services:
  crowdsec:
    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10
    container_name: crowdsec
    environment:
      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
      - GID=${GID}
      - COLLECTIONS=${COLLECTIONS}
    volumes:
      - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d
      - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/
      - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
      - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
    networks:
      - frontend
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s 

  caddy:
    image: docker.io/ryuupendragon/caddy-cloudflare-crowdsec:2.10.0
    container_name: caddy
    depends_on:
      crowdsec:
        condition: service_healthy
    cap_add:
      - NET_ADMIN
    environment:
      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
    volumes:
      - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy
      - ${APPDATA_PATH}/caddy/caddy-config:/config
      - ${APPDATA_PATH}/caddy/caddy-data:/data
      - ${APPDATA_PATH}/caddy/caddy-logs:/logs
      - ${APPDATA_PATH}/caddy/caddy-srv:/srv
    ports:
      - ${HTTP_PORT}:80
      - ${HTTPS_PORT}:443
      - ${HTTPS_PORT}:443/udp
    networks:
      - frontend
    restart: unless-stopped

networks:
  frontend:
    external: true