version: '3.9'

services:

  duckdns:
    image: lscr.io/linuxserver/duckdns:latest
    container_name: duckdns
    restart: unless-stopped
    environment:
      - PUID=1000 #optional
      - PGID=1000 #optional
      - TZ=Europe/London
      - SUBDOMAINS=${DUCKDNS_SUBDOMAINS}
      - TOKEN=${DUCKDNS_TOKEN}
      - LOG_FILE=true #optional
    volumes:
      - ${PATH_DB_DATA}/duckdns_config:/config

  traefik:
    image: "traefik:v3.3"
    container_name: "traefik"
    restart: unless-stopped
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # Logs for fail2ban
      - "--log.level=INFO"
      - "--accesslog=true"
      - "--accesslog.filepath=/var/log/traefik/access.log"
      # HTTPS
      - "--entrypoints.websecure.address=:443"
      # HTTPS -> Timeouts
      - "--entrypoints.websecure.transport.respondingTimeouts.readTimeout=1200s"
      - "--entrypoints.websecure.transport.respondingTimeouts.idleTimeout=1200s"
      - "--entrypoints.websecure.transport.respondingTimeouts.writeTimeout=1200s"
      # HTTP -> HTTPS
      - "--entryPoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      # Let's Encrypt
      - "--certificatesresolvers.myresolver.acme.email=${TRAEFIK_MAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      # TLS challenge to request new certificate
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "${PATH_DB_DATA}/letsencrypt:/letsencrypt"
      - "${PATH_DB_DATA}/traefik_logs:/var/log/traefik"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"


  ollama:
    image: ollama/ollama:latest
    container_name: ollama
    restart: unless-stopped
    ports:
      - '11434:11434'
    volumes:
      - ${PATH_DB_DATA}/ollama:/root/.ollama
    #deploy:
    #  resources:
    #    limits:
    #      memory: 6G
    #      cpus: 6   # 80% for 8 cores
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ollama-secure.rule=Host(`${OLLAMA_REVERSE_PROXY_URL}`)"
      - "traefik.http.routers.ollama.entrypoints=websecure"
      - "traefik.http.routers.ollama-secure.tls.certresolver=myresolver"
      - "traefik.http.services.ollama.loadbalancer.server.port=11434"

  ollama-webui:
    image: ghcr.io/ollama-webui/ollama-webui:main
    container_name: ollama-webui
    restart: unless-stopped
    ports:
      - 8080:8080
    volumes:
      - ${PATH_DB_DATA}/ollama-webui:/app/backend/data
    depends_on:
      - ollama
    environment:
      - 'OLLAMA_API_BASE_URL=http://ollama:11434/api'
      - 'ENABLE_SIGNUP=false'
      #- 'ENABLE_RAG_WEB_SEARCH=true'
      #- 'RAG_WEB_SEARCH_ENGINE=brave'
      #- 'ENABLE_IMAGE_GENERATION=true'
      #- 'IMAGE_GENERATION_ENGINE=comfyui'
      #- 'COMFYUI_BASE_URL=comfyui.matitos.org'
      #- 'COMFYUI_API_KEY='
      #- 'COMFYUI_WORKFLOW=' # https://docs.openwebui.com/getting-started/env-configuration#comfyui_workflow
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ollamawebui-secure.rule=Host(`${OLLAMA_WEBUI_REVERSE_PROXY_URL}`)"
      - "traefik.http.routers.ollamawebui.entrypoints=websecure"
      - "traefik.http.routers.ollamawebui-secure.tls.certresolver=myresolver"
      - "traefik.http.services.ollamawebui.loadbalancer.server.port=8080"


  #fetcher_app_selenium:
  #  image: fetcher_app_selenium
  #  build:
  #    context: ./app_selenium
  #    args:
  #      - ARCH=${ARCH} # arm64, amd64
  #  container_name: fetcher_app_selenium
  #  restart: unless-stopped
  #  shm_size: 512mb
  #  environment:
  #    - SELENIUM_SLEEP_PER_PAGE=${SELENIUM_SLEEP_PER_PAGE}
  #    - PATH_LOGS_DIRECTORY=${PATH_LOGS_DIRECTORY}
  #  ports:
  #    - 80
  #  dns:
  #    - 1.1.1.1
  #    - 1.0.0.1
  #  deploy:
  #    resources:
  #      limits:
  #        cpus: '${DEPLOY_CPUS}'
  #        memory: ${DEPLOY_RAM}

  fetcher_app_urls:
    image: fetcher_app_urls
    build:
      context: ./app_urls
    container_name: fetcher_app_urls
    restart: unless-stopped
    environment:
      # Initialization
      - INITIALIZE_DB=${INITIALIZE_DB}  # Related to DB persistence
      - DJANGO_SUPERUSER_USERNAME=${DJANGO_SUPERUSER_USERNAME}
      - DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD}
      - DJANGO_SUPERUSER_EMAIL=${DJANGO_SUPERUSER_EMAIL}
      # Django
      - DJANGO_ALLOWED_HOSTS=${DJANGO_ALLOWED_HOSTS} # host1,host2
      - DJANGO_ALLOWED_ORIGINS=${DJANGO_ALLOWED_ORIGINS} # Reverse proxy
      - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
      - DJANGO_DEBUG=${DJANGO_DEBUG}
      - PATH_LOGS_DIRECTORY=${PATH_LOGS_DIRECTORY}
      # Database
      - DB_NAME=${DB_NAME}
      - DB_USER=${DB_USER}
      - DB_PASSWORD=${DB_PASSWORD}
      - DB_HOST=${DB_HOST}
      - DB_PORT=${DB_PORT}
      - REDIS_HOST=${REDIS_HOST}
      - REDIS_PORT=${REDIS_PORT}
      # Job timeout: 30 min
      - JOB_DEFAULT_TIMEOUT=${JOB_DEFAULT_TIMEOUT}
      # Fetcher
      - FETCHER_GNEWS_DECODE_SLEEP=${FETCHER_GNEWS_DECODE_SLEEP}
      - FETCHER_GOOGLE_GENERAL_PAGE_ITER_SLEEP=${FETCHER_GOOGLE_GENERAL_PAGE_ITER_SLEEP}
      - FETCHER_BETWEEN_SEARCHES_SLEEP=${FETCHER_BETWEEN_SEARCHES_SLEEP}  # Sleep time between each search
      - FETCHER_URL_HOST_SLEEP=${FETCHER_URL_HOST_SLEEP}  # Sleep time between requests to same URL host
      - FETCHER_LANGUAGE_DETECTION_MIN_CHAR=${FETCHER_LANGUAGE_DETECTION_MIN_CHAR}  # Min amonut of characters to run language detection
      - FETCHER_INSERT_URL_CACHE_TIME=${FETCHER_INSERT_URL_CACHE_TIME} # Cache time: Insert raw URL
      - FETCHER_ERROR_URL_CACHE_TIME=${FETCHER_ERROR_URL_CACHE_TIME} # Cache time: Error on processing URL
      # Selenium
      - SELENIUM_ENDPOINT=${SELENIUM_ENDPOINT}
      - ENDPOINT_OLLAMA=${ENDPOINT_OLLAMA}
      # Ghost
      - GHOST_ADMIN_API_KEY=${GHOST_ADMIN_API_KEY}
      - GHOST_ADMIN_API_URL=${GHOST_ADMIN_API_URL}
      - PEXELS_API_KEY=${PEXELS_API_KEY}
    ########################
    #volumes:   # Development mode
    #  - ./app_urls:/opt/app
    ########################
    ports:
      - 8000:8000
    depends_on:
      - fetcher_db
      - fetcher_redis
    dns:
      - 1.1.1.1
      - 1.0.0.1
    deploy:
      resources:
        limits:
          cpus: '${DEPLOY_CPUS}'
          memory: ${DEPLOY_RAM}
    labels:  # Reverse proxy sample
      - "traefik.enable=true"
      - "traefik.http.routers.fetcher.rule=Host(`${REVERSE_PROXY_URL}`)"
      - "traefik.http.routers.fetcher.entrypoints=websecure"
      - "traefik.http.routers.fetcher.tls.certresolver=myresolver"
      - "traefik.http.services.fetcher.loadbalancer.server.port=8000"

  fetcher_db:
    image: postgres:17
    container_name: fetcher_db
    restart: unless-stopped
    # Set shared memory limit when using docker-compose
    shm_size: 128mb
    environment:
      POSTGRES_DB: ${DB_NAME}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_INITDB_ARGS: '--data-checksums'
    volumes:   # Persistent DB?
      - ${PATH_DB_DATA}/postgres:/var/lib/postgresql/data
    ports:
      - 5432 #:5432

  fetcher_redis:
    image: redis:alpine
    container_name: fetcher_redis
    restart: unless-stopped
    ports:
      - 6379 #:6379