# --- Docker Compose Settings --- # Comma-separated list of optional service profiles to enable (e.g., lidarr,sabnzbd,adguardhome) COMPOSE_PROFILES= # Path separator for COMPOSE_FILE (use ';' for Windows) COMPOSE_PATH_SEPARATOR=: # Colon-separated list of compose files to use. Allows extending the base configuration. COMPOSE_FILE=docker-compose.yml:adguardhome/docker-compose.yml:tandoor/docker-compose.yml:joplin/docker-compose.yml:homeassistant/docker-compose.yml:immich/docker-compose.yml # --- Core System Settings --- # Linux User ID. Find yours with `id -u`. Crucial for file permissions. USER_ID=1000 # Linux Group ID. Find yours with `id -g`. Crucial for file permissions. GROUP_ID=1000 # Your local timezone (e.g., America/New_York, Europe/London, Asia/Manila). See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones TIMEZONE="America/New_York" # --- Host Paths --- # Base directory on host for storing service configuration files. '.' stores them in subdirectories within the project folder. CONFIG_ROOT="." # Main directory on host containing media libraries (movies, TV, music, books). DATA_ROOT="/mnt/data" # Directory on host for download clients (qBittorrent/SABnzbd). Should be on the same filesystem as DATA_ROOT for hardlinks. DOWNLOAD_ROOT="/mnt/data/torrents" # Upload location for Immich (if profile enabled) IMMICH_UPLOAD_LOCATION="/mnt/data/photos" # --- Tailscale Settings --- # Required. Auth key from Tailscale Admin Console (Settings > Keys). Use a reusable or ephemeral key. TAILSCALE_AUTHKEY= # Desired hostname for this NAS within your Tailscale network. TAILSCALE_HOSTNAME=tailscale-nas # Required. Your Tailnet domain (e.g., your-tailnet-name.ts.net). TAILSCALE_TAILNET_DOMAIN=your-tailnet.ts.net # Optional tags to apply to the Tailscale node (e.g., tag:nas). TAILSCALE_TAGS=tag:nas # Enable Tailscale Funnel (public access) for HTTPS? Set to 'true' or 'false'. 'false' uses Serve (Tailnet only, recommended). ENABLE_FUNNEL_HTTPS=false # --- Primary Application Hostname --- # Primary hostname used by Traefik/Authelia. Derived from Tailscale settings by default. # Renamed from HOSTNAME to avoid collision with host system environment variable. APP_HOSTNAME=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN} # --- Application Credentials --- # qBittorrent Web UI Credentials (change default!) QBITTORRENT_USERNAME=admin QBITTORRENT_PASSWORD=adminadmin # Calibre-Web Credentials (if profile enabled) CALIBRE_USERNAME=admin CALIBRE_PASSWORD=admin123 # Immich Database Password (if profile enabled) IMMICH_DB_PASSWORD=postgres # --- Homepage Settings --- HOMEPAGE_VAR_TITLE="Docker-Compose NAS" HOMEPAGE_VAR_SEARCH_PROVIDER=google HOMEPAGE_VAR_HEADER_STYLE=boxed # Weather Widget (Optional) HOMEPAGE_VAR_WEATHER_CITY= HOMEPAGE_VAR_WEATHER_LAT= HOMEPAGE_VAR_WEATHER_LONG= HOMEPAGE_VAR_WEATHER_UNIT=metric # --- Authelia Settings --- # Generate strong random secrets for these using tools like `openssl rand -hex 32` # These are all REQUIRED for Authelia to function properly AUTHELIA_JWT_SECRET= # Secret used for JWT tokens (password reset, etc) AUTHELIA_SESSION_SECRET= # Secret for encrypting session cookies AUTHELIA_STORAGE_ENCRYPTION_KEY= # Secret for encrypting stored data AUTHELIA_REDIS_PASSWORD= # Password for Redis session storage # Note: The following variables are no longer needed with Authelia 4.38+ and the updated configuration # They are preserved for backward compatibility but will be automatically mapped to the new structure # AUTHELIA_SESSION_DOMAIN=${APP_HOSTNAME} # AUTHELIA_DEFAULT_REDIRECT_URL=https://${APP_HOSTNAME}/home # --- API Keys & Integration Tokens (Optional - Mainly for Homepage Widgets) --- # Find API keys within each application's settings (usually Settings > General or Security) SONARR_API_KEY= RADARR_API_KEY= LIDARR_API_KEY= PROWLARR_API_KEY= BAZARR_API_KEY= JELLYFIN_API_KEY= JELLYSEERR_API_KEY= SABNZBD_API_KEY= IMMICH_API_KEY= HOMEASSISTANT_ACCESS_TOKEN= # AdGuard Home Credentials (if profile enabled) ADGUARD_USERNAME= ADGUARD_PASSWORD= # --- Optional Service Settings --- # Decluttarr Settings (if profile enabled) DECLUTTARR_TEST_RUN=True DECLUTTARR_REMOVE_TIMER=60 DECLUTTARR_REMOVE_FAILED=True DECLUTTARR_REMOVE_FAILED_IMPORTS=True DECLUTTARR_REMOVE_METADATA_MISSING=True DECLUTTARR_REMOVE_MISSING_FILES=True DECLUTTARR_REMOVE_ORPHANS=True # --- Other Hostnames (Optional Services) --- # Set these if you need specific hostnames for these services (e.g., for Home Assistant integrations) HOMEASSISTANT_HOSTNAME= IMMICH_HOSTNAME= ADGUARD_HOSTNAME=