Run traefik as dockeruser, and without host networking

This required port forwarding, a docker proxy, and a docker network, but the end result should be much more secure!

ansible/roles/pve_docker/files/synapse/docker-compose.yml

@@ -18,6 +18,9 @@ services:
     labels:
       - traefik.enable=true
       - traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`)
+    networks:
+      - default
+      - traefik
 
   db:
     image: postgres:14-alpine
@@ -43,3 +46,10 @@ services:
       - traefik.http.routers.synapse-admin.rule=Host(`matrix.jakehoward.tech`) && PathPrefix(`/admin`)
       - traefik.http.middlewares.synapse-admin-path.stripprefix.prefixes=/admin
       - traefik.http.routers.synapse-admin.middlewares=synapse-admin-path@docker
+    networks:
+      - default
+      - traefik
+
+networks:
+  traefik:
+    external: true