services: flaresolverr: networks: - media image: ghcr.io/flaresolverr/flaresolverr:latest container_name: flaresolverr restart: always user: ${PUID}:${PGID} volumes: - /etc/localtime:/etc/localtime:ro environment: - TZ=${TZ} - LOG_LEVEL=${LOG_LEVEL:-info} - LOG_HTML=${LOG_HTML:-false} - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} sonarr: networks: - media - web depends_on: - qt - prowlarr image: linuxserver/sonarr container_name: sonarr restart: always volumes: - /etc/localtime:/etc/localtime:ro - /mnt/data/opt/arr/sonarr/config:/config - /mnt/data/torrents_complete:/data/torrents_complete - /mnt/data/shows:/data/shows - /mnt/data/kids_shows:/data/kids_shows - /mnt/data/nobackup/sonarr/MediaCover:/config/MediaCover - /mnt/data/nobackup/sonarr/logs:/config/logs - /mnt/data/nobackup/sonarr/Backups:/config/Backups user: ${PUID}:${PGID} environment: - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.docker.network=web" - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN:-averytribe.com}`)" - "traefik.http.routers.sonarr.entrypoints=websecure" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.services.sonarr.loadbalancer.server.port=8989" - "traefik.http.routers.sonarr.middlewares=authelia@docker" radarr: networks: - media - web depends_on: - qt - prowlarr image: linuxserver/radarr container_name: radarr user: ${PUID}:${PGID} environment: - TZ=${TZ} volumes: - /mnt/data/opt/arr/radarr/config:/config - /mnt/data/movies:/data/movies - /mnt/data/kids_movies:/data/kids_movies - /mnt/data/torrents_complete:/data/torrents_complete - /etc/localtime:/etc/localtime:ro - /mnt/data/nobackup/radarr/MediaCover:/config/MediaCover - /mnt/data/nobackup/radarr/logs:/config/logs - /mnt/data/nobackup/radarr/Backups:/config/Backups labels: - "traefik.enable=true" - "traefik.docker.network=web" - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN:-averytribe.com}`)" - "traefik.http.routers.radarr.entrypoints=websecure" - "traefik.http.routers.radarr.tls=true" - "traefik.http.services.radarr.loadbalancer.server.port=7878" - "traefik.http.routers.radarr.middlewares=authelia@docker" restart: always prowlarr: networks: - media - web image: lscr.io/linuxserver/prowlarr:develop container_name: prowlarr restart: always user: ${PUID}:${PGID} volumes: - /etc/localtime:/etc/localtime:ro - /mnt/data/opt/arr/prowlarr/config:/config labels: - "traefik.enable=true" - "traefik.docker.network=web" - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN:-averytribe.com}`)" - "traefik.http.routers.prowlarr.entrypoints=websecure" - "traefik.http.routers.prowlarr.tls=true" - "traefik.http.services.prowlarr.loadbalancer.server.port=9696" - "traefik.http.routers.prowlarr.middlewares=authelia@docker" qt: container_name: qt image: ghcr.io/hotio/qbittorrent restart: always environment: - UMASK=002 - TZ=${TZ} - WEBUI_PORTS=8090/tcp,8090/udp volumes: - /etc/localtime:/etc/localtime:ro - /mnt/data/opt/arr/qtorrent/config:/config - /mnt/data/torrents:/data/torrents - /mnt/data/torrents_complete:/data/torrents_complete network_mode: service:gluetun # run on the vpn network depends_on: gluetun: condition: service_healthy labels: - "traefik.enable=true" - "traefik.docker.network=web" - "traefik.http.routers.qt.rule=Host(`qt.${DOMAIN:-averytribe.com}`)" - "traefik.http.routers.qt.entrypoints=websecure" - "traefik.http.routers.qt.tls=true" - "traefik.http.services.qt.loadbalancer.server.port=8090" - "traefik.http.routers.qt.middlewares=authelia@docker" gluetun: image: qmcgaw/gluetun container_name: gluetun restart: always cap_add: - NET_ADMIN volumes: - /mnt/data/opt/arr/gluetun/config:/gluetun - /mnt/data/opt/arr/tmp/gluetun:/tmp/gluetun devices: - /dev/net/tun:/dev/net/tun networks: web: media: aliases: - qt environment: - HTTPPROXY=off #change to on if you wish to enable - SHADOWSOCKS=off #change to on if you wish to enable - UMASK=002 - TZ=${TZ} - VPN_SERVICE_PROVIDER=private internet access - OPENVPN_USER=${VPN_USER} - OPENVPN_PASSWORD=${VPN_PASS} - SERVER_REGIONS=CA Montreal - PORT_FORWARD_ONLY=true - VPN_PORT_FORWARDING=on - FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16 jellyfin: image: jellyfin/jellyfin container_name: jellyfin user: ${PUID}:${PGID} devices: - /dev/bus/usb/002 ports: - 8096:8096 volumes: - /mnt/data/nobackup/jellyfin/metadata:/metadata - /mnt/data/opt/arr/jellyfin/config:/config - /mnt/data/torrents_complete:/mnt/data/torrents_complete - type: bind source: /mnt/data/movies target: /movies read_only: false - type: bind source: /mnt/data/shows target: /shows read_only: false - type: bind source: /mnt/data/kids_movies target: /kids_movies read_only: false - type: bind source: /mnt/data/kids_shows target: /kids_shows read_only: false restart: 'unless-stopped' environment: - JELLYFIN_PublishedServerUrl=https://media.${DOMAIN:-averytribe.com} networks: - web labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`media.${DOMAIN:-averytribe.com}`)" - "traefik.http.routers.jellyfin.entrypoints=websecure" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" traefik: container_name: traefik image: traefik:v3 depends_on: - authelia - www command: - "--api.insecure=false" - "--api.dashboard=false" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" - "--log.level=WARN" - "--accesslog=false" - "--entrypoints.web.address=:80" - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.http.tls=true" - "--entrypoints.websecure.http.tls.certResolver=letsencrypt" - "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN:-averytribe.com}" - "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN:-averytribe.com}" # Let's Encrypt with Cloudflare DNS challenge - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" - "--certificatesresolvers.letsencrypt.acme.email=${EMAIL}" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt-cloudflare/acme.json" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53" ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./letsencrypt-cloudflare:/letsencrypt-cloudflare - ./logs:/var/log/traefik - ./dynamic:/etc/traefik/dynamic env_file: - .env restart: always networks: - web labels: - "traefik.enable=true" - "traefik.docker.network=web" www: image: nginx:alpine container_name: www restart: unless-stopped volumes: - ./www:/usr/share/nginx/html:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro networks: - web labels: - "traefik.enable=true" - "traefik.docker.network=web" - "traefik.http.routers.www.rule=Host(`${DOMAIN:-averytribe.com}`) || Host(`www.${DOMAIN:-averytribe.com}`)" - "traefik.http.routers.www.entrypoints=websecure" - "traefik.http.routers.www.tls=true" - "traefik.http.services.www.loadbalancer.server.port=80" networks: media: name: media web: name: web