networks:
  {{ docker_network }}:
    external: true

services:
  # --- Caddy Reverse Proxy (entry point) ---
  netbird-caddy:
    image: caddy:2-alpine
    container_name: netbird-kunde{{ customer_id }}-caddy
    restart: unless-stopped
    networks:
      - {{ docker_network }}
    ports:
      - "{{ dashboard_port }}:80"
    volumes:
      - {{ instance_dir }}/Caddyfile:/etc/caddy/Caddyfile:ro

  # --- NetBird Management (with embedded IdP) ---
  netbird-management:
    image: {{ netbird_management_image }}
    container_name: netbird-kunde{{ customer_id }}-management
    restart: unless-stopped
    networks:
      - {{ docker_network }}
    volumes:
      - {{ instance_dir }}/data/management:/var/lib/netbird
      - {{ instance_dir }}/management.json:/etc/netbird/management.json
    command:
      - "--port"
      - "80"
      - "--log-file"
      - "console"
      - "--log-level"
      - "info"
      - "--single-account-mode-domain={{ netbird_domain }}"
      - "--dns-domain={{ netbird_domain }}"
      - "--idp-sign-key-refresh-enabled"

  # --- NetBird Signal ---
  netbird-signal:
    image: {{ netbird_signal_image }}
    container_name: netbird-kunde{{ customer_id }}-signal
    restart: unless-stopped
    networks:
      - {{ docker_network }}
    volumes:
      - {{ instance_dir }}/data/signal:/var/lib/netbird

  # --- NetBird Relay ---
  netbird-relay:
    image: {{ netbird_relay_image }}
    container_name: netbird-kunde{{ customer_id }}-relay
    restart: unless-stopped
    networks:
      - {{ docker_network }}
    ports:
      - "{{ relay_udp_port }}:3478/udp"
    env_file:
      - {{ instance_dir }}/relay.env

  # --- NetBird Dashboard ---
  netbird-dashboard:
    image: {{ netbird_dashboard_image }}
    container_name: netbird-kunde{{ customer_id }}-dashboard
    restart: unless-stopped
    networks:
      - {{ docker_network }}
    env_file:
      - {{ instance_dir }}/dashboard.env