---
services:
  app:
    image: headscale/headscale:v0.28
    networks:
      - proxy
    command: serve
    volumes:
      # - config:/etc/headscale
      - data:/var/lib/headscale
    configs:
      - source: config_yaml
        target: /etc/headscale/config.yaml
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+v0.28"
        # Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
        - "backupbot.backup.path=/var/lib/headscale"
    healthcheck:
      test: ["CMD", "headscale", "health"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m

  ui:
    image: ghcr.io/gurucomputing/headscale-ui:2025.08.23
    deploy:
      labels:
        - traefik.enable=true
        - "traefik.http.services.${STACK_NAME}-ui.loadbalancer.server.port=8080"
        - "traefik.http.routers.${STACK_NAME}-ui.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS}) && PathPrefix(`/web`)"
        - "traefik.http.routers.${STACK_NAME}-ui.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}-ui.tls.certresolver=${LETS_ENCRYPT_ENV}"
    networks:
      - proxy

networks:
  proxy:
    external: true

volumes:
  data:

configs:
  config_yaml:
    name: ${STACK_NAME}_config_yaml_${CONFIG_YAML_VERSION}
    file: config.yaml.tmpl
    template_driver: golang