services:
  # ==========================
  # Vaultwarden (Password manager)
  # ==========================
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    volumes:
      - ./services/vaultwarden:/data
    environment:
      DOMAIN: "https://vault.example.com" # Change to yours

  # ==========================
  # 2FAuth (2FA manager)
  # ==========================
  2fauth:
    image: 2fauth/2fauth:latest
    container_name: 2fauth
    restart: always
    volumes:
      - ./services/2fauth:/data
    environment:
      - APP_NAME=2FAuth
      - APP_ENV=production
      - APP_DEBUG=false
      - APP_TIMEZONE=Europe/Helsinki
      - SITE_OWNER=admin@example.com # Change to yours
      - APP_KEY=SomeRandomStringOf32CharsExactly # Change to yours
      - APP_URL=https://auth.example.com # Change to yours
      - ASSET_URL=https://auth.example.com # Change to yours
      - TRUSTED_PROXIES=*
      - LOG_CHANNEL=daily
      - LOG_LEVEL=notice
    networks:
      - default

  # ==========================
  # Nextcloud (Personal cloud / NAS)
  # ==========================
  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud
    restart: always
    volumes:
      - ./services/nextcloud:/var/www/html
    environment:
      - NEXTCLOUD_ADMIN_USER=admin         # Change to yours
      - NEXTCLOUD_ADMIN_PASSWORD=changeme  # Change to a strong password
    networks:
      - default

  # ==========================
  # Caddy (Reverse proxy)
  # ==========================
  caddy:
    image: caddy:2
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - ./caddy:/usr/bin/caddy 
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
    environment:
      # For Caddy: hostnames only, no https://
      VAULT_DOMAIN: "vault.example.com" # Change to yours
      AUTH_DOMAIN:  "auth.example.com" # Change to yours
      STORAGE_DOMAIN: "storage.example.com" # Change to yours
      EMAIL: "admin@example.com" # Change to yours
      DUCKDNS_TOKEN: "TOKEN" # Change to yours
      LOG_FILE: "/data/access.log"

  # ==========================
  # Portainer (Docker manager)
  # ==========================
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: always
    ports:
      - 9443:9443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./services/portainer:/data

  # ==========================
  # Uptime Kuma (uptime monitor)
  # ==========================
  uptimekuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    restart: always
    ports:
      - 3001:3001
    volumes:
      - ./services/uptimekuma:/app/data

  # ==========================
  # Dozzle (live logs viewer)
  # ==========================
  dozzle:
    image: amir20/dozzle:latest
    container_name: dozzle
    restart: always
    ports:
      - 9999:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  # ==========================
  # Netdata (system monitoring)
  # ==========================
  netdata:
    image: netdata/netdata:latest
    container_name: netdata
    restart: always
    ports:
      - 19999:19999
    cap_add:
      - SYS_PTRACE
    security_opt:
      - apparmor:unconfined
    volumes:
      - ./services/netdata/config:/etc/netdata
      - ./services/netdata/lib:/var/lib/netdata
      - ./services/netdata/cache:/var/cache/netdata
      - /var/run/docker.sock:/var/run/docker.sock
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro

networks:
  default:
    driver: bridge