services:
  traefik:
    profiles: ["core","all","traefik"]
    image: traefik:3
    container_name: traefik
    restart: always
    read_only: true
    hostname: traefik.lan.ddnsgeek.com
    depends_on:
      - docker-socket-proxy
      - error-pages
      - authelia
      - crowdsec

    ports:
      - "80:80"
      - "443:443"

    build:
      context: ${PROJECT_ROOT}/core
 #   env_file:
 #     - ${PROJECT_ROOT}/secrets/stack-secrets.env

    volumes:
      - ${PROJECT_ROOT}/core/traefik/data/letsencrypt:/letsencrypt
      - ${PROJECT_ROOT}/core/traefik/data/logs:/logs
      - ${PROJECT_ROOT}/core/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
      - ${PROJECT_ROOT}/core/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
      - ${PROJECT_ROOT}/core/traefik/data/plugins:/plugins-storage

    healthcheck:
      test: traefik healthcheck --ping

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.lan.ddnsgeek.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik.middlewares=authelia"
      - "io.portainer.accesscontrol.public"
      - "traefik.docker.network=core_traefik"
      - "traefik.http.routers.traefik.observability.tracing=true"

    networks:
#      - reverse_proxy
#      - prometheus_edge
      - traefik