[services.traefik]
image = "traefik"
container_name = "traefik"
restart = "unless-stopped"
ports = ["80:80", "443:443/tcp", "443:443/udp"]
environment = [
  "TZ=Europe/Helsinki",
  "ADMIN_EMAIL",
  "CF_API_EMAIL=${ADMIN_EMAIL}",
  "CF_API_KEY",
  "CF_ZONE_API_TOKEN",
  "CF_DNS_API_TOKEN",
]
security_opt = ["no-new-privileges:true"]
networks = ["proxy"]
volumes = [
  "/etc/localtime:/etc/localtime:ro",
  "/var/run/docker.sock:/var/run/docker.sock:ro",
  "./traefik.toml:/traefik.toml:ro",
  "./dynamic.toml:/dynamic.toml:ro",
  "/docker/traefik/traefik/acme.json:/acme.json",
  "/docker/traefik/traefik/log:/var/log",
]
labels = [
  "traefik.enable=true",
  "traefik.docker.network=proxy",
  "traefik.http.routers.redirect.entrypoints=http",
  "traefik.http.routers.redirect.rule=Host(`traefik.korhonen.cc`)",
  "traefik.http.routers.redirect.middlewares=http2https@file",
  "traefik.http.routers.dashboard.entrypoints=https",
  "traefik.http.routers.dashboard.middlewares=secHeaders@file,compress@file,authentik@file",
  "traefik.http.routers.dashboard.rule=Host(`traefik.korhonen.cc`)",
  "traefik.http.routers.dashboard.service=api@internal",
]

[services.fail2ban]
image = "crazymax/fail2ban"
container_name = "fail2ban"
restart = "unless-stopped"
network_mode = "host"
cap_add = ["NET_ADMIN", "NET_RAW"]
environment = ["TZ=Europe/Helsinki"]
volumes = [
  "/etc/localtime:/etc/localtime:ro",
  "/docker/traefik/traefik/log:/var/log/traefik:ro",
  "/docker/traefik/fail2ban:/data",
  "/docker/forgejo/gitea/log/gitea.log:/var/log/forgejo:ro",
  "/docker/homeautomation/home-assistant/home-assistant.log:/var/log/hass",
  "/mnt/Storage/Nextcloud/nextcloud.log:/var/log/nextcloud:ro",
]

[networks.proxy]
external = true