version: "2.4"

networks:
  web:
    # All containers that are router through traefik needs to be on this network
    external: true

volumes:
  authelia-config:
    # Used for pre-processing of authelia configuration

services:
  autoheal:
    container_name: autoheal
    restart: always
    image: willfarrell/autoheal
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  traefik:
    container_name: traefik
    image: traefik
    restart: always
    environment:
      - EMAIL
      - PRIVATE_DOMAIN
      - PUBLIC_DOMAIN
    networks:
      web:
    command:
      - "--configFile=/data/traefik.yaml"
    ports:
      - 80:80
      - 443:443
      # Open port 8080 for debugging emergencies
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/data
    healthcheck:
      # Sometimes, traefik loses connection to authelia. The only thing that works then is a restart, handled by autoheal.
      test: ["CMD", "wget", "-O", "-", "authelia:9091/api/state"]
    labels:
      traefik.enable: true
      traefik.http.services.traefik.loadbalancer.server.port: 8080
      traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
      traefik.http.routers.traefik.middlewares: auth@file
      traefik.http.routers.traefik.tls.certResolver: le
      autoheal: "true"

  authelia-config:
    # Preprocess authelia configuration through gomplate
    image: hairyhenderson/gomplate
    environment:
      - PRIVATE_DOMAIN
      - PUBLIC_DOMAIN
    volumes:
      - ./authelia/configuration.yml:/data/input:ro
      - authelia-config:/data/output
    command: '--file=/data/input --out=/data/output/configuration.yml'
  authelia:
    container_name: authelia
    image: authelia/authelia
    restart: always
    depends_on:
      # config preprocessor should run first
      - authelia-config
    volumes:
      - ./authelia:/opt/authelia
      - authelia-config:/etc/authelia/
    environment:
      - ENVIRONMENT=dev
      - NODE_TLS_REJECT_UNAUTHORIZED=1
    networks:
      web:
    healthcheck:
      test: ["CMD", "wget", "-O", "-", "127.0.0.1:9091/api/state"]
    labels:
      traefik.enable: true
      traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
      traefik.http.routers.authelia.tls.certResolver: le
      traefik.http.routers.authelia.entrypoints: websecure
      autoheal: "true"

  homer:
    container_name: homer
    image: b4bz/homer
    restart: always
    volumes:
      - ./homer:/www/assets
    environment:
      UID: 1000
      GID: 1001
    networks:
      web:
    labels:
      traefik.enable: true
      traefik.http.routers.homer.rule: Host(`${PRIVATE_DOMAIN}`)
      traefik.http.routers.homer.tls.certResolver: le
      traefik.http.routers.homer.entrypoints: websecure

# whoami-https:
#   image: containous/whoami
#   networks:
#     web:
#   labels:
#     traefik.enable: true
#     traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
#     traefik.http.routers.wait-https.tls.certResolver: le

# whoami-auth:
#   image: containous/whoami
#   networks:
#     web:
#     macvlan:
#   labels:
#     traefik.enable: true
#     traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
#     traefik.http.routers.wai-auth.tls.certResolver: le
#     traefik.http.routers.wai-auth.middlewares: auth@file