services:

  komodo-periphery:
    image: ghcr.io/moghtech/komodo-periphery
    container_name: komodo-periphery
    privileged: true
    hostname: ${HOSTNAME} # Required so komodo-periphery is named after the host
    labels:
      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
    restart: unless-stopped
    ports:
      - 8120:8120
    volumes:
      - /proc:/proc:ro
      - /var/run/docker.sock:/var/run/docker.sock:z
      - /var/docker/.supporting-services/komodo:/var/docker/.supporting-services/komodo
    environment:
      PERIPHERY_ROOT_DIRECTORY: /var/docker/.supporting-services/komodo
      PERIPHERY_PASSKEYS: a_random_passkey
      PERIPHERY_SSL_ENABLED: true
      PERIPHERY_DISABLE_TERMINALS: false

  telegraf:
    image: telegraf
    container_name: telegraf
    restart: unless-stopped
    privileged: true
    user: telegraf:985 # make telegraf run with docker group (985) to access docker socket
    hostname: ${HOSTNAME} # picks up the hostname of komodo-periphery
    volumes:
      - ${DROOT}/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro
      # Add host fs
      - /:/hostfs:ro
      # Add host net specifically
      - /proc/net:/hostfs/proc/net
      # Add host docker
      - /var/run/docker.sock:/var/run/docker.sock:z
    environment:
      - HOST_MOUNT_PREFIX=/hostfs
      - HOST_PROC=/hostfs/proc

  certbot:
    image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest
    container_name: certbot
    restart: unless-stopped
    ports:
      - 80:80
    volumes:
      - ${DROOT}/certbot:/config
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=Europe/London
      - APPRISE_URL=${CERTBOT_DISCORD_WEBHOOK}
      - NOTIFY_ON_FAILURE=true
      - EMAIL=admin@mrmeeb.stream
      - CERT_COUNT=1
      - DOMAINS=${HOSTNAME}.internal,${HOSTNAME}
      - PLUGIN=standalone
      - CUSTOM_CA=mrmeeb.pem
      - CUSTOM_CA_SERVER=https://ca.internal/acme/acme/directory

  cronicle-worker:
    container_name: cronicle-worker
    image: git.mrmeeb.stream/mrmeeb/cronicle:1.0.5
    restart: unless-stopped
    hostname: ${HOSTNAME}
    # Following two options required for mounting sshfs volumes
    cap_add:
      - SYS_ADMIN
    devices:
      - /dev/fuse:/dev/fuse
    ports:
      - 3012:3012
    volumes:
      - ${DROOT}/cronicle-worker:/config
      - ${DROOT}/certbot/letsencrypt/live/${HOSTNAME}.internal/fullchain.pem:/config/keys/${HOSTNAME}/fullchain.pem:ro
      - ${DROOT}/certbot/letsencrypt/live/${HOSTNAME}.internal/privkey.pem:/config/keys/${HOSTNAME}/privkey.pem:ro
      # Docker backups
      - /var/docker:/var/docker:ro
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=Europe/London
      - MODE=worker
      - NODE_EXTRA_CA_CERTS=/config/keys/mrmeeb.pem