services:
  # Caddy
  caddy:
    image: caddy:latest
    container_name: caddy
    profiles:
      - caddy
    depends_on:
      main_infrastructure:
        condition: service_completed_successfully
    restart: on-failure:5
    ports:
      - 80:80/tcp
      - 80:80/udp
      - 443:443/tcp
      - 443:443/udp
    volumes:
      - caddy_data:/data:rw
      - caddy_config:/config:rw
      - ./config:/etc/caddy:ro
      - wordpress:/var/www/html:rw
      - public_data:/public_data:ro

    networks:
      - infra-network
    env_file:
      - ./env/caddy.env
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test: pidof caddy || exit 1
      interval: 120s
      timeout: 10s
      retries: 3

  caddy_backup:
    image: mazzolino/restic:latest
    container_name: caddy_backup
    profiles:
      - caddy
    depends_on:
      - caddy
    restart: on-failure:5
    env_file:
      - ./env/caddy_backup.env
    volumes:
      - caddy_backup:/mnt/restic
      - caddy_data:/data:ro
    network_mode: none
    cap_drop:
      - NET_ADMIN
      - NET_RAW
      - SYS_ADMIN

volumes:
  caddy_data:
    name: caddy_data
  caddy_config:
    name: caddy_config
  caddy_backup:
    name: caddy_backup
  wordpress:
    name: wordpress
  public_data:
    name: public_data