version: "3.9"

services:
  traefik:
    image: traefik:3.1
    container_name: traefik
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare.acme.email=you@example.com"
      - "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    environment:
      - CF_API_EMAIL=you@example.com
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/letsencrypt:/letsencrypt
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    container_name: homepage
    volumes:
      - ./data/homepage/config:/app/config
      - ./data/homepage/images:/app/public/images
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homepage.entrypoints=websecure"
      - "traefik.http.routers.homepage.rule=Host(`home.lab.example.com`)"
      - "traefik.http.routers.homepage.tls.certresolver=cloudflare"
      - "traefik.http.middlewares.homepage-sec.headers.sslredirect=true"
      - "traefik.http.middlewares.homepage-sec.headers.stsseconds=63072000"
      - "traefik.http.routers.homepage.middlewares=homepage-sec"

  dozzle:
    image: amir20/dozzle:latest
    container_name: dozzle
    ports:
      - "8888:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dozzle.entrypoints=websecure"
      - "traefik.http.routers.dozzle.rule=Host(`logs.lab.example.com`)"
      - "traefik.http.routers.dozzle.tls.certresolver=cloudflare"

  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    command:
      - "--cleanup"
      - "--schedule=0 0 4 * * *" # 4:00 AM daily
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped