services:
  # cloudflared (to public)
  cloudflared-tunnel:
    image: cloudflare/cloudflared:latest
    command: tunnel run

    environment:
      - TUNNEL_TOKEN=${CLOUDFLARED_TUNNEL_TOKEN}
    
    networks:
      - web-public

    restart: unless-stopped

  # http gateway
  http-gateway:
    image: traefik:v2.6
    volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro

     - ./data/http-proxy-acme:/acme:rw

    networks:
     - web-public
     - web

    command: 
      --providers.docker

      --entrypoints.web.address=:80
      --entrypoints.web.http.tls=false

    extra_hosts:
      - "host.docker.internal:host-gateway"

    restart: unless-stopped

  # ldap
  ldap-server:
    extends:
      file: ldap-server/docker-compose.yml
      service: ldap-server
    networks:
     - web
    ports:
      - 389:389

  ldap-passwd-webui:
    extends:
      file: ldap-server/docker-compose.yml
      service: ldap-passwd-webui
    networks:
     - web
    labels:
      - traefik.http.routers.ldap-passwd-webui.rule=Host(`passwd.skyw.me`)
      - traefik.http.services.ldap-passwd-webui.loadbalancer.server.port=8080

  # wireguard server
  wg-server:
    extends:
      file: wg-server/docker-compose.yml
      service: wg-server
    # host network
    # networks:
    #  - web
    labels:
      - traefik.http.routers.wg-server.rule=Host(`wg.skyw.me`)
      - traefik.http.services.wg-server.loadbalancer.server.port=8123

  # wiki
  wiki-db:
    extends:
      file: wiki/docker-compose.yml
      service: wiki-db
    networks:
     - web
  
  wiki-server:
    extends:
      file: wiki/docker-compose.yml
      service: wiki-server
    networks:
     - web
    labels:
      - traefik.http.routers.wiki-server.rule=Host(`skyw.me`) || Host(`www.skyw.me`) || Host(`wiki.skyw.me`)
      - traefik.http.services.wiki-server.loadbalancer.server.port=3000

networks:
  # global internal network for web services
  web:
    name: "web"

  # public interface (through tunnel)
  web-public:
    name: "web-public"