services:
  caddy:
    container_name: caddy
    build:
      context: ./
      target: caddy
    environment:
      - DNS_PROVIDER_TOKEN=${DNS_PROVIDER_TOKEN}
      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
    security_opt:
      - no-new-privileges:true
    networks:
      - crowdsec
      - reverse-proxy
    ports:
      - 80:80
      - 443:443
      - 2019:2019
    restart: unless-stopped
    volumes:
      - ./caddy/data:/data
      - ./caddy:/etc/caddy
      - ./caddy/logs:/var/log/caddy

  crowdsec:
    image: docker.io/crowdsecurity/crowdsec:latest
    container_name: crowdsec
    environment:
      - GID=1000
      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
    security_opt:
      - no-new-privileges=true
    networks:
      - crowdsec
      - reverse-proxy
    restart: unless-stopped
    volumes:
      - ./crowdsec/db:/var/lib/crowdsec/data/
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./caddy/logs:/var/log/caddy:ro

  whoami:
    image: traefik/whoami
    container_name: whoami
    networks:
      - reverse-proxy

networks:
  crowdsec:
    name: crowdsec
  reverse-proxy:
    external: true