services:
  tor:
    container_name: tor
    image: harbor.nirvati.org/citadel/tor:latest@sha256:fce68374eab2f44d0139f39b8514596ade385652f14a40dc35d66336d767561d
    user: toruser
    restart: on-failure
    volumes:
    - ${PWD}/tor/torrc-core:/etc/tor/torrc
    - ${PWD}/tor/data:/var/lib/tor/
    ports:
    - 127.0.0.1:$TOR_PROXY_PORT:$TOR_PROXY_PORT
    networks:
      default:
        ipv4_address: $TOR_PROXY_IP
        ipv6_address: $TOR_PROXY_IP6
    extra_hosts:
    - host.docker.internal:host-gateway
  app-tor:
    container_name: app-tor
    image: harbor.nirvati.org/citadel/tor:latest@sha256:fce68374eab2f44d0139f39b8514596ade385652f14a40dc35d66336d767561d
    user: toruser
    restart: on-failure
    volumes:
    - ${PWD}/tor/torrc-apps:/etc/tor/torrc
    - ${PWD}/tor/data:/var/lib/tor/
    networks:
      default:
        ipv4_address: $APPS_TOR_IP
        ipv6_address: $APPS_TOR_IP6
    extra_hosts:
    - host.docker.internal:host-gateway
  app-2-tor:
    container_name: app-2-tor
    image: harbor.nirvati.org/citadel/tor:latest@sha256:fce68374eab2f44d0139f39b8514596ade385652f14a40dc35d66336d767561d
    user: toruser
    restart: on-failure
    volumes:
    - ${PWD}/tor/torrc-apps-2:/etc/tor/torrc
    - ${PWD}/tor/data:/var/lib/tor/
    networks:
      default:
        ipv4_address: $APPS_2_TOR_IP
        ipv6_address: $APPS_2_TOR_IP6
    extra_hosts:
    - host.docker.internal:host-gateway
  app-3-tor:
    container_name: app-3-tor
    image: harbor.nirvati.org/citadel/tor:latest@sha256:fce68374eab2f44d0139f39b8514596ade385652f14a40dc35d66336d767561d
    user: toruser
    restart: on-failure
    volumes:
    - ${PWD}/tor/torrc-apps-3:/etc/tor/torrc
    - ${PWD}/tor/data:/var/lib/tor/
    networks:
      default:
        ipv4_address: $APPS_3_TOR_IP
        ipv6_address: $APPS_3_TOR_IP6
    extra_hosts:
    - host.docker.internal:host-gateway
  caddy:
    container_name: caddy
    image: harbor.nirvati.org/citadel/caddy:latest@sha256:3fd2fafd654cc27db35c13a7591d5428145cc15aaf5f41b771cb3fe6728db4c8
    volumes:
    - ${PWD}/caddy/data:/data
    - ${PWD}/caddy/Caddyfile:/etc/caddy/Caddyfile
    restart: on-failure
    stop_grace_period: 30s
    network_mode: host
  bitcoin:
    container_name: bitcoin
    image: lncm/bitcoind:v25.0@sha256:fad11d4874f1c2dc4373f6fea913bf95e0f0491f377b9a0930f488565e6266f0
    depends_on:
    - tor
    volumes:
    - ${PWD}/bitcoin:/data/.bitcoin
    restart: on-failure
    stop_grace_period: 1m
    ports:
    - $BITCOIN_P2P_PORT:$BITCOIN_P2P_PORT
    networks:
      default:
        ipv4_address: $BITCOIN_IP
        ipv6_address: $BITCOIN_IP6
  dashboard:
    container_name: dashboard
    image: harbor.nirvati.org/citadel/dashboard:latest@sha256:cdbfe78b1f148b419f1c8d0f8baa2919e8384cfc65bf64de46e292f63ea7c03b
    restart: on-failure
    stop_grace_period: 1m30s
    networks:
      default:
        ipv4_address: $DASHBOARD_IP
        ipv6_address: $DASHBOARD_IP6
  manager:
    container_name: manager
    image: harbor.nirvati.org/citadel/api:latest@sha256:1cbbfe1fd31a370e2027377138d27f28a8b570424394be4459a798d5aa06c55b
    depends_on:
    - tor
    restart: on-failure
    init: true
    stop_grace_period: 5m30s
    volumes:
    - ${PWD}/info.json:/info.json
    - ${PWD}/db:/db
    - ${PWD}/events:/events
    - ${PWD}/apps:/apps
    - ${PWD}/statuses:/statuses
    - ${PWD}/tor/data:/var/lib/tor/
    - jwt-public-key:/jwt-public-key
    - jwt-private-key:/jwt-private-key
    environment:
      USER_PASSWORD_FILE: /db/user.json
      JWT_PUBLIC_KEY_FILE: /jwt-public-key/jwt.pem
      JWT_PRIVATE_KEY_FILE: /jwt-private-key/jwt.key
      JWT_EXPIRATION: '3600'
      DEVICE_HOSTS: ${DEVICE_HOSTS:-"http://citadel.local"}
      DEVICE_HOSTNAME: ${DEVICE_HOSTNAME:-""}
      MIDDLEWARE_API_URL: http://$MIDDLEWARE_IP
      MIDDLEWARE_API_PORT: 3000
      SEED_FILE: /db/citadel-seed/seed
      BITCOIN_HOST: $BITCOIN_IP
      BITCOIN_P2P_PORT: $BITCOIN_P2P_PORT
      BITCOIN_RPC_PORT: $BITCOIN_RPC_PORT
      BITCOIN_RPC_USER: $BITCOIN_RPC_USER
      BITCOIN_RPC_PASSWORD: $BITCOIN_RPC_PASS
      GITLAB_REPO: nirvati/citadel/lts/core
      GITLAB_BRANCH: ${UPDATE_CHANNEL:-"stable"}
      VERSION_FILE: /info.json
      UPDATE_LOCK_FILE: /statuses/update-in-progress
      BACKUP_STATUS_FILE: /statuses/backup-status.json
      DEBUG_STATUS_FILE: /statuses/debug-status.json
      TOR_PROXY_IP: ${TOR_PROXY_IP}
      TOR_PROXY_PORT: ${TOR_PROXY_PORT}
      TOR_HIDDEN_SERVICE_DIR: /var/lib/tor
      IS_CITADEL_OS: ${IS_CITADEL_OS:-"true"}
      I2P_PASSWORD: $I2P_PASSWORD
      I2P_USERNAME: i2pd
      ELECTRUM_HOST: $APP_ELECTRUM_IP
      ELECTRUM_PORT: 50001
      KAREN_SOCKET: /events/karen.socket
      IP_ADDR: $DEVICE_IP
    networks:
      default:
        ipv4_address: $MANAGER_IP
        ipv6_address: $MANAGER_IP6
  i2p:
    container_name: i2p
    user: 1000:1000
    image: purplei2p/i2pd:latest@sha256:d8e1a28a8428ed9bda15bbf773e355cf46c89c652dcaa6cd9131606ee308ae47
    working_dir: /data
    volumes:
    - ${PWD}/i2p:/home/i2pd/data
    restart: on-failure
    stop_grace_period: 10s
    init: true
    networks:
      default:
        ipv4_address: $I2P_IP
        ipv6_address: $I2P_IP6
networks:
  default:
    name: citadel_main_network
    enable_ipv6: true
    ipam:
      driver: default
      config:
      - subnet: $NETWORK_IP/24
        gateway: $GATEWAY_IP
      - subnet: $NETWORK_IP6/96
        gateway: $GATEWAY_IP6
volumes:
  jwt-public-key:
    name: citadel-jwt-public-key
  jwt-private-key:
    name: citadel-jwt-private-key