version: "3.8"

services:
  # We want to add coredns, as a local NDS server/cache which pulls from as many sources as possible
  coredns:
    image: coredns/coredns:latest
    ports:
      - "53:53"
      - "53:53/udp"
    volumes:
      - networks_coredns:/etc/coredns
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
    networks:
      i-form_research_server_stack:
        ipv4_address: "172.252.1.2"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.go.rule=Path(`/`)"
      - "traefik.http.services.go.loadbalancer.server.port=53"
  # We also want our network to be managed by traefik, so we need to add it as a service
  # Traefik provides load balancing and reverse proxying for our services
  traefik:
    image: traefik:latest
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=traefik"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entryPoint.priority=10" # disable permanent forwarding for every route
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true" # <== Enable TLS-ALPN-01 to generate and renew ACME certs
      - "--certificatesresolvers.myresolver.acme.email=${useremail}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
    ports:
      # - "80:80"
      # - "443:443"
      - "8089:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - networks_traefik:/etc/traefik
      - networks_letsencrypt:/letsencrypt
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
    networks:
      i-form_research_server_stack:
        ipv4_address: "172.252.1.3"
    # secrets:
    #   - traefik_cert
    #   - traefik_key

networks:
  i-form_research_server_stack:
    name: i-form_research_server_stack
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: 172.252.1.0/16

volumes:
  networks_traefik:
    name: stack_networks_traefik
    driver: local
    driver_opts:
      type: nfs
      device: ":volume1/traefik"
      o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
  networks_letsencrypt:
    name: stack_networks_letsencrypt
    driver: local
    driver_opts:
      type: nfs
      device: ":volume1/letsencrypt"
      o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
  networks_coredns:
    name: stack_networks_coredns
    driver: local
    driver_opts:
      type: nfs
      device: ":volume1/coredns"
      o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"