Omakase Documentation¶
Welcome to Omakase, a production-ready Docker homelab infrastructure managing 25+ containerized services with a security-first architecture.
What is Omakase?
Omakase (お任せ) is a Japanese phrase meaning "I'll leave it up to you" - perfectly capturing the philosophy of this project: a curated, opinionated, ready-to-deploy homelab infrastructure where all the hard decisions have been made for you.
About This Documentation
The documentation and guides in this project are AI-assisted to provide comprehensive and helpful content. However, all Docker Compose configurations, service definitions, and infrastructure code are manually written and thoroughly reviewed by the maintainer to ensure security, reliability, and correctness.
Why Omakase?¶
-
Security First
Multi-layered security with Authelia SSO, CrowdSec IPS, Infisical secrets management, and network isolation.
-
Infrastructure as Code
Fully declarative Docker Compose setup with modular service architecture and automatic secret injection.
-
Built-in Backup
Automated encrypted backups with Restic to cloud storage (Backblaze B2) with verification and pruning.
-
Fully Automated
Renovate bot for dependency updates, CI/CD with GitHub Actions, automatic SSL certificates, and monitoring.
-
Modular Design
Enable/disable services easily with include directives. Each service is isolated and independently configurable.
-
Production Ready
Battle-tested in production with 25+ services, comprehensive monitoring, and proven disaster recovery.
Core Services¶
Omakase includes essential infrastructure components:
| Service | Version | Purpose | Documentation |
|---|---|---|---|
| Traefik | v3.5 | Reverse proxy with automatic HTTPS | → |
| Authelia | v4.39 | SSO authentication gateway | → |
| CrowdSec | v1.7 | Collaborative IPS and security | → |
| Cetusguard | latest | Secure Docker socket proxy | → |
| Portainer | latest | Container management UI | → |
| Homepage | latest | Unified dashboard | → |
| Dozzle | latest | Real-time log viewer | → |
| Restic | latest | Encrypted backup solution | → |
Plus 20+ additional services for media, productivity, development, and more!
Quick Start¶
Get started in 3 simple steps:
# 1. Clone the repository
git clone https://github.com/esoso/omakase.git
cd omakase
# 2. Configure secrets in Infisical
# (See Getting Started guide)
# 3. Deploy the stack
make up
First time here? Start with:
- Prerequisites - Check what you need
- Choose Your Deployment - Pick your environment
- Installation Guide - Deploy Omakase
- Configuration - Customize your setup
Architecture Highlights¶
Network Isolation¶
graph TB
Internet[Internet] --> Traefik[Traefik<br/>ingress network]
Traefik --> Authelia[Authelia<br/>SSO Gateway]
Authelia --> Services[Protected Services]
Services --> vnet1[vnet-service1]
Services --> vnet2[vnet-service2]
Services --> vnet3[vnet-service3]
Management[Management Tools] --> Socket[Cetusguard<br/>docker_socket network]
Socket --> Docker[Docker API<br/>Read-only]
style Traefik fill:#326ce5,color:#fff
style Authelia fill:#9d0400,color:#fff
style Services fill:#2ecc71,color:#fff
style Socket fill:#f39c12,color:#fffSecurity Layers¶
graph LR
A[Public Internet] -->|HTTPS| B[CrowdSec IPS]
B -->|Allowed| C[Traefik SSL]
C -->|Authenticated| D[Authelia SSO]
D -->|Authorized| E[Application]
E -->|Secrets| F[Infisical Vault]
E -->|Isolated| G[vnet-*]
E -->|Protected| H[Docker Socket Proxy]
style A fill:#e74c3c,color:#fff
style B fill:#f39c12,color:#fff
style C fill:#3498db,color:#fff
style D fill:#9d0400,color:#fff
style E fill:#2ecc71,color:#fff
style F fill:#9b59b6,color:#fff
style G fill:#1abc9c,color:#fff
style H fill:#34495e,color:#fffDeployment Scenarios¶
Omakase supports multiple deployment environments:
| Environment | Complexity | Cost | Performance | Best For |
|---|---|---|---|---|
| Proxmox LXC | Medium | Low | Excellent | Advanced homelab |
| Bare Metal | Low | Low | Excellent | Simple homelab |
| VM Generic | Low | Low | Good | Testing |
| NAS | Low | Low | Good | Existing NAS |
| Cloud VPS | Low | Medium | Good | Remote access |
| Cloud Enterprise | High | High | Excellent | Production |
Key Features¶
Security-First Architecture¶
- Zero Trust Network: Every service isolated in dedicated networks
- SSO Authentication: Authelia protects all services with 2FA support
- Secret Management: All secrets stored in Infisical vault, never in git
- IPS Protection: CrowdSec blocks threats automatically
- Container Hardening:
no-new-privileges, resource limits, non-root users
Automated Operations¶
- Dependency Updates: Renovate bot updates Docker images automatically
- Backup & Verify: Daily encrypted backups with integrity checks
- SSL Certificates: Automatic Let's Encrypt certificate management
- Health Checks: Monitoring with alerts via Telegram/Email
- CI/CD Pipeline: Automated validation and deployment
Infrastructure as Code¶
- Declarative Setup: Everything defined in Docker Compose files
- Version Controlled: All configuration tracked in git
- Reproducible: Deploy identical infrastructure anywhere
- Documented: Comprehensive docs for every component
Technology Stack¶
-
Docker Ecosystem
Docker 24+, Compose v2.20+, dedicated networks per service
-
Security Stack
Traefik, Authelia, CrowdSec, Infisical, Cetusguard
-
Data Persistence
PostgreSQL, Redis (Redict), encrypted backups with Restic
-
Management
Portainer, Homepage, Dozzle, Traefik dashboard
Community & Support¶
- Documentation: You're reading it! Browse sections above
- GitHub Issues: Report bugs and request features
- Discussions: Ask questions and share setups
- Security: Report security issues
Contributing¶
Omakase is open source and welcomes contributions! Whether you want to:
- Add a new service
- Improve documentation
- Fix bugs
- Share your deployment experience
Check out the Contributing Guide to get started.
License¶
Omakase is licensed under the MIT License.
-
Quick Links
-
Documentation
Star on GitHub
If you find Omakase useful, please star the repository on GitHub to show your support!