services:
  traefik:
    image: traefik:v3.5.4
    # Remove all command arguments - using static config file instead
    ports:
    - 80:80
    - 443:443
    - 8082:8080
    environment:
    - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
    volumes:
    - type: bind
      source: /var/run/docker.sock
      target: /var/run/docker.sock
      read_only: true
    - type: bind
      source: /home/doc/projects/swarm-data/swarm-production/conf/traefik-conf/static.yml
      target: /etc/traefik/traefik.yml
      read_only: true
    - type: bind
      source: /home/doc/projects/swarm-data/swarm-production/conf/traefik-conf/dynamic.yml
      target: /etc/traefik/dynamic/dynamic.yml
    - type: bind
      source: /home/doc/projects/swarm-data/appdata/traefik/certificates/acme.json
      target: /certificates/acme.json
    secrets:
    - cloudflare_api_token
    networks:
    - homelab
    healthcheck:
      test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping" ]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
        - node.hostname == p0

networks:
  homelab:
    external: true

secrets:
  cloudflare_api_token:
    external: true