version: '3.8'

# Deploy with:
#   docker stack deploy -c caddy.yml caddy
#
# Runs on: CADDY_INSTANCE (ip-10-0-1-168)
# Caddy handles TLS automatically via Let's Encrypt.
# Reverse proxies all public subdomains to the correct services on erda-net.
# Caddyfile is bind mounted from the host — edit /etc/caddy/Caddyfile on the caddy instance.

services:
  caddy:
    image: caddy:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /etc/caddy/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - overlay-net
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == ip-10-0-1-168
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3

volumes:
  caddy_data:
  caddy_config:

networks:
  overlay-net:
    external: true
    name: ${OVERLAY_NETWORK:-homelab-net}