version: "3.7"
########################### NETWORKS
# There is no need to create any networks outside this docker-compose file.
# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
  gl_proxy:
    name: gl_proxy
    driver: bridge
    ipam:
      config:
        - subnet: $GL_PROXY_SUBNET
        - gateway: $GL_PROXY_GATEWAY
  default:
    driver: bridge
  gl_socket_proxy:
    name: gl_socket_proxy
    driver: bridge
    ipam:
      config:
        - subnet: $GL_SOCKET_PROXY_SUBNET
        - gateway: $GL_SOCKET_PROXY_GATEWAY

########################### SECRETS
#secrets:
#  htpasswd:
#    file: $SECRETSDIR/htpasswd
#  authelia_jwt_secret:
#    file: $SECRETSDIR/authelia_jwt_secret
#  authelia_session_secret:
#    file: $SECRETSDIR/authelia_session_secret
#  authelia_storage_mysql_password:
#    file: $DOCKERDIR/secrets/authelia_storage_mysql_password
#  authelia_notifier_smtp_password:
#    file: $DOCKERDIR/secrets/authelia_notifier_smtp_password
#  authelia_duo_api_secret_key:
#    file: $DOCKERDIR/secrets/authelia_duo_api_secret_key
########################### SERVICES
services:
  certdumper:
    container_name: gl-traefik_certdumper
    image: ldez/traefik-certs-dumper:latest
    restart: unless-stopped
    command: file \
      --source /acme.json
      --dest /dump
      --version v2
      --domain-subdir=true
      --crt-ext=.pem
      --key-ext=.pem
      --watch
    security_opt:
      - no-new-privileges:true
    volumes:
      - $DOCKERDIR/appdata/traefik2/acme/acme.json:/acme.json:ro
      - $DOCKERDIR/shared/certs:/dump:rw
    networks:
      gl_proxy:
        ipv4_address: $CERTDUMPER_IP
    #network_mode: none
    
    #environment:
    #  DOMAIN: $DOMAINNAME0
    #labels:
    #  - "traefik.enable=true"
      ## HTTP Routers
    #  - "traefik.http.routers.$APP-rtr.entrypoints=https"
    #  - "traefik.http.routers.$APP-rtr.rule=HostHeader(`$NAME.$DOMAINNAME0`)"
      ## Middlewares
    #  - "traefik.http.routers.$APP-rtr.middlewares=chain-authelia@file"
      ## HTTP Services
    #  - "traefik.http.routers.$APP-rtr.service=$APP-svc"
    #  - "traefik.http.services.$APP-svc.loadbalancer.server.port=$PORT"


        # Traefik Certs Dumper - Extract LetsEncrypt Certificates - Traefik2 Compatible
  
    
      # - /var/run/docker.sock:/var/run/docker.sock:ro # Only needed if restarting containers (use Docker Socket Proxy instead)