# vi: ft=yaml
version: '3.7'

networks:
  traefik:
    external: true

configs:
  config:
    external: true
    name: "{{ config.config_name }}"
  users:
    external: true
    name: "{{ users.config_name }}"

volumes:
  data:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.30.10,nolock,soft,rw"
      device: ":/mnt/data/radicale"

services:
  radicale:
    image: tomsquest/docker-radicale
    init: true
    read_only: true
    cap_drop:
      - ALL
    cap_add:
      - SETUID
      - SETGID
      - CHOWN
      - KILL
    healthcheck:
      test: curl -f http://127.0.0.1:5232 || exit 1
      interval: 30s
      retries: 3
    volumes:
      - type: volume
        source: data
        target: /data
        volume:
          nocopy: true
    networks:
      - traefik
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.radicale.entrypoints=websecure
        - traefik.http.routers.radicale.rule=Host(`dav.kun.is`)
        - traefik.http.routers.radicale.tls=true
        - traefik.http.routers.radicale.tls.certresolver=letsencrypt
        - traefik.http.routers.radicale.service=radicale
        - traefik.http.services.radicale.loadbalancer.server.port=5232
        - traefik.docker.network=traefik
    configs:
      - source: config
        target: /config/config
      - source: users
        target: /config/users