Archive projects

.archived/adguardhome-sync/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+  adguardhome-sync:
+    container_name: adguardhome-sync
+    image: ghcr.io/bakito/adguardhome-sync:alpine-v0.7.8
+    restart: unless-stopped
+    command: run --config /config/adguardhome-sync.yaml
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - ${APPDATA_PATH}/adguardhome-sync/adguardhome-sync.yaml:/config/adguardhome-sync.yaml
+    ports:
+      - ${PORT}:8080

.archived/authentik/docker-compose.yml

@@ -0,0 +1,124 @@
+services:
+  authentik_db:
+    container_name: authentik_db
+    image: docker.io/library/postgres:17.5
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+    volumes:
+      - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data
+    networks:
+      - backend
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+  authentik_valkey:
+    container_name: authentik_valkey
+    image: docker.io/valkey/valkey:8.1.3
+    restart: unless-stopped
+    command: valkey-server --save 60 1 --requirepass ${VALKEY_PASSWORD}
+    volumes:
+      - ${APPDATA_PATH}/authentik/valkey:/data
+    networks:
+      - backend
+    healthcheck:
+      test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+  authentik_server:
+    container_name: authentik_server
+    image: ghcr.io/goauthentik/server:2025.6.4
+    restart: unless-stopped
+    depends_on:
+      authentik_db:
+        condition: service_healthy
+      authentik_valkey:
+        condition: service_healthy
+    command: server
+    environment:
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
+      - AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
+      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
+      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      - AUTHENTIK_REDIS__HOST=authentik_valkey
+      - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
+
+      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
+      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
+      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
+      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
+      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
+      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
+      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
+      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
+    volumes:
+      - ${APPDATA_PATH}/authentik/media:/media
+      - ${APPDATA_PATH}/authentik/custom-templates:/templates
+    ports:
+      - ${AUTHENTIK_HTTP_PORT}:9000
+      - ${AUTHENTIK_HTTPS_PORT}:9443
+    networks:
+      - frontend
+      - backend
+
+  authentik_worker:
+    container_name: authentik_worker
+    image: ghcr.io/goauthentik/server:2025.6.4
+    restart: unless-stopped
+    depends_on:
+      authentik_db:
+        condition: service_healthy
+      authentik_valkey:
+        condition: service_healthy
+    command: worker
+    user: ${PUID}:${PGID}
+    environment:
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
+      - AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
+      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
+      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      - AUTHENTIK_REDIS__HOST=authentik_valkey
+      - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
+
+      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
+      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
+      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
+      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
+      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
+      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
+      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
+      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
+    volumes:
+      - ${APPDATA_PATH}/authentik/media:/media
+      - ${APPDATA_PATH}/authentik/certs:/certs
+      - ${APPDATA_PATH}/authentik/custom-templates:/templates
+    networks:
+      - frontend
+      - backend
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true

.archived/mazanoke/docker-compose.yml

@@ -0,0 +1,18 @@
+services:
+  mazanoke:
+    container_name: mazanoke
+    image: ghcr.io/civilblur/mazanoke:v1.1.5
+    restart: unless-stopped
+    # labels:
+    #   - traefik.enable=true
+    #   - traefik.http.routers.mazanoke.rule=Host(`${TRAEFIK_DOMAIN}`)
+    #   - traefik.http.routers.mazanoke.entrypoints=${TRAEFIK_ENTRYPOINT}
+    #   - traefik.http.services.mazanoke.loadbalancer.server.port=80
+    ports:
+      - ${PORT}:80
+    networks:
+      - frontend
+
+networks:
+  frontend:
+    external: true

.archived/opengist/docker-compose.yml

@@ -0,0 +1,55 @@
+services:
+  opengist_db:
+    container_name: opengist_db
+    image: docker.io/library/postgres:17.5
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+    volumes:
+      - ${APPDATA_PATH}/opengist/db:/var/lib/postgresql/data
+    networks:
+      - backend
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+  opengist:
+    container_name: opengist
+    image: ghcr.io/thomiceli/opengist:1.10.0
+    restart: unless-stopped
+    depends_on:
+      opengist_db:
+        condition: service_healthy
+    environment:
+      - UID=${UID}
+      - GID=${GID}
+      - OG_DB_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@opengist_db:5432/${POSTGRES_DB}
+      - OG_EXTERNAL_URL=${OG_EXTERNAL_URL}
+      - OG_SECRET_KEY=${OG_SECRET_KEY}
+      - OG_HTTP_GIT_ENABLED=${OG_HTTP_GIT_ENABLED}
+      - OG_SSH_GIT_ENABLED=${OG_SSH_GIT_ENABLED}
+      - OG_GITEA_CLIENT_KEY=${OG_GITEA_CLIENT_KEY}
+      - OG_GITEA_SECRET=${OG_GITEA_SECRET}
+      - OG_GITEA_URL=${OG_GITEA_URL}
+      - OG_GITEA_NAME=${OG_GITEA_NAME}
+      - OG_CUSTOM_STATIC_LINK_0_NAME=Gitea
+      - OG_CUSTOM_STATIC_LINK_0_PATH=${OG_GITEA_URL}
+    volumes:
+      - ${APPDATA_PATH}/opengist/data:/opengist
+    ports:
+      - ${SERVER_PORT}:6157
+      - ${SSH_PORT}:2222
+    networks:
+      - frontend
+      - backend
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true

.archived/pocket-id/docker-compose.yml

@@ -0,0 +1,57 @@
+services:
+  pocket-id-db:
+    container_name: pocket-id-db
+    image: docker.io/library/postgres:17.5
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+    volumes:
+      - ${APPDATA_PATH}/pocket-id/db:/var/lib/postgresql/data
+    networks:
+      - backend
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+  pocket-id:
+    container_name: pocket-id
+    image: ghcr.io/pocket-id/pocket-id:v1.6.4-distroless
+    restart: unless-stopped
+    depends_on:
+      pocket-id-db:
+        condition: service_healthy
+    read_only: true
+    user: ${PUID}:${PGID}
+    environment:
+      - APP_URL=${APP_URL}
+      - TRUST_PROXY=${TRUST_PROXY}
+      - MAXMIND_LICENSE_KEY=${MAXMIND_LICENSE_KEY}
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - ANALYTICS_DISABLED=${ANALYTICS_DISABLED}
+      - DB_PROVIDER=postgres
+      - DB_CONNECTION_STRING=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@pocket-id-db:5432/${POSTGRES_DB}
+    volumes:
+      - ${APPDATA_PATH}/pocket-id/data:/app/data
+    ports:
+      - ${PORT}:1411
+    networks:
+      - frontend
+      - backend
+    healthcheck:
+      test: [ "CMD", "/app/pocket-id", "healthcheck" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true

.archived/radicale/docker-compose.yml

@@ -0,0 +1,44 @@
+services:
+  radicale:
+    container_name: radicale
+    image: docker.io/tomsquest/docker-radicale:3.5.4.0
+    restart: unless-stopped
+    init: true
+    read_only: true
+    cap_add:
+      - CHOWN
+      - KILL
+      - SETGID
+      - SETUID
+    cap_drop:
+      - ALL
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+          pids: 50
+    labels:
+      - traefik-instance=${TRAEFIK_INSTANCE}
+      - traefik.enable=true
+      - traefik.http.routers.radicale.rule=Host(`${TRAEFIK_DOMAIN}`)
+      - traefik.http.routers.radicale.entrypoints=websecure
+      - traefik.http.services.radicale.loadbalancer.server.port=5232
+    volumes:
+      - ${APPDATA_PATH}/radicale/data:/data
+      - ${APPDATA_PATH}/radicale/config:/config:ro
+    ports:
+      - ${PORT}:5232
+    networks:
+      - frontend
+    healthcheck:
+      test: curl -f http://127.0.0.1:5232 || exit 1
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+networks:
+  frontend:
+    external: true

.archived/stirling-pdf/docker-compose.yml

@@ -0,0 +1,39 @@
+services:
+  stirling-pdf:
+    container_name: stirling-pdf
+    image: ghcr.io/stirling-tools/stirling-pdf:1.1.1-fat
+    restart: unless-stopped
+    labels:
+      - traefik-instance=${TRAEFIK_INSTANCE}
+      - traefik.enable=true
+      - traefik.http.routers.stirling-pdf.rule=Host(`${TRAEFIK_DOMAIN}`)
+      - traefik.http.routers.stirling-pdf.entrypoints=websecure
+      - traefik.http.services.stirling-pdf.loadbalancer.server.port=8080
+    environment:
+      - DISABLE_ADDITIONAL_FEATURES=${DISABLE_ADDITIONAL_FEATURES}
+      - DOCKER_ENABLE_SECURITY=${DOCKER_ENABLE_SECURITY}
+      - SECURITY_ENABLELOGIN=${SECURITY_ENABLELOGIN}
+      - LANGS=${LANGS}
+      - SHOW_SURVEY=${SHOW_SURVEY}
+      - DISABLE_PIXEL=${DISABLE_PIXEL}
+      - SYSTEM_ENABLEANALYTICS=${SYSTEM_ENABLEANALYTICS}
+    volumes:
+      - ${APPDATA_DATA}/stirling-pdf/training_data:/usr/share/tessdata
+      - ${APPDATA_DATA}/stirling-pdf/config:/configs
+      - ${APPDATA_DATA}/stirling-pdf/custom_files:/customFiles/
+      - ${APPDATA_DATA}/stirling-pdf/logs:/logs/
+      - ${APPDATA_DATA}/stirling-pdf/pipeline:/pipeline/
+    ports:
+      - ${PORT}:8080
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP'" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 120s
+    networks:
+      - frontend
+
+networks:
+  frontend:
+    external: true

.archived/syncyomi/docker-compose.yml

@@ -0,0 +1,30 @@
+services:
+  syncyomi:
+    container_name: syncyomi
+    image: ghcr.io/syncyomi/syncyomi:v1.1.4
+    restart: unless-stopped
+    labels:
+      - traefik-instance=${TRAEFIK_INSTANCE}
+      - traefik.enable=true
+      - traefik.http.routers.syncyomi.rule=Host(`${TRAEFIK_DOMAIN}`)
+      - traefik.http.routers.syncyomi.entrypoints=websecure
+      - traefik.http.services.syncyomi.loadbalancer.server.port=8282
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - ${APPDATA_PATH}/syncyomi/config:/config
+      - ${APPDATA_PATH}/syncyomi/log:/log
+    ports:
+      - ${PORT}:8282
+    networks:
+      - frontend
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8282"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+networks:
+  frontend:
+    external: true

.archived/tinyauth/docker-compose.yml

@@ -0,0 +1,21 @@
+services:
+  tinyauth:
+    container_name: tinyauth
+    image: ghcr.io/steveiliop56/tinyauth:v3.6.2
+    restart: unless-stopped
+    environment:
+      - SECRET=${SECRET}
+      - APP_URL=${APP_URL}
+      - GENERIC_NAME=${GENERIC_NAME}
+      - GENERIC_CLIENT_ID=${GENERIC_CLIENT_ID}
+      - GENERIC_CLIENT_SECRET=${GENERIC_CLIENT_SECRET}
+      - GENERIC_AUTH_URL=${GENERIC_AUTH_URL}
+      - GENERIC_TOKEN_URL=${GENERIC_TOKEN_URL}
+      - GENERIC_USER_URL=${GENERIC_USER_URL}
+      - GENERIC_SCOPES=${GENERIC_SCOPES}
+    networks:
+      - frontend
+
+networks:
+  frontend:
+    external: true

.archived/traefik-dashboard/config.yml

@@ -0,0 +1,52 @@
+http:
+ #region routers 
+  routers:
+    example:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`example.local.domain.name`)"
+      middlewares:
+        - default-headers
+        - https-redirectscheme
+      tls: {}
+      service: example
+#endregion
+
+#region services
+  services:
+    example:
+      loadBalancer:
+        servers:
+          - url: "http://ip:port/"
+        passHostHeader: true
+#endregion
+
+  middlewares:
+    https-redirectscheme:
+      redirectScheme:
+        scheme: https
+        permanent: true
+    default-headers:
+      headers:
+        frameDeny: true
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 15552000
+        customFrameOptionsValue: SAMEORIGIN
+        customRequestHeaders:
+          X-Forwarded-Proto: https
+
+    default-whitelist:
+      ipAllowList:
+        sourceRange:
+        - "127.0.0.1/32"
+        - "local ip subnet"
+
+    secured:
+      chain:
+        middlewares:
+        - default-whitelist
+        - default-headers

.archived/traefik-dashboard/docker-compose.yml

@@ -0,0 +1,67 @@
+services:
+  traefik_socket_proxy:
+    container_name: traefik_socket_proxy
+    image: ghcr.io/11notes/socket-proxy:2.1.3
+    restart: unless-stopped
+    read_only: true
+    user: ${PUID}:${PGID}
+    environment:
+      TZ: ${TZ}
+    volumes:
+      - /run/docker.sock:/run/docker.sock:ro
+      - socket-proxy:/run/proxy
+    networks:
+      - frontend
+
+  traefik:
+    container_name: traefik
+    image: docker.io/library/traefik:v3.5.0
+    restart: unless-stopped
+    depends_on:
+      traefik_socket_proxy:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+    secrets:
+      - cf_api_token
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.traefik.entrypoints=web
+      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN}`)
+      - traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}
+      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
+      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
+      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
+      - traefik.http.routers.traefik-secure.entrypoints=websecure
+      - traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN}`)
+      - traefik.http.routers.traefik-secure.middlewares=traefik-auth
+      - traefik.http.routers.traefik-secure.service=api@internal
+    environment:
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
+      - TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
+    volumes:
+      - ${APPDATA_PATH}/traefik/data/traefik.yml:/traefik.yml:ro
+      - ${APPDATA_PATH}/traefik/data/acme.json:/acme.json # chmod 600
+      - ${APPDATA_PATH}/traefik/data/config.yml:/config.yml:ro
+      - ${APPDATA_PATH}/traefik/logs:/var/log/traefik
+      - /etc/localtime:/etc/localtime:ro
+      - socket-proxy:/var/run
+    ports:
+      - 80:80
+      - 81:81
+      - 443:443
+      - 443:443/udp
+      - 444:444
+      - 444:444/udp
+    networks:
+      - frontend
+
+networks:
+  frontend:
+    external: true
+secrets:
+  cf_api_token:
+    file: ${APPDATA_PATH}/traefik/secrets/cf_api_token
+
+volumes:
+  socket-proxy:

.archived/traefik-dashboard/traefik.yml

@@ -0,0 +1,70 @@
+api:
+  dashboard: true
+  debug: true
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      middlewares:
+        - default-whitelist@file
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ":443"
+    http:
+      middlewares:
+        - default-whitelist@file
+      tls:
+        certResolver: letsencrypt
+        domains:
+          - main: '*.local.domain.name'
+  web-external:
+    address: ":81"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure-external
+          scheme: https
+  websecure-external:
+    address: ":444"
+    http:
+      tls:
+        certResolver: letsencrypt
+        domains:
+          - main: domain.name
+            sans:
+              - '*.domain.name'
+serversTransport:
+  insecureSkipVerify: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /config.yml
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: email@domain.name
+      storage: acme.json
+      caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
+      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
+      dnsChallenge:
+        provider: cloudflare
+        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
+        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
+log:
+  level: "INFO"
+  filePath: "/var/log/traefik/traefik.log"
+  maxSize: 10
+  maxBackups: 5
+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  fields:
+    names:
+      StartUTC: drop

.archived/traefik-kop/docker-compose.yml

@@ -0,0 +1,32 @@
+services:
+  traefik_kop_socket_proxy:
+    container_name: traefik_kop_socket_proxy
+    image: ghcr.io/11notes/socket-proxy:2.1.3
+    restart: unless-stopped
+    read_only: true
+    user: ${SOCKET_PUID}:${SOCKET_PGID}
+    environment:
+      TZ: ${TZ}
+    volumes:
+      - /run/docker.sock:/run/docker.sock:ro
+      - socket-proxy:/run/proxy
+
+  traefik-kop:
+    container_name: traefik-kop
+    image: ghcr.io/jittering/traefik-kop:0.17
+    restart: unless-stopped
+    depends_on:
+      traefik_kop_socket_proxy:
+        condition: service_healthy
+    environment:
+      REDIS_ADDR: ${REDIS_ADDR}
+      BIND_IP: ${BIND_IP}
+      DOCKER_CONFIG: |
+        ---
+        docker:
+          constraints: "Label(`traefik-instance`,`${TRAEFIK_INSTANCE}`)"
+    volumes:
+      - socket-proxy:/var/run
+
+volumes:
+  socket-proxy:

.archived/traefik/docker-compose.yml

@@ -0,0 +1,84 @@
+services:
+  traefik_socket_proxy:
+    container_name: traefik_socket_proxy
+    image: ghcr.io/11notes/socket-proxy:2.1.3
+    restart: unless-stopped
+    read_only: true
+    user: ${PUID}:${PGID}
+    environment:
+      TZ: ${TZ}
+    volumes:
+      - /run/docker.sock:/run/docker.sock:ro
+      - socket-proxy:/run/proxy
+    networks:
+      - frontend
+
+  traefik:
+    container_name: traefik
+    image: docker.io/library/traefik:v3.5.0
+    restart: unless-stopped
+    depends_on:
+      traefik_socket_proxy:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+    secrets:
+      - cf_api_token
+    environment:
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
+    volumes:
+      - ${APPDATA_PATH}/traefik/data/acme.json:/acme.json
+      - ${APPDATA_PATH}/traefik/logs:/var/log/traefik
+      - /etc/localtime:/etc/localtime:ro
+      - socket-proxy:/var/run
+    ports:
+      - 80:80
+      - 443:443
+      - 443:443/udp
+    networks:
+      - frontend
+    command:
+      - --api.debug=true
+      - --serversTransport.insecureSkipVerify=true
+
+      # Entrypoints
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.websecure.http.tls.certresolver=letsencrypt
+      - --entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}
+      - --entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}
+
+      # Providers
+      - --providers.docker.endpoint=unix:///var/run/docker.sock
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.constraints=Label(`traefik-instance`,`${TRAEFIK_INSTANCE}`)
+
+      # Certificates Resolvers
+      - --certificatesresolvers.letsencrypt.acme.email=${EMAIL}
+      - --certificatesresolvers.letsencrypt.acme.storage=acme.json
+      - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
+
+      # Log
+      - --log.level=INFO
+      - --log.filepath=/var/log/traefik/traefik.log
+      - --log.maxsize=10
+      - --log.maxbackups=5
+
+      # Access Log
+      - --accesslog.filepath=/var/log/traefik/access.log
+      - --accesslog.fields.names.StartUTC=drop
+
+networks:
+  frontend:
+    external: true
+
+secrets:
+  cf_api_token:
+    file: ${APPDATA_PATH}/traefik/secrets/cf_api_token
+
+volumes:
+  socket-proxy: