version: "3.8"

services:
  # The only non-swarm service is a portainer instance that allows for easy management of the swarm
  portainer:
    image: portainer/portainer-ce:latest
    ports:
      - "9000:9000"
      - "8000:8000"
      - "9443:9443"
    volumes:
      - portainer_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      placement:
        constraints:
          - node.role == manager
  # Watchtower is used to automatically update the core services
  #! Watchtower updates all containers running on the bound socket
  #! so the maintainers need to be aware of this
  watchtower:
    image: containrrr/watchtower:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      placement:
        constraints:
          - node.role == manager
    command: --interval 30 --cleanup

# This defines the NFS volumes for portainer persistence
#! This requires nodes to be IP whitelisted in the NAS
volumes:
  portainer_data:
    driver: local
    driver_opts:
      type: nfs
      device: ":volume1/portainer_data"
      o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"