version: '3.8'

services:
  certbot:
    image: certbot/dns-cloudflare
    container_name: home-service-certbot-daemon
    restart: unless-stopped
    volumes:
      - ./ssl-certs:/etc/letsencrypt
      - ./certbot-webroot:/var/www/certbot
      - ./cloudflare.ini:/secrets/cloudflare.ini:ro
      - /var/run/docker.sock:/var/run/docker.sock
    # 12시간마다 갱신 체크 + DNS 검증 사용
    entrypoint: >
      /bin/sh -c ' apk add --no-cache docker-cli && trap exit TERM; while :; do
        certbot renew --dns-cloudflare --dns-cloudflare-credentials /secrets/cloudflare.ini --post-hook "docker exec home-service-proxy-ssl nginx -s reload";
        sleep 12h & wait $${!};
      done;'