diff --git a/readme.md b/readme.md index dcb3837..0f2d7ed 100644 --- a/readme.md +++ b/readme.md @@ -19,6 +19,11 @@ These are all the services hosted, what they are for, and any clients I use with - [AudioBookShelf](https://www.audiobookshelf.org/) - Audiobook server - The official mobile client works great - [Calibre Web](https://github.com/janeczku/calibre-web) - Ebook management + - [Yomu](https://www.yomu-reader.com/) for iOS is nice and minimal and supports OPDS for use with Calibre Web +- [Gitea](https://about.gitea.com/) - Git server - in the process of replacing my GitHub account +- [Grocy](https://github.com/grocy/grocy) - Household management (Am I out of milk? Do I have AAA batteries? What can I make for dinner?) + - [iOS Client](https://apps.apple.com/us/app/grocy-mobile/id1567803209) +- [Homepage](https://gethomepage.dev/) - My default new tab page - has info and stats about all my services plus links - [Immich](https://immich.app/) - Photo and video management - Their official mobile apps are quite good - [Jellyfin](https://jellyfin.org) - Media server for movies, TV shows, and music @@ -36,14 +41,13 @@ These are all the services hosted, what they are for, and any clients I use with - [Homepage](https://gethomepage.dev/) - My default new tab page; has info about all my services plus links - [Joplin](https://joplinapp.org/) - Notes (Obsidian alternative) - [Kiwix](https://kiwix.org/en/) - Offline wiki hosting - I have Wikipedia, the Arch Linux wiki, and several others downloaded -- [LinkStack](https://linkstack.org/) - Self-hosted LinkTree alternative +- [LinkStack](https://linkstack.org/) - Self-hosted LinkTree alternative ([azpsen.com](https://azpsen.com)) - more for content creators, definitely overkill for what I need. I'll probably replace it with a simple static site at some point - [Miniflux](https://miniflux.app/) - Minimalist RSS feed reader - [NetNewsWire](https://netnewswire.com/) - Wonderful all-purpose iOS RSS client - [Paperless-ngx](https://docs.paperless-ngx.com/) - Document management system for legal documents, IDs, bank statements, etc. - [Swift Paperless](https://github.com/paulgessinger/swift-paperless) - iOS client - [Tandoor](https://tandoor.dev/) - Recipe management, so I always know which zucchine muffin recipe is the good one - [Untare](https://github.com/phantomate/Untare) - Mobile client (discontinued but it still works for now) - - [Yomu](https://www.yomu-reader.com/) for iOS is nice and minimal and supports OPDS for use with Calibre Web - [vaultwarden](https://github.com/dani-garcia/vaultwarden) - Password manager - [Bitwarden clients](https://bitwarden.com/download/) - [Wizarr](https://github.com/Wizarrrr/wizarr?tab=readme-ov-file) - Jellyfin user invite manager @@ -59,9 +63,9 @@ These are all the services hosted, what they are for, and any clients I use with - [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) - DNS filtering - I use this with [tailscale](https://tailscale.com/) to block ads on my phone - [cloudflared](https://github.com/cloudflare/cloudflared) - CloudFlare tunnel client for easy and secure external service access -- [gluetun](https://github.com/qdm12/gluetun) - Docker VPN client and kill-switch. Very useful, allows for per-container VPN connectivity. +- [gluetun](https://github.com/qdm12/gluetun) - Docker VPN client and kill-switch. Very useful, allows for per-container VPN routing. -Note that I run tailscale on bare metal so it is not listed here, but it is very useful for remote access to services I don't want visible on the open internet as well as SSH access. +Note that I run tailscale as a system service, not in a container, so it is not listed here, but it is very useful for secure remote access - both for SSH and for services that don't need to be publicly visible. ### Downloading @@ -73,10 +77,10 @@ Note that I run tailscale on bare metal so it is not listed here, but it is very I use [LunaSea](https://www.lunasea.app/) as a mobile client for Radarr and Sonarr. -This configuration uses `.env` files to separate secrets from public information and maintain brevity in the main `docker-compose.yml` - ## Environment +This configuration uses `.env` files to separate secrets from public information and keep the main `docker-compose.yml` a little shorter. It is set up to look for these files in `/docker/env`, with each service having its own `.env` file. + Below are the variables that need to be set in the `.env` file for each service. Empty variables should be replaced with your values. > **A Note on Email** @@ -100,13 +104,24 @@ Below are the variables that need to be set in the `.env` file for each service. ### cloudflared -`TUNNEL_TOKEN`: available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector` +[Docs](https://github.com/cloudflare/cloudflared?tab=readme-ov-file) + +```env +# cloudflared.env + +# Available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector` +TUNNEL_TOKEN= +``` ### gluetun -The values below are specific to Mullvad VPN ([docs](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md)). Other providers need different values, refer to the corresponding gluetun documentation. +[Docs](https://github.com/qdm12/gluetun) + +The values below are specific to Mullvad VPN ([gluetun docs](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md)). Other providers need different values, refer to the corresponding gluetun documentation. ```env +# gluetun.env + VPN_SERVICE_PROVIDER=mullvad VPN_TYPE=wireguard WIREGUARD_PRIVATE_KEY= @@ -118,11 +133,13 @@ The values for `WIREGUARD_PRIVATE_KEY` and `WIREGUARD_ADDRESSES` should be avail ### Immich -My current Immich docker setup includes a lot of repetition - when I want to update, I have to change the version in 3 places. I have plans to improve this, but for now this is what works. Also note that the way I set the upload location is not recommended by the Immich docs. +[Docs](https://immich.app/docs/install/docker-compose/) -For more information, see the Immich [docker-compose setup instructions](https://immich.app/docs/install/docker-compose/). +My current Immich docker setup has a lot of repetition - when I want to update, I have to change the version in 3 places. I have plans to improve this, but for now this is what works. Also note that the way I set the upload location is not recommended by the Immich docs. ```env +#immich.env + UPLOAD_LOCATION=/media/immich IMMICH_VERSION="v1.123.0" @@ -143,9 +160,11 @@ POSTGRES_DB=immich ### Joplin -See the [docker-joplin-server docs](https://github.com/flosoft/docker-joplin-server) for more info. +[Docs](https://github.com/flosoft/docker-joplin-server) ```env +# joplin.env + APP_PORT=22300 APP_BASE_URL= DB_CLIENT=pg @@ -155,7 +174,7 @@ POSTGRES_USER= POSTGRES_PORT=5432 POSTGRES_HOST=joplin-db -# Optional SMTP options +# Optional SMTP settings MAILER_ENABLED=1 MAILER_HOST= MAILER_PORT=465 @@ -168,9 +187,13 @@ MAILER_NOREPLY_EMAIL= ### LinkStack -This one just needs the public hostname and admin email. [Docs](https://linkstack.org/docker/). +[Docs](https://linkstack.org/docker/) + +This one just needs the public hostname and admin email. ```env +# linkstack.env + HTTPS_SERVER_NAME= SERVER_ADMIN= ``` @@ -180,6 +203,8 @@ SERVER_ADMIN= [Docs](https://miniflux.app/docs/docker.html) ```env +# miniflux.env + DATABASE_URL=postgres://miniflux:{...}@rss_db:5432/miniflux?sslmode=disable # replace {...} with your postgres password RUN_MIGRATIONS=1 @@ -193,6 +218,8 @@ POSTGRES_DB=miniflux [Docs](https://docs.paperless-ngx.com/setup/#docker) ```env +# paperless.env + USERMAP_UID=1000 USERMAP_GID=1000 PUID=1000 @@ -221,13 +248,20 @@ PAPERLESS_EMAIL_FROM= ### Speedtest Tracker -[Docs](https://docs.speedtest-tracker.dev/getting-started/installation/using-docker-compose). `APP_URL` is the public address, `APP_KEY` is generated with `echo -n 'base64:'; openssl rand -base64 32;` +[Docs](https://docs.speedtest-tracker.dev/getting-started/installation/using-docker-compose) ```env +# speedtest.env + PUID=1000 PGID=1000 + +# Generate with `echo -n 'base64:'; openssl rand -base64 32;` or use the speedtest-tracker website APP_KEY= + +# Public address or IP APP_URL= + DB_CONNECTION=sqlite APP_TIMEZONE= DISPLAY_TIMEZONE= @@ -236,9 +270,11 @@ SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes ### Tandoor -[Docs](https://docs.tandoor.dev/install/docker/). +[Docs](https://docs.tandoor.dev/install/docker/) ```env +# tandoor.env + # Random secret key, use for example `base64 /dev/urandom | head -c50` to generate one SECRET_KEY= @@ -256,16 +292,20 @@ POSTGRES_PASSWORD= ### vaultwarden -[Docs](https://github.com/dani-garcia/vaultwarden). Note that the crypto API requires HTTPS, so local access is a bit of a challenge. +[Docs](https://github.com/dani-garcia/vaultwarden) + +Note that the cryptography API used by vaultwarden requires HTTPS, so local access can be a bit of a challenge. These values are only required if you need to use the vaultwarden admin page (for user management, SMTP, hardware 2FA, etc.). The `ADMIN_TOKEN` value gave me trouble - to make it work, I used the 'Using `argon2`' instructions from [Enabling admin page](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page) in the docs. At `your-ip-or-url.com/admin`, the password you used for the hash will unlock it (e.g. `MySecretPassword` per their example). Note: The `ADMIN_TOKEN` value should be enclosed in single quotes. If it is not, all instances of `$` in the value will need to be replaced with `$$` to prevent the value from being split by the parser. ```env +# vaultwarden.env + +# Public domain or IP DOMAIN= -# Dollar signs must be replaced with two dollar signs to properly escape variables in this token ADMIN_TOKEN= # Optional SMTP email settings