Add Pi-hole with AdGuard DOH/DOT integration, reorganize swarm stacks, add DNS/n8n docs

services/swarm/stacks/media/media-stack.yml

@@ -0,0 +1,234 @@
+version: '3.9'
+
+networks:
+  traefik-public:
+    external: true
+  media-backend:
+    driver: overlay
+    attachable: true
+
+volumes:
+  plex_config:
+  jellyfin_config:
+  immich_upload:
+  immich_model_cache:
+  immich_db:
+  immich_redis:
+  homarr_config:
+
+services:
+
+  ############################################
+  # HOMARR
+  ############################################
+  homarr:
+    image: ghcr.io/ajnart/homarr:latest
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - homarr_config:/app/data
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - TZ=America/Chicago
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+          - node.labels.leader == true
+      labels:
+        - "traefik.enable=true"
+        - "traefik.swarm.network=traefik-public"
+
+        - "traefik.http.routers.homarr.rule=Host(`homarr.sterl.xyz`)"
+        - "traefik.http.routers.homarr.entrypoints=websecure"
+        - "traefik.http.routers.homarr.tls.certresolver=cfresolver"
+
+        - "traefik.http.services.homarr-svc.loadbalancer.server.port=7575"
+        - "tsdproxy.enable=true"
+        - "tsdproxy.name=homarr"
+        - "tsdproxy.container_port=7575"
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+
+  ############################################
+  # PLEX
+  ############################################
+  plex:
+    image: plexinc/pms-docker:latest
+    hostname: plex
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - plex_config:/config
+      - /mnt/media:/media:ro
+    environment:
+      - TZ=America/Chicago
+      - PLEX_CLAIM=claim-xxxxxxxxxxxx
+      - ADVERTISE_IP=http://192.168.1.196:32400/
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.swarm.network=traefik-public"
+
+        - "traefik.http.routers.plex.rule=Host(`plex.sterl.xyz`)"
+        - "traefik.http.routers.plex.entrypoints=websecure"
+        - "traefik.http.routers.plex.tls.certresolver=cfresolver"
+
+        - "traefik.http.services.plex-svc.loadbalancer.server.port=32400"
+        - "tsdproxy.enable=true"
+        - "tsdproxy.name=plex"
+        - "tsdproxy.container_port=32400"
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+
+  ############################################
+  # JELLYFIN
+  ############################################
+  jellyfin:
+    image: jellyfin/jellyfin:latest
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - jellyfin_config:/config
+      - /mnt/media:/media:ro
+    environment:
+      - TZ=America/Chicago
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.swarm.network=traefik-public"
+
+        - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.sterl.xyz`)"
+        - "traefik.http.routers.jellyfin.entrypoints=websecure"
+        - "traefik.http.routers.jellyfin.tls.certresolver=cfresolver"
+
+        - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
+        - "tsdproxy.enable=true"
+        - "tsdproxy.name=jellyfin"
+        - "tsdproxy.container_port=8096"
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+
+  ############################################
+  # IMMICH SERVER
+  ############################################
+  immich-server:
+    image: ghcr.io/immich-app/immich-server:release
+    networks:
+      - traefik-public
+      - media-backend
+    volumes:
+      - immich_upload:/usr/src/app/upload
+      - /mnt/media/Photos:/usr/src/app/upload/library:rw
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - DB_HOSTNAME=immich-db
+      - DB_USERNAME=immich
+      - DB_PASSWORD=immich
+      - DB_DATABASE_NAME=immich
+      - REDIS_HOSTNAME=immich-redis
+      - TZ=America/Chicago
+      - IMMICH_MEDIA_LOCATION=/usr/src/app/upload/library
+    depends_on:
+      - immich-redis
+      - immich-db
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.swarm.network=traefik-public"
+
+        - "traefik.http.routers.immich.rule=Host(`immich.sterl.xyz`)"
+        - "traefik.http.routers.immich.entrypoints=websecure"
+        - "traefik.http.routers.immich.tls.certresolver=cfresolver"
+
+        - "traefik.http.services.immich-svc.loadbalancer.server.port=2283"
+        - "tsdproxy.enable=true"
+        - "tsdproxy.name=immich"
+        - "tsdproxy.container_port=2283"
+        - "traefik.http.routers.immich.middlewares=immich-headers"
+        - "traefik.http.middlewares.immich-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+
+  ############################################
+  # IMMICH MACHINE LEARNING
+  ############################################
+  immich-machine-learning:
+    image: ghcr.io/immich-app/immich-machine-learning:release
+    networks:
+      - media-backend
+    volumes:
+      - immich_model_cache:/cache
+    environment:
+      - TZ=America/Chicago
+    depends_on:
+      - immich-server
+    deploy:
+      placement:
+        constraints:
+          - node.labels.heavy == true
+          - node.labels.ai == true
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+
+  ############################################
+  # IMMICH REDIS
+  ############################################
+  immich-redis:
+    image: redis:7-alpine
+    networks:
+      - media-backend
+    volumes:
+      - immich_redis:/data
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+
+
+  ############################################
+  # IMMICH DATABASE
+  ############################################
+  immich-db:
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0
+    networks:
+      - media-backend
+    volumes:
+      - immich_db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=immich
+      - POSTGRES_USER=immich
+      - POSTGRES_DB=immich
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3