Added additional motion masks for timestamps

Added zone definitions for all cameras
Adjusted motion threshhold and contour_area for all cameras

authelia/config/authelia/configuration.yml

@@ -6,7 +6,19 @@ server:
 
 # Security https://www.authelia.com/configuration/security/access-control/
 access_control:
+  networks:
+  - name: 'internal'
+    networks:
+    - '192.168.1.0/24'
+    - '172.16.0.0/12'
   rules:
+  - domain: 'gitea.tremendousturtle.tools'
+    policy: bypass
+    networks:
+    - 'internal'
+    resources:
+    - '^/api([/?].*)?$'
+    - '^/v2([/?].*)?$'
   - domain: '*.tremendousturtle.tools'
     policy: two_factor
 

authentik/docker-compose.yml

@@ -30,7 +30,7 @@ services:
     volumes:
       - redis:/data
   app:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.3}
     restart: unless-stopped
     command: server
     environment:
@@ -42,6 +42,8 @@ services:
     networks:
       - proxy-net
       - default
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     volumes:
       - ./data/media:/media
       - ./config/custom-templates:/templates
@@ -50,13 +52,16 @@ services:
     ports:
       - "${COMPOSE_PORT_HTTP:-9000}:9000"
       - "${COMPOSE_PORT_HTTPS:-9443}:9443"
+    expose:
+      - "9000"
+      - "9443"
     depends_on:
       db:
         condition: service_healthy
       redis:
         condition: service_healthy
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.3}
     restart: unless-stopped
     command: worker
     environment:

caddy/config/Caddyfile

@@ -74,6 +74,46 @@
 		import ttt-proxy {args[1]} {args[2]}
 	}
 }
+(authentik) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		reverse_proxy authentik-app-1:9000 {
+			header_up X-Real-IP {http.request.header.CF-Connecting-IP}
+			header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
+		}
+	}
+}
+(redirect) {
+	{args[0]}.tremendousturtle.tools {
+		import tls
+		redir https://{args[1]}.tremendousturtle.tools{uri}
+	}
+}
+(authentik-forward) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		route {
+			# always forward outpost path to actual outpost
+			reverse_proxy /outpost.goauthentik.io/* http://authentik-app-1:9000
+
+			# forward authentication to outpost
+			forward_auth http://authentik-app-1:9000 {
+				uri /outpost.goauthentik.io/auth/caddy
+
+				# capitalization of the headers is important, otherwise they will be empty
+				copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+
+				# optional, in this config trust all private ranges, should probably be set to the outposts IP
+				trusted_proxies private_ranges
+			}
+
+			# actual site configuration below, for example
+			reverse_proxy {args[1]}:{args[2]}
+		}
+	}
+}
 
 # Web Config
 tremendousturtle.tools {
@@ -93,7 +133,7 @@ authentik.tremendousturtle.tools {
 
 # Define code.tremendousturtle.tools
 # Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost)
-import ttt-app-local code 8020
+#import ttt-app-local code 8020
 import ttt-app-local pihole 1080
 import ttt-app-local sonarr 8989
 import ttt-app-local radarr 7878
@@ -101,11 +141,11 @@ import ttt-app-local prowlarr 9696
 import ttt-app-local cockpit 9090
 
 # Docker apps with same subdomain as docker compose project name
-import ttt-app frigate 8971
+#import ttt-app frigate 8971
 import ttt-app overseerr 5055
 import ttt-app openobserve 5080
-import ttt-app gitea 3000
-import ttt-app homepage 3000
+#import ttt-app gitea 3000
+#import ttt-app homepage 3000
 import ttt-app requestrr 4545
 
 # Alternate configuration (different subdomain and docker compose project name)
@@ -114,3 +154,13 @@ import ttt-app-alt trilium triliumnext-notes-app-1 8080
 import ttt-app-alt notes triliumnext-notes-app-1 8080
 import ttt-app-alt stash stashapp-app-1 9999
 import ttt-app-alt pihole1 192.168.1.116 80
+
+# Authentik Configs
+import authentik homepage
+import redirect home homepage
+
+import authentik frigate
+import authentik code
+import authentik gitea
+import authentik dozzle
+import authentik tautulli

caddy/docker-compose.yml

@@ -13,12 +13,10 @@ services:
       - "443:443"
       - "443:443/udp"
       - "2019:2019"
-    configs:
-      - source: caddyfile
-        target: /etc/caddy/Caddyfile
     volumes:
       - ./data/site:/srv
       - ./data/logs:/logs
+      - ./config:/etc/caddy
       - caddy_data:/data
       - caddy_config:/config
 
@@ -26,10 +24,6 @@ networks:
   proxy-net:
     external: true
 
-configs:
-  caddyfile:
-    file: ./Caddyfile
-
 volumes:
   caddy_data:
   caddy_config:

dozzle/docker-compose.yml

@@ -0,0 +1,19 @@
+name: dozzle
+services:
+  app:
+    image: amir20/dozzle:latest
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    expose:
+      - "8080"
+    environment:
+      DOZZLE_AUTH_PROVIDER: forward-proxy
+      DOZZLE_ENABLE_ACTIONS: true
+      DOZZLE_HOSTNAME: dozzle.tremendousturtle.tools
+    networks:
+      - proxy-net
+
+networks:
+  proxy-net:
+    external: true

frigate/config/config.yaml

@@ -4,7 +4,7 @@ auth:
 
 proxy:
   header_map:
-    user: Remote-User
+    user: X-Forwarded-Preferred-Username
 
 tls:
   enabled: false
@@ -38,8 +38,19 @@ objects:
   track:
     - person
     - car
+    - motorcycle
+    - bicycle
     - dog
     - cat
+    - license plate
+    - face
+    - amazon
+    - usps
+    - fedex
+    - ups
+    - package
+    - waste bin
+
 
 cameras:
   nw_garage:
@@ -64,6 +75,31 @@ cameras:
         - 0.865,0.955,0.865,0.99,0.895,0.99,0.895,0.955
         - 0.827,0.955,0.827,0.99,0.858,0.99,0.858,0.955
         - 0.79,0.955,0.79,0.99,0.821,0.99,0.821,0.955
+        - 0.905,0.992,0.932,0.99,0.932,0.965,0.905,0.964
+        - 0.942,0.987,0.983,0.987,0.982,0.957,0.942,0.958
+        - 0.69,0.988,0.719,0.988,0.719,0.957,0.69,0.958
+      threshold: 35
+      contour_area: 15
+      improve_contrast: 'true'
+    zones:
+      Front_Yard:
+        coordinates: 0,0.552,0.13,0.709,0.246,0.822,0.451,1,0,1
+        loitering_time: 0
+        objects:
+          - cat
+          - dog
+          - package
+          - person
+          - usps
+          - waste bin
+      Driveway:
+        coordinates: 
+          0,0.494,0,0.549,0.131,0.706,0.251,0.824,0.454,1,1,1,1,0.37,0.856,0.33,0.743,0.296,0.569,0.253,0.451,0.225,0.264,0.324,0.177,0.372,0.043,0.461
+        loitering_time: 0
+      Street:
+        coordinates: 
+          0,0.491,0.05,0.454,0.176,0.371,0.257,0.325,0.45,0.224,0.49,0.217,0.561,0.185,0.671,0.139,0.738,0.114,0.813,0.084,0.756,0.049,0.736,0.027,0.737,0,0.474,0,0.46,0.009,0.389,0.012,0.318,0.022,0,0.128
+        loitering_time: 0
   ne_garage:
     enabled: true
     ffmpeg:
@@ -86,6 +122,33 @@ cameras:
         - 0.865,0.955,0.865,0.99,0.895,0.99,0.895,0.955
         - 0.827,0.955,0.827,0.99,0.858,0.99,0.858,0.955
         - 0.79,0.955,0.79,0.99,0.821,0.99,0.821,0.955
+        - 0.905,0.992,0.932,0.99,0.932,0.965,0.905,0.964
+        - 0.942,0.987,0.983,0.987,0.982,0.957,0.942,0.958
+        - 0.69,0.988,0.719,0.988,0.719,0.957,0.69,0.958
+        - 0.86,0,0.849,0.11,1,0.187,1,0
+      threshold: 45
+      contour_area: 16
+      improve_contrast: 'true'
+    zones:
+      Front_Yard:
+        coordinates: 
+          0,0.247,0,0.417,0.07,0.391,0.16,0.363,0.287,0.332,0.406,0.306,0.518,0.286,0.314,0.18,0.21,0.195,0.119,0.212
+        loitering_time: 0
+        objects:
+          - cat
+          - dog
+          - package
+          - person
+          - usps
+          - waste bin
+      Driveway:
+        coordinates: 
+          0,0.42,0,1,1,1,1,0.601,0.876,0.512,0.709,0.402,0.584,0.328,0.514,0.289,0.413,0.307,0.297,0.332,0.177,0.361,0.085,0.388
+        loitering_time: 0
+      Street:
+        coordinates: 
+          0.043,0.059,0.132,0.102,0.205,0.131,0.311,0.176,0.414,0.229,0.523,0.287,0.527,0.293,0.622,0.348,0.697,0.392,0.79,0.452,0.901,0.526,1,0.598,1,0.203,0.612,0.024,0.473,0,0.043,0
+        loitering_time: 0
   doorbell:
     enabled: true
     ffmpeg:
@@ -108,9 +171,26 @@ cameras:
         - 0.79,0.003,0.79,0.035,0.82,0.035,0.82,0.003
         - 0.828,0.003,0.828,0.035,0.858,0.035,0.858,0.003
         - 0.866,0.003,0.866,0.035,0.896,0.035,0.896,0.003
-      threshold: 35
-      contour_area: 15
-      improve_contrast: true
+        - 0.904,0.039,0.933,0.038,0.933,0.011,0.904,0.011
+        - 0.943,0.033,0.983,0.033,0.983,0.004,0.942,0.005
+        - 0.691,0.034,0.72,0.033,0.72,0.005,0.69,0.005
+      threshold: 40
+      contour_area: 13
+      improve_contrast: 'true'
+    zones:
+      Front_Yard:
+        coordinates: 0,0.876,0,1,1,1,1,0.596,0.491,0.59
+        loitering_time: 0
+        objects:
+          - cat
+          - dog
+          - package
+          - person
+          - usps
+          - waste bin
+      Street:
+        coordinates: 0.363,0.583,0.643,0.591,0.644,0.524,0.363,0.522
+        loitering_time: 0
 version: 0.14
 camera_groups:
   Birdseye:
@@ -128,4 +208,23 @@ camera_groups:
 detect:
   stationary:
     interval: 50
-    threshold: 40
+    threshold: 50
+
+snapshots:
+  enabled: true
+  retain:
+    default: 30
+
+record:
+  enabled: true
+  retain:
+    days: 3
+    mode: all
+  events:
+    retain:
+      default: 30
+      mode: motion
+
+telemetry:
+  stats:
+    network_bandwidth: true

frigate/docker-compose.yml

@@ -2,7 +2,11 @@ name: frigate
 services:
   app:
     restart: unless-stopped
-    image: ghcr.io/blakeblackshear/frigate:stable
+    #image: ghcr.io/blakeblackshear/frigate:stable
+    image: gitea.tremendousturtle.tools/chris/frigate:v0.14.1-web-admin-088ff992
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
     shm_size: "250mb"
     devices:
       - /dev/apex_0:/dev/apex_0 # Passes a PCIe Coral
@@ -20,12 +24,15 @@ services:
     networks:
       - proxy-net
     ports:
+      # - "8971:8971"
       - "8554:8554" # RTSP feeds
       - "8555:8555/tcp" # WebRTC over tcp
       - "8555:8555/udp" # WebRTC over udp
       - "5000:5000" # VS Code schema validation allowed
     expose:
       - "8971"
+    secrets:
+      - PLUS_API_KEY
     environment:
       LIBVA_DRIVER_NAME: "radeonsi" # FRIGATE_RTSP_PASSWORD: "69$nC*6$jADbc!"
     labels:
@@ -41,3 +48,7 @@ services:
 networks:
   proxy-net:
     external: true
+
+secrets:
+  PLUS_API_KEY:
+    file: ./secrets/PLUS_API_KEY

gitea/docker-compose.yml

@@ -17,6 +17,16 @@ services:
       GITEA__database__USER: ${GITEA_DB_USER}
       GITEA__database__PASSWD__FILE: /run/secrets/postgres_pass
       GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE: gitea --config={{.CustomConf}} serv key-{{.Key.ID}}
+      GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION: true
+      GITEA__service__ENABLE_REVERSE_PROXY_AUTO_REGISTRATION: true
+      GITEA__service__ENABLE_REVERSE_PROXY_EMAIL: true
+      GITEA__indexer__REPO_INDEXER_ENABLED: true
+      GITEA__indexer__REPO_INDEXER_PATH: indexers/repos.bleve
+      GITEA__indexer__MAX_FILE_SIZE: 1048576
+      GITEA__indexer__REPO_INDEXER_INCLUDE: ""
+      GITEA__indexer__REPO_INDEXER_EXCLUDE: resources/bin/**
+      GITEA__security__REVERSE_PROXY_LIMIT: 2
+      GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES: '172.31.0.0/16'
     restart: unless-stopped
     networks:
       - gitea

komodo/.env

@@ -0,0 +1,130 @@
+####################################
+# 🦎 KOMODO COMPOSE - VARIABLES 🦎 #
+####################################
+
+## These compose variables can be used with all Komodo deployment options.
+## Pass these variables to the compose up command using `--env-file komodo/compose.env`.
+## Additionally, they are passed to both Komodo Core and Komodo Periphery with `env_file: ./compose.env`,
+## so you can pass any additional environment variables to Core / Periphery directly in this file as well.
+
+## Stick to a specific version, or use `latest`
+COMPOSE_KOMODO_IMAGE_TAG=latest
+
+## Note: 🚨 Podman does NOT support local logging driver 🚨. See Podman options here:
+## `https://docs.podman.io/en/v4.6.1/markdown/podman-run.1.html#log-driver-driver`
+COMPOSE_LOGGING_DRIVER=local # Enable log rotation with the local driver.
+
+## DB credentials - Ignored for Sqlite
+DB_USERNAME=admin
+DB_PASSWORD=admin
+
+## Configure a secure passkey to authenticate between Core / Periphery.
+PASSKEY=a_random_passkey
+
+#=-------------------------=#
+#= Komodo Core Environment =#
+#=-------------------------=#
+
+## Full variable list + descriptions are available here:
+## 🦎 https://github.com/mbecker20/komodo/blob/main/config/core.config.toml 🦎
+
+## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets.
+## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples
+
+## Used for Oauth / Webhook url suggestion / Caddy reverse proxy.
+KOMODO_HOST=https://demo.komo.do
+## Displayed in the browser tab.
+KOMODO_TITLE=Komodo
+## Create a server matching this address as the "first server".
+## Use `https://host.docker.internal:8120` when using systemd-managed Periphery.
+KOMODO_FIRST_SERVER=https://periphery:8120
+## Make all buttons just double-click, rather than the full confirmation dialog.
+KOMODO_DISABLE_CONFIRM_DIALOG=false
+
+## Rate Komodo polls your servers for
+## status / container status / system stats / alerting.
+## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min.
+## Default: 15-sec
+KOMODO_MONITORING_INTERVAL="15-sec"
+## Rate Komodo polls Resources for updates,
+## like outdated commit hash.
+## Options: 1-min, 5-min, 15-min, 30-min, 1-hr.
+## Default: 5-min
+KOMODO_RESOURCE_POLL_INTERVAL="5-min"
+
+## Used to auth against periphery. Alt: KOMODO_PASSKEY_FILE
+KOMODO_PASSKEY=${PASSKEY}
+## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
+KOMODO_WEBHOOK_SECRET=a_random_secret
+## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
+KOMODO_JWT_SECRET=a_random_jwt_secret
+
+## Enable login with username + password.
+KOMODO_LOCAL_AUTH=true
+## Disable new user signups.
+KOMODO_DISABLE_USER_REGISTRATION=false
+## All new logins are auto enabled
+KOMODO_ENABLE_NEW_USERS=false
+## Disable non-admins from creating new resources.
+KOMODO_DISABLE_NON_ADMIN_CREATE=false
+## Allows all users to have Read level access to all resources.
+KOMODO_TRANSPARENT_MODE=false
+
+## Time to live for jwt tokens.
+## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
+KOMODO_JWT_TTL="1-day"
+
+## OIDC Login
+KOMODO_OIDC_ENABLED=false
+## Must reachable from Komodo Core container
+# KOMODO_OIDC_PROVIDER=https://oidc.provider.internal/application/o/komodo
+## Change the host to one reachable be reachable by users (optional if it is the same as above).
+## DO NOT include the `path` part of the URL.
+# KOMODO_OIDC_REDIRECT_HOST=https://oidc.provider.external
+## Your client credentials
+# KOMODO_OIDC_CLIENT_ID= # Alt: KOMODO_OIDC_CLIENT_ID_FILE
+# KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
+## Make usernames the full email.
+# KOMODO_OIDC_USE_FULL_EMAIL=true
+## Add additional trusted audiences for token claims verification.
+## Supports comma separated list, and passing with _FILE (for compose secrets).
+# KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
+
+## Github Oauth
+KOMODO_GITHUB_OAUTH_ENABLED=false
+# KOMODO_GITHUB_OAUTH_ID= # Alt: KOMODO_GITHUB_OAUTH_ID_FILE
+# KOMODO_GITHUB_OAUTH_SECRET= # Alt: KOMODO_GITHUB_OAUTH_SECRET_FILE
+
+## Google Oauth
+KOMODO_GOOGLE_OAUTH_ENABLED=false
+# KOMODO_GOOGLE_OAUTH_ID= # Alt: KOMODO_GOOGLE_OAUTH_ID_FILE
+# KOMODO_GOOGLE_OAUTH_SECRET= # Alt: KOMODO_GOOGLE_OAUTH_SECRET_FILE
+
+## Aws - Used to launch Builder instances and ServerTemplate instances.
+KOMODO_AWS_ACCESS_KEY_ID= # Alt: KOMODO_AWS_ACCESS_KEY_ID_FILE
+KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE
+
+## Hetzner - Used to launch ServerTemplate instances
+## Hetzner Builder not supported due to Hetzner pay-by-the-hour pricing model
+KOMODO_HETZNER_TOKEN= # Alt: KOMODO_HETZNER_TOKEN_FILE
+
+#=------------------------------=#
+#= Komodo Periphery Environment =#
+#=------------------------------=#
+
+## Full variable list + descriptions are available here:
+## 🦎 https://github.com/mbecker20/komodo/blob/main/config/periphery.config.toml 🦎
+
+## Periphery passkeys must include KOMODO_PASSKEY to authenticate
+PERIPHERY_PASSKEYS=${PASSKEY}
+
+## Enable SSL using self signed certificates.
+## Connect to Periphery at https://address:8120.
+PERIPHERY_SSL_ENABLED=true
+
+## If the disk size is overreporting, can use one of these to 
+## whitelist / blacklist the disks to filter them, whichever is easier.
+## Accepts comma separated list of paths.
+## Usually whitelisting just /etc/hostname gives correct size.
+PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname
+# PERIPHERY_EXCLUDE_DISK_MOUNTS=/snap,/etc/repos

komodo/docker-compose.yml

@@ -0,0 +1,103 @@
+################################
+# 🦎 KOMODO COMPOSE - MONGO 🦎 #
+################################
+
+## This compose file will deploy:
+##   1. MongoDB
+##   2. Komodo Core
+##   3. Komodo Periphery
+
+name: komodo
+services:
+  db:
+    image: mongo
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+    command: --quiet --wiredTigerCacheSizeGB 0.25
+    restart: unless-stopped
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - default
+    # ports:
+    #   - 27017:27017
+    volumes:
+      - mongo-data:/data/db
+      - mongo-config:/data/configdb
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
+  
+  core:
+    image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+    restart: unless-stopped
+    depends_on:
+      - db
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - default
+    ports:
+      - 9120:9120
+    env_file: ./compose.env
+    environment:
+      KOMODO_DATABASE_ADDRESS: db:27017
+      KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
+      KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      ## Core cache for repos for latest commit hash / contents
+      - repo-cache:/repo-cache
+      ## Store sync files on server
+      # - /path/to/syncs:/syncs
+      ## Optionally mount a custom core.config.toml
+      # - /path/to/core.config.toml:/config/config.toml
+    ## Allows for systemd Periphery connection at 
+    ## "http://host.docker.internal:8120"
+    # extra_hosts:
+    #   - host.docker.internal:host-gateway
+
+  ## Deploy Periphery container using this block,
+  ## or deploy the Periphery binary with systemd using 
+  ## https://github.com/mbecker20/komodo/tree/main/scripts
+  periphery:
+    image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+    restart: unless-stopped
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - default
+    env_file: ./compose.env
+    volumes:
+      ## Mount external docker socket
+      - /var/run/docker.sock:/var/run/docker.sock
+      ## Allow Periphery to see processes outside of container
+      - /proc:/proc
+      ## use self signed certs in docker volume, 
+      ## or mount your own signed certs.
+      - ssl-certs:/etc/komodo/ssl
+      ## manage repos in a docker volume, 
+      ## or change it to an accessible host directory.
+      - repos:/etc/komodo/repos
+      ## manage stack files in a docker volume, 
+      ## or change it to an accessible host directory.
+      - stacks:/etc/komodo/stacks
+      ## Optionally mount a path to store compose files
+      # - /path/to/compose:/host/compose
+
+volumes:
+  # Mongo
+  mongo-data:
+  mongo-config:
+  # Core
+  repo-cache:
+  # Periphery
+  ssl-certs:
+  repos:
+  stacks:
+
+networks:
+  default: {}

stashapp/docker-compose.yml

@@ -35,6 +35,7 @@ services:
       - ./config:/root/.stash
       ## Point this at your collection.
       - /media/raid/junk_transfer:/data
+      - /media/junk/new_transfer:/data/new_transfer
       - /media/raid/stash:/stash
       - /media/junk/junk:/junk
       - /media/raid/junk_movies_transfer:/movies

tautulli/.gitignore

@@ -0,0 +1,8 @@
+config/backups/
+config/cache/
+config/exports/
+config/logs/
+config/newsletters/
+config/release.lock
+config/tautulli.db
+config/version.lock

tautulli/config/config.ini

@@ -0,0 +1,170 @@
+[General]
+allow_guest_access = 0
+date_format = YYYY-MM-DD
+time_format = HH:mm
+anon_redirect = https://www.nullrefer.com/?
+anon_redirect_dynamic = 0
+api_enabled = 1
+api_key = 079935546d82416db237001d03059dc3
+api_sql = 0
+backup_days = 3
+backup_dir = /config/backups
+backup_interval = 6
+cache_dir = /config/cache
+cache_images = 1
+check_github = 1
+check_github_interval = 6
+check_github_on_startup = 1
+cleanup_files = 0
+do_not_override_git_branch = 0
+enable_https = 0
+export_dir = /config/exports
+first_run_complete = 1
+freeze_db = 0
+get_file_sizes = 0
+git_branch = master
+git_path = ""
+git_remote = origin
+git_token = ""
+git_user = Tautulli
+git_repo = Tautulli
+group_history_tables = 1
+history_table_activity = 1
+home_sections = current_activity, watch_stats, library_stats, recently_added
+home_library_cards = 4, 2, 1, 5, 7, 8, 9, 12
+home_stats_cards = top_movies, popular_movies, top_tv, popular_tv, top_music, popular_music, last_watched, top_libraries, top_users, top_platforms, most_concurrent
+home_refresh_interval = 10
+https_create_cert = 1
+https_cert = /config/server.crt
+https_cert_chain = ""
+https_key = /config/server.key
+https_domain = localhost
+https_ip = 127.0.0.1
+http_basic_auth = 0
+http_environment = production
+http_hash_password = 1
+http_hashed_password = 1
+http_host = 0.0.0.0
+http_password = PBKDF2$sha256$600000$Y6kl7oc/cNUwRhxpN3cYDw==$b4hYGhFatQNKuNvFsY4IEFI5FHVZjBKY
+http_port = 8181
+http_proxy = 0
+http_root = ""
+http_username = chris
+http_plex_admin = 1
+http_base_url = ""
+http_rate_limit_attempts = 10
+http_rate_limit_attempts_interval = 300
+http_rate_limit_lockout_time = 300
+http_thread_pool = 10
+interface = default
+launch_browser = 0
+launch_startup = 0
+log_blacklist = 1
+log_blacklist_usernames = 1
+log_dir = /config/logs
+musicbrainz_lookup = 0
+plexpy_auto_update = 0
+show_advanced_settings = 1
+themoviedb_apikey = e9a6655bae34bf694a0f3e33338dc28e
+themoviedb_lookup = 0
+tvmaze_lookup = 0
+update_db_interval = 24
+update_show_changelog = 0
+week_start_monday = 0
+sys_tray_icon = 0
+[[get_file_sizes_hold]]
+section_ids = ,
+rating_keys = ,
+[PMS]
+pms_client_id = a63eebdc-9a0e-45be-9448-d8769535c470
+pms_identifier = 5e16f8ceb511bde943f92bbe07e3e6e33307eb16
+pms_ip = 192.168.1.234
+pms_is_cloud = 0
+pms_is_remote = 0
+pms_language = ""
+pms_logs_folder = /plex_logs
+pms_logs_line_cap = 1000
+pms_name = winterfell
+pms_name_override = ""
+pms_port = 32400
+pms_token = udTzPteNY8SNSibrzajX
+pms_ssl = 0
+pms_url = http://192.168.1.234:32400
+pms_url_override = ""
+pms_url_manual = 0
+pms_use_bif = 0
+pms_uuid = db661b1c35ed453bba7ddee2e44e3145
+pms_plexpass = 1
+pms_platform = Linux
+pms_version = 1.41.4.9463-630c9f557
+pms_update_channel = plex
+pms_update_distro = debian
+pms_update_distro_build = linux-x86
+pms_web_url = https://app.plex.tv/desktop
+[Advanced]
+pms_timeout = 15
+pms_update_check_interval = 24
+cache_sizemb = 32
+check_docker_mount = 1
+check_github_cache_seconds = 3600
+config_version = 22
+export_threads = 8
+https_min_tls_version = TLSv1.2
+journal_mode = WAL
+metadata_cache_seconds = 1800
+notification_threads = 2
+notify_text_eval = 0
+session_db_write_attempts = 5
+synchronous_mode = NORMAL
+upgrade_flag = 1
+verbose_logs = 1
+verify_ssl_cert = 1
+websocket_monitor_ping_pong = 0
+websocket_connection_attempts = 5
+websocket_connection_timeout = 5
+jwt_secret = 11a7ffcc84ad42c98cf603d50cffdde5
+jwt_update_secret = 0
+system_analytics = 1
+[Monitoring]
+buffer_threshold = 10
+buffer_wait = 900
+imgur_client_id = ""
+logging_ignore_interval = 60
+movie_watched_percent = 85
+music_watched_percent = 85
+monitor_pms_updates = 0
+monitoring_interval = 60
+notify_consecutive = 0
+notify_continued_session_threshold = 15
+notify_group_recently_added_grandparent = 1
+notify_group_recently_added_parent = 1
+notify_upload_posters = 0
+notify_recently_added_delay = 300
+notify_recently_added_grandparent = 0
+notify_recently_added_upgrade = 0
+notify_remote_access_threshold = 60
+notify_concurrent_by_ip = 0
+notify_concurrent_ipv6_cidr = /64
+notify_concurrent_threshold = 2
+notify_new_device_initial_only = 1
+notify_server_connection_threshold = 60
+notify_server_update_repeat = 0
+notify_plexpy_update_repeat = 0
+refresh_libraries_interval = 12
+refresh_libraries_on_startup = 1
+refresh_users_interval = 12
+refresh_users_on_startup = 1
+tv_watched_percent = 85
+watched_marker = 3
+[Cloudinary]
+cloudinary_cloud_name = ""
+cloudinary_api_key = ""
+cloudinary_api_secret = ""
+[Newsletter]
+newsletter_auth = 0
+newsletter_password = ""
+newsletter_custom_dir = ""
+newsletter_inline_styles = 0
+newsletter_templates = newsletters
+newsletter_dir = /config/newsletters
+newsletter_self_hosted = 0

tautulli/docker-compose.yml

@@ -0,0 +1,18 @@
+name: tautulli
+services:
+  app:
+    environment:
+      TZ: America/Los_Angeles
+    image: ghcr.io/tautulli/tautulli:latest
+    networks:
+      - proxy-net
+    expose:
+      - "8181"
+    restart: unless-stopped
+    volumes:
+      - ./config:/config
+      - /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs:/plex_logs:ro
+
+networks:
+  proxy-net:
+    external: true