services:
  traefik:
    image: traefik:v3.5
    command:
      - "--log.level=DEBUG"
      - "--accesslog=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/dynamic"
      - "--providers.file.watch=true"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.cf.acme.dnschallenge=true"
      - "--certificatesresolvers.cf.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cf.acme.email=tls@skrd.fun"
      - "--certificatesresolvers.cf.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard-web.rule=Host(`traefik.skrd.fun`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))"
      - "traefik.http.routers.dashboard-web.entrypoints=web"
      - "traefik.http.routers.dashboard-web.middlewares=local-only@file, redirect-to-https@file"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.skrd.fun`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=cf"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=local-only@file"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/letsencrypt:/letsencrypt"
      - "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/dynamic:/dynamic"
    environment:
      CF_API_EMAIL: "${CF_API_EMAIL}"
      CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}"

networks:
  default:
    name: traefik