services:
  tailscale:
    image: tailscale/tailscale:latest
    hostname: private-ingress-engine
    environment:
      TS_AUTHKEY: ${TS_AUTHKEY}
      TS_STATE_DIR: /var/lib/tailscale
      TS_ACCEPT_DNS: true
    volumes:
      - ${PWD}/tailscale/state:/var/lib/tailscale
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
    healthcheck:
      test: ["CMD-SHELL", "tailscale status >/dev/null 2>&1"]
      interval: 30s
      timeout: 5s
      retries: 3
    restart: unless-stopped
    networks:
      - edge

  caddy:
    image: caddy-cf:2.11
    build:
      context: .
      dockerfile: Dockerfile.caddy
    environment:
      - EMAIL
      - DOMAIN
      - CF_DNS_API_TOKEN
    volumes:
      - $PWD/conf:/etc/caddy
      - caddy_data:/data
      - caddy_config:/config
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:2019/config >/dev/null 2>&1"]
      interval: 30s
      timeout: 5s
      retries: 3
    network_mode: service:tailscale
    restart: unless-stopped

volumes:
  caddy_data:
  caddy_config:

networks:
  edge:
    external: true
    name: edge