include:
  - ./karakeep-compose.yaml
  - ./jellyfin-compose.yaml
  - ./immich-compose.yaml
  - ./matrix-compose.yaml
secrets:
  JWT_SECRET:
    file: '/data/authelia/secrets/JWT_SECRET'
  SESSION_SECRET:
    file: '/data/authelia/secrets/SESSION_SECRET'
  STORAGE_PASSWORD:
    file: '/data/authelia/secrets/STORAGE_PASSWORD'
  STORAGE_ENCRYPTION_KEY:
    file: '/data/authelia/secrets/STORAGE_ENCRYPTION_KEY'
volumes:
  meilisearch:
  karakeep:
  bitwarden:
  immich-model-cache:
  nginx:
networks:
  karakeep:
    external: false
    enable_ipv6: true
  karakeep-int:
    external: false
    enable_ipv6: true
  ollama:
    external: false
    enable_ipv6: true
  ollama-int:
    external: false
    enable_ipv6: true
  jellyfin:
    external: false
    enable_ipv6: true
  jellyfin-int:
    external: false
    enable_ipv6: true
  auth:
    external: false
    enable_ipv6: true
  gitea:
    external: false
    enable_ipv6: true
  gpodder:
    external: false
    enable_ipv6: true
  memos:
    external: false
    enable_ipv6: true
  mail:
    external: false
    enable_ipv6: true
  bitwarden:
    external: false
    enable_ipv6: true
  immich:
    external: false
    enable_ipv6: true
  matrix:
    external: false
    enable_ipv6: true
services:
  web:
    build:
      dockerfile: ./nginx-dockerfile
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./nginx:/etc/nginx:ro
      - /data/site:/data/site:ro
      - nginx:/var/cache/nginx/
    networks:
      - karakeep
      - ollama
      - jellyfin
      - jellyfin-int
      - auth
      - gitea
      - gpodder
      - memos
      - bitwarden
      - matrix
      - immich
    depends_on:
      - jellyfin
      - ollama-webui
      - karakeep-web
      - authelia
      - qbittorrent
      - gitea
      - gpodder
      - memos
      - matrix-server
    logging: &logging
      options:
        max-size: "50m"
      # Optional - extra fonts to be used during transcoding with subtitle burn-in
      # - type: bind
      #   source: /usr/local/share/fonts/cu
      #   target: /usr/local/share/fonts/custom
      #   read_only: true
  authelia:
    image: 'docker.io/authelia/authelia:latest'
    command:
      - 'authelia'
      - '--config=/config/configuration.yml'
      - '--config=/data/configuration.yml'
    restart: 'unless-stopped'
    secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_PASSWORD', 'STORAGE_ENCRYPTION_KEY']
    networks:
      - auth
      - mail
    environment:
      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET'
      AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET'
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION_KEY'
    volumes:
      - './authelia/:/config:ro'
      - '/data/authelia/:/data'
    logging: *logging
  minecraft:
    image: itzg/minecraft-server:latest
    tty: true
    stdin_open: true
    restart: unless-stopped
    ports:
      - "25565:25565"
      - "24454:24454/udp"
    environment:
      EULA: "TRUE"
      TYPE: "FABRIC"
      MEMORY: "4G"
      MOTD: "Loading server..."
      VERSION: "1.21.11"
      # LEVEL: "world"
      LEVEL: "house"
      SEED: "881949285698121329"
      # USE_MEOWICE_FLAGS: "true"
      DIFFICULTY: "normal"
      MODE: "survival"
      OPS: |-
        187eca31-2e33-4199-97e0-2286bf35f7f8
      ENABLE_WHITELIST: "true"
      WHITELIST: |-
        187eca31-2e33-4199-97e0-2286bf35f7f8
      PAUSE_WHEN_EMPTY_SECONDS: "20"
      ENABLE_ROLLING_LOGS: "true"
      REMOVE_OLD_MODS: "TRUE"
    logging: *logging
    volumes:
      - "/data/minecraft/data:/data"
      - "/data/minecraft/mods:/mods"
      - "/data/minecraft/plugins:/plugins"
      - "/data/minecraft/config:/config"
  gitea:
    image: docker.gitea.com/gitea:1.24
    environment:
      - USER_UID=106
      - USER_GID=110
      - ENABLE_NOTIFY_MAIL=true
      # - 
    restart: unless-stopped
    networks:
      - gitea
      - mail
    volumes:
      - /data/gitea/data:/data
      - /home/git/.ssh/:/data/git/.ssh
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "222:22"
    logging: *logging
    depends_on:
      - authelia
  gitea-runner:
    image: docker.gitea.com/act_runner:latest
    restart: unless-stopped
    networks:
      - gitea
    environment:
      - CONFIG_FILE=/config.yaml
      - GITEA_INSTANCE_URL=https://gitea.loadingm.xyz/
      - GITEA_RUNNER_REGISTRATION_TOKEN=i04H1aJxHByflAjVneA0G5CmPl1ntQDtGDeZCBnM
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /data/gitea/runner/:/data
      - ./gitea-runner.yaml:/config.yaml
    logging: *logging
    depends_on:
      - gitea
  gpodder:
    image: gitea.loadingm.xyz/the10thwiz/gpodder-rs:latest
    restart: unless-stopped
    environment:
      - ROCKET_SECRET_KEY=${GPODDER_SECRET_KEY}
    networks:
      - gpodder
    volumes:
      - /data/gpodder:/data
    logging: *logging
  tftp:
    image: kaczmar2/tftp-server
    restart: unless-stopped
    environment:
      - ENABLE_WEB_SERVER=false
    network_mode: host
    volumes:
      - /data/tftp:/srv/tftp:ro
      - /etc/localtime:/etc/localtime:ro
    logging: *logging
  memos:
    image: neosmemo/memos:stable
    networks:
      - memos
    volumes:
      - /data/memos:/var/opt/memos
    environment:
      - MEMOS_MODE=prod
      - MEMOS_PORT=5230
    restart: unless-stopped
    logging: *logging
  mail:
    image: boky/postfix
    restart: unless-stopped
    logging: *logging
    environment:
      - ALLOWED_SENDER_DOMAINS=loadingm.xyz
      # - POSTFIX_myhostname=mail
      - POSTFIX_myhostname=loadingm.xyz
      - POSTFIX_mydestination=loadingm.xyz,loading-hpdl380g10.loadingm.xyz
      - MASQUERADED_DOMAINS=loadingm.xyz,loading-hpdl380g10.loadingm.xyz
      - SMTPD_SASL_USERS="a:123,b:123"
    volumes:
      - /data/mail:/etc/opendkim/keys
    networks:
      - mail
    ports:
      - 127.0.0.1:25:25
  # mail:
  #   image: ghcr.io/docker-mailserver/docker-mailserver:latest
  #   container_name: mailserver
  #   # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
  #   hostname: mail.loadingm.xyz
  #   env_file: mailserver.env
  #   # More information about the mail-server ports:
  #   # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
  #   ports:
  #     - "25:25"    # SMTP  (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
  #     - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
  #     - "465:465"  # ESMTP (implicit TLS)
  #     - "587:587"  # ESMTP (explicit TLS => STARTTLS)
  #     - "993:993"  # IMAP4 (implicit TLS)
  #   volumes:
  #     - /data/dms/mail-data/:/var/mail/
  #     - /data/dms/mail-state/:/var/mail-state/
  #     - /data/dms/mail-logs/:/var/log/mail/
  #     - /data/dms/config/:/tmp/docker-mailserver/
  #     - /etc/localtime:/etc/localtime:ro
  #   restart: always
  #   stop_grace_period: 1m
  #   # Uncomment if using `ENABLE_FAIL2BAN=1`:
  #   # cap_add:
  #   #   - NET_ADMIN
  #   healthcheck:
  #     test: "ss --listening --ipv4 --tcp | grep --silent ':smtp' || exit 1"
  #     timeout: 3s
  #     retries: 0
  bitwarden:
    # env_file:
    #   - bitwarden.env
    environment:
      DOMAIN: "https://bitwarden.loadingm.xyz"
      SMTP_HOST: mail
      SMTP_FROM: bitwarden@loadingm.xyz
      SMTP_SECURITY: off
      SIGNUPS_ALLOWED: false
      # ADMIN_TOKEN: "google straining barracuda prescribe augmented bucket"
    networks:
      - bitwarden
      - mail
    image: vaultwarden/server:latest
    restart: always
    volumes:
      - /data/bitwarden:/data
  # calibre:
  #   image: "linuxserver/calibre-web"
  # 5d-diplomacy-frontend:
  #   image: ""
  # 5d-diplomacy-backend:
  #   image: ""