---
version: '2.1'
services:
{% for i in range(cluster_node_count|default(1)|int) %}
  {% set container_postfix = loop.index %}
  {% set awx_sdb_port_start = 7899 + (loop.index0*1000) | int %}
  {% set awx_sdb_port_end = 7999 + (loop.index0*1000) | int %}
  # Primary AWX Development Container
  awx_{{ container_postfix }}:
    hostname: {{ awx_prefix }}_{{ container_postfix }}
    networks:
      ansible-net:
        aliases:
          - {{ awx_prefix }}_{{ container_postfix }}
      traefik-net:
        aliases:
          - {{ awx_prefix }}_{{ container_postfix }}
    restart: unless-stopped
    environment:
      http_proxy:
      https_proxy:
      no_proxy:
{% if cluster_node_count == 1 %}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}.service={{ awx_prefix }}_{{ container_postfix }}"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}.entrypoints=http"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}.rule=Host(`{{ awx_prefix }}.seboto.my-wan.de`) || Host(`ansible-{{ awx_prefix }}.seboto.my-wan.de`)"
      - "traefik.http.middlewares.{{ awx_prefix }}_{{ container_postfix }}-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}.middlewares={{ awx_prefix }}_{{ container_postfix }}-https-redirect"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}-secure.entrypoints=https"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}-secure.rule=Host(`{{ awx_prefix }}.seboto.my-wan.de`) || Host(`ansible-{{ awx_prefix }}.seboto.my-wan.de`)"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}-secure.tls=true"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}-secure.tls.domains[0].main={{ awx_prefix }}.seboto.my-wan.de"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}-secure.tls.domains[0].sans=ansible-{{ awx_prefix }}.seboto.my-wan.de"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}-secure.tls.certresolver=http"
      - "traefik.http.routers.{{ awx_prefix }}_{{ container_postfix }}-secure.service={{ awx_prefix }}_{{ container_postfix }}"
      - "traefik.http.services.{{ awx_prefix }}_{{ container_postfix }}.loadbalancer.server.port={{ traefik_http_port }}"
      - "traefik.docker.network=traefik_proxy"
{% endif %}
#    volumes:
#      - "/home/awx/certs/ldap.conf:/etc/openldap/ldap.conf:ro"
#      - "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro"
#      - "/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro"
#      - "/etc/pki/tls/private/ansible01.warburg.com.pem:/etc/nginx/nginx.key:ro"
#      - "/etc/pki/tls/certs/ansible01.warburg.com.crt:/etc/nginx/nginx.crt:ro"
  redis_{{ container_postfix }}:
    restart: unless-stopped
    networks:
      ansible-net:
        aliases:
          - redis_{{ container_postfix }}
    restart: unless-stopped
{% endfor %}
{% if cluster_node_count|default(1)|int > 1 %}
  haproxy:
    hostname: haproxy
    networks:
      ansible-net:
        aliases:
          - haproxy
      traefik-net:
        aliases:
          - haproxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.haproxy.service=haproxy"
      - "traefik.http.routers.haproxy.entrypoints=http"
      - "traefik.http.routers.haproxy.rule=Host(`{{ awx_prefix }}.seboto.my-wan.de`) || Host(`ansible-{{ awx_prefix }}.seboto.my-wan.de`)"
      - "traefik.http.middlewares.haproxy-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.haproxy.middlewares=haproxy-https-redirect"
      - "traefik.http.routers.haproxy-secure.entrypoints=https"
      - "traefik.http.routers.haproxy-secure.rule=Host(`{{ awx_prefix }}.seboto.my-wan.de`) || Host(`ansible-{{ awx_prefix }}.seboto.my-wan.de`)"
      - "traefik.http.routers.haproxy-secure.tls=true"
      - "traefik.http.routers.haproxy-secure.tls.domains[0].main={{ awx_prefix }}.seboto.my-wan.de"
      - "traefik.http.routers.haproxy-secure.tls.domains[0].sans=ansible-{{ awx_prefix }}.seboto.my-wan.de"
      - "traefik.http.routers.haproxy-secure.tls.certresolver=http"
      - "traefik.http.routers.haproxy-secure.service=haproxy"
      - "traefik.http.services.haproxy.loadbalancer.server.port={{ traefik_http_port }}"
      - "traefik.docker.network=traefik_proxy"
{% endif %}
  postgres:
    networks:
      ansible-net:
        aliases:
          - postgres
    restart: unless-stopped
    volumes:
      - "{{ awx_composedir }}/initdb.d:/docker-entrypoint-initdb.d:ro"

volumes:
  awx_db:
    name: {{ awx_prefix }}_awx_db
    driver: local
    driver_opts:
      type: none
      o: bind
      device: {{ pg_volume_datapath | default(awx_composedir + '/postgres/data') }}

networks:
  ansible-net:
  traefik-net:
    external: true
    name: traefik_proxy
...