version: "3.5"
services:
  jellyfin:
    image: jellyfin/jellyfin:latest
    container_name: jellyfin
    restart: always
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
      - jellyfin_data:/config
      - jellyfin_cache:/cache
      - /mnt/hdd/data/media/tv:/tv
      - /mnt/hdd/data/media/anime:/anime
      - /mnt/hdd/data/media/movies:/movies
    labels:
      - traefik.enable=true
      - traefik.http.routers.jellyfin.entrypoints=websecure
      - traefik.http.routers.jellyfin.rule=Host(`jellyfin.ghoscht.com`)
      - traefik.http.services.jellyfin.loadbalancer.server.port=8096
      - traefik.http.services.jellyfin.loadbalancer.passHostHeader=true
      - traefik.http.routers.jellyfin.tls=true
      - traefik.http.routers.jellyfin.tls.certresolver=lencrypt
    networks:
      traefik_net:
    dns:
      - 1.1.1.1
    ports:
      - 8096:8096
  navidrome:
    image: deluan/navidrome:latest
    container_name: navidrome
    restart: always
    environment:
      - ND_SESSIONTIMEOUT=336h
    env_file:
      - navidrome_secrets.env
    volumes:
      - navidrome_data:/data
      - /mnt/hdd/data/media/music:/music
    labels:
      - traefik.enable=true
      - traefik.http.routers.navidrome.entrypoints=websecure
      - traefik.http.routers.navidrome.rule=Host(`navidrome.ghoscht.com`)
      - traefik.http.services.navidrome.loadbalancer.server.port=4533
      - traefik.http.routers.navidrome.tls=true
      - traefik.http.routers.navidrome.tls.certresolver=lencrypt
    networks:
      traefik_net:
    dns:
      - 1.1.1.1
  komga:
    image: gotson/komga
    container_name: komga
    volumes:
      - /mnt/hdd/docker/komga:/config
      - /mnt/hdd/data/:/data
    ports:
      - 25600:25600
    user: "1000:1000"
    environment:
      - TZ=Europe/Berlin
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.komga.entrypoints=websecure
      - traefik.http.routers.komga.rule=Host(`komga.ghoscht.com`)
      - traefik.http.services.komga.loadbalancer.server.port=25600
      - traefik.http.routers.komga.tls=true
      - traefik.http.routers.komga.tls.certresolver=lencrypt
    networks:
      traefik_net:
    dns:
      - 1.1.1.1
  prowlarr:
    image: linuxserver/prowlarr:latest
    container_name: prowlarr
    restart: always
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=1000
    volumes:
      - prowlarr_data:/config
    labels:
      - traefik.enable=true
      - traefik.http.routers.prowlarr.entrypoints=websecure
      - traefik.http.routers.prowlarr.rule=Host(`prowlarr.ghoscht.com`)
      - traefik.http.services.prowlarr.loadbalancer.server.port=9696
      - traefik.docker.network=traefik-net
      - traefik.http.routers.prowlarr.tls=true
      - traefik.http.routers.prowlarr.tls.certresolver=lencrypt
    network_mode: service:vpn
    depends_on:
      vpn:
        condition: service_healthy
  sonarr:
    image: linuxserver/sonarr:latest
    container_name: sonarr
    restart: always
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=1000
    volumes:
      - sonarr_data:/config
      - /mnt/hdd/data:/data
    labels:
      - traefik.enable=true
      - traefik.http.routers.sonarr.entrypoints=websecure
      - traefik.http.routers.sonarr.rule=Host(`sonarr.ghoscht.com`)
      - traefik.http.services.sonarr.loadbalancer.server.port=8989
      - traefik.docker.network=traefik-net
      - traefik.http.routers.sonarr.tls=true
      - traefik.http.routers.sonarr.tls.certresolver=lencrypt
    network_mode: service:vpn
    depends_on:
      vpn:
        condition: service_healthy
      prowlarr:
        condition: service_started
  radarr:
    image: linuxserver/radarr:latest
    container_name: radarr
    restart: always
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=1000
    volumes:
      - radarr_data:/config
      - /mnt/hdd/data:/data
    labels:
      - traefik.enable=true
      - traefik.http.routers.radarr.entrypoints=websecure
      - traefik.http.routers.radarr.rule=Host(`radarr.ghoscht.com`)
      - traefik.http.services.radarr.loadbalancer.server.port=7878
      - traefik.docker.network=traefik-net
      - traefik.http.routers.radarr.tls=true
      - traefik.http.routers.radarr.tls.certresolver=lencrypt
    network_mode: service:vpn
    depends_on:
      vpn:
        condition: service_healthy
      prowlarr:
        condition: service_started
  lidarr:
    image: linuxserver/lidarr:latest
    container_name: lidarr
    restart: always
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=1000
    volumes:
      - /mnt/hdd/docker/media/lidarr_data:/config
      - /mnt/hdd/data:/data
      - ./lidarr/custom-services.d:/custom-services.d
      - ./lidarr/custom-cont-init.d:/custom-cont-init.d
    labels:
      - traefik.enable=true
      - traefik.http.routers.lidarr.entrypoints=websecure
      - traefik.http.routers.lidarr.rule=Host(`lidarr.ghoscht.com`)
      - traefik.http.services.lidarr.loadbalancer.server.port=8686
      - traefik.http.routers.lidarr.service=lidarr
      - traefik.docker.network=traefik-net
      - traefik.http.routers.lidarr.tls=true
      - traefik.http.routers.lidarr.tls.certresolver=lencrypt
    network_mode: service:vpn
    depends_on:
      vpn:
        condition: service_healthy
      prowlarr:
        condition: service_started
  bazarr:
    image: hotio/bazarr:latest
    container_name: bazarr
    restart: always
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=1000
    volumes:
      - bazarr_data:/config
      - /mnt/hdd/data:/data
    labels:
      - traefik.enable=true
      - traefik.http.routers.bazarr.entrypoints=websecure
      - traefik.http.routers.bazarr.rule=Host(`bazarr.ghoscht.com`)
      - traefik.http.services.bazarr.loadbalancer.server.port=6767
      - traefik.docker.network=traefik-net
      - traefik.http.routers.bazarr.tls=true
      - traefik.http.routers.bazarr.tls.certresolver=lencrypt
    networks:
      traefik_net:
    dns:
      - 1.1.1.1
  jellyseerr:
    container_name: jellyseerr
    image: fallenbagel/jellyseerr:latest
    restart: always
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=1000
    volumes:
      - jellyseerr_data:/app/config
    labels:
      - traefik.enable=true
      - traefik.http.routers.jellyseerr.entrypoints=websecure
      - traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.ghoscht.com`)
      - traefik.http.services.jellyseerr.loadbalancer.server.port=5055
      - traefik.docker.network=traefik-net
      - traefik.http.routers.jellyseerr.tls=true
      - traefik.http.routers.jellyseerr.tls.certresolver=lencrypt
    networks:
      traefik_net:
    depends_on:
      - jellyfin
    dns:
      - 1.1.1.1
  vpn:
    image: haugene/transmission-openvpn
    container_name: transmission
    restart: always
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - OPENVPN_PROVIDER=WINDSCRIBE
      - OPENVPN_CONFIG=Vienna-Boltzmann-udp
      - OVPN_PROTOCOL=udp
      - OPENVPN_OPTS=--pull-filter ignore ping --ping 10 --ping-restart 120
      - LOCAL_NETWORK=192.168.0.0/16
      - TRANSMISSION_DOWNLOAD_DIR=/data/torrents
      - TRANSMISSION_INCOMPLETE_DIR=/data/torrents/incomplete
      - TRANSMISSION_WEB_UI=flood-for-transmission
    env_file:
      - transmission_secrets.env
    volumes:
      - transmission_data:/config
      - /mnt/hdd/data:/data
    labels:
      - traefik.enable=true
      - traefik.http.routers.transmission.entrypoints=websecure
      - traefik.http.routers.transmission.rule=Host(`transmission.ghoscht.com`)
      - traefik.http.services.transmission.loadbalancer.server.port=9091
      - traefik.docker.network=traefik-net
      - traefik.http.routers.transmission.tls=true
      - traefik.http.routers.transmission.tls.certresolver=lencrypt
    networks:
      traefik_net:
    ports:
      - 1080:1080 # socks proxy
    cap_add:
      - NET_ADMIN
    dns:
      - 1.1.1.1
  koblas:
    image: ynuwenhof/koblas:latest
    container_name: socks5
    restart: unless-stopped
    environment:
      RUST_LOG: debug
      KOBLAS_LIMIT: 256
      KOBLAS_NO_AUTHENTICATION: true
      KOBLAS_ANONYMIZATION: true
    network_mode: service:vpn
    depends_on:
      vpn:
        condition: service_healthy
  unpackerr:
    image: golift/unpackerr
    container_name: unpackerr
    volumes:
      - /mnt/hdd/data:/data
    restart: always
    user: 1000:1000
    environment:
      - TZ=Europe/Berlin
      # General config
      - UN_DEBUG=false
      - UN_INTERVAL=2m
      - UN_START_DELAY=1m
      - UN_RETRY_DELAY=5m
      - UN_MAX_RETRIES=3
      - UN_PARALLEL=1
      - UN_FILE_MODE=0644
      - UN_DIR_MODE=0755
      # Sonarr Config
      - UN_SONARR_0_URL=http://transmission:8989
      - UN_SONARR_0_API_KEY=e0d0c7fcba7c40d082849ec899205225
      - UN_SONARR_0_PATHS_0=/data/torrents/tv
      - UN_SONARR_0_PROTOCOLS=torrent
      - UN_SONARR_0_TIMEOUT=10s
      - UN_SONARR_0_DELETE_ORIG=false
      - UN_SONARR_0_DELETE_DELAY=5m
      # Radarr Config
      - UN_RADARR_0_URL=http://transmission:7878
      - UN_RADARR_0_API_KEY=e54a37ae42df43bfa4d4bdbad7974d93
      - UN_RADARR_0_PATHS_0=/data/torrents/movies
      - UN_RADARR_0_PROTOCOLS=torrent
      - UN_RADARR_0_TIMEOUT=10s
      - UN_RADARR_0_DELETE_ORIG=false
      - UN_RADARR_0_DELETE_DELAY=5m
      # Lidarr Config
      - UN_LIDARR_0_URL=http://transmission:8686
      - UN_LIDARR_0_API_KEY=0acedbcf8d6243adb17417a10fdaf00a
      - UN_LIDARR_0_PATHS_0=/data/torrents/music
      - UN_LIDARR_0_PROTOCOLS=torrent
      - UN_LIDARR_0_TIMEOUT=10s
      - UN_LIDARR_0_DELETE_ORIG=false
      - UN_LIDARR_0_DELETE_DELAY=5m
    security_opt:
      - no-new-privileges:true
    networks:
      traefik_net:
    depends_on:
      - sonarr
      - radarr
      - lidarr
  deemix:
    container_name: deemix
    image: finniedj/deemix
    restart: always
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK_SET=022
    volumes:
      - deemix_data:/config
      - /mnt/hdd/data/deemix/music:/downloads
    labels:
      - traefik.enable=true
      - traefik.http.routers.deemix.entrypoints=websecure
      - traefik.http.routers.deemix.rule=Host(`deemix.ghoscht.com`)
      - traefik.http.services.deemix.loadbalancer.server.port=6595
      - traefik.docker.network=traefik-net
      - traefik.http.routers.deemix.tls=true
      - traefik.http.routers.deemix.tls.certresolver=lencrypt
    network_mode: service:vpn
    depends_on:
      vpn:
        condition: service_healthy
  autobrr:
    container_name: autobrr
    image: ghcr.io/autobrr/autobrr:latest
    restart: always
    environment:
      - TZ=Europe/Berlin
    volumes:
      - autobrr_data:/config
    labels:
      - traefik.enable=true
      - traefik.http.routers.autobrr.entrypoints=websecure
      - traefik.http.routers.autobrr.rule=Host(`autobrr.ghoscht.com`)
      - traefik.http.services.autobrr.loadbalancer.server.port=7474
      - traefik.docker.network=traefik-net
      - traefik.http.routers.autobrr.tls=true
      - traefik.http.routers.autobrr.tls.certresolver=lencrypt
    network_mode: service:vpn
    depends_on:
      vpn:
        condition: service_healthy
      prowlarr:
        condition: service_started
      radarr:
        condition: service_started
      sonarr:
        condition: service_started
networks:
  traefik_net:
    name: traefik-net
    external: true
volumes:
  jellyfin_data:
    name: jellyfin_data
  windscribe_data:
    name: windscribe_data
  jellyfin_cache:
    name: jellyfin_cache
  transmission_data:
    name: transmission_data
  sonarr_data:
    name: sonarr_data
  prowlarr_data:
    name: prowlarr_data
  radarr_data:
    name: radarr_data
  bazarr_data:
    name: bazarr_data
  jellyseerr_data:
    name: jellyseerr_data
  lidarr_data:
    name: lidarr_data
  navidrome_data:
    name: navidrome_data
  deemix_data:
    name: deemix_data
  rarbg_data:
    name: rarbg_data
  autobrr_data:
    name: autobrr_data