networks:
  traefik:
    external: true
  portainer_network:
    driver: overlay

volumes:
  portainer_agent_data:
    driver: local

services:
  portainer:
    image: git.nixc.us/nixius/portainer:staging-portainer
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/tank/persist/nixc.us/portainer/data:/data
      - /etc/localtime:/etc/localtime:ro
    deploy:
      placement:
        constraints:
          - node.hostname == macmini14
      replicas: 1
      labels:
        traefik.enable: "true"
        traefik.http.routers.portainer.rule: Host(`portainer.nixc.us`)
        traefik.http.routers.portainer.entrypoints: websecure
        traefik.http.routers.portainer.service: portainer
        traefik.http.routers.portainer.tls: "true"
        traefik.http.routers.portainer.tls.certresolver: letsencryptresolver
        traefik.http.services.portainer.loadbalancer.server.port: 9443
        traefik.docker.network: traefik
        traefik.http.routers.portainer.middlewares: authelia_authelia@docker
    networks:
      - traefik
      - portainer_network

  portainer_agent:
    image: git.nixc.us/nixius/portainer:staging-agent
    environment:
      - AGENT_CLUSTER_ADDR=portainer
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_agent_data:/data
    deploy:
      mode: global
      labels:
        - "traefik.enable=false"
    networks:
      - portainer_network