############################################################################### # Home Server Docker Compose Stack # Services: Nginx Proxy Manager, Home Assistant, Gitea, WireGuard # # Usage: # cp .env.example .env # then edit .env with your values # docker compose up -d ############################################################################### networks: proxy-network: name: proxy-network driver: bridge ipam: config: - subnet: 172.20.0.0/24 services: # =========================================================================== # Nginx Proxy Manager — Reverse proxy with built-in Let's Encrypt # Admin UI: http://:81 # Default login: admin@example.com / changeme # =========================================================================== nginx-proxy-manager: image: jc21/nginx-proxy-manager:latest container_name: nginx-proxy-manager restart: unless-stopped ports: - "80:80" # HTTP - "443:443" # HTTPS - "81:81" # Admin UI volumes: - ./nginx-proxy-manager/data:/data - ./nginx-proxy-manager/letsencrypt:/etc/letsencrypt networks: - proxy-network healthcheck: test: [ "CMD", "/usr/bin/check-health" ] interval: 30s timeout: 10s retries: 3 # =========================================================================== # Home Assistant — Smart home platform # Internal URL: http://homeassistant:8123 # =========================================================================== homeassistant: image: ghcr.io/home-assistant/home-assistant:stable container_name: homeassistant restart: unless-stopped environment: - TZ=${TZ:-Europe/Berlin} volumes: - ./homeassistant:/config networks: - proxy-network depends_on: - nginx-proxy-manager # =========================================================================== # Gitea — Lightweight Git hosting # Internal URL: http://gitea:3000 # SSH: Port 2222 (mapped from container 22) # =========================================================================== gitea: image: gitea/gitea:latest container_name: gitea restart: unless-stopped environment: - USER_UID=${PUID:-1000} - USER_GID=${PGID:-1000} - GITEA__database__DB_TYPE=sqlite3 - GITEA__database__PATH=/data/gitea/gitea.db - GITEA__server__DOMAIN=${DOMAIN_GITEA:-git.doerflingers.com} - GITEA__server__SSH_DOMAIN=${DOMAIN_GITEA:-git.doerflingers.com} - GITEA__server__SSH_PORT=${GITEA_SSH_PORT:-2222} - GITEA__server__ROOT_URL=https://${DOMAIN_GITEA:-git.doerflingers.com}/ - GITEA__server__LFS_START_SERVER=true - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY:-} - GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN:-} volumes: - ./gitea/data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "${GITEA_SSH_PORT:-2222}:22" networks: - proxy-network depends_on: - nginx-proxy-manager # =========================================================================== # WireGuard — Modern VPN server # External: UDP port 51820 (must be forwarded in FritzBox) # =========================================================================== wireguard: image: lscr.io/linuxserver/wireguard:latest container_name: wireguard restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=${PUID:-1000} - PGID=${PGID:-1000} - TZ=${TZ:-Europe/Berlin} - SERVERURL=${WG_SERVERURL:-home.doerflingers.com} - SERVERPORT=${WG_PORT:-51820} - PEERS=${WG_PEERS:-phone,laptop,tablet} - PEERDNS=auto - INTERNAL_SUBNET=${WG_INTERNAL_SUBNET:-10.13.13.0} - ALLOWEDIPS=0.0.0.0/0 volumes: - ./wireguard/config:/config - /lib/modules:/lib/modules:ro ports: - "${WG_PORT:-51820}:51820/udp" networks: - proxy-network sysctls: - net.ipv4.conf.all.src_valid_mark=1