-

.gitignore

@@ -1,2 +1 @@
 **/data/
-nginx-proxy-manager/letsencrypt

README.md

@@ -0,0 +1,3 @@
+# Docker configurations and settings
+
+

gitea/.ssh/environment

@@ -1 +0,0 @@
-GITEA_CUSTOM=/data/gitea

gitea/compose.yml

@@ -12,7 +12,7 @@ services:
       - USER_UID=1000
       - USER_GID=1000
       - GITEA__database__DB_TYPE=mysql
-      - GITEA__database__HOST=database.home.ramberg.net:3306
+      - GITEA__database__HOST=database:3306
       - GITEA__database__NAME=gitea
       - GITEA__database__USER=gitea
       - GITEA__database__PASSWD=giteapass123

gitea/notes.md

@@ -1,7 +0,0 @@
-
-
-VSCode Assess Token:
-69d2bc89d4e557b96995a35d1fc9efc0546d824a
-
-
-git remote add origin https://git.home.ramberg.net/kim/docker.git

homebox/compose.yml

@@ -1,22 +0,0 @@
-services:
-  homebox:
-    image: ghcr.io/sysadminsmedia/homebox:latest
-#   image: ghcr.io/sysadminsmedia/homebox:latest-rootless
-    container_name: homebox
-    restart: unless-stopped
-    environment:
-    - HBOX_LOG_LEVEL=info
-    - HBOX_LOG_FORMAT=text
-    - HBOX_WEB_MAX_FILE_UPLOAD=10
-    # Please consider allowing analytics to help us improve Homebox (basic computer information, no personal data)
-    - HBOX_OPTIONS_ALLOW_ANALYTICS=false
-    volumes:
-#      - homebox-data:/data/
-      - ./data:/data/
-    ports:
-      - 3100:7745
-
-#volumes:
-#   homebox-data:
-#     driver: local
-

iperf3/start_me.sh

@@ -1,2 +0,0 @@
-docker run  -it --rm --name=iperf3-server -p 5201:5201 networkstatic/iperf3 -s
-

iperf3/start_me.sh.save

@@ -1,2 +0,0 @@
-docker run  -it --rm --name=iperf3-server -p 5201:5201 networkstatic/iperf3 -s
-

it-tools/docker-compose.yml

@@ -6,3 +6,4 @@ services:
         restart: unless-stopped
         ports:
             - 9080:80
+

nginx-proxy-manager/compose.yml

@@ -1,3 +1,4 @@
+#name: Nginx Proxy Manager
 services:
   app:
     image: 'docker.io/jc21/nginx-proxy-manager:latest'

nginx-proxy-manager/letsencrypt/renewal/npm-11.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-11
+cert = /etc/letsencrypt/live/npm-11/cert.pem
+privkey = /etc/letsencrypt/live/npm-11/privkey.pem
+chain = /etc/letsencrypt/live/npm-11/chain.pem
+fullchain = /etc/letsencrypt/live/npm-11/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+portainer.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-12.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-12
+cert = /etc/letsencrypt/live/npm-12/cert.pem
+privkey = /etc/letsencrypt/live/npm-12/privkey.pem
+chain = /etc/letsencrypt/live/npm-12/chain.pem
+fullchain = /etc/letsencrypt/live/npm-12/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+pihole.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-13.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-13
+cert = /etc/letsencrypt/live/npm-13/cert.pem
+privkey = /etc/letsencrypt/live/npm-13/privkey.pem
+chain = /etc/letsencrypt/live/npm-13/chain.pem
+fullchain = /etc/letsencrypt/live/npm-13/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+homebox.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-14.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-14
+cert = /etc/letsencrypt/live/npm-14/cert.pem
+privkey = /etc/letsencrypt/live/npm-14/privkey.pem
+chain = /etc/letsencrypt/live/npm-14/chain.pem
+fullchain = /etc/letsencrypt/live/npm-14/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+ntfy.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-15.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-15
+cert = /etc/letsencrypt/live/npm-15/cert.pem
+privkey = /etc/letsencrypt/live/npm-15/privkey.pem
+chain = /etc/letsencrypt/live/npm-15/chain.pem
+fullchain = /etc/letsencrypt/live/npm-15/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+it-tools.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-16.conf

@@ -0,0 +1,23 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-16
+cert = /etc/letsencrypt/live/npm-16/cert.pem
+privkey = /etc/letsencrypt/live/npm-16/privkey.pem
+chain = /etc/letsencrypt/live/npm-16/chain.pem
+fullchain = /etc/letsencrypt/live/npm-16/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+uptime-kuma.home.ramberg.net = /data/letsencrypt-acme-challenge
+uptime.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-17.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-17
+cert = /etc/letsencrypt/live/npm-17/cert.pem
+privkey = /etc/letsencrypt/live/npm-17/privkey.pem
+chain = /etc/letsencrypt/live/npm-17/chain.pem
+fullchain = /etc/letsencrypt/live/npm-17/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+git.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-2.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-2
+cert = /etc/letsencrypt/live/npm-2/cert.pem
+privkey = /etc/letsencrypt/live/npm-2/privkey.pem
+chain = /etc/letsencrypt/live/npm-2/chain.pem
+fullchain = /etc/letsencrypt/live/npm-2/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+vaultwarden.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-3.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-3
+cert = /etc/letsencrypt/live/npm-3/cert.pem
+privkey = /etc/letsencrypt/live/npm-3/privkey.pem
+chain = /etc/letsencrypt/live/npm-3/chain.pem
+fullchain = /etc/letsencrypt/live/npm-3/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+proxmox.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-5.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-5
+cert = /etc/letsencrypt/live/npm-5/cert.pem
+privkey = /etc/letsencrypt/live/npm-5/privkey.pem
+chain = /etc/letsencrypt/live/npm-5/chain.pem
+fullchain = /etc/letsencrypt/live/npm-5/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+backup.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx-proxy-manager/letsencrypt/renewal/npm-6.conf

@@ -0,0 +1,22 @@
+version = 4.1.1
+archive_dir = /etc/letsencrypt/archive/npm-6
+cert = /etc/letsencrypt/live/npm-6/cert.pem
+privkey = /etc/letsencrypt/live/npm-6/privkey.pem
+chain = /etc/letsencrypt/live/npm-6/chain.pem
+fullchain = /etc/letsencrypt/live/npm-6/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 020f85d8def96a90143fbf56a6214037
+key_type = ecdsa
+elliptic_curve = secp384r1
+preferred_chain = ISRG Root X1
+pref_challs = dns-01, http-01
+config_dir = /etc/letsencrypt
+work_dir = /tmp/letsencrypt-lib
+logs_dir = /tmp/letsencrypt-log
+authenticator = webroot
+webroot_path = /data/letsencrypt-acme-challenge,
+server = https://acme-v02.api.letsencrypt.org/directory
+[[webroot_map]]
+proxy.home.ramberg.net = /data/letsencrypt-acme-challenge

nginx/compose.yml

@@ -0,0 +1,12 @@
+#docker run --name docker-nginx -p 80:80 -v ~/docker-nginx/html:/usr/share/nginx/html -v ~/docker-nginx/default.conf:/etc/nginx/conf.d/default.conf -d nginx
+
+version: '3.9'
+services:
+    nginx:
+        image: nginx
+        volumes:
+            - '/home/rcadmin/docker/nginx/default.conf:/etc/nginx/conf.d/default.conf'
+            - '/home/rcadmin/docker/nginx/html:/usr/share/nginx/html'
+        ports:
+            - '80:80'
+        container_name: nginx

ntfy/compose.yml

@@ -10,10 +10,10 @@ services:
       - TZ=Europe/Oslo    # optional: set desired timezone
     #user: UID:GID # optional: replace with your own user/group or uid/gid
     volumes:
-      - /home/rcadmin/docker/ntfy/cache_ntfy:/var/cache/ntfy
+      - /home/rcadmin/ntfy/cache_ntfy:/var/cache/ntfy
-      - /home/rcadmin/docker/ntfy/etc_ntfy:/etc/ntfy
+      - /home/rcadmin/ntfy/etc_ntfy:/etc/ntfy
     ports:
-      - 9010:80
+      - 80:80
     healthcheck: # optional: remember to adapt the host:port to your environment
         test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
         interval: 60s

openspeedtest/compose.yml

@@ -1,9 +0,0 @@
-version: '3.3'
-services:
-    speedtest:
-        restart: unless-stopped
-        container_name: openspeedtest
-        ports:
-            - '3002:3000'
-            - '3001:3001'
-        image: openspeedtest/latest

pihole/compose.yml

@@ -3,25 +3,25 @@ services:
   pihole:
     container_name: pihole
     image: pihole/pihole:latest
+    hostname: pihole
     ports:
       # DNS Ports
       - "53:53/tcp"
       - "53:53/udp"
       # Default HTTP Port
-      - "80:80/tcp"
+      - "8080:80/tcp"
       # Default HTTPs Port. FTL will generate a self-signed certificate
-      - "443:443/tcp"
+      - "8443:443/tcp"
       # Uncomment the below if using Pi-hole as your DHCP Server
       #- "67:67/udp"
     environment:
       # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
       TZ: 'Europe/Oslo'
       # Set a password to access the web interface. Not setting one will result in a random password being assigned
-      FTLCONF_webserver_api_password: 'homekbr1998'
+      FTLCONF_webserver_api_password: 'correct horse battery staple'
     # Volumes store your data between container upgrades
     volumes:
       # For persisting Pi-hole's databases and common configuration file
-      #- './etc-pihole:/etc/pihole'
       - './etc-pihole:/etc/pihole'
       # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards
       #- './etc-dnsmasq.d:/etc/dnsmasq.d'
@@ -30,4 +30,3 @@ services:
       # Required if you are using Pi-hole as your DHCP server, else not needed
       - NET_ADMIN
     restart: unless-stopped
-

portainer/docker-compose.yml

@@ -1,4 +1,4 @@
-#name: Portainer
+#name: <your project name>
 services:
     portainer-ce:
         ports:
@@ -8,15 +8,8 @@ services:
         restart: always
         volumes:
             - /var/run/docker.sock:/var/run/docker.sock
-            - ./data:/data
+            - ./portainer_data:/data
         image: portainer/portainer-ce:lts
-        deploy:
-          placement:
-            constraints:
-              - node.role == manager
-
-
-
 #volumes:
 #    portainer_data:
 #        external: true

qbittorrent/docker-compose.yml

@@ -0,0 +1,19 @@
+---
+services:
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Oslo
+      - WEBUI_PORT=8080
+      - TORRENTING_PORT=6881
+    volumes:
+      - ./appdata:/config
+      - ./downloads:/downloads #optional
+    ports:
+      - 8080:8080
+      - 6881:6881
+      - 6881:6881/udp
+    restart: unless-stopped

shepherd/docker-compose.yml

@@ -0,0 +1,15 @@
+#version: "3"
+services:
+
+  shepherd:
+    #build: .
+    image: containrrr/shepherd
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+    environment:
+      TZ: 'Europe/Oslo'
+      SLEEP_TIME: '180m'

tor-privoxy/docker-compose.yml

@@ -0,0 +1,11 @@
+#version: "3"
+
+services:
+  tor-privoxy:
+    restart: always
+    image: dockage/tor-privoxy:latest
+    network_mode: "host"
+    ports:
+      - "9050:9050" # Tor proxy
+      - "9051:9051" # Tor control port
+      - "8118:8118" # Privoxy

uptime_kuma/compose.yml

@@ -1,12 +1,17 @@
 # Name: Uptime Kuma
-
+# https://github.com/louislam/uptime-kuma
 version: '3.9'
 services:
     uptime-kuma:
         image: 'louislam/uptime-kuma:1'
         container_name: uptime-kuma
         volumes:
-            - '/home/rcadmin/docker/uptime_kuma/data:/app/data'
+            - '/home/rcadmin/uptime_kuma/data:/app/data'
+            - /var/run/docker.sock:/var/run/docker.sock
         ports:
             - '127.0.0.1:3001:3001'
         restart: always
+        deploy:
+          placement:
+            constraints:
+              - node.role == manager

vaultwarden/.env

@@ -0,0 +1,24 @@
+#General Settings
+ADMIN_TOKEN= # randomly generated string of characters, for example running openssl rand -base64 48
+#//Refer https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token 
+
+WEBSOCKET_ENABLED=true
+SIGNUPS_ALLOWED=true ##change to false once create the admin account
+#DOMAIN=https://bitwarden.example.com #replace example.com with your domain
+DOMAIN=https://bitwarden.example.com #replace example.com with your domain
+
+# SMTP server configuration
+#SMTP_HOST=smtp-relay.sendinblue.com
+#SMTP_FROM=user@example.com ##replace example.com with your domain
+#SMTP_TIMEOUT=15
+#SMTP_USERNAME=user@example.com ##sendinblue user 
+#SMTP_PASSWORD=sendinblue password
+#SMTP_SECURITY=starttls     # Options: off, force_tls, starttls
+#SMTP_PORT=587
+
+## Choose the type of secure connection for SMTP. The default is "starttls".
+## The available options are:
+## - "starttls": The default port is 587.
+## - "force_tls": The default port is 465.
+## - "off": The default port is 25.
+## Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS).

vaultwarden/compose.yml

@@ -1,16 +0,0 @@
-# Service Name: VaultWarden
-# Description : Open source server for bitwarden clients
-# Homepage    : https://github.com/dani-garcia/vaultwarden
-
-services:
-  vaultwarden:
-    image: vaultwarden/server:latest
-    container_name: vaultwarden
-    restart: unless-stopped
-    environment:
-      DOMAIN: "https://vaultwarden.ramberg.net"
-    volumes:
-      - ./vw-data/:/data/
-    ports:
-#      - 127.0.0.1:8000:80
-      - 8000:80

vaultwarden/docker-compose.yml

@@ -0,0 +1,29 @@
+version: "3"
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    ports:
+     - 9445:80 #map any custom port to use (replace 9445 not 80)
+    volumes:
+     - ./bitwarden:/data:rw
+    environment:
+#     - ROCKET_TLS={certs="/ssl/certs/certs.pem",key="/ssl/private/key.pem"}  // Environment variable is specific to the Rocket web server
+     - ADMIN_TOKEN=${ADMIN_TOKEN}
+     - WEBSOCKET_ENABLED=true
+     - SIGNUPS_ALLOWED=false
+     - SMTP_HOST=${SMTP_HOST}
+     - SMTP_FROM=${SMTP_FROM}
+     - SMTP_PORT=${SMTP_PORT}
+     - SMTP_SECURITY=${SMTP_SECURITY}
+     - SMTP_TIMEOUT=${SMTP_TIMEOUT}
+     - SMTP_USERNAME=${SMTP_USERNAME}
+     - SMTP_PASSWORD=${SMTP_PASSWORD}
+     - DOMAIN=${DOMAIN}
+
+#uncomment below network part if you are using Nginx Proxy Manager, or you can remove the same
+#networks:
+#  default:
+#    external:
+#      name: nginx-proxy-network

watchtower/docker-compose.yml

@@ -0,0 +1,19 @@
+services: 
+  watchtower:     
+    image: containrrr/watchtower
+    container_name: watchtower
+    restart: always
+    environment: 
+      WATCHTOWER_SCHEDULE: "0 0 1 * * *" 
+      TZ: Europe/Oslo 
+      WATCHTOWER_CLEANUP: "true" 
+#      WATCHTOWER_DEBUG: "true"      
+#      WATCHTOWER_NOTIFICATIONS: "email" 
+#      WATCHTOWER_NOTIFICATION_EMAIL_FROM: "cldocker01@cloud.local"
+#      WATCHTOWER_NOTIFICATION_EMAIL_TO: "pushover@mailrise.xyz" 
+#      # you have to use a network alias here, if you use your own certificate 
+#      WATCHTOWER_NOTIFICATION_EMAIL_SERVER: "10.1.149.19" 
+#      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: "8025" 
+#      WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 2 
+    volumes: 
+      - /var/run/docker.sock:/var/run/docker.sock