docker-compose-templates/docker-compose.yml

version: '3.3'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptimekuma
    volumes:
      - "${DOCKER_STORAGE_PATH}/uptimekuma:/app/data"
      - "/var/run/docker.sock:/var/run/docker.sock"
    ports:
      - "${UPTIME_KUMA_EXTERNAL_PORT}:${UPTIME_KUMA_INTERNAL_PORT}"
    networks:
      - public
    profiles:
      - infra
      - base
    restart: unless-stopped

  logseq:
    image: ghcr.io/logseq/logseq-webapp:latest
    container_name: logseq
    ports:
      - "${LOGSEQ_EXTERNAL_PORT}:${LOGSEQ_INTERNAL_PORT}"
    networks:
      - public
    profiles:
      - disabled
    restart: unless-stopped
      - disabled

  caddy:
    image: caddy
    container_name: caddy
    ports:
      - "${TIMETRACKER_EXTERNAL_PORT}:${TIMETRACKER_INTERNAL_PORT}"
      - "${DENDRON_NOTES_EXTERNAL_PORT}:${DENDRON_NOTES_INTERNAL_PORT}"
    user: ${PUID}
    volumes:
      - "${DOCKER_STORAGE_PATH}/caddy/etc:/etc/caddy"
      - "${DOCKER_STORAGE_PATH}/caddy/data:/data"
      - "${DOCKER_STORAGE_PATH}/caddy/config:/config"
      - "/www/notes:/srv/notes"
      - "timetracker-static:/srv/timetracker"
    networks:
      - public
      - caddy
    profiles:
      - infra
      - base
    restart: unless-stopped
    # cap_drop:
    #   - ALL
    # cap_add:
    #   - NET_BIND_SERVICE

  timetracker:
    image: ${REGISTRY_URL}/timetracker
    container_name: timetracker
    environment:
      - TZ=${TZ}
      - "CSRF_TRUSTED_ORIGINS=https://tracker.kucharczyk.xyz"
    user: ${PUID}
    volumes:
      - "${DOCKER_STORAGE_PATH}/timetracker/db.sqlite3:/home/timetracker/app/db.sqlite3"
      - "${DOCKER_STORAGE_PATH}/timetracker/backups:/home/timetracker/app/games/fixtures/backups"
      - "timetracker-static:/var/www/django/static"
    depends_on:
      - caddy
    networks:
      - caddy
    profiles:
      - base
    restart: unless-stopped

  dokku:
    image: dokku/dokku:0.29.4
    container_name: dokku
    environment:
      - "DOKKU_HOSTNAME=192.168.0.106"
      - "DOKKU_HOST_ROOT=/var/lib/dokku/home/dokku"
    volumes:
      - "${DOCKER_STORAGE_PATH}/dokku:/mnt/dokku"
      - "/var/run/docker.sock:/var/run/docker.sock"
    ports:
      - "${DOKKU_EXTERNAL_PORT_1}:${DOKKU_INTERNAL_PORT_1}"
      - "${DOKKU_EXTERNAL_PORT_2}:${DOKKU_INTERNAL_PORT_2}"
      - "${DOKKU_EXTERNAL_PORT_3}:${DOKKU_INTERNAL_PORT_3}"
    networks:
      - public
    profiles:
      - disabled

  trilium:
    image: zadam/trilium
    container_name: trilium
    restart: always
    environment:
      - TRILIUM_DATA_DIR=/home/node/trilium-data
    volumes:
      - ${DOCKER_STORAGE_PATH}/trilium:/home/node/trilium-data
    ports:
      - "${TRILIUM_EXTERNAL_PORT}:${TRILIUM_INTERNAL_PORT}"
    networks:
      - public
    profiles:
      - base

  ntfy:
    image: binwiederhier/ntfy
    container_name: ntfy
    command:
      - serve
    user: ${PUID}:${PGID}
    environment:
      - TZ=${TZ}
    volumes:
      - "${DOCKER_STORAGE_PATH}/ntfy/cache:/var/cache/ntfy"
      - "${DOCKER_STORAGE_PATH}/ntfy/config:/etc/ntfy"
    ports:
      - "${NTFY_EXTERNAL_PORT}:${NTFY_INTERNAL_PORT}"
    networks:
      - public
    profiles:
      - base
      - infra
    restart: unless-stopped

  audiobookshelf:
    image: ghcr.io/advplyr/audiobookshelf
    container_name: audiobookshelf
    environment:
      - AUDIOBOOKSHELF_UID=${PUID}
      - AUDIOBOOKSHELF_GID=${PGID}
      - TZ=${TZ}
    volumes:
      - "${DOCKER_STORAGE_PATH}/audiobookshelf/audiobooks:/audiobooks"
      - "${DOCKER_STORAGE_PATH}/audiobookshelf/podcasts:/podcasts"
      - "${DOCKER_STORAGE_PATH}/audiobookshelf/config:/config"
      - "${DOCKER_STORAGE_PATH}/audiobookshelf/metadata:/metadata"
    ports:
      - "${AUDIOBOOKSHELF_EXTERNAL_PORT}:${AUDIOBOOKSHELF_INTERNAL_PORT}"
    networks:
      - public
    profiles:
      - disabled
    restart: unless-stopped

  beets:
    image: ${REGISTRY_URL}/beets:latest
    container_name: beets
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    volumes:
      - "${DOCKER_STORAGE_PATH}/beets:/config"
      - "${STORAGE_PATH}/media/music2:/music"
      - "${STORAGE_PATH}/download/music:/downloads"
    ports:
      - 8337:8337
    networks:
      - public
    profiles:
      - base
    restart: unless-stopped

  deluge:
    image: lscr.io/linuxserver/deluge:latest
    container_name: deluge
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - DELUGE_LOGLEVEL=error #optional
    volumes:
      - "${DOCKER_STORAGE_PATH}/deluge2:/config"
      - "${STORAGE_PATH}/seed:/seed"
    ports:
      - "8112:8112"
      - "58846:58846"
    networks:
      - public
    profiles:
      - disabled
    restart: unless-stopped

  filebrowser:
    image: filebrowser/filebrowser:s6
    container_name: filebrowser
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - "${DOCKER_STORAGE_PATH}/filebrowser/database:/database/"
      - "${DOCKER_STORAGE_PATH}/filebrowser/config/:/config/"
      - "${STORAGE_PATH}:/srv"
    ports:
      - "9999:80"
    networks:
      - public
    profiles:
      - disabled
    restart: unless-stopped

  mealie:
    container_name: mealie
    image: hkotel/mealie:latest
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    env_file:
      - mealie.env
    volumes:
      - "${DOCKER_STORAGE_PATH}/mealie/data/:/app/data"
    ports:
      - ${MEALIE_EXTERNAL_PORT}:${MEALIE_INTERNAL_PORT}
    networks:
      - public
    restart: unless-stopped

  rtorrent:
    image: binhex/arch-rtorrentvpn
    container_name: rtorrent
    volumes:
      - "${DOCKER_STORAGE_PATH}/rtorrent/config:/config"
      - "${DOCKER_STORAGE_PATH}/rtorrent/watch:/watch"
      - ${STORAGE_PATH}/seed:/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
    env_file:
      - rtorrent.env
    ports:
      - "9080:9080"
      - "9443:9443"
      - "8118:8118"
      - "6881:6881"
    networks:
      - public
    profiles:
      - base
    restart: unless-stopped

  kavita:
    image: "kizaing/kavita:latest"
    container_name: kavita
    env_file:
      - kavita.env
    ports:
      - "${KAVITA_EXTERNAL_PORT}:${KAVITA_INTERNAL_PORT}"
    volumes:
      - "${STORAGE_PATH}/media/comics:/manga"
      - "${DOCKER_STORAGE_PATH}/kavita:/kavita/config"
    networks:
      - public
    profiles:
      - disabled
    restart: unless-stopped

  webhook:
    image: ${REGISTRY_URL}/webhook
    container_name: webhook
    build: https://git.kucharczyk.xyz/containers/webhook.git#main
    user: ${PUID}:${PGID}
    environment:
      - TZ=${TZ}
    volumes:
      - "${DOCKER_STORAGE_PATH}/webhook/config:/config"
      - "${DOCKER_STORAGE_PATH}/webhook/scripts:/var/webhook"
    ports:
      - "${WEBHOOK_EXTERNAL_PORT}:${WEBHOOK_INTERNAL_PORT}"
    networks:
      - public
    profiles:
      - base
      - infra
    restart: unless-stopped

  valheim:
    image: ghcr.io/lloesche/valheim-server
    container_name: valheim
    volumes:
      - ${DOCKER_STORAGE_PATH}/valheim/config:/config
      - ${DOCKER_STORAGE_PATH}/valheim/data:/opt/valheim
    env_file:
      - valheim.env
    ports:
      - ${VALHEIM_EXTERNAL_PORT}:${VALHEIM_INTERNAL_PORT}
    cap_add:
      - SYS_NICE
    networks:
      - public
    profiles:
      - disabled
    restart: unless-stopped

  7daystodie:
    image: 7daysserver:latest
    container_name: 7dtd
    volumes:
      - ${DOCKER_STORAGE_PATH}/7daystodie/saves:/home/steam/.local/share/7DaysToDie/Saves
      - ${DOCKER_STORAGE_PATH}/7daystodie/server:/home/steam/server
    ports:
      - 26900-26902:26900-26902/udp
      - 18500:8080
    networks:
      - public
    profiles:
      - disabled
    restart: unless-stopped

  loki:
    image: grafana/loki:2.6.1
    container_name: loki
    user: "${PUID}"
    ports:
      - "${LOKI_EXTERNAL_PORT}:${LOKI_INTERNAL_PORT}"
    command: -config.file=/etc/loki/local-config.yaml
    volumes:
      - "${DOCKER_STORAGE_PATH}/loki/local-config.yaml:/etc/loki/local-config.yaml"
    networks:
      - loki
    profiles:
      - disabled
      - infra
    restart: unless-stopped

  promtail:
    image: grafana/promtail:2.6.1
    container_name: promtail
    user: "${PUID}"
    volumes:
      - /var/log:/var/log
      - "${DOCKER_STORAGE_PATH}/promtail/config.yml:/etc/promtail/config.yml"
    command: -config.file=/etc/promtail/config.yml
    depends_on:
      - loki
    networks:
      - loki
    profiles:
      - disabled
      - infra
    restart: unless-stopped

  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    user: "${PUID}"
    ports:
      - "${GRAFANA_EXTERNAL_PORT}:${GRAFANA_INTERNAL_PORT}"
    networks:
      - loki
    profiles:
      - disabled
      - infra
    restart: unless-stopped

  stash:
    image: stashapp/stash:latest
    container_name: stash
    ports:
      - "${STASH_EXTERNAL_PORT}:${STASH_INTERNAL_PORT}"
    ## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
    # network_mode: host
    logging:
      driver: "json-file"
      options:
        max-file: "10"
        max-size: "2m"
    environment:
      - STASH_STASH=/data/
      - STASH_GENERATED=/generated/
      - STASH_METADATA=/metadata/
      - STASH_CACHE=/cache/
      - STASH_PORT=${STASH_INTERNAL_PORT}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      ## Adjust below paths (the left part) to your liking.
      ## E.g. you can change ./config:/root/.stash to ./stash:/root/.stash

      ## Keep configs, scrapers, and plugins here.
      - "${DOCKER_STORAGE_PATH}/stash/config:/root/.stash"
      ## Point this at your collection.
      - "${STORAGE_PATH}/xxx:/data/"
      ## This is where your stash's metadata lives
      - "${DOCKER_STORAGE_PATH}/stash/metadata:/metadata"
      ## Any other cache content.
      - "${DOCKER_STORAGE_PATH}/stash/cache:/cache"
      ## Where to store generated content (screenshots,previews,transcodes,sprites)
      - "${DOCKER_STORAGE_PATH}/stash/generated:/generated"
      ## Where to store binary blob data (scene covers, images)
      - "${DOCKER_STORAGE_PATH}/stash/blobs:/blobs"
    networks:
      - public
    profiles:
      - base
    restart: unless-stopped

  navidrome:
    image: deluan/navidrome
    container_name: navidrome
    ports:
      - "${NAVIDROME_EXTERNAL_PORT}:${NAVIDROME_INTERNAL_PORT}"
    env_file:
      - navidrome.env
    user: "${PUID}:${PGID}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/navidrome:/data"
      - "${STORAGE_PATH}/media/music2:/music"
    networks:
      - public
    profiles:
      - base
    restart: unless-stopped

  maloja:
    image: krateng/maloja
    container_name: maloja
    ports:
      - "${MALOJA_EXTERNAL_PORT}:${MALOJA_INTERNAL_PORT}"
    env_file:
      - maloja.env
    user: "${PUID}:${PGID}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/maloja:/data"
    networks:
      - public
    profiles:
      - base
    restart: unless-stopped

  redis:
    container_name: redis
    image: docker.io/library/redis:7
    networks:
      - redis
    restart: unless-stopped
    volumes:
      - "${DOCKER_STORAGE_PATH}/redis:/data"

  paperless-ngx:
    container_name: paperless-ngx
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    depends_on:
      - redis
      - gotenberg
      - tika
    ports:
      - "${PAPERLESS_EXTERNAL_PORT}:${PAPERLESS_INTERNAL_PORT}"
    networks:
      - public
      - redis
      - tika
      - gotenberg
    profiles:
      - base
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "-fs",
          "-S",
          "--max-time",
          "2",
          "http://localhost:8000"
        ]
      interval: 30s
      timeout: 10s
      retries: 5
    volumes:
      - "${DOCKER_STORAGE_PATH}/paperless-ngx/data:/usr/src/paperless/data"
      - "${DOCKER_STORAGE_PATH}/paperless-ngx/media:/usr/src/paperless/media"
      - "${DOCKER_STORAGE_PATH}/paperless-ngx/export:/usr/src/paperless/export"
      - "${DOCKER_STORAGE_PATH}/paperless-ngx/consume:/usr/src/paperless/consume"
    env_file: paperless-ngx.env
    environment:
      PAPERLESS_REDIS: redis://redis:6379
      PAPERLESS_TIKA_ENABLED: 1
      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
      PAPERLESS_TIKA_ENDPOINT: http://tika:9998

  gotenberg:
    image: docker.io/gotenberg/gotenberg:7.6
    restart: unless-stopped
    networks:
      - gotenberg
    # The gotenberg chromium route is used to convert .eml files. We do not
    # want to allow external content like tracking pixels or even javascript.
    profiles:
      - base
    command:
      - "gotenberg"
      - "--chromium-disable-javascript=true"
      - "--chromium-allow-list=file:///tmp/.*"

  tika:
    image: ghcr.io/paperless-ngx/tika:latest
    networks:
      - tika
    profiles:
      - base
    restart: unless-stopped

  homer:
    image: b4bz/homer
    container_name: homer
    ports:
      - "${HOMER_EXTERNAL_PORT}:${HOMER_INTERNAL_PORT}"
    networks:
      - public
    profiles:
      - base
    volumes:
      - "${DOCKER_STORAGE_PATH}/homer:/www/assets"
    environment:
      UID: ${PUID}
      GID: ${PGID}
    restart: unless-stopped

  syncthing:
    image: lscr.io/linuxserver/syncthing:latest
    container_name: syncthing
    volumes:
      - "${DOCKER_STORAGE_PATH}/syncthing:/config"
      - "${STORAGE_PATH}/docker-storage/syncthing:/general"
    ports:
      - "${SYNCTHING_EXTERNAL_PORT1}:${SYNCTHING_INTERNAL_PORT1}"
      - "${SYNCTHING_EXTERNAL_PORT2}:${SYNCTHING_INTERNAL_PORT2}"
      - "${SYNCTHING_EXTERNAL_PORT3}:${SYNCTHING_INTERNAL_PORT3}"
      - "${SYNCTHING_EXTERNAL_PORT4}:${SYNCTHING_INTERNAL_PORT4}"
    environment:
      - "PUID=${PUID}"
      - "PGID=${PGID}"
    restart: unless-stopped
    profiles:
      - base
    networks:
      - public

  mediawiki:
    container_name: mediawiki
    image: mediawiki
    networks:
      - public
    depends_on:
      - mariadb
    ports:
      - "${MEDIAWIKI_EXTERNAL_PORT}:${MEDIAWIKI_INTERNAL_PORT}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/mediawiki/images:/var/www/html/images"
      - "${DOCKER_STORAGE_PATH}/mediawiki/extensions:/var/www/html/extensions"
      - "${DOCKER_STORAGE_PATH}/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php"
    profiles:
      - base
    restart: unless-stopped

  npm:
    container_name: nginx-proxy-manager
    image: docker.io/jc21/nginx-proxy-manager:latest
    network_mode: host
    # doesn't need to be in the mariadb network because it uses host mode
    depends_on:
      - mariadb
    volumes:
      - "${DOCKER_STORAGE_PATH}/nginx-proxy-manager/data:/data"
      - "${DOCKER_STORAGE_PATH}/nginx-proxy-manager/letsencrypt:/etc/letsencrypt"
      - sockets:/var/run/mysqld
      - "${DOCKER_STORAGE_PATH}/nginx-proxy-manager/98-themepark:/etc/cont-init.d/99-themepark"
    environment:
      - DB_MYSQL_HOST=localhost
      - DB_MYSQL_NAME=npm
      - DB_MYSQL_PASSWORD=npm
      - "DB_MYSQL_PORT=${MARIADB_EXTERNAL_PORT}"
      - DB_MYSQL_USER=npm
    profiles:
      - infra
      - base
    restart: unless-stopped

  photoprism:
    container_name: photoprism
    image: docker.io/photoprism/photoprism
    networks:
      - mariadb
      - public
    ports:
      - "${PHOTOPRISM_EXTERNAL_PORT}:${PHOTOPRISM_INTERNAL_PORT}"
    depends_on:
      - mariadb
    env_file:
      - photoprism.env
    volumes:
      - "${PHOTOS_STORAGE_PATH}/import:/photoprism/import"
      - "${PHOTOS_STORAGE_PATH}/originals:/photoprism/originals"
      - "${PHOTOS_STORAGE_PATH}/storage:/photoprism/storage"
    profiles:
      - base
    restart: unless-stopped

  mariadb:
    container_name: mariadb
    image: linuxserver/mariadb
    networks:
      - mariadb
      - public
    ports:
      - "${MARIADB_EXTERNAL_PORT}:${MARIADB_INTERNAL_PORT}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/mariadb:/config"
      - sockets:/run/mysqld/
    restart: unless-stopped
    profiles:
      - infra
      - base

  sonarr_tv:
    container_name: sonarr_tv_standard
    image: linuxserver/sonarr:develop
    networks:
      - public
    ports:
      - "${SONARR_TV_STANDARD_EXTERNAL_PORT}:${SONARR_INTERNAL_PORT}"
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - "${DOCKER_STORAGE_PATH}/sonarr:/config"
      - "${TV_PATH}:/tv"
      - "${ANIME_PATH}:/anime"
      - "${NZB_DOWNLOADS_PATH}:/downloads"
      - "${TORRENTS_SEED_PATH}:/seed"
      - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete"
    restart: unless-stopped
    profiles:
      - base
      - media

  sonarr_anime:
    container_name: sonarr_anime
    image: linuxserver/sonarr:develop
    networks:
      - public
    ports:
      - "${SONARR_ANIME_EXTERNAL_PORT}:${SONARR_INTERNAL_PORT}"
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - "${DOCKER_STORAGE_PATH}/sonarr_anime:/config"
      - "${ANIME_PATH}:/anime"
      - "${NZB_DOWNLOADS_PATH}:/downloads"
      - "${TORRENTS_SEED_PATH}:/seed"
      - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete"
    restart: unless-stopped
    profiles:
      - base
      - media

  baserow:
    container_name: baserow
    image: baserow/baserow:latest
    networks:
      - public
      - postgres
    depends_on:
      - postgres
    ports:
      - "${BASEROW_EXTERNAL_PORT}:${BASEROW_INTERNAL_PORT}"
    env_file:
      - baserow.env
    volumes:
      - "${DOCKER_STORAGE_PATH}/baserow:/baserow/data"
    restart: unless-stopped
    profiles:
      - disabled

  postgres:
    container_name: postgres
    image: postgres:latest
    networks:
      - postgres
    ports:
      - "${BASEROW_EXTERNAL_PORT}:${BASEROW_INTERNAL_PORT}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/postgres:/var/lib/postgresql/data"
    restart: unless-stopped
    profiles:
      - base
      - infra

  gitea:
    container_name: gitea
    image: ${REGISTRY_URL}/gitea:latest
    networks:
      - public
      - postgres
    depends_on:
      - postgres
    ports:
      - "${GITEA_WEBUI_EXTERNAL_PORT}:${GITEA_WEBUI_INTERNAL_PORT}"
      - "${GITEA_SSH_EXTERNAL_PORT}:${GITEA_SSH_INTERNAL_PORT}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/gitea:/data"
    restart: unless-stopped

  gitearunner:
    container_name: gitearunner
    image: gitea/act_runner
    depends_on:
      - gitea
    volumes:
      - "${DOCKER_STORAGE_PATH}/gitearunner/config:/config"
      - "${DOCKER_STORAGE_PATH}/gitearunner/data:/data"
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - GITEA_INSTANCE_URL=https://git.${DOMAIN}
      - CONFIG_FILE=/config/config.yaml
      # When using Docker Secrets, it's also possible to use
      # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
      # The env var takes precedence
      - GITEA_RUNNER_REGISTRATION_TOKEN=92U7bIiADtqkILwjjj9rffjz8vyNp0zo7uaOgrIG
      - GITEA_RUNNER_LABELS="ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
      - GITEA_RUNNER_NAME="NAS_CONTAINER"
    profiles:
      - base
      - infrastructure
    restart: unless-stopped

  linkace:
    image: linkace/linkace:simple
    container_name: linkace
    networks:
      - public
      - mariadb
      - redis
    depends_on:
      - mariadb
      - redis
    environment:
      # these env variables are instead of .env file
      # see https://www.linkace.org/docs/v1/setup/setup-with-docker/advanced-configuration/#using-docker-environment-variables-instead-of-the-env-file
      - APP_KEY=base64:X6XDR+dfqn5PM9QdmmxJoOECSsldWhkfnyi6yvohgNM=
      - DB_HOST=${MYSQL_HOST}
      - DB_DATABASE=${LINKACE_DB}
      - DB_USERNAME=${LINKACE_DB_USERNAME}
      - DB_PASSWORD=${LINKACE_DB_PASSWORD}
      - REDIS_HOST=redis
    ports:
      - "${LINKACE_EXTERNAL_PORT}:${LINKACE_INTERNAL_PORT}"
    volumes:
      - ${DOCKER_STORAGE_PATH}/linkace/backups:/app/storage/app/backups
      - ${DOCKER_STORAGE_PATH}/linkace/logs:/app/storage/logs
    restart: unless-stopped
    profiles:
      - base

  traefik:
    image: "traefik:latest"
    container_name: traefik
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --certificatesresolvers.myresolver.acme.email=lukas@kucharczyk.xyz
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.myresolver.acme.dnsChallenge=true
      - --certificatesresolvers.myresolver.acme.dnsChallenge.provider=ovh
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - --configFile=/etc/traefik/traefik.toml
    environment:
      - "OVH_ENDPOINT=ovh-eu"
      - "OVH_APPLICATION_KEY=f7255cb22f72787c"
      - "OVH_APPLICATION_SECRET=3a040d8113a213b9613b3877ce4352ad"
      - "OVH_CONSUMER_KEY=a0a9e8004bb6fe251654cc744c55d239"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${DOCKER_STORAGE_PATH}/traefik/acme.json:/letsencrypt/acme.json
      - ${DOCKER_STORAGE_PATH}/traefik/traefik.toml:/etc/traefik/traefik.toml
    networks:
      - public

  # ghost:
  #   image: "ghost:latest"
  #   container_name: ghost
  #   environment:
  #     - url=http://blog.kucharczyk.xyz
  #   labels:
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.ghost.rule=Host(`blog.kucharczyk.xyz`)"
  #     - "traefik.http.routers.ghost.entrypoints=https"
  #     - "traefik.http.routers.ghost.tls.certresolver=myresolver"
  #   volumes:
  #     - ${DOCKER_STORAGE_PATH}/ghost/content:/var/lib/ghost/content
  #   networks:
  #     - public

  whoami:
    image: traefik/whoami
    container_name: simple-service
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.kucharczyk.xyz`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
      

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    networks:
      - public
    ports:
      - "${VAULTWARDEN_EXTERNAL_PORT}:${VAULTWARDEN_INTERNAL_PORT}"
    environment:
            #- PUSH_ENABLED=true
            #- PUSH_INSTALLATION='287eaff9-7be7-4b52-a31d-b09100dc0f5c'
            #- PUSH_INSTALLATION_KEY='n0xrH7YORuvJk8rqvxB5'
       - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$aWJ2cVRvYUsySkM3M01TMTJJMnZqbUF0Wm1qRWhvd1B6Sk50Q1hwck96dz0$$FKjZ36E54pX2e0AE9OaDpiH43TyAyfVwr3IvracbqEA
    volumes:
      - ${DOCKER_STORAGE_PATH}/vaultwarden:/data
    restart: unless-stopped
    profiles:
      - base
      - infra
        

networks:
  loki:
  caddy:
    attachable: true
    internal: true
  redis:
    internal: true
  tika:
    internal: true
  gotenberg:
    internal: true
  public:
    attachable: true
  postgres:
    external: true
  mariadb:
    attachable: true

volumes:
  timetracker-static:
  sockets: