version: '3.2'

services:
  agent:
    image: portainer/agent:lts
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]

  portainer:
    image: portainer/portainer-ce:lts
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    ports:
      - "9443:9443"
      - "9000:9000"
      - "8000:8000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /docker-shared/stacks/data/portainer:/data
    networks:
      - traefik_traefik_proxy
      - agent_network
    deploy:
      mode: replicated
      replicas: 1
      labels:
        # Enable Service discovery for Traefik
        - "traefik.enable=true"
        # Define the nginx router rule
        - "traefik.http.routers.portainer.rule=Host(`portainer.lan.xbazzi.com`)"
        # Expose nginx on the HTTPS entrypoint
        - "traefik.http.routers.portainer.entrypoints=websecure"
        # - "traefik.http.routers.nginx.entrypoints=web"
        # Enable TLS
        - "traefik.http.routers.portainer.tls=true"
        # - "traefik.http.routers.nginx.tls=false"
        # Expose the nginx port number to Traefik
        - "traefik.http.services.portainer.loadbalancer.server.port=9000"


        # Custom labels
        - "com.xbazzi.stack=nginx"
        - "com.xbazzi.critical=false"
      restart_policy:
        condition: on-failure
      placement:
        constraints: [node.role == manager]

networks:
  agent_network:
    driver: overlay
    attachable: true
  traefik_traefik_proxy:
    external: true