services:
  caddy:
    build:
      context: ./
      target: caddy
    container_name: caddy
    security_opt:
      - no-new-privileges=true
    environment:
      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
    networks:
      - reverseproxy
    ports:
      - "80:80"
      - "443:443"
    restart: unless-stopped
    volumes:
      - ./data:/data
      - ./config:/config
      - ./logs:/var/log/caddy
      - ./Caddyfile:/etc/caddy/Caddyfile

  crowdsec:
    image: docker.io/crowdsecurity/crowdsec:latest
    container_name: crowdsec
    security_opt:
      - no-new-privileges=true
    environment:
      - GID=1000
      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
    networks:
      - reverseproxy
    restart: unless-stopped
    volumes:
      - ./crowdsec-db:/var/lib/crowdsec/data/
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./logs:/var/log/caddy:ro

  whoami:
    image: traefik/whoami
    container_name: whoami
    networks:
      - reverseproxy

networks:
  reverseproxy:
    external: true