version: "2.3"

services:
  traefik:
    image: traefik:v2.7
    user: "{{ docker_user.id }}"
    environment:
      - CF_DNS_API_TOKEN={{ cloudflare_api_token }}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /tmp/traefik-logs:/var/log/traefik
      - ./traefik:/etc/traefik
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
      - "{{ private_ip }}:8080:8080"
    depends_on:
      - docker_proxy
      - shenanigans
    networks:
      - default
      - traefik
      - proxy_private

  docker_proxy:
    image: tecnativa/docker-socket-proxy:latest
    restart: unless-stopped
    environment:
      - CONTAINERS=1
      - INFO=1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy_private

  shenanigans:
    image: nginx:alpine
    restart: unless-stopped
    volumes:
      - /opt/traefik/nginx.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - proxy_private

  certs:
    image: slocomptech/traefik-cert-extract:latest
    restart: unless-stopped
    networks: []
    volumes:
      - ./traefik:/data:ro
      - ./certs:/config/certs

networks:
  traefik:
    external: true
  proxy_private:
    internal: true