services:
  caddy:
    image: octopus/caddy:v2.7.6
    restart: unless-stopped
    environment:
      - AWS_ACCESS_KEY_ID=DOCKER-SECRET->r53-aws-access-key
      - AWS_SECRET_ACCESS_KEY=DOCKER-SECRET->r53-aws-secret-access-key
    networks:
      - caddy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - caddy_data:/data
      - caddy_config:/config
    deploy:
      placement:
        constraints:
          - node.role == manager
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
    secrets:
      - r53-aws-access-key
      - r53-aws-secret-access-key
    configs:
      - source: caddyfile.v1
        target: /etc/caddy/Caddyfile
        

networks:
  caddy:
    external: true

volumes:
  caddy_data:
  caddy_config:

configs:
  caddyfile.v1:
    external: true

secrets:
  r53-aws-access-key:
    external: true
  r53-aws-secret-access-key:
    external: true