alias

authentik/stack.env

@@ -3,7 +3,7 @@ PG_USER=authentik
 PG_DB=authentik
 AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
-AUTHENTIK_TAG=2025.2.1
+AUTHENTIK_TAG=2025.4.1
 POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 POSTGRES_USER=authentik
 POSTGRES_DB=authentik

fail2ban/.env

@@ -0,0 +1,2 @@
+APPNAME=fail2ban
+DOCKER_REGISTRY=r.sectorq.eu/library/

fail2ban/docker-compose.yaml

@@ -1,35 +1,49 @@
 ---
 services:
-  fail2ban:
-    image: lscr.io/linuxserver/fail2ban:latest
-    container_name: fail2ban
-    cap_add:
-      - NET_ADMIN
-      - NET_RAW
-    network_mode: host
+  # fail2ban:
+  #   image: lscr.io/linuxserver/fail2ban:latest
+  #   container_name: fail2ban
+  #   cap_add:
+  #     - NET_ADMIN
+  #     - NET_RAW
+  #   network_mode: host
+  #   environment:
+  #     - PUID=1000
+  #     - PGID=1000
+  #     - TZ=Europe/Bratislava
+  #     - VERBOSITY=-vvv #optional
+  #   volumes:
+  #     - /share/docker_data/fail2ban/config:/config
+  #     - /share/docker_data/fail2ban/log:/var/log:ro
+  #     # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
+  #     # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
+  #     # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
+  #     # - /path/to/emby/log:/remotelogs/emby:ro #optional
+  #     # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
+  #     - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
+  #     # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
+  #     # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
+  #     # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
+  #     # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
+  #     # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
+  #     # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
+  #     # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
+  #     # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
+  #     # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
+  #     # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
+  #     # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
+  #   restart: unless-stopped
+  blockips-unifi:
+    stdin_open: true
+    tty: true
+    container_name: blockips-unifi
+    restart: always
     environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Bratislava
-      - VERBOSITY=-vvv #optional
+        - TZ=Europe/Bratislava
     volumes:
-      - /share/docker_data/fail2ban/config:/config
-      - /share/docker_data/fail2ban/log:/var/log:ro
-      # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
-      # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
-      # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
-      # - /path/to/emby/log:/remotelogs/emby:ro #optional
-      # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
-      - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
-      # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
-      # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
-      # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
-      # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
-      # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
-      # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
-      # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
-      # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
-      # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
-      # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
-      # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
-    restart: unless-stopped
+        - /share/docker_data/unify_block/config.php:/config.php
+        - /share/docker_data/unify_block/ban.sh:/ban.sh
+        - /share/docker_data/unify_block/crontab:/etc/crontabs/root
+        - /share/docker_data/fail2ban/ban:/ban
+        - /share/docker_data/fail2ban/unban:/unban
+    image: ${DOCKER_REGISTRY:-}tusc/blockips-unifi:latest

gitea/docker-compose.yml

@@ -5,9 +5,11 @@ services:
   server:
     container_name: gitea
     environment:
-    - USER_UID=1000
-    - USER_GID=1000
-    - ROOT_URL= https://gitea.sectorq.eu
+      USER_UID: 1000
+      USER_GID: 1000
+      ROOT_URL: https://gitea.sectorq.eu
+      ENABLE_PASSWORD_SIGNIN_FORM: false
+      DISABLE_REGISTRATION: true
     image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
     labels:
       com.centurylinklabs.watchtower.enable: true
@@ -36,15 +38,19 @@ services:
     - /etc/timezone:/etc/timezone:ro
     - /etc/localtime:/etc/localtime:ro
   runner:
-    image: docker.io/gitea/act_runner:nightly
+    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
     environment:
       CONFIG_FILE: /config/config.yaml
       GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/"
       GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb"
       GITEA_RUNNER_NAME: jaydee
       GITEA_RUNNER_LABELS: jaydee
-      ENABLE_PASSWORD_SIGNIN_FORM: false
+      
     volumes:
       - /share/docker_data/gitea-runner/config:/config
       - /share/docker_data/gitea-runner/data:/data
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: ${RESTART:-unless-stopped}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true

jupyter_notebook/docker-compose.yml

@@ -14,4 +14,7 @@ services:
             homepage.href: http://m-server.home.lan:8888/
             homepage.icon: ${APPNAME}.png
             homepage.name: Jupyter Notebook
-            homepage.server: my-docker
+            homepage.server: my-docker
+            wud.watch: true
+            wud.watch.digest: true
+            

kestra/.env

@@ -1,3 +1,2 @@
 APPNAME=kestra
-DOCKER_REGISTRY=r.sectorq.eu/library/
 PASSWORD=l4c1j4yd33Du5lo

kestra/docker-compose.yml

@@ -6,6 +6,7 @@ services:
         condition: service_started
     environment:
       SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
+      SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
       KESTRA_CONFIGURATION: |
         datasources:
           postgres:

mailu/docker-compose.yml

@@ -20,10 +20,10 @@ networks:
 services:
   admin:
     depends_on:
-    - redis
-    - resolver
+      - redis
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
     labels:
@@ -31,17 +31,17 @@ services:
       wud.watch.digest: true
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/data:/data
-    - /share/docker_data/mailu3/dkim:/dkim
+      - /share/docker_data/mailu3/data:/data
+      - /share/docker_data/mailu3/dkim:/dkim
   antispam:
     depends_on:
-    - front
-    - redis
-    - oletools
-    - antivirus
-    - resolver
+      - front
+      - redis
+      - oletools
+      - antivirus
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     hostname: antispam
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
@@ -49,39 +49,39 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - default
-    - oletools
-    - clamav
+      - default
+      - oletools
+      - clamav
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/filter:/var/lib/rspamd
-    - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
+      - /share/docker_data/mailu3/filter:/var/lib/rspamd
+      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
   antivirus:
     healthcheck:
       interval: 10s
       retries: 3
       start_period: 10s
       test:
-      - CMD-SHELL
-      - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
+        - CMD-SHELL
+        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
       timeout: 5s
     image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - clamav
+      - clamav
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
+      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
   fetchmail:
     depends_on:
-    - admin
-    - smtp
-    - imap
-    - resolver
+      - admin
+      - smtp
+      - imap
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
     labels:
@@ -92,9 +92,9 @@ services:
     - /share/docker_data/mailu3/data/fetchmail:/data
   front:
     depends_on:
-    - resolver
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     extends:
       file: logging.yml
@@ -113,36 +113,36 @@ services:
       homepage.weight: 1
 
     networks:
-    - default
-    - webmail
-    - radicale
+      - default
+      - webmail
+      - radicale
     ports:
-    - 0.0.0.0:8880:80
-    - 0.0.0.0:8443:443
-    - 0.0.0.0:25:25
-    - 0.0.0.0:465:465
-    - 0.0.0.0:587:587
-    - 0.0.0.0:110:110
-    - 0.0.0.0:995:995
-    - 0.0.0.0:143:143
-    - 0.0.0.0:993:993
-    - 0.0.0.0:4190:4190
+      - 0.0.0.0:8880:80
+      - 0.0.0.0:8443:443
+      - 0.0.0.0:25:25
+      - 0.0.0.0:465:465
+      - 0.0.0.0:587:587
+      - 0.0.0.0:110:110
+      - 0.0.0.0:995:995
+      - 0.0.0.0:143:143
+      - 0.0.0.0:993:993
+      - 0.0.0.0:4190:4190
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/certs:/certs
-    - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
+      - /share/docker_data/mailu3/certs:/certs
+      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
   fts_attachments:
     depends_on:
-    - resolver
+     - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     healthcheck:
       interval: 10s
       retries: 3
       start_period: 10s
       test:
-      - CMD-SHELL
-      - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
+        - CMD-SHELL
+        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
       timeout: 5s
     hostname: tika
     image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
@@ -150,45 +150,45 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - fts_attachments
+      - fts_attachments
     restart: ${RESTART:-unless-stopped}
   imap:
     depends_on:
-    - front
-    - fts_attachments
-    - resolver
+      - front
+      - fts_attachments
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - default
-    - fts_attachments
+      - default
+      - fts_attachments
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/mail:/mail
-    - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
+      - /share/docker_data/mailu3/mail:/mail
+      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
   oletools:
     depends_on:
-    - resolver
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     hostname: oletools
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - oletools
+      - oletools
     restart: ${RESTART:-unless-stopped}
   redis:
     depends_on:
-    - resolver
+      - resolver
     dns:
-    - 192.168.205.254
+      - 192.168.205.254
     image: ${DOCKER_REGISTRY:-}redis:alpine
     labels:
       wud.watch: true
@@ -208,10 +208,10 @@ services:
     restart: ${RESTART:-unless-stopped}
   smtp:
     depends_on:
-    - front
-    - resolver
+      - front
+      - resolver
     dns:
-    - 192.168.205.254
+     - 192.168.205.254
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
     labels:
@@ -219,29 +219,29 @@ services:
       wud.watch.digest: true
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/mailqueue:/queue
-    - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
+     - /share/docker_data/mailu3/mailqueue:/queue
+     - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
   webdav:
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - radicale
+      - radicale
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/dav:/data
+      - /share/docker_data/mailu3/dav:/data
   webmail:
     depends_on:
-    - front
+      - front
     env_file: stack.env
     image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
     labels:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - webmail
+      - webmail
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/mailu3/webmail:/data
-    - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
+      - /share/docker_data/mailu3/webmail:/data
+      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro

mailu/stack.env

@@ -24,8 +24,8 @@ HOSTNAMES=sectorq.eu,mail.sectorq.eu
 POSTMASTER=admin
 
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
-TLS_FLAVOR=cert
-
+#TLS_FLAVOR=cert
+TLS_FLAVOR=letsencrypt
 # Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
 AUTH_RATELIMIT_IP=5/hour
 

mealie/.env

@@ -0,0 +1,4 @@
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
+APPNAME=mealie
+

mealie/docker-compose.yml

@@ -0,0 +1,42 @@
+services:
+  mealie:
+    image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0 # 
+    container_name: mealie
+    restart: always
+    ports:
+        - "9925:9000" # 
+    deploy:
+      resources:
+        limits:
+          memory: 1000M # 
+    volumes:
+      - /share/docker_data/mealie/data:/app/data/
+    environment:
+      # Set Backend ENV Variables Here
+      ALLOW_SIGNUP: "false"
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Bratislava
+      BASE_URL: https://mealie.sectorq.eu
+      OIDC_AUTH_ENABLED: true
+      OIDC_PROVIDER_NAME: authentik
+      OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
+      OIDC_CLIENT_ID: "QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b"
+      OIDC_CLIENT_SECRET: "SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV"
+      OIDC_SIGNUP_ENABLED: true
+      OIDC_USER_GROUP: mealie-users
+      OIDC_ADMIN_GROUP: mealie-admins
+      OIDC_AUTO_REDIRECT: true   # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
+      OIDC_REMEMBER_ME: true
+    labels:      
+      homepage.container: mealie
+      homepage.description: Recipe server
+      homepage.group: Utils
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Mealie
+      homepage.server: my-docker
+      wud.watch: true
+      wud.watch.digest: true     
+volumes:
+  mealie-data:

mealie/stack.env

@@ -0,0 +1,37 @@
+###############################################################################
+# Paperless-ngx settings                                                      #
+###############################################################################
+
+# See http://docs.paperless-ngx.com/configuration/ for all available options.
+
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# See the documentation linked above for all options. A few commonly adjusted settings
+# are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+#PAPERLESS_SECRET_KEY=change-me
+
+# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
+#PAPERLESS_TIME_ZONE=America/Los_Angeles
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+#PAPERLESS_OCR_LANGUAGE=eng
+
+# Additional languages to install for text recognition, separated by a whitespace.
+# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
+# the language used for OCR.
+# The container installs English, German, Italian, Spanish and French by default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+#PAPERLESS_OCR_LANGUAGES=tur ces

mediacenter/.env

@@ -9,3 +9,4 @@ LIDARR_TOKEN=a9d7379966bd467aa0ad226848575e03
 QBIT_TOKEN=l4c1j4yd33Du5lo
 RADARR_TOKEN=671f20f9518b4ab3a977cc00f95b0427
 SONARR_TOKEN=325b15a81c544ed2a1cd2bb16e95a129
+HW_MODE=hw

mediacenter/docker-compose.yml

@@ -7,12 +7,12 @@ services:
   bazarr:
     container_name: bazarr
     depends_on:
-    - sonarr
-    - radarr
+      - sonarr
+      - radarr
     environment:
-    - PUID=1000
-    - PGID=1000
-    - TZ=Europe/Bratislava
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
     hostname: bazarr
     image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
     labels:
@@ -31,14 +31,14 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - mediarr
+      - mediarr
     ports:
-    - 6767:6767
+      - 6767:6767
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/bazarr/config:/config
-    - /media/data/movies:/movies
-    - /media/data/shows:/tv
+      - /share/docker_data/bazarr/config:/config
+      - /media/data/movies:/movies
+      - /media/data/shows:/tv
   flaresolverr:
     container_name: flaresolverr
     environment:
@@ -51,9 +51,9 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - mediarr
+      - mediarr
     ports:
-    - 8191:8191
+      - 8191:8191
     restart: ${RESTART:-unless-stopped}
   homarr:
     container_name: homarr
@@ -64,26 +64,28 @@ services:
       wud.watch: true
       wud.watch.digest: true
     networks:
-    - mediarr
+      - mediarr
     ports:
-    - 7575:7575
+      - 7575:7575
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /var/run/docker.sock:/var/run/docker.sock
-    - /share/docker_data/homarr/configs:/app/data/configs
-    - /share/docker_data/homarr/icons:/app/public/icons
-    - /share/docker_data/homarr/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/docker_data/homarr/configs:/app/data/configs
+      - /share/docker_data/homarr/icons:/app/public/icons
+      - /share/docker_data/homarr/data:/data
   jackett:
     container_name: jackett
+    dns:
+      - 192.168.77.101
     depends_on:
-    - sonarr
-    - radarr
+      - sonarr
+      - radarr
     environment:
-    - PUID=1000
-    - PGID=1000
-    - TZ=Europe/Bratislava
-    - AUTO_UPDATE=true
-    - RUN_OPTS=
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
+      - AUTO_UPDATE=true
+      - RUN_OPTS=
     hostname: jackett
     image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
     labels:
@@ -282,10 +284,12 @@ services:
     - /media/data/downloads:/downloads
   sonarr:
     container_name: sonarr
+    dns:
+      - 192.168.77.101
     environment:
-    - PUID=1000
-    - PGID=1000
-    - TZ=Europe/Bratislava
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
     hostname: sonarr
     image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
     labels:

nextcloud/stack.env

@@ -5,6 +5,6 @@ MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
 MYSQL_HOST=db
 REDIS_HOST=redis
-# - PHP_MEMORY_LIMIT=1024M
-# - PHP_UPLOAD_LIMIT=1024M
-# - NEXTCLOUD_MEMORY_LIMIT=1024M
+PHP_MEMORY_LIMIT=1024M
+PHP_UPLOAD_LIMIT=1024M
+NEXTCLOUD_MEMORY_LIMIT=1024M

octoprint/docker-compose.yml

@@ -2,7 +2,7 @@ services:
   octoprint1:
     container_name: octoprint1
     devices:
-    - /dev:/dev
+      - /dev/ttyUSB0:/dev/ttyUSB0
     environment:
     - ENABLE_MJPG_STREAMER=true
     image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest
@@ -25,7 +25,7 @@ services:
     ports:
     - 85:80
     volumes:
-    - /share/docker_data/octoprint1:/octoprint
+      - /share/docker_data/octoprint1:/octoprint
   octoprint2:
     container_name: octoprint2
     environment:
@@ -50,5 +50,5 @@ services:
     ports:
     - 86:80
     volumes:
-    - /share/docker_data/octoprint2:/octoprint
-    - /dev:/dev
+      - /share/docker_data/octoprint2:/octoprint
+      - /dev:/dev

paperless-ngx/.env

@@ -0,0 +1,3 @@
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
+APPNAME=paperless-ngx

paperless-ngx/docker-compose.yml

@@ -0,0 +1,53 @@
+services:
+  broker:
+    image: ${DOCKER_REGISTRY:-}docker.io/library/redis:8
+    restart: unless-stopped
+    volumes:
+      - /share/docker_data/paperless/redisdata:/data
+  webserver:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - broker
+    ports:
+      - "8001:8000"
+    volumes:
+      - /share/docker_data/paperless/data:/usr/src/paperless/data
+      - /share/docker_data/paperless/media:/usr/src/paperless/media
+      - /share/docker_data/paperless/export:/usr/src/paperless/export
+      - /share/docker_data/paperless/consume:/usr/src/paperless/consume
+      - /share/docker_data/paperless/scripts:/opt/scripts
+    env_file: stack.env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_URL: https://paperless.sectorq.eu
+      PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.sectorq.eu
+      PAPERLESS_POST_CONSUME_SCRIPT: /opt/scripts/post-consumption.sh
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
+          {
+            "openid_connect": {
+              "APPS": [
+                {
+                  "provider_id": "authentik",
+                  "name": "Authentik",
+                  "client_id": "B4NM614bqWkvDqGDAmR823qUm8n4ZNlG3XtvkI51",
+                  "secret": "7FFRdLWOUHlDxkhc86xR2yhxRn8BmDfTtfX9aTVY1XbRY197zy3UXPs51IMIkIjwjp6uijtpIQDDJDpR7LNInJt0F5hEXGMEcTfJxYyfNv2ytKFO58tCN5UD2EnzbCmN",
+                  "settings": {
+                    "server_url": "https://auth.sectorq.eu/application/o/paperless/.well-known/openid-configuration"
+                  }
+                }
+              ],
+              "OAUTH_PKCE_ENABLED": "True"
+            }
+          }
+    labels:
+      homepage.container: paperless-webserver-1
+      homepage.description: PDF server
+      homepage.group: Utils
+      homepage.href: https://paperless.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Paperless
+      homepage.server: my-docker
+      wud.watch: true
+      wud.watch.digest: true          

paperless-ngx/stack.env

@@ -0,0 +1,37 @@
+###############################################################################
+# Paperless-ngx settings                                                      #
+###############################################################################
+
+# See http://docs.paperless-ngx.com/configuration/ for all available options.
+
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# See the documentation linked above for all options. A few commonly adjusted settings
+# are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+#PAPERLESS_SECRET_KEY=change-me
+
+# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
+#PAPERLESS_TIME_ZONE=America/Los_Angeles
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+#PAPERLESS_OCR_LANGUAGE=eng
+
+# Additional languages to install for text recognition, separated by a whitespace.
+# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
+# the language used for OCR.
+# The container installs English, German, Italian, Spanish and French by default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+#PAPERLESS_OCR_LANGUAGES=tur ces

zabbix-server/docker-compose.yml

@@ -12,8 +12,6 @@ services:
     image: ${DOCKER_REGISTRY:-}postgres:16-alpine
     labels:
       com.centurylinklabs.watchtower.enable: true
-      wud.watch: false
-      wud.watch.digest: false
     networks:
       zabbix:
         ipv4_address: 192.168.89.4
@@ -28,7 +26,7 @@ services:
     - db-server
     env_file:
     - stack.env
-    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-latest
+    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-7.2.0
     labels:
       com.centurylinklabs.watchtower.enable: true
       wud.watch: true
@@ -50,7 +48,7 @@ services:
     extends:
       file: logging.yml
       service: ${LOGGING:-syslog}
-    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest
+    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-7.2.0
     labels:
       com.centurylinklabs.watchtower.enable: 'true'
       homepage.container: zabbix-server-zabbix-server-1