services:
  traefik:
    image: traefik:v2.11
    user: "{{ docker_user.id }}"
    environment:
      - CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
      - GANDIV5_API_KEY={{ vault_gandi_api_key }}
    volumes:
      - ./traefik:/etc/traefik
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
      - "{{ private_ip }}:8080:8080"
    depends_on:
      - docker_proxy
    networks:
      - default
      - traefik
      - proxy_private

  docker_proxy:
    image: lscr.io/linuxserver/socket-proxy:latest
    restart: unless-stopped
    environment:
      - CONTAINERS=1
      - INFO=1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy_private
    tmpfs:
      - /run
    logging:
      driver: none

  certs:
    image: slocomptech/traefik-cert-extract:latest
    restart: unless-stopped
    networks: []
    volumes:
      - ./traefik:/data:ro
      - ./certs:/config/certs
    logging:
      driver: none

networks:
  traefik:
    external: true
  proxy_private:
    internal: true