version: "3.8"

services:
# Homarr (Dashboard)
  homarr:
    image: ghcr.io/ajnart/homarr:latest
    container_name: homarr
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - DISABLE_UPGRADE_MODAL=true
    volumes:
      - /mnt/flash1/podman/essential/config/homarr:/app/data/configs
    ports:
      - "7575:7575"
    restart: unless-stopped
    
# Portainer (Container Management - Fixed Socket Path)
  portainer:
    image: docker.io/portainer/portainer-ce:latest
    container_name: portainer
    restart: unless-stopped
    ports:
#     - "9443:9443"
      - "9000:9000"
    volumes:
      - /mnt/flash1/podman/essential/config/portainer-data:/data
      - /var/run/docker.sock:/var/run/docker.sock:ro
    security_opt:
      - no-new-privileges:true
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}

  watchtower:
    image: docker.io/containrrr/watchtower:latest 
    container_name: watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}

  fail2ban:
    image: lscr.io/linuxserver/fail2ban:latest
    container_name: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    network_mode: host
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - VERBOSITY=-vv #optional
    volumes:
      - /mnt/flash1/podman/essential/config/fail2ban:/config
      - /var/log:/var/log:ro
      - /mnt/tank/podman/homeassistant/home_assistant/config/home-assistant.log:/remotelogs/homeassistant:ro #optional
#     - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
#     - /path/to/nginx/log:/remotelogs/nginx:ro #optional
#     - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
#     - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
#     - /path/to/radarr/log:/remotelogs/radarr:ro #optional
#     - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
#     - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
    restart: unless-stopped
 
  vaultwarden:
    image: docker.io/vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    ports:
      - "9445:80"  # Expose port 80 internally (no need to publish)
    volumes:
      - /mnt/flash1/podman/essential/config/vw_data:/data
    environment:
      - WEBSOCKET_ENABLED=true  # Enable WebSocket for real-time sync
      - ADMIN_TOKEN=a4dJaEqGjx1q76PoAG0FOw9AURubpMht5cZSVyAvGrX2hnyhlUBc/WbImuZedhTQ
#
#networks:
# npm_network:
#   external: true  # Use NPM's existing network