services: gluetun: image: qmcgaw/gluetun container_name: gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - "8080:8080" # qBittorrent - "9696:9696" # Prowlarr - "6881:6881" # Torrent TCP - "6881:6881/udp" # Torrent UDP env_file: - .env environment: - VPN_SERVICE_PROVIDER=protonvpn - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY} - WIREGUARD_ADDRESSES=10.2.0.2/32 - SERVER_COUNTRIES=Netherlands - SERVER_CITIES=Amsterdam - FIREWALL_OUTBOUND_SUBNETS=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8 networks: - proxy_net labels: - "traefik.enable=true" - "traefik.http.routers.torrent.rule=Host(`torrent.kotori-waifu.cc`)" - "traefik.http.routers.torrent.tls=true" - "traefik.http.routers.torrent.tls.certresolver=cloudflare" - "traefik.http.routers.torrent.service=torrent" - "traefik.http.services.torrent.loadbalancer.server.port=8080" - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.kotori-waifu.cc`)" - "traefik.http.routers.prowlarr.tls=true" - "traefik.http.routers.prowlarr.tls.certresolver=cloudflare" - "traefik.http.routers.prowlarr.service=prowlarr" - "traefik.http.services.prowlarr.loadbalancer.server.port=9696" restart: unless-stopped qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent network_mode: service:gluetun environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - WEBUI_PORT=8080 - DOCKER_MODS=linuxserver/mods:universal-package-install - INSTALL_PACKAGES=zip volumes: - /opt/homelab/data/qbittorrent:/config - /mnt/nas:/data restart: unless-stopped prowlarr: image: lscr.io/linuxserver/prowlarr:latest container_name: prowlarr network_mode: service:gluetun environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - /opt/homelab/data/prowlarr:/config restart: unless-stopped radarr: image: lscr.io/linuxserver/radarr:latest container_name: radarr ports: - "7878:7878" environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - /opt/homelab/data/radarr:/config - /mnt/nas:/data networks: - proxy_net labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.kotori-waifu.cc`)" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.tls.certresolver=cloudflare" - "traefik.http.services.radarr.loadbalancer.server.port=7878" restart: unless-stopped sonarr: image: lscr.io/linuxserver/sonarr:latest container_name: sonarr ports: - "8989:8989" environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - /opt/homelab/data/sonarr:/config - /mnt/nas:/data networks: - proxy_net labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.kotori-waifu.cc`)" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.tls.certresolver=cloudflare" - "traefik.http.services.sonarr.loadbalancer.server.port=8989" restart: unless-stopped jellyfin: image: lscr.io/linuxserver/jellyfin:latest container_name: jellyfin ports: - "8096:8096" environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - /opt/homelab/data/jellyfin:/config - /mnt/nas:/data devices: - /dev/dri:/dev/dri networks: - proxy_net labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.kotori-waifu.cc`)" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls.certresolver=cloudflare" - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" restart: unless-stopped seerr: image: ghcr.io/seerr-team/seerr:latest container_name: seerr init: true ports: - "5055:5055" environment: - TZ=Etc/UTC # Enforce strict execution namespace mapping to host UID/GID 1000 - PUID=1000 - PGID=1000 volumes: - /opt/homelab/data/seerr:/app/config networks: - proxy_net labels: - "traefik.enable=true" - "traefik.http.routers.seerr.rule=Host(`jellyseer.kotori-waifu.cc`) || Host(`seer.kotori-waifu.cc`)" - "traefik.http.routers.seerr.tls=true" - "traefik.http.routers.seerr.tls.certresolver=cloudflare" - "traefik.http.routers.seerr.middlewares=authelia@docker" - "traefik.http.services.seerr.loadbalancer.server.port=5055" restart: unless-stopped flaresolverr: image: flaresolverr/flaresolverr:v3.4.3 container_name: flaresolverr network_mode: service:gluetun environment: - LOG_LEVEL=info - TZ=Etc/UTC - HOST=0.0.0.0 - PORT=8191 security_opt: - seccomp:unconfined shm_size: 1gb restart: unless-stopped watchtower: image: containrrr/watchtower:latest container_name: watchtower environment: - TZ=Europe/Berlin - WATCHTOWER_CLEANUP=true - WATCHTOWER_SCHEDULE=0 0 4 * * * - DOCKER_API_VERSION=1.44 volumes: - /var/run/docker.sock:/var/run/docker.sock networks: - proxy_net restart: unless-stopped homepage: image: ghcr.io/gethomepage/homepage:latest container_name: homepage ports: - "3000:3000" environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - HOMEPAGE_ALLOWED_HOSTS=* volumes: - /opt/homelab/data/homepage:/app/config - /var/run/docker.sock:/var/run/docker.sock:ro - /mnt/nas:/mnt/nas:ro networks: - proxy_net labels: - "traefik.enable=true" - "traefik.http.routers.homepage.rule=PathPrefix(`/`)" - "traefik.http.routers.homepage.priority=1" - "traefik.http.services.homepage.loadbalancer.server.port=3000" restart: unless-stopped komga: image: gotson/komga:latest container_name: komga environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - /opt/homelab/data/komga:/config - /mnt/nas/manga:/data ports: - "25600:25600" networks: - proxy_net labels: - "traefik.enable=true" - "traefik.http.routers.komga.rule=Host(`goon.kotori-waifu.cc`)" - "traefik.http.routers.komga.tls=true" - "traefik.http.routers.komga.tls.certresolver=cloudflare" - "traefik.http.services.komga.loadbalancer.server.port=25600" restart: unless-stopped cloudflared: image: cloudflare/cloudflared:latest container_name: cloudflared networks: - proxy_net restart: unless-stopped env_file: - .env command: tunnel --no-autoupdate run --token ${CLOUDFLARED_TOKEN} networks: proxy_net: external: true