services:
  periphery:
    image: ghcr.io/moghtech/komodo-periphery:latest
    container_name: komodo-periphery
    cpus: 2.0
    mem_limit: "2048m"
    mem_reservation: "512m"
    ports:
      - "8120:8120"
    user: root
    labels:
      - "komodo.skip=true"
    restart: unless-stopped
    #env_file: ./.env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/.docker/config.json:/root/.docker/config.json:ro
      - /proc:/proc
      - /docker/periphery/etc:/etc/komodo
    environment:
      - PERIPHERY_ID=${HOSTNAME}

  dns:
    image: technitium/dns-server:latest
    container_name: dns-${NODE_ID}  # Becomes dns-1 or dns-2
    restart: unless-stopped
    ports:
      - "53:53/udp"
      - "53:53/tcp"
      - "5381:5380/tcp" 
    environment:
      - TZ=America/Edmonton
      - DNS_SERVER_DOMAIN=dns${NODE_ID}.mapletree.email # dns1... or dns2...
      - DNS_SERVER_ADMIN_PASSWORD=${DNS_ADMIN_PASSWORD}
    volumes:
      # Updated path to match your new 'infrastructure' folder structure
      - /docker/core/dns/config:/etc/dns
    networks:
      dns_external
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=dns_external"
      # Dynamic Router Name (dns1 vs dns2)
      - "traefik.http.routers.dns${NODE_ID}.rule=Host(`dns${NODE_ID}.mapletree.email`)"
      - "traefik.http.routers.dns${NODE_ID}.entrypoints=web,websecure"
      - "traefik.http.routers.dns${NODE_ID}.tls.certresolver=myresolver"
      - "traefik.http.services.dns${NODE_ID}.loadbalancer.server.port=5380"

  traefik:
    image: traefik:latest
    container_name: traefik
    cpus: 1.0
    mem_limit: "1024m"
    mem_reservation: "128m"
    restart: always
    ports:
      - "80:80"     # HTTP
      - "443:443"   # HTTPS
      - "888:8080" # Traefik Dashboard (optional, password-protect in production!)
    command:
      - "--api.dashboard=true"
      - "--api.insecure=true"  # Remove or secure in prod
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker.network=web,request"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=admin@mapletree.email"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/docker/traefik/letsencrypt:/letsencrypt"
      - "/docker/traefik/dynamic:/etc/traefik/dynamic"
    networks:
      - web
      - request
      - music
      - media
      - jellyfin
      - syncthing
      - guac_external
      - komodo_external
      - ansible_external
      - dns_external
      - homepage_external

networks:
  guac_external:
    external: true
  komodo_external:
    external: true
  ansible_external:
    external: true
  dns_external:
    external: true
  homepage_external:
    external: true