services:
  caddy:
    image: ryuupendragon/caddy-crowdsec:2.10.0
    container_name: caddy
    cap_add:
      - NET_ADMIN
    networks:
      proxy:
        ipv4_address: 172.30.0.2
    environment:
      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
    volumes:
      - ${APPDATA_PATH}/caddy-crowdsec/caddy:/etc/caddy
      - ${APPDATA_PATH}/caddy-crowdsec/caddy-config:/config
      - ${APPDATA_PATH}/caddy-crowdsec/caddy-data:/data
      - ${APPDATA_PATH}/caddy-crowdsec/caddy-logs:/logs
      - ${APPDATA_PATH}/caddy-crowdsec/caddy-srv:/srv
    ports:
      - ${HTTP_PORT}:80
      - ${HTTPS_PORT}:443
      - ${HTTPS_PORT}:443/udp
    restart: unless-stopped

  crowdsec:
    image: crowdsecurity/crowdsec:v1.6.9
    container_name: crowdsec
    networks:
      proxy:
        ipv4_address: 172.30.0.3
    environment:
      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
      - TZ=${TZ}
      - GID=${GID}
      - COLLECTIONS=crowdsecurity/linux crowdsecurity/caddy crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching
    volumes:
      - ${APPDATA_PATH}/caddy-crowdsec/crowdsec-acquis.d:/etc/crowdsec/acquis.d
      - ${APPDATA_PATH}/caddy-crowdsec/crowdsec-db:/var/lib/crowdsec/data/
      - ${APPDATA_PATH}/caddy-crowdsec/crowdsec-config:/etc/crowdsec/
      - ${APPDATA_PATH}/caddy-crowdsec/caddy-logs:/var/log/caddy:ro
    ports:
      - ${CROWDSEC_PORT}:8080
      - ${APPSEC_PORT}:7422
    restart: unless-stopped

networks:
  proxy:
    name: proxy
    driver: bridge
    ipam:
     config:
       - subnet: 172.30.0.0/16
         gateway: 172.30.0.1