services:
  traefik:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: "traefik:latest"
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
      - "8079:8080"
    networks:
      - ip6net
      - ip4net
    environment:
      TRAEFIK_EMAIL: ${EMAIL}
      TRAEFIK_LOCAL_DOMAIN: ${LOCAL_DOMAIN}
      TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
      TRAEFIK_AUTH_PUBLIC_DOMAIN: auth.${PUBLIC_DOMAIN}
      TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
    volumes:
      - "/var/log/crowdsec/:/var/log/crowdsec/"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "${INFRA_PATH}/traefik/letsencrypt:/letsencrypt"
      - "${INFRA_PATH}/traefik/config:/etc/traefik"
      - "${INFRA_PATH}/traefik/certs:/etc/certs"
      - "${INFRA_PATH}/traefik/html/ban.html:/ban.html"
      - "${INFRA_PATH}/traefik/html/captcha.html:/captcha.html"
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_DOMAIN}`)"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.tls=true"

  whoami:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: traefik/whoami:latest
    container_name: "traefik-whoami"
    networks: 
      - ip4net
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # traefik
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.${LOCAL_DOMAIN}`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      - 'traefik.http.routers.whoami.tls=true'