services:
    ytdl_material:
        environment:
            ytdl_mongodb_connection_string: 'mongodb://ytdl-mongo-db:27017'
            ytdl_use_local_db: 'false'
            write_ytdl_config: 'true'
            # Option 1: Let container start as root and drop privileges (default behavior)
            # Uncomment these lines to set custom UID/GID:
            # UID: 1000
            # GID: 1000

            # SSL/HTTPS Configuration (optional)
            # Uncomment and set paths to enable HTTPS:
            # ytdl_ssl_cert_path: /mnt/keys/bindable-internal/lurker/fullchain-or-ca.pem
            # ytdl_ssl_key_path: /mnt/keys/bindable-internal/lurker/privkey.pem

            # Backend log level (optional): error, warn, info, verbose, debug
            # YTDL_LOG_LEVEL: info

            # Multi-user mode (required for OIDC)
            # ytdl_multi_user_mode: 'true'

            # OIDC / OpenID Connect (optional)
            # If enabled, ytdl_multi_user_mode must also be true
            # ytdl_oidc_enabled: 'true'
            # ytdl_oidc_issuer_url: 'https://idp.example.com/realms/ytdl'
            # ytdl_oidc_client_id: 'youtubedl-material'
            # ytdl_oidc_client_secret: 'replace-with-secret'
            # ytdl_oidc_redirect_uri: 'https://ytdl.example.com/api/auth/oidc/callback'
            # ytdl_oidc_scope: 'openid profile email'
            # ytdl_oidc_allowed_groups: 'media,admins'
            # ytdl_oidc_group_claim: 'groups'
            # ytdl_oidc_admin_claim: 'groups'
            # ytdl_oidc_admin_value: 'admin'
            # ytdl_oidc_auto_register: 'true'
            # ytdl_oidc_username_claim: 'preferred_username'
            # ytdl_oidc_display_name_claim: 'name'
            # Optional one-time ownership migration for unassigned media:
            # ytdl_oidc_migrate_videos: 'admin'

            # Reverse Proxy Whitelist (optional)
            # Whitelists the reverse proxy's IP (the direct connecting IP, not end clients)
            # This checks which reverse proxy is allowed to connect, not client IPs
            # Leave commented for no IP filtering
            # Example single IP: 172.28.0.100/32
            # Example subnet: 172.28.0.0/24
            # Example multiple ranges: 172.28.0.100/32,10.0.0.0/8
            # ytdl_reverse_proxy_whitelist: 172.28.0.100/32
        # Option 2: Start container directly as non-root user (more secure, faster)
        # Uncomment this line to run as a specific user (requires proper volume permissions):
        # user: "1000:1000"
        restart: always
        depends_on:
            ytdl-mongo-db:
                condition: service_healthy
        volumes:
            - ./appdata:/app/appdata
            - ./audio:/app/audio
            - ./video:/app/video
            - ./subscriptions:/app/subscriptions
            - ./users:/app/users
        ports:
            - "8998:17442"
        image: voc0der/youtubedl-material:nightly
    ytdl-mongo-db:
        # If you are using an older Raspberry Pi / 32-bit setup, use mongo:4.4.18
        image: mongo:8
        healthcheck:
            test: ["CMD-SHELL", "mongosh --eval 'db.runCommand({ping:1}).ok' --quiet"]
            interval: 15s
            timeout: 30s
            retries: 5
            start_period: 35s
            start_interval: 1s
        logging:
            driver: "none"          
        container_name: mongo-db
        restart: always
        volumes:
            - ./db/:/data/db