eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/compose/services/rsshub/compose.yaml
Claude fd48fed9d8
feat: Complete homelab GitOps setup with SSO and SSL 
Core Infrastructure:
- Add LLDAP for centralized user authentication (lldap.fig.systems)
- Configure Tinyauth with LLDAP backend for SSO (auth.fig.systems)
- Set up Traefik v3.3 with Let's Encrypt SSL automation
- Create homelab Docker network for service isolation

Media Services:
- Configure Jellyfin with /media folder mappings (flix.fig.systems)
- Add Jellyseerr for media requests (requests.fig.systems)
- Update Immich with photo library access (photos.fig.systems)
- Set up Sonarr for TV automation (sonarr.fig.systems)
- Set up Radarr for movie automation (radarr.fig.systems)
- Configure SABnzbd for Usenet downloads (sabnzbd.fig.systems)
- Add qBittorrent for torrent downloads (qbt.fig.systems)

Utility Services:
- Update Linkwarden with proper networking (links.fig.systems)
- Configure Vikunja task management (tasks.fig.systems)
- Set up LubeLogger vehicle tracking (garage.fig.systems)
- Configure Calibre-web for ebooks (books.fig.systems)
- Add Booklore for book tracking (booklore.fig.systems)
- Update FreshRSS reader (rss.fig.systems)
- Update RSSHub with internal networking (rsshub.fig.systems)
- Update MicroBin pastebin (paste.fig.systems)
- Add File Browser for media access (files.fig.systems)

Technical Improvements:
- Standardize all compose files to compose.yaml (Docker best practice)
- Add Traefik labels to all services for SSL termination
- Implement proper network isolation (homelab + service-specific networks)
- Add health checks to database services
- Configure dual domain support (fig.systems + edfig.dev)
- Set proper /media folder mappings for all media services
- Add comprehensive README with deployment instructions

Security:
- Enable SSO via Tinyauth for most services
- Configure LLDAP with admin user (edfig/admin@edfig.dev)
- Services with built-in auth have SSO disabled by default
- All traffic secured with automatic Let's Encrypt certificates
2025-11-05 19:12:04 +00:00

76 lines
1.9 KiB
YAML
Raw Blame History

# RSSHub - RSS feed generator for everything
# Docs: https://docs.rsshub.app/
services:
rsshub:
container_name: rsshub
# Using chromium-bundled image for full puppeteer support
image: diygod/rsshub:chromium-bundled
environment:
NODE_ENV: production
CACHE_TYPE: redis
REDIS_URL: redis://rsshub-redis:6379/
PUPPETEER_WS_ENDPOINT: ws://rsshub-browserless:3000
TZ: America/Los_Angeles
restart: always
networks:
- homelab
- rsshub_internal
depends_on:
- rsshub-redis
- rsshub-browserless
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:1200/healthz"]
interval: 30s
timeout: 10s
retries: 3
labels:
traefik.enable: true
traefik.docker.network: homelab
traefik.http.routers.rsshub.rule: Host(`rsshub.fig.systems`) || Host(`rsshub.edfig.dev`)
traefik.http.routers.rsshub.entrypoints: websecure
traefik.http.routers.rsshub.tls.certresolver: letsencrypt
traefik.http.services.rsshub.loadbalancer.server.port: 1200
# Optional: enable SSO (may interfere with RSS readers)
# traefik.http.routers.rsshub.middlewares: tinyauth
rsshub-browserless:
container_name: rsshub-browserless
image: browserless/chrome
restart: always
networks:
- rsshub_internal
ulimits:
core:
hard: 0
soft: 0
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/pressure"]
interval: 30s
timeout: 10s
retries: 3
rsshub-redis:
container_name: rsshub-redis
image: redis:alpine
restart: always
networks:
- rsshub_internal
volumes:
- redis-data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 5
start_period: 5s
networks:
homelab:
external: true
rsshub_internal:
name: rsshub_internal
driver: bridge
volumes:
redis-data:
Reference in a new issue View git blame Copy permalink