eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/compose/services/microbin/compose.yaml
Claude fd48fed9d8
feat: Complete homelab GitOps setup with SSO and SSL 
Core Infrastructure:
- Add LLDAP for centralized user authentication (lldap.fig.systems)
- Configure Tinyauth with LLDAP backend for SSO (auth.fig.systems)
- Set up Traefik v3.3 with Let's Encrypt SSL automation
- Create homelab Docker network for service isolation

Media Services:
- Configure Jellyfin with /media folder mappings (flix.fig.systems)
- Add Jellyseerr for media requests (requests.fig.systems)
- Update Immich with photo library access (photos.fig.systems)
- Set up Sonarr for TV automation (sonarr.fig.systems)
- Set up Radarr for movie automation (radarr.fig.systems)
- Configure SABnzbd for Usenet downloads (sabnzbd.fig.systems)
- Add qBittorrent for torrent downloads (qbt.fig.systems)

Utility Services:
- Update Linkwarden with proper networking (links.fig.systems)
- Configure Vikunja task management (tasks.fig.systems)
- Set up LubeLogger vehicle tracking (garage.fig.systems)
- Configure Calibre-web for ebooks (books.fig.systems)
- Add Booklore for book tracking (booklore.fig.systems)
- Update FreshRSS reader (rss.fig.systems)
- Update RSSHub with internal networking (rsshub.fig.systems)
- Update MicroBin pastebin (paste.fig.systems)
- Add File Browser for media access (files.fig.systems)

Technical Improvements:
- Standardize all compose files to compose.yaml (Docker best practice)
- Add Traefik labels to all services for SSL termination
- Implement proper network isolation (homelab + service-specific networks)
- Add health checks to database services
- Configure dual domain support (fig.systems + edfig.dev)
- Set proper /media folder mappings for all media services
- Add comprehensive README with deployment instructions

Security:
- Enable SSO via Tinyauth for most services
- Configure LLDAP with admin user (edfig/admin@edfig.dev)
- Services with built-in auth have SSO disabled by default
- All traffic secured with automatic Let's Encrypt certificates
2025-11-05 19:12:04 +00:00

64 lines
2.8 KiB
YAML
Raw Blame History

# MicroBin - Encrypted pastebin with file upload support
# Docs: https://github.com/szabodanika/microbin
services:
microbin:
container_name: microbin
image: danielszabo99/microbin:latest
env_file: .env
environment:
MICROBIN_BASIC_AUTH_USERNAME: ${MICROBIN_BASIC_AUTH_USERNAME}
MICROBIN_BASIC_AUTH_PASSWORD: ${MICROBIN_BASIC_AUTH_PASSWORD}
MICROBIN_ADMIN_USERNAME: ${MICROBIN_ADMIN_USERNAME}
MICROBIN_ADMIN_PASSWORD: ${MICROBIN_ADMIN_PASSWORD}
MICROBIN_EDITABLE: ${MICROBIN_EDITABLE}
MICROBIN_FOOTER_TEXT: ${MICROBIN_FOOTER_TEXT}
MICROBIN_HIDE_FOOTER: ${MICROBIN_HIDE_FOOTER}
MICROBIN_HIDE_HEADER: ${MICROBIN_HIDE_HEADER}
MICROBIN_HIDE_LOGO: ${MICROBIN_HIDE_LOGO}
MICROBIN_NO_LISTING: ${MICROBIN_NO_LISTING}
MICROBIN_HIGHLIGHTSYNTAX: ${MICROBIN_HIGHLIGHTSYNTAX}
MICROBIN_BIND: ${MICROBIN_BIND}
MICROBIN_PRIVATE: ${MICROBIN_PRIVATE}
MICROBIN_PURE_HTML: ${MICROBIN_PURE_HTML}
MICROBIN_DATA_DIR: ${MICROBIN_DATA_DIR}
MICROBIN_JSON_DB: ${MICROBIN_JSON_DB}
MICROBIN_PUBLIC_PATH: ${MICROBIN_PUBLIC_PATH}
MICROBIN_SHORT_PATH: ${MICROBIN_SHORT_PATH}
MICROBIN_READONLY: ${MICROBIN_READONLY}
MICROBIN_UPLOADER_PASSWORD: ${MICROBIN_UPLOADER_PASSWORD}
MICROBIN_SHOW_READ_STATS: ${MICROBIN_SHOW_READ_STATS}
MICROBIN_TITLE: ${MICROBIN_TITLE}
MICROBIN_THREADS: ${MICROBIN_THREADS}
MICROBIN_GC_DAYS: ${MICROBIN_GC_DAYS}
MICROBIN_ENABLE_BURN_AFTER: ${MICROBIN_ENABLE_BURN_AFTER}
MICROBIN_DEFAULT_BURN_AFTER: ${MICROBIN_DEFAULT_BURN_AFTER}
MICROBIN_WIDE: ${MICROBIN_WIDE}
MICROBIN_QR: ${MICROBIN_QR}
MICROBIN_ETERNAL_PASTA: ${MICROBIN_ETERNAL_PASTA}
MICROBIN_ENABLE_READONLY: ${MICROBIN_ENABLE_READONLY}
MICROBIN_DEFAULT_EXPIRY: ${MICROBIN_DEFAULT_EXPIRY}
MICROBIN_NO_FILE_UPLOAD: ${MICROBIN_NO_FILE_UPLOAD}
MICROBIN_CUSTOM_CSS: ${MICROBIN_CUSTOM_CSS}
MICROBIN_HASH_IDS: ${MICROBIN_HASH_IDS}
MICROBIN_ENCRYPTION_CLIENT_SIDE: ${MICROBIN_ENCRYPTION_CLIENT_SIDE}
MICROBIN_ENCRYPTION_SERVER_SIDE: ${MICROBIN_ENCRYPTION_SERVER_SIDE}
MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB: ${MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB}
MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB: ${MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB}
volumes:
- ./microbin-data:/app/microbin_data
restart: always
networks:
- homelab
labels:
traefik.enable: true
traefik.http.routers.microbin.rule: Host(`paste.fig.systems`) || Host(`paste.edfig.dev`)
traefik.http.routers.microbin.entrypoints: websecure
traefik.http.routers.microbin.tls.certresolver: letsencrypt
traefik.http.services.microbin.loadbalancer.server.port: 8080
# Note: MicroBin has its own auth, SSO disabled by default
# traefik.http.routers.microbin.middlewares: tinyauth
networks:
homelab:
external: true
Reference in a new issue View git blame Copy permalink