services:
  minishell:
    container_name: "minishell"
    restart: always
    build:
      context: ./minishell
      dockerfile: Dockerfile

    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - FSETID
      - SETUID

    devices:
      - /dev/kvm

    # Prevents gaining new privileges
    security_opt:
      - no-new-privileges

    networks:
      website_net:
        ipv4_address: "88.88.5.2"

  nginx-site:
    container_name: "nginx-site"
    image: nginx

    restart: always
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./certbot/conf:/etc/letsencrypt:ro
      - ./certbot/www:/var/www/certbot:ro

    networks:
      website_net:
        ipv4_address: "88.88.5.1"

    ports:
      - 80:80
      - 443:443

  certbot:
    image: certbot/certbot
    container_name: "certbot-site"

    volumes:
      - ./certbot/conf:/etc/letsencrypt:rw
      - ./certbot/www/:/var/www/certbot/:rw

    command: certonly --webroot --webroot-path /var/www/certbot --force-renewal --email victorvobis@protonmail.com -d 127.0.0.1 --agree-tos

  website:
    container_name: "site"
    restart: always
    build:
      context: ./vvsite
      dockerfile: Dockerfile

    networks:
      website_net:
        ipv4_address: "88.88.5.3"

networks:
  website_net:
    # external: false
    # internal: true
    driver: bridge
    ipam:
      config:
        - subnet: "88.88.0.0/21"