services:
  traefik:
    image: traefik:v2.10
    restart: always
    networks:
      - website_default
    command:
      - --api.insecure=false
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=https
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le_moeny_website.acme.dnschallenge=true
      - --certificatesresolvers.le_moeny_website.acme.dnschallenge.provider=rfc2136
      - --certificatesresolvers.le_moeny_website.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4
      - --certificatesresolvers.le_moeny_website.acme.email=webmaster@moeny.ai
      - --certificatesresolvers.le_moeny_website.acme.storage=/letsencrypt/acme.json
      - --log.level=DEBUG
    environment:
      - RFC2136_TSIG_KEY=${TSIG_KEY}
      - RFC2136_TSIG_SECRET=${TSIG_SECRET}
      - RFC2136_NAMESERVER=${DNS_SERVER}
      - RFC2136_ZONE=${DNS_ZONE}
      - RFC2136_TSIG_ALGORITHM=hmac-sha256
      - RFC2136_DEBUG=true
      - RFC2136_TIMEOUT=60
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik_moeny_website:/letsencrypt:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro

  moeny:
    build: .
    restart: always
    networks:
      - website_default
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.moeny_website.rule=Host(`moeny.ai`)"
      - "traefik.http.routers.moeny_website.entrypoints=https"
      - "traefik.http.routers.moeny_website.tls.certresolver=le_moeny_website"
      - "traefik.http.services.moeny_website.loadbalancer.server.port=80"

volumes:
  traefik_moeny_website: { driver: local }

networks:
  website_default:
    name: website_default