version: '3'

services:
  vault-wrap:
    # $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
    image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
    container_name: vault-wrap
    environment:
      - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.example.ru}
      - VAULT_ADDRESS=${VAULT_ADDRESS}
      - LISTEN_PORT=8080
      - TLS_KEY_FILE=${TLS_KEY_FILE}
      - TLS_CERT_FILE=${TLS_CERT_FILE}
      - TZ=Europe/Moscow
    restart: always
#    ports:
#      - 1234:8080
    build:
        context: .
    volumes:
      - vault-wrap-log:/var/log/vault-wrap
      - vault-wrap-conf:/usr/local/share/vault-wrap
    logging:
      # driver: "syslog"
      options:
        max-size: "10m"
        max-file: "5"
    labels:
      - "tra.enable=true"
      - "tra.http.routers.secret.rule=Host(`secret.example.ru`)"
      - "tra.http.services.secret.loadbalancer.server.port=8080"
      - "tra.docker.network=reverse-proxy"
      - "tra.http.routers.secret.tls=true"
      - "tra.http.services.secret.loadbalancer.server.scheme=http"
    networks:
      - default
      - vault-wrap

networks:
  default:
    name: reverse-proxy
    external: true
  vault-wrap:
    internal: true

volumes:
  vault-wrap-log:
  vault-wrap-conf: