version: '{{ compose_version }}'

services:
  agent:
    image: portainer/agent:{{ portainer_version }}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]

  portainer:
    image: portainer/portainer-ce:{{ portainer_version }}
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    volumes:
      - portainer_data:/data
    networks:
      - agent_network
      - "{{ ingress_network }}"
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
      labels:
        - traefik.enable=true
        - traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`)
        - traefik.http.routers.{{ service }}.tls=true
        - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
        - traefik.http.services.{{ service }}.loadbalancer.server.port=9000

networks:
  agent_network:
    driver: overlay
    attachable: true

volumes:
  portainer_data: ~