name: net_services

services:
  nginx:
    image: nginx:${COMPOSE_PROJECT_NAME}
    build:
      context: services/nginx
    environment:
      - NGINX__HOST=${NGINX__HOST}
    networks:
      - cgit
      - radicale
    ports:
      - ${HOST__HTTP_PORT:?}:80
      - ${HOST__HTTPS_PORT:?}:443
    tmpfs:
      - /run/secrets:mode=400
    volumes:
      - ${HOST__CERT_DIR:?}:/run/host_secrets:ro
    depends_on:
      - cgit
      - radicale

  cgit:
    image: cgit:${COMPOSE_PROJECT_NAME}
    build:
      context: services/cgit
    networks:
      - cgit
    volumes:
      - ${HOST__CGITRC_DIR:?}:/etc/cgit:ro
      - ${HOST__CGIT_FILTER_DIR:?}:/usr/local/lib/cgit/filters/commit
      - ${HOST__CGIT_ABOUT_DIR:?}:/srv/cgit:ro
      - ${HOST__GIT_REPO_DIR:?}:/srv/git:ro

  radicale:
    image: tomsquest/docker-radicale:tvcloud
    build:
      context: services/radicale
    environment:
      - TAKE_FILE_OWNERSHIP=false
    init: true
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - SETUID
      - SETGID
      - CHOWN
      - KILL
    deploy:
      resources:
        limits:
          memory: 256M
          pids: 50
    healthcheck:
      test: curl -f http://127.0.0.1:5232 || exit 1
      start_period: 5s
    networks:
      - radicale
    volumes:
      - ${HOST__RADICALE_USERS_DIR:?}:/etc/radicale/users:ro
      - radicale_data:/data

networks:
  cgit:
  radicale:

volumes:
  radicale_data: