name: Bootstrap

services:
  docker:
    image: alpine/socat
    command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
    networks:
      - docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
    labels:
      nas-compose.boostrap: true

  traefik:
    image: traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - traefik
      - docker
    volumes:
      - traefik_dynamic_config:/etc/traefik/dynamic/
    configs:
      - source: traefik_config
        target: /etc/traefik/traefik.yml
    depends_on:
      - docker
    restart: unless-stopped
    labels:
      nas-compose.boostrap: true

  portainer:
    image: portainer/portainer-ce
    command: >
      --host tcp://docker:2375
      --hide-label nas-compose.boostrap=true
      --admin-password-file /run/secrets/portainer_password
    networks:
      - docker
      - traefik
    volumes:
      - portainer_data:/data/
    secrets:
      - portainer_password
    depends_on:
      - docker
    restart: unless-stopped
    labels:
      nas-compose.boostrap: true
      traefik.enable: true
      traefik.http.services.portainer.loadbalancer.server.port: 9443
      traefik.http.services.portainer.loadbalancer.server.scheme: https

networks:
  docker:
    name: docker
    labels:
      nas-compose.boostrap: true
  traefik:
    name: traefik
    labels:
      nas-compose.boostrap: true

volumes:
  portainer_data:
    driver_opts:
      type: none
      o: bind
      device: ${SERVICES_DIR?}/portainer/volumes/data/
    labels:
      nas-compose.boostrap: true
  traefik_dynamic_config:
    driver_opts:
      type: none
      o: bind
      device: ${SERVICES_DIR?}/traefik/volumes/config/
    labels:
      nas-compose.boostrap: true

configs:
  traefik_config:
    file: ${SERVICES_DIR?}/traefik/configs/traefik.yml

secrets:
  portainer_password:
    file: ${SERVICES_DIR?}/portainer/secrets/portainer_password