services:
  netdata:
    image: ${NETDATA_IMAGE:-netdata/netdata:latest}
    container_name: ${NETDATA_COMPOSE_PROJECT_NAME}_app
    restart: unless-stopped
    hostname: ${NETDATA_HOSTNAME:-netdata.pivoine.art}
    cap_add:
      - SYS_PTRACE
      - SYS_ADMIN
    security_opt:
      - apparmor:unconfined
    volumes:
      - netdata_config:/etc/netdata
      - netdata_lib:/var/lib/netdata
      - netdata_cache:/var/cache/netdata
      - ./go.d/postgres.conf:/etc/netdata/go.d/postgres.conf:ro
      - ./go.d/filecheck.conf:/etc/netdata/go.d/filecheck.conf:ro
      - ./health_alarm_notify.conf:/etc/netdata/health_alarm_notify.conf:ro
      - ./msmtprc:/etc/msmtprc:ro
      - /mnt/hidrive/users/valknar/Backup:/mnt/hidrive/users/valknar/Backup:ro
      - /etc/passwd:/host/etc/passwd:ro
      - /etc/group:/host/etc/group:ro
      - /etc/localtime:/etc/localtime:ro
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /etc/os-release:/host/etc/os-release:ro
      - /var/log:/host/var/log:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-}
      - NETDATA_CLAIM_URL=${NETDATA_CLAIM_URL:-}
      - NETDATA_CLAIM_ROOMS=${NETDATA_CLAIM_ROOMS:-}
    networks:
      - compose_network
    labels:
      - 'traefik.enable=${NETDATA_TRAEFIK_ENABLED}'
      # HTTP to HTTPS redirect
      - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.rule=Host(`${NETDATA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
      # HTTPS router
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${NETDATA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-compress.compress=true'
      - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}'
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-auth,${NETDATA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${NETDATA_COMPOSE_PROJECT_NAME}.loadbalancer.server.port=19999'
      - 'traefik.docker.network=${NETWORK_NAME}'
      # Watchtower
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

volumes:
  netdata_config:
    name: ${NETDATA_COMPOSE_PROJECT_NAME}_config
  netdata_lib:
    name: ${NETDATA_COMPOSE_PROJECT_NAME}_lib
  netdata_cache:
    name: ${NETDATA_COMPOSE_PROJECT_NAME}_cache

networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true