version: "2.1"
services:
    proxy:
        image: traefik:{{ traefik_version }}
        container_name: inverseproxy
        environment:
            TZ: "{{ timezone }}"
        networks:
            net46:
{% if odoo_instances is defined and odoo_instances.values() | list | selectattr('extra_app', 'defined') %}
            app:
{% endif %}
            shared:
{% if inventory_hostname in groups['docker_auth'] | union(groups['docker_nagios']) or cloud_collabora or cloud_onlyoffice %}
              aliases:
{% if inventory_hostname in groups['docker_auth'] %}
                - {{ ldap_url }}
                - {{ sso_url }}
{% endif %}
{% if inventory_hostname in groups['docker_nagios'] %}
                - {{ nagios_url }}
{% endif %}
{% if inventory_hostname in groups['docker_nextcloud'] | union(groups['docker_owncloud']) %}
                - {{ cloud_url }}
{% if cloud_collabora %}
                - {{ cloud_collabora_url }}
{% endif %}
{% if cloud_onlyoffice %}
                - {{ cloud_onlyoffice_url }}
{% endif %}
{% endif %}
{% endif %}
{% if odoo_instances is defined and odoo_instances.values() | list | selectattr('metabase', 'defined') %}
            bi:
{% endif %}
            smtp:
            private:
{% if restrict_internet_access %}
            public:
{% endif %}
        volumes:
            - cert:/etc/traefik/acme:rw,Z
            - logs:/var/log/traefik/:rw
            - ./traefik.toml:/etc/traefik/traefik.toml:ro
        ports:
            - "0.0.0.0:80:80/tcp"
            - "0.0.0.0:443:443/tcp"
            - "0.0.0.0:443:443/udp"
{% if inventory_hostname in groups['maintenance_contract'] %}
            - "0.0.0.0:8443:8443/tcp"
            - "0.0.0.0:8443:8443/udp"
{% endif %}
            - "[::]:80:80/tcp"
            - "[::]:443:443/tcp"
            - "[::]:443:443/udp"
{% if inventory_hostname in groups['maintenance_contract'] %}
            - "[::]:8443:8443/tcp"
            - "[::]:8443:8443/udp"
{% endif %}
        depends_on:
            - dockersocket
        restart: unless-stopped

    dockersocket:
        image: tecnativa/docker-socket-proxy
        container_name: inverseproxy_socket
        privileged: true
        userns_mode: "host"
        networks:
            private:
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        environment:
            CONTAINERS: 1
            NETWORKS: 1
            SERVICES: 1
            SWARM: 1
            TASKS: 1
        restart: unless-stopped

networks:
    net46:
        name: net46
        enable_ipv6: true
        ipam:
            driver: default
            config:
               - subnet: fd01::/64
                 gateway: fd01::1
{% if odoo_instances is defined and odoo_instances.values() | list | selectattr('extra_app', 'defined') %}
    app:
        internal: true
        driver_opts:
            encrypted: 1
{% endif %}
    shared:
{% if restrict_internet_access %}
        internal: true
{% endif %}
        driver_opts:
            encrypted: 1
{% if odoo_instances is defined and odoo_instances.values() | list | selectattr('metabase', 'defined') %}
    bi:
        internal: true
        driver_opts:
            encrypted: 1
{% endif %}
    smtp:
        internal: true
        driver_opts:
            encrypted: 1
    private:
        internal: true
        driver_opts:
            encrypted: 1
{% if restrict_internet_access %}
    public:
        driver_opts:
            encrypted: 1
{% endif %}

volumes:
    cert:
    logs: