version: '3.8'

services:
  # Tor Service - Runs Tor only
  tor:
    build: .
    image: docker-tor-hidden-service:latest
    container_name: tor-service
    restart: unless-stopped
    environment:
      - ENABLE_VANGUARDS=false
      - TOR_CONTROL_PASSWORD=secure_password
      # Expose control port on all interfaces for sidecar access
      - TOR_CONTROL_PORT=0.0.0.0:9051
    ports:
      - "9051:9051" # Expose control port (ensure firewall protects this!)
    volumes:
      - tor-data:/var/lib/tor/hidden_service/

  # Vanguards Service - Runs Vanguards only (Sidecar)
  vanguards:
    build: .
    image: docker-tor-hidden-service:latest
    container_name: vanguards-sidecar
    restart: unless-stopped
    environment:
      - ENABLE_TOR=false
      - TOR_CONTROL_PASSWORD=secure_password
      - TOR_CONTROL_PORT=tor:9051
    depends_on:
      - tor
    # network_mode: "service:tor" # Optional: if you want them to share network stack (localhost access)

volumes:
  tor-data: