version: '3.8' # ============================================================================= # JETSON ORIN NANO - COMPLETE HOME HUB # Alles mit Web UI - keine Console! # ============================================================================= services: # =========================================== # NGINX PROXY MANAGER (Reverse Proxy mit GUI!) # =========================================== npm: container_name: nginx-proxy-manager image: jc21/nginx-proxy-manager:latest restart: unless-stopped ports: - "80:80" - "443:443" - "81:81" volumes: - ./npm/data:/data - ./npm/letsencrypt:/etc/letsencrypt # =========================================== # HOMEPAGE - Zentrales Dashboard # =========================================== homepage: container_name: homepage image: ghcr.io/gethomepage/homepage:latest restart: unless-stopped ports: - "3001:3000" volumes: - ./homepage:/app/config - /var/run/docker.sock:/var/run/docker.sock:ro # =========================================== # PORTAINER - Docker Management UI # =========================================== portainer: container_name: portainer image: portainer/portainer-ce:latest restart: unless-stopped ports: - "9443:9443" - "8000:8000" volumes: - /var/run/docker.sock:/var/run/docker.sock - ./portainer:/data # =========================================== # RUSTDESK SERVER (Self-hosted Remote Desktop) # =========================================== rustdesk-hbbs: container_name: rustdesk-hbbs image: rustdesk/rustdesk-server:latest restart: unless-stopped command: hbbs ports: - "21115:21115" - "21116:21116" - "21116:21116/udp" - "21118:21118" volumes: - ./rustdesk:/root depends_on: - rustdesk-hbbr rustdesk-hbbr: container_name: rustdesk-hbbr image: rustdesk/rustdesk-server:latest restart: unless-stopped command: hbbr ports: - "21117:21117" - "21119:21119" volumes: - ./rustdesk:/root # =========================================== # HOME ASSISTANT # =========================================== homeassistant: container_name: homeassistant image: ghcr.io/home-assistant/home-assistant:stable restart: unless-stopped privileged: true network_mode: host depends_on: - adguard volumes: - ./homeassistant/config:/config - /etc/localtime:/etc/localtime:ro - /run/dbus:/run/dbus:ro environment: - TZ=Europe/Zurich # =========================================== # ADGUARD HOME (DNS + Ad Blocking + Local DNS) # =========================================== adguard: container_name: adguard image: adguard/adguardhome:latest restart: unless-stopped ports: - "53:53/tcp" - "53:53/udp" - "3000:3000/tcp" - "8080:80/tcp" volumes: - ./adguard/work:/opt/adguardhome/work - ./adguard/conf:/opt/adguardhome/conf # =========================================== # WHISPER GRADIO WEB UI # =========================================== whisper-webui: container_name: whisper-webui build: context: ./whisper-webui-jetson dockerfile: Dockerfile restart: unless-stopped ports: - "7860:7860" volumes: - ./whisper/models:/root/.cache/whisper runtime: nvidia environment: - NVIDIA_VISIBLE_DEVICES=all - WHISPER_MODEL=base devices: - /dev/snd:/dev/snd # =========================================== # WYOMING WHISPER (Home Assistant Voice) # =========================================== wyoming-whisper: container_name: wyoming-whisper image: rhasspy/wyoming-whisper:latest restart: unless-stopped ports: - "10300:10300" command: --model base --language de volumes: - ./whisper/wyoming:/data runtime: nvidia # =========================================== # PIPER TTS (Text-to-Speech) # =========================================== piper: container_name: piper image: rhasspy/wyoming-piper:latest restart: unless-stopped ports: - "10200:10200" command: --voice de_DE-thorsten-high volumes: - ./piper:/data # =========================================== # JELLYFIN (Media Server) # =========================================== jellyfin: container_name: jellyfin image: jellyfin/jellyfin:latest restart: unless-stopped ports: - "8096:8096" volumes: - ./jellyfin/config:/config - ./jellyfin/cache:/cache - /media:/media:ro environment: - TZ=Europe/Zurich - NVIDIA_VISIBLE_DEVICES=all runtime: nvidia devices: - /dev/dri:/dev/dri # =========================================== # OLLAMA (Local LLM) # =========================================== ollama: container_name: ollama image: ollama/ollama:latest restart: unless-stopped ports: - "11434:11434" volumes: - ./ollama:/root/.ollama runtime: nvidia environment: - NVIDIA_VISIBLE_DEVICES=all # =========================================== # FILEBROWSER (Private Cloud) # =========================================== filebrowser: container_name: filebrowser image: filebrowser/filebrowser:latest restart: unless-stopped ports: - "8081:80" volumes: - /home/d:/srv - ./filebrowser/database.db:/database.db environment: - PUID=1000 - PGID=1000 # =========================================== # AUTHENTIK - SSO mit Passkeys # =========================================== authentik-postgres: container_name: authentik-postgres image: postgres:16-alpine restart: unless-stopped volumes: - ./authentik/database:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${PG_PASS:-supersecret} POSTGRES_USER: authentik POSTGRES_DB: authentik healthcheck: test: ["CMD-SHELL", "pg_isready -U authentik"] interval: 30s timeout: 5s retries: 5 authentik-redis: container_name: authentik-redis image: redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped volumes: - ./authentik/redis:/data authentik: container_name: authentik image: ghcr.io/goauthentik/server:2024.2 restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgres AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-supersecret} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-run-openssl-rand-60-base64} ports: - "9000:9000" depends_on: - authentik-postgres - authentik-redis authentik-worker: container_name: authentik-worker image: ghcr.io/goauthentik/server:2024.2 restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-postgres AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-supersecret} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-run-openssl-rand-60-base64} volumes: - /var/run/docker.sock:/var/run/docker.sock depends_on: - authentik-postgres - authentik-redis # =========================================== # SYNCTHING (File Sync) # =========================================== syncthing: container_name: syncthing image: syncthing/syncthing:latest restart: unless-stopped ports: - "8384:8384" - "22000:22000/tcp" - "22000:22000/udp" - "21027:21027/udp" volumes: - ./syncthing:/var/syncthing - /home/d/sync:/data environment: - PUID=1000 - PGID=1000