# homelab ## environment This configuration uses `.env` files to separate secrets from public information and maintain brevity in the main `docker-compose.yml` Here are the variables that need to be set in the `.env` file for each service. Empty variables should be replaced with your values. ### cloudflared `TUNNEL_TOKEN`: available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector` ### gluetun The values below are specific to Mullvad VPN. Other providers need different values, refer to gluetun documentation. ``` VPN_SERVICE_PROVIDER=mullvad VPN_TYPE=wireguard WIREGUARD_PRIVATE_KEY= WIREGUARD_ADDRESSESS= SERVER_CITIES= ``` The actual values should be available in the WireGuard configuration from Mullvad. ### immich My current Immich docker setup includes a lot of repetition - when I want to update, I have to change the version in 3 places. I have plans to improve this, but for now this is what works. ``` UPLOAD_LOCATION=/media/immich IMMICH_VERSION="v1.123.0" TYPESENSE_API_KEY= DB_PASSWORD= DB_HOSTNAME=immich_postgres DB_USERNAME=postgres DB_DATABASE_NAME=immich DB_DATA_LOCATION=/docker/immich REDIS_HOSTNAME=immich_redis POSTGRES_PASSWORD= # this should be the same as DB_PASSWORD above POSTGRES_USER=postgres POSTGRES_DB=immich ``` ### joplin ``` APP_PORT=22300 APP_BASE_URL= DB_CLIENT=pg POSTGRES_PASSWORD= POSTGRES_DATABASE=joplin POSTGRES_USER= POSTGRES_PORT=5432 POSTGRES_HOST=joplin-db # Optional SMTP email options MAILER_ENABLED=1 MAILER_HOST= MAILER_PORT=465 MAILER_SECURE=1 MAILER_AUTH_USER= MAILER_AUTH_PASSWORD= MAILER_NOREPLY_NAME= MAILER_NOREPLY_EMAIL= ``` ### linkstack ``` HTTPS_SERVER_NAME= SERVER_ADMIN= ``` ### miniflux ``` DATABASE_URL=postgres://miniflux:{...}@rss_db:5432/miniflux?sslmode=disable # replace {...} with your postgres password RUN_MIGRATIONS=1 POSTGRES_USER=miniflux POSTGRES_PASSWORD= # this is the password used above POSTGRES_DB=miniflux ``` ### paperless ``` USERMAP_UID=1000 USERMAP_GID=1000 PUID=1000 PGID=1000 PAPERLESS_URL= # random secret key, use for example `base64 /dev/urandom | head -c50` to generate one PAPERLESS_SECRET_KEY= PAPERLESS_TIME_ZONE= PAPERLESS_OCR_LANGUAGE=eng PAPERLESS_REDIS: redis://paperless_broker:6379 PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}' # Optional SMTP email settings PAPERLESS_EMAIL_HOST= PAPERLESS_EMAIL_PORT=587 PAPERLESS_EMAIL_USE_TLS=true PAPERLESS_EMAIL_HOST_USER= PAPERLESS_EMAIL_HOST_PASSWORD= PAPERLESS_EMAIL_FROM= ``` ### speedtest tracker ``` PUID=1000 PGID=1000 APP_KEY= APP_URL= DB_CONNECTION=sqlite APP_TIMEZONE= DISPLAY_TIMEZONE= SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes ``` ### tandoor ``` # random secret key, use for example `base64 /dev/urandom | head -c50` to generate one SECRET_KEY= # allowed hosts (see documentation), should be set to your hostname(s) but might be * (default) for some proxies/providers ALLOWED_HOSTS= # add only a database password if you want to run with the default postgres, otherwise change settings accordingly DB_ENGINE=django.db.backends.postgresql POSTGRES_HOST=tandoor-db POSTGRES_DB=tandoor POSTGRES_PORT=5432 POSTGRES_USER=tandoor POSTGRES_PASSWORD= ``` ### vaultwarden ``` DOMAIN= # dollar signs must be replaced with two dollar signs to properly escape variables in this token ADMIN_TOKEN= # optional SMTP email settings SMTP_HOST= SMTP_FROM= SMTP_PORT=587 SMTP_SECURITY=starttls SMTP_USERNAME= SMTP_PASSWORD= ```