feat: migrate Diary to VPN only access (#36)

Reviewed-on: #36
Co-authored-by: Davide Polonio <poloniodavide@gmail.com>
Co-committed-by: Davide Polonio <poloniodavide@gmail.com>

diary/Caddyfile

@@ -0,0 +1,5 @@
+https://diary.lan.poldebra.me {
+        tls /cert.crt /key.key
+        reverse_proxy app:80 {
+        }
+}

diary/docker-compose.yml

@@ -1,19 +1,43 @@
-version: "3.9"
-
 services:
+  mock:
+    image: nginx:alpine
+    restart: unless-stopped
+    env_file:
+      - .env
+    networks:
+      - proxy
+
+  reverse_proxy:
+    image: caddy:alpine
+    restart: unless-stopped
+    network_mode: service:tailscale
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - /srv/docker/reverse_proxy/certs/diary.lan.poldebra.me/fullchain.pem:/cert.crt:ro
+      - /srv/docker/reverse_proxy/certs/diary.lan.poldebra.me/key.pem:/key.key:ro
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "https://diary.lan.poldebra.me"]
+      interval: 5s
+      timeout: 10s
+      retries: 3
+    depends_on:
+      app:
+        condition: service_started
+      tailscale:
+        condition: service_healthy
+
   app:
     image: monica:4-apache
     depends_on:
-      - db
+      db:
+        condition: service_started
+      tailscale:
+        condition: service_healthy
     env_file:
       - .monica.env
-      - .env
     volumes:
       - data:/var/www/html/storage
     restart: unless-stopped
-    networks:
-      - internal
-      - proxy
 
   cron:
     image: monica:4-apache
@@ -23,7 +47,7 @@ services:
       - data:/var/www/html/storage
     command: cron.sh
     depends_on:
-      - db
+      - app
 
   db:
     image: mysql:8.0
@@ -32,8 +56,26 @@ services:
     volumes:
       - mysql:/var/lib/mysql
     restart: unless-stopped
-    networks:
+
-      - internal
+  tailscale:
+    hostname: diary
+    image: tailscale/tailscale:latest
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "tailscale status"]
+      interval: 1s
+      timeout: 5s
+      retries: 60
+    volumes:
+      - tailscale:/var/lib
+      - /lib/modules:/lib/modules:ro
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+      - net_raw
+    command: tailscaled
 
 volumes:
   data:
@@ -48,9 +90,13 @@ volumes:
       type: none
       o: bind
       device: "/srv/docker/diary/mysql"
+  tailscale:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: "/srv/docker/diary/tailscale"
 
 networks:
   proxy:
     external: true
-  internal:
-