.env.example

@@ -1,71 +1,20 @@
-# --- Docker Compose Settings ---
-# Comma-separated list of optional service profiles to enable (e.g., lidarr,sabnzbd,adguardhome)
 COMPOSE_PROFILES=
-# Path separator for COMPOSE_FILE (use ';' for Windows)
 COMPOSE_PATH_SEPARATOR=:
-# Colon-separated list of compose files to use. Allows extending the base configuration.
 COMPOSE_FILE=docker-compose.yml:adguardhome/docker-compose.yml:tandoor/docker-compose.yml:joplin/docker-compose.yml:homeassistant/docker-compose.yml:immich/docker-compose.yml
-
-# --- Core System Settings ---
-# Linux User ID. Find yours with `id -u`. Crucial for file permissions.
 USER_ID=1000
-# Linux Group ID. Find yours with `id -g`. Crucial for file permissions.
 GROUP_ID=1000
-# Your local timezone (e.g., America/New_York, Europe/London, Asia/Manila). See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TIMEZONE="America/New_York"
-
-# --- Host Paths ---
-# Base directory on host for storing service configuration files. '.' stores them in subdirectories within the project folder.
 CONFIG_ROOT="."
-# Main directory on host containing media libraries (movies, TV, music, books).
 DATA_ROOT="/mnt/data"
-# Directory on host for download clients (qBittorrent/SABnzbd). Should be on the same filesystem as DATA_ROOT for hardlinks.
 DOWNLOAD_ROOT="/mnt/data/torrents"
-# Upload location for Immich (if profile enabled)
 IMMICH_UPLOAD_LOCATION="/mnt/data/photos"
-
+HOMEASSISTANT_HOSTNAME=
-# --- Tailscale Settings ---
+IMMICH_HOSTNAME=
-# Required. Auth key from Tailscale Admin Console (Settings > Keys). Use a reusable or ephemeral key.
+ADGUARD_HOSTNAME=
-TAILSCALE_AUTHKEY=
+ADGUARD_USERNAME=
-# Desired hostname for this NAS within your Tailscale network.
+ADGUARD_PASSWORD=
-TAILSCALE_HOSTNAME=tailscale-nas
-# Required. Your Tailnet domain (e.g., your-tailnet-name.ts.net).
-TAILSCALE_TAILNET_DOMAIN=your-tailnet.ts.net
-# Optional tags to apply to the Tailscale node (e.g., tag:nas).
-TAILSCALE_TAGS=tag:nas
-# Enable Tailscale Funnel (public access) for HTTPS? Set to 'true' or 'false'. 'false' uses Serve (Tailnet only, recommended).
-ENABLE_FUNNEL_HTTPS=false
-
-# --- Primary Hostname ---
-# Primary hostname used by Traefik for routing. Derived from Tailscale settings by default.
-HOSTNAME=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}
-
-# --- Application Credentials ---
-# qBittorrent Web UI Credentials (change default!)
 QBITTORRENT_USERNAME=admin
 QBITTORRENT_PASSWORD=adminadmin
-# Calibre-Web Credentials (if profile enabled)
-CALIBRE_USERNAME=admin
-CALIBRE_PASSWORD=admin123
-# Immich Database Password (if profile enabled)
-IMMICH_DB_PASSWORD=postgres
-
-# --- Homepage Settings ---
-HOMEPAGE_VAR_TITLE="Docker-Compose NAS"
-HOMEPAGE_VAR_SEARCH_PROVIDER=google
-HOMEPAGE_VAR_HEADER_STYLE=boxed
-# Weather Widget (Optional)
-HOMEPAGE_VAR_WEATHER_CITY=
-HOMEPAGE_VAR_WEATHER_LAT=
-HOMEPAGE_VAR_WEATHER_LONG=
-HOMEPAGE_VAR_WEATHER_UNIT=metric
-# Homepage Basic Authentication (Optional) - Generate hash with htpasswd (e.g., `htpasswd -nb user password`)
-# See README for details. Leave blank to disable auth.
-HOMEPAGE_AUTH_USER=
-HOMEPAGE_AUTH_HASH=
-
-# --- API Keys & Integration Tokens (Optional - Mainly for Homepage Widgets) ---
-# Find API keys within each application's settings (usually Settings > General or Security)
 SONARR_API_KEY=
 RADARR_API_KEY=
 LIDARR_API_KEY=
@@ -76,12 +25,16 @@ JELLYSEERR_API_KEY=
 SABNZBD_API_KEY=
 IMMICH_API_KEY=
 HOMEASSISTANT_ACCESS_TOKEN=
-# AdGuard Home Credentials (if profile enabled)
+HOMEPAGE_VAR_TITLE="Docker-Compose NAS"
-ADGUARD_USERNAME=
+HOMEPAGE_VAR_SEARCH_PROVIDER=google
-ADGUARD_PASSWORD=
+HOMEPAGE_VAR_HEADER_STYLE=boxed
-
+HOMEPAGE_VAR_WEATHER_CITY=
-# --- Optional Service Settings ---
+HOMEPAGE_VAR_WEATHER_LAT=
-# Decluttarr Settings (if profile enabled)
+HOMEPAGE_VAR_WEATHER_LONG=
+HOMEPAGE_VAR_WEATHER_UNIT=metric
+IMMICH_DB_PASSWORD=postgres
+CALIBRE_USERNAME=admin
+CALIBRE_PASSWORD=admin123
 DECLUTTARR_TEST_RUN=True
 DECLUTTARR_REMOVE_TIMER=60
 DECLUTTARR_REMOVE_FAILED=True
@@ -90,8 +43,12 @@ DECLUTTARR_REMOVE_METADATA_MISSING=True
 DECLUTTARR_REMOVE_MISSING_FILES=True
 DECLUTTARR_REMOVE_ORPHANS=True
 
-# --- Other Hostnames (Optional Services) ---
+# --- Tailscale Settings ---
-# Set these if you need specific hostnames for these services (e.g., for Home Assistant integrations)
+TAILSCALE_AUTHKEY=
-HOMEASSISTANT_HOSTNAME=
+TAILSCALE_HOSTNAME=tailscale-nas
-IMMICH_HOSTNAME=
+TAILSCALE_TAILNET_DOMAIN=your-tailnet.ts.net
-ADGUARD_HOSTNAME=
+TAILSCALE_TAGS=tag:nas
+# Enable Tailscale Funnel (public access) for HTTPS? Set to 'true' or 'false'.
+ENABLE_FUNNEL_HTTPS=false
+
+HOSTNAME=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}

docker-compose.yml

@@ -467,11 +467,7 @@ services:
       - HOMEPAGE_VAR_WEATHER_LONG=${HOMEPAGE_VAR_WEATHER_LONG}
       - HOMEPAGE_VAR_WEATHER_TIME=${TIMEZONE}
       - HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT}
-      # Allow access from localhost, the service name, and the primary HOSTNAME
+      - HOMEPAGE_ALLOWED_HOSTS=${HOSTNAME}
-      - HOMEPAGE_ALLOWED_HOSTS=localhost,homepage,${HOSTNAME}
-      # Pass auth user/hash if set (optional, for potential future use by homepage itself, though Traefik handles it)
-      - HOMEPAGE_AUTH_USER=${HOMEPAGE_AUTH_USER}
-      - HOMEPAGE_AUTH_HASH=${HOMEPAGE_AUTH_HASH}
     volumes:
       - ${CONFIG_ROOT:-.}/homepage:/app/config:Z
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -483,10 +479,6 @@ services:
       - traefik.enable=true
       - traefik.http.routers.homepage.rule=PathPrefix(`/`)
       - traefik.http.routers.homepage.entrypoints=web
-      # Define Basic Auth Middleware (only active if HOMEPAGE_AUTH_HASH is set in .env)
-      - traefik.http.middlewares.homepage-auth.basicAuth.users=${HOMEPAGE_AUTH_HASH}
-      # Apply Middleware to Router
-      - traefik.http.routers.homepage.middlewares=homepage-auth@docker
       - traefik.http.services.homepage.loadbalancer.server.port=3000
   watchtower:
     image: ghcr.io/containrrr/watchtower:latest