Home Repository

Services

41 deployed · 15 SSO-integrated · v3.14.0

Deploy any service: task ansible:deploy:service -- -e "stack_name=<name>"

Identity & Security

Service Domain Stack Name Notes
Authentik auth.* authentik SSO provider — OIDC, LDAP, forward auth for 15 services
Vaultwarden vaultwarden.* vaultwarden Bitwarden-compatible password manager with SSO

Infrastructure & Monitoring

Service Domain Stack Name Notes
Kopia backup.* kopia Encrypted backups to Backblaze B2
Uptime Kuma uptime.* uptime-kuma HTTP/TCP/ping monitoring with status pages
LibreNMS librenms.* librenms Network discovery, SNMP polling, syslog, traps
Cert-sync-nas internal cert-sync-nas Wildcard SSL sync to NAS via SSH

Finance

Service Domain Stack Name Notes
Actual Budget budget.* actual_server Zero-based budgeting with bank sync

Media Management

Service Domain Stack Name Notes
PhotoPrism photos.* photoprism AI-powered photo tagging and organization
Takeout Manager takeout.* takeout-manager Google Photos Takeout distributed downloads
Immich photos.* immich Mobile-first photo backup with ML
Emby emby.* emby Media streaming — movies, TV, music

Media Automation

Service Domain Stack Name Notes
Sonarr sonarr.* sonarr Automated TV show management
Radarr radarr.* radarr Automated movie management
Whisparr whisparr.* whisparr Automated adult content management
Prowlarr prowlarr.* prowlarr Indexer manager for all arr services
Profilarr profilarr.* profilarr Quality profile sync across arr services
FlareSolverr internal flaresolverr Cloudflare bypass proxy for indexers

Download Clients

All clients route through NordVPN (OpenVPN). VPN kill switch active.

Service Domain Stack Name Notes
Downloads Stack downloads Unified VPN + 4 clients below
qBittorrent qbittorrent.* Primary torrent client
Deluge deluge.* Alternative torrent client
SABnzbd sabnzbd.* Primary usenet downloader
NZBGet nzbget.* Lightweight usenet alternative

Productivity & Collaboration

Service Domain Stack Name Notes
CryptPad cryptpad.* cryptpad E2E encrypted docs, sheets, kanban
Mealie mealie.* mealie Recipe management and meal planning
FreshRSS rss.* freshrss RSS/Atom feed aggregator
draw.io draw.* drawio Network and architecture diagramming

Home Automation

Service Domain Stack Name Notes
Home Assistant home.* homeassistant Smart home control — 2000+ integrations
Node-RED nodered.* node-red Visual flow-based automation

AI & Chat

Service Domain Stack Name Notes
Ollama ollama.* ollama Local LLM inference with GPU
LibreChat chat.* librechat Multi-model AI chat (GPT, Claude, local)

Development & ML

Service Domain Stack Name Notes
MLflow mlflow.* mlflow ML experiment tracking and model registry
Prefect prefect.* prefect Python workflow orchestration

Development & CI/CD

Service Domain Stack Name Notes
Forgejo git.* forgejo Git hosting with issues, PRs, wiki
CI/CD Runner cicd.* cicd Forgejo Actions runner
GitHub Runner github-runner Self-hosted GitHub Actions runner
Code-server code.* code-server VS Code in the browser
ClaudeCodeUI ai.* claudecodeui Browser-based Claude Code

Knowledge & Learning

Service Domain Stack Name Notes
Kiwix kiwix.* kiwix Offline Wikipedia, Stack Overflow, medical
Kolibri kolibri.* kolibri Offline K-12 education (Khan Academy)
Komga komga.* komga Comics and manga library

Privacy & Anonymity

Service Domain Stack Name Notes
Tor Browser tor.* tor-browser KasmVNC + WireGuard VPN with kill switch

Core Infrastructure

Service Domain Stack Name Notes
Homepage dashboard.* homepage Service dashboard with widgets

Infrastructure Stacks

Stack Purpose
reverse-proxy Traefik + automatic SSL
dns Technitium DNS server
monitoring Prometheus + Grafana + Loki + Promtail

Adding a New Service

mkdir stacks/apps/myservice

# stacks/apps/myservice/docker-compose.yml
services:
  myservice:
    image: myapp:latest
    networks:
      - traefik-public
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.myservice.rule=Host(`myapp.${BASE_DOMAIN}`)
        - traefik.http.routers.myservice.tls.certresolver=dns
        - traefik.http.services.myservice.loadbalancer.server.port=3000
        - traefik.swarm.network=traefik-public

networks:
  traefik-public:
    external: true

task ansible:deploy:stack -- -e "stack_name=myservice"