gandalf.hofmanns/docker-compose.yml

version: '3.8'

# =============================================================================
# JETSON ORIN NANO - COMPLETE HOME HUB
# Alles mit Web UI - keine Console!
# =============================================================================

services:
  # ===========================================
  # NGINX PROXY MANAGER (Reverse Proxy mit GUI!)
  # ===========================================
  npm:
    container_name: nginx-proxy-manager
    image: jc21/nginx-proxy-manager:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "81:81"
    volumes:
      - ./npm/data:/data
      - ./npm/letsencrypt:/etc/letsencrypt

  # ===========================================
  # HOMEPAGE - Zentrales Dashboard
  # ===========================================
  homepage:
    container_name: homepage
    image: ghcr.io/gethomepage/homepage:latest
    restart: unless-stopped
    ports:
      - "3001:3000"
    volumes:
      - ./homepage:/app/config
      - /var/run/docker.sock:/var/run/docker.sock:ro

  # ===========================================
  # PORTAINER - Docker Management UI
  # ===========================================
  portainer:
    container_name: portainer
    image: portainer/portainer-ce:latest
    restart: unless-stopped
    ports:
      - "9443:9443"
      - "8000:8000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./portainer:/data

  # ===========================================
  # RUSTDESK SERVER (Self-hosted Remote Desktop)
  # ===========================================
  rustdesk-hbbs:
    container_name: rustdesk-hbbs
    image: rustdesk/rustdesk-server:latest
    restart: unless-stopped
    command: hbbs
    ports:
      - "21115:21115"
      - "21116:21116"
      - "21116:21116/udp"
      - "21118:21118"
    volumes:
      - ./rustdesk:/root
    depends_on:
      - rustdesk-hbbr

  rustdesk-hbbr:
    container_name: rustdesk-hbbr
    image: rustdesk/rustdesk-server:latest
    restart: unless-stopped
    command: hbbr
    ports:
      - "21117:21117"
      - "21119:21119"
    volumes:
      - ./rustdesk:/root

  # ===========================================
  # HOME ASSISTANT
  # ===========================================
  homeassistant:
    container_name: homeassistant
    image: ghcr.io/home-assistant/home-assistant:stable
    restart: unless-stopped
    privileged: true
    network_mode: host
    depends_on:
      - adguard
    volumes:
      - ./homeassistant/config:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    environment:
      - TZ=Europe/Zurich

  # ===========================================
  # ADGUARD HOME (DNS + Ad Blocking + Local DNS)
  # ===========================================
  adguard:
    container_name: adguard
    image: adguard/adguardhome:latest
    restart: unless-stopped
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "3000:3000/tcp"
      - "8080:80/tcp"
    volumes:
      - ./adguard/work:/opt/adguardhome/work
      - ./adguard/conf:/opt/adguardhome/conf

  # ===========================================
  # WHISPER GRADIO WEB UI
  # ===========================================
  whisper-webui:
    container_name: whisper-webui
    build:
      context: ./whisper-webui-jetson
      dockerfile: Dockerfile
    restart: unless-stopped
    ports:
      - "7860:7860"
    volumes:
      - ./whisper/models:/root/.cache/whisper
    runtime: nvidia
    environment:
      - NVIDIA_VISIBLE_DEVICES=all
      - WHISPER_MODEL=base
    devices:
      - /dev/snd:/dev/snd

  # ===========================================
  # WYOMING WHISPER (Home Assistant Voice)
  # ===========================================
  wyoming-whisper:
    container_name: wyoming-whisper
    image: rhasspy/wyoming-whisper:latest
    restart: unless-stopped
    ports:
      - "10300:10300"
    command: --model base --language de
    volumes:
      - ./whisper/wyoming:/data
    runtime: nvidia

  # ===========================================
  # PIPER TTS (Text-to-Speech)
  # ===========================================
  piper:
    container_name: piper
    image: rhasspy/wyoming-piper:latest
    restart: unless-stopped
    ports:
      - "10200:10200"
    command: --voice de_DE-thorsten-high
    volumes:
      - ./piper:/data

  # ===========================================
  # JELLYFIN (Media Server)
  # ===========================================
  jellyfin:
    container_name: jellyfin
    image: jellyfin/jellyfin:latest
    restart: unless-stopped
    ports:
      - "8096:8096"
    volumes:
      - ./jellyfin/config:/config
      - ./jellyfin/cache:/cache
      - /media:/media:ro
    environment:
      - TZ=Europe/Zurich
      - NVIDIA_VISIBLE_DEVICES=all
    runtime: nvidia
    devices:
      - /dev/dri:/dev/dri

  # ===========================================
  # OLLAMA (Local LLM)
  # ===========================================
  ollama:
    container_name: ollama
    image: ollama/ollama:latest
    restart: unless-stopped
    ports:
      - "11434:11434"
    volumes:
      - ./ollama:/root/.ollama
    runtime: nvidia
    environment:
      - NVIDIA_VISIBLE_DEVICES=all

  # ===========================================
  # FILEBROWSER (Private Cloud)
  # ===========================================
  filebrowser:
    container_name: filebrowser
    image: filebrowser/filebrowser:latest
    restart: unless-stopped
    ports:
      - "8081:80"
    volumes:
      - /home/d:/srv
      - ./filebrowser/database.db:/database.db
    environment:
      - PUID=1000
      - PGID=1000

  # ===========================================
  # AUTHENTIK - SSO mit Passkeys
  # ===========================================
  authentik-postgres:
    container_name: authentik-postgres
    image: postgres:16-alpine
    restart: unless-stopped
    volumes:
      - ./authentik/database:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS:-supersecret}
      POSTGRES_USER: authentik
      POSTGRES_DB: authentik
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U authentik"]
      interval: 30s
      timeout: 5s
      retries: 5

  authentik-redis:
    container_name: authentik-redis
    image: redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    volumes:
      - ./authentik/redis:/data

  authentik:
    container_name: authentik
    image: ghcr.io/goauthentik/server:2024.2
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_POSTGRESQL__HOST: authentik-postgres
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-supersecret}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-run-openssl-rand-60-base64}
    ports:
      - "9000:9000"
    depends_on:
      - authentik-postgres
      - authentik-redis

  authentik-worker:
    container_name: authentik-worker
    image: ghcr.io/goauthentik/server:2024.2
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_POSTGRESQL__HOST: authentik-postgres
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-supersecret}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-run-openssl-rand-60-base64}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - authentik-postgres
      - authentik-redis

  # ===========================================
  # SYNCTHING (File Sync)
  # ===========================================
  syncthing:
    container_name: syncthing
    image: syncthing/syncthing:latest
    restart: unless-stopped
    ports:
      - "8384:8384"
      - "22000:22000/tcp"
      - "22000:22000/udp"
      - "21027:21027/udp"
    volumes:
      - ./syncthing:/var/syncthing
      - /home/d/sync:/data
    environment:
      - PUID=1000
      - PGID=1000