version: '3'

services:
  letsencrypt:
    restart: unless-stopped
    image: linuxserver/letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      PUID: 1000
      PGID: 1000
      EMAIL: sysadmin@seaturtle.pw
      # URL field must be working since nginx only starts if letsencrypt works
      URL: seaturtle.pw
      SUBDOMAINS: seaturtle
      EXTRA_DOMAINS: www.paul.walko.org,paul.walko.org
      VALIDATION: html # TODO Switch to dns + gandi api once pr is merged
      TZ: America/New_York
    volumes:
      # nginx persistent storage
      - /home/joe/docker/nginx/config:/config
      # RO settings
      - ./htpasswd:/secrets/htpasswd # Create once deployed
      - ./nginx.conf:/config/nginx/nginx.conf:ro
      - ./ssl.conf:/config/nginx/ssl.conf:ro
      - ./site-confs:/config/nginx/site-confs:ro
      - ./jail.local:/config/jail2ban/jail.local:ro
    ports:
      - 128.173.88.78:80:80
      - 128.173.88.78:443:443
      - 2607:b400:0006:cc80:0000:0aff:fe62:000b:80:80
      - 2607:b400:0006:cc80:0000:0aff:fe62:000b:443:443

  syncthing:
    restart: unless-stopped
    image: linuxserver/syncthing
    environment:
      PUID: 1000
      PGID: 1000
      TZ: America/Eastern
      UMASK_SET: <022>
    volumes:
      - /home/joe/docker/syncthing/config:/config
      - /home/joe/docker/syncthing/sync:/sync
    ports:
      - 22000:22000
      - 21027:21027/udp

networks:
  pew-net