services:
  traefik:
    image: traefik:v3.1
    container_name: aad-files-traefik
    restart: unless-stopped
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.filename=/etc/traefik/dynamic.yml
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --api.dashboard=true
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/traefik.yml:/etc/traefik/traefik.yml:ro
      - ./traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
      - ./traefik/certs:/certs:ro
    environment:
      - TRAEFIK_HOSTNAME=${TRAEFIK_HOSTNAME}

  webui:
    build:
      context: ./webui
    container_name: aad-files-webui
    restart: unless-stopped
    environment:
      - NODE_ENV=production
      - ENTRA_TENANT_ID=${ENTRA_TENANT_ID}
      - ENTRA_CLIENT_ID=${ENTRA_CLIENT_ID}
      - ENTRA_CLIENT_SECRET=${ENTRA_CLIENT_SECRET}
      - ENTRA_REDIRECT_URI=${ENTRA_REDIRECT_URI}
      - ALLOWED_UPN_SUFFIX=${ALLOWED_UPN_SUFFIX}
      - WEBUI_SESSION_SECRET=${WEBUI_SESSION_SECRET}
      - DOMAIN_REALM=${DOMAIN_REALM}
      - SAMBA_GENERATED_PATH=/samba-generated/shares.generated.conf
      - DATA_ROOT=/data
      - FILESVC_UID=10050
      - FILESVC_GID=10050
    volumes:
      - /srv/files/data:/data
      - samba-generated:/samba-generated
      - webui-db:/var/lib/webui
    labels:
      - traefik.enable=true
      - traefik.http.routers.webui.rule=Host(`${TRAEFIK_HOSTNAME}`)
      - traefik.http.routers.webui.entrypoints=websecure
      - traefik.http.routers.webui.tls=true
      - traefik.http.services.webui.loadbalancer.server.port=3000
    depends_on:
      - samba

  samba:
    build:
      context: ./samba
    container_name: aad-files-samba
    restart: unless-stopped
    hostname: ${SAMBA_NETBIOS_NAME}
    environment:
      - DOMAIN_REALM=${DOMAIN_REALM}
      - DOMAIN_WORKGROUP=${DOMAIN_WORKGROUP}
      - DOMAIN_JOIN_USER=${DOMAIN_JOIN_USER}
      - DOMAIN_JOIN_PASSWORD=${DOMAIN_JOIN_PASSWORD}
      - SAMBA_NETBIOS_NAME=${SAMBA_NETBIOS_NAME}
      - FILESVC_UID=10050
      - FILESVC_GID=10050
    ports:
      - 445:445
    volumes:
      - /srv/files/data:/data
      - samba-state:/var/lib/samba
      - samba-cache:/var/cache/samba
      - samba-generated:/samba-generated

  backupd:
    build:
      context: ./backupd
    container_name: aad-files-backupd
    restart: unless-stopped
    environment:
      - BACKUP_CRON=${BACKUP_CRON}
      - BACKUP_REMOTE_PATH=${BACKUP_REMOTE_PATH}
      - BACKUP_COMPRESSION=${BACKUP_COMPRESSION}
      - SQLITE_DB_PATH=/var/lib/webui/app.db
    volumes:
      - /srv/files/data:/data:ro
      - /srv/files/remote-backup:/remote
      - webui-db:/var/lib/webui:ro

volumes:
  samba-generated:
  samba-state:
  samba-cache:
  webui-db: