Merge pull request 'Adding proxmox and homeassistant' (#4) from proxmox into master

Reviewed-on: #4

custom/authentik.yml

@@ -0,0 +1,18 @@
+http:
+  middlewares:
+    authentik:
+     forwardAuth:
+       address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
+       trustForwardHeader: true
+       authResponseHeaders:
+         - X-authentik-username
+         - X-authentik-groups
+         - X-authentik-email
+         - X-authentik-name
+         - X-authentik-uid
+         - X-authentik-jwt
+         - X-authentik-meta-jwks
+         - X-authentik-meta-outpost
+         - X-authentik-meta-provider
+         - X-authentik-meta-app
+         - X-authentik-meta-version

custom/gitea_conf.yml

@@ -0,0 +1,26 @@
+http:
+  routers:
+    gitea:
+      entryPoints:
+        - websecure
+      service: gitea
+      rule: "Host(`gitea.nearfuture.industries`)"
+      tls:
+        certresolver: myresolver
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.1.101:8418"
+tcp:
+  routers:
+    gitea-ssh:
+      rule: "HostSNI(`*`)"
+      entrypoints:
+        - git-ssh
+      service: gitea-ssh
+  services:
+    gitea-ssh:
+      loadBalancer:
+        servers:
+          - address: "192.168.1.101:2128"

custom/homeassistant_conf.yml

@@ -0,0 +1,16 @@
+http:
+  # Router for Home Assistant
+  routers:
+    homeassistant:
+      entryPoints:
+        - web
+      service: homeassistant
+      rule: Host(`homeassistant.nearfuture`)
+
+  # Add the service for Home Assistant 
+  services:
+    homeassistant:
+      loadBalancer:
+        servers:
+          - url: http://192.168.1.195:8123
+

custom/lan-only.yml

@@ -0,0 +1,7 @@
+http:
+  middlewares:
+    lan-only:
+      ipAllowList:
+        sourceRange: 
+          - "192.168.1.1/24"
+          - "127.0.0.1/24"

custom/omv_conf.yml

@@ -0,0 +1,15 @@
+http:
+  # Router for Open Media Vault
+  routers:
+    omv:
+      entryPoints:
+        - web
+      service: omv
+      rule: Host(`omv.nearfuture`)
+
+  # Add the service for OMV
+  services:
+    omv:
+      loadBalancer:
+        servers:
+          - url: http://avaritia:80

custom/proxmox_conf.yml

@@ -0,0 +1,21 @@
+http:
+  # Router for Proxmox
+  routers:
+    pve:
+      entryPoints:
+        - websecure
+      service: pve
+      rule: Host(`pve.nearfuture`)
+
+  # Add the service for Proxmox 
+  services:
+    pve:
+      loadBalancer:
+        passHostHeader: true
+        serversTransport: "pve"
+        servers:
+          - url: https://192.168.1.191:8006
+  serversTransports:
+    pve:
+      insecureSkipVerify: true
+

custom/tls.yml

@@ -2,3 +2,13 @@ tls:
   certificates:
     - certFile: /ssl/overseerr.nearfuture.crt
       keyFile: /ssl/overseerr.nearfuture.key
+    - certFile: /ssl/privatebin.nearfuture.crt
+      keyFile: /ssl/privatebin.nearfuture.key
+    - certFile: /ssl/privatebin.nearfuture.industries.crt
+      keyFile: /ssl/privatebin.nearfuture.industries.key
+    - certFile: /ssl/revolt.nearfuture.crt
+      keyFile: /ssl/revolt.nearfuture.key
+        #- certFile: /ssl/matrix.nearfuture.industries.crt
+        #keyFile: /ssl/matrix.nearfuture.industries.key
+        #- certFile: /ssl/synapse.nearfuture.industries.crt
+        #keyFile: /ssl/synapse.nearfuture.industries.key

traefik.yml

@@ -27,6 +27,15 @@ entryPoints:
 
   websecure:
     address: :443
+    http:
+      tls:
+        certResolver: myresolver
+        domains:
+          - main: "nearfuture.industries"
+            sans:
+              - "*.nearfuture.industries"
+  git-ssh:
+    address: :2128
 
 ################################################################
 # Traefik logs configuration
@@ -37,13 +46,13 @@ entryPoints:
 #
 # Optional
 #
-#log:
+log:
   # Log level
   #
   # Optional
   # Default: "ERROR"
   #
-#  level: DEBUG
+  level: DEBUG
 
   # Sets the filepath for the traefik log. If not specified, stdout will be used.
   # Intermediate directories are created if necessary.
@@ -154,3 +163,19 @@ providers:
   file:
     directory: /etc/traefik/custom
     watch: true
+
+certificatesResolvers:
+  myresolver:
+    acme:
+      email: "jeff@nearfuture.industries"
+      storage: "acme.json"
+      caServer: https://acme-v02.api.letsencrypt.org/directory
+      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+      dnsChallenge:
+        provider: "namecheap"
+        delayBeforeCheck: 60
+        disablePropagationCheck: true
+        resolvers:
+          - "192.168.1.201:53"
+            #- "1.1.1.1:53"
+            #- "8.8.8.8:53"