version: '3.8'

services:
  # Tor Service - Runs Tor with Strict Validation
  tor:
    build: .
    image: docker-tor-hidden-service:latest
    container_name: tor-service
    restart: unless-stopped
    environment:
      # Format: ExternalPort:ContainerName:InternalPort
      # Pointing to the new 'web' service below
      - HIDDEN_SERVICE_HOSTS=80:web:80
      - TOR_CONTROL_PASSWORD=secure_password
    ports:
      - "9051:9051" # Expose control port
    volumes:
      - tor-data:/var/lib/tor/
    depends_on:
      - web

  # Demo Web Service (So Tor has something to host)
  web:
    image: nginx:alpine
    container_name: my-website
    restart: unless-stopped

  # Vanguards Service - Runs Vanguards only (Sidecar)
  vanguards:
    build: .
    image: docker-tor-hidden-service:latest
    container_name: vanguards-sidecar
    restart: unless-stopped
    command: vanguards --control_ip tor-service --control_port 9051 --control_pass secure_password
    environment:
      # Placeholder to ensure no tor starts here
      - HIDDEN_SERVICE_HOSTS=""
    depends_on:
      - tor
    volumes:
      - tor-data:/var/lib/tor/

volumes:
  tor-data: