services:
  ttyd:
    build:
      context: .
      network: host
    image: ttyd:alpine
    container_name: ttyd
    hostname: ttyd
    restart: unless-stopped
    command: ["ttyd", "-W", "-o", "-u", "1000", "-g", "1000", "bash"]
    stdin_open: true
    tty: true
    labels:
      - traefik.enable=true
      - traefik.http.routers.$SUBDOMAIN.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.$SUBDOMAIN.tls=true
      - traefik.http.routers.$SUBDOMAIN.entrypoints=web,websecure
      - traefik.http.routers.$SUBDOMAIN.tls.certresolver=cloudflare
      - traefik.http.middlewares.$SUBDOMAIN.headers.SSLRedirect=true
      - traefik.http.middlewares.$SUBDOMAIN.headers.STSSeconds=315360000
      - traefik.http.middlewares.$SUBDOMAIN.headers.browserXSSFilter=true
      - traefik.http.middlewares.$SUBDOMAIN.headers.contentTypeNosniff=true
      - traefik.http.middlewares.$SUBDOMAIN.headers.forceSTSHeader=true
      - traefik.http.middlewares.$SUBDOMAIN.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.$SUBDOMAIN.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.$SUBDOMAIN.headers.STSPreload=true
      - traefik.http.middlewares.$SUBDOMAIN.headers.frameDeny=true
      - traefik.http.routers.$SUBDOMAIN.middlewares=authentik-forwardauth@docker
      # - traefik.http.routers.$SUBDOMAIN.middlewares=$SUBDOMAIN@docker
      - traefik.http.services.$SUBDOMAIN.loadbalancer.server.port=7681
      - traefik.docker.network=jump
    env_file:
      - .env
    # volumes:
    networks:
      jump:
      lan:
        ipv4_address: $IP_ADDRESS
    user: "1000:1000"
# volumes:
networks:
  jump:
    external: true
  lan:
    external: true