version: '3'
services:
  db:
    image: mariadb
    restart: always
    networks:
      - zoneminder
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "{{ zoneminder_config}}/db:/var/lib/mysql"
    environment:
      - "MYSQL_DATABASE=zm"
      - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
      - "MYSQL_USER={{ mysql_user }}"
      - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
      - "MAX_LOG_SIZE_BYTES=1000000"
      - "MAX_LOG_NUMBER=20"
      - "TZ=Europe/Berlin"

  zoneminder:
    image: ghcr.io/zoneminder-containers/zoneminder-base:latest
    restart: always
    stop_grace_period: 45s
    depends_on:
      - db
    ports:
      - 80:80
    networks:
      - zoneminder
      - net
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "{{ zoneminder_data }}:/data"
      - "{{ zoneminder_config }}/config:/config"
      - "{{ zoneminder_config }}/log:/log"
      - type: tmpfs
        target: /dev/shm
        tmpfs:
          size: 1000000000
    environment:
      - "MYSQL_DATABASE=zm"
      - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
      - "MYSQL_USER={{ mysql_user }}"
      - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
      - "MAX_LOG_SIZE_BYTES=1000000"
      - "MAX_LOG_NUMBER=20"
      - "TZ=Europe/Berlin"
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      net: {}
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "8089:80/tcp"
    environment:
      - "WEBPASSWORD={{ vault_aya01_pihole_password }}"
      - "ServerIP=192.168.20.12"
      - "INTERFACE=eth0"
      - "DNS1=1.1.1.1"
      - "DNS1=1.0.0.1"
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "{{ pihole_pihole }}:/etc/pihole/"
      - "{{ pihole_dnsmasq }}:/etc/dnsmasq.d/"
    dns:
      - 127.0.0.1
      - 1.1.1.1
    cap_add:
      - NET_ADMIN
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)"
      - "traefik.http.routers.pihole.entrypoints=web"
      - "traefik.http.services.pihole.loadbalancer.server.port=8089"
  syncthing:
    image: syncthing/syncthing
    container_name: syncthing
    hostname: syncthing
    networks:
      - net
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - "{{syncthing_data}}:/var/syncthing"
    ports:
      - 8384:8384 # Web UI
      - 22000:22000/tcp # TCP file transfers
      - 22000:22000/udp # QUIC file transfers
      - 21027:21027/udp # Receive local discovery broadcasts
    restart: unless-stopped
  grafana:
    image: grafana/grafana-oss
    container_name: grafana
    hostname: grafana
    networks:
      - net
    environment:
      - "PUID={{ puid }}"
      - "PGID={{ pgid }}"
      - "GF_LOG_MODE=console file"
    volumes:
      - "{{ grafana_data }}:/var/lib/grafana/"
      - "{{ grafana_log }}:/var/log/grafana/"
      - "{{ grafana_config }}:/etc/grafana/"
    ports:
      - 3000:3000


networks:
  zoneminder:
  net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.16.69.0/24
          ip_range: 172.28.69.0/24
          gateway: 172.16.69.1