services:
  crowdsec-admin:
    image: git.domverse-berlin.eu/ci/crowdsec-admin/app:${TAG:-latest}
    container_name: crowdsec-admin
    restart: unless-stopped
    networks:
      - domverse
    extra_hosts:
      - "host.docker.internal:host-gateway"
    environment:
      - TZ=Europe/Berlin
      - LAPI_URL=http://host.docker.internal:8080
      - LAPI_MACHINE_ID=${LAPI_MACHINE_ID}
      - LAPI_MACHINE_PASSWORD=${LAPI_MACHINE_PASSWORD}
      - LAPI_BOUNCER_KEY=${LAPI_BOUNCER_KEY}
      - TRUSTED_PROXY_HOPS=1
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.crowdsec-admin.rule=Host(`crowdsec.domverse-berlin.eu`)"
      - "traefik.http.routers.crowdsec-admin.entrypoints=https"
      - "traefik.http.routers.crowdsec-admin.tls.certresolver=http"
      - "traefik.http.routers.crowdsec-admin.middlewares=crowdsec@file,authentik@docker"
      - "traefik.http.services.crowdsec-admin.loadbalancer.server.port=8000"

      - "kuma.crowdsec-admin.http.name=CrowdSec Admin"
      - "kuma.crowdsec-admin.http.url=https://crowdsec.domverse-berlin.eu"
      - "kuma.crowdsec-admin.http.interval=120"
      - "kuma.crowdsec-admin.http.max_retries=2"
      - "kuma.crowdsec-admin.http.retry_interval=60"
      - "kuma.crowdsec-admin.http.accepted_statuscodes=[\"200-399\"]"

networks:
  domverse:
    external: true