---
container_user: containers
container_uid: 1001
container_group: "{{ container_user }}"
container_gid: "{{ container_uid }}"

backups: containers
backups_ignore: /opt/lychee/uploads

users:
  - name: gogs
    uid: 1000
    shell: /sbin/nologin

global_env_vars:
  - PUID={{ container_uid }}
  - PGID={{ container_gid }}
  - TZ=America/Los_Angeles

firewall_ports:
  - 80/tcp
  - 443/tcp
  - 10022/tcp

container_networks:
  - name: shareunderware
    driver: bridge
    subnet: 172.21.10.0/24
    ip_range: 172.21.10.0/24
    gateway: 172.21.10.1

containers:
  - name: swag
    active: true
    image: linuxserver/swag
    cap_add:
      - NET_ADMIN # required for fail2ban to modify iptables
    ports:
      - 80:80
      - 443:443
    volumes:
      - /opt/swag:/config
    restart: unless-stopped
    include_global_env_vars: true
    environment:
      - URL=shareunderware.com
      - VALIDATION=http
      - SUBDOMAINS=git,news,pasta,pics,
      - EMAIL=certbot@blainestory.com
    mem_limit: 100m
    networks:
      - shareunderware

  - name: gogs
    active: true
    image: gogs/gogs
    ports:
      - "10022:22" # https://github.com/go-yaml/yaml/issues/34#issuecomment-55772666
    volumes:
      - /opt/gogs:/data
    mem_limit: 200m
    networks:
      - shareunderware

  - name: pasta
    active: true
    image: danielszabo99/microbin
    command:
      - --public-path
      - https://pasta.shareunderware.com/
      - --qr
      - --editable
      - --highlightsyntax
      - --private
      - --encryption-client-side
      - --encryption-server-side
    volumes:
      - /opt/pasta:/app/pasta_data
    mem_limit: 100m
    networks:
      - shareunderware


  - name: lychee
    active: true
    image: lycheeorg/lychee
    include_global_env_vars: true
    restart: unless-stopped
    environment:
      - DB_CONNECTION=mysql
      - DB_HOST=lychee-db
      - DB_PORT=3306
      - DB_DATABASE={{ vaulted_lychee_db_name }}
      - DB_USERNAME={{ vaulted_lychee_db_user }}
      - DB_PASSWORD={{ vaulted_lychee_db_pass }}
    volumes:
      - /opt/lychee/conf:/conf
      - /opt/lychee/uploads:/uploads
      - /opt/lychee/sym:/sym
    mem_limit: 800m
    networks:
      - shareunderware


  - name: lychee-db
    active: true
    image: mariadb
    include_global_env_vars: true
    restart: unless-stopped
    environment:
      - MARIADB_RANDOM_ROOT_PASSWORD=1
      - MARIADB_DATABASE={{ vaulted_lychee_db_name }}
      - MARIADB_USER={{ vaulted_lychee_db_user }}
      - MARIADB_PASSWORD={{ vaulted_lychee_db_pass }}
    volumes:
      - /opt/lychee-db:/var/lib/mysql
    mem_limit: 100m
    networks:
      - shareunderware