From 5e5d1ce21215a16a99267cc24fe9faa1cf9001ac Mon Sep 17 00:00:00 2001
From: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>
Date: Wed, 1 Oct 2025 14:34:55 +0530
Subject: [PATCH] traefik services setup

---
 docker-compose.yaml   |  24 ++++++
 dynamic/services.yaml | 190 ++++++++++++++++++++++++++++++++++++++++++
 traefik.yaml          |  24 ++++++
 3 files changed, 238 insertions(+)
 create mode 100644 docker-compose.yaml
 create mode 100644 dynamic/services.yaml
 create mode 100644 traefik.yaml

diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..0ed8726
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,24 @@
+version: "3.8"
+
+services:
+  traefik:
+    image: traefik:v3.0
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--configFile=/etc/traefik/traefik.yaml"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"   # Traefik dashboard
+    volumes:
+      - "./traefik.yaml:/etc/traefik/traefik.yaml:ro"
+      - "./dynamic:/etc/traefik/dynamic:ro"
+      - "./letsencrypt:/letsencrypt"
+      - "/auth:/auth:ro"  # Basic auth folder
+    networks:
+      - backend
+
+networks:
+  backend:
+    driver: bridge
diff --git a/dynamic/services.yaml b/dynamic/services.yaml
new file mode 100644
index 0000000..c2f55a3
--- /dev/null
+++ b/dynamic/services.yaml
@@ -0,0 +1,190 @@
+http:
+  middlewares:
+    basic-auth:
+      basicAuth:
+        usersFile: /auth/htpasswd
+
+    websocket-headers:
+      headers:
+        customRequestHeaders:
+          Connection: "Upgrade"
+          Upgrade: "websocket"
+
+    dcr-cors:
+      headers:
+        accessControlAllowOrigin: "http://registry.aetoskia.com"
+        accessControlAllowMethods: "GET, POST, PUT, DELETE, OPTIONS"
+        accessControlAllowHeaders: "Authorization, Content-Type"
+        accessControlMaxAge: 1728000
+
+  routers:
+    # Dashboard
+    traefik-dashboard:
+      rule: "Host(`traefik.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: traefik-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - basic-auth
+
+    # Media Services
+    plex:
+      rule: "Host(`plex.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: plex-svc
+      tls:
+        certResolver: aetoskia
+
+    sonarr:
+      rule: "Host(`sonarr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: sonarr-svc
+      tls:
+        certResolver: aetoskia
+
+    radarr:
+      rule: "Host(`radarr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: radarr-svc
+      tls:
+        certResolver: aetoskia
+
+    jellyseerr:
+      rule: "Host(`jellyseerr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: jellyseerr-svc
+      tls:
+        certResolver: aetoskia
+
+    ombi:
+      rule: "Host(`ombi.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: ombi-svc
+      tls:
+        certResolver: aetoskia
+
+    qbit:
+      rule: "Host(`qbit.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: qbit-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
+    # Codebase Services
+    gitea:
+      rule: "Host(`gitea.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: gitea-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
+    drone:
+      rule: "Host(`drone.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: drone-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
+    dcr:
+      rule: "Host(`dcr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: dcr-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - dcr-cors
+
+    registry:
+      rule: "Host(`registry.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: registry-svc
+      tls:
+        certResolver: aetoskia
+#      middlewares:
+#        - basic-auth
+
+    # Monitoring
+    portainer:
+      rule: "Host(`portainer.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: portainer-svc
+      tls:
+        certResolver: aetoskia
+
+  services:
+    # Media
+    plex-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:32400"
+
+    sonarr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:8989"
+
+    radarr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:7878"
+
+    jellyseerr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:5055"
+
+    ombi-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3579"
+
+    qbit-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:8080"
+
+    # Codebase
+    gitea-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:6002"
+
+    drone-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:6003"
+
+    dcr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:6005"
+
+    registry-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:6001"
+
+    # Monitoring
+    portainer-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:7002"
diff --git a/traefik.yaml b/traefik.yaml
new file mode 100644
index 0000000..ce84107
--- /dev/null
+++ b/traefik.yaml
@@ -0,0 +1,24 @@
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+
+providers:
+  file:
+    directory: /etc/traefik/dynamic
+    watch: true
+
+api:
+  dashboard: true
+
+log:
+  level: INFO
+
+certificatesResolvers:
+  aetoskia:
+    acme:
+      email: aetoskia@gmail.com
+      storage: /letsencrypt/acme.json
+      httpChallenge:
+        entryPoint: web