services:
  radicale:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: tomsquest/docker-radicale
    container_name: radicale
    ports:
      - 4017:5232
    networks:
      - ip6net
    init: true
    read_only: true
    cap_drop:
      - ALL
    cap_add:
      - SETUID
      - CHOWN
      - SETGID
      - KILL
    # healthcheck:
    #   test: curl -f http://127.0.0.1:5232 || exit 1
    #   interval: 30s
    #   retries: 3
    volumes:
      - ${SERVICE_PATH}/radicale/data:/data/
      - ${SERVICE_PATH}/radicale/config:/data/

    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.radicale.entrypoints=https"
      - "traefik.http.routers.radicale.tls.certresolver=myresolver"
      - "traefik.http.routers.radicale.tls=true"
      # Middlewares
      - "traefik.http.routers.radicale.middlewares=crowdsec-bouncer@file"