---
services:
  nginx:
    image: jc21/nginx-proxy-manager:2.12.2
    container_name: nginx-proxy-manager
    ports:
      - 80:80
      - 81:81
      - 443:443
    volumes:
      - /docker/appdata/nginx/data:/data
      - /docker/appdata/nginx/letsencrypt:/etc/letsencrypt
    restart: unless-stopped

  fail2ban:
    image: crazymax/fail2ban:1.1.0
    container_name: fail2ban_docker-pi
    network_mode: "host"
    cap_add:
      - NET_ADMIN
      - NET_RAW
    volumes:
      - "/docker/appdata/fail2ban/data:/data"
      - "/var/log/auth.log:/var/log/auth.log:ro"
      - "/docker/appdata/nginx/data/logs/:/log/npm/:ro"
    environment:
      - TZ=America/New_York
      - F2B_LOG_TARGET=STDOUT
      - F2B_LOG_LEVEL=INFO
      - F2B_DB_PURGE_AGE=1d
      - SSMTP_HOST=$SSMTP_HOST
      - SSMTP_PORT=587
      - SSMTP_HOSTNAME=$SSMTP_HOSTNAME
      - SSMTP_USER=$SSMTP_USER
      - SSMTP_PASSWORD=$SSMTP_PASSWORD
      - SSMTP_TLS=YES
    restart: always

  cf-tunnel:
    restart: unless-stopped
    image: cloudflare/cloudflared@sha256:aa7e8d321c7d3f3f49cb7e29a0b17e2811e4d738cb468d0ab6fc8020f0dd7b71
    command: tunnel --no-autoupdate run --token $CF_TOKEN

  twingate-famous-alligator:
    image: twingate/connector@sha256:7afe20a41da68920693e32de852a9e68cbf7536938fff5396441e80af4cdffb0
    container_name: twingate-famous-alligator
    restart: always
    environment:
      - TWINGATE_NETWORK=$TWINGATE_NETWORK
      - TWINGATE_ACCESS_TOKEN=$TWINGATE_ACCESS_TOKEN
      - TWINGATE_REFRESH_TOKEN=$TWINGATE_REFRESH_TOKEN
      - TWINGATE_LABEL_HOSTNAME=${HOSTNAME}
      - TWINGATE_LABEL_DEPLOYED_BY=docker
    sysctls:
      - net.ipv4.ping_group_range=0 2147483647