azpsen/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
azpsen 6b5f2bc0b4 add gitignore
2025-01-06 08:07:47 -06:00
.gitignore
add gitignore
2025-01-06 08:07:47 -06:00
docker-compose.yml
add specs, reorganize docker-compose
2025-01-05 17:54:50 -06:00
readme.md
add specs, reorganize docker-compose
2025-01-05 17:54:50 -06:00

readme.md

Homelab

I have a dedicated home server that I run a lot of services on. This repo has my monolithic docker-compose.yml plus info about what I run.
CPU Intel i3-7100
RAM 32GB
SSD 512GB
HDD 3x10TB RAID-Z Array
OS Debian

Services

These are all the services hosted here, what they are for, and any clients I use with them.

User-Facing

  • Jellyfin - Media server for movies, TV shows, and music
    • Feishin - Desktop music client (soon to be replaced by audioling)
    • Finamp - Mobile music client
    • For other devices (desktop, mobile, Roku/Android TV) I use either the web app or the official Jellyfin client
  • Miniflux - Minimalist RSS feed reader
  • vaultwarden - Password manager
  • Gitea - Git server - in the process of replacing my GitHub account
  • LinkStack - Self-hosted LinkTree alternative
  • Homepage - My default new tab page; has info about all my services plus links
  • Kiwix - Offline wiki hosting - I have Wikipedia, the Arch Linux wiki, and several others downloaded
  • Actual Budget - Excellent budgeting app - it can be automatically synced with your bank, but I have found it to be unstable
    • There used to be an official app but it has been discontinued - I added the website to my phone's home screen and it works quite well
  • Paperless-ngx - Document management system for legal documents, IDs, bank statements, etc.
  • Immich - Photo and video management
    • Their official mobile apps are quite good
  • Grocy - Household management (Am I out of milk? Do I have AAA batteries? What can I make for dinner?)
  • Tandoor - Recipe management, so I always know which zucchine muffin recipe is the good one
    • Untare - Mobile client (discontinued but it still works for now)
  • AudioBookShelf - Audiobook server
    • The official mobile client works great
  • Calibre Web - Ebook management
    • Yomu for iOS is nice and minimal and supports OPDS for use with Calibre Web
  • Joplin - Notes (Obsidian alternative)

Monitoring

  • Dozzle - Docker logs all in one place
  • Scrutiny - HDD SMART monitoring, so I know when to prepare for a drive failure
  • Speedtest Tracker - Runs scheduled internet speedtests and creates pretty graphs to keep my ISP honest
  • Glances - System monitor - I mostly have this for dashboard widgets but it can be useful by itself

Networking

Note that I run tailscale on bare metal so it is not listed here, but it is very useful for remote access to services I don't want visible on the open internet as well as SSH access.

Downloading

  • qBittorrent - The only torrent client I'll ever use
  • Radarr - Automated movie fetching
  • Sonarr - Automated TV show fetching
  • Prowlarr - Torrent indexer that interfaces with the other *arrs
  • Bazarr - Automated subtitle fetching (I also use the OpenSubtitles plugin within Jellyfin when needed, but this works hands-off most of the time)

I use LunaSea as a mobile client for Radarr and Sonarr.

Environment

This configuration uses .env files to separate secrets from public information and maintain brevity in the main docker-compose.yml

Here are the variables that need to be set in the .env file for each service. Empty variables should be replaced with your values.

cloudflared

TUNNEL_TOKEN: available in the cloudflare zero-trust tunnel dashboard, under install and run a connector

gluetun

The values below are specific to Mullvad VPN. Other providers need different values, refer to gluetun documentation.

VPN_SERVICE_PROVIDER=mullvad
VPN_TYPE=wireguard
WIREGUARD_PRIVATE_KEY=
WIREGUARD_ADDRESSESS=
SERVER_CITIES=

The actual values should be available in the WireGuard configuration from Mullvad.

Immich

My current Immich docker setup includes a lot of repetition - when I want to update, I have to change the version in 3 places.

I have plans to improve this, but for now this is what works.

UPLOAD_LOCATION=/media/immich
IMMICH_VERSION="v1.123.0"

TYPESENSE_API_KEY=
DB_PASSWORD=

DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
DB_DATA_LOCATION=/docker/immich

REDIS_HOSTNAME=immich_redis

POSTGRES_PASSWORD= # this should be the same as DB_PASSWORD above
POSTGRES_USER=postgres
POSTGRES_DB=immich

Joplin

APP_PORT=22300
APP_BASE_URL=
DB_CLIENT=pg
POSTGRES_PASSWORD=
POSTGRES_DATABASE=joplin
POSTGRES_USER=
POSTGRES_PORT=5432
POSTGRES_HOST=joplin-db

# Optional SMTP email options
MAILER_ENABLED=1
MAILER_HOST=
MAILER_PORT=465
MAILER_SECURE=1
MAILER_AUTH_USER=
MAILER_AUTH_PASSWORD=
MAILER_NOREPLY_NAME=
MAILER_NOREPLY_EMAIL=

LinkStack

HTTPS_SERVER_NAME=
SERVER_ADMIN=

Miniflux

DATABASE_URL=postgres://miniflux:{...}@rss_db:5432/miniflux?sslmode=disable # replace {...} with your postgres password
RUN_MIGRATIONS=1

POSTGRES_USER=miniflux
POSTGRES_PASSWORD= # this is the password used above
POSTGRES_DB=miniflux

Paperless-ngx

USERMAP_UID=1000
USERMAP_GID=1000
PUID=1000
PGID=1000

PAPERLESS_URL=

# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
PAPERLESS_SECRET_KEY=

PAPERLESS_TIME_ZONE=

PAPERLESS_OCR_LANGUAGE=eng

PAPERLESS_REDIS: redis://paperless_broker:6379
PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}'

# Optional SMTP email settings
PAPERLESS_EMAIL_HOST=
PAPERLESS_EMAIL_PORT=587
PAPERLESS_EMAIL_USE_TLS=true
PAPERLESS_EMAIL_HOST_USER=
PAPERLESS_EMAIL_HOST_PASSWORD=
PAPERLESS_EMAIL_FROM=

Speedtest Tracker

PUID=1000
PGID=1000
APP_KEY=
APP_URL=
DB_CONNECTION=sqlite
APP_TIMEZONE=
DISPLAY_TIMEZONE=
SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes

Tandoor

# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
SECRET_KEY=

# allowed hosts (see documentation), should be set to your hostname(s) but might be * (default) for some proxies/providers
ALLOWED_HOSTS=

# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
DB_ENGINE=django.db.backends.postgresql
POSTGRES_HOST=tandoor-db
POSTGRES_DB=tandoor
POSTGRES_PORT=5432
POSTGRES_USER=tandoor
POSTGRES_PASSWORD=

vaultwarden

DOMAIN=

# dollar signs must be replaced with two dollar signs to properly escape variables in this token
ADMIN_TOKEN=

# optional SMTP email settings
SMTP_HOST=
SMTP_FROM=
SMTP_PORT=587
SMTP_SECURITY=starttls
SMTP_USERNAME=
SMTP_PASSWORD=
Description
docker setup for self-hosted services
Readme 454 KiB