version: '3'

services:
  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec
    environment:
      - COLLECTIONS=crowdsecurity/apache2 crowdsecurity/sshd crowdsecurity/nginx
      - BOUNCER_KEY_OPENWRT=eiChaiShuoFahtoj5ruov5ai
    ports:
      - 8280:8080
      - 6260:6060
    volumes:
      - ${DOCKERCONFIGS}/crowdsec/config:/etc/crowdsec
      - ${DOCKERCONFIGS}/crowdsec/config/acquis.d:/etc/crowdsec/acquis.d
      - ${DOCKERCONFIGS}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ${DOCKERCONFIGS}/crowdsec/data:/var/lib/crowdsec/data
      - /home/akanealw/docker/proxy/appdata/nginxproxymanager/data/logs2:/logs/nginx:ro
      - /var/log/auth.log:/logs/auth.log:ro
      - /var/log/syslog.log:/logs/syslog.log:ro

  freshrss:
    container_name: freshrss
    image: freshrss/freshrss:latest
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - CRON_MIN=*/20
      - TZ=${TZ}
    depends_on:
      - freshrss-db
    ports:
      - 8088:80/tcp
    restart: unless-stopped
    volumes:
      - ${DOCKERCONFIGS}/freshrss/data:/var/www/FreshRSS/data
      - ${DOCKERCONFIGS}/freshrss/extensions:/var/www/FreshRSS/extensions
      - /etc/localtime:/etc/localtime:ro

  freshrss-db:
    container_name: freshrss-db
    image: postgres:12-alpine
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - POSTGRES_USER=freshrss
      - POSTGRES_PASSWORD=freshrss
      - POSTGRES_DB=freshrss
    restart: unless-stopped
    volumes:
      - ${DOCKERCONFIGS}/freshrss/db/data:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro

  gotify:
    container_name: gotify
    image: gotify/server
    environment:
      - GOTIFY_DEFAULTUSER_PASS=ArTjhptrA6CTCnWH8DA5sq
    ports:
      - 8001:80
    volumes:
      - ${DOCKERCONFIGS}/gotify/data:/app/data

  hbbr:
    container_name: hbbr
    image: rustdesk/rustdesk-server:latest
    command: hbbr -k _
    ports:
      - 21117:21117
      - 21119:21119
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/rustdesk/hbbr:/root

  hbbs:
    container_name: hbbs
    image: rustdesk/rustdesk-server:latest
    command: hbbs -r aknlw.com:21117 -k _
    ports:
      - 21115:21115
      - 21116:21116
      - 21116:21116/udp
      - 21118:21118
    depends_on:
      - hbbr
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/rustdesk/hbbs:/root

  kutt:
    container_name: kutt
    image: kutt/kutt:latest
    environment:
      DB_HOST: kutt-postgres
      DB_NAME: kutt
      DB_USER: kutt
      DB_PASSWORD: kutt
      REDIS_HOST: kutt-redis
    env_file:
      - .env
    command: ["./wait-for-it.sh", "kutt-postgres:5432", "--", "npm", "start"]
    depends_on:
      - kutt-postgres
      - kutt-redis
    ports:
      - 3000:3000/tcp
    restart: always

  kutt-redis:
    container_name: kutt-redis
    image: redis:6.0-alpine
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/kutt/redis_data:/data

  kutt-postgres:
    container_name: kutt-postgres
    image: postgres:12-alpine
    environment:
      - POSTGRES_USER=kutt
      - POSTGRES_PASSWORD=kutt
      - POSTGRES_DB=kutt
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/kutt/postgres_data:/var/lib/postgresql/data

  nginxwebdav:
    container_name: nginxwebdav
    image: dgraziotin/nginx-webdav-nononsense
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - WEBDAV_USERNAME=akanealw
      - WEBDAV_PASSWORD=REBHv599XdhU4VScXXq7
      - SERVER_NAMES=localhost,192.168.1.4,webdav.akanealw.com
      - TIMEOUTS_S=1200
      - CLIENT_MAX_BODY_SIZE=120M
    ports:
      - 32080:80
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/nginxwebdav/config:/config
      - ${DOCKERCONFIGS}/nginxwebdav/data:/data

  orbital-sync:
    container_name: orbital-sync
    image: mattwebbio/orbital-sync:1
    environment:
      - PRIMARY_HOST_BASE_URL=http://192.168.1.4:8180
      - PRIMARY_HOST_PASSWORD=${WEBPASSWORD}
      - SECONDARY_HOST_1_BASE_URL=http://192.168.1.5:80
      - SECONDARY_HOST_1_PASSWORD=${WEBPASSWORD}
      - SECONDARY_HOST_2_BASE_URL=http://192.168.1.6:80
      - SECONDARY_HOST_2_PASSWORD=${WEBPASSWORD}
      - INTERVAL_MINUTES=30

  pihole:
    container_name: pihole
    image: cbcrowe/pihole-unbound:latest
    hostname: ${HOSTNAME}
    domainname: ${DOMAIN_NAME}
    environment:
      - FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - WEBTHEME=${WEBTHEME:-default-dark}
      - REV_SERVER=${REV_SERVER:-false}
      - REV_SERVER_TARGET=${REV_SERVER_TARGET}
      - REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
      - REV_SERVER_CIDR=${REV_SERVER_CIDR}
      - PIHOLE_DNS_=127.0.0.1#5335
      - DNSSEC="true"
      - DNSMASQ_LISTENING=single
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 8180:80/tcp
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/pihole/unbound:/etc/pihole:rw
      - ${DOCKERCONFIGS}/pihole/dnsmasq-unbound:/etc/dnsmasq.d:rw

  remotely:
    container_name: remotely
    image: immybot/remotely:latest
    ports:
      - 5003:5000
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/remotely/data:/remotely-data

  syncthing-relay-discovery:
    container_name: syncthing-relay-discovery
    image: t4skforce/syncthing-relay-discovery:latest
    environment:
      RELAY_OPTS:
      DISC_OPTS: 
      POOLS:
    ports:
      - 22067:22067
      - 22026:22026
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/syncthing-relay-discovery:/home/syncthing/certs

  trilium:
    container_name: trilium
    image: zadam/trilium
    environment:
      - TRILIUM_DATA_DIR=/home/node/trilium-data
    ports:
      - 8055:8080
    restart: unless-stopped
    volumes:
      - ${DOCKERCONFIGS}/trilium/data:/home/node/trilium-data

  uptime-kuma:
    container_name: uptime-kuma
    image: louislam/uptime-kuma:1
    ports:
      - 3001:3001
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/uptimekuma/data:/app/data

  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    environment:
      - TZ=${TZ}
      - ADMIN_TOKEN=h/oRssGu83I1E1WQGiSchYMAJnM0JcDXmjeI/A3QgMCasn/IK9zZldH5FXim0rSi
      - DATABASE_URL=data/db.sqlite3
      - DISABLE_ADMIN_TOKEN=false
      - DOMAIN=https://bitwarden.akanealw.com
      - ENABLE_DB_WAL=true
      - INVITATIONS_ALLOWED=false
      - SHOW_PASSWORD_HINT=false
      - SIGNUPS_ALLOWED=false
      - SIGNUPS_VERIFY=false
      - SMTP_PORT=587
      - SMTP_SSL=true
    ports:
      - 8089:80/tcp
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/vaultwarden:/data
      - /etc/localtime:/etc/localtime:ro

  vaultwarden-backup:
    container_name: vaultwarden-backup
    image: bruceforce/vaultwarden-backup
    environment:
      - BACKUP_DIR=/data/backups
      - CRON_TIME=15 * * * *
      - TIMESTAMP=true
      - UID=${PUID}
      - GID=${PGID}
    depends_on:
      - vaultwarden
    init: true
    restart: always
    volumes:
      - /home/akanealw/docker/appdata/vaultwarden:/data
      - /home/akanealw/backups/vaultwardenbackups:/data/backups

  wg-easy:
    container_name: wg-easy      
    image: weejewel/wg-easy
    environment:
      - WG_HOST=${WG_HOST}
      - PASSWORD=${WG_PASSWORD}
      - WG_DEFAULT_DNS=162.222.10.80, 9.9.9.9
      - WG_PORT=51830
      - WG_PERSISTENT_KEEPALIVE=25
      - WG_DEFAULT_ADDRESS=10.8.0.x
      - WG_MTU=1420
      - WG_ALLOWED_IPS=10.8.0.0/24
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      - "51830:51820/udp"
      - "51831:51821/tcp"
    restart: always
    volumes:
      - ${DOCKERCONFIGS}/wireguard:/etc/wireguard

networks:
  default: