{pkgs, ...}: { project.name = "media"; networks.dmz = { name = "dmz"; external = true; }; networks.internal = {}; services = { jellyfin.service = { image = "linuxserver/jellyfin:10.9.10"; container_name = "jellyfin"; ports = [ "8096:8096" ]; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.http.routers.jellyfin.entrypoints" = "websecure"; "traefik.http.routers.jellyfin.rule" = "Host(`jellyfin.ghoscht.com`)"; "traefik.http.services.jellyfin.loadbalancer.server.port" = "8096"; "traefik.http.services.jellyfin.loadbalancer.passHostHeader" = "true"; "traefik.http.routers.jellyfin.tls" = "true"; "traefik.http.routers.jellyfin.tls.certresolver" = "letsencrypt"; "diun.exclude_tags" = "\\d{4,}"; }; volumes = [ "/storage/dataset/docker/media/jellyfin_data:/config" "/storage/dataset/data/media/tv:/tv" "/storage/dataset/data/media/anime:/anime" "/storage/dataset/data/media/movies:/movies" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; restart = "always"; networks = [ "dmz" ]; }; navidrome.service = { image = "deluan/navidrome:0.53.1"; container_name = "navidrome"; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.docker.network" = "dmz"; "traefik.http.services.navidrome.loadbalancer.server.port" = "4533"; "traefik.http.routers.navidrome.service" = "navidrome"; "traefik.http.routers.navidrome.entrypoints" = "websecure"; "traefik.http.routers.navidrome.rule" = "Host(`music.ghoscht.com`)"; "traefik.http.routers.navidrome.tls" = "true"; "traefik.http.routers.navidrome.tls.certresolver" = "letsencrypt"; "traefik.http.services.navidrome-external.loadbalancer.server.port" = "4533"; "traefik.http.routers.navidrome-external.service" = "navidrome-external"; "traefik.http.routers.navidrome-external.rule" = "Host(`music.ghoscht.com`)"; "traefik.http.routers.navidrome-external.entrypoints" = "websecure-external"; "traefik.http.routers.navidrome-external.tls" = "true"; "traefik.http.routers.navidrome-external.tls.certresolver" = "letsencrypt"; }; volumes = [ "/storage/dataset/docker/media/navidrome_data:/data" "/storage/dataset/data/media/music:/music" ]; environment = { ND_SESSIONTIMEOUT = "336h"; }; env_file = [ "/home/ghoscht/.docker/media/navidrome.env" ]; restart = "always"; networks = [ "dmz" ]; }; kavita.service = { image = "jvmilazz0/kavita:0.8.1"; container_name = "kavita"; labels = { "traefik.enable" = "true"; "traefik.http.routers.kavita.entrypoints" = "websecure"; "traefik.http.routers.kavita.rule" = "Host(`kavita.ghoscht.com`)"; "traefik.http.services.kavita.loadbalancer.server.port" = "5000"; "traefik.http.routers.kavita.tls" = "true"; "traefik.http.routers.kavita.tls.certresolver" = "letsencrypt"; }; volumes = [ "/storage/dataset/docker/media/kavita_data:/kavita/config" "/storage/dataset/data/media/manga:/manga" "/storage/dataset/data/media/comics:/comics" ]; restart = "always"; networks = [ "dmz" ]; }; vpn.service = { image = "haugene/transmission-openvpn:5.3.1"; container_name = "transmission"; labels = { "traefik.enable" = "true"; "traefik.http.routers.transmission.entrypoints" = "websecure"; "traefik.http.routers.transmission.rule" = "Host(`transmission.ghoscht.com`)"; "traefik.http.services.transmission.loadbalancer.server.port" = "9091"; "traefik.docker.network" = "dmz"; "traefik.http.routers.transmission.tls" = "true"; "traefik.http.routers.transmission.tls.certresolver" = "letsencrypt"; "traefik.http.routers.transmission.middlewares" = "authentik@file"; }; volumes = [ "/storage/dataset/docker/media/transmission_data:/config" "/storage/dataset/data/:/data" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; OPENVPN_PROVIDER = "WINDSCRIBE"; OPENVPN_CONFIG = "Amsterdam-Tulip-udp"; OVPN_PROTOCOL = "udp"; OPENVPN_OPTS = "--reneg-sec 0 --verb 4"; LOCAL_NETWORK = "192.168.0.0/16"; TRANSMISSION_DOWNLOAD_DIR = "/data/torrents"; TRANSMISSION_INCOMPLETE_DIR = "/data/torrents/incomplete"; TRANSMISSION_WEB_UI = "flood-for-transmission"; WEBPROXY_ENABLED = "true"; }; ports = ["8118:8118"]; env_file = [ "/home/ghoscht/.docker/media/windscribe.env" ]; capabilities = { NET_ADMIN = true; }; restart = "always"; networks = [ "dmz" "internal" ]; }; prowlarr.service = { image = "linuxserver/prowlarr:1.23.1"; container_name = "prowlarr"; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.http.routers.prowlarr.entrypoints" = "websecure"; "traefik.http.routers.prowlarr.rule" = "Host(`prowlarr.ghoscht.com`)"; "traefik.http.services.prowlarr.loadbalancer.server.port" = "9696"; "traefik.docker.network" = "dmz"; "traefik.http.routers.prowlarr.tls" = "true"; "traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.prowlarr.middlewares" = "authentik@file"; }; volumes = [ "/storage/dataset/docker/media/prowlarr_data:/config" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; network_mode = "service:vpn"; depends_on = { vpn = {condition = "service_healthy";}; }; restart = "always"; }; sonarr.service = { image = "linuxserver/sonarr:4.0.9"; container_name = "sonarr"; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.http.routers.sonarr.entrypoints" = "websecure"; "traefik.http.routers.sonarr.rule" = "Host(`sonarr.ghoscht.com`)"; "traefik.http.services.sonarr.loadbalancer.server.port" = "8989"; "traefik.docker.network" = "dmz"; "traefik.http.routers.sonarr.tls" = "true"; "traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.sonarr.middlewares" = "authentik@file"; }; volumes = [ "/storage/dataset/docker/media/sonarr_data:/config" "/storage/dataset/data/:/data" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; network_mode = "service:vpn"; depends_on = { vpn = {condition = "service_healthy";}; prowlarr = {condition = "service_started";}; }; restart = "always"; }; radarr.service = { image = "linuxserver/radarr:5.9.1"; container_name = "radarr"; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.http.routers.radarr.entrypoints" = "websecure"; "traefik.http.routers.radarr.rule" = "Host(`radarr.ghoscht.com`)"; "traefik.http.services.radarr.loadbalancer.server.port" = "7878"; "traefik.docker.network" = "dmz"; "traefik.http.routers.radarr.tls" = "true"; "traefik.http.routers.radarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.radarr.middlewares" = "authentik@file"; }; volumes = [ "/storage/dataset/docker/media/radarr_data:/config" "/storage/dataset/data/:/data" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; network_mode = "service:vpn"; depends_on = { vpn = {condition = "service_healthy";}; prowlarr = {condition = "service_started";}; }; restart = "always"; }; lidarr.service = { image = "linuxserver/lidarr:2.5.3"; container_name = "lidarr"; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.http.routers.lidarr.entrypoints" = "websecure"; "traefik.http.routers.lidarr.rule" = "Host(`lidarr.ghoscht.com`)"; "traefik.http.services.lidarr.loadbalancer.server.port" = "8686"; "traefik.http.routers.lidarr.service" = "lidarr"; "traefik.docker.network" = "dmz"; "traefik.http.routers.lidarr.tls" = "true"; "traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.lidarr.middlewares" = "authentik@file"; "diun.exclude_tags" = "\\d{4,}"; }; volumes = [ "/storage/dataset/docker/media/lidarr_data:/config" "/storage/dataset/docker/media/lidarr_addons/custom-services.d:/custom-services.d" "/storage/dataset/docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d" "/storage/dataset/data/:/data" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; network_mode = "service:vpn"; depends_on = { vpn = {condition = "service_healthy";}; prowlarr = {condition = "service_started";}; }; restart = "always"; }; bazarr.service = { image = "hotio/bazarr:release-1.4.3"; container_name = "bazarr"; labels = { "traefik.enable" = "true"; "traefik.http.routers.bazarr.entrypoints" = "websecure"; "traefik.http.routers.bazarr.rule" = "Host(`bazarr.ghoscht.com`)"; "traefik.http.services.bazarr.loadbalancer.server.port" = "6767"; "traefik.docker.network" = "dmz"; "traefik.http.routers.bazarr.tls" = "true"; "traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.bazarr.middlewares" = "authentik@file"; }; volumes = [ "/storage/dataset/docker/media/bazarr_data:/config" "/storage/dataset/data/:/data" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; networks = ["dmz"]; restart = "always"; }; jellyseerr.service = { image = "fallenbagel/jellyseerr:1.7.0"; container_name = "jellyseerr"; labels = { "traefik.enable" = "true"; "traefik.http.routers.jellyseerr.entrypoints" = "websecure"; "traefik.http.routers.jellyseerr.rule" = "Host(`jellyseerr.ghoscht.com`)"; "traefik.http.services.jellyseerr.loadbalancer.server.port" = "5055"; "traefik.docker.network" = "dmz"; "traefik.http.routers.jellyseerr.tls" = "true"; "traefik.http.routers.jellyseerr.tls.certresolver" = "letsencrypt"; }; volumes = [ "/storage/dataset/docker/media/jellyseerr_data:/app/config" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; networks = ["dmz"]; restart = "always"; }; autobrr.service = { image = "ghcr.io/autobrr/autobrr:v1.46.0"; container_name = "autobrr"; labels = { "traefik.enable" = "true"; "diun.enable" = "true"; "traefik.http.routers.autobrr.entrypoints" = "websecure"; "traefik.http.routers.autobrr.rule" = "Host(`autobrr.ghoscht.com`)"; "traefik.http.services.autobrr.loadbalancer.server.port" = "7474"; "traefik.docker.network" = "dmz"; "traefik.http.routers.autobrr.tls" = "true"; "traefik.http.routers.autobrr.tls.certresolver" = "letsencrypt"; "diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$"; }; volumes = [ "/storage/dataset/docker/media/autobrr_data:/config" ]; environment = { PUID = 1000; PGID = 1000; TZ = "Europe/Berlin"; }; network_mode = "service:vpn"; depends_on = { vpn = {condition = "service_healthy";}; prowlarr = {condition = "service_started";}; sonarr = {condition = "service_started";}; radarr = {condition = "service_started";}; }; restart = "always"; }; deemix.service = { image = "finniedj/deemix:latest"; container_name = "deemix"; labels = { "traefik.enable" = "true"; "traefik.http.routers.deemix.entrypoints" = "websecure"; "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)"; "traefik.http.services.deemix.loadbalancer.server.port" = "6595"; "traefik.docker.network" = "dmz"; "traefik.http.routers.deemix.tls" = "true"; "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt"; }; volumes = [ "/storage/dataset/data/deemix:/downloads" ]; environment = { PUID = 1000; PGID = 1000; UMASK_SET = 022; TZ = "Europe/Berlin"; }; network_mode = "service:vpn"; depends_on = { vpn = {condition = "service_healthy";}; }; restart = "always"; }; unpackerr.service = { image = "golift/unpackerr:0.13"; container_name = "unpackerr"; volumes = [ "/storage/dataset/data/:/data" ]; user = "1000:1000"; env_file = [ "/home/ghoscht/.docker/media/unpackerr.env" ]; environment = { TZ = "Europe/Berlin"; # General config UN_DEBUG = "false"; UN_INTERVAL = "2m"; UN_START_DELAY = "1m"; UN_RETRY_DELAY = "5m"; UN_MAX_RETRIES = 3; UN_PARALLEL = 1; UN_FILE_MODE = 0644; UN_DIR_MODE = 0755; # Sonarr Config UN_SONARR_0_URL = "http://transmission:8989"; UN_SONARR_0_PATHS_0 = "/data/torrents/tv"; UN_SONARR_0_PROTOCOLS = "torrent"; UN_SONARR_0_TIMEOUT = "10s"; UN_SONARR_0_DELETE_ORIG = "false"; UN_SONARR_0_DELETE_DELAY = "5m"; # Radarr Config UN_RADARR_0_URL = "http://transmission:7878"; UN_RADARR_0_PATHS_0 = "/data/torrents/movies"; UN_RADARR_0_PROTOCOLS = "torrent"; UN_RADARR_0_TIMEOUT = "10s"; UN_RADARR_0_DELETE_ORIG = "false"; UN_RADARR_0_DELETE_DELAY = "5m"; # Lidarr Config UN_LIDARR_0_URL = "http://transmission:8686"; UN_LIDARR_0_PATHS_0 = "/data/torrents/music"; UN_LIDARR_0_PROTOCOLS = "torrent"; UN_LIDARR_0_TIMEOUT = "10s"; UN_LIDARR_0_DELETE_ORIG = "false"; UN_LIDARR_0_DELETE_DELAY = "5m"; }; networks = ["dmz"]; depends_on = { vpn = {condition = "service_healthy";}; prowlarr = {condition = "service_started";}; sonarr = {condition = "service_started";}; radarr = {condition = "service_started";}; }; restart = "always"; }; port-refresh.service = { image = "ghoscht/windscribe-ephemeral-port:latest"; container_name = "port-refresh"; volumes = [ "/storage/dataset/docker/media/port-refresh_config/config.yml:/config/config.yaml" ]; networks = [ "internal" ]; depends_on = { vpn = {condition = "service_healthy";}; }; }; }; }