---
services:
  nginx:
    image: jc21/nginx-proxy-manager:2.12.1
    container_name: nginx-proxy-manager
    ports:
      - 80:80
      - 81:81
      - 443:443
    volumes:
      - /docker/appdata/nginx/data:/data
      - /docker/appdata/nginx/letsencrypt:/etc/letsencrypt
    restart: unless-stopped
  
  fail2ban:
    image: crazymax/fail2ban:1.1.0
    container_name: fail2ban_docker-pi
    network_mode: "host"
    cap_add:
      - NET_ADMIN
      - NET_RAW
    volumes:
      - "/docker/appdata/fail2ban/data:/data"
      - "/var/log/auth.log:/var/log/auth.log:ro"
      - "/docker/appdata/nginx/data/logs/:/log/npm/:ro"
    environment:
      - TZ=America/New_York
      - F2B_LOG_TARGET=STDOUT
      - F2B_LOG_LEVEL=INFO
      - F2B_DB_PURGE_AGE=1d
      - SSMTP_HOST=$SSMTP_HOST
      - SSMTP_PORT=587
      - SSMTP_HOSTNAME=$SSMTP_HOSTNAME
      - SSMTP_USER=$SSMTP_USER
      - SSMTP_PASSWORD=$SSMTP_PASSWORD
      - SSMTP_TLS=YES
    restart: always
  
  cf-tunnel:
    restart: unless-stopped
    image: cloudflare/cloudflared@sha256:119c1712ba89bfb32a404ef6b949284519a99f3de5c1202f483a6800fd1c638e
    command: tunnel --no-autoupdate run --token $CF_TOKEN

  twingate-famous-alligator:
    image: twingate/connector@sha256:f5aded82f662144c56c87e4238ea4a20abcc525edc5ad7cdecdac187cf274520
    container_name: twingate-famous-alligator
    restart: always
    environment:
      - TWINGATE_NETWORK=$TWINGATE_NETWORK
      - TWINGATE_ACCESS_TOKEN=$TWINGATE_ACCESS_TOKEN
      - TWINGATE_REFRESH_TOKEN=$TWINGATE_REFRESH_TOKEN
      - TWINGATE_LABEL_HOSTNAME=${HOSTNAME}
      - TWINGATE_LABEL_DEPLOYED_BY=docker
    sysctls:
      - net.ipv4.ping_group_range=0 2147483647