volumes:
  etc_wireguard:
  grafana-storage:
  etc_certs:
  # save certifcate
  etc_acme:

services:
  backup:
    image: jareware/docker-volume-backup
    container_name: backup-docker-container
    restart: unless-stopped
    environment:
      AWS_S3_BUCKET_NAME: ${S3_BUCKET}
      AWS_EXTRA_ARGS: --endpoint ${ENDPOINT}
      AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
      AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
      BACKUP_CRON_EXPRESSION: "0 0 * * *"
    volumes:
      - etc_wireguard:/backup/etc_wireguard:ro
      - etc_certs:/backup/etc_certs:ro
      - etc_acme:/backup/etc_acme:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro

  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

  wg-easy:
    image: ghcr.io/wg-easy/wg-easy:15
    container_name: wg-easy
    networks:
        - network-container
    volumes:
      - etc_wireguard:/etc/wireguard
      - /lib/modules:/lib/modules:ro
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    labels:
      - "docker-volume-backup.stop-during-backup=true"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
      - net.ipv6.conf.default.forwarding=1
    environment:
      - VIRTUAL_HOST=${HOSTNAME_VPN}
      - LETSENCRYPT_HOST=${HOSTNAME_VPN}
      - LETSENCRYPT_EMAIL=${EMAIL}
      - VIRTUAL_PORT=51821
    depends_on:
      - nginx-proxy

  acme-companion:
    image: nginxproxy/acme-companion
    container_name: acme-companion
    restart: unless-stopped
    environment:
      - DEFAULT_EMAIL=${EMAIL}
      - NGINX_PROXY_CONTAINER=nginx-proxy
    depends_on:
      - nginx-proxy
    labels:
      - "docker-volume-backup.stop-during-backup=true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - etc_certs:/etc/nginx/certs
      - /etc/nginx/vhost.d
      - ./default_html:/usr/share/nginx/html
      - etc_acme:/etc/acme.sh
    networks:
      - network-container

  nginx-proxy:
    image: nginxproxy/nginx-proxy:alpine
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "docker-volume-backup.stop-during-backup=true"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - etc_certs:/etc/nginx/certs
      - /etc/nginx/vhost.d
      - ./default_html:/usr/share/nginx/html
    networks:
      - network-container

  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    volumes:
      - /etc/serverconfig/prometheus.yml:/etc/prometheus/prometheus.yml
    restart: unless-stopped
    networks:
      - monitor-network

  grafana:
    image: grafana/grafana
    container_name: grafana
    restart: unless-stopped
    environment:
      - VIRTUAL_HOST=${HOSTNAME_GRAFANA}
      - LETSENCRYPT_HOST=${HOSTNAME_GRAFANA}
      - VIRTUAL_PORT=3000
      - LETSENCRYPT_EMAIL=${EMAIL}
    volumes:
      - grafana-storage:/var/lib/grafana
    networks:
      - network-container
      - monitor-network

# synapse:
#     image: matrixdotorg/synapse:latest
#     container_name: synapse
#     restart: unless-stopped
#     networks:
#       - network-container
#     volumes:
#       - ./data:/data
#     environment:
#       - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
#       - VIRTUAL_HOST=${HOSTNAME_SYNAPSE}
#       - LETSENCRYPT_HOST=${HOSTNAME_SYNAPSE}
#       - LETSENCRYPT_EMAIL=${EMAIL}
#       - VIRTUAL_PORT=8008
#     expose:
#       - "8008"


networks:
  network-container:
    external: false
  monitor-network:
    external: false