services:
  caddy:
    image: git.housh.dev/homelab/caddy:latest
    container_name: caddy
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - CLOUDFLARE_EMAIL=${CF_EMAIL}
      - CLOUDFLARE_API_TOKEN=${CF_AUTH_TOKEN}
      - ACME_AGREE=true
    ports:
      - 80:80
      - 443:443
      - "443:443/udp"
    cap_add:
      - NET_ADMIN
    volumes:
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - proxy
    security_opt:
      - no-new-privileges:true
    labels:
      com.centurylinklabs.watchtower.enable: true

  # This is primarily for pulling and restarting the primary caddy service
  # because restarting caddy through webhooks spawned by komodo do not really
  # work, because caddy is the gateway of communication with komodo, therefore
  # when I tried webhooks it would pull the new data / configuration, stop the caddy service,
  # and I would have to ssh into the server to restart caddy for changes to take effect.
  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - backend
    environment:
      WATCTOWER_LABEL_ENABLE: true
      WATCHTOWER_POLL_INTERVAL: 300 # 5 minutes

volumes:
  caddy_data: {}
  caddy_config: {}

networks:
  proxy:
    external: true
  backend:
    external: true