# =============================================================================
# UTILITIES STACK - Development tools, tracking, remote access, and misc services
# =============================================================================
# DEPLOYMENT INSTRUCTIONS
# =============================================================================
# This is one of multiple compose files in the /docker/ directory.
#
# Deploy ALL stacks (from /docker/ directory):
#   Get-ChildItem docker-compose.*.yml | ForEach-Object { docker compose -f $_ up -d }
#
# Deploy this stack only:
#   docker compose -f docker-compose.utils.yml up -d
#
# Stop this stack:
#   docker compose -f docker-compose.utils.yml down
#
# View logs for this stack:
#   docker compose -f docker-compose.utils.yml logs -f
#
# IMPORTANT: Requires infra stack to be deployed first (shared networks).
# =============================================================================

name: docker-utils

# Common configurations for re-use
x-logging: &default-logging
  driver: "json-file"
  options:
    max-size: "10m"
    max-file: "3"

x-security: &default-security
  security_opt:
    - no-new-privileges:true

services:
  gitea:
    image: docker.gitea.com/gitea:1.25.3
    container_name: gitea
    restart: unless-stopped
    networks:
      - web_net
      - db_net
    ports:
      - "222:22"
      - "8418:3000"
    environment:
      - GITEA__database__HOST=gitea-db:3306
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
      - GITEA__database__DB_TYPE=mysql
    volumes:
      - /docker/gitea/data:/data
    depends_on:
      gitea-db:
        condition: service_healthy
    logging: *default-logging

  gitea-db:
    image: mysql:8
    container_name: gitea-db
    restart: unless-stopped
    networks:
      - db_net
    environment:
      - MYSQL_ROOT_PASSWORD=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=gitea
      - MYSQL_DATABASE=gitea
    volumes:
      - /docker/gitea/mysql:/var/lib/mysql
    healthcheck:
      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
      interval: 10s
    logging: *default-logging

  tandoor_db:
    restart: unless-stopped
    image: postgres:16-alpine
    container_name: tandoor_DB
    environment:
    - POSTGRES_DB=${TANDOOR_POSTGRES_DB}
    - POSTGRES_USER=${TANDOOR_POSTGRES_USER}
    - POSTGRES_PASSWORD=${TANDOOR_POSTGRES_PASSWORD}
    volumes:
      - ./tandoor/postgresql:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${TANDOOR_POSTGRES_USER} -d ${TANDOOR_POSTGRES_DB}"]
      interval: 5s
      timeout: 5s
      retries: 10

  tandoor_web:
    restart: unless-stopped
    image: vabene1111/recipes
    container_name: tandoor_web
    environment:
      - ALLOWED_HOSTS=recipes.kansaigaijin.com
      - SECRET_KEY=${TANDOOR_SECRET_KEY}
      - DB_ENGINE=${TANDOOR_DB_ENGINE}
      - POSTGRES_HOST=${TANDOOR_POSTGRES_HOST}
      - POSTGRES_DB=${TANDOOR_POSTGRES_DB}
      - POSTGRES_PORT=${TANDOOR_POSTGRES_PORT}
      - POSTGRES_USER=${TANDOOR_POSTGRES_USER}
      - POSTGRES_PASSWORD=${TANDOOR_POSTGRES_PASSWORD}
    ports:
      - 8450:80
    volumes:
      - ./tandoor/staticfiles:/opt/recipes/staticfiles
      - ./tandoor/mediafiles:/opt/recipes/mediafiles
    depends_on:
      tandoor_db:
        condition: service_healthy

  speedtest-tracker:
    image: lscr.io/linuxserver/speedtest-tracker:latest
    container_name: speedtest-tracker
    restart: unless-stopped
    networks:
      - web_net
      - db_net
    ports:
      - "8180:80"
    environment:
      - SPEEDTEST_SCHEDULE="0 */6 * * *"
      - SPEEDTEST_SERVERS=7317
      - DB_HOST=speedtest-db
      - DB_DATABASE=${SPEEDTEST_DB_NAME}
      - DB_PASSWORD=${SPEEDTEST_DB_PASSWORD}
      - DB_CONNECTION=mariadb
      - DB_USERNAME=${SPEEDTEST_DB_USER}
      - APP_KEY=${SPEEDTEST_APP_KEY}
    volumes:
      - /docker/speedtest-tracker/data:/config
    depends_on:
      speedtest-db:
        condition: service_healthy
    logging: *default-logging

  speedtest-db:
    image: mariadb:11
    container_name: speedtest-db
    restart: unless-stopped
    networks:
      - db_net
    environment:
      - MYSQL_USER=${SPEEDTEST_DB_USER}
      - MYSQL_PASSWORD=${SPEEDTEST_DB_PASSWORD}
      - MYSQL_DATABASE=${SPEEDTEST_DB_NAME}
      - MYSQL_RANDOM_ROOT_PASSWORD=true
    volumes:
      - /docker/speedtest-tracker/db:/var/lib/mysql
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 10s
    logging: *default-logging

  rustdesk-hbbs:
    image: rustdesk/rustdesk-server:latest
    container_name: hbbs
    network_mode: host
    restart: unless-stopped
    command: hbbs
    volumes:
      - /docker/rustdesk/data:/root
    logging: *default-logging

  rustdesk-hbbr:
    image: rustdesk/rustdesk-server:latest
    container_name: hbbr
    network_mode: host
    restart: unless-stopped
    command: hbbr
    volumes:
      - /docker/rustdesk/data:/root
    logging: *default-logging

  redbot:
    image: phasecorex/red-discordbot
    container_name: redbot
    restart: unless-stopped
    networks:
      - internal_net
    environment:
      - TOKEN=${REDBOT_TOKEN}
    volumes:
      - /docker/redbot:/data
    logging: *default-logging

  iperf3-server:
    image: networkstatic/iperf3
    container_name: iperf3-server
    restart: unless-stopped
    networks:
      - internal_net
    ports:
      - "5201:5201"
    command: -s
    logging: *default-logging

  neolink:
    image: quantumentangledandy/neolink
    container_name: neolink
    ports:
      - 8554:8554
    volumes:
      - ./neolink/neolink.toml:/etc/neolink.toml
    restart: unless-stopped

  linkwarden-db:
    container_name: linkwarden-db
    image: postgres:16-alpine
    restart: always
    environment:
      - POSTGRES_PASSWORD=${LINKWARDEN_DB_PASSWORD}
    volumes:
      - ./linkwarden/pgdata:/var/lib/postgresql/data

  linkwarden:
    container_name: linkwarden
    environment:
      - DATABASE_URL=postgresql://postgres:${LINKWARDEN_DB_PASSWORD}@linkwarden-db:5432/postgres
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=${NEXTAUTH_URL}
    restart: always
    image: ghcr.io/linkwarden/linkwarden:latest
    ports:
      - 3400:3000
    volumes:
      - ./linkwarden/data:/data/data
    depends_on:
      - linkwarden-db
      - meilisearch

  meilisearch:
    container_name: meilisearch
    image: getmeili/meilisearch:v1.12.8
    restart: always
    volumes:
      - ./linkwarden/meili_data:/meili_data

  ntfy:
    image: binwiederhier/ntfy
    container_name: ntfy
    restart: unless-stopped
    networks:
      - web_net
    ports:
      - "8086:8086"
    volumes:
      - ./ntfy:/etc/ntfy
      - ntfy_cache:/var/cache/ntfy
      - ntfy_auth:/var/lib/ntfy
    command: serve
    logging: *default-logging

  mailrise:
    image: yoryan/mailrise
    container_name: mailrise
    restart: unless-stopped
    ports:
      - "8025:8025"
    volumes:
      - ./ntfy/mailrise.yml:/etc/mailrise/mailrise.yml:ro
    logging: *default-logging

networks:
  web_net:
    name: web_net
    external: true
  db_net:
    name: db_net
    external: true
  internal_net:
    name: internal_net
    external: true

volumes:
  ntfy_cache:
  ntfy_auth: