How to give traefik access to HA with HA in network_mode: host on the same machine in docker?

I’m trying to set up HA and I’ve successfully done that, but I want it to be accessible externally, and use network mode host so it has more capability. I’ve got traefik running fine with all my other services, but this is the first time I’ve had to provide a service that isn’t on the same backend network I’ve created for traefik and every other service. I mostly followed smarthomebeginner’s guides for setting a lot of stuff up, but I tried following their section on adding external things to traefik, but it’s not working out well.
Here’s my traefik config.yml:

#Traefik 2 - Reverse Proxy
  traefik:
    container_name: traefik
    image: traefik:2.2.1
    restart: unless-stopped
    command:
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=false
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
      - --entryPoints.traefik.address=:8080
      - --api=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=m2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
#      - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
      - --providers.file.watch=true # Only works on top level files in the rules folder
#      - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
    networks:
      - m2_proxy
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    volumes:
      - $DOCKERDIR/traefik2/rules:/rules
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $DOCKERDIR/traefik2/acme/acme.json:/acme.json
      - $DOCKERDIR/traefik2/traefik.log:/traefik.log
      - $DOCKERDIR/shared:/shared
    environment:
      - CF_API_EMAIL=$CLOUDFLARE_EMAIL
      - CF_API_KEY=$CLOUDFLARE_API_KEY
    labels:
      - "traefik.enable=true"
      # HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
#      - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
      - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
      - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
      ## Services - API
      - "[email protected]"
      ## Middlewares
      - "[email protected]le"

Here’s my HA config.yml:

  home-assistant:
    image: lscr.io/linuxserver/homeassistant:latest 
    container_name: home-assistant
    network_mode: host
    environment:
      PUID: $PUID
      PGID: $PGID
      TZ: $TZ
    volumes:
      - $DOCKERCONFDIR/home-assistant:/config
    ports:
      - 8123:8123
    restart: unless-stopped

Here’s a rule I tried to create for HA:
/rules/app-HA.toml

[http.routers]
  [http.routers.[redacted]-rtr]
      entryPoints = ["https"]
      rule = "HostHeader(`[redacted].[redacted].com`)"
      service = "[redacted]-svc"
      middlewares = ["chain-no-auth"]
      [http.routers.[redacted]-rtr.tls]
        certresolver = "dns-cloudflare"

[http.services]
  [http.services.[redacted]-svc]
    [http.services.[redacted]-svc.loadBalancer]
      passHostHeader = true
      [[http.services.[redacted]-svc.loadBalancer.servers]]
        url = "https://[redacted]:8123/:8123"

And here’s the best error I can get from the above configs:

2022-09-04T03:17:10.693117793Z time="2022-09-04T03:17:10Z" level=debug msg="Serving default certificate for request: \"[redacted].[redacted].com\""

I feel like this has to be something simple, I’m just not knowledgeable enough and looking on these forums and google hasn’t provided me with a solution I know how to implement.