version: '3'
services:
  traefik:
    image: traefik
    container_name: traefik
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "6666:8080"
    volumes:
      - ./traefik_data:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      traefik_net:
    labels:
      - traefik.enable=true
      - traefik.http.routers.dashboard.rule=Host(`traefik.ghoscht.com`)
      - traefik.http.routers.dashboard.entrypoints=websecure
      - traefik.http.services.dashboard.loadbalancer.server.port=8080
      - traefik.http.routers.dashboard.tls=true
      - traefik.http.routers.dashboard.tls.certresolver=lencrypt
    env_file:
      - traefik.env
    dns:
      - 1.1.1.1
  homarr:
    container_name: homarr
    image: ghcr.io/ajnart/homarr:latest
    restart: always
    volumes:
      - ./homarr_data:/app/data/configs
      - ./homarr_icons:/app/public/imgs
    networks:
      traefik_net:
    labels:
      - traefik.enable=true
      - traefik.http.routers.homarr.entrypoints=websecure
      - traefik.http.routers.homarr.rule=Host(`dashboard.ghoscht.com`)
      - traefik.http.routers.homarr.tls=true
      - traefik.http.routers.homarr.tls.certresolver=lencrypt
    dns:
      - 1.1.1.1
  scrutiny:
    container_name: scrutiny
    image: ghcr.io/analogj/scrutiny:master-omnibus
    restart: always
    cap_add:
      - SYS_RAWIO
    volumes:
      - /run/udev:/run/udev:ro
      - ./scrutiny_data:/opt/scrutiny/config
      - ./scrutiny_db:/opt/scrutiny/influxdb
    labels:
      - traefik.enable=true
      - traefik.http.routers.scrutiny.entrypoints=websecure
      - traefik.http.routers.scrutiny.rule=Host(`scrutiny.ghoscht.com`)
      - traefik.http.services.scrutiny.loadbalancer.server.port=8080
      - traefik.http.routers.scrutiny.tls=true
      - traefik.http.routers.scrutiny.tls.certresolver=lencrypt
    networks:
      traefik_net:
    devices:
      - "/dev/sda"
      - "/dev/sdb"
  ntfy:
    image: binwiederhier/ntfy
    container_name: ntfy
    command:
      - serve
    environment:
      - TZ=UTC # optional: set desired timezone
    user: 1000:1000 # optional: replace with your own user/group or uid/gid
    volumes:
      - ./ntfy_data/server.yml:/etc/ntfy/server.yml
    labels:
      - traefik.enable=true
      - traefik.http.routers.ntfy.entrypoints=websecure
      - traefik.http.routers.ntfy.rule=Host(`ntfy.ghoscht.com`,`ntfy.local.ghoscht.com`)
      - traefik.http.routers.ntfy.tls=true
      - traefik.http.routers.ntfy.tls.certresolver=lencrypt
    networks:
      traefik_net:
  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    volumes:
      - /mnt/hdd/docker/home-assistant_data:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    restart: unless-stopped
    privileged: true
    labels:
      - traefik.enable=true
      - traefik.http.routers.homeassistant.entrypoints=websecure
      - traefik.http.routers.homeassistant.rule=Host(`home.ghoscht.com`,`home.local.ghoscht.com`)
      - traefik.http.routers.homeassistant.tls=true
      - traefik.http.routers.homeassistant.tls.certresolver=lencrypt
      - traefik.http.services.homeassistant.loadbalancer.server.port=8123
    networks:
      traefik_net:
  cloudflared:
    container_name: cloudflared
    image: cloudflare/cloudflared:latest
    restart: always
    command: tunnel --no-autoupdate --protocol http2 run
    env_file:
      - cloudflared.env
    networks:
      traefik_net:
networks:
  traefik_net:
    name: traefik-net
    external: true