# Example docker-compose.yml file for mantrae
# Check the mantrae logs after first start for the admin password
services:
  mantrae:
    image: ghcr.io/mizuchilabs/mantrae:latest
    container_name: mantrae
    environment:
      - ADMIN_PASSWORD=<super secret password>
      - SECRET=<secret> # generate a secret with openssl rand -hex 16
    volumes:
      - ./mantrae:/data # base directory used
    ports:
      - 3000:3000 # remove this if you want to use traefik
    labels:
      - traefik.enable=true
      - traefik.http.routers.mantrae.rule=Host(`mantrae.example.com`)
    networks:
      - proxy
    restart: unless-stopped

  mantrae-agent: # agent for running on other machines
    image: ghcr.io/mizuchilabs/mantrae-agent:latest
    container_name: mantrae-agent
    network_mode: host # for detecting the hostname of the machine
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # needed if running as container
    environment:
      - TOKEN=<token> # token from mantrae server
      - HOST=https://mantrae.example.com # where to reach your mantrae server
    restart: unless-stopped

  traefik:
    image: docker.io/traefik:latest
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - ./traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - CF_DNS_API_TOKEN=xxx # Set cloudflare token
    networks:
      - proxy
    command:
      - --log.level=INFO
      - --api.dashboard=true
      - --api.insecure=true # remove this if you have a domain
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.asDefault=true
      - --entrypoints.websecure.http.tls.certresolver=letsencrypt # Set the default cert resolver
      - --serversTransport.insecureSkipVerify=true
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --providers.docker.watch=true
      - --providers.http.endpoint=http://mantrae:3000/api/<profile-name>?token=<token> # use the correct profile name
      - --providers.http.headers.Traefik-Instance-Name=my_cool_instance
      - --providers.http.headers.Traefik-Instance-Url=http://127.0.0.1:8080
      - --certificatesresolvers.letsencrypt.acme.email=your@email.com
      - --certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0
    labels:
      - traefik.enable=true
      - traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      - traefik.http.routers.dashboard.service=api@internal
      - traefik.http.routers.dashboard.entrypoints=websecure
    restart: always

networks:
  proxy: