Remove traefik from the bootstrap

bootstrap.docker-compose.local.yml

@@ -1,5 +1,4 @@
 services:
-  traefik:
+  portainer:
     ports:
-      - 80:80
+      - 9443:9443
-      - 443:443

bootstrap.docker-compose.macvlan.yml

@@ -1,8 +1,8 @@
 services:
-  traefik:
+  portainer:
     networks:
       macvlan:
-        ipv4_address: ${NASCOMPOSE_MACVLAN_TRAEFIK_IP}
+        ipv4_address: ${NASCOMPOSE_MACVLAN_PORTAINER_IP?}
 
 networks:
   macvlan:

bootstrap.docker-compose.yml

@@ -13,40 +13,6 @@ services:
     labels:
       nas-compose.boostrap: true
 
-  # TODO: Sort out authentication method for all services (SSO). Authelia?
-  traefik:
-    image: traefik
-    environment:
-      NASCOMPOSE_TRAEFIK_DOMAINS: ${NASCOMPOSE_TRAEFIK_DOMAINS?}
-      NASCOMPOSE_MACVLAN_HOST_IP: ${NASCOMPOSE_MACVLAN_HOST_IP}
-    networks:
-      - macvlan
-      - traefik
-      - docker
-    configs:
-      - source: traefik_static
-        target: /etc/traefik/traefik.yml
-      - source: traefik_dynamic
-        target: /etc/traefik/dynamic/traefik.yml
-      - source: traefik_synology
-        target: /etc/traefik/dynamic/synology.yml
-      - source: traefik_tls
-        target: /etc/traefik/dynamic/tls.yml
-      - source: traefik_hsts
-        target: /etc/traefik/dynamic/hsts.yml
-      - source: traefik_transmission-api
-        target: /etc/traefik/dynamic/transmission-api.yml
-      - source: traefik_authelia
-        target: /etc/traefik/dynamic/authelia.yml
-    secrets:
-      - traefik_tls_cert
-      - traefik_tls_key
-    depends_on:
-      - docker
-    restart: unless-stopped
-    labels:
-      nas-compose.boostrap: true
-
   portainer:
     image: portainer/portainer-ce
     command: >
@@ -56,7 +22,6 @@ services:
     user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?}
     networks:
       - docker
-      - traefik
     volumes:
       - portainer_data:/data/
     secrets:
@@ -66,9 +31,6 @@ services:
     restart: unless-stopped
     labels:
       nas-compose.boostrap: true
-      traefik.enable: true
-      traefik.http.services.portainer.loadbalancer.server.port: 9443
-      traefik.http.services.portainer.loadbalancer.server.scheme: https
 
 networks:
   macvlan:
@@ -79,10 +41,6 @@ networks:
     name: docker
     labels:
       nas-compose.boostrap: true
-  traefik:
-    name: traefik
-    labels:
-      nas-compose.boostrap: true
 
 volumes:
   portainer_data:
@@ -93,26 +51,6 @@ volumes:
     labels:
       nas-compose.boostrap: true
 
-configs:
-  traefik_static:
-    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/traefik.yml
-  traefik_dynamic:
-    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/traefik.yml
-  traefik_synology:
-    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/synology.yml
-  traefik_tls:
-    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/tls.yml
-  traefik_hsts:
-    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/hsts.yml
-  traefik_authelia:
-    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/authelia.yml
-  traefik_transmission-api:
-    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/transmission-api.yml
-
 secrets:
-  traefik_tls_cert:
-    file: ${NASCOMPOSE_SERVICES?}/secrets/traefik/traefik.cert
-  traefik_tls_key:
-    file: ${NASCOMPOSE_SERVICES?}/secrets/traefik/traefik.key
   portainer_password:
     file: ${NASCOMPOSE_SERVICES?}/secrets/portainer/portainer_password

docker/configs/traefik/dynamic/portainer.yml

@@ -0,0 +1,10 @@
+http:
+  routers:
+    synology:
+      rule: '{{ $s := "portainer" }}{{ range $i, $d := splitList "," (env `NASCOMPOSE_TRAEFIK_DOMAINS`) }}{{ if $i }} || {{end}}Host(`{{ $s }}.{{ $d }}`){{ end }}'
+      service: portainer@file
+  services:
+    synology:
+      loadBalancer:
+        servers:
+          - url: https://{{ env `NASCOMPOSE_MACVLAN_PORTAINER_IP` }}:9443/

nas-compose.env

@@ -13,6 +13,7 @@ NASCOMPOSE_MACVLAN_RANGE=
 NASCOMPOSE_MACVLAN_HOST_IP=
 NASCOMPOSE_MACVLAN_TRAEFIK_IP=
 NASCOMPOSE_MACVLAN_PLEX_IP=
+NASCOMPOSE_MACVLAN_PORTAINER_IP=
 
 NASCOMPOSE_TRAEFIK_DOMAINS=
 

traefik.docker-compose.local.yml

@@ -0,0 +1,5 @@
+services:
+  traefik:
+    ports:
+      - 80:80
+      - 443:443

traefik.docker-compose.macvlan.yml

@@ -0,0 +1,23 @@
+services:
+  traefik:
+    environment:
+      NASCOMPOSE_MACVLAN_SYNOLOGY_IP: ${NASCOMPOSE_MACVLAN_HOST_IP?}
+      NASCOMPOSE_MACVLAN_PORTAINER_IP: ${NASCOMPOSE_MACVLAN_PORTAINER_IP?}
+    networks:
+      macvlan:
+        ipv4_address: ${NASCOMPOSE_MACVLAN_TRAEFIK_IP?}
+    configs:
+      - source: traefik_synology
+        target: /etc/traefik/dynamic/synology.yml
+      - source: traefik_portainer
+        target: /etc/traefik/dynamic/portainer.yml
+
+networks:
+  macvlan:
+    external: true
+
+configs:
+  traefik_synology:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/synology.yml
+  traefik_portainer:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/portainer.yml

traefik.docker-compose.yaml

@@ -0,0 +1,57 @@
+name: Traefik
+
+services:
+  traefik:
+    image: traefik
+    environment:
+      NASCOMPOSE_TRAEFIK_DOMAINS: ${NASCOMPOSE_TRAEFIK_DOMAINS?}
+    networks:
+      - traefik
+      - docker
+    configs:
+      - source: traefik_static
+        target: /etc/traefik/traefik.yml
+
+      - source: traefik_dynamic
+        target: /etc/traefik/dynamic/traefik.yml
+      - source: traefik_tls
+        target: /etc/traefik/dynamic/tls.yml
+      - source: traefik_hsts
+        target: /etc/traefik/dynamic/hsts.yml
+
+      - source: traefik_authelia
+        target: /etc/traefik/dynamic/authelia.yml
+      - source: traefik_transmission-api
+        target: /etc/traefik/dynamic/transmission-api.yml
+    secrets:
+      - traefik_tls_cert
+      - traefik_tls_key
+    depends_on:
+      - docker
+    restart: unless-stopped
+
+networks:
+  docker:
+    external: true
+  traefik:
+    name: traefik
+
+configs:
+  traefik_static:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/traefik.yml
+  traefik_dynamic:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/traefik.yml
+  traefik_tls:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/tls.yml
+  traefik_hsts:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/hsts.yml
+  traefik_authelia:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/authelia.yml
+  traefik_transmission-api:
+    file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/transmission-api.yml
+
+secrets:
+  traefik_tls_cert:
+    file: ${NASCOMPOSE_SERVICES?}/secrets/traefik/traefik.cert
+  traefik_tls_key:
+    file: ${NASCOMPOSE_SERVICES?}/secrets/traefik/traefik.key