version: '3'

services:
  archivebox:
    container_name: archivebox
    image: archivebox/archivebox:dev
    command: server --quick-init 0.0.0.0:8000
    environment:
      - ALLOWED_HOSTS=*
      - MEDIA_MAX_SIZE=750m
      - PUBLIC_ADD_VIEW=True
      - PUBLIC_INDEX=True
      - PUBLIC_SNAPSHOTS=False
      - SAVE_TITLE=True
      - SAVE_FAVICON=True
      - SAVE_WGET=False
      - SAVE_WARC=False
      - SAVE_PDF=True
      - SAVE_SCREENSHOT=True
      - SAVE_DOM=False
      - SAVE_SINGLEFILE=True
      - SAVE_READABILITY=True
      - SAVE_MERCURY=False
      - SAVE_GIT=False
      - SAVE_MEDIA=False
      - SAVE_ARCHIVE_DOT_ORG=False
    ports:
      - 8000:8000
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/archivebox/data:/data

  authelia:
    container_name: authelia
    image: authelia/authelia
    environment:
      - TZ=${TZ}
    ports:
      - 9091:9091
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/authelia/config:/config

  cronicle:
    container_name: cronicle
    hostname: cronicle
    image: bluet/cronicle-docker:latest
    environment:
     - TZ=${TZ}
     - CRONICLE_base_app_url=http://192.168.1.4
     - CRONICLE_master 1
    network_mode: "host"
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/.ssh:/root/.ssh
      - /home/akanealw/scripts/cronicle:/scripts
      - ${DOCKER_CONFIGS}/cronicle/data:/opt/cronicle/data
      - ${DOCKER_CONFIGS}/cronicle/logs:/opt/cronicle/logs
      - ${DOCKER_CONFIGS}/cronicle/plugins:/opt/cronicle/plugins
      - ${DOCKER_CONFIGS}/cronicle/workloads/app:/app
      - ${DOCKER_CONFIGS}/cronicle/data/config.json:/opt/cronicle/conf/config.json

  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec
    environment:
      - COLLECTIONS=crowdsecurity/sshd crowdsecurity/nginx crowdsecurity/nginx-proxy-manager
      - BOUNCER_KEY_OPENWRT=e5eafa00ff6db5164b12426c6cfb6b62
    ports:
      - 8280:8080
      - 6260:6060
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/crowdsec/config:/etc/crowdsec
      - ${DOCKER_CONFIGS}/crowdsec/config/acquis.d:/etc/crowdsec/acquis.d
      - ${DOCKER_CONFIGS}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ${DOCKER_CONFIGS}/crowdsec/data:/var/lib/crowdsec/data
      - ${DOCKER_CONFIGS}/nginxproxymanager/data/logs:/logs/nginx:ro
      - /var/log/auth.log:/logs/auth.log:ro
      - /var/log/syslog:/logs/syslog:ro

  nginxproxymanager:
    container_name: nginxproxymanager
    image: jc21/nginx-proxy-manager:2.10.4
    environment:
      - X_FRAME_OPTIONS=sameorigin
      - DB_SQLITE_FILE=/data/database.sqlite
    ports:
      - 443:443/tcp
      - 80:80/tcp
      - 81:81/tcp
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/nginxproxymanager/data:/data
      - ${DOCKER_CONFIGS}/nginxproxymanager/letsencrypt:/etc/letsencrypt
      - ${DOCKER_CONFIGS}/nginxproxymanager/snippets:/snippets:ro
      - /etc/localtime:/etc/localtime:ro

  orbital-sync:
    container_name: orbital-sync
    image: mattwebbio/orbital-sync:1
    environment:
      - PRIMARY_HOST_BASE_URL=http://192.168.1.2:80
      - PRIMARY_HOST_PASSWORD=${WEBPASSWORD}
      - SECONDARY_HOST_1_BASE_URL=http://192.168.1.3:80
      - SECONDARY_HOST_1_PASSWORD=${WEBPASSWORD}
      - SECONDARY_HOST_2_BASE_URL=http://192.168.1.4:8180
      - SECONDARY_HOST_2_PASSWORD=${WEBPASSWORD}
      - INTERVAL_MINUTES=30
    restart: always

  owncloud:
    container_name: owncloud
    image: owncloud/server:latest
    environment:
      - OWNCLOUD_DOMAIN=${OWNCLOUD_DOMAIN}
      - OWNCLOUD_TRUSTED_DOMAINS=${OWNCLOUD_TRUSTED_DOMAINS}
      - OWNCLOUD_DB_TYPE=mysql
      - OWNCLOUD_DB_NAME=owncloud
      - OWNCLOUD_DB_USERNAME=owncloud
      - OWNCLOUD_DB_PASSWORD=owncloud
      - OWNCLOUD_DB_HOST=owncloud-mariadb
      - OWNCLOUD_ADMIN_USERNAME=${ADMIN_USERNAME}
      - OWNCLOUD_ADMIN_PASSWORD=${ADMIN_PASSWORD}
      - OWNCLOUD_MYSQL_UTF8MB4=true
      - OWNCLOUD_REDIS_ENABLED=true
      - OWNCLOUD_REDIS_HOST=owncloud-redis
    healthcheck:
      test: ["CMD", "/usr/bin/healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 5
    depends_on:
      - owncloud-mariadb
      - owncloud-redis
    ports:
      - 8092:8080
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/owncloud/files:/mnt/data

  owncloud-mariadb:
    container_name: owncloud-mariadb
    image: mariadb:10.6
    environment:
      - MYSQL_ROOT_PASSWORD=owncloud
      - MYSQL_USER=owncloud
      - MYSQL_PASSWORD=owncloud
      - MYSQL_DATABASE=owncloud
    command: ["--max-allowed-packet=128M", "--innodb-log-file-size=64M"]
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/owncloud/mariadb/mysql:/var/lib/mysql

  owncloud-redis:
    container_name: owncloud-redis
    image: redis:6
    command: ["--databases", "1"]
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/owncloud/redis:/data

  pihole:
    container_name: pihole
    image: cbcrowe/pihole-unbound:latest
    hostname: ${HOSTNAME}
    domainname: ${DOMAIN_NAME}
    environment:
      - FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - WEBTHEME=${WEBTHEME:-default-dark}
      - REV_SERVER=${REV_SERVER:-false}
      - REV_SERVER_TARGET=${REV_SERVER_TARGET}
      - REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
      - REV_SERVER_CIDR=${REV_SERVER_CIDR}
      - PIHOLE_DNS_=127.0.0.1#5335
      - DNSSEC="true"
      - DNSMASQ_LISTENING=single
    ports:
      - 53:53
      - 53:53/udp
      - 8180:80
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/pihole/unbound:/etc/pihole:rw
      - ${DOCKER_CONFIGS}/pihole/dnsmasq-unbound:/etc/dnsmasq.d:rw

  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    environment:
      - TZ=${TZ}
      - ADMIN_TOKEN=h/oRssGu83I1E1WQGiSchYMAJnM0JcDXmjeI/A3QgMCasn/IK9zZldH5FXim0rSi
      - DATABASE_URL=data/db.sqlite3
      - DISABLE_ADMIN_TOKEN=false
      - DOMAIN=https://bitwarden.akanealw.com
      - ENABLE_DB_WAL=true
      - INVITATIONS_ALLOWED=false
      - SHOW_PASSWORD_HINT=false
      - SIGNUPS_ALLOWED=false
      - SIGNUPS_VERIFY=false
      - SMTP_PORT=587
      - SMTP_SSL=true
    ports:
      - 8089:80
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/vaultwarden:/data
      - /etc/localtime:/etc/localtime:ro

  vaultwarden-backup:
    container_name: vaultwarden-backup
    image: bruceforce/vaultwarden-backup
    environment:
      - BACKUP_DIR=/data/backups
      - CRON_TIME=15 * * * *
      - TIMESTAMP=true
      - UID=${PUID}
      - GID=${PGID}
    depends_on:
      - vaultwarden
    init: true
    restart: always
    volumes:
      - /home/akanealw/docker/appdata/vaultwarden:/data
      - /home/akanealw/backups/vaultwardenbackups:/data/backups

  wg-easy:
    container_name: wg-easy      
    image: weejewel/wg-easy
    environment:
      - WG_HOST=${WG_HOST}
      - PASSWORD=${WG_PASSWORD}
      - WG_DEFAULT_DNS=10.8.0.6
      - WG_PORT=51830
      - WG_PERSISTENT_KEEPALIVE=25
      - WG_DEFAULT_ADDRESS=10.8.0.x
      - WG_MTU=1420
      - WG_ALLOWED_IPS=10.8.0.0/24
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      - 51830:51820/udp
      - 51831:51821
    restart: always
    volumes:
      - ${DOCKER_CONFIGS}/wireguard:/etc/wireguard

networks:
  proxy: