fix: remove intel config

3d_printing/spoolman/docker-compose.yml

@@ -0,0 +1,30 @@
+services:
+  spoolman:
+    container_name: spoolman
+    image: ghcr.io/donkie/spoolman:latest
+    restart: unless-stopped
+    volumes:
+      - ${CONFIG_ROOT}/spoolman:/home/app/.local/share/spoolman
+    labels:
+      homepage.group: "3D Printing"
+      homepage.name: "Spoolman"
+      homepage.icon: "spoolman.png"
+      homepage.href: "https://spoolman.${DOMAIN}"
+      homepage.description: "Filament Inventory Manager"
+      traefik.enable: "true"
+      traefik.http.routers.spoolman.rule: "Host(`spoolman.${DOMAIN}`)"
+      traefik.http.routers.spoolman.entrypoints: "https"
+      traefik.http.routers.spoolman.tls.certresolver: "cloudflare"
+      traefik.http.routers.spoolman.service: "spoolman"
+      traefik.http.routers.spoolman.middlewares: "voidauth@docker"
+      traefik.http.services.spoolman.loadbalancer.server.port: "8000"
+    environment:
+      - TZ=Europe/London
+      - PUID=1000
+      - PGID=1000
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true

README.md

@@ -58,11 +58,14 @@ Because all work and no play makes the server a dull boy.
 *   **Media - Jellyfin**: `media/jellyfin` - Jellyfin Media Server.
 *   **Media - Plex**: `media/plex` - Plex Media Server.
 *   **Media - ArrStack**: `media/arrstack` - The *Arr stack.
+*   **3D Printing**: `3d_printing/spoolman` - Filament inventory manager (Spoolman).
 
 ### Directory Structure
 
 ```
 .
+├── 3d_printing/
+│   └── spoolman/
 ├── books/
 │   └── booklore/
 ├── container_management/

access_management/void/docker-compose.yml

@@ -0,0 +1,45 @@
+services:
+  voidauth: 
+    image: voidauth/voidauth:latest
+    restart: unless-stopped
+    volumes:
+      - ${CONFIG_ROOT}/voidauth/config:/app/config
+    depends_on:
+      voidauth-db:
+        condition: service_healthy
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.voidauth.rule: "Host(`auth.${DOMAIN}`)"
+      traefik.http.routers.voidauth.entryPoints: 'https'
+      traefik.http.routers.voidauth.tls: 'true'
+      traefik.http.routers.voidauth.service: "voidauth"
+      traefik.http.services.voidauth.loadbalancer.server.port: "3000"
+      traefik.http.middlewares.voidauth.forwardAuth.address: 'http://voidauth:3000/api/authz/forward-auth'
+      traefik.http.middlewares.voidauth.forwardAuth.trustForwardHeader: 'true'
+      traefik.http.middlewares.voidauth.forwardAuth.authResponseHeaders: 'Remote-User,Remote-Name,Remote-Email,Remote-Groups'
+      traefik.docker.network: "traefik_public"
+    networks:
+      - internal
+      - traefik_public
+    env_file:
+      - .env
+
+  voidauth-db:
+    image: postgres:18
+    restart: unless-stopped
+    environment:
+      POSTGRES_PASSWORD: # required, same as voidauth DB_PASSWORD
+    volumes:
+      - ${CONFIG_ROOT}/voidauth/db:/var/lib/postgresql/18/docker
+    healthcheck:
+      test: "pg_isready -U postgres -h localhost"
+    networks:
+      - internal
+    env_file:
+      - .env
+
+networks:
+  internal:
+    driver: bridge
+  traefik_public:
+    external: true

access_management/void/example.env

@@ -0,0 +1,4 @@
+APP_URL: # required, ex. https://auth.example.com
+STORAGE_KEY: # required
+DB_PASSWORD: # required, same as voidauth-db POSTGRES_PASSWORD
+DB_HOST: voidauth-db # required

container_management/komodo/mongo.compose.yaml

@@ -0,0 +1,88 @@
+################################
+# 🦎 KOMODO COMPOSE - MONGO 🦎 #
+################################
+
+## This compose file will deploy:
+##   1. MongoDB
+##   2. Komodo Core
+##   3. Komodo Periphery
+
+services:
+  mongo:
+    image: mongo
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+    command: --quiet --wiredTigerCacheSizeGB 0.25
+    restart: unless-stopped
+    # ports:
+    #   - 27017:27017
+    volumes:
+      - ${CONFIG_ROOT}/komodo/mongo-data:/data/db
+      - ${CONFIG_ROOT}/komodo/mongo-config:/data/configdb
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DB_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${KOMODO_DB_PASSWORD}
+    networks:
+      - internal
+  
+  core:
+    image: ghcr.io/moghtech/komodo-core:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+      traefik.enable: "true"
+      traefik.http.routers.komodo.rule: "Host(`containers.${DOMAIN}`)"
+      traefik.http.routers.komodo.entrypoints: "https"
+      traefik.http.routers.komodo.tls.certresolver: "cloudflare"
+      traefik.http.routers.komodo.service: "komodo"
+      traefik.http.services.komodo.loadbalancer.server.port: "9120"
+      traefik.docker.network: "traefik_public"
+    restart: unless-stopped
+    depends_on:
+      - mongo
+    env_file: ./compose.env
+    environment:
+      KOMODO_DATABASE_ADDRESS: mongo:27017
+      KOMODO_DATABASE_USERNAME: ${KOMODO_DB_USERNAME}
+      KOMODO_DATABASE_PASSWORD: ${KOMODO_DB_PASSWORD}
+    volumes:
+      ## Store dated backups of the database - https://komo.do/docs/setup/backup
+      - ${COMPOSE_KOMODO_BACKUPS_PATH}:/backups
+      ## Store sync files on server
+      - ${CONFIG_ROOT}/komodo/syncs:/syncs
+      ## Optionally mount a custom core.config.toml
+      # - /path/to/core.config.toml:/config/config.toml
+    ## Allows for systemd Periphery connection at 
+    ## "https://host.docker.internal:8120"
+    # extra_hosts:
+    #   - host.docker.internal:host-gateway
+    networks:
+      - internal
+      - traefik_public
+
+  ## Deploy Periphery container using this block,
+  ## or deploy the Periphery binary with systemd using 
+  ## https://github.com/moghtech/komodo/tree/main/scripts
+  periphery:
+    image: ghcr.io/moghtech/komodo-periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+    restart: unless-stopped
+    env_file: ./compose.env
+    volumes:
+      ## Mount external docker socket
+      - /var/run/docker.sock:/var/run/docker.sock
+      ## Allow Periphery to see processes outside of container
+      - /proc:/proc
+      ## Specify the Periphery agent root directory.
+      ## Must be the same inside and outside the container,
+      ## or docker will get confused. See https://github.com/moghtech/komodo/discussions/180.
+      ## Default: /etc/komodo.
+      - ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}:${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}
+    networks:
+      - internal
+
+networks:
+  traefik_public:
+    external: true
+  internal:
+    driver: bridge

container_management/portainer/docker-compose.yml

@@ -1,34 +0,0 @@
-services:
-  portainer:
-    container_name: portainer
-    image: portainer/portainer-ce:lts
-    restart: always
-    labels:
-      homepage.group: "Management"
-      homepage.name: "Portainer"
-      homepage.icon: "portainer.png"
-      homepage.href: "https://portainer.${DOMAIN}"
-      homepage.description: "Container Management"
-      traefik.enable: "true"
-      traefik.http.routers.portainer.rule: "Host(`portainer.${DOMAIN}`)"
-      traefik.http.routers.portainer.entrypoints: "https"
-      traefik.http.routers.portainer.tls.certresolver: "cloudflare"
-      traefik.http.routers.portainer.service: "portainer"
-      traefik.http.services.portainer.loadbalancer.server.port: "9443"
-      traefik.http.services.portainer.loadbalancer.server.scheme: "https"
-      traefik.http.services.portainer.loadbalancer.serverstransport: "insecure@file"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - portainer_data:/data
-    ports:
-      - 9443:9443
-    networks:
-      - traefik_public
-
-volumes:
-  portainer_data:
-    name: portainer_data
-
-networks:
-  traefik_public:
-    external: true

dashboards/glance/docker-compose.yml

@@ -13,7 +13,7 @@ services:
       - traefik_public
     labels:
       traefik.enable: "true"
-      traefik.http.routers.glance.rule: "Host(glance.`${DOMAIN}`)"
+      traefik.http.routers.glance.rule: "Host(`glance.${DOMAIN}`)"
       traefik.http.routers.glance.entrypoints: "https"
       traefik.http.routers.glance.tls.certresolver: "cloudflare"
       traefik.http.routers.glance.service: "glance"

dashboards/homepage/docker-compose.yml

@@ -1,30 +0,0 @@
-services:
-  homepage:
-    image: ghcr.io/gethomepage/homepage:latest
-    container_name: homepage
-    expose:
-      - 3000
-    volumes:
-      - ${CONFIG_ROOT}/homepage/config:/app/config
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    environment:
-      HOMEPAGE_ALLOWED_HOSTS: "*"
-    restart: unless-stopped
-    labels:
-      homepage.group: "Dashboards"
-      homepage.name: "Homepage"
-      homepage.icon: "homepage.png"
-      homepage.href: "https://${DOMAIN}"
-      homepage.description: "The dashboard itself"
-      traefik.enable: "true"
-      traefik.http.routers.homepage.rule: "Host(`${DOMAIN}`)"
-      traefik.http.routers.homepage.entrypoints: "https"
-      traefik.http.routers.homepage.tls.certresolver: "cloudflare"
-      traefik.http.routers.homepage.service: "homepage"
-      traefik.http.services.homepage.loadbalancer.server.port: "3000"
-    networks:
-      - traefik_public
-
-networks:
-  traefik_public:
-    external: true

dns/adguard/docker-compose.yml

@@ -13,7 +13,8 @@ services:
       traefik.http.routers.adguard.rule: "Host(`adguard.${DOMAIN}`)"
       traefik.http.routers.adguard.entrypoints: "https"
       traefik.http.routers.adguard.tls.certresolver: "cloudflare"
-      traefik.http.services.adguard.loadbalancer.server.port: "6969"
+      traefik.http.routers.adguard.middlewares: "voidauth@docker"
+      traefik.http.services.adguard.loadbalancer.server.address: "http://${HOST_IP}:6969"
     network_mode: host
     volumes:
       - ${CONFIG_ROOT}/adguard/work:/opt/adguardhome/work

dns/duckdns/docker-compose.yml

@@ -1,23 +0,0 @@
-services:
-  duckdns:
-    container_name: duckdns
-    image: lscr.io/linuxserver/duckdns:latest
-    restart: unless-stopped
-    environment:
-      - SUBDOMAINS=${DUCKDNS_SUBDOMAINS}
-      - TOKEN=${DUCKDNS_TOKEN}
-      - TZ=${TZ}
-    volumes:
-      - ${CONFIG_ROOT}/duckdns/config:/config
-    labels:
-      homepage.group: "DNS"
-      homepage.name: "DuckDNS"
-      homepage.icon: "duckdns.png"
-      homepage.href: "https://www.duckdns.org"
-      homepage.description: "Dynamic DNS Updater"
-    networks:
-      - traefik_public
-
-networks:
-  traefik_public:
-    external: true

habit_tracking/habitica/docker-compose.yml

@@ -0,0 +1,52 @@
+version: "3"
+services:
+  server:
+    image: docker.io/awinterstein/habitica-server:latest
+    restart: unless-stopped
+    depends_on:
+      - mongo
+    environment:
+      - NODE_DB_URI=mongodb://mongo/habitica
+      - BASE_URL
+      - INVITE_ONLY # change to `true` after registration of initial users, to restrict further registrations
+      - EMAIL_SERVER_URL
+      - EMAIL_SERVER_PORT
+      - EMAIL_SERVER_AUTH_USER
+      - EMAIL_SERVER_AUTH_PASSWORD
+      - ADMIN_EMAIL
+    networks:
+      - traefik_public
+      - habitica
+    labels:
+      traefik.enable: "true"
+      traefik.docker.network: "traefik_public"
+      traefik.http.routers.habitica.rule: "Host(`habitica.${DOMAIN}`)"
+      traefik.http.routers.habitica.entrypoints: "https"
+      traefik.http.routers.habitica.tls.certresolver: "cloudflare"
+      traefik.http.routers.habitica.service: "habitica"
+      traefik.http.services.habitica.loadbalancer.server.port: "3000"
+
+  mongo:
+    image: docker.io/mongo:latest # better to replace 'latest' with the concrete mongo version (e.g., the most recent one)
+    restart: unless-stopped
+    hostname: mongo
+    command: ["--replSet", "rs", "--bind_ip_all", "--port", "27017"]
+    healthcheck:
+      test: echo "try { rs.status() } catch (err) { rs.initiate() }" | mongosh --port 27017 --quiet
+      interval: 10s
+      timeout: 30s
+      start_period: 0s
+      start_interval: 1s
+      retries: 30
+    volumes:
+      - ${CONFIG_ROOT}/habitica/db:/data/db:rw
+      - ${CONFIG_ROOT}/habitica/dbconf:/data/configdb
+    networks:
+      habitica:
+        aliases:
+          - mongo
+networks:
+  habitica:
+    driver: bridge
+  traefik_public:
+    external: true

media/arrstack/docker-compose.yml

@@ -9,10 +9,13 @@ services:
     devices:
       - /dev/net/tun:/dev/net/tun
     environment:
+      - FIREWALL_OUTBOUND_SUBNETS=172.29.0.0/16,192.168.0.0/16
       - VPN_SERVICE_PROVIDER=protonvpn
       - VPN_TYPE=wireguard
       - WIREGUARD_PRIVATE_KEY=${PROTONVPN_WIREGUARD_PRIVATE_KEY}
-      - SERVER_COUNTRIES=Austria,Germany,Netherlands
+      - SERVER_COUNTRIES=Denmark
+      # - OPENVPN_USER=${PROTON_OPENVPN_USER}
+      # - OPENVPN_PASS=${PROTON_OPENVPN_PASS}
     volumes:
       - ${CONFIG_ROOT}/gluetun:/gluetun
     ports:
@@ -43,6 +46,7 @@ services:
       traefik.http.routers.radarr.entrypoints: "https"
       traefik.http.routers.radarr.service: "radarr"
       traefik.http.routers.radarr.tls.certresolver: "cloudflare"
+      traefik.http.routers.radarr.middlewares: "voidauth@docker"
       traefik.http.services.radarr.loadbalancer.server.port: "7878"
       # Homepage
       homepage.group: "Media"
@@ -70,6 +74,7 @@ services:
       traefik.http.routers.sonarr.entrypoints: "https"
       traefik.http.routers.sonarr.service: "sonarr"
       traefik.http.routers.sonarr.tls.certresolver: "cloudflare"
+      traefik.http.routers.sonarr.middlewares: "voidauth@docker"
       traefik.http.services.sonarr.loadbalancer.server.port: "8989"
       # Homepage
       homepage.group: "Media"
@@ -95,6 +100,7 @@ services:
       traefik.http.routers.prowlarr.rule: "Host(`prowlarr.${DOMAIN}`)"
       traefik.http.routers.prowlarr.entrypoints: "https"
       traefik.http.routers.prowlarr.service: "prowlarr"
+      traefik.http.routers.prowlarr.middlewares: "voidauth@docker"
       traefik.http.routers.prowlarr.tls.certresolver: "cloudflare"
       traefik.http.services.prowlarr.loadbalancer.server.port: "9696"
       # Homepage
@@ -107,7 +113,6 @@ services:
   nzbget:
     image: lscr.io/linuxserver/nzbget:latest
     container_name: nzbget
-    network_mode: service:gluetun
     environment:
       - PUID=1000
       - PGID=1000
@@ -123,6 +128,7 @@ services:
       traefik.http.routers.nzbget.entrypoints: "https"
       traefik.http.routers.nzbget.service: "nzbget"
       traefik.http.routers.nzbget.tls.certresolver: "cloudflare"
+      traefik.http.routers.nzbget.middlewares: "voidauth@docker"
       traefik.http.services.nzbget.loadbalancer.server.port: "6789"
       # Homepage
       homepage.group: "Media"
@@ -130,6 +136,9 @@ services:
       homepage.icon: "nzbget.svg"
       homepage.href: "https://nzbget.${DOMAIN}"
       homepage.description: "Usenet Downloader"
+    networks:
+      - traefik_public
+
 networks:
   traefik_public:
     external: true

media/audiobookshelf/docker-compose.yml

@@ -0,0 +1,32 @@
+version: "3.8"
+
+services:
+  audiobookshelf:
+    image: ghcr.io/advplyr/audiobookshelf:latest
+    container_name: audiobookshelf
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ${DOCKER_PATH}/audiobookshelf/config:/config
+      - ${DOCKER_PATH}/audiobookshelf/metadata:/metadata
+      - ${MEDIA_PATH}/audiobooks:/audiobooks
+      - ${MEDIA_PATH}/podcasts:/podcasts
+    expose:
+      - 80
+    restart: unless-stopped
+    labels:
+      # Traefik
+      traefik.enable: "true"
+      traefik.http.routers.audiobookshelf.rule: "Host(`audiobookshelf.${DOMAIN}`)"
+      traefik.http.routers.audiobookshelf.entrypoints: "https"
+      traefik.http.routers.audiobookshelf.service: "audiobookshelf"
+      traefik.http.routers.audiobookshelf.tls.certresolver: "cloudflare"
+      traefik.http.services.audiobookshelf.loadbalancer.server.port: "80"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true

media/jellystat/.env.example

@@ -0,0 +1,3 @@
+JELLYSTAT_DB_USER=postgres
+JELLYSTAT_DB_PASSWORD=change_me
+JELLYSTAT_JWT_SECRET=change_me_to_a_random_string

media/jellystat/docker-compose.yml

@@ -0,0 +1,52 @@
+version: "3.8"
+
+services:
+  jellystat-db:
+    image: postgres:15
+    container_name: jellystat-db
+    environment:
+      POSTGRES_DB: jfstat
+      POSTGRES_USER: ${JELLYSTAT_DB_USER:-postgres}
+      POSTGRES_PASSWORD: ${JELLYSTAT_DB_PASSWORD}
+    volumes:
+      - ${DOCKER_PATH}/jellystat/postgres:/var/lib/postgresql/data
+    restart: unless-stopped
+    networks:
+      - traefik_public
+
+  jellystat:
+    image: cyfershepard/jellystat:latest
+    container_name: jellystat
+    environment:
+      POSTGRES_USER: ${JELLYSTAT_DB_USER:-postgres}
+      POSTGRES_PASSWORD: ${JELLYSTAT_DB_PASSWORD}
+      POSTGRES_IP: jellystat-db
+      POSTGRES_PORT: 5432
+      JWT_SECRET: ${JELLYSTAT_JWT_SECRET}
+    volumes:
+      - ${DOCKER_PATH}/jellystat/backup:/app/backend/backup-data
+    depends_on:
+      - jellystat-db
+    expose:
+      - 3000
+    restart: unless-stopped
+    labels:
+      # Traefik
+      traefik.enable: "true"
+      traefik.http.routers.jellystat.rule: "Host(`jellystat.${DOMAIN}`)"
+      traefik.http.routers.jellystat.entrypoints: "https"
+      traefik.http.routers.jellystat.service: "jellystat"
+      traefik.http.routers.jellystat.tls.certresolver: "cloudflare"
+      traefik.http.services.jellystat.loadbalancer.server.port: "3000"
+      # Homepage
+      homepage.group: "Media"
+      homepage.name: "Jellystat"
+      homepage.icon: "jellystat.png"
+      homepage.href: "https://jellystat.${DOMAIN}"
+      homepage.description: "Jellyfin Statistics"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true

media/jellysweep/docker-compose.yml

@@ -0,0 +1,36 @@
+version: "3.8"
+
+services:
+  jellysweep:
+    image: ghcr.io/jon4hz/jellysweep:latest
+    container_name: jellysweep
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ${DOCKER_PATH}/jellysweep/config.yml:/app/config.yml:ro
+      - ${MEDIA_PATH}:/media
+    expose:
+      - 3002
+    restart: unless-stopped
+    labels:
+      # Traefik
+      traefik.enable: "true"
+      traefik.http.routers.jellysweep.rule: "Host(`jellysweep.${DOMAIN}`)"
+      traefik.http.routers.jellysweep.entrypoints: "https"
+      traefik.http.routers.jellysweep.service: "jellysweep"
+      traefik.http.routers.jellysweep.tls.certresolver: "cloudflare"
+      traefik.http.services.jellysweep.loadbalancer.server.port: "3002"
+      # Homepage
+      homepage.group: "Media"
+      homepage.name: "Jellysweep"
+      homepage.icon: "jellyfin.svg" # Using Jellyfin icon as placeholder
+      homepage.href: "https://jellysweep.${DOMAIN}"
+      homepage.description: "Jellyfin Cleanup Tool"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true

media/jellysweep/example.config.yaml

@@ -0,0 +1,14 @@
+jellyfin:
+  url: "http://jellyfin:8096" # Internal docker DNS if on same network, or full URL
+  token: "YOUR_JELLYFIN_API_KEY"
+
+# dry_run: true # Set to false to actually delete files
+
+# Library configuration
+libraries:
+  - name: Movies
+    keep: 1
+    age: 30d # Delete movies older than 30 days
+  - name: TV Shows
+    keep: 1
+    age: 30d

media/plex/docker-compose.yml

@@ -1,43 +0,0 @@
-version: "3.8"
-
-services:
-  plex:
-    image: lscr.io/linuxserver/plex:latest
-    container_name: plex
-    devices:
-      - /dev/dri/renderD128:/dev/dri/renderD128
-      - /dev/dri/card1:/dev/dri/card1
-    group_add:
-      - "992" # Replace this with your host's 'render' group ID
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - PLEX_CLAIM=${PLEX_CLAIM}
-      - TZ=Etc/UTC
-      - VERSION=docker
-    volumes:
-      - ${DOCKER_PATH}/plex/config:/config
-      - ${MEDIA_PATH}:/media
-    expose:
-      - 32400
-    restart: unless-stopped
-    labels:
-      # Traefik
-      traefik.enable: "true"
-      traefik.http.routers.plex.rule: "Host(`plex.${DOMAIN}`)"
-      traefik.http.routers.plex.entrypoints: "https"
-      traefik.http.routers.plex.service: "plex"
-      traefik.http.routers.plex.tls.certresolver: "cloudflare"
-      traefik.http.services.plex.loadbalancer.server.port: "32400"
-      # Homepage
-      homepage.group: "Media"
-      homepage.name: "Plex"
-      homepage.icon: "plex.svg"
-      homepage.href: "https://plex.${DOMAIN}"
-      homepage.description: "Media Server"
-    networks:
-      - traefik_public
-
-networks:
-  traefik_public:
-    external: true

proxies/npm/docker-compose.yml

@@ -1,34 +0,0 @@
-name: "Nginx Proxy Manager"
-
-services:
-  app:
-    image: 'jc21/nginx-proxy-manager:latest'
-    restart: unless-stopped
-    labels:
-      homepage.group: "Proxies"
-      homepage.name: "Nginx Proxy Manager"
-      homepage.icon: "nginx-proxy-manager.png"
-      homepage.href: "http://npm:81"
-      homepage.description: "Reverse Proxy"
-
-    ports:
-      # These ports are in format <host-port>:<container-port>
-      - '80:80' # Public HTTP Port
-      - '443:443' # Public HTTPS Port
-      - '81:81' # Admin Web Port
-      # Add any other Stream port you want to expose
-      # - '21:21' # FTP
-
-    environment:
-      TZ: "Europe/London"
-
-      # Uncomment this if you want to change the location of
-      # the SQLite DB file within the container
-      # DB_SQLITE_FILE: "/data/database.sqlite"
-
-      # Uncomment this if IPv6 is not enabled on your host
-      # DISABLE_IPV6: 'true'
-
-    volumes:
-      - ${CONFIG_ROOT}/npm/data:/data
-      - ${CONFIG_ROOT}/npm/letsencrypt:/etc/letsencrypt

proxies/traefik/docker-compose.yml

@@ -32,7 +32,6 @@ services:
       - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
       - "traefik.http.routers.traefik.entrypoints=https"
       - "traefik.http.routers.traefik.service=api@internal"
-      - "traefik.http.routers.traefik.middlewares=authentik@docker"
       - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
     networks:
       - traefik_public

security/frigate/docker-compose.yml

@@ -0,0 +1,39 @@
+version: "3.9"
+
+services:
+  frigate:
+    container_name: frigate
+    image: ghcr.io/blakeblackshear/frigate:stable
+    shm_size: "512mb" # Update based on camera resolution and count
+    privileged: true # Add this
+    devices:
+      - /dev/dri:/dev/dri # For Intel hardware acceleration
+      # - /dev/bus/usb:/dev/bus/usb # Google Coral USB
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${CONFIG_ROOT}/frigate:/config
+      - ${CONFIG_ROOT}/frigate/storage:/media/frigate
+      - type: tmpfs
+        target: /tmp/cache
+        tmpfs:
+          size: 1000000000
+    ports:
+      - "5000:5000"
+      - "8554:8554" # RTSP feeds
+      - "8555:8555/tcp" # WebRTC
+      - "8555:8555/udp" # WebRTC
+    restart: unless-stopped
+    labels:
+      # Traefik
+      traefik.enable: "true"
+      traefik.http.routers.frigate.rule: "Host(`frigate.${DOMAIN}`)"
+      traefik.http.routers.frigate.entrypoints: "https"
+      traefik.http.routers.frigate.service: "frigate"
+      traefik.http.routers.frigate.tls.certresolver: "cloudflare"
+      traefik.http.services.frigate.loadbalancer.server.port: "5000"
+      # Homepage
+      homepage.group: "Security"
+      homepage.name: "Frigate"
+      homepage.icon: "frigate.svg"
+      homepage.href: "https://frigate.${DOMAIN}"
+      homepage.description: "NVR with AI object detection"