Last active
March 19, 2025 06:49
-
-
Save Adammatthiesen/ff6704ff48e79f45ce5f7c47932bffab to your computer and use it in GitHub Desktop.
A Compilation of useful Portainer Stack Scripts I've been collecting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PG_PASS=SOME-LONG-SECRET | |
| AUTHENTIK_SECRET_KEY=SOME-LONG-SECRET | |
| AUTHENTIK_ERROR_REPORTING__ENABLED=true | |
| COMPOSE_PORT_HTTP=8080 | |
| COMPOSE_PORT_HTTPS=8443 | |
| ATHENTIK_TAG=2023.10.4 | |
| AUTHENTIK_EMAIL__HOST=<smtp.yourhost.com> | |
| AUTHENTIK_EMAIL__PORT=587 | |
| AUTHENTIK_EMAIL__USERNAME=<[email protected] or specified username> | |
| AUTHENTIK_EMAIL__PASSWORD=<password> | |
| AUTHENTIK_EMAIL__USE_TLS=true | |
| AUTHENTIK_EMAIL__FROM=<[email protected]> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.4" | |
| # ENV FILE/VARS REQUIRED Check .env | |
| services: | |
| postgresql: | |
| image: docker.io/library/postgres:12-alpine | |
| restart: unless-stopped | |
| healthcheck: | |
| test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] | |
| start_period: 20s | |
| interval: 30s | |
| retries: 5 | |
| timeout: 5s | |
| volumes: | |
| - ./authentik/database:/var/lib/postgresql/data | |
| environment: | |
| POSTGRES_PASSWORD: ${PG_PASS:?database password required} | |
| POSTGRES_USER: ${PG_USER:-authentik} | |
| POSTGRES_DB: ${PG_DB:-authentik} | |
| env_file: | |
| - stack.env | |
| redis: | |
| image: docker.io/library/redis:alpine | |
| command: --save 60 1 --loglevel warning | |
| restart: unless-stopped | |
| healthcheck: | |
| test: ["CMD-SHELL", "redis-cli ping | grep PONG"] | |
| start_period: 20s | |
| interval: 30s | |
| retries: 5 | |
| timeout: 3s | |
| volumes: | |
| - ./authentik/redis:/data | |
| server: | |
| image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.4} | |
| restart: unless-stopped | |
| command: server | |
| environment: | |
| AUTHENTIK_REDIS__HOST: redis | |
| AUTHENTIK_POSTGRESQL__HOST: postgresql | |
| AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} | |
| AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} | |
| AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} | |
| volumes: | |
| - ./authentik/media:/media | |
| - ./authentik/custom-templates:/templates | |
| env_file: | |
| - stack.env | |
| ports: | |
| - "${COMPOSE_PORT_HTTP:-9000}:9000" | |
| - "${COMPOSE_PORT_HTTPS:-9443}:9443" | |
| depends_on: | |
| - postgresql | |
| - redis | |
| worker: | |
| image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.4} | |
| restart: unless-stopped | |
| command: worker | |
| environment: | |
| AUTHENTIK_REDIS__HOST: redis | |
| AUTHENTIK_POSTGRESQL__HOST: postgresql | |
| AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} | |
| AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} | |
| AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} | |
| # `user: root` and the docker socket volume are optional. | |
| # See more for the docker socket integration here: | |
| # https://goauthentik.io/docs/outposts/integrations/docker | |
| # Removing `user: root` also prevents the worker from fixing the permissions | |
| # on the mounted folders, so when removing this make sure the folders have the correct UID/GID | |
| # (1000:1000 by default) | |
| user: root | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - ./authentik/media:/media | |
| - ./authentik/certs:/certs | |
| - ./authentik/custom-templates:/templates | |
| env_file: | |
| - stack.env | |
| depends_on: | |
| - postgresql | |
| - redis | |
| volumes: | |
| database: | |
| driver: local | |
| redis: | |
| driver: local |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.9" | |
| services: | |
| cloudflared-tunnel: | |
| container_name: cloudflared-tunnel | |
| image: cloudflare/cloudflared:latest | |
| restart: unless-stopped | |
| command: tunnel run | |
| environment: | |
| - TUNNEL_TOKEN=<YOURTOKEN> | |
| cloudflare-ddns: | |
| container_name: cloudflare-ddns | |
| image: oznu/cloudflare-ddns:latest | |
| restart: always | |
| environment: | |
| - API_KEY=<API-KEY> | |
| - ZONE=<DOMAIN.COM> | |
| - SUBDOMAIN=<SUBDOMAIN> | |
| - PROXIED=false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.5' | |
| services: | |
| headscale: | |
| image: headscale/headscale:latest | |
| volumes: | |
| - ./headscale/config:/etc/headscale/ | |
| - ./headscale/server-data:/var/lib/headscale | |
| ports: | |
| - 27896:8080 | |
| command: headscale serve | |
| restart: unless-stopped | |
| headscale-webui: | |
| image: ghcr.io/ifargle/headscale-webui:latest | |
| container_name: headscale-webui | |
| environment: | |
| - TZ=America/Los_Angeles | |
| - PGID=1000 | |
| - PUID=1000 | |
| - COLOR=blue # Use the base colors (ie, no darken-3, etc) - | |
| - HS_SERVER=https://headscale.example.com # Reachable endpoint for your Headscale server | |
| - DOMAIN_NAME=https://headscale.example.com # The base domain name for this container. | |
| - SCRIPT_NAME=/admin # This is your applications base path (wsgi requires the name "SCRIPT_NAME"). Remove if you are hosing at the root / | |
| - KEY="" # Generate with "openssl rand -base64 32" - used to encrypt your key on disk. | |
| - AUTH_TYPE=OIDC # AUTH_TYPE is either Basic or OIDC. Empty for no authentication | |
| - LOG_LEVEL=info # Log level. "DEBUG", "ERROR", "WARNING", or "INFO". Default "INFO" | |
| # ENV for Basic Auth (Used only if AUTH_TYPE is "Basic"). Can be omitted if you aren't using Basic Auth | |
| - BASIC_AUTH_USER=youruser # Used for basic auth | |
| - BASIC_AUTH_PASS=some-long-str0n6-pa66word4 # Used for basic auth | |
| # ENV for OIDC (Used only if AUTH_TYPE is "OIDC"). Can be omitted if you aren't using OIDC | |
| # - OIDC_AUTH_URL= # URL for your OIDC issuer's well-known endpoint | |
| # - OIDC_CLIENT_ID= # Your OIDC Issuer's Client ID for Headscale-WebUI | |
| # - OIDC_CLIENT_SECRET= # Your OIDC Issuer's Secret Key for Headscale-WebUI | |
| ports: | |
| - 27897:5000 | |
| restart: unless-stopped | |
| volumes: | |
| - ./headscale/webgui-data:/data # Headscale-WebUI's storage. Make sure ./volume is readable by UID 1000 (chown 1000:1000 ./volume) | |
| - ./headscale/config/:/etc/headscale/:ro # Headscale's config storage location. Used to read your Headscale config. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| nextcloud-aio-mastercontainer: | |
| image: nextcloud/all-in-one:latest | |
| init: true | |
| restart: always | |
| container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly | |
| volumes: | |
| - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work | |
| - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'! | |
| ports: | |
| - 8080:8080 | |
| environment: # Is needed when using any of the options below | |
| # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section | |
| # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md | |
| # - APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md | |
| # - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy | |
| # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature | |
| # - NEXTCLOUD_DATADIR=/mnt/NextCloud/@data # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir | |
| # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host | |
| # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud | |
| # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud | |
| # - NEXTCLOUD_MEMORY_LIMIT=2048M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud | |
| # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca | |
| # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup | |
| # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container | |
| # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container | |
| # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud | |
| # - NEXTCLOUD_KEEP_DISABLED_APPS=false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps | |
| # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port | |
| # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' | |
| volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive | |
| nextcloud_aio_mastercontainer: | |
| name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.8' | |
| services: | |
| nginx-proxymanager: | |
| image: 'jc21/nginx-proxy-manager:latest' | |
| restart: unless-stopped | |
| ports: | |
| - '80:80' | |
| - '81:81' | |
| - '443:443' | |
| volumes: | |
| - ./proxymanager/data:/data | |
| - ./proxymanager/letsencrypt:/etc/letsencrypt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.3' | |
| services: | |
| speedtest: | |
| restart: unless-stopped | |
| container_name: openspeedtest | |
| ports: | |
| - '3000:3000' | |
| - '3001:3001' | |
| image: openspeedtest/latest |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| mysql: | |
| image: mysql:5.7 | |
| volumes: | |
| - "osticket-db1:/var/lib/mysql" | |
| environment: | |
| MYSQL_ROOT_PASSWORD: Please-Change-Me-Im-Root | |
| MYSQL_DATABASE: osticket | |
| MYSQL_USER: osticket | |
| MYSQL_PASSWORD: Please-Change-Me | |
| osticket: | |
| image: devinsolutions/osticket:latest | |
| volumes: | |
| - 'osticket-app:/var/lib/osticket' | |
| environment: | |
| MYSQL_HOST: mysql | |
| MYSQL_DATABASE: osticket | |
| MYSQL_USER: osticket | |
| MYSQL_PASSWORD: Please-Change-Me | |
| ports: | |
| - 8888:80 | |
| restart: on-failure | |
| volumes: | |
| osticket-db1: | |
| driver: local | |
| osticket-app: | |
| driver: local |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| syncthing: | |
| image: lscr.io/linuxserver/syncthing:latest | |
| container_name: syncthing-node | |
| hostname: syncthing #optional | |
| environment: | |
| - PUID=1000 | |
| - PGID=1000 | |
| - TZ=Etc/UTC | |
| volumes: | |
| - ./syncthing-node/config:/config | |
| - /mnt/<NFSMount>:/<NFSMountPoint> | |
| ports: | |
| - 8384:8384 | |
| - 22000:22000/tcp | |
| - 22000:22000/udp | |
| - 21027:21027/udp | |
| restart: unless-stopped | |
| syncthing-relay-discovery: | |
| container_name: syncthing-relay-discovery | |
| restart: always | |
| image: t4skforce/syncthing-relay-discovery:latest | |
| environment: | |
| RATE_GLOBAL: '0' | |
| RATE_SESSION: '0' | |
| PROVIDED_BY: "Docker" | |
| POOLS: "https://relays.syncthing.net/endpoint" | |
| DISC_OPTS: '-debug' | |
| ports: | |
| - 22067:22067 | |
| - 22026:22026 | |
| - 22070:22070 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "2.1" | |
| services: | |
| bazarr: | |
| image: lscr.io/linuxserver/bazarr:latest | |
| container_name: bazarr | |
| environment: | |
| - PUID=0 | |
| - PGID=0 | |
| - TZ=Etc/UTC | |
| volumes: | |
| - ./docker-conf/bazarr:/config | |
| - /mnt/<Media_Library>/Movies:/movies #optional | |
| - /mnt/<Media_Library>/TV:/tv #optional | |
| ports: | |
| - 6767:6767 | |
| restart: unless-stopped | |
| ombi: | |
| image: lscr.io/linuxserver/ombi:latest | |
| container_name: ombi | |
| environment: | |
| - PUID=0 | |
| - PGID=0 | |
| - TZ=Etc/UTC | |
| - BASE_URL=/ombi #optional | |
| volumes: | |
| - ./docker-conf/ombi:/config | |
| ports: | |
| - 3579:3579 | |
| restart: unless-stopped | |
| flaresolverr: | |
| # DockerHub mirror flaresolverr/flaresolverr:latest | |
| image: ghcr.io/flaresolverr/flaresolverr:latest | |
| container_name: flaresolverr | |
| environment: | |
| - LOG_LEVEL=${LOG_LEVEL:-info} | |
| - LOG_HTML=${LOG_HTML:-false} | |
| - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} | |
| - TZ=Etc/UTC | |
| ports: | |
| - 8191:8191 | |
| restart: unless-stopped | |
| prowlarr: | |
| image: lscr.io/linuxserver/prowlarr:latest | |
| container_name: prowlarr | |
| environment: | |
| - PUID=0 | |
| - PGID=0 | |
| - TZ=Etc/UTC | |
| volumes: | |
| - ./docker-conf/prowlarr:/config | |
| ports: | |
| - 9696:9696 | |
| restart: unless-stopped | |
| radarr: | |
| image: lscr.io/linuxserver/radarr:nightly | |
| container_name: radarr | |
| environment: | |
| - PUID=0 | |
| - PGID=0 | |
| - TZ=Etc/UTC | |
| volumes: | |
| - ./docker-conf/radarr:/config | |
| - /mnt/<Media_Library>/Movies:/movies #optional | |
| - /mnt/Qbittorrent/downloads:/downloads #optional | |
| ports: | |
| - 7878:7878 | |
| restart: unless-stopped | |
| sonarr: | |
| image: lscr.io/linuxserver/sonarr:latest | |
| container_name: sonarr | |
| environment: | |
| - PUID=0 | |
| - PGID=0 | |
| - TZ=Etc/UTC | |
| volumes: | |
| - ./docker-conf/sonarr:/config | |
| - /mnt/<Media_Library>/TV:/tv #optional | |
| - /mnt/Qbittorrent/downloads:/downloads #optional | |
| ports: | |
| - 8989:8989 | |
| restart: unless-stopped | |
| qbt-vpn: | |
| image: qmcgaw/gluetun:latest | |
| container_name: qbt-vpn | |
| cap_add: | |
| - NET_ADMIN | |
| devices: | |
| - /dev/net/tun:/dev/net/tun | |
| environment: | |
| - PUID=0 | |
| - PGID=0 | |
| - VPN_SERVICE_PROVIDER=nordvpn | |
| - OPENVPN_USER=<USERNAME> | |
| - OPENVPN_PASSWORD=<PASSWORD> | |
| - SERVER_REGIONS=<REGIONS> | |
| ports: | |
| - 8080:8080/tcp | |
| restart: always | |
| labels: | |
| - "com.centurylinklabs.watchtower.enable=false" | |
| qbt-downloader: | |
| image: lscr.io/linuxserver/qbittorrent:latest | |
| container_name: qbt-downloader | |
| network_mode: "service:qbt-vpn" | |
| environment: | |
| - PUID=0 | |
| - PGID=0 | |
| - TZ=Etc/UTC | |
| - WEBUI_PORT=8080 | |
| volumes: | |
| - ./docker-conf/qbittorrent:/config | |
| - /mnt/Qbittorrent/downloads:/downloads | |
| restart: always | |
| labels: | |
| - "com.centurylinklabs.watchtower.enable=false" | |
| watchtower: | |
| image: containrrr/watchtower | |
| container_name: watchtower | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| restart: unless-stopped |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| watchtower: | |
| image: containrrr/watchtower | |
| container_name: watchtower | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| restart: unless-stopped |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment