Initial

compose/backup.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  backup:
+    image: ghcr.io/schmelczer/backup-container:v0.0.3

compose/calibre.yml

@@ -0,0 +1,11 @@
+name: active
+services:
+  audiobookshelf:
+    image: advplyr/audiobookshelf:2.26.0
+
+  calibre-web:
+    image: "" # required for wud
+    build:
+
+networks:
+  local-network:

compose/cloud.yml

@@ -0,0 +1,10 @@
+name: active
+services:
+  filebrowser:
+    image: filebrowser/filebrowser:v2.40.1
+
+  syncthing:
+    image: syncthing/syncthing:1.30.0
+
+networks:
+  local-network:

compose/dns.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  dns-server:
+    image: technitium/dns-server:13.6.0

compose/frontdoor.yml

@@ -0,0 +1,39 @@
+name: active
+services:
+  authelia:
+    image: authelia/authelia:4.39.5
+
+  certbot:
+    image: certbot/dns-digitalocean:v4.1.1
+
+  dyndns:
+    build:
+      context: /volumes/dyndns
+    container_name: frontdoor_dyndns
+    environment:
+      TZ: $TIME_ZONE
+      DOMAIN: schmelczer.dev
+      NAME: home;cloud;dns;immich;declared;pdf;homeassistant;store;audiobook;books;movies;stats;wud;auth;paperless;minecraft;torrent;obsidian;ghostfolio;vpn;mealie
+      DIGITALOCEAN_TOKEN: $DIGITALOCEAN_TOKEN
+    networks:
+      - local-network
+    restart: unless-stopped
+    init: true
+    tty: true
+
+  fail2ban:
+    image: ghcr.io/crazy-max/fail2ban:1.1.0
+    container_name: frontdoor_fail2ban
+    volumes:
+      - /volumes/fail2ban:/data
+      - /volumes/nginx/logs:/var/log:ro
+      - /volumes/vaultwarden/data/vaultwarden.log:/vaultwarden/vaultwarden.log:ro
+    environment:
+      TZ: $TIME_ZONE
+      F2B_LOG_TARGET: STDOUT
+
+  tinyauth:
+    image: ghcr.io/steveiliop56/tinyauth:v3.6.2
+
+  nginx:
+    image: nginx:1.29.0

compose/github-runner.yml

@@ -0,0 +1,20 @@
+name: active
+services:
+  github-runner:
+    build:
+      context: /volumes/github-runner
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - REPO_URL=https://github.com/schmelczer/vault-link
+      - ACCESS_TOKEN=$GITHUB_ACTIONS_RUNNER_TOKEN
+    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          cpus: '6'
+          memory: '8G'
+      mode: replicated
+      replicas: 3
+    init: true
+    tty: true

compose/homeassistant.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  homeassistant:
+    image: homeassistant/home-assistant:2025.7.2

compose/immich.yml

@@ -0,0 +1,17 @@
+name: active
+services:
+  database:
+    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
+
+  immich-folder-album-creator:
+    image: salvoxia/immich-folder-album-creator:0.19.0
+
+  immich-machine-learning:
+    image: ghcr.io/immich-app/immich-machine-learning:v1.135.3
+
+  nas_sync:
+    build:
+      context: /volumes/nas-sync
+
+  redis:
+    image: docker.io/redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8

compose/media.yml

@@ -0,0 +1,22 @@
+name: active
+services:
+  gluetun:
+    image: qmcgaw/gluetun:v3.40.0
+
+  jellyfin:
+    image: jellyfin/jellyfin:10.10.7
+
+  jellyseerr:
+    image: fallenbagel/jellyseerr:2.7.1
+
+  prowlarr:
+    image: lscr.io/linuxserver/prowlarr:1.37.0
+
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:5.1.2-libtorrentv1
+
+  radarr:
+    image: lscr.io/linuxserver/radarr:5.26.2
+
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:4.0.15

compose/minecraft.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  minecraft_andris:
+    image: itzg/minecraft-server:2025.6.2-java21-graalvm

compose/obsidian.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  obsidian:
+    image: ghcr.io/schmelczer/vault-link:0.5.1

compose/paperless.yml

@@ -0,0 +1,19 @@
+name: active
+services:
+  paperless-ai:
+    image: clusterzx/paperless-ai:3.0.7
+
+  paperless-broker:
+    image: redis:8.0.3-alpine
+
+  paperless-gotenberg:
+    image: gotenberg/gotenberg:8.21.1
+
+  paperless-ollama:
+    image: ollama/ollama:0.9.6
+
+  paperless-tika:
+    image: apache/tika:3.2.1.0-full
+
+  paperless-webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.17.1

compose/pdf.yml

@@ -0,0 +1,7 @@
+name: active
+services:
+  stirling-pdf:
+    image: stirlingtools/stirling-pdf:1.0.2-fat
+
+networks:
+  local-network:

compose/pinyin-anki.yml

@@ -0,0 +1,7 @@
+name: active
+services:
+  pinyin-anki:
+    image: ghcr.io/schmelczer/pinyin:latest
+
+networks:
+  local-network:

compose/plausible.yml

@@ -0,0 +1,16 @@
+# copied from https://github.com/plausible/hosting/tree/master
+name: active
+services:
+  plausible:
+    image: plausible/analytics:v2.0.0
+
+  plausible_db:
+    image: postgres:14-alpine
+
+  plausible_events_db:
+    image: clickhouse/clickhouse-server:23.3.7.5-alpine
+
+networks:
+  local-network:
+  plausible-network:
+    internal: true

compose/projects.yml

@@ -0,0 +1,54 @@
+name: active
+services:
+  declared:
+    build:
+      context: /volumes/declared-server
+    container_name: declared
+    environment:
+      NODE_ENV: production
+      TZ: $TIME_ZONE
+    networks:
+      - local-network
+    restart: unless-stopped
+    user: "1000"
+    init: true
+    tty: true
+
+  life-towers:
+    build:
+      context: /volumes/life-towers
+    container_name: life_towers
+    depends_on:
+      - towers-db
+    environment:
+      TZ: $TIME_ZONE
+    networks:
+      - towers-network
+      - local-network
+    restart: unless-stopped
+    user: "1000"
+    init: true
+    tty: true
+
+  towers-db:
+    image: postgres:15.3-alpine3.18
+    container_name: towers_db
+    volumes:
+      - /volumes/life-towers/db:/var/lib/postgresql/data
+      - /volumes/life-towers/src/schema.sql:/docker-entrypoint-initdb.d/init.sql
+    environment:
+      POSTGRES_USER: storebackend
+      POSTGRES_PASSWORD: UKLpn6y4j4AjmBuB
+      POSTGRES_DB: store
+      TZ: $TIME_ZONE
+    networks:
+      - towers-network
+    restart: unless-stopped
+    user: "1000"
+    init: true
+    tty: true
+
+networks:
+  local-network:
+  towers-network:
+    internal: true

compose/smtp.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  smtp:
+    image: bytemark/smtp:latest

compose/ssh.yml

@@ -0,0 +1,33 @@
+name: active
+services:
+  ssh:
+    build:
+      context: /volumes/stack
+    container_name: ssh
+    volumes:
+      - /volumes:/volumes
+      - /:/host
+      - /volumes/stack:/root/stack
+      - /volumes/stack/.zsh_history:/root/.zsh_history
+      - /volumes/stack/.zshrc:/root/.zshrc
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      TZ: $TIME_ZONE
+    network_mode: host
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    restart: unless-stopped
+    cap_add:
+      - SYS_ADMIN
+      - SYS_RAWIO
+    deploy:
+      resources:
+        limits:
+          cpus: "12"
+          memory: 4G
+    devices:
+      - "/dev/nvme0n1"
+    tty: true
+
+networks:
+  local-network:

compose/stack.yml

@@ -0,0 +1,18 @@
+# The necesseary services for keeping the stack running.
+
+# The goal is to keep the number of this to a minimum as to decrease overhead
+# and avoid unneeded complexity.
+
+name: active
+services:
+  dozzle:
+    image: amir20/dozzle:v8.13.6
+
+  uptime-kuma:
+    image: louislam/uptime-kuma:1.23.16
+
+  homepage:
+    image: ghcr.io/gethomepage/homepage:feature-deps-180425
+
+networks:
+  local-network:

compose/vaultwarden.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  vaultwarden:
+    image: vaultwarden/server:1.34.1

compose/wireguard.yml

@@ -0,0 +1,4 @@
+name: active
+services:
+  wg-easy:
+    image: ghcr.io/wg-easy/wg-easy:15.1.0