# =============================================================================
# PLEX MEDIA SERVER - DISASTER RECOVERY CONFIGURATION
# =============================================================================
#
# SERVICE OVERVIEW:
# - Primary media streaming server for homelab
# - Serves 4K movies, TV shows, music, and photos
# - Hardware transcoding enabled via Intel Quick Sync
# - Critical service for media consumption
#
# DISASTER RECOVERY NOTES:
# - Configuration stored in /volume1/docker2/plex (CRITICAL BACKUP)
# - Media files in /volume1/data/media (128TB+ library)
# - Database contains watch history, metadata, user preferences
# - Hardware transcoding requires Intel GPU access (/dev/dri)
#
# BACKUP PRIORITY: HIGH
# - Config backup: Daily automated backup required
# - Media backup: Secondary NAS sync (Calypso)
# - Database backup: Included in config volume
#
# RECOVERY TIME OBJECTIVE (RTO): 30 minutes
# RECOVERY POINT OBJECTIVE (RPO): 24 hours
#
# DEPENDENCIES:
# - Volume1 must be accessible (current issue: SSD cache failure)
# - Intel GPU drivers for hardware transcoding
# - Network connectivity for remote access
# - Plex Pass subscription for premium features
#
# PORTS USED:
# - 32400/tcp: Main Plex web interface and API
# - 3005/tcp: Plex Home Theater via Plex Companion
# - 8324/tcp: Plex for Roku via Plex Companion
# - 32469/tcp: Plex DLNA Server
# - 1900/udp: Plex DLNA Server
# - 32410/udp, 32412/udp, 32413/udp, 32414/udp: GDM Network discovery
#
# =============================================================================

services:
  plex:
    # CONTAINER IMAGE:
    # - linuxserver/plex: Community-maintained, regularly updated
    # - Alternative: plexinc/pms-docker (official but less frequent updates)
    # - Version pinning recommended for production: linuxserver/plex:1.32.8
    image: linuxserver/plex:latest

    # CONTAINER NAME:
    # - Fixed name for easy identification and management
    # - Used in monitoring, logs, and backup scripts
    container_name: plex

    # NETWORK CONFIGURATION:
    # - host mode: Required for Plex auto-discovery and DLNA
    # - Allows Plex to bind to all network interfaces
    # - Enables UPnP/DLNA functionality for smart TVs
    # - SECURITY NOTE: Exposes all container ports to host
    network_mode: host

    environment:
      # USER/GROUP PERMISSIONS:
      # - PUID=1029: User ID for file ownership (Synology 'admin' user)
      # - PGID=65536: Group ID for file access (Synology 'administrators' group)
      # - CRITICAL: Must match NAS user/group for file access
      # - Find correct values: id admin (on Synology)
      - PUID=1029 #CHANGE_TO_YOUR_UID
      - PGID=65536 #CHANGE_TO_YOUR_GID

      # TIMEZONE CONFIGURATION:
      # - TZ: Timezone for logs, scheduling, and metadata
      # - Must match system timezone for accurate timestamps
      # - Format: Area/City (e.g., America/Los_Angeles, Europe/London)
      - TZ=America/Los_Angeles #CHANGE_TO_YOUR_TZ

      # FILE PERMISSIONS:
      # - UMASK=022: Default file permissions (755 for dirs, 644 for files)
      # - Ensures proper read/write access for media files
      # - 022 = owner: rwx, group: r-x, other: r-x
      - UMASK=022

      # PLEX VERSION MANAGEMENT:
      # - VERSION=docker: Use version bundled with Docker image
      # - Alternative: VERSION=latest (auto-update, not recommended for production)
      # - Alternative: VERSION=1.32.8.7639-fb6452ebf (pin specific version)
      - VERSION=docker

      # PLEX CLAIM TOKEN:
      # - Used for initial server setup and linking to Plex account
      # - Get token from: https://plex.tv/claim (valid for 4 minutes)
      # - Leave empty after initial setup
      # - SECURITY: Remove token after claiming server
      - PLEX_CLAIM=

    volumes:
      # CONFIGURATION VOLUME:
      # - /volume1/docker2/plex:/config
      # - Contains: Database, metadata, thumbnails, logs, preferences
      # - SIZE: ~50-100GB depending on library size
      # - BACKUP CRITICAL: Contains all user data and settings
      # - RECOVERY: Restore this volume to recover complete Plex setup
      - /volume1/docker2/plex:/config

      # MEDIA VOLUME:
      # - /volume1/data/media:/data/media
      # - Contains: Movies, TV shows, music, photos (128TB+ library)
      # - READ-ONLY recommended for security (add :ro suffix if desired)
      # - STRUCTURE: Organized by type (movies/, tv/, music/, photos/)
      # - BACKUP: Synced to Calypso NAS for redundancy
      - /volume1/data/media:/data/media

    devices:
      # HARDWARE TRANSCODING:
      # - /dev/dri:/dev/dri: Intel Quick Sync Video access
      # - Enables hardware-accelerated transcoding (H.264, H.265, AV1)
      # - CRITICAL: Reduces CPU usage by 80-90% during transcoding
      # - REQUIREMENT: Intel GPU with Quick Sync support
      # - TROUBLESHOOTING: Check 'ls -la /dev/dri' for render devices
      - /dev/dri:/dev/dri

    security_opt:
      # SECURITY HARDENING:
      # - no-new-privileges: Prevents privilege escalation attacks
      # - Container cannot gain additional privileges during runtime
      # - Recommended security practice for all containers
      - no-new-privileges:true

    # RESTART POLICY:
    # - always: Container restarts automatically on failure or system reboot
    # - CRITICAL: Ensures Plex is always available for media streaming
    # - Alternative: unless-stopped (won't restart if manually stopped)
    restart: unless-stopped

# =============================================================================
# DISASTER RECOVERY PROCEDURES:
# =============================================================================
#
# BACKUP VERIFICATION:
# docker exec plex ls -la /config/Library/Application\ Support/Plex\ Media\ Server/
#
# MANUAL BACKUP:
# tar -czf /volume2/backups/plex-config-$(date +%Y%m%d).tar.gz /volume1/docker2/plex/
#
# RESTORE PROCEDURE:
# 1. Stop container: docker-compose down
# 2. Restore config: tar -xzf plex-backup.tar.gz -C /volume1/docker2/
# 3. Fix permissions: chown -R 1029:65536 /volume1/docker2/plex/
# 4. Start container: docker-compose up -d
# 5. Verify: Check http://atlantis.vish.local:32400/web
#
# TROUBLESHOOTING:
# - No hardware transcoding: Check /dev/dri permissions and Intel GPU drivers
# - Database corruption: Restore from backup or rebuild library
# - Permission errors: Verify PUID/PGID match NAS user/group
# - Network issues: Check host networking and firewall rules
#
# MONITORING:
# - Health check: curl -f http://localhost:32400/identity
# - Logs: docker logs plex
# - Transcoding: Plex Dashboard > Settings > Transcoder
# - Performance: Grafana dashboard for CPU/GPU usage
#
# =============================================================================