x-logging: &logging logging: driver: "local" options: max-size: "5m" max-file: "2" #x-firecrawl-service: &firecrawl-service # image: ghcr.io/mendableai/firecrawl # #x-firecrawl-env: &firecrawl-env # REDIS_URL: redis://redis:6379 # REDIS_RATE_LIMIT_URL: redis://redis:6379 # PLAYWRIGHT_MICROSERVICE_URL: http://playwright:3000/scrape services: # change: # <<: *logging # profiles: ["prod"] # container_name: change # image: node:alpine # build: ./change-game # environment: # - PORT=9000 # - VIRTUAL_HOST=rec.${DOMAIN} # - CERT_NAME=${DOMAIN} # - VIRTUAL_PORT=9000 # networks: # - nginx # volumes: # - change:/change/public foundry: profiles: ["prod"] <<: *logging image: felddy/foundryvtt:release volumes: - /mnt/tower/foundry:/data - /opt/scarif/foundry/patches:/data/patches restart: always environment: - "FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}" - "FOUNDRY_USERNAME=${FOUNDRY_USER}" - FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN_KEY} - FOUNDRY_HOSTNAME=https://rec.${DOMAIN} - FOUNDRY_PROXY_PORT=443 - FOUNDRY_PORT=443 - FOUNDRY_PROXY_SSL=true - FOUNDRY_ROUTE_PREFIX=foundry - CONTAINER_CACHE=/data/container_cache - CONTAINER_PATCHES=/data/patches - FOUNDRY_UID=1000 - FOUNDRY_GID=1000 - VIRTUAL_HOST=rec.${DOMAIN} - CERT_NAME=${DOMAIN} - VIRTUAL_PORT=30000 - VIRTUAL_PATH=/foundry networks: - nginx nextcloud: profiles: ["prod", "dev"] <<: *logging build: ./nextcloud image: nextcloud:32-fpm-alpine restart: unless-stopped user: 1000:1000 ports: - 9000:9000 volumes: - nextcloud:/var/www/html - ./nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini - /mnt/tower/stardust:/var/www/html/data - /mnt/tower/foundry:/var/www/foundry environment: - VIRTUAL_HOST=tower.${DOMAIN} - CERT_NAME=${DOMAIN} - VIRTUAL_PORT=9000 - VIRTUAL_PROTO=fastcgi - REDIS_HOST=redis - MYSQL_HOST=db - MYSQL_PASSWORD=${DB_PASSWORD} - MYSQL_DATABASE=nextcloud - MYSQL_USER=${DB_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - MAIL_FROM_ADDRESS=${MAIL_FROM} - SMTP_HOST=${MAIL_HOST} - SMTP_PORT=${MAIL_PORT} - SMTP_USER=${MAIL_USER} - SMTP_PASSWORD=${MAIL_PASSWORD} - "NEXTCLOUD_TRUSTED_DOMAINS=tower.${DOMAIN} 127.0.0.1" - USER_UID=1000 - USER_GID=1000 - APACHE_RUN_USER=1000 - APACHE_RUN_GROUP=1000 depends_on: - db - redis networks: - db - redis - nginx extra_hosts: - "tower.${DOMAIN}:${LOCAL_IP}" - "office.${DOMAIN}:${LOCAL_IP}" collabora: profiles: ["prod", "dev"] <<: *logging image: collabora/code restart: unless-stopped cap_add: - MKNOD environment: - VIRTUAL_HOST=office.${DOMAIN} - CERT_NAME=${DOMAIN} - VIRTUAL_PORT=9980 - "DONT_GEN_SSL_CERT=True" - domain=tower.${DOMAIN} - "aliasgroup1=https://tower.${DOMAIN}" - cert_domain=office.${DOMAIN} - server_name=office.${DOMAIN} - username=${COLLABORA_USER} - password=${COLLABORA_PASSWORD} - "extra_params=-o:ssl.enable=false --o:ssl.termination=true" - "dictionaries=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru ro" networks: - nginx extra_hosts: - "tower.${DOMAIN}:${LOCAL_IP}" - "office.${DOMAIN}:${LOCAL_IP}" gitea: profiles: ["prod", "dev"] <<: *logging image: gitea/gitea:1 environment: - VIRTUAL_HOST=labs.${DOMAIN} - CERT_NAME=${DOMAIN} - VIRTUAL_PORT=3000 - "APP_NAME=Labs: Where the good stuff happens" - RUN_MODE=prod - DOMAIN=labs.${DOMAIN} - ROOT_URL=https://labs.${DOMAIN} - DB_TYPE=mysql - DB_HOST=db - DB_NAME=gitea - DB_USER=${DB_USER} - DB_PASSWD=${DB_PASSWORD} - USER_UID=1200 - USER_GID=1200 - DISABLE_REGISTRATION=true restart: always volumes: - gitea:/data - /mnt/tower/labs:/data/git - /home/git/.ssh/:/data/git/.ssh/ - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "127.0.0.1:2222:22" networks: - db - nginx depends_on: - db librechat: image: ghcr.io/danny-avila/librechat-dev-api:latest ports: - 3080:3080 networks: - nginx - redis - db depends_on: - mongodb # - rag_api restart: always extra_hosts: - "host.docker.internal:host-gateway" <<: *logging environment: - VIRTUAL_HOST=droid.${DOMAIN} - VIRTUAL_PORT=3080 - CERT_NAME=${DOMAIN} - HOST=0.0.0.0 - NODE_ENV=production - MONGO_URI=mongodb://${DB_USER}:${DB_PASSWORD}@mongodb:27017/LibreChat?authSource=admin #- MEILI_HOST=http://meilisearch:7700 #- MEILI_MASTER_KEY=${MEILI_MASTER_KEY} #- RAG_PORT=8000 #- RAG_API_URL=http://rag_api:8000 #- SEARXNG_INSTANCE_URL=http://searxng:8080 #- SEARXNG_API_KEY=${SEARXNG_SECRET_KEY} #- FIRECRAWL_URL=http://firecrawl:3002 #- FIRECRWAL_API_KEY= - ALLOW_EMAIL_LOGIN=true - ALLOW_REGISTRATION=false - ALLOW_SOCIAL_LOGIN=false - ALLOW_SOCIAL_REGISTRATION=false - ALLOW_PASSWORD_RESET=false - ALLOW_ACCOUNT_DELETION=false - ALLOW_UNVERIFIED_EMAIL_LOGIN=true - CREDS_KEY=${LIBRECHAT_CREDS_KEY} - CREDS_IV=${LIBRECHAT_CREDS_IV} - JWT_SECRET=${LIBRECHAT_JWT_SECRET} - JWT_REFRESH_SECRET=${LIBRECHAT_JWT_REFRESH_SECRET} - AIHUBMIX_KEY=${AIHUBMIX_KEY} - OPENROUTER_KEY=${OPENROUTER_KEY} - IMAGE_GEN_OAI_BASEURL=https://aihubmix.com/v1 - IMAGE_GEN_OAI_API_KEY=${AIHUBMIX_KEY} - IMAGE_GEN_OAI_MODEL=qwen-image-plus #- JINA_API_KEY=${JINA_API_KEY} volumes: - type: bind source: ./librechat/librechat.yaml target: /app/librechat.yaml - /mnt/tower/stardust/chris/files/.droid/images:/app/client/public/images - /mnt/tower/stardust/chris/files/.droid/uploads:/app/uploads - /mnt/tower/stardust/chris/files/.droid/logs:/app/logs - /mnt/tower/stardust/chris/files/:/files searxng: image: docker.io/searxng/searxng:latest restart: unless-stopped networks: - nginx - redis volumes: - ./searxng:/etc/searxng:rw - searxng:/var/cache/searxng:rw environment: - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/ - SEARXNG_SECRET=${SEARXNG_SECRET_KEY} - VIRTUAL_HOST=holocron.${DOMAIN} - VIRTUAL_PORT=8080 - CERT_NAME=${DOMAIN} <<: *logging openclaw-gateway: image: alpine/openclaw build: args: OPENCLAW_DOCKER_APT_PACKAGES: "git curl jq ffmpeg build-essentials fzf ripgrep fd imagemagick exiftool" user: 1000:1000 environment: HOME: /home/node TERM: xterm-256color OPENROUTER_API_KEY: ${OPENROUTER_KEY} OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN} BRAVE_API_KEY: ${BRAVE_API_KEY} TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN} VIRTUAL_HOST: kiwa.${DOMAIN} VIRTUAL_PORT: "18789" volumes: - ./openclaw/config:/home/node/.openclaw - ./openclaw/workspace:/home/node/.openclaw/workspace - /mnt/tower/stardust/chris/files/:/files:ro - openclaw:/home/node ports: - "${OPENCLAW_GATEWAY_PORT:-18789}:18789" - "${OPENCLAW_BRIDGE_PORT:-18790}:18790" networks: - nginx init: true restart: unless-stopped command: [ "node", "dist/index.js", "gateway", "--bind", "${OPENCLAW_GATEWAY_BIND:-lan}", "--port", "18789", ] openclaw-cli: image: alpine/openclaw build: args: OPENCLAW_DOCKER_APT_PACKAGES: "git curl jq ffmpeg build-essentials fzf ripgrep fd imagemagick exiftool" user: 1000:1000 environment: HOME: /home/node TERM: xterm-256color OPENROUTER_API_KEY: ${OPENROUTER_KEY} BRAVE_API_KEY: ${BRAVE_API_KEY} TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN} BROWSER: echo volumes: - ./openclaw/config:/home/node/.openclaw - ./openclaw/workspace:/home/node/.openclaw/workspace - /mnt/tower/stardust/chris/files/:/files:ro - openclaw:/home/node stdin_open: true tty: true init: true entrypoint: ["node", "dist/index.js"] minecraft: profiles: ["prod"] <<: *logging image: itzg/minecraft-server tty: true stdin_open: true ports: - "25565:25565" environment: - TYPE=VANILLA - VERSION=LATEST - EULA=TRUE - MEMORY=2G - RCON_PASSWORD=${MINECRAFT_PASSWORD} - MOTD="Scarif Minecraft Server" - WHITELIST=${MINECRAFT_WHITELIST} volumes: - minecraft:/data mc-backup: profiles: ["prod"] <<: *logging image: itzg/mc-backup depends_on: minecraft: condition: service_healthy environment: - RCON_HOST=minecraft - RCON_PASSWORD=${MINECRAFT_PASSWORD} - INITIAL_DELAY=0 - BACKUP_INTERVAL=24h - PAUSE_IF_NO_PLAYERS=true - PLAYERS_ONLINE_CHECK_INTERVAL=10 - PRUNE_BACKUPS_DAYS=30 volumes: - minecraft:/data:ro - /mnt/backups/minecraft:/backups navidrome: profiles: ["prod"] <<: *logging image: deluan/navidrome:latest restart: unless-stopped environment: - VIRTUAL_HOST=radio.${DOMAIN} - CERT_NAME=${DOMAIN} - VIRTUAL_PORT=4533 - ND_SCANSCHEDULE=1h - ND_LOGLEVEL=info - ND_SESSIONTIMEOUT=24h - ND_BASEURL=https://radio.${DOMAIN} volumes: - navidrome:/data - /mnt/tower/stardust/chris/files/Music:/music:ro networks: - nginx pihole: profiles: ["prod"] <<: *logging image: pihole/pihole:latest ports: - "53:53/tcp" - "53:53/udp" environment: - VIRTUAL_HOST=net.${DOMAIN} - CERT_NAME=${DOMAIN} - TZ="Europe/London" - WEBPASSWORD=${PIHOLE_PASSWORD} volumes: - "/docker/pihole/etc-pihole:/etc/pihole" - "/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d" restart: unless-stopped networks: - nginx # jitsi: # profiles: ["prod"] # <<: *logging # image: jitsi/web:stable # restart: unless-stopped # volumes: # - ${CONFIG}/web:/config:Z # - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z # - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z # environment: # - VIRTUAL_HOST=comms.${DOMAIN} # - VIRTUAL_PORT=80 # - CERT_NAME=${DOMAIN} # - ENABLE_AUTH=1 # - ENABLE_GUESTS=1 # - ENABLE_PREJOIN_PAGE=1 # - ENABLE_WELCOME_PAGE=1 # - ENABLE_CLOSE_PAGE=1 # - ENABLE_NOISY_MIC_DETECTION=1 # - ETHERPAD_TITLE="Video Chat" # - ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n" # - ETHERPAD_SKIN_NAME="colibris" # - ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor" # - XMPP_BOSH_URL_BASE=https://xmpp.meet.jitsi:5280 # - XMPP_AUTH_DOMAIN # - XMPP_MUC_DOMAIN # - XMPP_GUEST_DOMAIN # - XMPP_RECORDER_DOMAIN # networks: # nginx: # meet.jitsi: # # prosody: # profiles: ["prod"] # <<: *logging # image: jitsi/prosody:stable # restart: unless-stopped # expose: # - '${XMPP_PORT:-52222}' # - '5347' # - '5280' # volumes: # - ${CONFIG}/prosody/config:/config:Z # - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z # environment: # - ENABLE_NOISY_MIC_DETECTION=1 # - ENABLE_AUTH=1 # - ENABLE_GUESTS=1 # - ENABLE_LOBBY=1 # - XMPP_DOMAIN # - XMPP_AUTH_DOMAIN # - XMPP_MUC_DOMAIN # - XMPP_INTERNAL_MUC_DOMAIN # - XMPP_GUEST_DOMAIN # - JVB_AUTH_USER # - JIGASI_XMPP_USER=jigasi # - XMPP_RECORDER_DOMAIN # - JIBRI_RECORDER_USER=recorder # - JIBRI_XMPP_USER=jibri # - JICOFO_AUTH_PASSWORD= # networks: # meet.jitsi: # aliases: # - ${XMPP_SERVER:-xmpp.meet.jitsi} # # # Focus component # jicofo: # profiles: ["prod"] # <<: *logging # image: jitsi/jicofo:stable # restart: unless-stopped # volumes: # - ${CONFIG}/jicofo:/config:Z # depends_on: # - prosody # environment: # - ENABLE_AUTH=1 # - XMPP_DOMAIN # - XMPP_MUC_DOMAIN # - XMPP_INTERNAL_MUC_DOMAIN # - JVB_BREWERY_MUC # - JIGASI_BREWERY_MUC=jigasibrewery # - XMPP_RECORDER_DOMAIN # - JIBRI_BREWERY_MUC=jibribrewery # - JIBRI_PENDING_TIMEOUT=90 # - JICOFO_AUTH_PASSWORD= # networks: # meet.jitsi: # # # Video bridge # jvb: # profiles: ["prod"] # <<: *logging # image: jitsi/jvb:stable # restart: unless-stopped # ports: # - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' # - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080' # volumes: # - ${CONFIG}/jvb:/config:Z # depends_on: # - prosody # environment: # - DOCKER_HOST_ADDRESS=${LOCAL_IP} # - XMPP_SERVER # - XMPP_AUTH_DOMAIN # - XMPP_INTERNAL_MUC_DOMAIN # - JVB_BREWERY_MUC # - JVB_AUTH_USER # - JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 # - JVB_PORT # networks: # meet.jitsi: # aliases: # - jvb.meet.jitsi db: profiles: ["prod", "dev"] <<: *logging image: mariadb command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed environment: - MYSQL_ROOT_PASSWORD=${DB_PASSWORD} - MYSQL_USER=${DB_USER} - MYSQL_PASSWORD=${DB_PASSWORD} volumes: - db:/var/lib/mysql - ./db/init:/docker-entrypoint-initdb.d restart: always networks: - db #playwright: # profiles: ["prod", "dev"] # <<: *logging # image: ghcr.io/mendableai/playwright-service:latest # environment: # PORT: 3000 # BLOCK_MEDIA: true # networks: # - playwright #firecrawl: # profiles: ["prod", "dev"] # <<: [*logging, *firecrawl-service] # environment: # <<: *firecrawl-env # HOST: "0.0.0.0" # PORT: 3002 # FLY_PROCESS_GROUP: app # ENV: local # VIRTUAL_HOST: scraper.${DOMAIN} # CERT_NAME: ${DOMAIN} # VIRTUAL_PORT: 3002 # depends_on: # - redis # - playwright # ports: # - "3002:3002" # networks: # - redis # - playwright # command: [ "pnpm", "run", "start:production" ] #firecrawl-worker: # profiles: ["prod", "dev"] # <<: [*firecrawl-service, *logging] # environment: # <<: *firecrawl-env # FLY_PROCESS_GROUP: worker # networks: # - redis # - playwright # depends_on: # - redis # - playwright # - firecrawl # command: [ "pnpm", "run", "workers" ] redis: profiles: ["prod", "dev"] <<: *logging image: redis:alpine restart: always networks: - redis mongodb: profiles: ["prod", "dev"] # ports: # - 27018:27017 image: mongo restart: always volumes: - mongodb:/data/db command: mongod networks: - db environment: - MONGO_INITDB_ROOT_USERNAME=${DB_USER} - MONGO_INITDB_ROOT_PASSWORD=${DB_PASSWORD} <<: *logging #meilisearch: # profiles: ["prod", "dev"] # image: getmeili/meilisearch:v1.12.3 # restart: always # networks: # - db # # ports: # # - 7700:7700 # environment: # - MEILI_HOST=http://meilisearch:7700 # - MEILI_NO_ANALYTICS=true # - MEILI_MASTER_KEY=${MEILI_MASTER_KEY} # volumes: # - meilisearch:/meili_data # <<: *logging #vectordb: # profiles: ["prod", "dev"] # image: ankane/pgvector:latest # networks: # - db # environment: # POSTGRES_DB: mydatabase # POSTGRES_USER: myuser # POSTGRES_PASSWORD: mypassword # restart: always # volumes: # - pgdata2:/var/lib/postgresql/data # <<: *logging #rag_api: # profiles: ["prod", "dev"] # image: ghcr.io/danny-avila/librechat-rag-api-dev:latest # environment: # - DB_HOST=vectordb # - RAG_PORT=8000 # - EMBEDDINGS_PROVIDER=huggingface # - HF_TOKEN=${HF_TOKEN} # restart: always # networks: # - db # depends_on: # - vectordb # <<: *logging nginx: <<: *logging profiles: ["prod", "dev"] image: nginxproxy/nginx-proxy restart: always ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - /opt/ssl:/etc/nginx/certs:ro - ./nginx/vhost.d/labs_location:/etc/nginx/vhost.d/labs.${DOMAIN}_location:ro - ./nginx/vhost.d/office:/etc/nginx/vhost.d/office.${DOMAIN}:ro - ./nginx/vhost.d/rec:/etc/nginx/vhost.d/rec.${DOMAIN}:ro - ./nginx/vhost.d/tower_location_override:/etc/nginx/vhost.d/tower.${DOMAIN}_location_override:ro - ./nginx/vhost.d/tower:/etc/nginx/vhost.d/tower.${DOMAIN}:ro - ./nginx/conf.d/custom_proxy.conf:/etc/nginx/conf.d/custom_proxy.conf:ro - nextcloud:/var/www/html/nextcloud:ro - ./christmas:/var/www/html/christmas:ro # - tt-rss:/var/www/html/tt-rss:ro networks: - nginx certs: profiles: ["dev"] image: paulczar/omgwtfssl restart: "no" volumes: - /opt/ssl:/certs environment: - SSL_SUBJECT=${DOMAIN} - CA_SUBJECT=chris@${DOMAIN} - SSL_KEY=/certs/${DOMAIN}.key - SSL_CSR=/certs/${DOMAIN}.csr - SSL_CERT=/certs/${DOMAIN}.crt volumes: db: gitea: nextcloud: foundry: navidrome: minecraft: change: mongodb: searxng: openclaw: #pgdata2: #meilisearch: networks: db: nginx: redis: meet.jitsi: #playwright: