---
services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    networks:
      - highseas
    ports:
      - 443:443 # https
      - 8080:8080 # dashboard (LAN only, do not expose)
    environment:
      - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}
      - DOMAIN=${DOMAIN}
      - EMAIL=${EMAIL}
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./configs/traefik/traefik.yaml:/etc/traefik/traefik.yaml
      - ./configs/traefik/static-cfg.yaml:/etc/traefik/static-cfg.yaml
      - ./configs/traefik/certs:/var/traefik/certs:rw
    restart: unless-stopped

  resolver:
    image: linuxserver/prowlarr:latest
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE}
    volumes:
      - ./configs/prowlarr:/config
      - ${TORRENT_TMP_DIR}:/downloads
    networks:
      - highseas
    dns:
      - "1.0.0.1"
      - "1.1.1.1"
    ports:
      - 9696:9696
    labels:
      - traefik.enable=true
      - traefik.http.routers.resolve.rule=Host(`resolve.${DOMAIN}`)
      - traefik.http.routers.resolve.tls.certresolver=cloudflare
    restart: unless-stopped

  tv:
    image: linuxserver/sonarr:latest
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./configs/sonarr:/config
      - ${TV_DIR}:/tv
      - ${TORRENT_TMP_DIR}:/downloads
    networks:
      - highseas
    ports:
      - 8989:8989
    labels:
      - traefik.enable=true
      - traefik.http.routers.tv.rule=Host(`tv.${DOMAIN}`)
      - traefik.http.routers.tv.tls.certresolver=cloudflare
    restart: unless-stopped


  movies:
    image: linuxserver/radarr:latest
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./configs/radarr:/config
      - ${MOVIE_DIR}:/movies
      - ${TORRENT_TMP_DIR}:/downloads
    networks:
      - highseas
    ports:
      - 7878:7878
    labels:
      - traefik.enable=true
      - traefik.http.routers.movies.rule=Host(`movies.${DOMAIN}`)
      - traefik.http.routers.movies.tls.certresolver=cloudflare
    restart: unless-stopped


  oversee:
    image: linuxserver/overseerr:latest
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE}
    volumes:
      - ./configs/overseerr:/config
    networks:
      - highseas
    ports:
      - 5055:5055
      - 5055:5055/tcp
    labels:
      - traefik.enable=true
      - traefik.http.routers.overseer.rule=Host(`manage.${DOMAIN}`)
      - traefik.http.routers.overseer.tls.certresolver=cloudflare
    restart: unless-stopped


  jellyfin:
    image: lscr.io/linuxserver/jellyfin:latest
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE}
      - JELLYFIN_PublishedServerUrl=https://watch.${DOMAIN}
    volumes:
      - ./configs/jellyfin:/config
      - ${TV_DIR}:/tvshows
      - ${MOVIE_DIR}:/movies
      - ${MISC_DIR}:/misc
    networks:
      - highseas
    ports:
      - 8096:8096
    labels:
      - sablier.enable=true
      - sablier.group=home
    restart: unless-stopped

  torrent:
    build:
      context: ./qbit-pia
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE}
      - WEBUI_PORT=4242
      - TORRENTING_PORT=6881
    volumes:
      - ./configs/qbittorrent:/config
      - ${TORRENT_TMP_DIR}:/downloads
      - ./configs/gluetun/piaportforward.json:/etc/piaportforward.json # Sync Torrent port config from PIA
    network_mode: service:vpn
    depends_on:
      - vpn # Otherwise piaconf can be empty/out-of-date
    restart: unless-stopped

  kanban:
    image: linuxserver/planka:latest
    networks:
      - highseas
    restart: unless-stopped
    volumes:
      - ./configs/planka:/config
    labels:
      - sablier.enable=true
      - sablier.group=kanban
      # - traefik.enable=true
      # - traefik.http.routers.kanban.rule=Host(`kanban.${DOMAIN}`)
      # - traefik.http.routers.kanban.tls.certresolver=cloudflare
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE}
      - BASE_URL=https://kanban.${DOMAIN}
      - DATABASE_URL=postgresql://${ADMIN_USER}:${ADMIN_PASSWD}@planka-db:5432/planka
      - DEFAULT_ADMIN_USERNAME=${ADMIN_USER}
      - DEFAULT_ADMIN_PASSWORD=${ADMIN_PASSWD}
      - DEFAULT_ADMIN_NAME=${ADMIN_PASSWD}
      - DEFAULT_ADMIN_EMAIL=${EMAIL}
      - SECRET_KEY=${ADMIN_PASSWD}
      - TRUST_PROXY=1
    ports:
      - 1337:1337

  planka-db:
    image: postgres:latest
    networks:
      - highseas
    restart: unless-stopped
    labels:
      - sablier.enable=true
      - sablier.group=kanban
    volumes:
      - ./configs/planka-db:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=planka
      - POSTGRES_USER=${ADMIN_USER}
      - POSTGRES_PASSWORD=${ADMIN_PASSWD}

  bot:
    image: linuxserver/doplarr:latest
    networks:
      - highseas
    restart: unless-stopped
    volumes:
      - ./configs/doplarr:/config
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE}
      - OVERSEERR__URL=http://oversee:5055
      - DISCORD__TOKEN=${DISCORD_TOKEN}
      - OVERSEERR__API=${OVERSEERR_TOKEN}
      - PARTIAL_SEASONS=true

  vpn:
    image: qmcgaw/gluetun:latest
    cap_add:
      - NET_ADMIN
    volumes:
      - ./configs/gluetun:/gluetun
    networks:
      - highseas
    ports:
      # Qbittorrent
      - 4242:4242 # Traefik exposes the smallest port
      - 6881:6881
      - 6881:6881/udp
    environment:
      - VPN_SERVICE_PROVIDER=private internet access
      - OPENVPN_USER=${VPN_USER}
      - OPENVPN_PASSWORD=${VPN_PASSWD}
      - VPN_PORT_FORWARDING=on
      - REGION=${VPN_REGION}
    labels:
      - traefik.enable=true
      - traefik.http.routers.torrent.rule=Host(`torrent.${DOMAIN}`)
      - traefik.http.routers.torrent.tls.certresolver=cloudflare
    restart: unless-stopped

  proxy:
    image: ghcr.io/flaresolverr/flaresolverr:latest
    environment:
      - LOG_LEVEL=info
    networks:
      - highseas
    dns:
      - "1.0.0.1"
      - "1.1.1.1"
    ports:
      - 8191:8191
    restart: unless-stopped

  dyndns:
    image: mxmlndml/cloudflare-dynamic-dns:latest
    environment:
      - "API_KEY=${CLOUDFLARE_TOKEN}"
      - "ZONE_ID=${CLOUDFLARE_ZONE}"
      - "DOMAIN_NAMES=${DOMAIN}"
      - "RECORD_TYPES=A"
      - "INTERVAL=5"

  sablier:
    image: sablierapp/sablier:1.8.1
    command:
      - start
      - --provider.name=docker
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
    labels:
      - traefik.enable=true
      - traefik.http.routers.sablier.rule=Host(`throttle.${DOMAIN}`)
      - traefik.http.routers.sablier.tls.certresolver=cloudflare
    ports:
      - 10000:10000
    networks:
      - highseas

networks:
  highseas:
    driver: bridge