Split monolithic compose into 5 independent stacks

- docker-compose.infra.yml: core infrastructure (portainer, npm, homepage, wud, etc.) - docker-compose.media.yml: media stack (arrs, jellyfin, qbittorrent, scrobbling) - docker-compose.documents.yml: paperless-ngx, onlyoffice, stirling, open-webui - docker-compose.photo-roms.yml: immich, syncthing, retrom - docker-compose.utils.yml: gitea, tandoor, speedtest, linkwarden, rustdesk, etc. Each stack has its own project name (docker-infra, docker-media, etc.) to prevent orphan warnings. Networks defined in infra.yml, referenced as external by others. Original preserved as docker-compose.full.yaml.bak. Updated .gitignore, README, AGENTS.md, and RESTORE.md to reflect new structure.
2026-05-14 22:58:11 +12:00
parent 76e99f9df9
commit b2f4d37f19
10 changed files with 1675 additions and 601 deletions
--- a/docker-compose.documents.yml
+++ b/docker-compose.documents.yml
@@ -0,0 +1,210 @@
+# =============================================================================
+# DOCUMENTS STACK - Document management, PDF tools, and AI services
+# =============================================================================
+# DEPLOYMENT INSTRUCTIONS
+# =============================================================================
+# This is one of multiple compose files in the /docker/ directory.
+#
+# Deploy ALL stacks (from /docker/ directory):
+#   Get-ChildItem docker-compose.*.yml | ForEach-Object { docker compose -f $_ up -d }
+#
+# Deploy this stack only:
+#   docker compose -f docker-compose.documents.yml up -d
+#
+# Stop this stack:
+#   docker compose -f docker-compose.documents.yml down
+#
+# View logs for this stack:
+#   docker compose -f docker-compose.documents.yml logs -f
+#
+# IMPORTANT: Requires infra stack to be deployed first (shared networks).
+# =============================================================================
+
+name: docker-documents
+
+# Common configurations for re-use
+x-logging: &default-logging
+  driver: "json-file"
+  options:
+    max-size: "10m"
+    max-file: "3"
+
+x-security: &default-security
+  security_opt:
+    - no-new-privileges:true
+
+services:
+  onlyoffice:
+    image: onlyoffice/documentserver:latest
+    container_name: onlyoffice-docs
+    restart: always
+    ports:
+      - "8091:80"
+    environment:
+      - JWT_ENABLED=true
+      - JWT_SECRET=${OO_JWT_SECRET}
+      - JWT_HEADER=Authorization
+      - ALLOW_PRIVATE_IP_ADDRESS=true
+      - USE_UNAUTHORIZED_STORAGE=true
+    volumes:
+      - docker_onlyoffice:/var/lib/onlyoffice
+      - docker_onlyoffice:/var/www/onlyoffice/Data
+      - docker_onlyoffice:/var/log/onlyoffice
+
+  paperless-db:
+    image: mariadb:11
+    container_name: paperless-db
+    restart: unless-stopped
+    networks:
+      - db_net
+    environment:
+      - MARIADB_ROOT_PASSWORD=${PAPERLESS_DB_ROOT_PASSWORD}
+      - MARIADB_DATABASE=${PAPERLESS_DB_NAME}
+      - MARIADB_USER=${PAPERLESS_DB_USER}
+      - MARIADB_PASSWORD=${PAPERLESS_DB_PASSWORD}
+    volumes:
+      - docker_dbdata:/var/lib/mysql
+    healthcheck:
+      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+    logging: *default-logging
+
+  paperless-broker:
+    image: redis:8
+    container_name: paperless-broker
+    restart: unless-stopped
+    networks:
+      - internal_net
+    volumes:
+      - docker_redisdata:/data
+    logging: *default-logging
+
+  paperless-tika:
+    image: apache/tika:latest
+    container_name: paperless-tika
+    restart: unless-stopped
+    networks:
+      - internal_net
+    logging: *default-logging
+
+  paperless-gotenberg:
+    image: gotenberg/gotenberg:8.20
+    container_name: paperless-gotenberg
+    restart: unless-stopped
+    networks:
+      - internal_net
+    command: ["gotenberg", "--chromium-disable-javascript=true", "--chromium-allow-list=file:///tmp/.*"]
+    logging: *default-logging
+
+  paperless-webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    container_name: paperless-webserver
+    restart: unless-stopped
+    networks:
+      - web_net
+      - db_net
+      - internal_net
+    ports:
+      - "8100:8000"
+    environment:
+      - PAPERLESS_DBENGINE=mariadb
+      - PAPERLESS_DBHOST=paperless-db
+      - PAPERLESS_DBPASS=${PAPERLESS_DB_PASSWORD}
+      - PAPERLESS_DBUSER=${PAPERLESS_DB_USER}
+      - PAPERLESS_DBPORT=3306
+      - PAPERLESS_REDIS=redis://paperless-broker:6379
+      - PAPERLESS_TIKA_ENDPOINT=http://paperless-tika:9998
+      - PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://paperless-gotenberg:3000
+      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
+      - PAPERLESS_URL=${PAPERLESS_URL}
+      - PAPERLESS_TIME_ZONE=${TZ}
+      - PAPERLESS_OCR_LANGUAGE=eng
+    volumes:
+      - /docker/paperless/consume:/usr/src/paperless/consume
+      - /docker/paperless/data:/usr/src/paperless/data
+      - /docker/paperless/export:/usr/src/paperless/export
+      - /docker/paperless/media:/usr/src/paperless/media
+    depends_on:
+      paperless-db:
+        condition: service_healthy
+      paperless-broker:
+        condition: service_started
+    logging: *default-logging
+
+  paperless-ai:
+    image: clusterzx/paperless-ai
+    container_name: paperless-ai
+    restart: unless-stopped
+    networks:
+      - internal_net
+    ports:
+      - 3040:3000
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - PAPERLESS_USERNAME=jamie
+      - PAPERLESS_API_URL=http://paperless-webserver:8000/api
+      - PAPERLESS_API_TOKEN=${PAPERLESS_SECRET_KEY}
+      - RAG_SERVICE_URL=http://localhost:8000
+      - RAG_SERVICE_ENABLED=true
+    volumes:
+      - docker_aidata:/app/data
+    depends_on:
+      - paperless-webserver
+    logging: *default-logging
+
+  stirling-pdf:
+    image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
+    container_name: stirling-PDF
+    restart: unless-stopped
+    networks:
+      - web_net
+    ports:
+      - "8090:8080"
+    environment:
+      - UI_APPNAME=Stirling-PDF
+      - SHOW_SURVEY=false
+      - SECURITY_ENABLELOGIN=false
+      - SYSTEM_MAXFILESIZE=100
+      - PUID=${PUID}
+      - PGID=${PGID}
+    volumes:
+      - /docker/stirling/config:/configs
+      - /docker/stirling/data:/usr/share/tessdata
+      - /docker/stirling/logs:/logs
+    logging: *default-logging
+
+  open-webui:
+    image: ghcr.io/open-webui/open-webui:main
+    container_name: open-webui
+    restart: unless-stopped
+    networks:
+      - web_net
+      - internal_net
+    ports:
+      - "3000:8080"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    volumes:
+      - open-webui:/app/backend/data
+    logging: *default-logging
+
+networks:
+  db_net:
+    name: db_net
+    external: true
+  internal_net:
+    name: internal_net
+    external: true
+  web_net:
+    name: web_net
+    external: true
+
+volumes:
+  docker_aidata:
+  docker_dbdata:
+  docker_onlyoffice:
+  docker_redisdata:
+  open-webui: