services:
  traefik:
    image: traefik:latest
    container_name: traefik-node${TRAEFIK_NODE_ID}
    network_mode: host
    extra_hosts:
      - "host.docker.internal:host-gateway"
    cpus: 1.0
    mem_limit: "1024m"
    mem_reservation: "128m"
    restart: always
    command:
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=${REQUIRED_NETWORKS}"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls.certresolver=desec"
      - "--entrypoints.websecure.http.tls.domains[0].main=mapletree.email"
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.mapletree.email"
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.dev.mapletree.email" 
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.test.mapletree.email"
      - "--certificatesresolvers.desec.acme.dnschallenge=true"
      - "--certificatesresolvers.desec.acme.dnschallenge.provider=desec"
      - "--certificatesresolvers.desec.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.desec.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.mysresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=desec"
      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.dns_resolver.acme.dnschallenge=true"
      - "--certificatesresolvers.dns_resolver.acme.dnschallenge.provider=desec"
      - "--certificatesresolvers.dns_resolver.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.dns_resolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.desec.acme.dnschallenge.delaybeforecheck=10"
      - "--certificatesresolvers.desec.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
      - "--certificatesresolvers.dns_resolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
    environment:
      - DESEC_TOKEN=${DESEC_TOKEN}
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/docker/traefik/letsencrypt:/letsencrypt"
      - "/docker/traefik/dynamic:/etc/traefik/dynamic"
    labels:
      - "traefik.http.routers.dashboard.rule=Host(`traefik.mapletree.email`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=dns_resolver"