version: '3.8'

networks:
  traefik-public:
    external: true
  portainer-agent:
    driver: overlay
    attachable: true

volumes:
  portainer_data:

services:
  portainer:
    image: portainer/portainer-ce:latest
    command:
      - "-H"
      - "tcp://tasks.agent:9001"
      - "--tlsskipverify"
    ports:
      - "9000:9000"
      - "9443:9443"
    volumes:
      - portainer_data:/data
    networks:
      - traefik-public
      - portainer-agent
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9000/api/status"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == manager
      resources:
        limits:
          memory: 512M
          cpus: '0.5'
        reservations:
          memory: 256M
          cpus: '0.25'
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
      update_config:
        parallelism: 1
        delay: 10s
        failure_action: rollback
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.portainer.rule=Host(`portainer.sterl.xyz`)"
        - "traefik.http.routers.portainer.entrypoints=websecure"
        - "traefik.http.routers.portainer.tls.certresolver=cfresolver"
        - "traefik.http.routers.portainer.service=portainer"
        - "traefik.http.routers.portainer.tls=true"
        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
        - "traefik.http.services.portainer.loadbalancer.sticky.cookie=true"
        - "traefik.swarm.network=traefik-public"
        - "traefik.docker.network=traefik-public"
        - "docktail.enable=true"
        - "docktail.name=portainer"
        - "docktail.container_port=9000"
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  # Linux agent
  agent:
    image: portainer/agent:latest
    environment:
      AGENT_CLUSTER_ADDR: tasks.agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - portainer-agent
    deploy:
      mode: global
      placement:
        constraints:
          - node.platform.os == linux
      resources:
        limits:
          memory: 128M
          cpus: '0.25'
        reservations:
          memory: 64M
          cpus: '0.1'
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "2"

  # Windows agent (optional - only deploys if Windows node exists)
  agent-windows:
    image: portainer/agent:latest
    environment:
      AGENT_CLUSTER_ADDR: tasks.agent
    volumes:
      - type: npipe
        source: \\\\.\\pipe\\docker_engine
        target: \\\\.\\pipe\\docker_engine
      - type: bind
        source: C:\\ProgramData\\docker\\volumes
        target: C:\\ProgramData\\docker\\volumes
    networks:
      portainer-agent:
        aliases:
          - agent
    deploy:
      mode: global
      placement:
        constraints:
          - node.platform.os == windows
      resources:
        limits:
          memory: 128M
          cpus: '0.25'
        reservations:
          memory: 64M
          cpus: '0.1'
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "2"