services:
  crowdsec:
    container_name: crowdsec
    image: ghcr.io/crowdsecurity/crowdsec:v1.7.4@sha256:4312a5109057f2a6b1237431abe638cd1026ecb3a9c2707c6ccc1ed09e4cb994
    restart: unless-stopped
    environment:
      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
      - GID=${GID}
      - COLLECTIONS=${COLLECTIONS}
    volumes:
      - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d
      - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/
      - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
      - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
    networks:
      - frontend
    healthcheck:
      test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  caddy:
    container_name: caddy
    image: ghcr.io/ryuupendragon/caddy-cloudflare-ddns-crowdsec:2.10.2@sha256:7c39ca4d4e9cbd42c7787439f600f83de1baa98f0fc47ae19abd94cdcc64ed3d
    restart: unless-stopped
    depends_on:
      crowdsec:
        condition: service_healthy
    cap_add:
      - NET_ADMIN
    environment:
      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
    volumes:
      - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy
      - ${APPDATA_PATH}/caddy/caddy-config:/config
      - ${APPDATA_PATH}/caddy/caddy-data:/data
      - ${APPDATA_PATH}/caddy/caddy-logs:/logs
      - ${APPDATA_PATH}/caddy/caddy-srv:/srv
    ports:
      - ${HTTP_PORT}:80
      - ${HTTPS_PORT}:443
      - ${HTTPS_PORT}:443/udp
    networks:
      - frontend

networks:
  frontend:
    external: true