From 38eb5a989c9edd303401ff531c46d6a336c760dd Mon Sep 17 00:00:00 2001
From: Tom Kendrick <tom@tkendrick.com>
Date: Tue, 16 Dec 2025 13:20:23 +0000
Subject: [PATCH] feat: add traefik container

---
 proxies/traefik/docker-compose.yml | 35 ++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 proxies/traefik/docker-compose.yml

diff --git a/proxies/traefik/docker-compose.yml b/proxies/traefik/docker-compose.yml
new file mode 100644
index 0000000..7db9a38
--- /dev/null
+++ b/proxies/traefik/docker-compose.yml
@@ -0,0 +1,35 @@
+version: '3.8'
+
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ${CONFIG_ROOT}/traefik/traefik.yml:/traefik.yml:ro
+      - ${CONFIG_ROOT}/traefik/acme.json:/acme.json
+      - ${CONFIG_ROOT}/traefik/logs:/var/log/traefik
+    secrets:
+      - cf_dns_api_token
+    labels:
+      # Dashboard
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
+      # Basic Auth Middleware
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fj9U0fCH4d13F5j3v3v3w0 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+
+secrets:
+  cf_dns_api_token:
+    file: ${CONFIG_ROOT}/traefik/secrets/cf_dns_api_token