version: '3.8'
services:
  traefik:
    image: traefik:v3
    ports:
      - 80:80
      - 443:443
      - 53:53
      - 53:53/udp
    environment:
      - TZ={{ timezone }}
      - CF_API_EMAIL={{ cloudflare_email }}
      - CF_DNS_API_TOKEN={{ cloudflare_dns_api_token }}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - {{ traefik_base }}/stacks/traefik.yml:/traefik.yml
      - {{ traefik_base }}/volumes/certs:/certs
    networks:
      - proxy
    deploy:
      mode: global
      placement:
        constraints: [node.role == manager]
      labels:
        - traefik.enable=true
        - traefik.http.routers.dashboard.rule=Host(`traefik.{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard/`))
        - traefik.http.routers.dashboard.service=api@internal
        - traefik.http.routers.dashboard.tls=true
        - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
        - traefik.http.routers.ping.rule=Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/ping`)
        - traefik.http.routers.ping.service=ping@internal
        - traefik.http.routers.ping.tls=true
        - traefik.http.routers.ping.tls.certresolver=letsencrypt
        - traefik.http.services.dashboard.loadbalancer.server.port=8080
        - traefik.http.services.ping.loadbalancer.server.port=8080

networks:
  proxy:
    name: proxy
    driver: overlay
    attachable: true