this is the default & temporary config file

a better version of the nginx otel config

.gitignore

@@ -0,0 +1,14 @@
+/Revolt/data
+/OpenWebUI/open-webui
+/uptime-kuma/data
+/FileBrowser/database.db
+/Pacoloco/cache/
+
+/Jellyfin/cache/
+/Jellyfin/config/
+
+/qBittorrent/config/
+/qBittorrent/qbit-config/
+
+/Caddy/tempo-storage
+/Caddy/grafana-storage

Caddy/Caddyfile

@@ -0,0 +1,23 @@
+{
+	admin :2019
+
+	servers :80 {
+		name static_site
+		metrics
+	}
+
+	servers :3000 {
+		name grafana
+		metrics
+	}
+}
+
+:80 {
+	root * /path/to/html
+	file_server
+}
+
+:3000 {
+	reverse_proxy grafana:3000
+}
+

Caddy/README.md

@@ -0,0 +1,3 @@
+This is almost production ready.
+
+You would want to change the Caddyfile and also the Grafana config in the docker compose file. Currently it doesn't ask for credentials as just gives you admin privilages. Nice for testing tho.

Caddy/docker-compose.yml

@@ -0,0 +1,43 @@
+services:
+  # r-proxy, log generator
+  caddy:
+    image: caddy:latest
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+      - '443:443/udp'
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+
+  # log collector
+  prometheus:
+    image: prom/prometheus:latest
+    volumes:
+      - ./prometheus.yaml:/etc/prometheus/prometheus.yml
+    depends_on:
+      - caddy
+
+  # trace collector
+  tempo:
+    image: grafana/tempo:latest
+    command: [ "-config.file=/opt/tempo.yaml" ] 
+    volumes:
+      - ./tempo.yaml:/opt/tempo.yaml
+      - ./tempo-storage/:/var/tempo
+
+  # log viewer
+  grafana:
+    image: grafana/grafana:latest
+    volumes:
+      - ./grafana.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
+      - ./grafana-storage/:/var/lib/grafana
+    environment:
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+      - GF_AUTH_DISABLE_LOGIN_FORM=true
+      - GF_FEATURE_TOGGLES_ENABLE=traceqlEditor
+    depends_on:
+      - prometheus
+      - tempo
+

Caddy/grafana.yaml

@@ -0,0 +1,29 @@
+apiVersion: 1
+
+datasources:
+- name: Prometheus
+  type: prometheus
+  uid: prometheus
+  access: proxy
+  orgId: 1
+  url: http://prometheus:9090
+  basicAuth: false
+  isDefault: false
+  version: 1
+  editable: false
+  jsonData:
+    httpMethod: GET
+- name: Tempo
+  type: tempo
+  uid: tempo
+  access: proxy
+  orgId: 1
+  url: http://tempo:3200
+  basicAuth: false
+  isDefault: false
+  version: 1
+  editable: false
+  jsonData:
+    httpMethod: GET
+    serviceMap:
+      datasourceUid: 'prometheus'

Caddy/prometheus.yaml

@@ -0,0 +1,8 @@
+global:
+  scrape_interval: 15s # default is 1 minute
+
+scrape_configs:
+  - job_name: caddy
+    static_configs:
+      # docker networking
+      - targets: ['caddy:2019']

Caddy/tempo.yaml

@@ -0,0 +1,60 @@
+stream_over_http_enabled: true
+server:
+  http_listen_port: 3200
+  log_level: info
+
+query_frontend:
+  search:
+    duration_slo: 5s
+    throughput_bytes_slo: 1.073741824e+09
+  trace_by_id:
+    duration_slo: 5s
+
+distributor:
+  receivers:                           # this configuration will listen on all ports and protocols that tempo is capable of.
+    jaeger:                            # the receives all come from the OpenTelemetry collector.  more configuration information can
+      protocols:                       # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
+        thrift_http:                   #
+        grpc:                          # for a production deployment you should only enable the receivers you need!
+        thrift_binary:
+        thrift_compact:
+    zipkin:
+    otlp:
+      protocols:
+        http:
+        grpc:
+    opencensus:
+
+ingester:
+  max_block_duration: 5m               # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
+
+compactor:
+  compaction:
+    block_retention: 1h                # overall Tempo trace retention. set for demo purposes
+
+metrics_generator:
+  registry:
+    external_labels:
+      source: tempo
+      cluster: docker-compose
+  storage:
+    path: /var/tempo/generator/wal
+    remote_write:
+      - url: http://prometheus:9090/api/v1/write
+        send_exemplars: true
+  traces_storage:
+    path: /var/tempo/generator/traces
+
+storage:
+  trace:
+    backend: local                     # backend configuration to use
+    wal:
+      path: /var/tempo/wal             # where to store the wal locally
+    local:
+      path: /var/tempo/blocks
+
+overrides:
+  defaults:
+    metrics_generator:
+      processors: [service-graphs, span-metrics, local-blocks] # enables metrics generator
+      generate_native_histograms: both

FileBrowser/README.md

@@ -0,0 +1,4 @@
+
+# Filebrowser
+
+Browser-based file browser. Default creds will be `admin` `admin`. Obviously change this asap

FileBrowser/compose.yml

@@ -1,5 +1,3 @@
----
-version: '3'
 services:
   file-browser:
     image: filebrowser/filebrowser
@@ -9,10 +7,8 @@ services:
     ports:
       - 8080:80
     volumes:
-      # Probably put this somewhere else. (Such as on RAID)
-      - ./documents/:/srv
+      - ${ZFS_POOL}/:/srv/
       - ./database.db:/database.db
     security_opt:
       - no-new-privileges:true 
 
-

Jellyfin/compose.yml

@@ -0,0 +1,22 @@
+services:
+ jellyfin:
+   # GID might need to be manuall set (id -g)
+  user: ${UID}:${GID}
+  restart: unless-stopped
+  image: jellyfin/jellyfin:latest
+  container_name: jellyfin
+  volumes:
+    - ./config:/config
+    - ./cache:/cache
+    - ${ZFS_POOL}/media:/media
+  ports:
+    - 8096:9096
+  # Requires packages:
+  # nvidia-contianer-toolkit
+  # runtime: nvidia
+  # deploy:
+  #   resources:
+  #     reservations:
+  #       devices:
+  #         - capabilities: [gpu]
+  

Jellyfin/docker-compose.yml

@@ -1,24 +0,0 @@
----
-version: '3'
-services:
- jellyfin:
-  user: 1000:1000
-  restart: unless-stopped
-  image: jellyfin/jellyfin:latest
-  container_name: jellyfin
-  volumes:
-    - ./config:/config
-    - ./cache:/cache
-    # If FileBrowser can see this you can manage your media easier
-    - ./media:/media
-  network_mode: 'host'
-  # Requires packages:
-  # nvidia-contianer-toolkit
-  # docker > 19.03
-  runtime: nvidia
-  deploy:
-    resources:
-      reservations:
-        devices:
-          - capabilities: [gpu]
-  

OpenWebUI/README.md

@@ -0,0 +1,4 @@
+
+# Open Web UI
+
+Currently this config expects ollama to be running on a different device, the compose.yml has the ip for you to change in it.

OpenWebUI/compose.yml

@@ -0,0 +1,13 @@
+services:
+  open-webui:
+    image: ghcr.io/open-webui/open-webui:main
+    restart: unless-stopped
+    environment:
+      - WEBUI_AUTH=False
+      - OLLAMA_BASE_URL=http://10.0.0.21:11434
+    ports:
+      - 4000:8080
+    volumes:
+      - './open-webui:/app/backend/data'
+
+

Rabbitmq/Dockerfile

@@ -0,0 +1,18 @@
+# 3.13 management
+FROM rabbitmq:3.13-rc
+
+RUN set eux; \
+	rabbitmq-plugins enable --offline rabbitmq_management; \
+# make sure the metrics collector is re-enabled (disabled in the base image for Prometheus-style metrics by default)
+	rm -f /etc/rabbitmq/conf.d/20-management_agent.disable_metrics_collector.conf; \
+# grab "rabbitmqadmin" from inside the "rabbitmq_management-X.Y.Z" plugin folder
+# see https://github.com/docker-library/rabbitmq/issues/207
+	cp /plugins/rabbitmq_management-*/priv/www/cli/rabbitmqadmin /usr/local/bin/rabbitmqadmin; \
+	[ -s /usr/local/bin/rabbitmqadmin ]; \
+	chmod +x /usr/local/bin/rabbitmqadmin; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends python3; \
+	rm -rf /var/lib/apt/lists/*; \
+	rabbitmqadmin --version
+
+EXPOSE 15671 15672

Rabbitmq/docker-compose.yml

@@ -1,14 +1,19 @@
 ---
 version: '3'
 services:
-  file-browser:
-    image: 
+  rabbitmq:
+    build: ./
     restart: unless-stopped
     container_name: rabbitmq
+    # Configuration
+    # https://www.rabbitmq.com/configure.html 
+    volumes:
+      - ./rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf
     security_opt:
       - no-new-privileges:true 
-    environment:
-      - RABBITMQ_DEFAULT_USER=username
-      - RABBITMQ_DEFAULT_PASS=password
+    ports:
+      # Web-management
+      - 8080:15672
+      - 5672:5672
 
 

Revolt/.env

@@ -0,0 +1,108 @@
+##
+## Quark configuration
+##
+
+# MongoDB
+MONGODB=mongodb://database
+
+# Redis
+REDIS_URI=redis://redis/
+
+# Hostname used for Caddy
+# This should in most cases match REVOLT_APP_URL
+HOSTNAME=http://local.revolt.chat
+
+# URL to where the Revolt app is publicly accessible
+REVOLT_APP_URL=http://local.revolt.chat
+
+# VITE_xxx variables are used in the new frontend https://github.com/revoltchat/frontend
+
+# URL to where the API is publicly accessible
+REVOLT_PUBLIC_URL=http://local.revolt.chat/api
+VITE_API_URL=http://local.revolt.chat/api
+
+# URL to where the WebSocket server is publicly accessible
+REVOLT_EXTERNAL_WS_URL=ws://local.revolt.chat/ws
+VITE_WS_URL=ws://local.revolt.chat/ws
+
+# URL to where Autumn is publicly available
+AUTUMN_PUBLIC_URL=http://local.revolt.chat/autumn
+VITE_MEDIA_URL=http://local.revolt.chat/autumn
+
+# URL to where January is publicly available
+JANUARY_PUBLIC_URL=http://local.revolt.chat/january
+VITE_PROXY_URL=http://local.revolt.chat/january
+
+
+##
+## hCaptcha Settings
+##
+
+# If you are sure that you don't want to use hCaptcha, set to 1.
+REVOLT_UNSAFE_NO_CAPTCHA=1
+
+# hCaptcha API key (This is the "Secret key" from your User Settings page)
+# REVOLT_HCAPTCHA_KEY=0x0000000000000000000000000000000000000000
+
+# hCaptcha site key
+# REVOLT_HCAPTCHA_SITEKEY=10000000-ffff-ffff-ffff-000000000001
+
+
+##
+## Email Settings
+##
+
+# If you are sure that you don't want to use email verification, set to 1.
+REVOLT_UNSAFE_NO_EMAIL=1
+
+# SMTP host
+# REVOLT_SMTP_HOST=smtp.example.com
+
+# SMTP username
+# REVOLT_SMTP_USERNAME=noreply@example.com
+
+# SMTP password
+# REVOLT_SMTP_PASSWORD=CHANGEME
+
+# SMTP From header
+# REVOLT_SMTP_FROM=Revolt <noreply@example.com>
+
+
+##
+## Application Settings
+##
+
+# Whether to only allow users to sign up if they have an invite code
+REVOLT_INVITE_ONLY=0
+
+# Maximum number of people that can be in a group chat
+REVOLT_MAX_GROUP_SIZE=150
+
+# VAPID keys for push notifications
+# Generate using this guide: https://gitlab.insrt.uk/revolt/delta/-/wikis/vapid
+# --> Please replace these keys before going into production! <--
+REVOLT_VAPID_PRIVATE_KEY=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJSUWpyTWxLRnBiVWhsUHpUbERvcEliYk1yeVNrNXpKYzVYVzIxSjJDS3hvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWnkrQkg2TGJQZ2hEa3pEempXOG0rUXVPM3pCajRXT1phdkR6ZU00c0pqbmFwd1psTFE0WAp1ZDh2TzVodU94QWhMQlU3WWRldVovWHlBdFpWZmNyQi9BPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+REVOLT_VAPID_PUBLIC_KEY=BGcvgR-i2z4IQ5Mw841vJvkLjt8wY-FjmWrw83jOLCY52qcGZS0OF7nfLzuYbjsQISwVO2HXrmf18gLWVX3Kwfw=
+
+
+##
+## Autumn configuration
+##
+
+# S3 Region
+AUTUMN_S3_REGION=minio
+
+# S3 Endpoint
+AUTUMN_S3_ENDPOINT=http://minio:9000
+
+# MinIO Root User
+MINIO_ROOT_USER=minioautumn
+
+# MinIO Root Password
+MINIO_ROOT_PASSWORD=minioautumn
+
+# AWS Access Key ID
+AWS_ACCESS_KEY_ID=minioautumn
+
+# AWS Secret Key
+AWS_SECRET_ACCESS_KEY=minioautumn

Revolt/.env.caddy

@@ -0,0 +1 @@
+HOSTNAME=http://local.revolt.chat

Revolt/Caddyfile

@@ -0,0 +1,42 @@
+{
+	admin :2019
+
+	servers {
+		metrics
+	}
+}
+
+// {$HOSTNAME} {
+:80 {
+	route /api* {
+		uri strip_prefix /api
+		reverse_proxy http://api:8000
+	}
+
+	route /ws {
+		@upgrade {
+			header Connection *Upgrade*
+			header Upgrade websocket
+		}
+
+		uri strip_prefix /ws
+		reverse_proxy @upgrade http://events:9000
+	}
+
+	route /autumn* {
+		uri strip_prefix /autumn
+		reverse_proxy http://autumn:3000
+	}
+
+	route /january* {
+		uri strip_prefix /january
+		reverse_proxy http://january:7000
+	}
+
+	route /stats* {
+		uri strip_prefix /stats
+		reverse_proxy http://grafana:3000
+	}
+
+	reverse_proxy http://web:5000
+}

Revolt/README.md

@@ -0,0 +1,13 @@
+Run a revolt server with fancy monitoring (WIP)
+
+
+# Prep
+
+You may need to run
+```bash
+sudo mount --make-rshared /
+```
+
+# Before Prod
+- [ ] Change .env.grafana file usernames and passwords
+- [ ] Change .env file urls

Revolt/Revolt.toml

@@ -0,0 +1,97 @@
+[database]
+mongodb = "mongodb://database"
+redis = "redis://redis/"
+
+[hosts]
+app = "http://local.revolt.chat"
+api = "http://local.revolt.chat/api"
+events = "ws://local.revolt.chat/ws"
+autumn = "http://local.revolt.chat/autumn"
+january = "http://local.revolt.chat/january"
+voso_legacy = ""
+voso_legacy_ws = ""
+
+[api]
+
+[api.registration]
+invite_only = false
+
+[api.smtp]
+host = ""
+username = ""
+password = ""
+from_address = ""
+
+[api.vapid]
+private_key = "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJSUWpyTWxLRnBiVWhsUHpUbERvcEliYk1yeVNrNXpKYzVYVzIxSjJDS3hvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWnkrQkg2TGJQZ2hEa3pEempXOG0rUXVPM3pCajRXT1phdkR6ZU00c0pqbmFwd1psTFE0WAp1ZDh2TzVodU94QWhMQlU3WWRldVovWHlBdFpWZmNyQi9BPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo"
+public_key = "BGcvgR-i2z4IQ5Mw841vJvkLjt8wY-FjmWrw83jOLCY52qcGZS0OF7nfLzuYbjsQISwVO2HXrmf18gLWVX3Kwfw="
+
+[api.fcm]
+api_key = ""
+
+[api.apn]
+pkcs8 = ""
+key_id = ""
+team_id = ""
+
+[api.security]
+authifier_shield_key = ""
+voso_legacy_token = ""
+trust_cloudflare = false
+
+[api.security.captcha]
+hcaptcha_key = ""
+hcaptcha_sitekey = ""
+
+[api.workers]
+max_concurrent_connections = 50
+
+[features]
+webhooks_enabled = false
+
+[features.limits]
+
+[features.limits.global]
+group_size = 100
+message_embeds = 5
+message_replies = 5
+message_reactions = 20
+server_emoji = 100
+server_roles = 200
+server_channels = 200
+
+new_user_days = 3
+
+[features.limits.new_user]
+outgoing_friend_requests = 5
+
+bots = 2
+message_length = 2000
+message_attachments = 5
+servers = 100
+
+attachment_size = 20000000
+avatar_size = 4000000
+background_size = 6000000
+icon_size = 2500000
+banner_size = 6000000
+emoji_size = 500000
+
+[features.limits.default]
+outgoing_friend_requests = 10
+
+bots = 5
+message_length = 2000
+message_attachments = 5
+servers = 100
+
+attachment_size = 20000000
+avatar_size = 4000000
+background_size = 6000000
+icon_size = 2500000
+banner_size = 6000000
+emoji_size = 500000
+
+[sentry]
+api = ""
+events = ""

Revolt/compose.yaml

@@ -0,0 +1,183 @@
+services:
+  # r-proxy, log generator
+  caddy:
+    image: caddy:latest
+    restart: always
+    env_file: .env.caddy
+    ports:
+      - '8880:80'
+      - '4443:443'
+    volumes:
+      - './Caddyfile:/etc/caddy/Caddyfile'
+      - './data/caddy-data:/data'
+      - './data/caddy-config:/config'
+
+  ##########################################
+  #    Monitoring
+  #####
+
+  # log collector
+  prometheus:
+    image: prom/prometheus:latest
+    restart: always
+    volumes:
+      - ./prometheus/:/etc/prometheus/
+      - prometheus_storage:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
+      - '--web.console.templates=/usr/share/prometheus/consoles'
+    ports:
+      - 9090:9090
+    # links:
+      # - cadvisor:cadvisor
+    depends_on:
+      - cadvisor
+      - caddy
+
+  # log viewer
+  grafana:
+    image: grafana/grafana:latest
+    user: "472"
+    restart: always
+    ports:
+      - 3000:3000
+    volumes:
+      - './grafana/provisioning/:/etc/grafana/provisioning/'
+      - 'grafana_storage:/var/lib/grafana'
+    env_file:
+      - ./grafana/.env.grafana
+    depends_on:
+      - prometheus
+
+  node-exporter:
+    image: quay.io/prometheus/node-exporter:latest
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+      - /:/host:ro,rslave
+    command: 
+      - '--path.rootfs=/host'
+      - '--path.procfs=/host/proc' 
+      - '--path.sysfs=/host/sys'
+      - --collector.filesystem.mount-points-exclude
+      - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
+    ports:
+      - 9100:9100
+    restart: always
+    deploy:
+      mode: global
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:rw
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+    ports:
+      - 8080:8080
+    restart: always
+    deploy:
+      mode: global
+
+  ##########################################
+  #    Revolt
+  #####
+
+  # MongoDB database
+  database:
+    image: mongo
+    restart: always
+    volumes:
+      - './data/db:/data/db'
+
+  # Redis server
+  redis:
+    image: eqalpha/keydb
+    restart: always
+
+  # S3-compatible storage server
+  minio:
+    image: minio/minio
+    command: server /data
+    env_file: .env
+    volumes:
+      - './data/minio:/data'
+    restart: always
+
+  # API server (delta)
+  api:
+    image: ghcr.io/revoltchat/server:latest
+    env_file: .env
+    depends_on:
+      - database
+      - redis
+      - caddy
+    restart: always
+    volumes:
+      - './Revolt.toml:/Revolt.toml'
+
+  # Events service (quark)
+  events:
+    image: ghcr.io/revoltchat/bonfire:latest
+    env_file: .env
+    depends_on:
+      - database
+      - redis
+      - caddy
+    restart: always
+    volumes:
+      - './Revolt.toml:/Revolt.toml'
+
+  # Web App (revite)
+  web:
+    image: ghcr.io/revoltchat/client:master
+    env_file: .env
+    depends_on:
+      - caddy
+    restart: always
+
+  # File server (autumn)
+  autumn:
+    image: ghcr.io/revoltchat/autumn:latest
+    env_file: .env
+    depends_on:
+      - database
+      - createbuckets
+      - caddy
+    environment:
+      - AUTUMN_MONGO_URI=mongodb://database
+    restart: always
+
+  # Metadata and image proxy (january)
+  january:
+    image: ghcr.io/revoltchat/january:latest
+    depends_on:
+      - caddy
+    restart: always
+
+  # Create buckets for minio.
+  createbuckets:
+    image: minio/mc
+    depends_on:
+      - minio
+    env_file: .env
+    entrypoint: >
+      /bin/sh -c "
+      /usr/bin/mc config host add minio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD;
+      while ! /usr/bin/mc ready minio; do echo 'Waiting minio...' && sleep 1; done;
+      /usr/bin/mc mb minio/attachments;
+      /usr/bin/mc mb minio/avatars;
+      /usr/bin/mc mb minio/backgrounds;
+      /usr/bin/mc mb minio/icons;
+      /usr/bin/mc mb minio/banners;
+      /usr/bin/mc mb minio/emojis;
+      exit 0;
+      "
+
+volumes:
+  grafana_storage: {}
+  prometheus_storage: {}

Revolt/grafana/.env.grafana

@@ -0,0 +1,4 @@
+GF_AUTH_ANONYMOUS_ENABLED=true
+GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+GF_AUTH_DISABLE_LOGIN_FORM=true
+GF_FEATURE_TOGGLES_ENABLE=traceqlEditor

Revolt/grafana/provisioning/datasources/datasources.yaml

@@ -0,0 +1,15 @@
+apiVersion: 1
+
+datasources:
+- name: Prometheus
+  type: prometheus
+  uid: prometheus
+  access: proxy
+  orgId: 1
+  url: http://prometheus:9090
+  basicAuth: false
+  isDefault: false
+  version: 1
+  editable: false
+  jsonData:
+    httpMethod: GET

Revolt/prometheus/prometheus.yml

@@ -0,0 +1,24 @@
+global:
+  scrape_interval: 15s
+  external_labels:
+      monitor: 'Revolt'
+
+scrape_configs:
+  - job_name: caddy
+    static_configs:
+      # docker networking
+      - targets: ['caddy:2019']
+
+  - job_name: 'prometheus'
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'cadvisor'
+    static_configs:
+      - targets: ['cadvisor:8080']
+
+  - job_name: 'node-exporter'
+    static_configs:
+      - targets: ['node-exporter:9100']
+
+

Vaultwarden/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    ports:
+      - 1025:80
+    volumes:
+      - ./vw-data/:/data/
+

qBittorrent/compose.yml

@@ -0,0 +1,32 @@
+services:
+  qbittorrent:
+    image: qbittorrentofficial/qbittorrent-nox:latest
+    container_name: qbittorrent-nox
+    restart: unless-stopped
+    environment:
+      - QBT_WEBUI_PORT=6882
+      - QBT_VERSION=latest
+      - QBT_EULA=true
+    volumes:
+      - ./qbit-config:/config
+      - ${ZFS_POOL}/downloads:/downloads
+    depends_on:
+      - vpn
+    ports:
+      - 6882:6882
+  vpn:
+    image: lscr.io/linuxserver/wireguard:latest
+    container_name: wireguard
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PUID=${UID}
+      - PGID=${GID}
+      - TZ=America/Denver
+      - SERVERPORT=51820 #optional
+      - LOG_CONFS=true #optional
+    volumes:
+      - ./config:/config
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1

qBittorrent/docker-compose.yml

@@ -1,21 +0,0 @@
----
-version: '3'
-services:
- qbittorrent-nox:
-    image: qbittorrentofficial/qbittorrent-nox:latest
-    container_name: qbittorrent-nox
-    environment:
-      - QBT_EULA=true
-      - QBT_VERSION=latest
-      - QBT_WEBUI_PORT=6882
-    volumes:
-      - ./config:/config
-      # I like setting this to somewhere FileBrowser can see
-      - ./downloads:/downloads
-    restart: unless-stopped
-    # With network_mode set to host you can access VPN
-    # interfaces setup on your local (as in the machine running docker) machine.
-    # You could also pair this with a Wireguard container and do internal
-    # networking for potentially more security.
-    network_mode: host
-  

uptime-kuma/compose.yaml

@@ -0,0 +1,9 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    volumes:
+      - ./data:/app/data
+    ports:
+      # <Host Port>:<Container Port>
+      - 3001:3001
+    restart: unless-stopped