name: reverse-proxy

services:
  traefik:
    hostname: traefik
    image: traefik
    user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?}
    environment:
      NASCOMPOSE_DOMAIN: ${NASCOMPOSE_DOMAIN?}
      #CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_token
      #TRAEFIK_CERTIFICATESRESOLVERS_DEFAULTRESOLVER_ACME_EMAIL: admin@${NASCOMPOSE_DOMAIN?}
      #TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_DOMAINS_0_MAIN: '*.${NASCOMPOSE_DOMAIN?}'
      #LEGO_DISABLE_CNAME_SUPPORT: true
    networks:
      - reverse-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_acme/:/etc/traefik/acme/
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/
      # Config
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml:/etc/traefik/traefik.yml:ro
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic:/etc/traefik/dynamic:ro
      # Secrets
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/cf_dns_token:/run/secrets/cf_dns_token:ro
    restart: unless-stopped
    labels:
      traefik.enable: true
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: authelia@file
  crowdsec:
    hostname: crowdsec
    image: crowdsecurity/crowdsec
    environment:
      COLLECTIONS: "crowdsecurity/traefik"
      GID: ${NASCOMPOSE_GID?}
    networks:
      - reverse-proxy
    volumes:
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/crowdsec_acquis.yml:/etc/crowdsec/acquis.yaml
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/crowdsec_config/:/etc/crowdsec/
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/crowdsec_data/:/var/lib/crowdsec/data/
      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/:ro
    restart: unless-stopped
    labels:
      traefik.enable: true
      traefik.http.routers.crowdsec.middlewares: authelia@file

networks:
  reverse-proxy:
    name: reverse-proxy