[[server]] name = "Unraid" [server.config] external_address = "http://172.24.3.12" enabled = true ## [[server]] name = "synology" [server.config] enabled = true ## [[stack]] name = "audiobookshelf" tags = ["Active"] [stack.config] server = "Unraid" linked_repo = "compose-audiobookshelf" ## [[stack]] name = "changedetection_io" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-changedetection_io" webhook_secret = "Limb-Crease-Unelected-Squeeze1" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "freshrss" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-freshrss" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "gitlab" tags = ["Active"] [stack.config] server = "Unraid" additional_env_files = [ { path = ".env", track = true } ] file_contents = """ networks: Internal: name: Internal_Network external: true External: name: traefik_gateway_external external: true services: gitlab: image: gitlab/gitlab-ce:latest container_name: gitlab restart: always hostname: 'gitlab.andrewamason.tech' deploy: resources: limits: memory: 16G # environment: GITLAB_OMNIBUS_CONFIG: | nginx['custom_gitlab_server_config'] = "listen 80;" external_url 'https://gitlab.andrewamason.tech' gitlab_rails['gitlab_shell_ssh_port'] = 2424 registry_external_url 'http://registry.andrewamason.tech' registry_nginx['listen_port'] = 5050 registry_nginx['listen_https'] = true registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem" registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem" gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp-relay.brevo.com" gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_user_name'] = "929a53001@smtp-brevo.com" gitlab_rails['smtp_password'] = "xsmtpsib-9f7e1bc9517b887307058196de6aeff3ba10aa6792a99f3c7fd4a8282ce46622-O0rWTnaqPQfZHb2R" gitlab_rails['smtp_domain'] = "andrewamason.tech" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_openssl_verify_mode'] = 'peer' gitlab_rails['gitlab_email_from'] = 'gitlab@andrewamason.tech' gitlab_rails['gitlab_email_reply_to'] = 'noreply@andrewamason.tech' networks: - Internal - External expose: - 8929 - 80 - 443 - 22 volumes: - /mnt/user/docker/swag/etc/letsencrypt/live/andrewamason.tech/fullchain.pem:/etc/gitlab/ssl/fullchain.pem:ro - /mnt/user/docker/swag/etc/letsencrypt/live/andrewamason.tech/privkey.pem:/etc/gitlab/ssl/privkey.pem:ro - /mnt/user/docker/gitlab/config:/etc/gitlab - /mnt/user/docker/gitlab/logs:/var/log/gitlab - /mnt/user/docker/gitlab/data:/var/opt/gitlab shm_size: '512m' labels: - traefik.enable=true - traefik.http.routers.gitlab.rule=Host(`gitlab.andrewamason.tech`) - traefik.http.routers.gitlab.entrypoints=https,http - traefik.http.routers.gitlab.tls=true - traefik.http.routers.gitlab.tls.certresolver=letsencrypt - traefik.http.routers.gitlab.middlewares=https_redirect - traefik.http.services.gitlab.loadbalancer.healthcheck.followredirects=true - traefik.http.services.gitlab.loadbalancer.healthcheck.path=/ - traefik.http.services.gitlab.loadbalancer.healthcheck.port=443 - traefik.http.services.gitlab.loadbalancer.passhostheader=true - traefik.http.services.gitlab.loadbalancer.server.scheme=https - traefik.http.services.gitlab.loadbalancer.server.port=443 - traefik.docker.network=traefik_gateway_external gitlab-runner: image: gitlab/gitlab-runner:latest container_name: gitlab-runner network_mode: host volumes: - /mnt/user/docker/swag/etc/letsencrypt/ca:/usr/share/ca-certificates - /mnt/user/docker/gitlab/runner/config/:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock environment: GIT_SSL_NO_VERIFY: "true" labels: - traefik.enable=false """ ## [[stack]] name = "glance" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-glance" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = "timezone.env", track = true } ] ## [[stack]] name = "grimmory" tags = ["Testing"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-grimmory" env_file_path = "grimmory.env" additional_env_files = [ { path = ".env", track = true } ] environment = """ # Application APP_USER_ID=1000 APP_GROUP_ID=1000 TZ=Etc/UTC # Database DATABASE_URL=jdbc:mariadb://grimmory-mariadb:3306/grimmory DB_USER=grimmory DB_PASSWORD=ChangeMe_Grimmory_2025! # Optional: enable API docs + export OpenAPI JSON (defaults to false) API_DOCS_ENABLED=false # Storage: LOCAL (default) or NETWORK (disables file operations; see Network Storage section) DISK_TYPE=LOCAL # MariaDB DB_USER_ID=1000 DB_GROUP_ID=1000 MYSQL_ROOT_PASSWORD=ChangeMe_MariaDBRoot_2025! MYSQL_DATABASE=grimmory """ ## [[stack]] name = "homeassistant_io" tags = ["Active"] [stack.config] server = "Unraid" poll_for_updates = true auto_update = true linked_repo = "compose-homeassistant_io" env_file_path = "HA.env" additional_env_files = [ { path = ".env", track = true } ] environment = """ # Home Assistant Full Stack MQTT_PORT=1883 INFLUX_PORT=8087 INFLUX_USER=admin INFLUX_PASSWORD=ndfgsdfgldskfnbdfj INFLUX_ORG=home INFLUX_BUCKET=homeassistant """ ## [[stack]] name = "homebox" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-homebox" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "homepage" tags = ["Active"] [stack.config] server = "Unraid" linked_repo = "compose-homepage" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "icloud_pd" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-icloudpd" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "immich" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-immich" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = "immich.env", track = true }, { path = "immich-frame.env", track = true }, { path = ".env", track = true } ] ## [[stack]] name = "jellyfin" tags = ["Active"] [stack.config] server = "Unraid" project_name = "media_apps" auto_update = true linked_repo = "compose-jellyfin" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = ".env", track = true } ] environment = """ # VARIABLE = value """ ## [[stack]] name = "karakeep" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-karakeep" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = "karakeep.env", track = true }, { path = ".env", track = true } ] ## [[stack]] name = "kavita" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-kavita" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "makemkv" tags = ["As_Needed"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-makemkv" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" ## [[stack]] name = "manyfold" tags = ["As_Needed"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-manyfold" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "mealie" tags = ["Testing"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-mealie" ## [[stack]] name = "obsidian-sync" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-obsidian-sync" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = "andrew-obsidian-vault.env", track = true } ] ## [[stack]] name = "open-vscode" tags = ["As_Needed"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-open-vscode" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "ossint-web-check" tags = ["As_Needed"] [stack.config] server = "Unraid" poll_for_updates = true linked_repo = "compose-OSSINT-Webcheck" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" ## [[stack]] name = "paperless-ngx" tags = ["As_Needed"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-paperless-ngx" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = "stack.env", track = true }, { path = ".env", track = true } ] ## [[stack]] name = "plex" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-plex" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "resilio-sync" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-resilio-sync" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" ## [[stack]] name = "romm" [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-romm" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "scanopy" [stack.config] server = "Unraid" linked_repo = "compose-scanopy" env_file_path = "scanopy.env" environment = """ # VARIABLE = value POSTGRES_PASSWORD=AnywhereChamomileMakeshiftShredding6 SCANOPY_DISABLE_REGISTRATION=false SCANOPY_USE_SECURE_SESSION_COOKIES=true SCANOPY_DAEMON_API_KEY=scp_d_cL5DKUpuaI0Gwkz2HuFhgF0ZHxk6yAaF """ ## [[stack]] name = "servarr" tags = ["As_Needed"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-servarr" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ { path = "timezone.env", track = true }, { path = ".env", track = true } ] ## [[stack]] name = "sonarqube" tags = ["Testing"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-sonarqube" ## [[stack]] name = "stirling-pdf" [stack.config] server = "Unraid" linked_repo = "compose-stirling-pdf" additional_env_files = [ { path = ".env", track = true } ] ## [[stack]] name = "swag" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-swag" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" ## [[stack]] name = "traefik" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-traefik" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" env_file_path = "traefik.env" environment = """ TZ=US/New_York CF_API_EMAIL=andrew_amason@live.com CLOUDFLARE_DNS_API_TOKEN=YrGr8Q2iLJ-Ui_bpSxreYJ7D6T8YJOFOj7A4eYDq """ ## [[stack]] name = "wallos" tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-wallos" ## [[deployment]] name = "Technitium_2" [deployment.config] server = "synology" image.type = "Image" image.params.image = "technitium/dns-server:latest" poll_for_updates = true auto_update = true restart = "always" volumes = """ # volume:/container/path /volume1/docker/technitium_2/config:/etc/dns """ environment = """ # VARIABLE = value TZ=America/New_York """ ## [[build]] name = "audiobookshelf" [build.config] builder = "local" linked_repo = "source-audiobookshelf" image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] ## [[build]] name = "grimmory" [build.config] builder = "local" git_account = "andrewamason" repo = "grimmory-tools/grimmory" image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] ## [[build]] name = "icloudpd" [build.config] builder = "local" linked_repo = "icloudpd" dockerfile_path = "icloudpd.dockerfile" image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] ## [[build]] name = "swag" [build.config] builder = "local" linked_repo = "swag" image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] ## [[build]] name = "web-check" [build.config] builder = "local" linked_repo = "web-check" image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] ## [[repo]] name = "Master_Resource_Sync" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "andrewamason/resources" ## [[repo]] name = "compose-OSSINT-Webcheck" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/OSSINT-Webcheck" ## [[repo]] name = "compose-audiobookshelf" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/audiobookshelf" ## [[repo]] name = "compose-automation" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/automation" ## [[repo]] name = "compose-changedetection_io" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/changedetection_io" ## [[repo]] name = "compose-freshrss" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/freshrss" ## [[repo]] name = "compose-glance" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Dashboards" ## [[repo]] name = "compose-grimmory" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/grimmory" ## [[repo]] name = "compose-homeassistant_io" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/HomeAssistant" ## [[repo]] name = "compose-homebox" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/HomeBox" ## [[repo]] name = "compose-homepage" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/homepage" ## [[repo]] name = "compose-icloudpd" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/iCloud_PD" ## [[repo]] name = "compose-immich" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/immich" ## [[repo]] name = "compose-jellyfin" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/Media_Apps" ## [[repo]] name = "compose-karakeep" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/karakeep" ## [[repo]] name = "compose-kavita" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/kavita" ## [[repo]] name = "compose-lubelogger" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/lubelogger" ## [[repo]] name = "compose-makemkv" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/makemkv" ## [[repo]] name = "compose-manyfold" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/manyfold" env_file_path = "manyfold.env" ## [[repo]] name = "compose-mealie" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/Mealie" ## [[repo]] name = "compose-obsidian-sync" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/obsidian-sync" ## [[repo]] name = "compose-open-vscode" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Open-VSCode" ## [[repo]] name = "compose-paperless-ngx" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/paperless-ngx" ## [[repo]] name = "compose-plex" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Media-Streaming" ## [[repo]] name = "compose-repoflow" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/RepoFlow" ## [[repo]] name = "compose-resilio-sync" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/Resilio-Sync" ## [[repo]] name = "compose-romm" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Romm" ## [[repo]] name = "compose-scanopy" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Scanopy" ## [[repo]] name = "compose-servarr" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/servarr" ## [[repo]] name = "compose-sonarqube" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/SonarQube" ## [[repo]] name = "compose-stirling-pdf" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/stirling-pdf" ## [[repo]] name = "compose-swag" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/swag" ## [[repo]] name = "compose-traefik" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/reverse-proxy" ## [[repo]] name = "compose-wallos" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "HomeLab/WallOS" ## [[repo]] name = "icloudpd" [repo.config] server = "Unraid" builder = "local" git_account = "andrewamason" repo = "boredazfcuk/docker-icloudpd" branch = "master" ## [[repo]] name = "master-config" [repo.config] server = "Unraid" git_provider = "gitea:3000" git_https = false git_account = "andrewamason" repo = "andrewamason/resources" ## [[repo]] name = "source-audiobookshelf" [repo.config] server = "Unraid" builder = "local" git_account = "andrewamason" repo = "advplyr/audiobookshelf" branch = "master" ## [[repo]] name = "swag" [repo.config] server = "Unraid" builder = "local" git_account = "andrewamason" repo = "linuxserver/docker-swag" branch = "master" ## [[repo]] name = "web-check" [repo.config] server = "Unraid" builder = "local" git_account = "andrewamason" repo = "lissy93/web-check" branch = "master" ## [[procedure]] name = "Backup Core Database" description = "Triggers the Core database backup at the scheduled time." tags = ["system"] config.schedule = "Every day at 01:00" [[procedure.config.stage]] name = "Stage 1" enabled = true executions = [ { execution.type = "BackupCoreDatabase", execution.params = {}, enabled = true } ] ## [[procedure]] name = "Global Auto Update" description = "Pulls and auto updates Stacks and Deployments using 'poll_for_updates' or 'auto_update'." tags = ["system"] config.schedule = "Every day at 03:00" [[procedure.config.stage]] name = "Stage 1" enabled = true executions = [ { execution.type = "GlobalAutoUpdate", execution.params.skip_auto_update = false, enabled = true } ] ## [[procedure]] name = "Rotate Server Keys" description = "Rotates all currently connected Server keys." tags = ["system"] config.schedule = "Every day at 06:00" [[procedure.config.stage]] name = "Stage 1" enabled = true executions = [ { execution.type = "RotateAllServerKeys", execution.params = {}, enabled = true } ] ## [[builder]] name = "local" [builder.config] type = "Server" params.server_id = "Unraid" ## [[builder]] name = "synology" [builder.config] type = "Server" params = {} ## [[resource_sync]] name = "master-sync" [resource_sync.config] linked_repo = "Master_Resource_Sync" resource_path = ["master_sync.toml"] managed = true include_variables = true include_user_groups = true ## [[variable]] name = "SONARQUBE_HOST" value = "sqa_35f53592be1dfce277bc27d51ee0a4e32a858604" is_secret = true ## [[variable]] name = "SONARQUBE_TOKEN" value = "http://172.24.3.12:9001" is_secret = true