# {{ ansible_managed }}

networks:
  traefik:
    external: true

services:
  traefik:
    image: traefik:v3
    restart: always
    command:
      - "--log.level=INFO"
      - "--accesslog=true"
      - "--accesslog.fields.names.StartUTC=drop"
      - "--api=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:{{ docker_traefik_web_port }}"
      - "--entryPoints.web.forwardedHeaders.trustedIPs={{ docker_traefik_trusted_ips }}"
      - "--entrypoints.websecure.address=:{{ docker_traefik_websecure_port }}"
      - "--entryPoints.websecure.forwardedHeaders.trustedIPs={{ docker_traefik_trusted_ips }}"
      - "--entrypoints.api.address=:{{ docker_traefik_admin_port }}"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.port={{ docker_traefik_admin_port }}"
      - "traefik.http.routers.api.entrypoints=api"
      - "traefik.http.routers.api.rule=(PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.routers.api.tls"
      - "traefik.http.middlewares.auth.basicauth.users={{ docker_traefik_admin }}"
    ports:
      - "{{ docker_traefik_listen_ip }}:{{ docker_traefik_web_port }}:{{ docker_traefik_web_port }}"
      - "{{ docker_traefik_listen_ip }}:{{ docker_traefik_websecure_port }}:{{ docker_traefik_websecure_port }}"
      - "{{ docker_traefik_admin_listen_ip }}:{{ docker_traefik_admin_port }}:{{ docker_traefik_admin_port }}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TZ=Europe/Paris
    networks:
      - traefik
    userns_mode: "host"