services:
  traefik:
    image: traefik:v2.10
    restart: always
    networks:
      - seq_default
    command:
      - --api.insecure=false
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=https
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le_seq.acme.dnschallenge=true
      - --certificatesresolvers.le_seq.acme.dnschallenge.provider=rfc2136
      - --certificatesresolvers.le_seq.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
      - --certificatesresolvers.le_seq.acme.email=seq.letsencrypt@moeny.ai
      - --certificatesresolvers.le_seq.acme.storage=/letsencrypt/acme.json
      - --log.level=DEBUG
    environment:
      - RFC2136_TSIG_KEY=${TSIG_KEY}
      - RFC2136_TSIG_SECRET=${TSIG_SECRET}
      - RFC2136_NAMESERVER=${DNS_SERVER}
      - RFC2136_ZONE=${DNS_ZONE}
      - RFC2136_TSIG_ALGORITHM=hmac-sha256
      - RFC2136_DEBUG=true
      - RFC2136_TIMEOUT=60
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik_moeny_seq:/letsencrypt:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
  seq:
    image: datalust/seq
    container_name: seq
    restart: always
    networks:
      - seq_default
    environment:
      - ACCEPT_EULA=Y
      - SEQ_API_CANONICALURI=https://seq.moeny.ai
      - SEQ_FIRSTRUN_ADMINPASSWORDHASH=${SEQ_ADMIN_PASSWORD_HASH}
    volumes:
      - ./data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.seq.rule=Host(`seq.moeny.ai`)"
      - "traefik.http.routers.seq.entrypoints=https"
      - "traefik.http.routers.seq.tls.certresolver=le_seq"
      - "traefik.http.services.seq.loadbalancer.server.port=80"

volumes:
  traefik_moeny_seq: { driver: local }

networks:
  seq_default:
    name: seq_default