version: '3.8'

services:
  # Tor Service - Runs Tor with Strict Validation
  tor:
    build: .
    image: docker-tor-hidden-service:latest
    container_name: tor-service
    restart: unless-stopped
    environment:
      # Format: ExternalPort:ContainerName:InternalPort
      - HIDDEN_SERVICE_HOSTS=80:my-website:80
      - TOR_CONTROL_PASSWORD=secure_password
    ports:
      - "9051:9051" # Expose control port
    volumes:
      - tor-data:/var/lib/tor/

  # Vanguards Service - Runs Vanguards only (Sidecar)
  vanguards:
    build: .
    image: docker-tor-hidden-service:latest
    container_name: vanguards-sidecar
    restart: unless-stopped
    command: vanguards --control_ip tor-service --control_port 9051 --control_pass secure_password
    environment:
      # Placeholder to ensure no tor starts here
      - HIDDEN_SERVICE_HOSTS=""
    depends_on:
      - tor

volumes:
  tor-data: