Initial commit

stacks/proxy/docker-compose.yaml

@@ -0,0 +1,53 @@
+services:
+  tunnel:
+    image: cloudflare/cloudflared:2026.2.0@sha256:09b8ae19c02e44c075361a64094e6216421672705647b0e8d4ce8d1d8feea7ac
+    restart: unless-stopped
+    command: tunnel --no-autoupdate run
+    environment:
+      - TUNNEL_TOKEN_FILE=/run/secrets/tunnel_token
+    networks:
+      - homelab_proxy
+    secrets:
+      - tunnel_token
+
+  traefik:
+    image: traefik:v3.6.8@sha256:daf5df7f7b96cd34a1a499a275cb93c8dbc4ce58d49f98911e0583ba41cc4351
+    restart: unless-stopped
+    command:
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.websecure.http.tls=true
+
+      - --certificatesresolvers.le.acme.email=${ACME_EMAIL}
+      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+      - --certificatesresolvers.le.acme.dnschallenge=true
+      - --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
+    env_file:
+      - .env
+    environment:
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - letsencrypt:/letsencrypt
+    networks:
+      - homelab_proxy
+      - homelab_apps
+    secrets:
+      - cf_api_token
+
+volumes:
+  letsencrypt:
+    driver: local
+
+networks:
+  homelab_proxy:
+    external: true
+  homelab_apps:
+    external: true
+
+secrets:
+  tunnel_token:
+    file: ./secrets/tunnel_token.txt
+  cf_api_token:
+    file: ./secrets/cf_api_token.txt