felhom-controller/controller/internal/infra/templates/traefik-compose.yml.tmpl

# Traefik Reverse Proxy — managed by felhom-controller (base-infra bring-up).
services:
  traefik:
    image: {{.Image}}
    container_name: traefik
    restart: unless-stopped
    dns:
      - 1.1.1.1
      - 8.8.8.8
    security_opt:
      - no-new-privileges:true
    ports:
      - "80:80"
      - "443:443"
{{- if .CFAPIToken}}
    env_file:
      - .env
{{- end}}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./dynamic:/etc/traefik/dynamic:ro
      - ./acme.json:/etc/traefik/acme.json
      - ./certs:/etc/traefik/certs:ro
    networks:
      - traefik-public

networks:
  traefik-public:
    external: true