version: "3.9"

networks:
  proxy:
    external: false
    name: proxy
  internal:
    external: false
    driver: bridge
    name: internal

volumes:
  letsencrypt:
    name: letsencrypt
  mysql8-data:
    name: mysql8-data
  mysql8-backup:
    name: mysql8-backup
  psql14-data:
    name: psql14-data
  psql14-backup:
    name: psql14-backup
  redis-data:
    name: redis-data
  portainer:
    name: portainer

services:
  traefik:
    image: traefik:v2.5
    container_name: traefik
    restart: unless-stopped
    command:
      - --global.sendAnonymousUsage=false
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false
      - --providers.docker.swarmMode=false
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --entryPoints.ssh.address=:222/tcp
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
#      - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.myresolver.acme.email=christiansteinle@arcor.de
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
      - --log=true
      - --accessLog=true
      - --metrics.prometheus=true
      - --metrics.prometheus.addEntryPointsLabels=true
      - --metrics.prometheus.addrouterslabels=true
      - --metrics.prometheus.addServicesLabels=true
    ports:
      - "80:80"
      - "443:443"
      - "222:222"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - letsencrypt:/letsencrypt
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.rule=Host(`traefik.lan`)"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
    networks:
      - proxy

  portainer:
    image: portainer/portainer-ce
    container_name: portainer
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer:/data
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.lan`)"
      - "traefik.http.routers.portainer.entrypoints=web"
      - "traefik.http.routers.portainer.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"

  mysql8:
    image: mysql:8
    container_name: mysql8
    command: --default-authentication-plugin=mysql_native_password
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: "${DB_ROOT_PW}"
    volumes:
      - mysql8-data:/var/lib/mysql
      - mysql8-backup:/var/backups
      - ${PWD}/mysql_databases.sql:/docker-entrypoint-initdb.d/01_create_databases.sql
    networks:
      - internal
    healthcheck:
      test: ["CMD-SHELL", "mysqladmin ping -uroot -p$$(DB_ROOT_PW)"]

  psql14:
    image: postgres:14-alpine
    container_name: psql14
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: ${DB_ROOT_PW}
    volumes:
      - psql14-data:/var/lib/postgresql/data
      - psql14-backup:/var/backups
      - ${PWD}//postgres_databases.sql:/docker-entrypoint-initdb.d/01_create_databases.sql
    networks:
      - internal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]

  redis:
    image: redis:alpine
    container_name: redis
    restart: unless-stopped
    volumes:
      - redis-data:/data
    networks:
      - internal
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping"]