services:
  # ==========================
  # Vaultwarden (Password manager)
  # ==========================
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    volumes:
      - ./services/vaultwarden:/data
    environment:
      DOMAIN: "https://${VAULT_DOMAIN}"

  # ==========================
  # 2FAuth (2FA manager)
  # ==========================
  2fauth:
    image: 2fauth/2fauth:latest
    container_name: 2fauth
    restart: always
    volumes:
      - ./services/2fauth:/data
    environment:
      APP_NAME: 2FAuth
      APP_ENV: production
      APP_DEBUG: false
      APP_TIMEZONE: UTC
      SITE_OWNER: ${EMAIL}      
      APP_KEY:  ${APP_KEY}
      APP_URL: "https://${AUTH_DOMAIN}"
      ASSET_URL: "https://${AUTH_DOMAIN}"
      TRUSTED_PROXIES: '*'
      LOG_CHANNEL: daily
      LOG_LEVEL: notice

  # ==========================
  # Filebrowser (Cloud file manager)
  # ==========================
  filebrowser:
    image: filebrowser/filebrowser:latest
    container_name: filebrowser
    restart: always
    volumes:
      - ./services/filebrowser/srv:/srv
      - ./services/filebrowser/database:/database
      - ./services/filebrowser/config:/config
    user: "1000:1000"

  # ==========================
  # Caddy (Reverse proxy)
  # ==========================
  caddy:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - ./caddy:/usr/bin/caddy 
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
    environment:
      VAULT_DOMAIN: ${VAULT_DOMAIN}
      AUTH_DOMAIN: ${AUTH_DOMAIN}
      STORAGE_DOMAIN: ${STORAGE_DOMAIN}
      EMAIL: ${EMAIL}
      DUCKDNS_TOKEN: ${DUCKDNS_TOKEN}
      LOG_FILE: /data/access.log

  # ==========================
  # Portainer (Docker manager)
  # ==========================
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: always
    ports:
      - 9443:9443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./services/portainer:/data

  # ==========================
  # Uptime Kuma (uptime monitor)
  # ==========================
  uptimekuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    restart: always
    ports:
      - 3001:3001
    volumes:
      - ./services/uptimekuma:/app/data

  # ==========================
  # Dozzle (live logs viewer)
  # ==========================
  dozzle:
    image: amir20/dozzle:latest
    container_name: dozzle
    restart: always
    ports:
      - 9999:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  # ==========================
  # Netdata (system monitoring)
  # ==========================
  netdata:
    image: netdata/netdata:latest
    container_name: netdata
    restart: always
    ports:
      - 19999:19999
    cap_add:
      - SYS_PTRACE
    security_opt:
      - apparmor:unconfined
    volumes:
      - ./services/netdata/config:/etc/netdata
      - ./services/netdata/lib:/var/lib/netdata
      - ./services/netdata/cache:/var/cache/netdata
      - /var/run/docker.sock:/var/run/docker.sock
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro

networks:
  default:
    driver: bridge