services:

    watchtower: # https://github.com/containrrr/watchtower
        container_name: watchtower
        privileged: true
        restart: unless-stopped
        image: containrrr/watchtower
        environment:
            WATCHTOWER_CLEANUP: "true"
            WATCHTOWER_POLL_INTERVAL: 7200
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        # OUTDATED: https://github.com/containrrr/watchtower/issues/2067
        # POSSIBLE ALTERNATIVE: https://github.com/mag37/dockcheck

    frpc: # https://github.com/fatedier/frp
        image: fatedier/frpc:v0.65.0
        container_name: frpc
        restart: always
        volumes:
        - ./frpc.toml:/frpc.toml
        network_mode: host
        labels:
            - "com.centurylinklabs.watchtower.enable=false"
        command: "-c /frpc.toml"

    traefik: # https://github.com/traefik/traefik
        image: traefik:latest
        container_name: traefik
        command:
            - "--api=true"
            - "--api.dashboard=true"
            - "--api.insecure=false"
            - "--global.sendAnonymousUsage=false"
            - "--global.checkNewVersion=true"
            - "--log.level=DEBUG"
            - "--providers.docker=true"
            - "--providers.docker.exposedByDefault=false"
            - "--entryPoints.web=true"
            - "--entryPoints.web.address=:80"
            - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
            - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
            - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
            - "--entryPoints.websecure=true"
            - "--entryPoints.websecure.address=:443"
            - "--certificatesresolvers.le.acme.email=contact@imranr.dev"
            - "--certificatesresolvers.le.acme.storage=./acme/acme.json"
            - "--certificatesresolvers.le.acme.tlschallenge=true"
            - "--entryPoints.websecure.proxyProtocol.trustedIPs=172.19.0.1/32"
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - traefik_acme:/acme
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.api.rule=Host(`traefik.imranr.cloud`)"
            - "traefik.http.routers.api.entryPoints=websecure"
            - "traefik.http.routers.api.service=api@internal"
            - "traefik.http.routers.api.tls=true"
            - "traefik.http.routers.api.tls.certresolver=le"
        restart: unless-stopped
        networks:
            - traefik

    filebrowser: # https://github.com/filebrowser/filebrowser
        container_name: filebrowser
        image: filebrowser/filebrowser
        restart: unless-stopped
        user: "1000:1000"
        volumes:
            - ./filebrowser_storage:/srv # Create first
            - filebrowser_db:/database
        depends_on:
            - traefik
        networks:
            - traefik
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.filebrowser.rule=Host(`files.imranr.cloud`)"
            - "traefik.http.routers.filebrowser.entrypoints=websecure"
            - "traefik.http.routers.filebrowser.tls=true"
            - "traefik.http.services.filebrowser.loadbalancer.server.port=80"
            - "traefik.http.routers.filebrowser.tls.certresolver=le"

volumes:
    filebrowser_db:
    traefik_acme:

networks:
    traefik:
        ipam:
            config:
                - subnet: 172.19.0.0/16