Separate stacks, add ghostfolio, listmonk and qbittorrentvpn

README.md

@@ -3,7 +3,7 @@
 
 This is my home server project that I started because I value the privacy of my data, I don't like paying subscriptions and because self-hosting is really fucking cool.
 
-## Services
+## Core services
 All services are deployed using Docker compose and are run as a non-root user.
 
 ### Maintenance
@@ -20,7 +20,9 @@ All services are deployed using Docker compose and are run as a non-root user.
 * [Radarr](https://github.com/linuxserver/docker-radarr) - movie collection manager
 * [Sonarr](https://github.com/linuxserver/docker-sonarr) - TV show collection manager
 * [Bazarr](https://github.com/linuxserver/docker-bazarr) - subtitle manager
-* [qBittorrent](https://github.com/linuxserver/docker-qbittorrent) - torrent client
+* [qbittorrentvpn](https://github.com/binhex/arch-qbittorrentvpn) - qbittorrent with VPN and
+  Privoxy + [VueTorrent](https://github.com/VueTorrent/VueTorrent) - cute WebUI
+for qBittorrent
 * [YoutubeDL](https://github.com/Tzahi12345/YoutubeDL-Material) - Youtube media downloader
 * [Prowlarr](https://github.com/Prowlarr/Prowlarr) - indexer
 * [Lidarr](https://github.com/Lidarr/Lidarr) - music library manager
@@ -31,6 +33,7 @@ All services are deployed using Docker compose and are run as a non-root user.
   * [Redis](https://github.com/docker-library/redis) - cache service
   * [MariaDB](https://github.com/linuxserver/docker-mariadb) - database
 * [Collabora](https://github.com/CollaboraOnline/online) - office suite
+* [Ghostfolio](https://github.com/ghostfolio/ghostfolio) - wealth mgmt app
 
 ### Software development
 * [Gitea](https://github.com/go-gitea/gitea) - git web service
@@ -41,8 +44,7 @@ All services are deployed using Docker compose and are run as a non-root user.
 * [Wireguard](https://github.com/linuxserver/docker-wireguard) - VPN server
 * [Homer](https://github.com/bastienwirtz/homer) - simple dashboard to keep services on hand
 * [mr.vercetti.cc](https://git.vercetti.cc/mr-vercetti/mr.vercetti.cc) - my personal blog
-* [static-file-server](https://github.com/halverneus/static-file-server) - static file server
-* [gluetun](https://github.com/qdm12/gluetun) - vpn client
+* [listmonk](https://github.com/knadh/listmonk) - mail sending/newsletter service
 
 ## Storage solution
 I went with [MergerFS](https://github.com/trapexit/mergerfs) and [SnapRAID](https://github.com/amadvance/snapraid), which allows me a great deal of flexibility and still keeps my data safe. Array is synchronized and scrubbed automatically via [snapraid-runner](https://github.com/Chronial/snapraid-runner) running from crontab.

docker/.env.example

@@ -72,3 +72,17 @@ DRONE_USER_CREATE=username:<--USERNAME-->,machine:false,admin:true,token:${DRONE
 COLLABORA_USERNAME=
 COLLABORA_PASSWORD=
 COLLABORA_DOMAIN=
+
+# listmonk
+LISTMONK_POSTGRES_USER=
+LISTMONK_POSTGRES_PASSWORD=
+LISTMONK_POSTGRES_DB=
+
+# ghostfolio
+GHOSTFOLIO_ACCESS_TOKEN_SALT=
+GHOSTFOLIO_JWT_SECRET_KEY=
+GHOSTFOLIO_DB=
+GHOSTFOLIO_DB_USER=
+GHOSTFOLIO_DB_PASSWORD=
+GHOSTFOLIO_DB_URL=postgresql://${GHOSTFOLIO_DB_USER}:${GHOSTFOLIO_DB_PASSWORD}@ghostfolio-db:5432/${GHOSTFOLIO_DB}?connect_timeout=300&sslmode=prefer
+GHOSTFOLIO_REDIS_PASSWORD=

docker/additional-stacks/gluetun/gluetun.yml

@@ -1,6 +1,6 @@
 services:
   gluetun:
-    image: qmcgaw/gluetun
+    image: qmcgaw/gluetun:v3.38
     container_name: gluetun
     cap_add:
       - NET_ADMIN

docker/additional-stacks/qbittorrent/qbittorrent.yml

@@ -0,0 +1,16 @@
+services:
+  qbittorrent:
+    image: linuxserver/qbittorrent
+    container_name: qbittorrent
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TIMEZONE}
+      - UMASK_SET=022
+      - WEBUI_PORT=8183
+    network_mode: "container:gluetun"
+    volumes:
+      - ${APPS_DIR}/qbittorrent/config:/config
+      - ${DATA_DIR}/downloads:/downloads
+      - ${APPS_DIR}/qbittorrent/vuetorrent:/vuetorrent
+    restart: unless-stopped

docker/stacks/ghostfolio/ghostfolio.yml

@@ -0,0 +1,46 @@
+services:
+  ghostfolio:
+    image: ghostfolio/ghostfolio
+    container_name: ghostfolio
+    environment:
+      DATABASE_URL: ${GHOSTFOLIO_DB_URL}
+      NODE_ENV: production
+      REDIS_HOST: ghostfolio-cache
+      REDIS_PASSWORD: ${GHOSTFOLIO_REDIS_PASSWORD}
+      REDIS_PORT: 6379
+      JWT_SECRET_KEY: ${GHOSTFOLIO_JWT_SECRET_KEY}
+      ACCESS_TOKEN_SALT: ${GHOSTFOLIO_ACCESS_TOKEN_SALT}
+    ports:
+      - 3333:3333
+    networks:
+      - ghostfolio
+      - proxy
+    depends_on:
+      - ghostfolio-db
+      - ghostfolio-cache
+
+  ghostfolio-db:
+    image: postgres:15
+    container_name: ghostfolio-db
+    volumes:
+      - ${APPS_DIR}/ghostfolio/postgres:/var/lib/postgresql/data
+    networks:
+      - ghostfolio
+    environment:
+      - POSTRES_DB=${GHOSTFOLIO_DB}
+      - POSTGRES_USER=${GHOSTFOLIO_DB_USER}
+      - POSTGRES_PASSWORD=${GHOSTFOLIO_DB_PASSWORD}
+
+  ghostfolio-cache:
+    image: redis:alpine
+    container_name: ghostfolio-cache
+    networks:
+      - ghostfolio
+    command: ['redis-server', '--requirepass', $GHOSTFOLIO_REDIS_PASSWORD]
+
+networks:
+  ghostfolio:
+    name: ghostfolio
+  proxy:
+    external:
+      name: proxy

docker/stacks/listmonk/listmonk.yml

@@ -0,0 +1,39 @@
+services:
+  listmonk-db:
+    image: postgres:13-alpine
+    container_name: listmonk-db
+    environment:
+      - POSTGRES_PASSWORD=${LISTMONK_POSTGRES_PASSWORD}
+      - POSTGRES_USER=${LISTMONK_POSTGRES_USER}
+      - POSTGRES_DB=${LISTMONK_POSTGRES_DB}
+    volumes:
+      - ${APPS_DIR}/listmonk/postgresql:/var/lib/postgresql/data
+    ports:
+      - "9432:5432"
+    networks:
+      - listmonk
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U listmonk"]
+      interval: 10s
+      timeout: 5s
+      retries: 6
+    restart: unless-stopped
+
+  listmonk:
+    image: listmonk/listmonk
+    container_name: listmonk
+    environment:
+      - TZ=${TIMEZONE}
+    volumes:
+      - ${APPS_DIR}/listmonk/config.toml:/listmonk/config.toml
+    ports:
+      - "9000:9000"
+    networks:
+      - listmonk
+    depends_on:
+      - listmonk-db
+    restart: unless-stopped
+
+networks:
+  listmonk:
+    name: listmonk

docker/stacks/media/media.yml

@@ -129,20 +129,38 @@ services:
          - 8686:8686
       restart: unless-stopped      
 
-   qbittorrent:
-      image: linuxserver/qbittorrent
-      container_name: qbittorrent
+   qbittorrentvpn:
+      image: binhex/arch-qbittorrentvpn
+      container_name: qbittorrentvpn
+      networks:
+         - media
+      cap_add:
+         - NET_ADMIN
       environment:
-        - PUID=${PUID}
-        - PGID=${PGID}
-        - TZ=${TIMEZONE}
-        - UMASK_SET=022
-        - WEBUI_PORT=8183
-      network_mode: "container:gluetun"
+         - PUID=${PUID}
+         - PGID=${PGID}
+         - TZ=${TIMEZONE}
+         - VPN_ENABLED=yes
+         - VPN_PROV=custom
+         - VPN_CLIENT=wireguard
+         - ENABLE_PRIVOXY=yes
+         - LAN_NETWORK=${LAN_NETWORK}
+         - NAME_SERVERS=1.1.1.1, 1.0.0.1
+         - WEBUI_PORT=8183
+         - DEBUG=true
+         - UMASK=000
       volumes:
-        - ${APPS_DIR}/qbittorrent/config:/config
-        - ${DATA_DIR}/downloads:/downloads
-        - ${APPS_DIR}/qbittorrent/vuetorrent:/vuetorrent
+         - ${APPS_DIR}/qbittorrentvpn:/config
+         - ${DATA_DIR}/downloads:/data
+         - /etc/localtime:/etc/localtime:ro
+      ports:
+         - 8183:8183
+         - 8118:8118
+         - 6881:6881
+         - 6881:6881/udp
+      sysctls:
+         - "net.ipv4.conf.all.src_valid_mark=1"
+      privileged: true
       restart: unless-stopped
 
    ytdl-material: