# =============================================================================
# INFRASTRUCTURE STACK - Core services & shared networks
# =============================================================================
# DEPLOYMENT INSTRUCTIONS
# =============================================================================
# This is one of multiple compose files in the /docker/ directory.
#
# Deploy ALL stacks (from /docker/ directory):
#   Get-ChildItem docker-compose.*.yml | ForEach-Object { docker compose -f $_ up -d }
#
# Deploy this stack only:
#   docker compose -f docker-compose.infra.yml up -d
#
# Stop this stack:
#   docker compose -f docker-compose.infra.yml down
#
# View logs for this stack:
#   docker compose -f docker-compose.infra.yml logs -f
#
# IMPORTANT: Deploy this stack FIRST - it defines the shared networks
# (media_net, db_net, web_net, internal_net) that all other stacks require.
# =============================================================================

name: docker-infra

# Common configurations for re-use
x-logging: &default-logging
  driver: "json-file"
  options:
    max-size: "10m"
    max-file: "3"

x-security: &default-security
  security_opt:
    - no-new-privileges:true

services:
  portainer:
    image: portainer/portainer-ce:2.21.5
    container_name: portainer
    restart: unless-stopped
    networks:
      - web_net
    ports:
      - "8000:8000"
      - "9443:9443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    deploy:
      resources:
        limits:
          memory: 512M
    logging: *default-logging

  ntopng:
    image: ntop/ntopng:latest
    container_name: ntopng
    restart: unless-stopped
    network_mode: host
    cap_add:
      - NET_ADMIN
      - NET_RAW
    command: >
      --interface=eth0
      --http-port=3939
      --disable-login=1
      --community
    volumes:
      - /docker-local/ntopng/data:/var/lib/ntopng
      - /docker-local/ntopng/redis:/var/lib/redis
    logging: *default-logging

  whatsupdocker:
    image: getwud/wud:latest
    container_name: wud
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./wud/store:/store
    environment:
      - WUD_SERVER_ENABLED=true
      - WUD_REGISTRY_HUB_0_LOGIN=${WUD_REGISTRY_HUB_0_LOGIN}
      - WUD_REGISTRY_HUB_0_TOKEN=${WUD_REGISTRY_HUB_0_TOKEN}
      - WUD_REGISTRY_HUB_0_AUTH=true
      - WUD_REGISTRY_GHCR_0_USERNAME=${WUD_REGISTRY_GHCR_0_USERNAME}
      - WUD_REGISTRY_GHCR_0_TOKEN=${WUD_REGISTRY_GHCR_0_TOKEN}
      - WUD_REGISTRY_LSCR_0_USERNAME=${WUD_REGISTRY_GHCR_0_USERNAME}
      - WUD_REGISTRY_LSCR_0_TOKEN=${WUD_REGISTRY_GHCR_0_TOKEN}
      - WUD_TRIGGER_MQTT_MOSQUITTO_URL=${MQTT_MOSQUITTO_URL}
      - WUD_TRIGGER_MQTT_MOSQUITTO_USER=${MQTT_MOSQUITTO_USER}
      - WUD_TRIGGER_MQTT_MOSQUITTO_PASSWORD=${MQTT_MOSQUITTO_PASSWORD}
      - WUD_TRIGGER_MQTT_MOSQUITTO_HASS_ENABLED=true
      - WUD_TRIGGER_MQTT_MOSQUITTO_HASS_PREFIX=homeassistant
    ports:
      - 3666:3000
    healthcheck:
      test: curl --fail http://localhost:${WUD_SERVER_PORT:-3000}/health || exit 1
      interval: 10s
      timeout: 10s
      retries: 3
      start_period: 10s
    labels:
      - 'wud.tag.include=^\d+\.\d+\.\d+$$'
      - 'wud.link.template=https://github.com/getwud/wud/releases/tag/$${major}.$${minor}.$${patch}'

  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    container_name: homepage
    restart: unless-stopped
    networks:
      - web_net
    ports:
      - "7575:3000"
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - HOMEPAGE_ALLOWED_HOSTS=${HOMEPAGE_ALLOWED_HOSTS}
    volumes:
      - ./Homepage/config/icons:/app/public/icons
      - ./Homepage/config/images:/app/public/images
      - ./Homepage/config:/app/config
    logging: *default-logging

  dockerproxy:
    image: ghcr.io/tecnativa/docker-socket-proxy:latest
    container_name: dockerproxy
    restart: unless-stopped
    networks:
      - internal_net
    ports:
      - "127.0.0.1:2375:2375"
    environment:
      - CONTAINERS=1
      - SERVICES=1
      - TASKS=1
      - EVENTS=1
      - PING=1
      - VERSION=1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    logging: *default-logging

  newt:
    image: fosrl/newt:latest
    container_name: newt
    restart: unless-stopped
    environment:
      - PANGOLIN_ENDPOINT=https://png.kansaigaijin.com
      - NEWT_ID=cuvfw5hnsszh0gc
      - NEWT_SECRET=iitbnuk2cevm40lt1xtrgmnehce4f2bdk4rnllj6ebeznf6h
      - LOG_LEVEL=DEBUG

  npm:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: npm
    restart: unless-stopped
    ports:
      - '80:80'
      - '443:443'
      - '81:81'
    environment:
      DB_MYSQL_HOST: "npm-db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: ${NPM_PASSWORD}
      DB_MYSQL_NAME: "npm"
    volumes:
      - ./npm/data:/data
      - ./npm/letsencrypt:/etc/letsencrypt
    networks:
        web_net:
        db_net:
    depends_on:
      - npm-db

  npm-db:
    image: 'jc21/mariadb-aria:latest'
    container_name: npm-db
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${NPM_PASSWORD}
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: ${NPM_PASSWORD}
    networks:
        db_net:
    volumes:
      - ./npm/mysql:/var/lib/mysql

networks:
  media_net:
    name: media_net
    driver: bridge
  db_net:
    name: db_net
    internal: true
  web_net:
    name: web_net
    driver: bridge
  internal_net:
    name: internal_net
    driver: bridge

volumes:
  portainer_data: