# Infrastructure Services
# Core services that other services depend on

services:
  # Nginx Proxy Manager - Web-based reverse proxy management
  # Access at: http://server-ip:81
  # Default credentials: admin@example.com / changeme
  nginx-proxy-manager:
    image: jc21/nginx-proxy-manager:2.10.4
    container_name: nginx-proxy-manager
    restart: unless-stopped
    networks:
      - homelab-network
    ports:
      - "80:80"      # HTTP
      - "443:443"    # HTTPS
      - "81:81"      # Admin UI
    volumes:
      - ./config/nginx-proxy-manager/data:/data
      - ./config/nginx-proxy-manager/letsencrypt:/etc/letsencrypt
    environment:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:81"]
      interval: 30s
      timeout: 10s
      retries: 3
    labels:
      - "homelab.category=infrastructure"
      - "homelab.description=Reverse proxy with Let's Encrypt support"

  # Pi-hole - Network-wide ad blocker and DNS server
  # Access at: http://server-ip:8080/admin
  pihole:
    image: pihole/pihole:2024.01.0
    container_name: pihole
    restart: unless-stopped
    networks:
      - homelab-network
    ports:
      - "53:53/tcp"    # DNS TCP
      - "53:53/udp"    # DNS UDP
      - "8080:80/tcp"  # Web interface
    volumes:
      - ./config/pihole/etc-pihole:/etc/pihole
      - ./config/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
    environment:
      - TZ=${TZ:-America/New_York}
      - WEBPASSWORD=${PIHOLE_PASSWORD:-changeme}
      - FTLCONF_LOCAL_IPV4=${SERVER_IP}
    dns:
      - 127.0.0.1
      - 1.1.1.1
    cap_add:
      - NET_ADMIN
    labels:
      - "homelab.category=infrastructure"
      - "homelab.description=Network-wide ad blocking and DNS"

  # Portainer - Docker management UI
  # Access at: http://server-ip:9000
  portainer:
    image: portainer/portainer-ce:2.19.4
    container_name: portainer
    restart: unless-stopped
    networks:
      - homelab-network
    ports:
      - "9000:9000"
      - "9443:9443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer-data:/data
    security_opt:
      - no-new-privileges:true
    labels:
      - "homelab.category=infrastructure"
      - "homelab.description=Docker container management UI"

  # Watchtower - Automatic container updates
  # Runs silently in background, no UI
  watchtower:
    image: containrrr/watchtower:1.7.1
    container_name: watchtower
    restart: unless-stopped
    networks:
      - homelab-network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_INCLUDE_RESTARTING=true
      - WATCHTOWER_SCHEDULE=0 0 4 * * *  # 4 AM daily
      - WATCHTOWER_NOTIFICATIONS=shoutrrr
      - WATCHTOWER_NOTIFICATION_URL=${WATCHTOWER_NOTIFICATION_URL}
    labels:
      - "homelab.category=infrastructure"
      - "homelab.description=Automatic Docker container updates"

volumes:
  portainer-data:
    driver: local

networks:
  homelab-network:
    external: true