version: '3.8'

services:
  headscale:
    image: git.nixc.us/colin/headscale:production
    volumes:
      - /mnt/tank/persist/nixc.us/headscale/production/config:/etc/headscale/:rw
      - /mnt/tank/persist/nixc.us/headscale/production/data:/var/lib/headscale/:rw
    command: ["headscale", "serve"]
    networks:
      - default
    environment:
      SERVER_URL: "https://headscale.nixc.us"
      LISTEN_ADDR: "0.0.0.0:8080"
      METRICS_LISTEN_ADDR: "0.0.0.0:9090"
      GRPC_LISTEN_ADDR: "0.0.0.0:50443"
      DB_TYPE: "sqlite3"
      DB_PATH: "/etc/headscale/db.sqlite"
    deploy:
      placement:
        constraints:
          - node.hostname == macmini3
      # labels:
      #   us.nixc.autodeploy: "true"
      #   traefik.enable: "true"
      #   traefik.http.routers.production-headscale_headscale.rule: "Host(`headscale.nixc.us`)"
      #   traefik.http.routers.production-headscale_headscale.entrypoints: "websecure"
      #   traefik.http.routers.production-headscale_headscale.tls: "true"
      #   traefik.http.routers.production-headscale_headscale.tls.certresolver: "letsencryptresolver"
      #   traefik.http.routers.production-headscale_headscale.service: "production-headscale_headscale"
      #   traefik.http.services.production-headscale_headscale.loadbalancer.server.port: "8080"
      #   traefik.docker.network: "traefik"
      replicas: 1
      restart_policy:
        condition: on-failure
  nginx:
    image: git.nixc.us/colin/reverse:production
    environment:
      - BACKEND_ADDRESS=headscale_headscale
      - BACKEND_PORT=8080
      - PROTOCOL=http
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == macmini14
      labels:
        us.nixc.autodeploy: "true"
        traefik.enable: "true"
        traefik.http.routers.production-headscale_nginx.tls: "true"
        traefik.http.services.production-headscale_nginx.loadbalancer.server.port: "80"
        traefik.http.routers.production-headscale_nginx.rule: "Host(`headscale.nixc.us`)"
        traefik.http.routers.production-headscale_nginx.entrypoints: "websecure"
        traefik.http.routers.production-headscale_nginx.tls.certresolver: "letsencryptresolver"
        traefik.http.routers.production-headscale_nginx.service: "production-headscale_nginx"
        traefik.http.routers.production-headscale_nginx.middlewares: "authelia_authelia@docker"
        traefik.docker.network: "traefik"
    networks:
      - traefik
      - default
# volumes:
#   headscale:
networks:
  traefik:
    external: true
  default:
    driver: overlay