From 68e2367496aee9e67ac5bb8481cc76283a45b2cc Mon Sep 17 00:00:00 2001 From: Stefan Ostermann Date: Tue, 28 Jan 2025 15:58:12 +0000 Subject: [PATCH] docker compose --- ai/docker-compose.yml | 21 ++++++++ authentik/.env | 16 ++++++ authentik/docker-compose.yml | 84 +++++++++++++++++++++++++++++++ immich-app/.env | 20 ++++++++ immich-app/docker-compose.yml | 93 +++++++++++++++++++++++++++++++++++ paperless/.env | 1 + paperless/docker-compose.yml | 63 ++++++++++++++++++++++++ portainer/docker-compose.yml | 11 +++++ wikimd/docker-compose.yml | 14 ++++++ 9 files changed, 323 insertions(+) create mode 100644 ai/docker-compose.yml create mode 100644 authentik/.env create mode 100644 authentik/docker-compose.yml create mode 100644 immich-app/.env create mode 100644 immich-app/docker-compose.yml create mode 100644 paperless/.env create mode 100644 paperless/docker-compose.yml create mode 100644 portainer/docker-compose.yml create mode 100644 wikimd/docker-compose.yml diff --git a/ai/docker-compose.yml b/ai/docker-compose.yml new file mode 100644 index 0000000..7f1138f --- /dev/null +++ b/ai/docker-compose.yml @@ -0,0 +1,21 @@ +services: + openwebui: + image: ghcr.io/open-webui/open-webui:0.5.7 + container_name: open-webui + restart: always + environment: + - 'OLLAMA_BASE_URL=http://mini:11434' + - 'ENABLE_OAUTH_SIGNUP=true' + - 'OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true' + - 'OAUTH_PROVIDER_NAME=Authentik' + - 'OPENID_PROVIDER_URL=https://auth.home.thoster.net/application/o/open-webui/.well-known/openid-configuration' + - 'OAUTH_CLIENT_ID=GwEpuLXtQsvXTV1BofDolEB6GXnhH1pqg7vDyZcm' + - 'OAUTH_CLIENT_SECRET=7DvwzbhHEElZLoZjEcHOtpwIU2IxhyNPv5sGmdOnJvvaMxQVQTgbaP6OAcEKTGLtUvIzgh8c8juvTYsrOkdp2WXCLNTrM2ZQP3UhHTBjESRU1yZK4MaVG46jnLj9Aaks' + - 'OAUTH_SCOPES=openid email profile' + - 'OPENID_REDIRECT_URI=https://ai.home.thoster.net/oauth/oidc/callback' + volumes: + - ./data:/app/backend/data + ports: + - 8082:8080 + extra_hosts: + - host.docker.internal:host-gateway diff --git a/authentik/.env b/authentik/.env new file mode 100644 index 0000000..fa4fb56 --- /dev/null +++ b/authentik/.env @@ -0,0 +1,16 @@ +PG_PASS=bS25xkc7ow8JysBagCdeGz+W5d2xgCSqw735mxvw6Dmu2mZS +AUTHENTIK_SECRET_KEY=nfEi2D701ZGv/zfB/DDoy4NOKB5bayHJjpJfYahpHSBIkmh1O/Dh16nvNIm8jlkHI0XWesqHYsxmJZ90 +# SMTP Host Emails are sent to +AUTHENTIK_EMAIL__HOST=mail.thoster.net +AUTHENTIK_EMAIL__PORT=587 +# Optionally authenticate (don't add quotation marks to your password) +AUTHENTIK_EMAIL__USERNAME=home@thoster.net +AUTHENTIK_EMAIL__PASSWORD=61g=auSiBUi +# Use StartTLS +AUTHENTIK_EMAIL__USE_TLS=true +# Use SSL +AUTHENTIK_EMAIL__USE_SSL=false +AUTHENTIK_EMAIL__TIMEOUT=10 +# Email address authentik will send from, should have a correct @domain +AUTHENTIK_EMAIL__FROM=home@thoster.net + diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml new file mode 100644 index 0000000..a6bfee0 --- /dev/null +++ b/authentik/docker-compose.yml @@ -0,0 +1,84 @@ +--- + +services: + postgresql: + image: docker.io/library/postgres:16-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ./authentik_database:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + POSTGRES_DB: ${PG_DB:-authentik} + env_file: + - .env + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ./authentik_redis:/data + server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2} + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + volumes: + - ./media:/media + - ./custom-templates:/templates + env_file: + - .env + ports: + - "${COMPOSE_PORT_HTTP:-9000}:9000" + - "${COMPOSE_PORT_HTTPS:-9443}:9443" + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates + env_file: + - .env + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy diff --git a/immich-app/.env b/immich-app/.env new file mode 100644 index 0000000..0c5460d --- /dev/null +++ b/immich-app/.env @@ -0,0 +1,20 @@ +# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables + +# The location where your uploaded files are stored +UPLOAD_LOCATION=./library +# The location where your database files are stored +DB_DATA_LOCATION=./postgres +# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List +# TZ=Etc/UTC + +# The Immich version to use. You can pin this to a specific version like "v1.71.0" +IMMICH_VERSION=release + +# Connection secret for postgres. You should change it to a random password +# Please use only the characters `A-Za-z0-9`, without special characters or spaces +DB_PASSWORD=dGtr4!cbh + +# The values below this line do not need to be changed +################################################################################### +DB_USERNAME=postgres +DB_DATABASE_NAME=immich diff --git a/immich-app/docker-compose.yml b/immich-app/docker-compose.yml new file mode 100644 index 0000000..68bcc11 --- /dev/null +++ b/immich-app/docker-compose.yml @@ -0,0 +1,93 @@ +# +# WARNING: Make sure to use the docker-compose.yml of the current release: +# +# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml +# +# The compose file on main may not be compatible with the latest release. +# + +name: immich + +services: + immich-server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + # extends: + # file: hwaccel.transcoding.yml + # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding + volumes: + # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file + - ${UPLOAD_LOCATION}:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + - /mnt/usb_ssd/Pictures:/Pictures + - /mnt/test:/test + env_file: + - .env + ports: + - '2283:2283' + depends_on: + - redis + - database + restart: always + healthcheck: + disable: false + + immich-machine-learning: + container_name: immich_machine_learning + # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag. + # Example tag: ${IMMICH_VERSION:-release}-cuda + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration + # file: hwaccel.ml.yml + # service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable + volumes: + - model-cache:/cache + env_file: + - .env + restart: always + healthcheck: + disable: false + + redis: + container_name: immich_redis + image: docker.io/redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8 + healthcheck: + test: redis-cli ping || exit 1 + restart: always + + database: + container_name: immich_postgres + image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + volumes: + # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + healthcheck: + test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1 + interval: 5m + start_interval: 30s + start_period: 5m + command: + [ + 'postgres', + '-c', + 'shared_preload_libraries=vectors.so', + '-c', + 'search_path="$$user", public, vectors', + '-c', + 'logging_collector=on', + '-c', + 'max_wal_size=2GB', + '-c', + 'shared_buffers=512MB', + '-c', + 'wal_compression=on', + ] + restart: always + +volumes: + model-cache: diff --git a/paperless/.env b/paperless/.env new file mode 100644 index 0000000..0bd5be6 --- /dev/null +++ b/paperless/.env @@ -0,0 +1 @@ +COMPOSE_PROJECT_NAME=paperless diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml new file mode 100644 index 0000000..d8de1fd --- /dev/null +++ b/paperless/docker-compose.yml @@ -0,0 +1,63 @@ +# Docker Compose file for running paperless from the Docker Hub. +# This file contains everything paperless needs to run. +# Paperless supports amd64, arm and arm64 hardware. +# +# All compose files of paperless configure paperless in the following way: +# +# - Paperless is (re)started on system boot, if it was running before shutdown. +# - Docker volumes for storing data are managed by Docker. +# - Folders for importing and exporting files are created in the same directory +# as this file and mounted to the correct folders inside the container. +# - Paperless listens on port 8000. +# +# In addition to that, this Docker Compose file adds the following optional +# configurations: +# +# - Instead of SQLite (default), PostgreSQL is used as the database server. +# +# To install and update paperless with this file, do the following: +# +# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env' +# and '.env' into a folder. +# - Run 'docker compose pull'. +# - Run 'docker compose run --rm webserver createsuperuser' to create a user. +# - Run 'docker compose up -d'. +# +# For more extensive installation and update instructions, refer to the +# documentation. + +services: + broker: + image: docker.io/library/redis:7 + restart: unless-stopped + volumes: + - ./redisdata:/data + + db: + image: docker.io/library/postgres:16 + restart: unless-stopped + volumes: + - ./pgdata:/var/lib/postgresql/data + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: paperless + + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: unless-stopped + depends_on: + - db + - broker + ports: + - "8000:8000" + volumes: + - ./data:/usr/src/paperless/data + - ./media:/usr/src/paperless/media + - ./export:/usr/src/paperless/export + - ./consume:/usr/src/paperless/consume + env_file: docker-compose.env + environment: + PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_DBHOST: db + diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml new file mode 100644 index 0000000..5de77be --- /dev/null +++ b/portainer/docker-compose.yml @@ -0,0 +1,11 @@ +version: "3" +services: + portainer: + image: portainer/portainer-ce:latest + ports: + - 9100:9000 + volumes: + - ./data:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: unless-stopped + diff --git a/wikimd/docker-compose.yml b/wikimd/docker-compose.yml new file mode 100644 index 0000000..7d91ee2 --- /dev/null +++ b/wikimd/docker-compose.yml @@ -0,0 +1,14 @@ +version: "2.1" +services: + wikmd: + image: linbreux/wikmd:latest + container_name: wikmd + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + volumes: + - /path/to/wiki:/wiki + ports: + - 5200:5000 + restart: unless-stopped