services:
  tailscale:
    hostname: music
    image: tailscale/tailscale:latest
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "tailscale status"]
      interval: 1s
      timeout: 5s
      retries: 60
    volumes:
      - /srv/docker/navidrome/tailscale:/var/lib
      - /lib/modules:/lib/modules:ro
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
      - net_raw
    command: tailscaled
    networks:
      - internal

  reverse_proxy:
    image: caddy:alpine
    restart: unless-stopped
    network_mode: service:tailscale
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - /srv/docker/navidrome/certs/fullchain.pem:/cert.crt:ro
      - /srv/docker/navidrome/certs/key.pem:/key.key:ro
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "https://music.lan.poldebra.me"]
      interval: 5s
      timeout: 10s
      retries: 3
    depends_on:
      app:
        condition: service_started
      tailscale:
        condition: service_healthy

  app:
    image: deluan/navidrome:latest
    user: 1000:1000 # should be owner of volumes
    hostname: app
    container_name: navidrome
    restart: unless-stopped
    volumes:
      - /srv/docker/navidrome/data:/data
      - /opt/bak/davide/backup_poldebra_nas/:/music:ro
    networks:
      internal:
        ipv4_address: 172.20.0.5

networks:
  internal:
    ipam:
      config:
        - subnet: 172.20.0.0/24