# Docker Compose Override
# Copy this file to docker-compose.override.yml and customize
# This file is automatically loaded by docker-compose

version: "3.8"

services:
  # ============================================================================
  # Traefik Customization
  # ============================================================================
  traefik:
    # Bind internal entrypoint to Tailscale IP only
    ports:
      - "80:80"
      - "443:443"
      # Uncomment and set TAILSCALE_IP in .env
      # - "${TAILSCALE_IP}:8443:8443"
    
    # Additional volumes for custom certs
    # volumes:
    #   - ./custom-certs:/certs:ro

  # ============================================================================
  # Add Your Services Below
  # ============================================================================
  
  # Example: Static website
  # website:
  #   image: nginx:alpine
  #   container_name: website
  #   restart: unless-stopped
  #   networks:
  #     - traefik-external
  #   volumes:
  #     - ./website:/usr/share/nginx/html:ro
  #   labels:
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.website.rule=Host(`lemonlink.eu`) || Host(`www.lemonlink.eu`)"
  #     - "traefik.http.routers.website.entrypoints=websecure"
  #     - "traefik.http.routers.website.tls.certresolver=letsencrypt"
  #     # No Authelia for public website
  #     - "traefik.http.services.website.loadbalancer.server.port=80"

  # Example: Bookmarks service
  # linkding:
  #   image: sissbruecker/linkding:latest
  #   container_name: linkding
  #   restart: unless-stopped
  #   networks:
  #     - services
  #   environment:
  #     - LD_SUPERUSER_NAME=admin
  #     - LD_SUPERUSER_PASSWORD=${LINKDING_ADMIN_PASSWORD}
  #   volumes:
  #     - linkding-data:/etc/linkding/data
  #   labels:
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.linkding.rule=Host(`bookmarks.lemonlink.eu`)"
  #     - "traefik.http.routers.linkding.entrypoints=websecure"
  #     - "traefik.http.routers.linkding.tls.certresolver=letsencrypt"
  #     - "traefik.http.routers.linkding.middlewares=authelia@docker"

  # Example: File browser (internal only)
  # filebrowser:
  #   image: filebrowser/filebrowser:latest
  #   container_name: filebrowser
  #   restart: unless-stopped
  #   networks:
  #     - services
  #   volumes:
  #     - /path/to/your/files:/srv
  #     - filebrowser-data:/database
  #   labels:
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.filebrowser.rule=Host(`files.local.lemonlink.eu`)"
  #     - "traefik.http.routers.filebrowser.entrypoints=internal"
  #     - "traefik.http.routers.filebrowser.tls.certresolver=letsencrypt"
  #     - "traefik.http.routers.filebrowser.middlewares=authelia@docker"

  # Example: Media server (Jellyfin)
  # jellyfin:
  #   image: jellyfin/jellyfin:latest
  #   container_name: jellyfin
  #   restart: unless-stopped
  #   networks:
  #     - services
  #   environment:
  #     - PUID=1000
  #     - PGID=1000
  #   volumes:
  #     - jellyfin-config:/config
  #     - /path/to/media:/media:ro
  #   labels:
  #     - "traefik.enable=true"
  #     # External access with auth
  #     - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.lemonlink.eu`)"
  #     - "traefik.http.routers.jellyfin.entrypoints=websecure"
  #     - "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
  #     - "traefik.http.routers.jellyfin.middlewares=authelia@docker"
  #     # Internal access (direct)
  #     - "traefik.http.routers.jellyfin-internal.rule=Host(`jellyfin.local.lemonlink.eu`)"
  #     - "traefik.http.routers.jellyfin-internal.entrypoints=internal"
  #     - "traefik.http.routers.jellyfin-internal.tls.certresolver=letsencrypt"
  #     # Jellyfin uses its own auth, so skip Authelia for internal

# Additional volumes for your services
# volumes:
#   linkding-data:
#   filebrowser-data:
#   jellyfin-config: