version: "3.9"

services:
  # VPN client for routing download client traffic through Surfshark
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    hostname: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - "8081:8080"  # qBittorrent WebUI
      - "6881:6881"  # qBittorrent torrent port
      - "6881:6881/udp"
      - "8888:8888/tcp"  # HTTP proxy
      - "8388:8388/tcp"  # Shadowsocks
      - "8388:8388/udp"
    volumes:
      - ${STACK_DIR}/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=surfshark
      - VPN_TYPE=openvpn
      - OPENVPN_USER=${SURFSHARK_USER}
      - OPENVPN_PASSWORD=${SURFSHARK_PASSWORD}
      - SERVER_COUNTRIES=${VPN_COUNTRY:-Netherlands}
      - FIREWALL_VPN_INPUT_PORTS=6881
      - TZ=${TZ}
      - UPDATER_PERIOD=24h
    networks:
      - homelab-network
      - traefik-network
    labels:
      - "traefik.enable=true"
      # qBittorrent routing through Gluetun
      - "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
      - "traefik.http.routers.qbittorrent.entrypoints=websecure"
      - "traefik.http.routers.qbittorrent.tls=true"
      - "traefik.http.routers.qbittorrent.tls.certresolver=letsencrypt"
      - "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
      - "traefik.http.services.qbittorrent.loadbalancer.server.port=8080"
    restart: unless-stopped

  # Torrent client
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    hostname: qbittorrent
    network_mode: "service:gluetun"  # Route through VPN
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - WEBUI_PORT=8080
    volumes:
      - ${STACK_DIR}/qbittorrent/config:/config
      - ${MEDIA_DIR}/downloads:/downloads
    depends_on:
      - gluetun
    restart: unless-stopped

networks:
  homelab-network:
    external: true
  traefik-network:
    external: true