services:
  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TZ:-Europe/Berlin}
      # Make sure these variables are defined in your .env file or host system
      # otherwise they will be empty inside the container.
      - SERVICE_URL_RADARR_7878
      - _APP_URL=$SERVICE_URL_RADARR
    volumes:
      # Option A: Named Volume (Managed by Docker, harder to backup manually)
      - radarr-config:/config
      # Option B: Bind Mount (Easier to backup, stores files on your host folder)
      # - ./config/radarr:/config  <-- I usually recommend this for "arr" apps
      
      # YOUR STORAGE BOX
      - /mnt/osirisbox:/data

    # FIX: This was indented inside 'volumes' in your snippet. 
    # It must be at the same level as 'volumes' and 'environment'.
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:7878/ping"]
      interval: 30s # 2s is very aggressive, 30s is standard
      timeout: 10s
      retries: 3

    labels:
      - "traefik.enable=true"
      # Define a custom service pointing to port 7878 (radarr WebUI)
      - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878"

      # --- SECURE ROUTER (HTTPS) ---
      # 1. Match the domain
      - "traefik.http.routers.radarr-secure.rule=Host(`radarr.karmacoma.dev`)"
      # 2. Use HTTPS entrypoint
      - "traefik.http.routers.radarr-secure.entrypoints=https"
      # 3. Enable TLS (SSL) using LetsEncrypt
      - "traefik.http.routers.radarr-secure.tls=true"
      - "traefik.http.routers.radarr-secure.tls.certresolver=letsencrypt"
      # 4. Apply the Authentik Middleware (Check the name matches your dynamic config)
      - "traefik.http.routers.radarr-secure.middlewares=authentik-auth@file"
      # 5. Point to the service we defined above
      - "traefik.http.routers.radarr-secure.service=radarr-svc"
      # 6. PRIORITY: This is the fix. Higher number wins over Coolify defaults.
      - "traefik.http.routers.radarr-secure.priority=100"

      # --- OPTIONAL: HTTP REDIRECT (Standard Coolify behavior) ---
      - "traefik.http.routers.gluetun-http.rule=Host(`qbittorrent.karmacoma.dev`)"
      - "traefik.http.routers.gluetun-http.entrypoints=http"
      - "traefik.http.routers.gluetun-http.middlewares=redirect-to-https"
      - "traefik.http.routers.gluetun-http.priority=100"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

# If you stick with Option A (radarr-config), you must declare it here:
volumes:
  radarr-config: