services:
  traefik:
    image: "traefik:v3.3"
    container_name: "traefik"
    depends_on:
      tracs3:
        condition: service_completed_successfully
    command:
      - "--log.level=info"
      - "--log.maxsize=100"
      - "--log.maxage=3"

      - "--metrics.prometheus=true"

      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"

      - "--entryPoints.web.address=:80"
      - "--entryPoints.name.allowACMEByPass=true"
      - "--entryPoints.websecure.address=:443"
      - "--entryPoints.websecure.http3"
      - "--entryPoints.websecure.http.tls=true"
      - "--entryPoints.ssh.address=:2222"
      - "--entryPoints.sshgitlab.address=:2223"

      - "--providers.docker=true"
      - "--providers.file.directory=/traefik"
      - "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
      - "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: udp
        mode: host
      - target: 2222
        published: 2222
        protocol: tcp
        mode: host
      - target: 2223
        published: 2223
        protocol: tcp
        mode: host
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/traefik/sites:/traefik"
      - "certificates:/certificates"
    networks:
      - traefik_internal
  
  epee: 
    image: "git.gnous.eu/enpls/epee-service:stable"
    container_name: "epee"
    ports:
      - "5900:5900"
    networks:
      - traefik_internal

  tracs3:
    image: ghcr.io/outout14/traefik-acme-s3:main
    env_file:
      - tracs3.env
    command:
      - "sync"
    volumes:
      - "/etc/traefik/sites:/configs"
      - "certificates:/certificates"
    network_mode: "host"
    environment:
      - AWS_REGION=${TRACS_AWS_REGION}
      - AWS_DEFAULT_REGION=${TRACS_AWS_REGION}
      - AWS_ENDPOINT_URL=${TRACS_S3_ENDPOINT}
      - AWS_S3_ENDPOINT=${TRACS_S3_ENDPOINT}
      - AWS_S3API_ENDPOINT=${TRACS_S3_ENDPOINT}

      - AWS_ACCESS_KEY_ID=${TRACS_S3_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${TRACS_S3_SECRET}

      - CLOSET_BUCKET=${TRACS_CLOSET_BUCKET}
      - CLOSET_PASSWORD=${TRACS_CLOSET_PASSWORD}

  tracs3-certificate-sync:
    image: mcuadros/ofelia:latest
    restart: always
    depends_on:
      tracs3:
        condition: service_completed_successfully
    command: daemon --docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    labels:
      ofelia.job-run.certificate-rotate.schedule: "@every 10m"
      ofelia.job-run.certificate-rotate.command:  "sh -c 'docker restart front-http-par-tracs3-1'"
      ofelia.job-run.certificate-rotate.image:  "docker:cli"
      ofelia.job-run.certificate-rotate.volume:  "/var/run/docker.sock:/var/run/docker.sock"

volumes:
  certificates:
networks:
  traefik_internal:
    enable_ipv6: true