---
x-restart-policy: &restart_policy
  restart: unless-stopped
x-pull-policy: &pull_policy
  pull_policy: always
x-compose-defaults: &compose_defaults
  <<: [*restart_policy, *pull_policy]
  networks:
    desktop:

services:
  caddy:
    <<: *compose_defaults
    image: caddy:2-alpine
    container_name: caddy
    ports:
      - ${CADDY_HTTP:-80}:80
      - ${CADDY_HTTPS:-443}:443
      - ${CADDY_HTTPS:-443}:443/udp # HTTP/3
    volumes:
      - ./caddy/data:/data
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro

  guacd:
    <<: *compose_defaults
    image: guacamole/guacd:latest
    container_name: guacd
    volumes:
      - ./guacamole/drive:/drive
      - ./guacamole/record:/record

  guacamole:
    <<: *compose_defaults
    image: guacamole/guacamole:latest
    container_name: guacamole
    depends_on:
      - guacd
      - postgres
    environment:
      GUACD_HOSTNAME: guacd
      EXTENSIONS: auth-totp
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: 'SuperSecretPassword1234'
      POSTGRES_USER: guacamole_user
    volumes:
      - ./guacamole/data:/config
    expose:
      - 8080/tcp

  postgres:
    <<: *compose_defaults
    image: postgres:14-alpine
    container_name: postgres-guacamole
    environment:
      POSTGRES_INITDB_ARGS: --auth-host=md5 # Guacamole cannot handle scram-sha-256
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: 'SuperSecretPassword1234'
      POSTGRES_USER: guacamole_user
    volumes:
      - ./guacamole/init:/docker-entrypoint-initdb.d:ro
      - postgres:/var/lib/postgresql/data
    expose:
      - 5432/tcp

volumes:
  postgres:
    driver: local

networks:
  desktop:
    name: "desktop"
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-desktop
    enable_ipv6: true
    ipam:
      driver: default
      config:
        - subnet: ${IPV4_NETWORK:-172.20.1}.0/24
        - subnet: ${IPV6_NETWORK:-fd17:20:200:10::/64}