services:
    tailscale:
      hostname: ${TAILNET_NAME}
      image: tailscale/tailscale
      volumes:
        - ./data/tailscale:/var/lib/tailscale
        - ./ts-serve.json:/config/ts-serve.json:ro
        - /dev/net/tun:/dev/net/tun
      cap_add:
        - net_admin
        - sys_module
      environment:
        TS_AUTHKEY: ${TS_AUTHKEY}
        TS_SERVE_CONFIG: /config/ts-serve.json
        TS_AUTH_ONCE: true
        TS_STATE_DIR: /var/lib/tailscale
        TS_HOST: ${TAILNET_NAME}
      restart: unless-stopped

    server:
        restart: always
        image: ronivay/xen-orchestra:latest
        stop_grace_period: 1m
        environment:
            - HTTP_PORT=80
        # capabilities are needed for NFS/SMB mount
        cap_add:
          - SYS_ADMIN
          - DAC_READ_SEARCH
        # additional setting required for apparmor enabled systems. also needed for NFS mount
        security_opt:
          - apparmor:unconfined
        volumes:
          - ./data/xo-data:/var/lib/xo-server
          - ./data/redis-data:/var/lib/redis
        # logging
        logging: &default_logging
            driver: "json-file"
            options:
                max-size: "1M"
                max-file: "2"
        # these are needed for file restore. allows one backup to be mounted at once which will be umounted after some minutes if not used (prevents other backups to be mounted during that)
        # add loop devices (loop1, loop2 etc) if multiple simultaneous mounts needed.
        devices:
          - "/dev/fuse:/dev/fuse"
          - "/dev/loop-control:/dev/loop-control"
          - "/dev/loop0:/dev/loop0"