Bumped.

.gitignore

@@ -0,0 +1,2 @@
+.env
+mihomo/config.yaml

aria2/docker-compose.yml

@@ -0,0 +1,33 @@
+# merged.
+# for manual deploy, see https://www.cnblogs.com/wqp001/p/14709997.html
+
+services:
+  aria2:
+    image: p3terx/aria2-pro
+    container_name: aria2
+    logging:
+      driver: json-file
+      options:
+        max-size: 1m
+    volumes:
+      - ${HOME}/.config/aria2:/config
+      - ${DOWNLOAD_PATH}:/downloads
+    restart: 'unless-stopped'
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - UMASK_SET=022
+      - UPDATE_TRACKERS=true
+      - TZ=Asia/Shanghai
+    network_mode: host
+
+  ariang:
+    image: p3terx/ariang
+    container_name: ariang
+    command: --port ${ARIANG_PORT:-6880} --ipv6
+    logging:
+      driver: json-file
+      options:
+        max-size: 1m
+    restart: 'unless-stopped'
+    network_mode: host

filebrowser/docker-compose.yml

@@ -0,0 +1,17 @@
+services:
+  filebrowser:
+    image: filebrowser/filebrowser
+    container_name: filebrowser
+    network_mode: 'bridge'
+    ports:
+      - "{FB_PORT:-8080}:80"
+    volumes:
+      - fb-config:/config
+      - fb-database:/database
+      - ${SRV_PATH}:/srv
+    restart: 'unless-stopped'
+volumes:
+  fb-config:
+    driver: local
+  fb-database:
+    driver: local

jellyfin/docker-compose.yml

@@ -0,0 +1,30 @@
+# refer navidrome/docker-compose.yml for security options, or just ask doubao. 
+
+services:
+  jellyfin:
+    image: nyanmisaka/jellyfin:latest
+    container_name: jellyfin
+    network_mode: "host"
+    volumes:
+      - jellyfin-config:/config
+      - jellyfin-cache:/cache
+      - ${MEDIA_PATH:-/media}:/media:ro,nosuid,nodev  # recursive 'rx'
+      # - /dev/dri/renderD128:/dev/dri/renderD128
+      - type: bind
+        source: /usr/share/fonts/opentype
+        target: /usr/local/share/fonts/custom
+        read_only: true
+    devices:
+      - /dev/dri/renderD128:/dev/dri/renderD128:rw
+      #- /dev/dri/card0:/dev/dri/card0
+    restart: 'unless-stopped'
+    #environment:
+    #  - JELLYFIN_PublishedServerUrl=http://localhost:8096
+    extra_hosts:
+      - 'host.docker.internal:host-gateway'
+volumes:
+  jellyfin-cache:
+    driver: local
+  jellyfin-config:
+    driver: local
+

mihomo/docker-compose.yml

@@ -0,0 +1,19 @@
+# config.yaml just see wiki examples.
+services:
+  mihomo:
+    container_name: mihomo
+    image: metacubex/mihomo:latest
+    restart: always
+    #ports:
+    #  - 7890:7890
+    #  - 9090:9090
+    pid: host
+    ipc: host
+    network_mode: host
+    cap_add:
+      - ALL
+    volumes:
+      # be prepared before compose up.
+      - ${PWD}/config.yaml:/root/.config/mihomo/config.yaml
+      - /dev/net/tun:/dev/net/tun
+

navidrome/docker-compose.yml

@@ -0,0 +1,55 @@
+services:
+  navidrome:
+    image: deluan/navidrome:latest
+    container_name: navidrome
+    networks:
+      - navidrome_network
+    ports:
+      - "127.0.0.1:4533:4533"
+    volumes:
+      - nd-config:/data
+      - ${MUSIC_PATH}:/music:ro,nosuid,nodev  # recursive 'rx'
+    restart: 'unless-stopped'
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - NET_BIND_SERVICE
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+    tmpfs:
+      - /tmp:size=512M
+      - /var/tmp:size=100M
+      - /var/run:size=10M
+    deploy:
+      resources:
+        limits:
+          cpus: 0.5
+          memory: 512M
+    logging:
+      driver: json-file
+      options:
+        max-size: 10m
+    environment:
+      PUID: ${PUID}
+      PGID: ${PGID}
+      TZ: "Asia/Shanghai"
+      ND_SCANNER_SCHEDULE: "0 */6 * * *"
+      ND_LOGLEVEL: "info"
+      ND_SESSIONTIMEOUT: "24h"
+      ND_DEFAULTLANGUAGE: "zh-Hans"
+      ND_ENABLEDOWNLOADS: "false"
+      ND_ENABLETRANSCODINGCONFIG: "false"  # could be "true" before configured
+      ND_UILOGINBACKGROUNDURL: "https://www.loliapi.com/acg/"
+
+volumes:
+  nd-config:
+    driver: local
+
+networks:
+  navidrome_network:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.20.0.0/16

readme.md

@@ -0,0 +1,33 @@
+# agserver.svc
+
+> [!important]
+> 现在我的 Docker 服务均作了去敏处理：强依赖本机系统环境的配置均改用下表列示的环境变量传参。
+>
+> 你需要在`docker-compose.yml`所在文件夹里另行创建`.env`文件，填充需要的环境变量。
+>
+> 当然直接编辑 compose 配置也无何不可，万一不满意别的配置呢？
+
+| 服务 | 是否容器化 | 环境变量（=默认值） | 备注 |
+|------|------------|----------|------|
+| cockpit dashboard | ❌ | - | （太长了，附表格后） |
+| mihomo | ✅ | PWD | Compose 会自动处理 PWD，无需手写 |
+| jellyfin | ✅ | MEDIA_PATH=/media | （太长了，附表格后） |
+| aria2 | ✅ | PUID, PGID, HOME, DOWNLOAD_PATH, ARIANG_PORT=6880 | （太长了，附表格后） |
+| filebrowser | ✅ | FB_PORT=8080, SRV_PATH | 和上面 DOWNLOAD_PATH 一个逻辑，自行指定共享根目录 |
+| navidrome | ✅ | MUSIC_PATH, PUID, PGID | `ND_`开头的环境变量配置可参见[在线文档](https://www.navidrome.org/docs/usage/configuration/options/#environment-variables)；我最终选择把音乐库暴露给公网，因此配置单也加了很多限制措施，仅供参考 |
+
+- cockpit
+    - 新版 Ubuntu 的 sudo 命令行不完全，暂时需回退为`sudo.ws`
+    - 需要用`nmcli`另建一空网口以便正常检查软件包更新
+    - chrony 需要换用国内 NTP 服务器
+
+- jellyfin
+    1. 独显/按摩店核显可能仍需要刷入驱动
+    2. 阴特耳核显现在应该不用再进容器检查渲染节点的用户组了
+    3. 由于 ii. 所限，本容器**不允许非 root 运行**
+
+- aria2
+    - HOME 是指定用户组`PUID:PGID`的家目录。  
+    容器会自动下载 [P3TERX/aria2.conf](https://github.com/P3TERX/aria2.conf) 配置，为了修改方便，咱就干脆把配置塞家里了，即`$HOME/.config/aria2`。
+    - DOWNLOAD_PATH 是什么样，下载的位置就是什么样，这个就没有什么前后缀。
+    - 防火墙务必提前放行 aria2 监听端口（至少放`6888/tcp,udp`）