version: "3"

services:
  dnscrypt-server:
    image: jedisct1/dnscrypt-server:latest
    container_name: dnscrypt-server
    restart: unless-stopped
    expose:
      - "8443/tcp"
    ports:
      - "8443:8443/udp"
    networks:
      - dnscrypt
    volumes:
      - ./encrypted-dns.toml.in:/opt/encrypted-dns/etc/encrypted-dns.toml.in:ro
      - ${LOCAL_STACK_DIR}/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys
      - ${LOCAL_STACK_DIR}/dnscrypt-server/lists:/opt/encrypted-dns/etc/lists
    command: "init -N dncr.eracolatore.tk -E 173.249.32.7:8443"
    environment:
      - TZ='Europe/Berlin'

  unbound:
    image: mvance/unbound:latest
    container_name: unbound
    restart: unless-stopped
    expose:
      - "53/tcp"
      - "53/udp"
    networks:
      - default
      - dnscrypt
    volumes:
      - ./volumes/unbound/etc/unbound:/opt/unbound/etc/unbound

  dnscrypt-server-doh:
    build:
      context: nginx/.
      args:
        - IMAGE=${NGINX_IMG:-nginx}
        - TAG=${NGINX_TAG:-alpine}
    container_name: dnscrypt-server-doh
    restart: ${NGINX_RESTART:-unless-stopped}
    expose:
      - 8080
    environment:
      - UPSTREAM_DNS_ADDR=unbound
      - UPSTREAM_DNS_PORT=53
      - DOH_HTTP_PREFIX=/dns-query
      - DOH_LISTEN_PORT=8080
      - VIRTUAL_HOST=doh.dns.eracolatore.tk
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=doh.dns.eracolatore.tk
      - LETSENCRYPT_EMAIL=meliurwen+letsencrypt@gmail.com

networks:
  default:
    external:
      name: ${NETWORK:-webservices}
  dnscrypt: