new services + proxy network rework

ActualBudget/docker-compose.yml

@@ -1,11 +1,12 @@
 version: '3.9'
 services:
   actual_server:
+    container_name: actualbudget
     image: actualbudget/actual-server:latest
-    ports:
+#    ports:
       # This line makes Actual available at port 5006 of the device you run the server on,
       # i.e. http://localhost:5006. You can change the first number to change the port, if you want.
-      - '5006:5006'
+#      - '5006:5006'
 #    environment:
       # Uncomment any of the lines below to set configuration options.
       # - ACTUAL_HTTPS_KEY=/data/selfhost.key
@@ -21,3 +22,8 @@ services:
       # '/data' is the path Actual will look for its files in by default, so leave that as-is.
       - /zstore/Docker-volumes/ActualBudget:/data
     restart: unless-stopped
+
+networks:
+  default:
+    external: true
+    name: proxy

Beszel/docker-compose.yml

@@ -0,0 +1,32 @@
+services:
+  beszel:
+    image: henrygd/beszel:latest
+    container_name: beszel
+    restart: unless-stopped
+    ports:
+      - 8090:8090
+    volumes:
+      - /zstore/Docker-volumes/Beszel/beszel_data:/beszel_data
+      - /zstore/Docker-volumes/Beszel/beszel_socket:/beszel_socket
+
+  beszel-agent:
+    image: henrygd/beszel-agent-intel:latest
+    container_name: beszel-agent
+    restart: unless-stopped
+    network_mode: host
+    devices:
+      - /dev/dri/card1:/dev/dri/card0
+    cap_add:
+      - CAP_PERFMON
+      - CAP_SYS_ADMIN
+    volumes:
+      - /zstore/Docker-volumes/Beszel/beszel_agent_data:/var/lib/beszel-agent
+      - /zstore/Docker-volumes/Beszel/beszel_socket:/beszel_socket
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /data/.beszel:/extra-filesystems/data:ro
+      - /zstore/.beszel:/extra-filesystems/zstore:ro
+    environment:
+      LISTEN: /beszel_socket/beszel.sock
+      HUB_URL: http://localhost:8090
+      TOKEN: 11f2-0d375ac17a-ca4-b2dbb3f1f38
+      KEY: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtyt5P12IMabBbV6BIQmENArIzufsiLEqH85tGNtT9f"

Bitwarden/docker-compose.yml

@@ -1,13 +1,16 @@
----
-version: "3.8"
-
 services:
   bitwarden:
+    container_name: bitwarden
     env_file:
       - settings.env
     image: ghcr.io/bitwarden/self-host:beta
     restart: always
-    ports:
-      - "8080:8080"
+#    ports:
+#      - "8080:8080"
     volumes:
       - /zstore/Docker-volumes/Bitwarden:/etc/bitwarden
+
+networks:
+  default:
+    external: true
+    name: proxy

Deluge/docker-compose.yml

@@ -0,0 +1,18 @@
+services:
+  deluge:
+    image: lscr.io/linuxserver/deluge:latest
+    container_name: deluge
+    environment:
+      - PUID=123
+      - PGID=124
+      - TZ=Europe/Prague
+      - DELUGE_LOGLEVEL=error #optional
+    volumes:
+      - /zstore/Docker-volumes/Deluge:/config
+      - /data/Downloads:/downloads
+    ports:
+      - 8112:8112
+      - 53755:53755
+      - 53755:53755/udp
+      - 58846:58846 #optional
+    restart: unless-stopped

Flexget/docker-compose.yml

@@ -13,6 +13,6 @@ services:
       - /zstore/Docker-volumes/Flexget:/downloads
     environment:
       - TZ=Europe/Prague
-      - PUID=113
-      - PGID=121
+      - PUID=123
+      - PGID=124
 

Gitea/docker-compose.yml

@@ -1,24 +1,25 @@
-version: "3"
-
 networks:
   gitea:
     external: false
+  proxy:
+    external: true
 
 services:
   server:
     image: gitea/gitea:latest
     container_name: gitea
     environment:
-      - USER_UID=121
-      - USER_GID=131
+      - USER_UID=1000
+      - USER_GID=1000
     restart: always
     networks:
       - gitea
+      - proxy
     volumes:
       - /zstore/Docker-volumes/Gitea:/data
       - /home/git/.ssh/:/data/git/.ssh
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-    ports:
-      - "3000:3000"
-      - "2222:22"
+#    ports:
+      #- "3000:3000"
+      #- "2222:22"

Gotify/docker-compose.yml

@@ -1,9 +1,14 @@
-version: "3"
 services:
   gotify:
+    container_name: gotify
     image: gotify/server
     restart: unless-stopped
-    ports:
-      - 8282:80
+#    ports:
+#      - 8282:80
     volumes:
       - "/zstore/Docker-volumes/Gotify/gotify_data:/app/data"
+
+networks:
+  default:
+    external: true
+    name: proxy

Immich/docker-compose.yml

@@ -13,9 +13,9 @@ services:
   immich-server:
     container_name: immich_server
     image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
-    # extends:
-    #   file: hwaccel.transcoding.yml
-    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
+    extends:
+      file: hwaccel.transcoding.yml
+      service: quicksync # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     volumes:
       # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
       - ${UPLOAD_LOCATION}:/usr/src/app/upload
@@ -25,8 +25,8 @@ services:
       - /zstore/photos/Album-Maly:/zstore/photos/Album-Maly:ro
     env_file:
       - .env
-    ports:
-      - '2283:2283'
+#    ports:
+#      - '2283:2283'
     depends_on:
       - redis
       - database
@@ -38,10 +38,10 @@ services:
     container_name: immich_machine_learning
     # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
     # Example tag: ${IMMICH_VERSION:-release}-cuda
-    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
-    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
-    #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}-openvino
+    extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
+      file: hwaccel.ml.yml
+      service: openvino # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
     volumes:
       - model-cache:/cache
     env_file:
@@ -74,3 +74,8 @@ services:
 
 volumes:
   model-cache:
+
+networks:
+  default:
+    external: true
+    name: proxy

Immich/hwaccel.ml.yml

@@ -0,0 +1,57 @@
+# Configurations for hardware-accelerated machine learning
+
+# If using Unraid or another platform that doesn't allow multiple Compose files,
+# you can inline the config for a backend by copying its contents
+# into the immich-machine-learning service in the docker-compose.yml file.
+
+# See https://docs.immich.app/features/ml-hardware-acceleration for info on usage.
+
+services:
+  armnn:
+    devices:
+      - /dev/mali0:/dev/mali0
+    volumes:
+      - /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
+      - /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)
+  
+  rknn:
+    security_opt:
+      - systempaths=unconfined
+      - apparmor=unconfined
+    devices:
+      - /dev/dri:/dev/dri
+
+  cpu: {}
+
+  cuda:
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities:
+                - gpu
+
+  rocm:
+    group_add:
+      - video
+    devices:
+      - /dev/dri:/dev/dri
+      - /dev/kfd:/dev/kfd
+
+  openvino:
+    device_cgroup_rules:
+      - 'c 189:* rmw'
+    devices:
+      - /dev/dri:/dev/dri
+    volumes:
+      - /dev/bus/usb:/dev/bus/usb
+
+  openvino-wsl:
+    devices:
+      - /dev/dri:/dev/dri
+      - /dev/dxg:/dev/dxg
+    volumes:
+      - /dev/bus/usb:/dev/bus/usb
+      - /usr/lib/wsl:/usr/lib/wsl

Immich/hwaccel.transcoding.yml

@@ -0,0 +1,55 @@
+# Configurations for hardware-accelerated transcoding
+
+# If using Unraid or another platform that doesn't allow multiple Compose files,
+# you can inline the config for a backend by copying its contents
+# into the immich-microservices service in the docker-compose.yml file.
+
+# See https://docs.immich.app/features/hardware-transcoding for more info on using hardware transcoding.
+
+services:
+  cpu: {}
+
+  nvenc:
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities:
+                - gpu
+                - compute
+                - video
+
+  quicksync:
+    devices:
+      - /dev/dri:/dev/dri
+
+  rkmpp:
+    security_opt: # enables full access to /sys and /proc, still far better than privileged: true
+      - systempaths=unconfined
+      - apparmor=unconfined
+    group_add:
+      - video
+    devices:
+      - /dev/rga:/dev/rga
+      - /dev/dri:/dev/dri
+      - /dev/dma_heap:/dev/dma_heap
+      - /dev/mpp_service:/dev/mpp_service
+      #- /dev/mali0:/dev/mali0 # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
+    volumes:
+      #- /etc/OpenCL:/etc/OpenCL:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
+      #- /usr/lib/aarch64-linux-gnu/libmali.so.1:/usr/lib/aarch64-linux-gnu/libmali.so.1:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
+
+  vaapi:
+    devices:
+      - /dev/dri:/dev/dri
+
+  vaapi-wsl: # use this for VAAPI if you're running Immich in WSL2
+    devices:
+      - /dev/dri:/dev/dri
+      - /dev/dxg:/dev/dxg
+    volumes:
+      - /usr/lib/wsl:/usr/lib/wsl
+    environment:
+      - LIBVA_DRIVER_NAME=d3d12

Joplin/docker-compose.yml

@@ -22,19 +22,20 @@ services:
         image: postgres:16
         volumes:
             - /zstore/Docker-volumes/Joplin/postgres:/var/lib/postgresql/data
-        ports:
-            - 5432:5432
+#        ports:
+#            - 5432:5432
         restart: unless-stopped
         environment:
             - POSTGRES_PASSWORD=lachim23
             - POSTGRES_USER=joplin
             - POSTGRES_DB=joplin
     app:
+        container_name: joplin
         image: joplin/server:latest
         depends_on:
             - db
-        ports:
-            - 22300:22300
+#        ports:
+#            - 22300:22300
         restart: unless-stopped
         environment:
             - APP_PORT=22300
@@ -45,3 +46,8 @@ services:
             - POSTGRES_USER=joplin
             - POSTGRES_PORT=5432
             - POSTGRES_HOST=db
+
+networks:
+  default:
+    external: true
+    name: proxy

Kopia/docker-compose.yaml

@@ -0,0 +1,33 @@
+services:
+    kopia:
+        image: kopia/kopia:latest
+        container_name: kopia
+        restart: unless-stopped
+#        ports:
+#            - 51515:51515
+        # Setup the server that provides the web gui
+        command:
+            - server
+            - start
+            - --insecure
+            - --address=0.0.0.0:51515
+            - --disable-csrf-token-checks
+            - --server-username=kopia
+            - --server-password=Kop495@ia23med
+        environment:
+            # Set repository password
+            KOPIA_PASSWORD: "JyhcPWQgAshIE1"
+            USER: "backup@1db80a7b6568"
+        volumes:
+            # Mount local folders needed by kopia
+            - /zstore/Docker-volumes/Kopia:/app/config
+            - /zstore/Docker-volumes/Kopia:/app/cache
+            - /zstore/Docker-volumes/Kopia:/app/logs
+            - /backup/kopia:/backup/kopia
+            - /zstore/photos:/zstore/photos:ro
+            - /zstore/Docker-volumes:/zstore/Docker-volumes:ro
+
+networks:
+  default:
+    external: true
+    name: proxy

NPM/docker-compose.yml

@@ -12,3 +12,8 @@ services:
     volumes:
       - /zstore/Docker-volumes/NPM/data:/data
       - /zstore/Docker-volumes/NPM/letsencrypt:/etc/letsencrypt
+
+networks:
+  default:
+    external: true
+    name: proxy

Plex/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  plex:
+    image: lscr.io/linuxserver/plex:latest
+    container_name: plex
+    network_mode: host
+    environment:
+      - TZ=Europe/Prague
+      - VERSION=latest
+    devices:
+      - /dev/dri:/dev/dri
+    volumes:
+      - /zstore/Docker-volumes/Plex:/config
+      - /zstore/media:/zstore/media
+    restart: unless-stopped
+

Pydio-cells/docker-compose.yml

@@ -1,10 +1,10 @@
-version: '3.7'
 services:
 
   cells:
+    container_name: cells-app
     image: pydio/cells:latest
     restart: unless-stopped
-    ports: ["8383:8080"]
+#    ports: ["8383:8080"]
     environment:
       CELLS_SITE_EXTERNAL: "https://cells.yugi.cz"
       CELLS_SITE_NO_TLS: "1"
@@ -28,3 +28,8 @@ volumes:
     data: {}
     cellsdir: {}
     mysqldir: {}
+
+networks:
+  default:
+    external: true
+    name: proxy

Tautulli/docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3'
 services:
   tautulli:
     image: ghcr.io/tautulli/tautulli
@@ -8,5 +7,10 @@ services:
       - /zstore/Docker-volumes/Tautulli:/config
     environment:
       - TZ=Europe/Prague
-    ports:
-      - 8181:8181
+#    ports:
+#      - 8181:8181
+
+networks:
+  default:
+    external: true
+    name: proxy