services:
  headscale:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: docker.io/headscale/headscale
    container_name: headscale
    volumes:
      - ${SERVICE_PATH}/headscale/config:/etc/headscale
      - ${SERVICE_PATH}/headscale/lib:/var/lib/headscale
      - ${SERVICE_PATH}/headscale/run:/var/run/headscale
    ports:
      - 127.0.0.1:8080:8080 # api
      - 127.0.0.1:9090:9090 # metrics
    command: serve
    environment:
    networks:
      - ip4net
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.headscale.entrypoints=https"
      - "traefik.http.routers.headscale.tls.certresolver=myresolver"
      - "traefik.http.routers.headscale.tls=true"
      - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"