[Unit]
Description=Traefik
After=docker.service
StartLimitIntervalSec=0

[Service]
Slice=servarr.slice
Restart=always
RestartSec=5s
ExecStartPre=/bin/sh -c '/usr/bin/docker network create entertainment || true'
ExecStartPre=/usr/bin/docker pull traefik:3.4
ExecStart=/usr/bin/docker run --name=traefik \
  --rm \
  --hostname traefik \
  --net=entertainment \
  --interactive \
  -p 80:80 \
  -p 443:443 \
  -p 8080:8080 \
  -e DUCKDNS_TOKEN=d5c7269c-cb17-4615-b10a-0bfee32dfef7 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /mnt/docker/data/traefik/letsencrypt:/letsencrypt \
  -l traefik.enable=true \
  -l traefik.docker.network=entertainment \
  traefik:3.4 \
  --log=true \
  --log.level=DEBUG \
  --global.sendAnonymousUsage=false \
  --global.checkNewVersion=false \
  --providers.docker=true \
  --providers.docker.exposedbydefault=true \
  --providers.docker.defaultrule='Host(`{{ normalize .Name }}.DUCKDNS_DOMAIN`)' \
  --entrypoints.http=true \
  --entrypoints.http.address='0.0.0.0:80' \
  --entrypoints.http.http.redirections.entrypoint.to='https' \
  --entrypoints.http.http.redirections.entrypoint.scheme='https' \
  --entrypoints.https=true \
  --entrypoints.https.address='0.0.0.0:443' \
  --entrypoints.https.http.tls.domains[0].main='DUCKDNS_DOMAIN' \
  --entrypoints.https.http.tls.domains[0].sans='*.DUCKDNS_DOMAIN' \
  --entrypoints.https.http.tls.certresolver='duckdns' \
  --entrypoints.https.http.tls=true \
  --entrypoints.https.http.middlewares='authelia@docker' \
  --certificatesresolvers.duckdns.acme.storage='/letsencrypt/acme.json' \
  --certificatesresolvers.duckdns.acme.dnschallenge=true \
  --certificatesresolvers.duckdns.acme.dnschallenge.provider='duckdns' \
  --certificatesresolvers.duckdns.acme.email='DUCKDNS_EMAIL' \
  --certificatesresolvers.duckdns.acme.dnschallenge.resolvers='8.8.8.8,8.8.4.4'
ExecStop=/usr/bin/docker stop traefik
ExecStop=/usr/bin/docker rm -f traefik
TimeoutSec=300
Environment=DOCKER_CONFIG=/etc/docker
Environment=HOSTNAME=spark

[Install]
WantedBy=multi-user.target