# {{ ansible_managed }}
version: '3.7'
services:
  nitter:
    image: git.opnxng.com/opnxng/nitter:latest
    container_name: nitter
    user: "998:998"
    read_only: true
    security_opt:
      - no-new-privileges
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
#    ports:
#      - 8883:8080
    volumes:
      - {{ docker_dir }}/nitter/nitter.conf:/src/nitter.conf:ro
      - {{ docker_dir }}/nitter/about.html:/src/public/md/about.html:ro
      - {{ docker_dir }}/nitter/about.md:/src/public/md/about.md:ro
      - {{ docker_dir }}/nitter/guest_accounts.jsonl:/src/guest_accounts.jsonl
    depends_on:
      - nitter-redis
    restart: unless-stopped
    healthcheck:
      test: wget -nv --tries=1 --spider http://127.0.0.1:8080/Jack/status/20 || exit 1
      interval: 30s
      timeout: 5s
      retries: 2
    networks:
      - nitter

  nitter-redis:
    image: redis:alpine
    container_name: nitter-redis
    command: redis-server --save 60 1 --loglevel warning
    security_opt:
      - no-new-privileges
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
    volumes:
      - {{ docker_dir }}/nitter/redis:/data
    restart: unless-stopped
    user: "999:1000"
    read_only: true
    healthcheck:
      test: redis-cli ping
      interval: 30s
      timeout: 5s
      retries: 2
    networks:
      - nitter

  nitter-nginx:
    image: nginx:stable-alpine-slim
    container_name: nitter-nginx
    security_opt:
      - no-new-privileges
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
    volumes:
      - {{ docker_dir }}/nitter/nginx/nginx.conf:/etc/nginx/nginx.conf
      - {{ docker_dir }}/nitter/nginx/shared_cache.conf:/etc/nginx/shared_cache.conf
      - {{ docker_dir }}/nitter/nginx/shared_static.conf:/etc/nginx/shared_static.conf
      - {{ docker_dir }}/nitter/nginx/nitter_error.log:/var/log/nginx/nitter_error.log
      - {{ docker_dir }}/nitter/nginx/nginx:/etc/logrotate.d/nginx
      - {{ docker_dir }}/nitter/nginx/public:/src/public
      - {{ docker_dir }}/nitter/about.html:/src/public/md/about.html:ro
      - {{ docker_dir }}/nitter/about.md:/src/public/md/about.md:ro
    restart: unless-stopped
    ports:
      - 8883:80
    networks:
      - nitter

  nitter-fail2ban:
    image: lscr.io/linuxserver/fail2ban:latest
    container_name: nitter-fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    security_opt:
      - no-new-privileges
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
#      - VERBOSITY=-vv
    volumes:
      - {{ docker_dir }}/nitter/fail2ban/jail.local:/config/fail2ban/jail.local
      - {{ docker_dir }}/nitter/nginx/nitter_error.log:/var/log/nginx/nitter_error.log
    restart: unless-stopped
    network_mode: host

networks:
  nitter:
    name: nitter