# docker‑compose.yml y(версия 3.8 – поддерживает named volumes и сетевые настройки)
version: "3.8"

networks:
  ollama_net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/16
  npm:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

services:
  synapse:
    image: matrixdotorg/synapse:latest
    networks:
      - npm
    container_name: matrix_synapse
    environment:
      - SYNAPSE_SERVER_NAME=matrix.emsdata.ru
      - SYNAPSE_REPORT_STATS=no
      - TZ=Asia/Vladivostok
    ports:
      - "8008:8008"     # HTTP (без TLS), используемый 뒤 federation/client API
      - "8448:8448"     # блок federation HTTPS (если понадобилось позже)
    volumes:
      - ./synapse/data:/data
      - ./mautrix:/briges
    restart: unless-stopped

  drawio:
    image: jgraph/drawio:latest
    networks:
      - npm
    container_name: drawio
    ports:
      - "8280:8080"     # Draw.io в браузере: http://host:8080
    restart: unless-stopped

  apache:  
    image: httpd:2.4  
    networks:
      - npm
    ports:
      - 8281:80  
    volumes:  
      - ./src:/usr/local/apache2/htdocs  
    restart: unless-stopped

  static-nginx:
    image: nginx:alpine
    container_name: nginx_static
    networks:
      - npm
    ports:
      - "8282:80"       # простой статический nginx без монтирования – откроется дефолтный index
    volumes:
      - ./nginx-site:/usr/share/nginx/html:ro
    restart: unless-stopped

  npm-app:
    image: 'jc21/nginx-proxy-manager:latest'
    networks:
      ollama_net:
        ipv4_address: 172.28.0.100
      npm:
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      # Mysql/Maria connection parameters:
      DB_MYSQL_HOST: "docker-db-1"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: ${db_user}
      DB_MYSQL_PASSWORD: ${db_password}
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./npm_data:/data
      - ./npm_letsencrypt:/etc/letsencrypt
    depends_on:
      - db

  db:
    image: 'jc21/mariadb-aria:latest'
    networks:
      - npm
    restart: unless-stopped
    environment:
      MYSQL_DATABASE: 'npm'
      MYSQL_USER:  ${db_user}
      MYSQL_PASSWORD: ${db_password}
      MARIADB_AUTO_UPGRADE: '1'
    volumes:
      - ./mysql:/var/lib/mysql

  gitea:
    image: gitea/gitea:latest
    networks:
      - npm
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    volumes:
      - ./gitea/data:/data
    ports:
      - "3000:3000"
      - "2222:22"
    restart: unless-stopped

  mautrix:
    image: dock.mau.dev/mautrix/telegram:latest
    networks:
      - npm
    restart: unless-stopped
    volumes:
      - ./mautrix:/data
    environment:
      - TZ=Asia/Vladivostok
    ports:
      - "29371:29371"
    
  registry:
    image: registry:latest
    networks:
      - npm
    restart: unless-stopped
    environment:
      - REGISTRY_AUTH=htpasswd
      - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
      - REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password
        #- REGISTRY_HTTP_ADDR=0.0.0.0:5000
        #- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
        #- REGISTRY_HTTP_TLS_KEY=/certs/domain.key
    ports:
      - "5000:5000"
    volumes:
      - ./registry/registry.password:/auth/registry.password
        #- ./registry/certs:/certs
      - ./registry/data:/data

  open-webui:
    image: ghcr.io/open-webui/open-webui:git-3111d1b-ollama
    container_name: open-webui
    networks:
      - npm
      - ollama_net
    restart: unless-stopped
    expose:
      - 8080/tcp
    ports:
      - "8111:8080"
    environment:
      - OLLAMA_BASE_URL=http://ollama:11434
    volumes:
      - ./open-webui:/app/backend/data
    depends_on:
      - ollama

  ollama:
    image: ollama/ollama
    container_name: ollama
    networks:
      - ollama_net
    restart: unless-stopped
    expose:
      - 11434/tcp
    ports:
      - "11434:11434"
    healthcheck:
      test: ollama --version || exit 1
        #entrypoint:  /root/entrypoint.sh
        #environment:
      #      - ENABLE_OLLAMA_STREAMING=false
    volumes:
      - ollama:/root/.ollama
      - ./ollama/entrypoint.sh:/root/entrypoint.sh

        #  ollama:
        #    image: ollama/ollama:latest
        #    container_name: ollama
        #    networks:
        #      ollama_net:
        #        ipv4_address: 172.28.0.10
        #    restart: unless-stopped
        #    volumes:
        #      - ollama:/root/.ollama
        #    ports:
        #      - "11434:11434"
        #    environment:
        #      #      - OLLAMA_NUM_THREADS=8
        #      - OLLAMA_NO_GPU=1 
        #        #- OLLAMA_HOST=0.0.0.0

        #  open-webui:
        #    image: ghcr.io/open-webui/open-webui:main
        #    container_name: open-webui
        #    networks:
        #      ollama_net:
        #        ipv4_address: 172.28.0.20
        #    ports:
        #      - "8080:8080"
        #    volumes:
        #      - ./open-webui:/app/backend/data
        #    environment:
        #      - OLLAMA_BASE_URL=http://172.28.0.10:11434
        #      - ENABLE_OLLAMA_STREAMING=true
        #      - ENABLE_WEBSOCKET_SUPPORT=true
        #      - GLOBAL_LOG_LEVEL=DEBUG
        #    depends_on:
        #      - ollama


  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard_vpn
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      - "51820:51820/udp"
    volumes:
      - ./wireguard:/config
    restart: unless-stopped

volumes:
  synapse_data:
  npm_data:
  npm_letsencrypt:
  nginx-site:
  mysql:
  synapse:
  mautrix:
  registry-data:
  wireguard:
  ollama: