected false
 </Plugin>
@@ -128,13 +130,29 @@ LoadPlugin pg_collectd
     IgnoreSelected false
 </Plugin>
 
-<Plugin pg_collectd>
+#<Plugin pg_collectd>
-    BatchSize 1000
+#    BatchSize 1000
-    Connection "postgresql://collectd:collectd@host:6543/collectd"
+#    Connection "postgresql://collectd:collectd@host:6543/collectd"
-    StoreRates true
+#    StoreRates true
-    LogTimings INFO
+#    LogTimings INFO
-</Plugin>
+#</Plugin>
 
 <Include "/etc/collectd/collectd.conf.d">
 	Filter "*.conf"
 </Include>
+
+<Plugin "network">
+  Server "host" "24224"
+</Plugin>
+
+<Plugin "mqtt">
+  <Publish "broker">
+    Host "host"
+    Port 1883
+    User "collectd"
+    Password "p5TJbEbeqaJU0Z4g63EvwX0hWG4VLZXg"
+    ClientId "collectd-shuttle"
+    Prefix "collectd"
+    Retain false
+  </Publish>
+</Plugin>

compose.authentik.yaml

@@ -1,7 +1,7 @@
 services:
-  authentik-postgresql:
+  authentik-postgres:
     image: docker.io/library/postgres:16-alpine
-    container_name: authentik-postgresql
+    container_name: authentik-postgres
     ports:
       - "15432:5432"
     restart: unless-stopped
@@ -33,14 +33,14 @@ services:
       - /opt/authentik/redis:/data
 
   authentik-server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.1}
     container_name: authentik-server
     restart: unless-stopped
     command: server
     environment:
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
       AUTHENTIK_REDIS__HOST: authentik-redis
-      AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
+      AUTHENTIK_POSTGRESQL__HOST: authentik-postgres
       AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
       AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
       AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASSWORD}
@@ -51,20 +51,20 @@ services:
       - "19000:9000"
       - "19443:9443"
     depends_on:
-      - authentik-postgresql
+      - authentik-postgres
       - authentik-redis
     extra_hosts:
       - host:192.168.2.200
 
   authentik-worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.1}
     container_name: authentik-worker
     restart: unless-stopped
     command: worker
     environment:
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
       AUTHENTIK_REDIS__HOST: authentik-redis
-      AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
+      AUTHENTIK_POSTGRESQL__HOST: authentik-postgres
       AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
       AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
       AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASSWORD}
@@ -73,18 +73,5 @@ services:
       - /opt/authentik/certs:/certs
       - /opt/authentik/templates:/templates
     depends_on:
-      - authentik-postgresql
+      - authentik-postgres
       - authentik-redis
-
-  # authentik-proxy:
-  #   image: authentik-proxy
-  #   container_name: authentik-proxy
-  #   ports:
-  #     - "15000:5000"
-  #   environment:
-  #     INTERNAL: http://host:19000
-  #     EXTERNAL: https://authentik.rik.veenboer.xyz
-  #   build:
-  #     context: /opt/authentik/proxy
-  #   extra_hosts:
-  #     - host:192.168.2.200

compose.autoheal.yaml

@@ -0,0 +1,8 @@
+services:
+  autoheal:
+    image: willfarrell/autoheal:1.2.0
+    container_name: autoheal
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - AUTOHEAL_CONTAINER_LABEL=all

compose.bazarr.yaml

@@ -0,0 +1,17 @@
+services:
+  bazarr:
+    container_name: bazarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    extra_hosts:
+      - host:192.168.2.200
+    image: linuxserver/bazarr:1.4.2
+    ports:
+      - 16767:6767
+    restart: unless-stopped
+    volumes:
+      - /opt/bazarr:/config
+      - /mnt/yotta/krypton/Movies:/movies
+      - /mnt/yotta/krypton/Shows:/tv

compose.beszel.yaml

@@ -0,0 +1,28 @@
+services:
+  beszel:
+    image: henrygd/beszel:0.12.6
+    container_name: beszel
+    restart: unless-stopped
+    ports:
+      - 8090:8090
+    volumes:
+      - /opt/beszel/data:/beszel_data
+      - /opt/beszel/socket:/beszel_socket
+    environment:
+      USER_CREATION: true
+      DISABLE_PASSWORD_AUTH: false
+
+  beszel-agent:
+    image: henrygd/beszel-agent:0.12.6
+    container_name: beszel-agent
+    restart: unless-stopped
+    network_mode: host
+    volumes:
+      - /opt/beszel/agent:/var/lib/beszel-agent
+      - /opt/beszel/socket:/beszel_socket
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      LISTEN: /beszel_socket/beszel.sock
+      HUB_URL: http://localhost:8090
+      TOKEN: ${BESZEL_TOKEN:?}
+      KEY: ${BESZEL_KEY:?}

compose.borgmatic.yaml

@@ -0,0 +1,27 @@
+services:
+  borgmatic:
+    container_name: borgmatic
+    build:
+      context: /opt/borgmatic/
+    environment:
+      - TZ=Europe/Amsterdam
+    extra_hosts:
+      - host:192.168.2.200
+    healthcheck:
+      test: ["CMD", "pgrep", "crond"]
+      interval: 20s
+      start_period: 30s
+      timeout: 5s
+      retries: 10
+    privileged: true
+    restart: unless-stopped
+    volumes:
+      - /opt/borgmatic/crontab.txt:/etc/borgmatic.d/crontab.txt
+      - /opt/borgmatic/config:/config
+      - /opt/borgmatic/scripts:/scripts
+      - /opt/borgmatic/keys:/keys
+      - /opt/borgmatic/log:/log
+      - /root/.ssh:/root/.ssh:ro
+      - /mnt/yotta/xenon/borg:/repo
+      - /:/shuttle:ro
+      - /dev/fuse:/dev/fuse

compose.caddy.yaml

@@ -0,0 +1,27 @@
+services:
+  caddy:
+    build:
+      context: /opt/caddy/
+    container_name: caddy
+    environment:
+      - DOMAIN=veenboer.xyz
+      - SUBDOMAIN=rik
+      - AWS_REGION=eu-west-1
+      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
+      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}
+      - GEO_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:?}
+      - GEO_API_KEY=${MAXMIND_API_KEY:?}
+      - OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID:?}
+      - OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET:?}
+    image: caddy
+    ports:
+      - 443:443
+    restart: unless-stopped
+    volumes:
+      - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile
+      - /opt/caddy/conf:/etc/caddy/conf
+      - /opt/caddy/sites:/etc/caddy/sites
+      - /opt/caddy/data:/data/caddy
+      - /opt/caddy/logs:/var/log
+    extra_hosts:
+      - host:192.168.2.200

compose.collectd.yaml

@@ -0,0 +1,19 @@
+services:
+  collectd:
+    build:
+      context: /home/user/src
+      dockerfile: /opt/collectd/Dockerfile
+    container_name: collectd
+    image: collectd:bookworm
+    privileged: true
+    restart: unless-stopped
+    volumes:
+      - /opt/collectd/etc:/etc/collectd
+      - /opt/collectd/var:/var/lib/collectd
+      - /opt/collectd/usr:/host/usr
+      - /:/host/root:ro
+      - /media/data:/media/data:ro
+      - /var/lib/docker:/media/docker:ro
+      - /dev/mapper:/dev/mapper
+    extra_hosts:
+      - host:192.168.2.200

compose.dns-ad-blocker.yaml

@@ -0,0 +1,20 @@
+services:
+  dns-ad-blocker:
+    container_name: dns-ad-blocker
+    environment:
+      - AUTO_UPDATE=1
+      - BRANCH=master
+      - DNSCRYPT=1
+      - DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.ns0.dnscrypt.nl
+      - DNSCRYPT_RESOLVER_ADDR=45.76.35.212
+      - DNSCRYPT_PROVIDER_KEY=4C84:FB8C:0511:5DFA:5F97:C5ED:0329:1370:C78A:BCD6:4E15:DD53:AB08:DE72:FB84:4ACA
+      - WHITELIST=api.segment.io,www.googleapis.com,analytics.google.com
+    image: oznu/dns-ad-blocker:latest
+    ports:
+      - 192.168.2.201:53:53/udp
+    restart: unless-stopped
+    volumes:
+      - /opt/dns-ad-blocker/config:/config
+      - /opt/dns-ad-blocker/run:/etc/services.d/dnsmasq/run
+      - /opt/dns-ad-blocker/var/log:/var/log
+      - /opt/dns-ad-blocker/dnsmasq.hosts:/etc/dnsmasq.hosts

compose.droppy.yaml

@@ -0,0 +1,10 @@
+services:
+  droppy:
+    container_name: droppy
+    image: silverwind/droppy:12.2.0
+    ports:
+      - 8989:8989
+    restart: unless-stopped
+    volumes:
+      - /opt/droppy:/config
+      - /media/scratch/droppy:/files

compose.dsmr.yaml

@@ -0,0 +1,29 @@
+services:
+  dsmr:
+    container_name: dsmr
+    depends_on:
+      - dsmrdb
+      - influxdb
+    environment:
+      - DSMRREADER_ADMIN_USER=${DSMRREADER_USER:?}
+      - DSMRREADER_ADMIN_PASSWORD=${DSMRREADER_PASSWORD:?}
+    image: xirixiz/dsmr-reader-docker:5.10.3-2023.04.02
+    links:
+      - dsmrdb:dsmrreader
+    ports:
+      - 8888:80
+    restart: unless-stopped
+    volumes:
+      - /opt/dsmr/backups:/home/dsmr/app/backups
+  dsmrdb:
+    container_name: dsmrdb
+    environment:
+      - POSTGRES_DB=${DSMRDB_DATABASE:?}
+      - POSTGRES_USER=${DSMRDB_USER:?}
+      - POSTGRES_PASSWORD=${DSMRDB_PASSWORD:?}
+    image: postgres:13.7
+    ports:
+      - 5432:5432
+    restart: unless-stopped
+    volumes:
+      - /opt/dsmr/data:/var/lib/postgresql/data

compose.esphome.yaml

@@ -0,0 +1,10 @@
+services:
+  esphome:
+    container_name: esphome
+    image: esphome/esphome:2022.12.8
+    network_mode: host
+    restart: unless-stopped
+    volumes:
+      - /opt/esphome:/config:rw
+      - /opt/esphome/log:/log:rw
+      - /etc/localtime:/etc/localtime:ro

compose.filebrowser.yaml

@@ -0,0 +1,15 @@
+services:
+  filebrowser:
+    container_name: filebrowser
+    image: filebrowser/filebrowser:v2.31.2
+    # command: ["config", "set", "--auth.method=noauth"]
+    ports:
+      - 8002:80
+    restart: unless-stopped
+    volumes:
+      - /opt/filebrowser/.filebrowser.json:/.filebrowser.json
+      - /opt/filebrowser/database.db:/database.db
+      - /mnt/yotta/helium/personal:/host/media/Personal
+      - /mnt/yotta/helium/shared:/host/media/Shared
+      - /mnt/yotta/neon:/host/media/Other
+      - /mnt/yotta/krypton:/host/media/Video

compose.fluentbit.yaml

@@ -0,0 +1,23 @@
+services:
+  fluentbit:
+    image: fluent/fluent-bit:4.1.1-amd64
+    container_name: fluentbit
+    restart: unless-stopped
+    command: fluent-bit --config /fluent-bit.yaml
+    ports:
+      - "21883:1883"
+      - "24224:24224"
+      - "24224:24224/udp"
+    volumes:
+      - /opt/fluentbit/config.yaml:/fluent-bit.yaml
+      - /opt/collectd/usr/collectd/types.db:/usr/share/collectd/types.db
+    environment:
+      - MQTT_USER=${FLUENTBIT_MQTT_USER}
+      - MQTT_PASS=${FLUENTBIT_MQTT_PASS}
+      - DATABASE_HOST=${FLUENTBIT_DATABASE_HOST}
+      - DATABASE_PORT=${FLUENTBIT_DATABASE_PORT}
+      - DATABASE_USER=${FLUENTBIT_DATABASE_USER}
+      - DATABASE_PASS=${FLUENTBIT_DATABASE_PASS}
+      - DATABASE_NAME=${FLUENTBIT_DATABASE_NAME}
+    extra_hosts:
+      - host:192.168.2.200

compose.gitea.yaml

@@ -0,0 +1,29 @@
+services:
+  gitea:
+    image: docker.gitea.com/gitea:1.24.3
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=host:11111
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=gitea
+      - GITEA__mailer__ENABLED=true
+      - GITEA__mailer__SMTP_ADDR=email-smtp.eu-west-1.amazonaws.com
+      - GITEA__mailer__SMTP_PORT=587
+      - GITEA__mailer__FROM=gitea@veenboer.xyz
+      - GITEA__mailer__USER=${SMTP_USER:?}
+      - GITEA__mailer__PASSWD=${SMTP_PASSWORD:?}
+      - GITEA__mailer__PROTOCOL=smtp+starttls
+    restart: always
+    extra_hosts:
+      - host:192.168.2.200
+    volumes:
+      - /opt/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3003:3000"
+      - "222:22"

compose.grafana.yaml

@@ -0,0 +1,21 @@
+services:
+  grafana:
+    container_name: grafana
+    image: grafana/grafana:11.4.0
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost:3000"]
+      interval: 20s
+      start_period: 30s
+      timeout: 5s
+      retries: 10
+    ports:
+      - 3333:3000
+    restart: unless-stopped
+    environment:
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+    volumes:
+      - /opt/grafana:/var/lib/grafana
+      # - /opt/grafana/grafana.ini:/etc/grafana/grafana.ini
+    extra_hosts:
+      - host:192.168.2.200

compose.homarr.yaml

@@ -0,0 +1,14 @@
+services:
+  homarr:
+    container_name: homarr
+    environment:
+      - TZ=Europe/Amsterdam
+    image: ghcr.io/ajnart/homarr:0.15.2
+    ports:
+      - 17575:7575
+    restart: unless-stopped
+    volumes:
+      - /opt/homarr/data:/data
+      - /opt/homarr/configs:/app/data/configs
+      - /opt/homarr/icons:/app/public/icons
+      - /var/run/docker.sock:/var/run/docker.sock

compose.homeassistant.yaml

@@ -0,0 +1,12 @@
+services:
+  homeassistant:
+    container_name: homeassistant
+    image: homeassistant/home-assistant:2025.1.2
+    network_mode: host
+    privileged: true
+    restart: unless-stopped
+    volumes:
+      - /opt/homeassistant:/config
+      - /etc/localtime:/etc/localtime:ro
+    extra_hosts:
+    - host:192.168.2.200

compose.influxdb.yaml

@@ -0,0 +1,10 @@
+services:
+  influxdb:
+    container_name: influxdb
+    image: influxdb:2.3.0
+    ports:
+      - 8086:8086
+    restart: unless-stopped
+    volumes:
+      - /mnt/mezzo/scratch/influxdb:/var/lib/influxdb2
+      - /opt/gw2pvo:/opt/gw2pvo

compose.jackett.yaml

@@ -0,0 +1,16 @@
+services:
+  jackett:
+    container_name: jackett
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    external_links:
+      - transmission
+      - qbittorrent
+    image: linuxserver/jackett:0.24.339
+    ports:
+      - 9117:9117
+    restart: unless-stopped
+    volumes:
+      - /opt/jackett:/config

compose.jellyfin.yaml

@@ -0,0 +1,19 @@
+services:
+  jellyfin:
+    container_name: jellyfin
+    devices:
+      - /dev/dri/renderD128:/dev/dri/renderD128
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    image: linuxserver/jellyfin:10.10.1
+    ports:
+      - 8097:8097
+    restart: unless-stopped
+    volumes:
+      - /opt/jellyfin/config:/config
+      - /opt/cache:/cache
+      - /mnt/yotta/krypton/Movies:/host/srv/movies
+      - /mnt/yotta/krypton/Shows:/host/srv/shows
+      - /mnt/yotta/neon/Music/Albums:/host/srv/music

compose.jellyseerr.yaml

@@ -0,0 +1,11 @@
+services:
+  jellyseerr:
+    container_name: jellyseerr
+    environment:
+      - TZ=Europe/Amsterdam
+    image: fallenbagel/jellyseerr:1.5.0
+    ports:
+      - 15055:5055
+    restart: unless-stopped
+    volumes:
+      - /opt/jellyseerr:/app/config

compose.loki.yaml

@@ -0,0 +1,14 @@
+services:
+  loki:
+    image: grafana/loki:3.5.3
+    container_name: loki
+    restart: always
+    user: root
+    ports:
+      - "3100:3100"
+    command: -config.file=/etc/loki/local-config.yaml
+    volumes:
+      - /opt/loki/local-config.yaml:/etc/loki/local-config.yaml:ro
+      - /opt/loki/data:/loki
+    extra_hosts:
+      - host:192.168.2.200

compose.mediamtx.yaml

@@ -0,0 +1,22 @@
+services:
+  mediamtx:
+    image: bluenviron/mediamtx:1.14.0-ffmpeg
+    container_name: mediamtx
+    environment:
+      MTX_RTSPTRANSPORTS: tcp
+      MTX_WEBRTCADDITIONALHOSTS: 192.168.2.200
+    ports:
+      - "8554:8554"
+      - "1935:1935"
+      - "9888:8888"
+      - "9889:8889"
+      - "8890:8890/udp"
+      - "8189:8189/udp"
+    stdin_open: true
+    tty: true
+    volumes:
+      - /opt/mediamtx/mediamtx.yml:/mediamtx.yml:ro
+      - /mnt/yotta/radon/mediamtx:/recordings
+    restart: unless-stopped
+
+# vlc --network-caching=50 rtsp://192.168.2.200:8554/mystream

compose.minio.yaml

@@ -0,0 +1,15 @@
+services:
+  minio:
+    image: minio/minio:RELEASE.2025-04-03T14-56-28Z
+    container_name: minio
+    ports:
+      - "9000:9000"
+      - "9001:9001"
+    environment:
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER:?}
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:?}
+      # MINIO_ROOT_USER: user
+      # MINIO_ROOT_PASSWORD: password
+    volumes:
+      - /opt/minio:/data
+    command: server /data --console-address ":9001"

compose.mosquitto.yaml

@@ -0,0 +1,14 @@
+services:
+  mosquitto:
+    container_name: mosquitto
+    image: eclipse-mosquitto:2.0.15
+    ports:
+      - 1883:1883
+      - 1884:1884
+    restart: unless-stopped
+    volumes:
+      - /opt/mosquitto/config:/mosquitto/config
+      - /opt/mosquitto/data:/mosquitto/data
+      - /opt/mosquitto/log:/mosquitto/log
+    extra_hosts:
+      - host:192.168.2.200

compose.nodered.yaml

@@ -0,0 +1,13 @@
+services:
+  nodered:
+    image: nodered/node-red:4.1.0-22
+    container_name: nodered
+    ports:
+      - 1880:1880
+    volumes:
+      - /opt/nodered:/data
+    environment:
+      - TZ=Europe/Amsterdam
+    extra_hosts:
+      - host:192.168.2.200
+      - mqqtt:192.168.2.200

compose.openvpn-server.yaml

@@ -0,0 +1,15 @@
+services:
+  openvpn-server:
+    cap_add:
+      - NET_ADMIN
+    container_name: openvpn-server
+    extra_hosts:
+      - host:192.168.2.200
+    image: kylemanna/openvpn:2.4
+    ports:
+      - 444:443
+    privileged: true
+    restart: unless-stopped
+    volumes:
+      - /opt/openvpn-server:/etc/openvpn
+      - /opt/openvpn-server/logrotate.d/openvpn:/etc/logrotate.d/openvpn

compose.pgadmin.yaml

@@ -0,0 +1,13 @@
+services:
+  pgadmin:
+    container_name: pgadmin
+    environment:
+      - PGADMIN_DEFAULT_EMAIL="${PGADMIN_EMAIL:?}"
+      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:?}"
+    image: dpage/pgadmin4:7.5
+    ports:
+      - 5050:80
+    restart: unless-stopped
+    volumes:
+      - /opt/pgadmin/var:/var/lib/pgadmin
+      - /opt/pgadmin/log:/var/log/pgadmin

compose.photoprism.yaml

@@ -0,0 +1,55 @@
+services:
+  photoprism:
+    container_name: photoprism
+    devices:
+      - /dev/dri:/dev/dri
+    environment:
+      - PHOTOPRISM_ADMIN_PASSWORD="${PHOTOPRISM_ADMIN_PASSWORD:?}"
+      - PHOTOPRISM_AUTH_MODE=public
+      - PHOTOPRISM_SITE_URL=http://localhost:2342/
+      - PHOTOPRISM_ORIGINALS_LIMIT=5000
+      - PHOTOPRISM_HTTP_COMPRESSION=gzip
+      - PHOTOPRISM_LOG_LEVEL=info
+      - PHOTOPRISM_READONLY=true
+      - PHOTOPRISM_EXPERIMENTAL=false
+      - PHOTOPRISM_DISABLE_CHOWN=true
+      - PHOTOPRISM_DISABLE_WEBDAV=true
+      - PHOTOPRISM_DISABLE_SETTINGS=false
+      - PHOTOPRISM_DISABLE_TENSORFLOW=false
+      - PHOTOPRISM_DISABLE_FACES=false
+      - PHOTOPRISM_DISABLE_CLASSIFICATION=false
+      - PHOTOPRISM_DISABLE_RAW=true
+      - PHOTOPRISM_RAW_PRESETS=false
+      - PHOTOPRISM_JPEG_QUALITY=85
+      - PHOTOPRISM_DETECT_NSFW=false
+      - PHOTOPRISM_UPLOAD_NSFW=true
+      - PHOTOPRISM_DATABASE_DRIVER=sqlite
+      - PHOTOPRISM_UID=1000
+      - PHOTOPRISM_GID=1000
+    image: photoprism/photoprism:240915
+    ports:
+      - 2342:2342
+    restart: unless-stopped
+    security_opt:
+      - seccomp:unconfined
+      - apparmor:unconfined
+    volumes:
+      - /opt/photoprism:/photoprism/storage
+      - /opt/photoprism/originals:/photoprism/originals/
+      - /mnt/yotta/radon/photoprism:/photoprism/storage/cache
+      - /mnt/yotta/helium/shared/Photographs/Vakantie/Peter + Monique + Rik + Bram/Denemarken
+        2022:/photoprism/originals/Shared/Vakantie/Peter + Monique + Rik + Bram/Denemarken
+        2022
+      - /mnt/yotta/helium/shared/Photographs/Vakantie/Familie/Ierland 2022:/photoprism/originals/Shared/Vakantie/Familie/Ierland
+        2022
+      - /mnt/yotta/helium/shared/Photographs/Vakantie/Peter + Monique + Rik + Bram/Schotland
+        2022:/photoprism/originals/Shared/Vakantie/Peter + Monique + Rik + Bram/Schotland
+        2022
+      - /mnt/yotta/helium/shared/Photographs/Vakantie/Bram + Rik + Sanne/Kroatie
+        2023:/photoprism/originals/Shared/Vakantie/Bram + Rik + Sanne/Kroatie
+        2023
+      - /mnt/yotta/helium/shared/Photographs/Vakantie/Peter + Monique + Rik + Bram/Zweden
+        2023:/photoprism/originals/Vakantie/Peter + Monique + Rik + Bram/Zweden
+        2023
+      - /mnt/yotta/helium/shared/Photographs/Vakantie/Bram + Rik/Athene 2023:/photoprism/originals/Vakantie/Bram
+        + Rik/Athene 2023

compose.postgis.yaml

@@ -0,0 +1,13 @@
+services:
+  postgis:
+    container_name: postgis
+    environment:
+      - POSTGRES_DB="${POSTGIS_DATABASE:?}"
+      - POSTGRES_USER="${POSTGIS_USER:?}"
+      - POSTGRES_PASSWORD="${POSTGIS_PASSWORD:?}"
+    image: postgis/postgis:14-3.2
+    ports:
+      - 7654:5432
+    restart: unless-stopped
+    volumes:
+      - /opt/postgis:/var/lib/postgresql/data

compose.postgres.yaml

@@ -0,0 +1,23 @@
+services:
+  postgres:
+    container_name: postgres
+    image: postgres:17.5-alpine3.22
+    user: postgres
+    ports:
+      - 11111:5432
+    environment:
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_USER=postgres
+      - POSTGRES_DB=postgres
+    volumes:
+      - /opt/postgres/entrypoint.sh:/entrypoint.sh
+      - /opt/postgres/postgresql.conf:/etc/postgresql/postgresql.conf
+      - /opt/postgres/data:/var/lib/postgresql/data
+      - /opt/postgres/cert.pem:/cert.pem
+      - /opt/postgres/key.pem:/key.pem
+    entrypoint: ["/bin/bash", "/entrypoint.sh"]
+
+    command:
+      - postgres
+      - -c
+      - config_file=/etc/postgresql/postgresql.conf

compose.prowlarr.yaml

@@ -0,0 +1,20 @@
+services:
+  prowlarr:
+    image: linuxserver/prowlarr:2.3.0
+    container_name: prowlarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - /opt/prowlarr:/config/prowlarr
+    ports:
+      - 9696:9696
+    restart: unless-stopped
+    extra_hosts:
+    - transmission:192.168.2.200
+    - qbittorrent:192.168.2.200
+    - jackett:192.168.2.200
+    - radarr:192.168.2.200
+    - sonarr:192.168.2.200
+    - lidarr:192.168.2.200

compose.qbittorrent.yaml

@@ -0,0 +1,16 @@
+services:
+  qbittorrent:
+    container_name: qbittorrent
+    image: linuxserver/qbittorrent:5.0.1
+    depends_on:
+      - surfshark
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+      - WEBUI_PORT=9092
+    network_mode: service:surfshark
+    restart: unless-stopped
+    volumes:
+      - /opt/qbittorrent:/config
+      - /media/scratch/qbittorrent:/downloads/qbittorrent

compose.radarr.yaml

@@ -0,0 +1,24 @@
+services:
+  radarr:
+    container_name: radarr
+    image: linuxserver/radarr:6.0.4
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    external_links:
+      - transmission
+      - qbittorrent
+    extra_hosts:
+      - transmission:192.168.2.200
+      - qbittorrent:192.168.2.200
+      - jackett:192.168.2.200
+      - prowlarr:192.168.2.200
+    ports:
+      - 17878:7878
+    restart: unless-stopped
+    volumes:
+      - /opt/radarr:/config
+      - /media/scratch/transmission:/downloads/transmission
+      - /media/scratch/qbittorrent:/downloads/qbittorrent
+      - /mnt/yotta/krypton/Movies:/movies

compose.rsnapshot.yaml

@@ -0,0 +1,11 @@
+services:
+  rsnapshot:
+    container_name: rsnapshot
+    image: linuxserver/rsnapshot:1.4.5
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Amsterdam
+    volumes:
+      - /opt/rsnapshot:/config
+      - /mnt/yotta/xenon/rsnapshot:/host/scratch
+      - /root/.ssh:/root/.ssh:ro

compose.seafile.yaml

@@ -1,6 +1,6 @@
 services:
   seafile-mysql:
-    image: mariadb:10.11
+    image: mariadb:11.8.5
     container_name: seafile-mysql
     ports:
       - "13306:3306"
@@ -24,24 +24,42 @@ services:
       timeout: 5s
       retries: 10
 
+  seafile-redis:
+    image: redis:8.4.0
+    container_name: seafile-redis
+    ports:
+      - "6379:6379"
+    restart: unless-stopped
+    command:
+      - /bin/sh
+      - -c
+      - redis-server --requirepass "$$REDIS_PASSWORD"
+    environment:
+      - REDIS_PASSWORD=redis
+
   seafile-server:
-    image: seafileltd/seafile-mc:12.0-latest
+    image: seafileltd/seafile-mc:13.0-latest
     container_name: seafile-server
     ports:
       - "8082:80"
     volumes:
-      - /opt/seafile/server:/shared
+      - /opt/seafile/server:/shared/seafile
       - /media/sync/seafile:/shared/seafile/seafile-data
     environment:
-      - DB_HOST=seafile-mysql
-      - DB_PORT=3306
-      - DB_ROOT_PASSWD=ROOT_PASSWORD
-      - DB_PASSWORD=PASSWORD
       - TIME_ZONE=Europe/Amsterdam
-      - INIT_SEAFILE_ADMIN_EMAIL=admin@veenboer.xyz
+      - JWT_PRIVATE_KEY=8LzWzeuQ41z1i8fc1cr1L7Kw80VpTgmT
-      - INIT_SEAFILE_ADMIN_PASSWORD=asecret
       - SEAFILE_SERVER_HOSTNAME=seafile.rik.veenboer.xyz
       - SEAFILE_SERVER_PROTOCOL=https
-      - JWT_PRIVATE_KEY=8LzWzeuQ41z1i8fc1cr1L7Kw80VpTgmT
+      - SEAFILE_MYSQL_DB_PORT=3306
+      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
+      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db
+      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
+      - SEAFILE_MYSQL_DB_HOST=seafile-mysql
+      - SEAFILE_MYSQL_DB_USER=seafile
+      - SEAFILE_MYSQL_DB_PASSWORD=PASSWORD
+      - REDIS_HOST=seafile-redis
+      - REDIS_PORT=6379
+      - REDIS_PASSWORD=redis
     depends_on:
       - seafile-mysql
+      - seafile-redis

compose.socks.yaml

@@ -0,0 +1,8 @@
+services:
+  socks:
+    container_name: socks
+    image: serjs/go-socks5-proxy
+    ports:
+      - 1081:1080
+    network_mode: service:surfshark
+    restart: unless-stopped

compose.sonarr.yaml

@@ -0,0 +1,23 @@
+services:
+  sonarr:
+    image: linuxserver/sonarr:4.0.16
+    container_name: sonarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    external_links:
+      - transmission
+    extra_hosts:
+      - transmission:192.168.2.200
+      - qbittorrent:192.168.2.200
+      - jackett:192.168.2.200
+      - prowlarr:192.168.2.200
+    ports:
+      - 18989:8989
+    restart: unless-stopped
+    volumes:
+      - /opt/sonarr:/config
+      - /media/scratch/transmission:/downloads/transmission
+      - /media/scratch/qbittorrent:/downloads/qbittorrent
+      - /mnt/yotta/krypton/Shows:/tv

compose.surfshark.yaml

@@ -0,0 +1,27 @@
+services:
+  surfshark:
+    cap_add:
+      - NET_ADMIN
+    container_name: surfshark
+    devices:
+      - /dev/net/tun
+    dns:
+      - 1.1.1.1
+    environment:
+      - SURFSHARK_USER=${SURFSHARK_USER:?}
+      - SURFSHARK_PASSWORD=${SURFSHARK_PASSWORD:?}
+      - SURFSHARK_COUNTRY=nl
+      - SURFSHARK_CITY=ams
+      - CONNECTION_TYPE=udp
+      - LAN_NETWORK=
+      - ENABLE_SOCKS_SERVER=true
+    image: ilteoood/docker-surfshark:1.7.2
+    ports:
+      - 1080:1080
+      - 9091:9091
+      - 9092:9092
+      - 6881:6881
+      - 6881:6881/udp
+    restart: unless-stopped
+    labels:
+      - autoheal=true

compose.telegraf.yaml

@@ -0,0 +1,18 @@
+services:
+  telegraf:
+    container_name: telegraf
+    image: telegraf:1.36.2
+    restart: unless-stopped
+    environment:
+      - TELEGRAF_DEBUG=true
+      - MQTT_USER=${TELEGRAF_MQTT_USER}
+      - MQTT_PASS=${TELEGRAF_MQTT_PASS}
+      - DATABASE_HOST=${TELEGRAF_DATABASE_HOST}
+      - DATABASE_PORT=${TELEGRAF_DATABASE_PORT}
+      - DATABASE_USER=${TELEGRAF_DATABASE_USER}
+      - DATABASE_PASS=${TELEGRAF_DATABASE_PASS}
+      - DATABASE_NAME=${TELEGRAF_DATABASE_NAME}
+    extra_hosts:
+    - host:192.168.2.200
+    volumes:
+      - /opt/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro

compose.teslamate.yaml

@@ -0,0 +1,43 @@
+services:
+  teslamate:
+    image: teslamate/teslamate:2.1.0
+    container_name: teslamate
+    restart: always
+    environment:
+      - ENCRYPTION_KEY=${TESLAMATE_ENCRYPTION_KEY}
+      - DATABASE_HOST=${TESLAMATE_DATABASE_HOST}
+      - DATABASE_PORT=${TESLAMATE_DATABASE_PORT}
+      - DATABASE_USER=${TESLAMATE_DATABASE_USER}
+      - DATABASE_PASS=${TESLAMATE_DATABASE_PASS}
+      - DATABASE_NAME=${TESLAMATE_DATABASE_NAME}
+      - MQTT_HOST=${TESLAMATE_MQTT_HOST}
+      - MQTT_PORT=${TESLAMATE_MQTT_PORT}
+      - MQTT_USERNAME=${TESLAMATE_MQTT_USERNAME}
+      - MQTT_PASSWORD=${TESLAMATE_MQTT_PASSWORD}
+    ports:
+      - 4000:4000
+    extra_hosts:
+      - host:192.168.2.200
+    volumes:
+      - /opt/teslamate/import:/opt/app/import
+    cap_drop:
+      - all
+
+  teslamate-grafana:
+    image: teslamate/grafana:2.1.0
+    container_name: teslamate-grafana
+    restart: always
+    environment:
+      - DATABASE_HOST=${TESLAMATE_DATABASE_HOST}
+      - DATABASE_PORT=${TESLAMATE_DATABASE_PORT}
+      - DATABASE_USER=${TESLAMATE_DATABASE_USER}
+      - DATABASE_PASS=${TESLAMATE_DATABASE_PASS}
+      - DATABASE_NAME=${TESLAMATE_DATABASE_NAME}
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+    ports:
+      - 3004:3000
+    extra_hosts:
+      - host:192.168.2.200
+    volumes:
+      - /opt/teslamate/grafana:/var/lib/grafana

compose.timescaledb.yaml

@@ -0,0 +1,12 @@
+services:
+  timescaledb:
+    container_name: timescaledb
+    image: timescale/timescaledb:2.17.2-pg17
+    environment:
+      - POSTGRES_USER=${TIMESCALEDB_USER:?}
+      - POSTGRES_PASSWORD=${TIMESCALEDB_PASSWORD:?}
+    ports:
+      - 6543:5432
+    restart: unless-stopped
+    volumes:
+      - /mnt/mezzo/scratch/timescaledb:/var/lib/postgresql/data

compose.transmission.yaml

@@ -0,0 +1,16 @@
+services:
+  transmission:
+    container_name: transmission
+    image: linuxserver/transmission:4.0.6
+    depends_on:
+      - surfshark
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    network_mode: service:surfshark
+    restart: unless-stopped
+    volumes:
+      - /opt/transmission:/config
+      - /media/scratch/torrents:/watch
+      - /media/scratch/transmission:/downloads/transmission

compose.yaml

@@ -0,0 +1,67 @@
+include:
+  # Web
+  - compose.caddy.yaml
+
+  # Authentication
+  - compose.authentik.yaml
+
+  # Other
+  - compose.autoheal.yaml
+  - compose.collectd.yaml
+  - compose.telegraf.yaml
+  - compose.homarr.yaml
+  - compose.beszel.yaml
+  - compose.grafana.yaml
+  - compose.photoprism.yaml
+  - compose.fluentbit.yaml
+
+  # Development
+  - compose.gitea.yaml
+
+  # Automation
+  - compose.homeassistant.yaml
+  - compose.teslamate.yaml
+  - compose.nodered.yaml
+
+  # Download
+  - compose.jackett.yaml
+  - compose.prowlarr.yaml
+  - compose.transmission.yaml
+  - compose.qbittorrent.yaml
+
+  # Media
+  - compose.radarr.yaml
+  - compose.sonarr.yaml
+  - compose.bazarr.yaml
+  - compose.jellyseerr.yaml
+  - compose.jellyfin.yaml
+  - compose.mediamtx.yaml
+
+  # Networking
+  - compose.surfshark.yaml
+  - compose.dns-ad-blocker.yaml
+  # - compose.socks.yaml
+  # - compose.openvpn-server.yaml
+
+  # Backup
+  - compose.rsnapshot.yaml
+  - compose.borgmatic.yaml
+
+  # Sensors
+  - compose.dsmr.yaml
+  - compose.esphome.yaml
+  - compose.mosquitto.yaml
+  - compose.loki.yaml
+
+  # Storage
+  - compose.seafile.yaml
+  - compose.filebrowser.yaml
+  - compose.droppy.yaml
+  - compose.minio.yaml
+
+  # Database
+  - compose.pgadmin.yaml
+  - compose.postgis.yaml
+  - compose.timescaledb.yaml
+  - compose.influxdb.yaml
+  - compose.postgres.yaml

dns-ad-blocker/.gitignore

@@ -0,0 +1,2 @@
+dnscrypt-proxy.toml
+dnsmasq.hosts

docker-compose.autoheal.yaml

@@ -1,8 +0,0 @@
-services:
-    autoheal:
-        image: willfarrell/autoheal:1.2.0
-        container_name: autoheal
-        volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        environment:
-        - AUTOHEAL_CONTAINER_LABEL=all

docker-compose.bazarr.yaml

@@ -1,17 +0,0 @@
-services:
-    bazarr:
-        container_name: bazarr
-        environment:
-        - PUID=1000
-        - PGID=1000
-        - TZ=Europe/Amsterdam
-        extra_hosts:
-        - host:192.168.2.200
-        image: linuxserver/bazarr:1.4.2
-        ports:
-        - 16767:6767
-        restart: unless-stopped
-        volumes:
-        - /opt/bazarr:/config
-        - /mnt/yotta/krypton/Movies:/movies
-        - /mnt/yotta/krypton/Shows:/tv

docker-compose.borgmatic.yaml

@@ -1,24 +0,0 @@
-services:
-    borgmatic:
-        container_name: borgmatic
-        environment:
-        - TZ=Europe/Amsterdam
-        image: b3vis/borgmatic:v1.1.10-1.4.21
-        healthcheck:
-          test: [ "CMD", "pgrep", "crond" ]
-          interval: 20s
-          start_period: 30s
-          timeout: 5s
-          retries: 10
-        privileged: true
-        restart: unless-stopped
-        volumes:
-        - /opt/borgmatic/config/crontab.txt:/etc/borgmatic.d/crontab.txt
-        - /opt/borgmatic/config:/config
-        - /opt/borgmatic/keys:/keys
-        - /opt/borgmatic/cache:/cache
-        - /opt/borgmatic/log:/log
-        - /root/.ssh:/root/.ssh:ro
-        - /mnt/yotta/xenon/borg:/repo
-        - /:/shuttle:ro
-        - /dev/fuse:/dev/fuse

docker-compose.caddy.yaml

@@ -1,27 +0,0 @@
-services:
-    caddy:
-        build:
-            context: /opt/caddy/
-        container_name: caddy
-        environment:
-        - DOMAIN=veenboer.xyz
-        - SUBDOMAIN=rik
-        - AWS_REGION=eu-west-1
-        - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
-        - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}
-        - GEO_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:?}
-        - GEO_API_KEY=${MAXMIND_API_KEY:?}
-        - OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID:?}
-        - OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET:?}
-        image: caddy
-        ports:
-        - 443:443
-        restart: unless-stopped
-        volumes:
-        - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile
-        - /opt/caddy/conf:/etc/caddy/conf
-        - /opt/caddy/sites:/etc/caddy/sites
-        - /opt/caddy/data:/data/caddy
-        - /opt/caddy/logs:/var/log
-        extra_hosts:
-        - host:192.168.2.200

docker-compose.collectd.yaml

@@ -1,19 +0,0 @@
-services:
-  collectd:
-    build:
-      context: /home/user/src
-      dockerfile: /opt/collectd/Dockerfile
-    container_name: collectd
-    image: collectd:bookworm
-    privileged: true
-    restart: unless-stopped
-    volumes:
-    - /opt/collectd/etc:/etc/collectd
-    - /opt/collectd/var:/var/lib/collectd
-    - /opt/collectd/usr:/host/usr
-    - /:/host/root:ro
-    - /media/data:/media/data:ro
-    - /var/lib/docker:/media/docker:ro
-    - /dev/mapper:/dev/mapper
-    extra_hosts:
-    - host:192.168.2.200

docker-compose.dns-ad-blocker.yaml

@@ -1,20 +0,0 @@
-services:
-    dns-ad-blocker:
-        container_name: dns-ad-blocker
-        environment:
-        - AUTO_UPDATE=1
-        - BRANCH=master
-        - DNSCRYPT=1
-        - DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.ns0.dnscrypt.nl
-        - DNSCRYPT_RESOLVER_ADDR=45.76.35.212
-        - DNSCRYPT_PROVIDER_KEY=4C84:FB8C:0511:5DFA:5F97:C5ED:0329:1370:C78A:BCD6:4E15:DD53:AB08:DE72:FB84:4ACA
-        - WHITELIST=api.segment.io,www.googleapis.com,analytics.google.com
-        image: oznu/dns-ad-blocker:latest
-        ports:
-        - 192.168.2.201:53:53/udp
-        restart: unless-stopped
-        volumes:
-        - /opt/dns-ad-blocker/config:/config
-        - /opt/dns-ad-blocker/run:/etc/services.d/dnsmasq/run
-        - /opt/dns-ad-blocker/var/log:/var/log
-        - /opt/dns-ad-blocker/dnsmasq.hosts:/etc/dnsmasq.hosts

docker-compose.droppy.yaml

@@ -1,10 +0,0 @@
-services:
-    droppy:
-        container_name: droppy
-        image: silverwind/droppy:12.2.0
-        ports:
-        - 8989:8989
-        restart: unless-stopped
-        volumes:
-        - /opt/droppy:/config
-        - /media/scratch/droppy:/files

docker-compose.dsmr.yaml

@@ -1,29 +0,0 @@
-services:
-    dsmr:
-        container_name: dsmr
-        depends_on:
-        - dsmrdb
-        - influxdb
-        environment:
-        - DSMRREADER_ADMIN_USER=${DSMRREADER_USER:?}
-        - DSMRREADER_ADMIN_PASSWORD=${DSMRREADER_PASSWORD:?}
-        image: xirixiz/dsmr-reader-docker:5.10.3-2023.04.02
-        links:
-        - dsmrdb:dsmrreader
-        ports:
-        - 8888:80
-        restart: unless-stopped
-        volumes:
-        - /opt/dsmr/backups:/home/dsmr/app/backups
-    dsmrdb:
-        container_name: dsmrdb
-        environment:
-        - POSTGRES_DB=${DSMRDB_DATABASE:?}
-        - POSTGRES_USER=${DSMRDB_USER:?}
-        - POSTGRES_PASSWORD=${DSMRDB_PASSWORD:?}
-        image: postgres:13.7
-        ports:
-        - 5432:5432
-        restart: unless-stopped
-        volumes:
-        - /opt/dsmr/data:/var/lib/postgresql/data

docker-compose.esphome.yaml

@@ -1,10 +0,0 @@
-services:
-    esphome:
-        container_name: esphome
-        image: esphome/esphome:2022.12.8
-        network_mode: host
-        restart: unless-stopped
-        volumes:
-        - /opt/esphome:/config:rw
-        - /opt/esphome/log:/log:rw
-        - /etc/localtime:/etc/localtime:ro

docker-compose.filebrowser.yaml

@@ -1,15 +0,0 @@
-services:
-    filebrowser:
-        container_name: filebrowser
-        image: filebrowser/filebrowser:v2.31.2
-        # command: ["config", "set", "--auth.method=noauth"]
-        ports:
-        - 8002:80
-        restart: unless-stopped
-        volumes:
-        - /opt/filebrowser/.filebrowser.json:/.filebrowser.json
-        - /opt/filebrowser/database.db:/database.db
-        - /mnt/yotta/helium/personal:/host/media/Personal
-        - /mnt/yotta/helium/shared:/host/media/Shared
-        - /mnt/yotta/neon:/host/media/Other
-        - /mnt/yotta/krypton:/host/media/Video

docker-compose.grafana.yaml

@@ -1,16 +0,0 @@
-services:
-    grafana:
-        container_name: grafana
-        image: grafana/grafana:11.4.0
-        healthcheck:
-          test: [ "CMD", "wget", "-qO-", "http://localhost:3000" ]
-          interval: 20s
-          start_period: 30s
-          timeout: 5s
-          retries: 10
-        ports:
-        - 3333:3000
-        restart: unless-stopped
-        volumes:
-        - /opt/grafana:/var/lib/grafana
-        - /opt/grafana/grafana.ini:/etc/grafana/grafana.ini

docker-compose.homarr.yaml

@@ -1,14 +0,0 @@
-services:
-    homarr:
-        container_name: homarr
-        environment:
-        - TZ=Europe/Amsterdam
-        image: ghcr.io/ajnart/homarr:0.15.2
-        ports:
-        - 17575:7575
-        restart: unless-stopped
-        volumes:
-        - /opt/homarr/data:/data
-        - /opt/homarr/configs:/app/data/configs
-        - /opt/homarr/icons:/app/public/icons
-        - /var/run/docker.sock:/var/run/docker.sock

docker-compose.homeassistant.yaml

@@ -1,10 +0,0 @@
-services:
-    homeassistant:
-        container_name: homeassistant
-        image: homeassistant/home-assistant:2025.1.2
-        network_mode: host
-        privileged: true
-        restart: unless-stopped
-        volumes:
-        - /opt/homeassistant:/config
-        - /etc/localtime:/etc/localtime:ro

docker-compose.influxdb.yaml

@@ -1,10 +0,0 @@
-services:
-    influxdb:
-        container_name: influxdb
-        image: influxdb:2.3.0
-        ports:
-        - 8086:8086
-        restart: unless-stopped
-        volumes:
-        - /mnt/mezzo/scratch/influxdb:/var/lib/influxdb2
-        - /opt/gw2pvo:/opt/gw2pvo

docker-compose.jackett.yaml

@@ -1,16 +0,0 @@
-services:
-    jackett:
-        container_name: jackett
-        environment:
-        - PUID=1000
-        - PGID=1000
-        - TZ=Europe/Amsterdam
-        external_links:
-        - transmission
-        - qbittorrent
-        image: linuxserver/jackett:0.22.1003
-        ports:
-        - 9117:9117
-        restart: unless-stopped
-        volumes:
-        - /opt/jackett:/config

docker-compose.jellyfin.yaml

@@ -1,19 +0,0 @@
-services:
-    jellyfin:
-        container_name: jellyfin
-        devices:
-        - /dev/dri/renderD128:/dev/dri/renderD128
-        environment:
-        - PUID=1000
-        - PGID=1000
-        - TZ=Europe/Amsterdam
-        image: linuxserver/jellyfin:10.10.1
-        ports:
-        - 8097:8097
-        restart: unless-stopped
-        volumes:
-        - /opt/jellyfin/config:/config
-        - /opt/cache:/cache
-        - /mnt/yotta/krypton/Movies:/host/srv/movies
-        - /mnt/yotta/krypton/Shows:/host/srv/shows
-        - /mnt/yotta/neon/Music/Albums:/host/srv/music

docker-compose.jellyseerr.yaml

@@ -1,11 +0,0 @@
-services:
-    jellyseerr:
-        container_name: jellyseerr
-        environment:
-        - TZ=Europe/Amsterdam
-        image: fallenbagel/jellyseerr:1.5.0
-        ports:
-        - 15055:5055
-        restart: unless-stopped
-        volumes:
-        - /opt/jellyseerr:/app/config

docker-compose.mosquitto.yaml

@@ -1,12 +0,0 @@
-services:
-    mosquitto:
-        container_name: mosquitto
-        image: eclipse-mosquitto:2.0.15
-        ports:
-        - 1883:1883
-        - 1884:1884
-        restart: unless-stopped
-        volumes:
-        - /opt/mosquitto/config:/mosquitto/config
-        - /opt/mosquitto/data:/mosquitto/data
-        - /opt/mosquitto/log:/mosquitto/log

docker-compose.openvpn-server.yaml

@@ -1,15 +0,0 @@
-services:
-    openvpn-server:
-        cap_add:
-        - NET_ADMIN
-        container_name: openvpn-server
-        extra_hosts:
-        - host:192.168.2.200
-        image: kylemanna/openvpn:2.4
-        ports:
-        - 444:443
-        privileged: true
-        restart: unless-stopped
-        volumes:
-        - /opt/openvpn-server:/etc/openvpn
-        - /opt/openvpn-server/logrotate.d/openvpn:/etc/logrotate.d/openvpn

docker-compose.pgadmin.yaml

@@ -1,13 +0,0 @@
-services:
-    pgadmin:
-        container_name: pgadmin
-        environment:
-        - PGADMIN_DEFAULT_EMAIL="${PGADMIN_EMAIL:?}"
-        - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:?}"
-        image: dpage/pgadmin4:7.5
-        ports:
-        - 5050:80
-        restart: unless-stopped
-        volumes:
-        - /opt/pgadmin/var:/var/lib/pgadmin
-        - /opt/pgadmin/log:/var/log/pgadmin

docker-compose.photoprism.yaml

@@ -1,55 +0,0 @@
-services:
-    photoprism:
-        container_name: photoprism
-        devices:
-        - /dev/dri:/dev/dri
-        environment:
-        - PHOTOPRISM_ADMIN_PASSWORD="${PHOTOPRISM_ADMIN_PASSWORD:?}"
-        - PHOTOPRISM_AUTH_MODE=public
-        - PHOTOPRISM_SITE_URL=http://localhost:2342/
-        - PHOTOPRISM_ORIGINALS_LIMIT=5000
-        - PHOTOPRISM_HTTP_COMPRESSION=gzip
-        - PHOTOPRISM_LOG_LEVEL=info
-        - PHOTOPRISM_READONLY=true
-        - PHOTOPRISM_EXPERIMENTAL=false
-        - PHOTOPRISM_DISABLE_CHOWN=true
-        - PHOTOPRISM_DISABLE_WEBDAV=true
-        - PHOTOPRISM_DISABLE_SETTINGS=false
-        - PHOTOPRISM_DISABLE_TENSORFLOW=false
-        - PHOTOPRISM_DISABLE_FACES=false
-        - PHOTOPRISM_DISABLE_CLASSIFICATION=false
-        - PHOTOPRISM_DISABLE_RAW=true
-        - PHOTOPRISM_RAW_PRESETS=false
-        - PHOTOPRISM_JPEG_QUALITY=85
-        - PHOTOPRISM_DETECT_NSFW=false
-        - PHOTOPRISM_UPLOAD_NSFW=true
-        - PHOTOPRISM_DATABASE_DRIVER=sqlite
-        - PHOTOPRISM_UID=1000
-        - PHOTOPRISM_GID=1000
-        image: photoprism/photoprism:240915
-        ports:
-        - 2342:2342
-        restart: unless-stopped
-        security_opt:
-        - seccomp:unconfined
-        - apparmor:unconfined
-        volumes:
-        - /opt/photoprism:/photoprism/storage
-        - /opt/photoprism/originals:/photoprism/originals/
-        - /mnt/yotta/radon/photoprism:/photoprism/storage/cache
-        - /mnt/yotta/helium/shared/Photographs/Vakantie/Peter + Monique + Rik + Bram/Denemarken
-            2022:/photoprism/originals/Shared/Vakantie/Peter + Monique + Rik + Bram/Denemarken
-            2022
-        - /mnt/yotta/helium/shared/Photographs/Vakantie/Familie/Ierland 2022:/photoprism/originals/Shared/Vakantie/Familie/Ierland
-            2022
-        - /mnt/yotta/helium/shared/Photographs/Vakantie/Peter + Monique + Rik + Bram/Schotland
-            2022:/photoprism/originals/Shared/Vakantie/Peter + Monique + Rik + Bram/Schotland
-            2022
-        - /mnt/yotta/helium/shared/Photographs/Vakantie/Bram + Rik + Sanne/Kroatie
-            2023:/photoprism/originals/Shared/Vakantie/Bram + Rik + Sanne/Kroatie
-            2023
-        - /mnt/yotta/helium/shared/Photographs/Vakantie/Peter + Monique + Rik + Bram/Zweden
-            2023:/photoprism/originals/Vakantie/Peter + Monique + Rik + Bram/Zweden
-            2023
-        - /mnt/yotta/helium/shared/Photographs/Vakantie/Bram + Rik/Athene 2023:/photoprism/originals/Vakantie/Bram
-            + Rik/Athene 2023

docker-compose.postgis.yaml

@@ -1,13 +0,0 @@
-services:
-    postgis:
-        container_name: postgis
-        environment:
-        - POSTGRES_DB="${POSTGIS_DATABASE:?}"
-        - POSTGRES_USER="${POSTGIS_USER:?}"
-        - POSTGRES_PASSWORD="${POSTGIS_PASSWORD:?}"
-        image: postgis/postgis:14-3.2
-        ports:
-        - 7654:5432
-        restart: unless-stopped
-        volumes:
-        - /opt/postgis:/var/lib/postgresql/data

docker-compose.qbittorrent.yaml

@@ -1,16 +0,0 @@
-services:
-    qbittorrent:
-        container_name: qbittorrent
-        image: linuxserver/qbittorrent:5.0.1
-        depends_on:
-        - surfshark
-        environment:
-        - PUID=1000
-        - PGID=1000
-        - TZ=Europe/Amsterdam
-        - WEBUI_PORT=9092
-        network_mode: service:surfshark
-        restart: unless-stopped
-        volumes:
-        - /opt/qbittorrent:/config
-        - /media/scratch/qbittorrent:/downloads

docker-compose.radarr.yaml

@@ -1,22 +0,0 @@
-services:
-    radarr:
-        container_name: radarr
-        image: linuxserver/radarr:5.14.0
-        environment:
-        - PUID=1000
-        - PGID=1000
-        - TZ=Europe/Amsterdam
-        external_links:
-        - transmission
-        - qbittorrent
-        extra_hosts:
-        - transmission:192.168.2.200
-        - qbittorrent:192.168.2.200
-        ports:
-        - 17878:7878
-        restart: unless-stopped
-        volumes:
-        - /opt/radarr:/config
-        - /media/scratch/transmission:/downloads/transmission
-        - /media/scratch/qbittorrent:/downloads/qbittorrent
-        - /mnt/yotta/krypton/Movies:/movies

docker-compose.rsnapshot.yaml

@@ -1,9 +0,0 @@
-services:
-    rsnapshot:
-        container_name: rsnapshot
-        image: linuxserver/rsnapshot:1.4.5
-        restart: unless-stopped
-        volumes:
-        - /opt/rsnapshot:/config
-        - /mnt/yotta/xenon/rsnapshot:/host/scratch
-        - /root/.ssh:/root/.ssh:ro

docker-compose.socks.yaml

@@ -1,8 +0,0 @@
-services:
-    socks:
-        container_name: socks
-        image: serjs/go-socks5-proxy 
-        ports:
-        - 1081:1080
-        network_mode: service:surfshark
-        restart: unless-stopped

docker-compose.sonarr.yaml

@@ -1,19 +0,0 @@
-services:
-    sonarr:
-        image: linuxserver/sonarr:4.0.14
-        container_name: sonarr
-        environment:
-        - PUID=1000
-        - PGID=1000
-        - TZ=Europe/Amsterdam
-        external_links:
-        - transmission
-        extra_hosts:
-        - transmission:192.168.2.200
-        ports:
-        - 18989:8989
-        restart: unless-stopped
-        volumes:
-        - /opt/sonarr:/config
-        - /media/scratch/transmission:/downloads
-        - /mnt/yotta/krypton/Shows:/tv

docker-compose.surfshark.yaml

@@ -1,27 +0,0 @@
-services:
-    surfshark:
-        cap_add:
-        - NET_ADMIN
-        container_name: surfshark
-        devices:
-        - /dev/net/tun
-        dns:
-        - 1.1.1.1
-        environment:
-        - SURFSHARK_USER=${SURFSHARK_USER:?}
-        - SURFSHARK_PASSWORD=${SURFSHARK_PASSWORD:?}
-        - SURFSHARK_COUNTRY=nl
-        - SURFSHARK_CITY=ams
-        - CONNECTION_TYPE=udp
-        - LAN_NETWORK=
-        - ENABLE_SOCKS_SERVER=true
-        image: ilteoood/docker-surfshark:1.7.2
-        ports:
-        - 1080:1080
-        - 9091:9091
-        - 9092:9092
-        - 6881:6881
-        - 6881:6881/udp
-        restart: unless-stopped
-        labels:
-        - autoheal=true 

docker-compose.timescaledb.yaml

@@ -1,13 +0,0 @@
-services:
-    timescaledb:
-        container_name: timescaledb
-        environment:
-        - POSTGRES_USER=${TIMESCALEDB_USER:?}
-        - POSTGRES_PASSWORD=${TIMESCALEDB_PASSWORD:?}
-        image: timescale/timescaledb:2.17.2-pg17
-        ports:
-        - 6543:5432
-        restart: unless-stopped
-        volumes:
-        - /mnt/mezzo/scratch/timescaledb:/var/lib/postgresql/data
-

docker-compose.transmission.yaml

@@ -1,16 +0,0 @@
-services:
-    transmission:
-        container_name: transmission
-        image: linuxserver/transmission:4.0.6
-        depends_on:
-        - surfshark
-        environment:
-        - PUID=1000
-        - PGID=1000
-        - TZ=Europe/Amsterdam
-        network_mode: service:surfshark
-        restart: unless-stopped
-        volumes:
-        - /opt/transmission:/config
-        - /media/scratch/torrents:/watch
-        - /media/scratch/transmission:/downloads

docker-compose.yaml

@@ -1,52 +0,0 @@
-include:
-# Web
-- docker-compose.caddy.yaml
-
-# Authentication
-- docker-compose.authentik.yaml
-
-# Other
-- docker-compose.autoheal.yaml
-- docker-compose.collectd.yaml
-- docker-compose.homarr.yaml
-- docker-compose.homeassistant.yaml
-- docker-compose.grafana.yaml
-- docker-compose.photoprism.yaml
-
-# Download
-- docker-compose.jackett.yaml
-- docker-compose.transmission.yaml
-- docker-compose.qbittorrent.yaml
-
-# Media
-- docker-compose.radarr.yaml
-- docker-compose.sonarr.yaml
-- docker-compose.bazarr.yaml
-- docker-compose.jellyseerr.yaml
-- docker-compose.jellyfin.yaml
-
-# Networking
-- docker-compose.surfshark.yaml
-- docker-compose.dns-ad-blocker.yaml
-#- docker-compose.socks.yaml
-# - docker-compose.openvpn-server.yaml
-
-# Backup
-- docker-compose.rsnapshot.yaml
-- docker-compose.borgmatic.yaml
-
-# Sensors
-- docker-compose.dsmr.yaml
-- docker-compose.esphome.yaml
-- docker-compose.mosquitto.yaml
-
-# Storage
-- docker-compose.seafile.yaml
-- docker-compose.filebrowser.yaml
-- docker-compose.droppy.yaml
-
-# Database
-- docker-compose.pgadmin.yaml
-- docker-compose.postgis.yaml
-- docker-compose.timescaledb.yaml
-- docker-compose.influxdb.yaml