lidarr

Reviewed-on: https://git.mintyserver.net/poslop/DockerConfigs/pulls/6

.gitignore

@@ -0,0 +1,5 @@
+Volumes
+.env
+Piped-Docker
+pterodactyl
+piped.yml

Caddyfile

@@ -0,0 +1,129 @@
+{
+	acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+}
+
+actual.archfox.org {
+	reverse_proxy actual:5006
+}
+
+searxng.archfox.org {
+	reverse_proxy searxng:8080
+}
+
+git.archfox.org {
+	reverse_proxy gitea:3000
+}
+
+jelly.archfox.org {
+	reverse_proxy jellyfin:8096 {
+		header_up +Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/accentlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/base.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/bottombarprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fixes.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/jf_font.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/overlayprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/smallercast.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_floating.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_corner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/glassy.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/pan-animation.css https://ctalvio.github.io/Monochromic/backdrop-hack_style.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/hoverglow.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/scrollfade.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_compactlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_grid.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_border.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_noborder.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent-dashboard.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_minimalistic.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/monochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/kaleidochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/novachromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/light.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/colorful.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark_withaccent.css https://fonts.googleapis.com/css2; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"
+	}
+}
+
+vault.archfox.org {
+	reverse_proxy vaultwarden:80
+}
+
+aria.archfox.org {
+	reverse_proxy ariang:8080
+}
+
+nextcloud.archfox.org {
+	reverse_proxy 10.0.1.45:11000
+}
+
+bookstack.archfox.org {
+	reverse_proxy bookstack:80
+}
+
+panel.archfox.org {
+	reverse_proxy tpanel:80
+
+	php_fastcgi unix//run/php/php8.3-fpm.sock {
+		root /var/www/pterodactyl/public
+		index index.php
+
+		env PHP_VALUE "upload_max_filesize = 100M
+		post_max_size = 100M"
+		env HTTP_PROXY ""
+		env HTTPS "on"
+
+		read_timeout 300s
+		dial_timeout 300s
+		write_timeout 300s
+	}
+
+	header Strict-Transport-Security "max-age=16768000; preload;"
+	header X-Content-Type-Options "nosniff"
+	header X-XSS-Protection "1; mode=block;"
+	header X-Robots-Tag "none"
+	header Content-Security-Policy "frame-ancestors 'self'"
+	header X-Frame-Options "DENY"
+	header Referrer-Policy "same-origin"
+	header Access-Control-Allow-Origin "*"
+	header Access-Control-Allow-Methods "GET, POST, OPTIONS"
+	header Access-Control-Allow-Headers "Authorization, Content-Type"
+
+	request_body {
+		max_size 100m
+	}
+
+	respond /.ht* 403
+}
+
+wings.archfox.org {
+	reverse_proxy twings:443
+}
+
+omada.archfox.org {
+	reverse_proxy host.docker.internal:8043  {
+                transport http {
+                        tls_insecure_skip_verify
+                }
+        	header_up Host "omada.archfox.org:443"
+        }
+}
+
+ai.archfox.org {
+	reverse_proxy open-webui:8080
+}
+
+p.archfox.org {
+	reverse_proxy pastefy:80
+}
+
+archfox.org {
+	root * /srv
+	file_server
+
+	@webfinger {
+		path /.well-known/webfinger
+		method GET HEAD
+		query resource=acct:poslop@archfox.org
+		query resource=mailto:poslop@archfox.org
+		query resource=https://archfox.org
+		query resource=https://archfox.org/
+	}
+	rewrite @webfinger /webfinger.json
+	header @webfinger {
+		Content-Type "application/jrd+json"
+		Access-Control-Allow-Origin "*"
+		X-Robots-Tag "noindex"
+	}
+}
+
+(global) {
+	header {
+		# disable FLoC tracking
+		Permissions-Policy interest-cohort=()
+
+		# enable HSTS
+		Strict-Transport-Security max-age=31536000;
+
+		# keep referrer data off
+		Referrer-Policy no-referrer
+
+		# prevent for appearing in search engine for private instances (option)
+		#X-Robots-Tag noindex
+	}
+}

README.md

@@ -1,15 +1,8 @@
 ## Basics
-This repository is for my documenting my homelab.  Most documentation is found in the Wiki tab of this repository.
+This repository is for documenting my homelab.  Most documentation is found in the Wiki (work in progress) tab of this repository that will link to my bookstack website.
 
 I use docker for all of my services that I run with a docker compose file.  I use ssh through a peer to peer vpn service called [Tailscale](https://tailscale.com/).  Tailscale has functionality to store ssh keys and makes managing them very simple and easy with github accounts.
 
-The homelab is run off of a dedicated server running a headless instance of Arch Linux.  Arch linux is my Distro of preference however if I were to run a server that is required for reliability I would most likely prefer RedHat or similar for a stable environment over rolling release Arch.
+The homelab is run off of a dedicated server running a headless instance of Arch Linux.  Arch linux is my Distro of preference however if I were to run a server that is required for reliability I would most likely prefer RedHat or similar for a stable environment over rolling release Arch but so far Arch has been fine.
 
-Nginx is currently used to share my publicly facing services with a subdomain of mintyserver.net eg https://git.mintyserver.net.  I use a docker image from linuxserver.io called swag.  This contains some nice packages fo nginx such as fail2ban for spam authentication protection and letsencrypt for http ssl certificates.  Not all services are reverse proxied such as my pihole as they are only needed to be accessed by me and therefore only accessible via local or vpn connections.  
+Caddy is currently used to share my publicly facing services with a subdomain of archox.org eg https://git.archox.org. Not all services are reverse proxied such as my DNS server as they are only needed to be accessed by me and therefore only accessible via local or vpn connections.  
-
-
-
-## TODO
-- Investigate a sync service for music playlists between yt spotify musicbrainz and lastfm
-- find email filtering service to host
-- Check out caddy and try it as an alternitive to nginx

build/librewolf-vnc/Dockerfile

@@ -1,23 +0,0 @@
-FROM ghcr.io/linuxserver/baseimage-kasmvnc:alpine319
-
-# set version label
-ARG BUILD_DATE
-ARG VERSION
-ARG FIREFOX_VERSION
-LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
-LABEL maintainer="thelamer"
-
-# title
-ENV TITLE=Librewolf
-
-RUN \
-  echo "**** install packages ****" && \
-  apk add librewolf --no-cache --repository https://dl-cdn.alpinelinux.org/alpine/edge/testing/ --allow-untrusted && \
-  sed -i 's|</applications>|  <application title="LibreWolf" type="normal">\n    <maximized>yes</maximized>\n  </application>\n</applications>|' /etc/xdg/openbox/rc.xml 
-
-# COPY /root /
-
-# ports and volumes
-EXPOSE 3000
-
-VOLUME /config

docker-compose.d/Documentation/bookstack.yml

@@ -0,0 +1,55 @@
+services:
+  bookstack:
+    image: lscr.io/linuxserver/bookstack
+    container_name: bookstack
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Chicago
+      - APP_URL=https://bookstack.archfox.org
+      - APP_KEY=${BOOKKEY}
+      - DB_HOST=bookstack_db
+      - DB_PORT=3306
+      - DB_USERNAME=bookstack
+      - DB_PASSWORD=${PASS}
+      - DB_DATABASE=bookstackapp
+    volumes:
+      - bookstack:/config
+    restart: unless-stopped
+    depends_on:
+      - bookstack_db
+    networks:
+      - caddy
+      - bookstack
+  
+  bookstack_db:
+    image: lscr.io/linuxserver/mariadb
+    container_name: bookstack_db
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Chicago
+      - MYSQL_ROOT_PASSWORD=${PASS}
+      - MYSQL_DATABASE=bookstackapp
+      - MYSQL_USER=bookstack
+      - MYSQL_PASSWORD=${PASS}
+    volumes:
+      - bookstack_db:/config
+    restart: unless-stopped
+    networks:
+      - bookstack
+
+networks:
+  caddy:
+    name: caddy
+    external: true
+  bookstack:
+    name: bookstack
+
+volumes:
+  bookstack:
+    name: bookstack
+    external: true
+  bookstack_db:
+    name: bookstack_db
+    external: true

docker-compose.d/Documentation/gitea.yml

@@ -0,0 +1,25 @@
+services:
+  gitea:
+   container_name: gitea
+   image: gitea/gitea:latest
+   environment:
+     - GITEA__service__DISABLE_REGISTRATION=true
+     - USER_UID=1000
+     - USER_GID=1000
+   volumes:
+     - gitea:/data
+     - /etc/timezone:/etc/timezone:ro
+     - /etc/localtime:/etc/localtime:ro
+   restart: unless-stopped
+   networks: 
+     - caddy
+
+networks:
+  caddy:
+    name: caddy
+    external: true
+
+volumes:
+  gitea:
+    name: gitea
+    external: true

docker-compose.d/Documentation/vaultwarden.yml

@@ -0,0 +1,24 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    environment: 
+      DOMAIN: "https://vault.archfox.org"
+      WEBSOCKET_ENABLED: true
+      SIGNUPS_ALLOWED: false
+      ADMIN_TOKEN: ${PASS} 
+    volumes:
+      - vaultwarden:/data
+    networks: 
+      - caddy
+
+networks:
+  caddy:
+    name: caddy
+    external: true
+
+volumes:
+  vaultwarden:
+    name: vaultwarden
+    external: true

docker-compose.d/Media/arr.yml

@@ -0,0 +1,99 @@
+services:
+  prowlarr:
+    image: lscr.io/linuxserver/prowlarr:latest
+    container_name: prowlarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - prowlarr:/config
+    ports:
+      - 9696:9696
+    restart: unless-stopped
+    networks:
+      - arr
+      - qbit
+
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - sonarr:/config
+      - /mnt/massdrive/media:/mnt/media
+    ports:
+      - 8989:8989
+    restart: unless-stopped
+    networks:
+      - arr
+      - qbit
+
+  lidarr:
+    image: ghcr.io/hotio/lidarr:latest
+    container_name: lidarr
+    hostname: lidarr
+    environment:
+      - TZ=ETC/UTC
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - ${Volumes}/arr/lidarr:/config
+      - /mnt/massdrive/media/Music:/data
+    ports:
+      - 8686:8686
+    restart: unless-stopped
+    networks:
+      - arr
+
+  slskd:
+    image: slskd/slskd
+    container_name: slskd
+    hostname: slskd
+    user: 1000:1000
+    environment:
+      - TZ=ETC/UTC
+      - SLSKD_REMOTE_CONFIGURATION=true
+    ports:
+      - 5030:5030
+      - 5031:5031
+      - 50300:50300
+    volumes:
+      - ${Volumes}/arr/slskd:/app
+      - /mnt/massdrive/media/Music/downloads:/app/downloads
+    restart: unless-stopped
+    networks:
+      - arr
+
+  soularr:
+    image: mrusse08/soularr:latest
+    container_name: soularr
+    hostname: soularr
+    user: 1000:1000
+    environment:
+      - TZ=ETC/UTC
+      - SCRIPT_INTERVAL=300
+    volumes:
+      - /mnt/massdrive/media/Music/downloads:/downloads
+      - ${Volumes}/arr/soularr:/data
+    restart: unless-stopped
+    networks:
+      - arr
+
+networks:
+  arr:
+    name: arr
+  qbit:
+    name: qbit
+    external: true
+
+volumes:
+  prowlarr:
+    name: prowlarr
+    external: true
+  sonarr:
+    name: sonarr
+    external: true

docker-compose.d/Media/jellyfin.yml

@@ -0,0 +1,31 @@
+services:
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    devices: 
+      - /dev/dri:/dev/dri
+    environment: 
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Chicago
+    volumes:
+      - jellyfin:/config
+      - /mnt/massdrive/media:/data
+    ports:
+      - 8096:8096
+    restart: unless-stopped
+    networks:
+      - caddy
+      - shoko
+
+networks:
+  caddy:
+    name: caddy
+    external: true
+  shoko: 
+    name: shoko
+    external: true
+
+volumes:
+  jellyfin:
+    external: true

docker-compose.d/Media/shoko.yml

@@ -0,0 +1,27 @@
+services:
+  shoko:
+    shm_size: 256m
+    container_name: shoko
+    image: shokoanime/server:latest
+    restart: always
+    environment:
+      - "PUID=1000"
+      - "PGID=1000"
+      - "TZ=Etc/UTC"
+    ports:
+      - "8111:8111"
+    volumes:
+      - shoko:/home/shoko/.shoko
+      - /mnt/massdrive/media:/mnt/media
+    networks: 
+      - shoko
+
+networks:
+  shoko:
+    name: shoko
+    external: true
+
+volumes:
+  shoko:
+    name: shoko
+    external: true

docker-compose.d/Networking/caddy.yml

@@ -0,0 +1,43 @@
+services:
+  caddy:
+    image: ghcr.io/caddybuilds/caddy-cloudflare:latest
+    container_name: caddy
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    ports:
+      - 80:80
+      - 443:443
+      - 443:443/udp
+    volumes:
+      - caddy_set:/etc/caddy
+      - caddy_srv:/srv
+      - caddy_data:/data
+      - caddy_config:/config
+    environment:
+      - CLOUDFLARE_API_TOKEN=${CF_CADDY_KEY}
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    networks:
+      - caddy
+
+networks:
+  caddy:
+    name: caddy
+    external: true
+
+volumes:
+  caddy_config:
+    name: caddy_config
+    external: true
+  caddy_data:
+    name: caddy_data
+    external: true
+  caddy_srv:
+    name: caddy_srv
+    external: true
+  caddy_set:
+    name: caddy_set
+    external: true
+  caddy_html:
+    external: true

docker-compose.d/Networking/ddns.yml

@@ -0,0 +1,14 @@
+services:
+  cloudflare-ddns:
+    container_name: ddns
+    image: favonia/cloudflare-ddns:latest
+    network_mode: host
+    restart: always
+    user: "1000:1000"
+    read_only: true
+    cap_drop: [all]
+    security_opt: [no-new-privileges:true]
+    environment:
+      - CLOUDFLARE_API_TOKEN=${CFKEY}
+      - DOMAINS=archfox.org, jelly.archfox.org, searxng.archfox.org, bookstack.archfox.org, vault.archfox.org, git.archfox.org, nextcloud.archfox.org, aria.archfox.org, wings.archfox.org, panel.archfox.org, omada.archfox.org, mc.archfox.org, ai.archfox.org, p.archfox.org, actual.archfox.org
+      - PROXIED=false

docker-compose.d/Networking/omada.yml

@@ -0,0 +1,23 @@
+
+services:
+  omada:
+    container_name: omada
+    image: mbentley/omada-controller:latest
+    restart: unless-stopped
+    ulimits:
+      nofile:
+        soft: 4096
+        hard: 8192
+    stop_grace_period: 60s
+    network_mode: host
+    environment:
+      - TZ=America/Chicago
+    volumes:
+      - omada-data:/opt/tplink/EAPController/data
+      - omada-logs:/opt/tplink/EAPController/logs
+
+volumes:
+  omada-data:
+    external: true
+  omada-logs:
+    external: true

docker-compose.d/Networking/technitium.yml

@@ -0,0 +1,17 @@
+services:
+  technitium:
+    container_name: technitium
+    image: technitium/dns-server:latest
+    network_mode: "host"
+    environment:
+      - DNS_SERVER_DOMAIN=technitium 
+      - DNS_SERVER_ADMIN_PASSWORD=${PASS}
+    volumes:
+      - technitium:/etc/dns
+    restart: unless-stopped
+
+volumes:
+  technitium:
+    name: technitium
+    external: true
+

docker-compose.d/Tools/actual.yml

@@ -0,0 +1,27 @@
+services:
+  actual_server:
+    container_name: actual
+    image: docker.io/actualbudget/actual-server:latest
+    environment:
+      - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=100
+      - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=100
+      - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=100
+    volumes:
+      - actual-data:/data
+    networks:
+      - caddy
+    healthcheck:
+      test: ['CMD-SHELL', 'node src/scripts/health-check.js']
+      interval: 60s
+      timeout: 10s
+      retries: 3
+      start_period: 20s
+    restart: unless-stopped
+
+volumes:
+  actual-data:
+    external: true
+
+networks:
+  caddy:
+    external: true

docker-compose.d/Tools/ariang.yml

@@ -0,0 +1,27 @@
+services:
+  ariang:
+    image: hurlenko/aria2-ariang
+    container_name: aria
+    restart: unless-stopped
+    volumes: 
+      - /mnt/nextcloud:/aria2/data
+      - ariang:/aria2/conf
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - RPC_SECRET=${PASS}
+      - BASIC_AUTH_USERNAME=poslop
+      - BASIC_AUTH_PASSWORD=${PASS}
+      - ARIA2RPCPORT=443
+    networks:
+      - caddy
+
+volumes:
+  ariang:
+    name: ariang
+    external: true
+
+networks:
+  caddy:
+    name: caddy
+    external: true

docker-compose.d/Tools/monerod.yml

@@ -0,0 +1,27 @@
+services:
+  monerod:
+    image: sethsimmons/simple-monerod:latest
+    restart: unless-stopped
+    container_name: monerod
+    volumes:
+      - bitmonero:/home/monero/.bitmonero:rw
+    ports:
+      - 18080:18080
+      - 18089:18089
+      - 18083:18083
+    command:
+      - "--add-priority-node=p2pmd.xmrvsbeast.com:18080"
+      - "--out-peers=32"
+      - "--in-peers=64"
+      - "--disable-dns-checkpoints"
+      - "--rpc-restricted-bind-ip=0.0.0.0"
+      - "--rpc-restricted-bind-port=18089"
+      - "--no-igd"
+      - "--enable-dns-blocklist"
+      - "--prune-blockchain"
+      - "--zmq-pub=tcp://0.0.0.0:18083"
+
+volumes:
+  bitmonero:
+    name: bitmonero
+    external: true

docker-compose.d/Tools/nextcloud-aio.yml

@@ -0,0 +1,21 @@
+services:
+  nextcloud:
+    container_name: nextcloud-aio-mastercontainer
+    init: true
+    restart: unless-stopped
+    image: nextcloud/all-in-one:latest
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    ports:
+      - 8080:8080
+    environment:
+      - APACHE_PORT=11000
+      - APACHE_IP_BINDING=0.0.0.0
+      - NEXTCLOUD_MOUNT=/mnt/nextcloud/
+      - NEXTCLOUD_MEMORY_LIMIT=4096M
+
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer
+    external: true

docker-compose.d/Tools/open-webui.yml

@@ -0,0 +1,21 @@
+services:
+  open-webui:
+    container_name: open-webui
+    image: ghcr.io/open-webui/open-webui:main
+    restart: unless-stopped
+    environment:
+      - OLLAMA_BASE_URL=http://poslop-w:11434
+    volumes:
+      - open-webui:/app/backend/data
+    networks:
+      - caddy
+
+
+volumes:
+  open-webui:
+    external: true
+
+networks:
+  caddy:
+    name: caddy
+    external: true

docker-compose.d/Tools/p2pool.yml

@@ -0,0 +1,23 @@
+services:
+  p2pool:
+    image: sethsimmons/p2pool:latest
+    restart: unless-stopped
+    container_name: p2pool
+    tty: true
+    stdin_open: true
+    volumes: 
+      - p2pool-data:/home/p2pool
+      - /dev/hugepages:/dev/hugepages:rw
+    ports:
+      - 3333:3333
+      - 37889:37889
+    command: >-
+      --wallet "452KRkV1ekYiMh1iy6g3TWbBUGjcJLZH8NYbcd8uaso7Z65CxHsjCmshNaRikDWnRy84kkDZxSfw7DXitNQvhpPW3rmRasA"
+      --stratum "0.0.0.0:3333" --p2p "0.0.0.0:37889" --rpc-port "18089"
+      --host "monerod"
+      --loglevel 1      
+
+volumes:
+  p2pool-data:
+    name: p2pool-data
+    external: true

docker-compose.d/Tools/pastefy.yml

@@ -0,0 +1,45 @@
+services:
+  pastedb:
+   container_name: pastedb
+   image: mariadb:10.11
+   volumes:
+     - pastedb:/var/lib/mysql
+
+   environment:
+     MYSQL_ROOT_PASSWORD: pastefy
+     MYSQL_DATABASE: pastefy
+     MYSQL_USER: pastefy
+     MYSQL_PASSWORD: pastefy
+   networks:
+     - pastefy
+
+  pastefy:
+   container_name: pastefy
+   depends_on:
+     - pastedb
+   image: interaapps/pastefy:latest
+     
+   environment:
+     HTTP_SERVER_PORT: 80
+     HTTP_SERVER_CORS: "*"
+     DATABASE_DRIVER: mysql
+     DATABASE_NAME: pastefy
+     DATABASE_USER: pastefy
+     DATABASE_PASSWORD: pastefy
+     DATABASE_HOST: pastedb
+     DATABASE_PORT: 3306
+     SERVER_NAME: "https://p.archfox.org"
+   networks:
+    - caddy
+    - pastefy
+
+volumes:
+  pastedb:
+    external: true
+
+networks:
+  pastefy:
+    name: pastefy
+  caddy:
+    name: caddy
+    external: true

docker-compose.d/Tools/pterodactyl.yml.tmp

@@ -0,0 +1,130 @@
+###
+# Minimal Configuration File
+#
+# This configuration strips services to the absolute bare essentials to function.
+# Very useful for reverse proxy configurations where a user would override networking anyways.
+###
+
+services:
+  ##
+  # -- Panel Cron --
+  # These are required for schedules and other misc tasks to
+  # function correctly.
+  ##
+  tcron:
+    command: p:cron
+    container_name: tcron
+    env_file: ${TPATH}conf.d/panel.env
+    image: ccarney16/pterodactyl-panel:${PANEL_VERSION:-latest}
+    profiles: [ panel ]
+    restart: always
+    volumes:
+      - tpanel:/data
+    networks:
+      - pterodactyl
+
+  ##
+  # -- Pterodactyl Daemon --
+  # This service provides the wings runtime.
+  ##
+  twings:
+    container_name: twings
+    environment:
+      - TZ=${DAEMON_TIMEZONE:-UTC}
+    image: docker.io/ccarney16/pterodactyl-daemon:${DAEMON_VERSION:-latest}
+    privileged: true
+    profiles: [ daemon ]
+    restart: always
+    volumes:
+      - ${DAEMON_DATA_DIRECTORY:-/var/lib/pterodactyl}:${DAEMON_DATA_DIRECTORY:-/var/lib/pterodactyl}
+      - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock
+      - /tmp/pterodactyl/:/tmp/pterodactyl/
+      - ${TPATH}conf.d/daemon:/etc/pterodactyl
+    working_dir: ${DAEMON_DATA_DIRECTORY:-/var/lib/pterodactyl}
+    networks:
+      - pterodactyl_nw
+      - caddy
+
+  ##
+  # -- MariaDB --
+  # Required for the control panel to work.
+  # Stores Server/User information
+  ##
+  tdb:
+    image: docker.io/library/mariadb:10.11
+    container_name: tdb
+    env_file: ${TPATH}conf.d/mariadb.env
+    networks:
+      - pterodactyl
+    profiles: [ panel ]
+    restart: always
+    volumes:
+      - tdb:/var/lib/mysql
+
+  ##
+  # -- Pterodactyl Panel --
+  # This is the container that provides the main web interface.
+  ##
+  tpanel:
+    env_file: ${TPATH}conf.d/panel.env
+    image: docker.io/ccarney16/pterodactyl-panel:${PANEL_VERSION:-latest}
+    container_name: tpanel
+    profiles: [ panel ]
+    ports:
+      - 4848:80
+    restart: always
+    volumes:
+      - tpanel:/data
+    depends_on:
+      tdb:
+        condition: service_started
+      tredis:
+        condition: service_started
+    networks:
+      - pterodactyl
+      - caddy
+
+  ##
+  # -- Redis --
+  ##
+  tredis:
+    container_name: tredis
+    cpu_count: 2
+    image: docker.io/library/redis:alpine
+    mem_limit: 128m
+    networks:
+      - pterodactyl
+    profiles: [ panel ]
+    restart: always
+
+  ##
+  # -- Panel Worker --
+  ##
+  tworker:
+    container_name: tworker
+    command: p:worker
+    env_file: ${TPATH}conf.d/panel.env
+    image: docker.io/ccarney16/pterodactyl-panel:${PANEL_VERSION:-latest}
+    profiles: [ panel ]
+    restart: always
+    volumes:
+      - tpanel:/data
+    networks:
+      - pterodactyl
+
+volumes:
+  tpanel:
+    name: tpanel
+    external: true
+  tdb:
+    name: tdb
+    external: true
+
+networks:
+  caddy:
+    external: true
+  pterodactyl:
+    external: true
+  pterodactyl_nw:
+    external: true
+

docker-compose.d/Tools/qbit.yml

@@ -0,0 +1,54 @@
+services:
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    environment:
+      - DOCKER_MODS=ghcr.io/vuetorrent/vuetorrent-lsio-mod:latest
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - WEBUI_PORT=8181
+    network_mode: "service:gluetun"
+    volumes:
+      - qbittorrent:/config
+      - /mnt/nextcloud:/mnt/files
+    restart: unless-stopped
+    depends_on:
+      gluetun:
+        condition: service_healthy
+
+
+  gluetun:
+    image: qmcgaw/gluetun:v3
+    cap_add:
+      - NET_ADMIN
+    container_name: gluetun
+    environment:
+      - VPN_SERVICE_PROVIDER=mullvad        
+      - VPN_TYPE=wireguard
+      - WIREGUARD_PRIVATE_KEY=${MULLKEY}    
+      - WIREGUARD_ADDRESSES=10.75.99.140/32
+      - SERVER_COUNTRIES=USA
+      - SERVER_CITIES=Chicago IL
+      #- DNS_ADDRESS=10.64.0.1
+    volumes:
+      - gluetun:/gluetun
+    devices:
+      - /dev/net/tun:/dev/net/tun 
+    ports:
+      - 8181:8181
+      - 6881:6881
+      - 6881:6881/udp
+    restart: unless-stopped
+    networks:
+      - qbit 
+
+volumes:
+  qbittorrent:
+    external: true
+  gluetun:
+    external: true
+
+networks:
+   qbit:
+      external: true

docker-compose.d/Tools/searxng.yml

@@ -0,0 +1,21 @@
+services:
+  searxng:
+    image: searxng/searxng:latest
+    container_name: searxng
+    environment: 
+      - BASE_URL=https://searxng.archfox.org
+    volumes:
+      - searxng:/etc/searxng
+    restart: unless-stopped
+    networks: 
+      - caddy
+
+networks:
+  caddy:
+    name: caddy
+    external: true
+
+volumes:
+  searxng:
+    name: searxng
+    external: true

docker-compose.d/Tools/watchtower.yml

@@ -0,0 +1,6 @@
+services:
+  watchtower:
+    container_name: watchtower
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock

docker-compose.yml

@@ -1,411 +0,0 @@
-networks:
-  swag:
-    name: swag
-    ipam:
-      config:
-        - subnet: 172.20.0.0/16
-  qbit:
-    name: qbit
-  shoko:
-    name: shoko
-  arr:
-    name: arr
-
-services:
-  firefox:
-    image: lscr.io/linuxserver/firefox:latest
-    container_name: firefox
-    security_opt:
-      - seccomp:unconfined #optional
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Etc/UTC
-    volumes:
-      - firefox:/config
-    ports:
-      - 3003:3000
-      - 3004:3001
-    shm_size: "1gb"
-    restart: unless-stopped
-
-  librewolf:
-    image: d3ec5f138a5c
-    container_name: librewolf
-    security_opt:
-      - seccomp:unconfined #optional
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Etc/UTC
-    volumes:
-      - librewolf-conf:/config
-    ports:
-      - 3000:3000
-      - 3001:3001
-    shm_size: "10gb"
-    restart: unless-stopped
-
-  syncthing:
-    image: lscr.io/linuxserver/syncthing:latest
-    container_name: syncthing
-    environment:
-      - PUID=1000
-      - PGID=1000
-    volumes:
-      - syncdata:/config
-      - /mnt/nextcloud:/mnt/files
-    ports:
-      - 8384:8384
-      - 22000:22000/tcp
-      - 22000:22000/udp
-      - 21027:21027/udp
-    restart: unless-stopped
-
-  caddy:
-    image: caddy:latest
-    container_name: caddy
-    restart: unless-stopped
-    cap_add:
-      - NET_ADMIN
-    ports:
-      - 80:80
-      - 443:443
-      - 443:443/udp
-    volumes:
-      - caddy_set:/etc/caddy
-      - caddy_srv:/srv
-      - caddy_data:/data
-      - caddy_config:/config
-    networks:
-      swag:
-        ipv4_address: 172.20.0.10
-
-
-  technitium:
-    container_name: technitium
-    image: technitium/dns-server:latest
-    network_mode: "host"
-        # ports:
-        #   - "5380:5380/tcp" #DNS web console (HTTP)
-        #   # - "53443:53443/tcp" #DNS web console (HTTPS)
-        #   - "53:53/udp" #DNS service
-        #   - "53:53/tcp" #DNS service
-        #   # - "853:853/udp" #DNS-over-QUIC service
-        #   # - "853:853/tcp" #DNS-over-TLS service
-        #   # - "443:443/udp" #DNS-over-HTTPS service (HTTP/3)
-        #   # - "443:443/tcp" #DNS-over-HTTPS service (HTTP/1.1, HTTP/2)
-        #   # - "80:80/tcp" #DNS-over-HTTP service (use with reverse proxy or certbot certificate renewal)
-        #   # - "8053:8053/tcp" #DNS-over-HTTP service (use with reverse proxy)
-        #   # - "67:67/udp" #DHCP service      
-    environment:
-      - DNS_SERVER_DOMAIN=technitium #The primary domain name used by this DNS Server to identify itself.
-      - DNS_SERVER_ADMIN_PASSWORD=${PASS}
-    volumes:
-      - technitium:/etc/dns
-    restart: unless-stopped
-      #    sysctls:
-      #      - net.ipv4.ip_local_port_range=1024 65000
-
-  prowlarr:
-    image: lscr.io/linuxserver/prowlarr:latest
-    container_name: prowlarr
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Etc/UTC
-    volumes:
-      - prowlarr:/config
-    ports:
-      - 9696:9696
-    restart: unless-stopped
-    networks:
-      - arr
-      - qbit
-
-  sonarr:
-    image: lscr.io/linuxserver/sonarr:latest
-    container_name: sonarr
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Etc/UTC
-    volumes:
-      - sonarr:/config
-      - /mnt/massdrive/media:/mnt/media
-    ports:
-      - 8989:8989
-    restart: unless-stopped
-    networks:
-      - arr
-      - qbit
-
-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    container_name: qbittorrent
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Etc/UTC
-      - WEBUI_PORT=8181
-    volumes:
-      - qbittorrent:/config
-      - /mnt/nextcloud:/mnt/files
-    ports:
-      - 8181:8181
-      - 6881:6881
-      - 6881:6881/udp
-    restart: unless-stopped
-    networks: 
-      - qbit
-
-  shoko:
-    shm_size: 256m
-    container_name: shoko
-    image: shokoanime/server:daily
-    restart: always
-    environment:
-      - "PUID=1000"
-      - "PGID=1000"
-      - "TZ=Etc/UTC"
-    ports:
-      - "8111:8111"
-    volumes:
-      - shoko:/home/shoko/.shoko
-      - /mnt/massdrive/media:/mnt/media
-    networks: 
-      - shoko
-
-
-  vaultwarden:
-    image: vaultwarden/server:latest
-    container_name: vaultwarden
-    restart: unless-stopped
-    environment: 
-      DOMAIN: "https://vault.mintyserver.net"
-      WEBSOCKET_ENABLED: true
-      SIGNUPS_ALLOWED: false
-      ADMIN_TOKEN: ${PASS} 
-    volumes:
-      - vaultwarden:/data
-    networks: 
-      - swag
-    ports:
-      - 8089:80
-
-
-  monerod:
-    image: sethsimmons/simple-monerod:latest
-    restart: unless-stopped
-    container_name: monerod
-    volumes:
-      - bitmonero:/home/monero/.bitmonero:rw
-    ports:
-      - 18080:18080
-      - 18089:18089
-      - 18083:18083
-    command:
-      - "--disable-dns-checkpoints"
-      - "--rpc-restricted-bind-ip=0.0.0.0"
-      - "--rpc-restricted-bind-port=18089"
-      - "--no-igd"
-      - "--enable-dns-blocklist"
-      - "--prune-blockchain"
-      - "--zmq-pub=tcp://0.0.0.0:18083"
-
-  p2pool:
-    image: sethsimmons/p2pool:latest
-    restart: unless-stopped
-    container_name: p2pool
-    tty: true
-    stdin_open: true
-    volumes: 
-      - p2pool-data:/home/p2pool
-      - /dev/hugepages:/dev/hugepages:rw
-    ports:
-      - 3333:3333
-      - 37889:37889
-    command: >-
-      --wallet "48Whozrwq4jDA6JZ3vJw3Z22VFCCdi4MnLDH5WfHX33w8ehHZ3hRsJC6JBFmgau8BjbXzfL6Um1GdGNfzzbqueDGPhSusji"
-      --stratum "0.0.0.0:3333" --p2p "0.0.0.0:37889" --rpc-port "18089"
-      --host "monerod"
-      --loglevel 1
-
-
-  ariang:
-    image: hurlenko/aria2-ariang
-    container_name: aria
-      #ports: 
-      #- 8989:8080
-    restart: unless-stopped
-    volumes: 
-      - /mnt/nextcloud:/aria2/data
-      - ariang:/aria2/conf
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - RPC_SECRET=${PASS}
-      - BASIC_AUTH_USERNAME=poslop
-      - BASIC_AUTH_PASSWORD=${PASS}
-      - ARIA2RPCPORT=443
-    networks:
-      - swag
-        # network_mode: none
-
-  searxng:
-    image: searxng/searxng:latest
-    container_name: searxng
-    environment: 
-      - BASE_URL=https://searxng.mintyserver.net
-    volumes:
-      - searxng:/etc/searxng
-        #    ports:
-        #      - 8998:8080
-    restart: unless-stopped
-    networks: 
-      - swag
-
-  puffer:
-    image: pufferpanel/pufferpanel:latest
-    container_name: puffer
-    restart: always
-        #ports:
-        #  - 8081:8080
-        #  - 5657:5657
-    volumes:
-      - puffer-config:/etc/pufferpanel
-      - /var/lib/pufferpanel:/var/lib/pufferpanel
-      - /var/run/docker.sock:/var/run/docker.sock
-    networks: 
-      - swag
-
-  gitea:
-   image: gitea/gitea:latest
-   container_name: gitea
-   environment:
-     - USER_UID=1000
-     - USER_GID=1000
-   restart: always
-   volumes:
-     - gitea:/data
-     - /etc/timezone:/etc/timezone:ro
-     - /etc/localtime:/etc/localtime:ro
-   ports:
-     - "3030:3000"
-       #  - "222:22"
-   networks: 
-     - swag
- 
-  jellyfin:
-    image: lscr.io/linuxserver/jellyfin:latest
-    container_name: jellyfin
-    devices: 
-      - /dev/dri:/dev/dri
-    environment: 
-      - PUID=1000
-      - PGID=1000
-      - TZ=America/Chicago
-    volumes:
-      - jellyfin:/config
-      - /mnt/massdrive/media:/data
-        # ports:
-        #   - 7359:7359/udp
-        #   - 1900:1900/udp
-        #   - 8096:8096
-    restart: unless-stopped
-    networks:
-      - swag
-      - shoko
-
-        #swag:
-        #  container_name: swag
-        #  image: lscr.io/linuxserver/swag:latest
-        #  restart: unless-stopped
-        #  volumes:
-        #    - swag:/config
-        #  environment:
-        #    - PUID=1000
-        #    - PGID=1000
-        #    - TZ=America/Chicago
-        #    - URL=mintyserver.net
-        #    - VALIDATION=http 
-        #    - SUBDOMAINS=aria,git,nextcloud,jelly,searxng,puffer,vault
-        #  ports:
-        #    - 443:443
-        #    - 80:80
-        #  networks: 
-        #    - swag
-
-  nextcloud:
-    container_name: nextcloud-aio-mastercontainer
-    init: true
-    restart: unless-stopped
-    image: nextcloud/all-in-one:latest
-    volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    ports:
-      # - 8666:80
-      - 8080:8080
-        # - 8443:8443
-    environment:
-      - APACHE_PORT=11000
-      - APACHE_IP_BINDING=0.0.0.0
-        #- NEXTCLOUD_DATADIR=/mnt/docker/configs/ncaio
-      - NEXTCLOUD_MOUNT=/mnt/nextcloud/
-      - NEXTCLOUD_MEMORY_LIMIT=4096M
-
-  watchtower:
-    image: containrrr/watchtower
-    container_name: watchtower
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-
-
-volumes:
-  caddy_config:
-    name: caddy_config
-  caddy_data:
-    name: caddy_data
-  caddy_srv:
-    name: caddy_srv
-  caddy_set:
-    name: caddy_set
-  vaultwarden:
-    name: vaultwarden
-  qbittorrent:
-    name: qbittorrent
-  shoko:
-    name: shoko
-  ariang:
-    name: ariang
-  puffer-config:
-    name: puffer-config
-  puffer-lib:
-    name: puffer-lib
-  searxng:
-    name: searxng
-  jellyfin: 
-    name: jellyfin
-  gitea:
-    name: gitea
-  technitium:
-    name: technitium
-  sonarr:
-    name: sonarr
-  prowlarr:
-    name: prowlarr
-  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer
-  bitmonero:
-    name: bitmonero
-  p2pool-data:
-    name: p2pool-data
-  swag:
-    name: swag
-  syncdata:
-    name: syncdata
-  librewolf-conf:
-    name: librewolf-conf
-  firefox:
-    name: firefox

scripts/permfix

@@ -1,3 +1,4 @@
 # Adds the group 1000 and then adds that group to user 33 to nextcloud container to fix permissions
 docker exec -it nextcloud-aio-nextcloud groupadd -g 1000 poslop
 docker exec -it nextcloud-aio-nextcloud usermod www-data -aG poslop
+docker exec -u 33 nextcloud-aio-nextcloud ./occ files:scan poslop

scripts/run-all.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Define the path to the .env file (root-level)
+ENV_FILE="/mnt/docker/.env"
+
+# Base directory where the service Compose files are located
+COMPOSE_DIR="/mnt/docker/docker-compose.d"
+
+# List of service directories under docker-compose.d
+services=(
+    "Documentation/bookstack.yml"
+    "Documentation/gitea.yml"
+    "Documentation/vaultwarden.yml"
+    "Media/arr.yml"
+    "Media/jellyfin.yml"
+    "Media/shoko.yml"
+    "Networking/technitium.yml"
+    "Networking/caddy.yml"
+    "Networking/omada.yml"
+    "Networking/ddns.yml"
+    "Tools/searxng.yml"
+    "Tools/monerod.yml"
+    "Tools/p2pool.yml"
+    "Tools/ariang.yml"
+    "Tools/nextcloud-aio.yml"
+    "Tools/qbit.yml"
+    "Tools/open-webui.yml"
+    "Tools/watchtower.yml"
+    "Tools/pastefy.yml"
+    "Tools/actual.yml"
+    "pterodactyl/docker-compose.yml"
+)
+
+# Start building the docker compose command with multiple -f flags
+COMPOSE_COMMAND="docker compose --env-file \"$ENV_FILE\""
+
+# Loop through each service and append the -f flag for each compose file
+for service in "${services[@]}"; do
+    COMPOSE_COMMAND+=" -f \"$COMPOSE_DIR/$service\""
+done
+
+# Add the up command to the final docker compose command
+COMPOSE_COMMAND+=" --profile panel --profile daemon up -d"
+
+# Execute the composed command
+eval $COMPOSE_COMMAND
+
+echo "All services have been started."