---

# Instance (if several instances run on the same namespace)
instance: traefik

traefik:

  # Version of Traefik
  version: 3.0.0

  # Docker image to use for Traefik
  image: '[[ .docker.repo ]]traefik:[[ .traefik.version ]]-1'

  # Resources for traefik instances
  resources:
    cpu: 500
    memory: 256
    memory_max: 300

  # Number of traefik instances
  count: 2

  nomad:
    # Set a high priority for the job
    priority: 70
    # Ensure we run on distinct hosts
    constraints:
      - operator: distinct_hosts
        value: true

  vault:
    policies:
      - '[[ .instance ]][[ .consul.suffix ]]'

  api:
    traefik:
      auto_rule: false
      router: '[[ .instance ]]-api[[ .consul.suffix ]]'
      strip_prefix: false
      entrypoints:
        - https
      middlewares:
        99-path:
          - replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path | regexp.Replace "/$" "" ]]/(.*)
          - replacepathregex.replacement=/dashboard/$${1}


  ping:
    traefik:
      auto_rule: false
      router: '[[ .instance ]]-ping[[ .consul.suffix ]]'
      strip_prefix: false
      entrypoints:
        - http
        - https
      priority: 2000

  # List of trusted proxies from whom to trust proxy protocol v1/v2 source address
  trusted_proxies: []

  # List entrypoints to configure. Note that if prometheus is enabled, another entrypoint named metrics will bind on 127.0.0.1:9500
  # entrypoints:
  #   postgres:
  #     static: 5432
  #     to: 5432
  #     protocol: tcp
  #     middlewares:
  #       src-ip: ip-trusted@file
  #   syslog:
  #     static: 514
  #     to: 5514
  #     protocol: udp
  entrypoints:
    http:
      static: 80
      to: 5080
      http:
        redirections:
          entryPoint:
            to: :{{ env "NOMAD_HOST_PORT_https" }}
            priority: 1000
    https:
      static: 443
      to: 5443
      http:
        tls: {}

  # The public URL, on which the following endpoints will be exposed
  # - /api : the API
  # - /ping : the health check
  # Note : this URL should have a path (so https://traefik.example.org/ is invalid but https://traefik/example.org/dashboard is valid)
  public_url: https://traefik.example.org/dashboard

  # Prometheus settings
  prometheus:
    enabled: '[[ .prometheus.available ]]'
    # The metrics_url should point on the metrics endpoint from the container's POV
    # It'll be used to exposed metrics using a nginx proxy (adding mTLS)
    metrics_url: http://localhost:9500/metrics

lemonldap:
  # If enabled, will run a Lemonldap::NG handler sidecar
  # able to auth using the lemonldap@file middleware
  enabled: False

  # Docker image to use for Lemonldap::NG handler
  image: '[[ .llng.engine.image ]]'

  # Env vars to set in the container
  env: {}

  # Resources for Lemonldap::NG handlers
  resources:
    cpu: 200
    memory: 256

  config:
    url: https://auth.example.org/index.psgi/config
    # user: lemonldap
    # password: secret
    realm: Lemonldap::NG API

  sessions:
    url: https://auth.example.org/index.psgi/sessions
    # user: lemonldap
    # password: secret
    realm: Lemonldap::NG API