Personal Homelab
krasovs.ky
1[Unit]
2Description=Traefik Quadlet
3Requires=http.socket https.socket imaps.socket smtps.socket ldaps.socket podman.socket
4After=http.socket https.socket imaps.socket smtps.socket ldaps.socket podman.socket
5
6[Container]
7Image=docker.io/library/traefik:v3.6.0
8AutoUpdate=registry
9ContainerName=traefik
10
11User=1000:1000
12UserNS=keep-id:uid=1000,gid=1000
13
14# I use CNAMEs to point to my homelab;
15# Variable name could be misleading, since overwise
16# Lego tries to issue cert for you CNAME host.
17Environment=LEGO_DISABLE_CNAME_SUPPORT=true
18Secret=traefik-cf-dns-api-token,type=env,target=CF_DNS_API_TOKEN
19
20Label="glance.name=Traefik"
21Label="glance.icon=di:traefik"
22Label="glance.url=https://traefik.${base_domain}/dashboard/"
23Label="glance.description=Application Proxy"
24Label="glance.hide=false"
25
26Label="traefik.enable=true"
27Label="traefik.http.routers.dashboard.rule=Host(`traefik.${base_domain}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
28Label="traefik.http.routers.dashboard.service=api@internal"
29Label="traefik.http.routers.dashboard.middlewares=oauth2-proxy@file"
30Label="traefik.http.routers.dashboard-auth.rule=Host(`traefik.${base_domain}`) && PathPrefix(`/oauth2/`)"
31Label="traefik.http.routers.dashboard-auth.service=oauth2-proxy"
32
33Volume=%E/traefik/traefik.yml:/etc/traefik/traefik.yml:Z
34Volume=%E/traefik/file:/etc/traefik/file:Z
35Volume=/var/mnt/docker/app_data/traefik/acme:/etc/traefik/acme:Z
36
37Volume=%t/podman/podman.sock:/var/run/docker.sock
38
39Network=reverse-proxy.network
40
41Notify=true
42
43# Disable label security to access Podman socket.
44SecurityLabelDisable=true
45
46[Service]
47TimeoutStartSec=900
48Restart=always
49Sockets=http.socket https.socket imaps.socket smtps.socket ldaps.socket
50
51[Install]
52WantedBy=multi-user.target default.target