Initial commit: homelab configuration and documentation

services/swarm/omv_volume_stacks/docker-swarm-media-stack.yml

@@ -0,0 +1,198 @@
+# Full corrected Immich/Media stack (Traefik-ready)
+# Requires pre-existing external overlay: traefik-public
+
+version: '3.9'
+
+networks:
+  traefik-public:
+    external: true
+  media-backend:
+    driver: overlay
+
+volumes:
+  plex_config:
+  jellyfin_config:
+  immich_upload:
+  immich_model_cache:
+  immich_db:
+  immich_redis:
+  homarr_config:
+
+services:
+  homarr:
+    image: ghcr.io/ajnart/homarr:latest
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - homarr_config:/app/data
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - TZ=America/Chicago
+    deploy:
+      placement:
+        constraints:
+          - node.labels.leader == true
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.homarr-router.rule=Host(`homarr.sj98.duckdns.org`)"
+        - "traefik.http.routers.homarr-router.entrypoints=websecure"
+        - "traefik.http.routers.homarr-router.tls.certresolver=leresolver"
+        - "traefik.http.services.homarr.loadbalancer.server.port=7575"
+        - "traefik.docker.network=traefik-public"
+      resources:
+        limits:
+          memory: 512M
+        reservations:
+          memory: 128M
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+  plex:
+    image: plexinc/pms-docker:latest
+    hostname: plex
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - plex_config:/config
+      - /mnt/media:/media:ro
+    environment:
+      - TZ=America/Chicago
+      - PLEX_CLAIM=claim-xxxxxxxxxxxx
+      - ADVERTISE_IP=http://192.168.1.196:32400/
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.plex-router.rule=Host(`plex.sj98.duckdns.org`)"
+        - "traefik.http.routers.plex-router.entrypoints=websecure"
+        - "traefik.http.routers.plex-router.tls.certresolver=leresolver"
+        - "traefik.http.services.plex.loadbalancer.server.port=32400"
+        - "traefik.docker.network=traefik-public"
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+  jellyfin:
+    image: jellyfin/jellyfin:latest
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - jellyfin_config:/config
+      - /mnt/media:/media:ro
+    environment:
+      - TZ=America/Chicago
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.jellyfin-router.rule=Host(`jellyfin.sj98.duckdns.org`)"
+        - "traefik.http.routers.jellyfin-router.entrypoints=websecure"
+        - "traefik.http.routers.jellyfin-router.tls.certresolver=leresolver"
+        - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
+        - "traefik.docker.network=traefik-public"
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+  immich-server:
+    image: ghcr.io/immich-app/immich-server:release
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - /mnt/media/immich:/usr/src/app/upload
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - DB_HOSTNAME=immich-db
+      - DB_USERNAME=immich
+      - DB_PASSWORD=immich
+      - DB_DATABASE_NAME=immich
+      - REDIS_HOSTNAME=immich-redis
+      - TZ=America/Chicago
+    depends_on:
+      - immich-redis
+      - immich-db
+    deploy:
+      placement:
+        constraints:
+          - node.labels.leader == true
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.immich-server-router.rule=Host(`immich.sj98.duckdns.org`)"
+        - "traefik.http.routers.immich-server-router.entrypoints=websecure"
+        - "traefik.http.routers.immich-server-router.tls.certresolver=leresolver"
+        - "traefik.http.services.immich-server.loadbalancer.server.port=2283"
+        - "traefik.docker.network=traefik-public"
+        # Immich-specific headers and settings
+        - "traefik.http.routers.immich-server-router.middlewares=immich-headers"
+        - "traefik.http.middlewares.immich-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+        - "traefik.http.services.immich-server.loadbalancer.passhostheader=true"
+      resources:
+        limits:
+          memory: 2G
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+  immich-machine-learning:
+    image: ghcr.io/immich-app/immich-machine-learning:release
+    networks:
+      - media-backend
+    volumes:
+      - immich_model_cache:/cache
+    environment:
+      - TZ=America/Chicago
+    depends_on:
+      - immich-server
+    deploy:
+      placement:
+        constraints:
+         - node.labels.heavy == true
+         - node.labels.ai == true
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+  immich-redis:
+    image: redis:7-alpine
+    networks:
+      - media-backend
+    volumes:
+      - immich_redis:/data
+    deploy:
+      placement:
+        constraints:
+          - node.labels.leader == true
+          - node.role == manager
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+  immich-db:
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0
+    networks:
+      - media-backend
+    volumes:
+      - /mnt/database/immich:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=immich
+      - POSTGRES_USER=immich
+      - POSTGRES_DB=immich
+    deploy:
+      placement:
+        constraints:
+          - node.labels.leader == true
+          - node.role == manager
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3