version: "3.7"
########################### NETWORKS
# There is no need to create any networks outside this docker-compose file.
# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
  gl_proxy:
    name: gl_proxy
    driver: bridge
    ipam:
      config:
        - subnet: $GL_PROXY_SUBNET
        - gateway: $GL_PROXY_GATEWAY
  default:
    driver: bridge
  gl_socket_proxy:
    name: gl_socket_proxy
    driver: bridge
    ipam:
      config:
        - subnet: $GL_SOCKET_PROXY_SUBNET
        - gateway: $GL_SOCKET_PROXY_GATEWAY

########################### SECRETS
#secrets:
#  htpasswd:
#    file: $SECRETSDIR/htpasswd
#  authelia_jwt_secret:
#    file: $SECRETSDIR/authelia_jwt_secret
#  authelia_session_secret:
#    file: $SECRETSDIR/authelia_session_secret
#  authelia_storage_mysql_password:
#    file: $DOCKERDIR/secrets/authelia_storage_mysql_password
#  authelia_notifier_smtp_password:
#    file: $DOCKERDIR/secrets/authelia_notifier_smtp_password
#  authelia_duo_api_secret_key:
#    file: $DOCKERDIR/secrets/authelia_duo_api_secret_key
########################### SERVICES
services:
  $APP:
    container_name: $CONTAINER_NAME
    image: $IMAGE
    restart: unless-stopped
    networks:
      gl_proxy:
        ipv4_address: $APP_IP
    security_opt:
      - no-new-privileges:true
    # ports:
    #   - "$HEIMDALL_PORT:80"
    volumes:
      - $DOCKERDIR/appdata/$APP:/config
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.$APP-rtr.entrypoints=https"
      - "traefik.http.routers.$APP-rtr.rule=HostHeader(`$NAME.$DOMAINNAME0`)"
      ## Middlewares
      - "traefik.http.routers.$APP-rtr.middlewares=chain-authelia@file"
      ## HTTP Services
      - "traefik.http.routers.$APP-rtr.service=$APP-svc"
      - "traefik.http.services.$APP-svc.loadbalancer.server.port=$PORT"