✨feature: Add basic Traefik/Authelia support files

assets/files/traefik/traefik-stack.yml

@@ -0,0 +1,93 @@
+services:
+  traefik:
+    container_name: Traefik
+    image: traefik:latest
+    restart: always
+
+    networks:
+      traefik_macvlan:
+        ipv4_address: 192.168.2.253   # Traefik's LAN IP
+      proxy: {}
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik/traefik.yml:/traefik.yml:ro
+      - ./traefik/config:/traefik_config
+      - ./traefik/cert:/traefik_cert
+      - ./traefik/logs:/logs
+
+    environment:
+      - TZ=America/Winnipeg
+      - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
+      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
+
+    labels:
+      - "traefik.enable=true"
+
+      # Dashboard (behind Authelia)
+      - "traefik.http.routers.traefik.rule=Host(`tfk.yourdomain.com`)"
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.middlewares=authelia@docker"
+
+  authelia:
+    container_name: Authelia
+    restart: always
+    image: authelia/authelia:latest
+
+    networks:
+      - proxy
+
+    volumes:
+      - ./authelia/config:/config
+      - ./authelia/secrets:/secrets:ro
+      - ./authelia/logs:/var/log/authelia
+
+    environment:
+      - TZ=America/Winnipeg
+      - X_AUTHELIA_CONFIG_FILTERS=template
+      - AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
+      - AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      - AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.routers.authelia.rule=Host(`auth.yourdomain.com`)"
+      - "traefik.http.routers.authelia.entrypoints=https"
+      - "traefik.http.routers.authelia.tls.certresolver=cloudflare"
+
+      - "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"
+      - "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
+      - "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
+
+  traefik-gui:
+    container_name: Traefik-GUI
+    restart: always
+    image: ghcr.io/rahn-it/traefik-gui:master
+
+    networks:
+      - proxy
+
+    volumes:
+      - ./traefik-gui/db:/app/db
+      - ./traefik/config:/app/traefik
+
+    environment:
+      - TZ=America/Winnipeg
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.routers.traefik-gui.rule=Host(`tfk-admin.yourdomain.com`)"
+      - "traefik.http.routers.traefik-gui.entrypoints=https"
+      - "traefik.http.routers.traefik-gui.tls.certresolver=cloudflare"
+      - "traefik.http.routers.traefik-gui.middlewares=authelia@docker"
+
+networks:
+  traefik_macvlan:
+    external: true
+  proxy:
+    name: proxy
+    driver: bridge