# Homelab I have a dedicated home server that I run a lot of services on. This repo has my monolithic `docker-compose.yml` plus info about what I run. | | | | --- | ------------------- | | CPU | Intel i3-7100 | | RAM | 32GB | | SSD | 512GB | | HDD | 3x10TB RAID-Z Array | | OS | Debian | ## Services These are all the services hosted here, what they are for, and any clients I use with them. ### User-Facing - [Jellyfin](https://jellyfin.org) - Media server for movies, TV shows, and music - [Feishin](https://github.com/jeffvli/feishin) - Desktop music client (soon to be replaced by [audioling](https://github.com/audioling/audioling)) - [Finamp](https://github.com/jmshrv/finamp) - Mobile music client - For other devices (desktop, mobile, Roku/Android TV) I use either the web app or the official Jellyfin client - [Miniflux](https://miniflux.app/) - Minimalist RSS feed reader - [NetNewsWire](https://netnewswire.com/) - Wonderful all-purpose iOS RSS client - [vaultwarden](https://github.com/dani-garcia/vaultwarden) - Password manager - [Bitwarden clients](https://bitwarden.com/download/) - [Gitea](https://about.gitea.com/) - Git server - in the process of replacing my GitHub account - [LinkStack](https://linkstack.org/) - Self-hosted LinkTree alternative - [Homepage](https://gethomepage.dev/) - My default new tab page; has info about all my services plus links - [Kiwix](https://kiwix.org/en/) - Offline wiki hosting - I have Wikipedia, the Arch Linux wiki, and several others downloaded - [Actual Budget](https://actualbudget.org/) - Excellent budgeting app - it can be automatically synced with your bank, but I have found it to be unstable - There used to be an official app but it has been discontinued - I added the website to my phone's home screen and it works quite well - [Paperless-ngx](https://docs.paperless-ngx.com/) - Document management system for legal documents, IDs, bank statements, etc. - [Swift Paperless](https://github.com/paulgessinger/swift-paperless) - iOS client - [Immich](https://immich.app/) - Photo and video management - Their official mobile apps are quite good - [Grocy](https://github.com/grocy/grocy) - Household management (Am I out of milk? Do I have AAA batteries? What can I make for dinner?) - [iOS Client](https://apps.apple.com/us/app/grocy-mobile/id1567803209) - [Tandoor](https://tandoor.dev/) - Recipe management, so I always know which zucchine muffin recipe is the good one - [Untare](https://github.com/phantomate/Untare) - Mobile client (discontinued but it still works for now) - [AudioBookShelf](https://www.audiobookshelf.org/) - Audiobook server - The official mobile client works great - [Calibre Web](https://github.com/janeczku/calibre-web) - Ebook management - [Yomu](https://www.yomu-reader.com/) for iOS is nice and minimal and supports OPDS for use with Calibre Web - [Joplin](https://joplinapp.org/) - Notes (Obsidian alternative) ### Monitoring - [Dozzle](https://dozzle.dev/) - Docker logs all in one place - [Scrutiny](https://github.com/AnalogJ/scrutiny) - HDD SMART monitoring, so I know when to prepare for a drive failure - [Speedtest Tracker](https://speedtest-tracker.dev/) - Runs scheduled internet speedtests and creates pretty graphs to keep my ISP honest - [Glances](https://github.com/nicolargo/glances) - System monitor - I mostly have this for dashboard widgets but it can be useful by itself ### Networking - [cloudflared](https://github.com/cloudflare/cloudflared) - CloudFlare tunnel client for easy and secure external service access - [gluetun](https://github.com/qdm12/gluetun) - Docker VPN client - [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) - DNS filtering - I use this with [tailscale](https://tailscale.com/) to block ads on my phone Note that I run tailscale on bare metal so it is not listed here, but it is very useful for remote access to services I don't want visible on the open internet as well as SSH access. ### Downloading - [qBittorrent](https://www.qbittorrent.org/) - The only torrent client I'll ever use - [Radarr](https://radarr.video/) - Automated movie fetching - [Sonarr](https://sonarr.tv/) - Automated TV show fetching - [Prowlarr](https://prowlarr.com/) - Torrent indexer that interfaces with the other *arrs - [Bazarr](https://www.bazarr.media/) - Automated subtitle fetching (I also use the OpenSubtitles plugin within Jellyfin when needed, but this works hands-off most of the time) I use [LunaSea](https://www.lunasea.app/) as a mobile client for Radarr and Sonarr. ## Environment This configuration uses `.env` files to separate secrets from public information and maintain brevity in the main `docker-compose.yml` Here are the variables that need to be set in the `.env` file for each service. Empty variables should be replaced with your values. ### cloudflared `TUNNEL_TOKEN`: available in the cloudflare zero-trust tunnel dashboard, under `install and run a connector` ### gluetun The values below are specific to Mullvad VPN. Other providers need different values, refer to gluetun documentation. ``` VPN_SERVICE_PROVIDER=mullvad VPN_TYPE=wireguard WIREGUARD_PRIVATE_KEY= WIREGUARD_ADDRESSESS= SERVER_CITIES= ``` The actual values should be available in the WireGuard configuration from Mullvad. ### Immich My current Immich docker setup includes a lot of repetition - when I want to update, I have to change the version in 3 places. I have plans to improve this, but for now this is what works. ``` UPLOAD_LOCATION=/media/immich IMMICH_VERSION="v1.123.0" TYPESENSE_API_KEY= DB_PASSWORD= DB_HOSTNAME=immich_postgres DB_USERNAME=postgres DB_DATABASE_NAME=immich DB_DATA_LOCATION=/docker/immich REDIS_HOSTNAME=immich_redis POSTGRES_PASSWORD= # this should be the same as DB_PASSWORD above POSTGRES_USER=postgres POSTGRES_DB=immich ``` ### Joplin ``` APP_PORT=22300 APP_BASE_URL= DB_CLIENT=pg POSTGRES_PASSWORD= POSTGRES_DATABASE=joplin POSTGRES_USER= POSTGRES_PORT=5432 POSTGRES_HOST=joplin-db # Optional SMTP email options MAILER_ENABLED=1 MAILER_HOST= MAILER_PORT=465 MAILER_SECURE=1 MAILER_AUTH_USER= MAILER_AUTH_PASSWORD= MAILER_NOREPLY_NAME= MAILER_NOREPLY_EMAIL= ``` ### LinkStack ``` HTTPS_SERVER_NAME= SERVER_ADMIN= ``` ### Miniflux ``` DATABASE_URL=postgres://miniflux:{...}@rss_db:5432/miniflux?sslmode=disable # replace {...} with your postgres password RUN_MIGRATIONS=1 POSTGRES_USER=miniflux POSTGRES_PASSWORD= # this is the password used above POSTGRES_DB=miniflux ``` ### Paperless-ngx ``` USERMAP_UID=1000 USERMAP_GID=1000 PUID=1000 PGID=1000 PAPERLESS_URL= # random secret key, use for example `base64 /dev/urandom | head -c50` to generate one PAPERLESS_SECRET_KEY= PAPERLESS_TIME_ZONE= PAPERLESS_OCR_LANGUAGE=eng PAPERLESS_REDIS: redis://paperless_broker:6379 PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}' # Optional SMTP email settings PAPERLESS_EMAIL_HOST= PAPERLESS_EMAIL_PORT=587 PAPERLESS_EMAIL_USE_TLS=true PAPERLESS_EMAIL_HOST_USER= PAPERLESS_EMAIL_HOST_PASSWORD= PAPERLESS_EMAIL_FROM= ``` ### Speedtest Tracker ``` PUID=1000 PGID=1000 APP_KEY= APP_URL= DB_CONNECTION=sqlite APP_TIMEZONE= DISPLAY_TIMEZONE= SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes ``` ### Tandoor ``` # random secret key, use for example `base64 /dev/urandom | head -c50` to generate one SECRET_KEY= # allowed hosts (see documentation), should be set to your hostname(s) but might be * (default) for some proxies/providers ALLOWED_HOSTS= # add only a database password if you want to run with the default postgres, otherwise change settings accordingly DB_ENGINE=django.db.backends.postgresql POSTGRES_HOST=tandoor-db POSTGRES_DB=tandoor POSTGRES_PORT=5432 POSTGRES_USER=tandoor POSTGRES_PASSWORD= ``` ### vaultwarden ``` DOMAIN= # dollar signs must be replaced with two dollar signs to properly escape variables in this token ADMIN_TOKEN= # optional SMTP email settings SMTP_HOST= SMTP_FROM= SMTP_PORT=587 SMTP_SECURITY=starttls SMTP_USERNAME= SMTP_PASSWORD= ```