# =============================================================================
# Binhost Service - Gentoo Binary Package Host
# =============================================================================
# Service nginx pour héberger les packages binaires Gentoo
# À déployer sur trax dans /docker/web/
#
# Usage:
#   cp docker-compose-binhost.yml /docker/web/
#   docker compose -f docker-compose-binhost.yml up -d
# =============================================================================

networks:
  web:
    name: t2_proxy
    external: true

services:
  binhost:
    image: nginx:alpine
    container_name: binhost
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - web
    volumes:
      # Page d'accueil
      - ${DOCKERDIR:-/docker/web}/appdata/binhost/index.html:/usr/share/nginx/html/index.html:ro
      # Favicon and logo
      - ${DOCKERDIR:-/docker/web}/appdata/binhost/favicon.png:/usr/share/nginx/html/favicon.png:ro
      - ${DOCKERDIR:-/docker/web}/appdata/binhost/gentoo-logo.svg:/usr/share/nginx/html/gentoo-logo.svg:ro
      # Packages binaires
      - ${DOCKERDIR:-/docker/web}/appdata/binhost/packages:/usr/share/nginx/html/packages:ro
      # Configuration nginx personnalisée
      - ${DOCKERDIR:-/docker/web}/appdata/binhost/nginx.conf:/etc/nginx/conf.d/default.conf:ro
      # Clé GPG publique pour vérification
      - ${DOCKERDIR:-/docker/web}/appdata/binhost/gpg:/usr/share/nginx/html/gpg:ro
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=t2_proxy"

      # Router principal
      - "traefik.http.routers.binhost-rtr.entrypoints=https"
      - "traefik.http.routers.binhost-rtr.rule=Host(`binpkg.xenonet.cc`)"
      - "traefik.http.routers.binhost-rtr.tls=true"

      # Pas d'authentification - accès public
      - "traefik.http.routers.binhost-rtr.middlewares=chain-no-auth@file"

      # Service
      - "traefik.http.routers.binhost-rtr.service=binhost-svc"
      - "traefik.http.services.binhost-svc.loadbalancer.server.port=80"

      # Headers de cache pour les packages
      - "traefik.http.middlewares.binhost-cache.headers.customresponseheaders.Cache-Control=public, max-age=86400"

    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/packages/"]
      interval: 30s
      timeout: 10s
      retries: 3