version: "3"

services:
  dnscrypt-server:
    image: ${DCRS_IMG:-jedisct1/dnscrypt-server}:${DCRS_TAG:-latest}
    container_name: ${DCRS_CONTAINER_NAME:-dnscrypt-server}
    restart: ${DCRS_RESTART:-unless-stopped}
    expose:
      - "8443/tcp"
    ports:
      - "8443:8443/udp"
    networks:
      - dnscrypt
    volumes:
      - ./encrypted-dns.toml.in:/opt/encrypted-dns/etc/encrypted-dns.toml.in:ro
      - ${LOCAL_STACK_DIR:-./volumes}/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys
      - ${LOCAL_STACK_DIR:-./volumes}/dnscrypt-server/lists:/opt/encrypted-dns/etc/lists
    command: "init -N dncr.eracolatore.tk -E 173.249.32.7:8443"
    environment:
      - TZ=${TZ:-Etc/UTC}

  unbound:
    image: ${UB_IMG:-mvance/unbound}:${UB_TAG:-latest}
    container_name: ${UB_CONTAINER_NAME:-unbound}
    restart: ${UB_RESTART:-unless-stopped}
    expose:
      - "53/tcp"
      - "53/udp"
    networks:
      - default
      - dnscrypt
    volumes:
      - ${LOCAL_STACK_DIR:-./volumes}/unbound/etc/unbound:/opt/unbound/etc/unbound
    healthcheck:
      disable: true
    environment:
      - TZ=${TZ:-Etc/UTC}

  doh:
    build:
      context: nginx/.
      args:
        - IMAGE=${DOH_BLD_NGINX_IMG:-nginx}
        - TAG=${DOH_BLD_NGINX_TAG:-alpine}
    container_name: ${DOH_CONTAINER_NAME:-doh}
    restart: ${DOH_RESTART:-unless-stopped}
    expose:
      - 8080
    environment:
      - UPSTREAM_DNS_ADDR=unbound
      - UPSTREAM_DNS_PORT=53
      - DOH_HTTP_PREFIX=/dns-query
      - DOH_LISTEN_PORT=8080
      - VIRTUAL_HOST=doh.dns.eracolatore.tk
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=doh.dns.eracolatore.tk
      - LETSENCRYPT_EMAIL=meliurwen+letsencrypt@gmail.com

networks:
  default:
    external:
      name: ${NETWORK:-webservices}
  dnscrypt: