version: '3'

configs:
  run-sh:
    content: |
      #!/bin/sh
      # patch security so kubctl on sync-certs-job can write to the mounted volume
      chown -R 1001:1001 /etc/ssl/certs/casa-limbosolutions-com-certs
      while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"

services:
  nginx:
    build:
      context: ./docker
    pull_policy: build
    image: homesrv/nginx:latest
    volumes:
      - casa-limbosolutions-com-certs:/etc/ssl/certs/casa-limbosolutions-com-certs
    ports:
      - 443:443
      - 80:80
    networks:
      - public
      - private
    restart: unless-stopped
    command: /bin/sh -c '/run.sh'
    configs:
      - source: run-sh
        target: /run.sh
        mode: 0755
volumes:
  nginx-conf.d:

  casa-limbosolutions-com-certs:
    name: casa-limbosolutions-com-certs
    external: false     

networks:
  public:
    name: reverseproxy_public
    external: true
  private:
    name: reverseproxy_private