services:
  tinyauth:
    image: ghcr.io/steveiliop56/tinyauth:v3
    container_name: tinyauth
    restart: unless-stopped
    environment:
      - SECRET=${SECRET}
      - APP_URL=https://auth.tellserv.fr
      - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
      - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
      - OAUTH_WHITELIST=${OAUTH_WHITELIST}
    networks:
      - traefik_network
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`auth.tellserv.fr`)"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls=true"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=cloudflare"
      - "traefik.http.services.${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=3000"
      - "traefik.http.middlewares.${COMPOSE_PROJECT_NAME}.forwardauth.address=http://${COMPOSE_PROJECT_NAME}:3000/api/auth/traefik"
      - "traefik.http.middlewares.${COMPOSE_PROJECT_NAME}.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.${COMPOSE_PROJECT_NAME}.forwardauth.authResponseHeaders=X-Forwarded-User"
      - "com.centurylinklabs.watchtower.enable=true"

networks:
  traefik_network:
    external: true