# tailwart edge — the layer-4 mail proxy. Deploy this on ANY host with a public
# IP that is joined to the tailnet and tagged tag:reverse-proxy. It does not
# have to be the same machine as the Stalwart mailbox — that's the fun part.
#
#   docker compose up -d --build
#
# network_mode: host is deliberate: the proxy needs to bind the public mail
# ports AND resolve/reach ${STALWART_MAGIC_NAME}.${TS_TAILNET} via the host's
# tailscaled (MagicDNS). The mailbox container, by contrast, binds nothing on
# the host — opposite ends of the same wire.

name: tailwart-edge

services:
  caddy-l4:
    build: .
    image: tailwart-caddy:latest
    network_mode: host
    command: ["caddy", "run", "--config", "/etc/caddy/caddy.json"]
    volumes:
      - ./caddy.json:/etc/caddy/caddy.json:ro
      - caddy-data:/data
    restart: unless-stopped

volumes:
  caddy-data: