services:
  traefik:
    container_name: traefik
    image: traefik:v3.1.2
    restart: unless-stopped
    env_file:
      - /data/secrets/${SERVER_DOMAIN}/${SERVER_DOMAIN}.env
    command: 
     - "--providers.file.filename=/traefik/certs.yml"
     - "--providers.docker.network=proxynet"
     - "--api.insecure=false"
     - "--api.dashboard=true" 
     - "--providers.docker"
     - "--log=true"
     - "--log.level=${TRAEFIK_LOG_LEVEL}"
     - "--providers.docker.exposedByDefault=false"
    #Entrypoints:
     - "--entrypoints.http.address=:80"
     - "--entrypoints.https.address=:443"
     - "--entrypoints.postgres.address=:5432"
     - "--entrypoints.mariadb.address=:3306"
     - "--entrypoints.http.http.redirections.entrypoint.to=https"
     - "--entrypoints.http.http.redirections.entrypoint.scheme=https"
    #SSL Let's Encrypt:
     - "--entrypoints.https.http.tls.certResolver=le"
     - "--certificatesresolvers.le.acme.tlschallenge=true"
     - "--certificatesresolvers.le.acme.email=${ADMIN_EMAIL}"
     - "--certificatesresolvers.le.acme.storage=/letsencrypt/${SERVER_DOMAIN}.acme.json"
     #Dashboard secure:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.${SERVER_DOMAIN}`)"
      - "traefik.http.routers.dashboard.entrypoints=https"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=le"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
    ports:
      - "80:80"
      - "443:443"
      - "5432:5432"
      - "3306:3306"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /data/secrets/${SERVER_DOMAIN}/letsencrypt:/letsencrypt
      - /data/secrets/${SERVER_DOMAIN}/httpauth:/httpauth
      - /data/traefik/certs.yml:/traefik/certs.yml
      - /data/secrets/${SERVER_DOMAIN}/selfsigned:/selfsigned
    logging:
      driver: "json-file"
      options:
        max-size: "1m"

  #initContainers:
    #container_name: volume-permissions
    #image: busybox:1.36.1-glibc
    
    #command: >
    #  sh -c "touch /letsencrypt/${SERVER_DOMAIN}.acme.json &&
    #         chmod -Rv 600 /letsencrypt/* &&
    #         chown 65532:65532 /letsencrypt/${SERVER_DOMAIN}.acme.json"
    #volumes:
    #  - /data/secrets/${SERVER_DOMAIN}/letsencrypt:/letsencrypt

networks:
  default:
    name: proxynet
    external: true