this is the default & temporary config file

.gitignore

@@ -10,3 +10,5 @@
 /qBittorrent/config/
 /qBittorrent/qbit-config/
 
+/Caddy/tempo-storage
+/Caddy/grafana-storage

Caddy/Caddyfile

@@ -6,7 +6,7 @@
 		metrics
 	}
 
-	servers :80 {
+	servers :3000 {
 		name grafana
 		metrics
 	}

Caddy/docker-compose.yml

@@ -4,26 +4,34 @@ services:
     image: caddy:latest
     restart: unless-stopped
     ports:
-      - '80:80'
-      - '443:443'
+      - 80:80
+      - 443:443
       - '443:443/udp'
     volumes:
-      - './Caddyfile:/etc/caddy/Caddyfile'
+      - ./Caddyfile:/etc/caddy/Caddyfile
 
   # log collector
   prometheus:
     image: prom/prometheus:latest
     volumes:
-      - './prometheus.yaml:/etc/prometheus/prometheus.yml'
+      - ./prometheus.yaml:/etc/prometheus/prometheus.yml
     depends_on:
       - caddy
 
+  # trace collector
+  tempo:
+    image: grafana/tempo:latest
+    command: [ "-config.file=/opt/tempo.yaml" ] 
+    volumes:
+      - ./tempo.yaml:/opt/tempo.yaml
+      - ./tempo-storage/:/var/tempo
+
   # log viewer
   grafana:
     image: grafana/grafana:latest
     volumes:
-      - './grafana.yaml:/etc/grafana/provisioning/datasources/datasources.yaml'
-      - './grafana-storage/:/var/lib/grafana'
+      - ./grafana.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
+      - ./grafana-storage/:/var/lib/grafana
     environment:
       - GF_AUTH_ANONYMOUS_ENABLED=true
       - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
@@ -31,6 +39,5 @@ services:
       - GF_FEATURE_TOGGLES_ENABLE=traceqlEditor
     depends_on:
       - prometheus
+      - tempo
 
-volumes:
-  grafana-storage: {}

Caddy/grafana.yaml

@@ -13,3 +13,17 @@ datasources:
   editable: false
   jsonData:
     httpMethod: GET
+- name: Tempo
+  type: tempo
+  uid: tempo
+  access: proxy
+  orgId: 1
+  url: http://tempo:3200
+  basicAuth: false
+  isDefault: false
+  version: 1
+  editable: false
+  jsonData:
+    httpMethod: GET
+    serviceMap:
+      datasourceUid: 'prometheus'

Caddy/tempo.yaml

@@ -0,0 +1,60 @@
+stream_over_http_enabled: true
+server:
+  http_listen_port: 3200
+  log_level: info
+
+query_frontend:
+  search:
+    duration_slo: 5s
+    throughput_bytes_slo: 1.073741824e+09
+  trace_by_id:
+    duration_slo: 5s
+
+distributor:
+  receivers:                           # this configuration will listen on all ports and protocols that tempo is capable of.
+    jaeger:                            # the receives all come from the OpenTelemetry collector.  more configuration information can
+      protocols:                       # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
+        thrift_http:                   #
+        grpc:                          # for a production deployment you should only enable the receivers you need!
+        thrift_binary:
+        thrift_compact:
+    zipkin:
+    otlp:
+      protocols:
+        http:
+        grpc:
+    opencensus:
+
+ingester:
+  max_block_duration: 5m               # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
+
+compactor:
+  compaction:
+    block_retention: 1h                # overall Tempo trace retention. set for demo purposes
+
+metrics_generator:
+  registry:
+    external_labels:
+      source: tempo
+      cluster: docker-compose
+  storage:
+    path: /var/tempo/generator/wal
+    remote_write:
+      - url: http://prometheus:9090/api/v1/write
+        send_exemplars: true
+  traces_storage:
+    path: /var/tempo/generator/traces
+
+storage:
+  trace:
+    backend: local                     # backend configuration to use
+    wal:
+      path: /var/tempo/wal             # where to store the wal locally
+    local:
+      path: /var/tempo/blocks
+
+overrides:
+  defaults:
+    metrics_generator:
+      processors: [service-graphs, span-metrics, local-blocks] # enables metrics generator
+      generate_native_histograms: both

FileBrowser/README.md

@@ -0,0 +1,4 @@
+
+# Filebrowser
+
+Browser-based file browser. Default creds will be `admin` `admin`. Obviously change this asap

FileBrowser/compose.yml

@@ -1,5 +1,3 @@
----
-version: '3'
 services:
   file-browser:
     image: filebrowser/filebrowser
@@ -9,7 +7,7 @@ services:
     ports:
       - 8080:80
     volumes:
-      - ../../documents/:/srv/
+      - ${ZFS_POOL}/:/srv/
       - ./database.db:/database.db
     security_opt:
       - no-new-privileges:true 

Jellyfin/compose.yml

@@ -1,16 +1,14 @@
----
-version: '3'
 services:
  jellyfin:
-  user: 1000:1000
+   # GID might need to be manuall set (id -g)
+  user: ${UID}:${GID}
   restart: unless-stopped
   image: jellyfin/jellyfin:latest
   container_name: jellyfin
   volumes:
     - ./config:/config
     - ./cache:/cache
-    - ../../documents/media:/media
-  network_mode: 'host'
+    - ${ZFS_POOL}/media:/media
   ports:
     - 8096:9096
   # Requires packages:

qBittorrent/compose.yml

@@ -1,5 +1,3 @@
----
-version: '3'
 services:
   qbittorrent:
     image: qbittorrentofficial/qbittorrent-nox:latest
@@ -11,10 +9,11 @@ services:
       - QBT_EULA=true
     volumes:
       - ./qbit-config:/config
-      - ../../documents/downloads:/downloads
-    network_mode: host
+      - ${ZFS_POOL}/downloads:/downloads
     depends_on:
       - vpn
+    ports:
+      - 6882:6882
   vpn:
     image: lscr.io/linuxserver/wireguard:latest
     container_name: wireguard
@@ -22,13 +21,12 @@ services:
     cap_add:
       - NET_ADMIN
     environment:
-      - PUID=1000
-      - PGID=1000
+      - PUID=${UID}
+      - PGID=${GID}
       - TZ=America/Denver
       - SERVERPORT=51820 #optional
       - LOG_CONFS=true #optional
     volumes:
       - ./config:/config
-    network_mode: host
-    # sysctls:
-    #  - net.ipv4.conf.all.src_valid_mark=1
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1