services:
  semaphore:
    image: semaphoreui/semaphore:v2.17.33
    container_name: semaphore
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    environment:
      SEMAPHORE_DB_DIALECT: postgres
      SEMAPHORE_DB_HOST: postgresql17
      SEMAPHORE_DB_PORT: 5432
      SEMAPHORE_DB_NAME: semaphore
      SEMAPHORE_DB_USER: semaphore
      SEMAPHORE_DB_PASS: ${SEMAPHORE_DB_PASS}

      SEMAPHORE_ADMIN: admin
      SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD}
      SEMAPHORE_ADMIN_NAME: micha
      SEMAPHORE_ADMIN_EMAIL: michideheld@gmx.de

      SEMAPHORE_ACCESS_KEY_ENCRYPTION: ${SEMAPHORE_ACCESS_KEY_ENCRYPTION}
      SEMAPHORE_WEB_ROOT: https://semaphore.kaleschke.info
      SEMAPHORE_GIT_CLIENT: cmd_git

    volumes:
      - semaphore_data:/var/lib/semaphore
      - semaphore_config:/etc/semaphore
      - semaphore_tmp:/tmp/semaphore

    networks:
      - frontend_net
      - backend_net
      
    dns:
     - 1.1.1.1
     - 8.8.8.8

    labels:
      - traefik.enable=true
      - traefik.docker.network=frontend_net
      - traefik.http.routers.semaphore.rule=Host(`semaphore.kaleschke.info`)
      - traefik.http.routers.semaphore.entrypoints=websecure
      - traefik.http.routers.semaphore.tls=true
      - traefik.http.routers.semaphore.tls.certresolver=le
      - traefik.http.routers.semaphore.middlewares=authelia@file,secure-headers@file
      - traefik.http.services.semaphore.loadbalancer.server.port=3000

volumes:
  semaphore_data:
  semaphore_config:
  semaphore_tmp:

networks:
  frontend_net:
    external: true
  backend_net:
    external: true