networks:
  authelia:
    name: authelia
  reverse-proxy:
    name: reverse-proxy
    external: true
  # caddy:
  #   name: caddy
  #   external: true
  # caddy_controller:
  #   name: caddy_controller
  #   external: true

services:
  authelia:
    container_name: authelia
    image: authelia/authelia:latest
    restart: unless-stopped
    depends_on:
      - postgres
      - redis
    volumes:
      - ./config:/config
    networks:
      # - caddy
      - authelia
      - reverse-proxy
    expose:
      - 9091
    environment:
      AUTHELIA_JWT_SECRET_FILE: /config/secrets/JWT_SECRET
      AUTHELIA_SESSION_SECRET_FILE: /config/secrets/SESSION_SECRET
      AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /config/secrets/SMTP_PASSWORD
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /config/secrets/STORAGE_ENCRYPTION_KEY
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /config/secrets/STORAGE_PASSWORD
      AUTHELIA_SESSION_REDIS_PASSWORD_FILE: /config/secrets/REDIS_PASSWORD
    labels:
      caddy_9091: auth.akanealw.com
      caddy_9091.reverse_proxy: "{{upstreams 9091}}"

  postgres:
    container_name: postgres
    image: postgres:15
    restart: unless-stopped
    volumes:
      - ./postgres:/var/lib/postgresql/data
    networks:
      - authelia
    environment:
      POSTGRES_USER: "authelia"
      POSTGRES_PASSWORD: "8RXS4KPhejCw7OaqrtOhdgaUN4k9rPOcK4sUDBvIQ6q8BDNFWo4l47RXtY7Itkic"

  redis:
    container_name: redis
    image: redis:7
    networks:
      - authelia
    restart: unless-stopped
    command: "redis-server --save 60 1 --loglevel warning --requirepass t7SxQuf48cUu1XLBNKLbWGBJzEUSMnaWMd9a1QRqoXyhajcPQObfX0so9M2Mklxn"
    volumes:
      - ./redis:/data

  caddy:
    container_name: caddy
    build: .
    restart: always
    # environment:
      # - CADDY_INGRESS_NETWORKS=caddy
      # - CADDY_DOCKER_MODE=controller
      # - CADDY_CONTROLLER_NETWORK=10.0.2.0/24
    volumes:
      # - /var/run/docker.sock:/var/run/docker.sock:ro
      # - ./caddydata:/data/caddy
      # - ./caddyconfig:/config/caddy
      - ./data:/data
      - ./Caddyfile:/etc/caddy/Caddyfile
    networks:
      - reverse-proxy
      # - caddy
      # - caddy_controller
    ports:
      - 80:80
      - 443:443
    # extra_hosts:
    #   - host.docker.internal:host-gateway

  # caddy-config:
  #   container_name: caddy-config
  #   image: traefik/whoami:latest
  #   networks:
  #     - caddy
  #   restart: always
  #   labels:
  #   #############################################
  #   # Settings and snippets to get things working
  #   # You shouldn't need to modify this normally
  #   # Custom settings and definitions are below
  #   #############################################

  #     #### Global Settings ####
  #     caddy_0.email: akanealw@gmail.com
  #     caddy_0.auto_https: prefer_wildcard

  #     #### Snippets ####
  #     # Get wildcard certificate
  #     caddy_1: (wildcard)
  #     caddy_1.tls.dns: "cloudflare cAPH9-QQPzljKAEMurHpRbJ2sS5DqPO1iWIuW8fq"
  #     caddy_1.tls.resolvers: 1.1.1.1 1.0.0.1
  #     caddy_1.handle.abort: ""

  #     # Secure a site with Authelia
  #     caddy_2: (auth)
  #     caddy_2.forward_auth: "authelia:9091"
  #     caddy_2.forward_auth.uri: /api/verify?rd=https://auth.akanealw.com
  #     caddy_2.forward_auth.copy_headers : Remote-User Remote-Groups Remote-Name Remote-Email

  #     # Skip TLS verify for backend with self-signed HTTPS
  #     caddy_3: (https)
  #     caddy_3.transport: http
  #     caddy_3.transport.tls: ""
  #     caddy_3.transport.tls_insecure_skip_verify: ""

  #   ###########################################
  #   # Custom settings. Modify things below :
  #   # Make sure they have unique label numbers
  #   ###########################################

  #     # Custom global settings, add/edit as needed
  #     # caddy_0.log: default
  #     # caddy_0.log.format: console

  #     # Uncomment this during testing to avoid hitting rate limit.
  #     # It will try to obtain SSL from Let's Encrypt's staging endpoint.
  #     acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" #  Staging

  #     caddy_3005: akanealw.com
  #     caddy_3005.reverse_proxy: 192.168.1.30:3005
  #     caddy_3005.import: auth

  #     ## Setup wildcard sites
  #     caddy_10: "*.akanealw.com"
  #     caddy_10.import: wildcard

  #     ## Wildcard domains
  #     caddy_20: whoami.akanealw.com
  #     caddy_20.reverse_proxy: "{{upstreams 80}}"
  #     caddy_20.import: auth

  #     caddy_8089: bitwarden.akanealw.com
  #     caddy_8089.reverse_proxy: 192.168.1.4:8089

  #     caddy_3000: gitea.akanealw.com
  #     caddy_3000.reverse_proxy: 192.168.1.50:3000
      
  #     caddy_3001: gitea-docker.akanealw.com
  #     caddy_3001.reverse_proxy: 192.168.1.4:3001

  #     caddy_3232: linkwarden.akanealw.com
  #     caddy_3232.reverse_proxy: 192.168.1.4:3232

  #     caddy_30012: codeserver.akanealw.com
  #     caddy_30012.reverse_proxy: 192.168.1.50:3001
  #     caddy_30012.import: auth