# docker‑compose.yml (версия 3.8 – поддерживает named volumes и сетевые настройки)
version: "3.8"

services:
  synapse:
    image: matrixdotorg/synapse:latest
    container_name: matrix_synapse
    environment:
      - SYNAPSE_SERVER_NAME=matrix.emsdata.ru
      - SYNAPSE_REPORT_STATS=no
      - TZ=Asia/Vladivostok
    ports:
      - "8008:8008"     # HTTP (без TLS), используемый 뒤 federation/client API
      - "8448:8448"     # блок federation HTTPS (если понадобилось позже)
    volumes:
      - synapse_data:/data
    restart: unless-stopped

  drawio:
    image: jgraph/drawio:latest
    container_name: drawio
    ports:
      - "8080:8080"     # Draw.io в браузере: http://host:8080
    restart: unless-stopped

  static-nginx:
    image: nginx:alpine
    container_name: nginx_static
    ports:
      - "8081:8081"       # простой статический nginx без монтирования – откроется дефолтный index
    volumes:
      - ./nginx-site:/usr/share/nginx/html:ro
    restart: unless-stopped

  npm-app:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx_proxy_manager
    ports:
      - "81:81"  # админка (login: admin@example.com / password: changeme)
      - "80:80"  # http proxy
      - "443:443" # https proxy
    volumes:
      - npm_data:/data
      - npm_letsencrypt:/etc/letsencrypt
    restart: unless-stopped

  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    volumes:
      - ./gitea/data:/data
    ports:
      - "3000:3000"
      - "2222:22"
    restart: unless-stopped

  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard_vpn
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      - "51820:51820/udp"
    volumes:
      - wireguard_data:/config
    restart: unless-stopped

volumes:
  synapse_data:
  npm_data:
  npm_letsencrypt:
  wireguard_data:
  nginx-site: