alias

authentik/stack.env

@@ -3,7 +3,7 @@ PG_USER=authentik
 PG_DB=authentik
 AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
-AUTHENTIK_TAG=2025.2.1
+AUTHENTIK_TAG=2025.4.1
 POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 POSTGRES_USER=authentik
 POSTGRES_DB=authentik

fail2ban/.env

@@ -0,0 +1,2 @@
+APPNAME=fail2ban
+DOCKER_REGISTRY=r.sectorq.eu/library/

fail2ban/docker-compose.yaml

@@ -1,35 +1,49 @@
 ---
 services:
-  fail2ban:
-    image: lscr.io/linuxserver/fail2ban:latest
-    container_name: fail2ban
-    cap_add:
-      - NET_ADMIN
-      - NET_RAW
-    network_mode: host
+  # fail2ban:
+  #   image: lscr.io/linuxserver/fail2ban:latest
+  #   container_name: fail2ban
+  #   cap_add:
+  #     - NET_ADMIN
+  #     - NET_RAW
+  #   network_mode: host
+  #   environment:
+  #     - PUID=1000
+  #     - PGID=1000
+  #     - TZ=Europe/Bratislava
+  #     - VERBOSITY=-vvv #optional
+  #   volumes:
+  #     - /share/docker_data/fail2ban/config:/config
+  #     - /share/docker_data/fail2ban/log:/var/log:ro
+  #     # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
+  #     # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
+  #     # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
+  #     # - /path/to/emby/log:/remotelogs/emby:ro #optional
+  #     # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
+  #     - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
+  #     # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
+  #     # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
+  #     # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
+  #     # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
+  #     # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
+  #     # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
+  #     # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
+  #     # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
+  #     # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
+  #     # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
+  #     # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
+  #   restart: unless-stopped
+  blockips-unifi:
+    stdin_open: true
+    tty: true
+    container_name: blockips-unifi
+    restart: always
     environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Bratislava
-      - VERBOSITY=-vvv #optional
+        - TZ=Europe/Bratislava
     volumes:
-      - /share/docker_data/fail2ban/config:/config
-      - /share/docker_data/fail2ban/log:/var/log:ro
-      # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
-      # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
-      # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
-      # - /path/to/emby/log:/remotelogs/emby:ro #optional
-      # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
-      - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
-      # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
-      # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
-      # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
-      # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
-      # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
-      # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
-      # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
-      # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
-      # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
-      # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
-      # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
-    restart: unless-stopped
+        - /share/docker_data/unify_block/config.php:/config.php
+        - /share/docker_data/unify_block/ban.sh:/ban.sh
+        - /share/docker_data/unify_block/crontab:/etc/crontabs/root
+        - /share/docker_data/fail2ban/ban:/ban
+        - /share/docker_data/fail2ban/unban:/unban
+    image: ${DOCKER_REGISTRY:-}tusc/blockips-unifi:latest

gitea/docker-compose.yml

@@ -38,7 +38,7 @@ services:
     - /etc/timezone:/etc/timezone:ro
     - /etc/localtime:/etc/localtime:ro
   runner:
-    image: docker.io/gitea/act_runner:nightly
+    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
     environment:
       CONFIG_FILE: /config/config.yaml
       GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/"

kestra/.env

@@ -1,3 +1,2 @@
 APPNAME=kestra
-DOCKER_REGISTRY=r.sectorq.eu/library/
 PASSWORD=l4c1j4yd33Du5lo

kestra/docker-compose.yml

@@ -6,6 +6,7 @@ services:
         condition: service_started
     environment:
       SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
+      SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
       KESTRA_CONFIGURATION: |
         datasources:
           postgres:

mealie/.env

@@ -0,0 +1,4 @@
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
+APPNAME=mealie
+

mealie/docker-compose.yml

@@ -0,0 +1,42 @@
+services:
+  mealie:
+    image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0 # 
+    container_name: mealie
+    restart: always
+    ports:
+        - "9925:9000" # 
+    deploy:
+      resources:
+        limits:
+          memory: 1000M # 
+    volumes:
+      - /share/docker_data/mealie/data:/app/data/
+    environment:
+      # Set Backend ENV Variables Here
+      ALLOW_SIGNUP: "false"
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Bratislava
+      BASE_URL: https://mealie.sectorq.eu
+      OIDC_AUTH_ENABLED: true
+      OIDC_PROVIDER_NAME: authentik
+      OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
+      OIDC_CLIENT_ID: "QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b"
+      OIDC_CLIENT_SECRET: "SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV"
+      OIDC_SIGNUP_ENABLED: true
+      OIDC_USER_GROUP: mealie-users
+      OIDC_ADMIN_GROUP: mealie-admins
+      OIDC_AUTO_REDIRECT: true   # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
+      OIDC_REMEMBER_ME: true
+    labels:      
+      homepage.container: mealie
+      homepage.description: Recipe server
+      homepage.group: Utils
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Mealie
+      homepage.server: my-docker
+      wud.watch: true
+      wud.watch.digest: true     
+volumes:
+  mealie-data:

mealie/stack.env

@@ -0,0 +1,37 @@
+###############################################################################
+# Paperless-ngx settings                                                      #
+###############################################################################
+
+# See http://docs.paperless-ngx.com/configuration/ for all available options.
+
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# See the documentation linked above for all options. A few commonly adjusted settings
+# are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+#PAPERLESS_SECRET_KEY=change-me
+
+# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
+#PAPERLESS_TIME_ZONE=America/Los_Angeles
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+#PAPERLESS_OCR_LANGUAGE=eng
+
+# Additional languages to install for text recognition, separated by a whitespace.
+# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
+# the language used for OCR.
+# The container installs English, German, Italian, Spanish and French by default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+#PAPERLESS_OCR_LANGUAGES=tur ces

mediacenter/.env

@@ -9,3 +9,4 @@ LIDARR_TOKEN=a9d7379966bd467aa0ad226848575e03
 QBIT_TOKEN=l4c1j4yd33Du5lo
 RADARR_TOKEN=671f20f9518b4ab3a977cc00f95b0427
 SONARR_TOKEN=325b15a81c544ed2a1cd2bb16e95a129
+HW_MODE=hw

mediacenter/docker-compose.yml

@@ -7,12 +7,12 @@ services:
   bazarr:
     container_name: bazarr
     depends_on:
-    - sonarr
-    - radarr
+      - sonarr
+      - radarr
     environment:
-    - PUID=1000
-    - PGID=1000
-    - TZ=Europe/Bratislava
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
     hostname: bazarr
     image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
     labels:
@@ -31,14 +31,14 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - mediarr
+      - mediarr
     ports:
-    - 6767:6767
+      - 6767:6767
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/bazarr/config:/config
-    - /media/data/movies:/movies
-    - /media/data/shows:/tv
+      - /share/docker_data/bazarr/config:/config
+      - /media/data/movies:/movies
+      - /media/data/shows:/tv
   flaresolverr:
     container_name: flaresolverr
     environment:
@@ -51,9 +51,9 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - mediarr
+      - mediarr
     ports:
-    - 8191:8191
+      - 8191:8191
     restart: ${RESTART:-unless-stopped}
   homarr:
     container_name: homarr
@@ -64,26 +64,28 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - mediarr
+      - mediarr
     ports:
-    - 7575:7575
+      - 7575:7575
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /var/run/docker.sock:/var/run/docker.sock
-    - /share/docker_data/homarr/configs:/app/data/configs
-    - /share/docker_data/homarr/icons:/app/public/icons
-    - /share/docker_data/homarr/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/docker_data/homarr/configs:/app/data/configs
+      - /share/docker_data/homarr/icons:/app/public/icons
+      - /share/docker_data/homarr/data:/data
   jackett:
     container_name: jackett
+    dns:
+      - 192.168.77.101
     depends_on:
-    - sonarr
-    - radarr
+      - sonarr
+      - radarr
     environment:
-    - PUID=1000
-    - PGID=1000
-    - TZ=Europe/Bratislava
-    - AUTO_UPDATE=true
-    - RUN_OPTS=
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
+      - AUTO_UPDATE=true
+      - RUN_OPTS=
     hostname: jackett
     image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
     labels:
@@ -282,10 +284,12 @@ services:
     - /media/data/downloads:/downloads
   sonarr:
     container_name: sonarr
+    dns:
+      - 192.168.77.101
     environment:
-    - PUID=1000
-    - PGID=1000
-    - TZ=Europe/Bratislava
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
     hostname: sonarr
     image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
     labels:

nextcloud/stack.env

@@ -5,6 +5,6 @@ MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
 MYSQL_HOST=db
 REDIS_HOST=redis
-# - PHP_MEMORY_LIMIT=1024M
-# - PHP_UPLOAD_LIMIT=1024M
-# - NEXTCLOUD_MEMORY_LIMIT=1024M
+PHP_MEMORY_LIMIT=1024M
+PHP_UPLOAD_LIMIT=1024M
+NEXTCLOUD_MEMORY_LIMIT=1024M

octoprint/docker-compose.yml

@@ -2,7 +2,7 @@ services:
   octoprint1:
     container_name: octoprint1
     devices:
-    - /dev:/dev
+      - /dev/ttyUSB0:/dev/ttyUSB0
     environment:
     - ENABLE_MJPG_STREAMER=true
     image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest
@@ -25,7 +25,7 @@ services:
     ports:
     - 85:80
     volumes:
-    - /share/docker_data/octoprint1:/octoprint
+      - /share/docker_data/octoprint1:/octoprint
   octoprint2:
     container_name: octoprint2
     environment:
@@ -50,5 +50,5 @@ services:
     ports:
     - 86:80
     volumes:
-    - /share/docker_data/octoprint2:/octoprint
-    - /dev:/dev
+      - /share/docker_data/octoprint2:/octoprint
+      - /dev:/dev

paperless-ngx/docker-compose.yml

@@ -1,11 +1,11 @@
 services:
   broker:
-    image: docker.io/library/redis:8
+    image: ${DOCKER_REGISTRY:-}docker.io/library/redis:8
     restart: unless-stopped
     volumes:
       - /share/docker_data/paperless/redisdata:/data
   webserver:
-    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    image: ${DOCKER_REGISTRY:-}ghcr.io/paperless-ngx/paperless-ngx:latest
     restart: unless-stopped
     depends_on:
       - broker
@@ -14,14 +14,16 @@ services:
     volumes:
       - /share/docker_data/paperless/data:/usr/src/paperless/data
       - /share/docker_data/paperless/media:/usr/src/paperless/media
-      - /share/docker_data/paperless//export:/usr/src/paperless/export
-      - /share/docker_data/paperless//consume:/usr/src/paperless/consume
+      - /share/docker_data/paperless/export:/usr/src/paperless/export
+      - /share/docker_data/paperless/consume:/usr/src/paperless/consume
+      - /share/docker_data/paperless/scripts:/opt/scripts
     env_file: stack.env
     environment:
       PAPERLESS_REDIS: redis://broker:6379
       PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
       PAPERLESS_URL: https://paperless.sectorq.eu
       PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.sectorq.eu
+      PAPERLESS_POST_CONSUME_SCRIPT: /opt/scripts/post-consumption.sh
       PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
           {
             "openid_connect": {
@@ -38,4 +40,14 @@ services:
               ],
               "OAUTH_PKCE_ENABLED": "True"
             }
-          }
+          }
+    labels:
+      homepage.container: paperless-webserver-1
+      homepage.description: PDF server
+      homepage.group: Utils
+      homepage.href: https://paperless.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Paperless
+      homepage.server: my-docker
+      wud.watch: true
+      wud.watch.digest: true          

zabbix-server/docker-compose.yml

@@ -26,7 +26,7 @@ services:
     - db-server
     env_file:
     - stack.env
-    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-latest
+    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-7.2.0
     labels:
       com.centurylinklabs.watchtower.enable: true
       wud.watch: true
@@ -48,7 +48,7 @@ services:
     extends:
       file: logging.yml
       service: ${LOGGING:-syslog}
-    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest
+    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-7.2.0
     labels:
       com.centurylinklabs.watchtower.enable: 'true'
       homepage.container: zabbix-server-zabbix-server-1