name: reverse-proxy

services:
  traefik:
    hostname: traefik
    image: traefik
    # TODO: Run as non root user
    #user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?}
    environment:
      NASCOMPOSE_DOMAIN: ${NASCOMPOSE_DOMAIN?}
      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_token
      TRAEFIK_CERTIFICATESRESOLVERS_DEFAULTRESOLVER_ACME_EMAIL: admin@${NASCOMPOSE_DOMAIN?}
      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_DOMAINS_0_MAIN: '*.${NASCOMPOSE_DOMAIN?}'
      LEGO_DISABLE_CNAME_SUPPORT: true
    networks:
      - reverse-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_acme/:/etc/traefik/acme/
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/
      # Config
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml:/etc/traefik/traefik.yml:ro
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic:/etc/traefik/dynamic:ro
      # Secrets
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/cf_dns_token:/run/secrets/cf_dns_token:ro
    restart: unless-stopped
    labels:
      traefik.enable: true
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: authelia@file
#  crowdsec:
#    hostname: crowdsec
#    image: crowdsecurity/crowdsec
#    environment:
#      COLLECTIONS: "crowdsecurity/traefik"
#      GID: ${NASCOMPOSE_GID?}
#    networks:
#      - reverse-proxy
#    volumes:
#      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/crowdsec_acquis.yml:/etc/crowdsec/acquis.yaml
#      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/crowdsec_config/:/etc/crowdsec/
#      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/crowdsec_data/:/var/lib/crowdsec/data/
#      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/:ro
#    restart: unless-stopped
#    labels:
#      traefik.enable: true
#      traefik.http.routers.crowdsec.middlewares: authelia@file

networks:
  reverse-proxy:
    name: reverse-proxy