Docker Compose Resources
Docker Compose Files
Ready-to-use Docker Compose templates for running various services and applications. Includes networking, volume management, and resource optimization for home labs.
Traefik Reverse Proxy
Production-ready Traefik setup with automatic SSL, Docker provider, and dashboard.
traefik.yml
version: "3.8"
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
command:
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencrypt.acme.email=you@example.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
networks:
- traefik-public
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
networks:
traefik-public:
external: trueMonitoring Stack
Prometheus, Grafana, and Node Exporter for comprehensive homelab monitoring.
monitoring.yml
version: "3.8"
services:
prometheus:
image: prom/prometheus:latest
container_name: prometheus
restart: unless-stopped
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
- prometheus_data:/prometheus
command:
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus"
- "--storage.tsdb.retention.time=30d"
ports:
- "9090:9090"
networks:
- monitoring
grafana:
image: grafana/grafana:latest
container_name: grafana
restart: unless-stopped
volumes:
- grafana_data:/var/lib/grafana
environment:
- GF_SECURITY_ADMIN_PASSWORD=changeme
- GF_USERS_ALLOW_SIGN_UP=false
ports:
- "3000:3000"
networks:
- monitoring
depends_on:
- prometheus
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
restart: unless-stopped
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- "--path.procfs=/host/proc"
- "--path.sysfs=/host/sys"
- "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)"
ports:
- "9100:9100"
networks:
- monitoring
volumes:
prometheus_data:
grafana_data:
networks:
monitoring:
driver: bridgeMedia Server Stack
Complete arr-stack with Plex, Sonarr, Radarr, Prowlarr, and download clients.
media-stack.yml
version: "3.8"
services:
plex:
image: lscr.io/linuxserver/plex:latest
container_name: plex
restart: unless-stopped
network_mode: host
environment:
- PUID=1000
- PGID=1000
- TZ=America/Denver
- VERSION=docker
volumes:
- ./plex/config:/config
- /mnt/media/tv:/tv
- /mnt/media/movies:/movies
sonarr:
image: lscr.io/linuxserver/sonarr:latest
container_name: sonarr
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=America/Denver
volumes:
- ./sonarr/config:/config
- /mnt/media/tv:/tv
- /mnt/downloads:/downloads
ports:
- "8989:8989"
radarr:
image: lscr.io/linuxserver/radarr:latest
container_name: radarr
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=America/Denver
volumes:
- ./radarr/config:/config
- /mnt/media/movies:/movies
- /mnt/downloads:/downloads
ports:
- "7878:7878"
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
container_name: prowlarr
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=America/Denver
volumes:
- ./prowlarr/config:/config
ports:
- "9696:9696"Homepage Dashboard
Beautiful, customizable dashboard for your homelab with service integrations.
homepage.yml
version: "3.8"
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
volumes:
- ./homepage/config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- "3001:3000"
networks:
- traefik-public
labels:
- "traefik.enable=true"
- "traefik.http.routers.homepage.rule=Host(`dash.example.com`)"
- "traefik.http.routers.homepage.tls.certresolver=letsencrypt"
- "traefik.http.services.homepage.loadbalancer.server.port=3000"
networks:
traefik-public:
external: truePi-hole DNS
Network-wide ad blocking with Pi-hole. Includes Unbound for recursive DNS.
pihole.yml
version: "3.8"
services:
pihole:
image: pihole/pihole:latest
container_name: pihole
restart: unless-stopped
hostname: pihole
environment:
- TZ=America/Denver
- WEBPASSWORD=changeme
- PIHOLE_DNS_=127.0.0.1#5335
- DNSSEC=true
volumes:
- ./pihole/etc-pihole:/etc/pihole
- ./pihole/etc-dnsmasq.d:/etc/dnsmasq.d
ports:
- "53:53/tcp"
- "53:53/udp"
- "8080:80/tcp"
cap_add:
- NET_ADMIN
networks:
- dns
unbound:
image: mvance/unbound:latest
container_name: unbound
restart: unless-stopped
volumes:
- ./unbound:/opt/unbound/etc/unbound
ports:
- "5335:53/tcp"
- "5335:53/udp"
networks:
- dns
networks:
dns:
driver: bridgeGitea Code Hosting
Self-hosted Git service with PostgreSQL backend and SSH access.
gitea.yml
version: "3.8"
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: unless-stopped
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=gitea-db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea_password
volumes:
- ./gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"
networks:
- gitea
depends_on:
- gitea-db
gitea-db:
image: postgres:15-alpine
container_name: gitea-db
restart: unless-stopped
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea_password
- POSTGRES_DB=gitea
volumes:
- ./gitea/postgres:/var/lib/postgresql/data
networks:
- gitea
networks:
gitea:
driver: bridge