feat: TinyAuth + traefik dash + sonarr forward auth

ansible/roles/traefik/templates/remote-services.yml.j2

@@ -1,5 +1,45 @@
 http:
+  middlewares:
+    pocketid-auth:
+      forwardAuth:
+        address: "https://auth-proxy.{{ domain }}/api/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - "X-Auth-User"
+          - "X-Auth-Email"
+          - "X-Auth-Name"
+          - Authorization
+          - Remote-Email 
+          - Remote-Name
+          - Remote-User
+          - Remote-Groups
+    
+    traefik-https-redirect:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
   routers:
+    traefik-secure:
+      rule: "Host(`traefik.{{ domain }}`)"
+      entryPoints:
+        - https
+      middlewares:
+        - pocketid-auth
+      service: api@internal
+      tls:
+        certResolver: cloudflare
+
+    sonarr:
+      rule: "Host(`sonarr.{{ domain }}`)"
+      entryPoints:
+        - https
+      middlewares:
+        - pocketid-auth
+      service: sonarr
+      tls:
+        certResolver: cloudflare
+
     pocketid:
       rule: "Host(`auth.{{ domain }}`)"
       entryPoints:
@@ -7,10 +47,30 @@ http:
       service: pocketid
       tls:
         certResolver: cloudflare
+    
+    tinyauth:
+      rule: "Host(`auth-proxy.{{ domain }}`)"
+      entryPoints:
+        - https
+      service: tinyauth
+      tls:
+        certResolver: cloudflare
   
   services:
+    sonarr:
+      loadBalancer:
+        passHostHeader: true
+        servers:
+          - url: "http://{{ sonarr_host }}:{{ sonarr_port }}"
+
     pocketid:
       loadBalancer:
         passHostHeader: true
         servers:
-          - url: "http://10.0.4.10:8001"
+          - url: "http://{{ pocketid_host }}:{{ pocketid_port  }}"
+    
+    tinyauth:
+      loadBalancer:
+        passHostHeader: true
+        servers:
+          - url: "http://{{ tinyauth_host }}:{{ tinyauth_port }}"