Talteen

Add Homarr
Traefik config
2025-03-05 10:47:20 +02:00 · 2025-03-05 10:29:42 +02:00 · 2025-03-05 10:00:59 +02:00 · 2025-03-05 09:37:36 +02:00 · 2025-03-05 09:37:09 +02:00 · 2025-03-05 09:36:40 +02:00
197 changed files with 1180647 additions and 205 deletions
--- a/config/docker/current/crowdsec/acquis.d/sshd.yaml
+++ b/config/docker/current/crowdsec/acquis.d/sshd.yaml
@@ -0,0 +1,4 @@
 Filenames:
 - /var/log/auth.log
 Labels:
 type: syslog
--- a/config/docker/current/crowdsec/acquis.d/traefik.yaml
+++ b/config/docker/current/crowdsec/acquis.d/traefik.yaml
@@ -0,0 +1,4 @@
 filenames:
  - /var/log/traefik/*
 labels:
  type: traefik
--- a/config/docker/current/mailrise/mailrise.conf
+++ b/config/docker/current/mailrise/mailrise.conf
@@ -0,0 +1,26 @@
 configs:
  discord:
    urls:
      - discord://1197077230531129365/Lg8HssUw5GhNIs4qYGyxp-52VFFtw17fMAlf-OYDSS3bOjJzGMpRsZ_KCZ5sxOHagK7R/
  gotify:
    urls:
      - gotify://10.0.6.177:8080/AP8JgsUIUm2M1B1
  gurulandia@outlook.com:
    urls:
      - gotify://gotify.lab.gurulandia.eu/AkNhzQxlA9sOsVJ
      - mailto://gurul4nd14:okzwnrketthveaaz@gmail.com
  gurul4nd14@gmail.com:
    urls:
      - gotify://gotify.lab.gurulandia.eu/AkNhzQxlA9sOsVJ
      - mailto://gurul4nd14:okzwnrketthveaaz@gmail.com      
 tls:
  mode: off
 smtp:
  auth:
    basic:
     gurulandia: gurulandia
  hostname: mailrise.lab.gurulandia.eu
--- a/config/docker/current/private-bin/conf.php
+++ b/config/docker/current/private-bin/conf.php
@@ -0,0 +1,281 @@
 ;<?php http_response_code(403) ; /*
 ; config file for PrivateBin
 ;
 ; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
 [main]
 ; (optional) set a project name to be displayed on the website
 ; name = "PrivateBin"
 ; The full URL, with the domain name and directories that point to the
 ; PrivateBin files, including an ending slash (/). This URL is essential to
 ; allow Opengraph images to be displayed on social networks.
 ; basepath = "https://privatebin.example.com/"
 ; enable or disable the discussion feature, defaults to true
 discussion = true
 ; preselect the discussion feature, defaults to false
 opendiscussion = false
 ; enable or disable the display of dates & times in the comments, defaults to true
 ; Note that internally the creation time will still get tracked in order to sort
 ; the comments by creation time, but you can choose not to display them.
 ; discussiondatedisplay = false
 ; enable or disable the password feature, defaults to true
 password = true
 ; enable or disable the file upload feature, defaults to false
 fileupload = true
 ; preselect the burn-after-reading feature, defaults to false
 burnafterreadingselected = false
 ; which display mode to preselect by default, defaults to "plaintext"
 ; make sure the value exists in [formatter_options]
 defaultformatter = "plaintext"
 ; (optional) set a syntax highlighting theme, as found in css/prettify/
 ; syntaxhighlightingtheme = "sons-of-obsidian"
 ; size limit per paste or comment in bytes, defaults to 10 Mebibytes
 sizelimit = 10485760
 ; template to include, default is "bootstrap" (tpl/bootstrap.php), also
 ; available are "page" (tpl/page.php), the classic ZeroBin style and several
 ; bootstrap variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page",
 ; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page"
 ; and finally "bootstrap-compact-page" - previews at:
 ; https://privatebin.info/screenshots.html
 template = "bootstrap"
 ; (optional) info text to display
 ; use single, instead of double quotes for HTML attributes
 ;info = "More information on the <a href='https://privatebin.info/'>project page</a>."
 ; (optional) notice to display
 ; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
 ; by default PrivateBin will guess the visitors language based on the browsers
 ; settings. Optionally you can enable the language selection menu, which uses
 ; a session cookie to store the choice until the browser is closed.
 languageselection = false
 ; set the language your installs defaults to, defaults to English
 ; if this is set and language selection is disabled, this will be the only language
 ; languagedefault = "en"
 ; (optional) URL shortener address to offer after a new paste is created.
 ; It is suggested to only use this with self-hosted shorteners as this will leak
 ; the pastes encryption key.
 ; urlshortener = "https://shortener.example.com/api?link="
 ; (optional) Let users create a QR code for sharing the paste URL with one click.
 ; It works both when a new paste is created and when you view a paste.
 ; qrcode = true
 ; (optional) Let users send an email sharing the paste URL with one click.
 ; It works both when a new paste is created and when you view a paste.
 ; email = true
 ; (optional) IP based icons are a weak mechanism to detect if a comment was from
 ; a different user when the same username was used in a comment. It might get
 ; used to get the IP of a comment poster if the server salt is leaked and a
 ; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
 ; Can be set to one these values:
 ; "none" / "identicon" (default) / "jdenticon" / "vizhash".
 ; icon = "none"
 ; Content Security Policy headers allow a website to restrict what sources are
 ; allowed to be accessed in its context. You need to change this if you added
 ; custom scripts from third-party domains to your templates, e.g. tracking
 ; scripts or run your site behind certain DDoS-protection services.
 ; Check the documentation at https://content-security-policy.com/
 ; Notes:
 ; - If you use any bootstrap theme, you can remove the allow-popups from the
 ;   sandbox restrictions.
 ; - If you use the bootstrap5 theme, you must change default-src to 'self' to
 ;   enable display of the svg icons
 ; - By default this disallows to load images from third-party servers, e.g. when
 ;   they are embedded in pastes. If you wish to allow that, you can adjust the
 ;   policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
 ;   for details.
 ; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib
 ;   compression). You can remove it if compression doesn't need to be supported.
 ; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
 ; sha256 in HMAC for the deletion token
 ; zerobincompatibility = false
 ; Enable or disable the warning message when the site is served over an insecure
 ; connection (insecure HTTP instead of HTTPS), defaults to true.
 ; Secure transport methods like Tor and I2P domains are automatically whitelisted.
 ; It is **strongly discouraged** to disable this.
 ; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
 ; httpwarning = true
 ; Pick compression algorithm or disable it. Only applies to pastes/comments
 ; created after changing the setting.
 ; Can be set to one these values: "none" / "zlib" (default).
 ; compression = "zlib"
 [expire]
 ; expire value that is selected per default
 ; make sure the value exists in [expire_options]
 default = "1week"
 [expire_options]
 ; Set each one of these to the number of seconds in the expiration period,
 ; or 0 if it should never expire
 5min = 300
 10min = 600
 1hour = 3600
 1day = 86400
 1week = 604800
 ; Well this is not *exactly* one month, it's 30 days:
 1month = 2592000
 1year = 31536000
 never = 0
 [formatter_options]
 ; Set available formatters, their order and their labels
 plaintext = "Plain Text"
 syntaxhighlighting = "Source Code"
 markdown = "Markdown"
 [traffic]
 ; time limit between calls from the same IP address in seconds
 ; Set this to 0 to disable rate limiting.
 limit = 10
 ; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
 ; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
 ; be exempted, the list needs to be comma separated. Leave unset to disable
 ; exemptions.
 ; exempted = "1.2.3.4,10.10.10/24"
 ; (optional) If you want only some source IP addresses (v4 or v6) or subnets
 ; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
 ; ignored. If multiple values are to be exempted, the list needs to be comma
 ; separated. Leave unset to allow anyone to create pastes.
 ; creators = "1.2.3.4,10.10.10/24"
 ; (optional) if your website runs behind a reverse proxy or load balancer,
 ; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
 ; header = "X_FORWARDED_FOR"
 [purge]
 ; minimum time limit between two purgings of expired pastes, it is only
 ; triggered when pastes are created
 ; Set this to 0 to run a purge every time a paste is created.
 limit = 300
 ; maximum amount of expired pastes to delete in one purge
 ; Set this to 0 to disable purging. Set it higher, if you are running a large
 ; site
 batchsize = 10
 ;[model]
 ; name of data model class to load and directory for storage
 ; the default model "Filesystem" stores everything in the filesystem
 ;class = Filesystem
 ;[model_options]
 ;dir = PATH "data"
 ;[model]
 ; example of a Google Cloud Storage configuration
 ;class = GoogleCloudStorage
 ;[model_options]
 ;bucket = "my-private-bin"
 ;prefix = "pastes"
 ;uniformacl = false
 ;[model]
 ; example of DB configuration for MySQL
 ;class = Database
 ;[model_options]
 ;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
 ;tbl = "privatebin_"	; table prefix
 ;usr = "privatebin"
 ;pwd = "Z3r0P4ss"
 ;opt[12] = true	  ; PDO::ATTR_PERSISTENT
 ;[model]
 ; example of DB configuration for SQLite
 ;class = Database
 ;[model_options]
 ;dsn = "sqlite:" PATH "data/db.sq3"
 ;usr = null
 ;pwd = null
 ;opt[12] = true	; PDO::ATTR_PERSISTENT
 [model]
 ; example of DB configuration for PostgreSQL
 class = Database
 [model_options]
 dsn = "pgsql:host=10.0.6.178;dbname=privatebin"
 tbl = "privatebin_"     ; table prefix
 usr = "privatebin"
 pwd = "privatebin"
 opt[12] = true    ; PDO::ATTR_PERSISTENT
 ;[model]
 ; example of S3 configuration for Rados gateway / CEPH
 ;class = S3Storage
 ;[model_options]
 ;region = ""
 ;version = "2006-03-01"
 ;endpoint = "https://s3.my-ceph.invalid"
 ;use_path_style_endpoint = true
 ;bucket = "my-bucket"
 ;accesskey = "my-rados-user"
 ;secretkey = "my-rados-pass"
 ;[model]
 ; example of S3 configuration for AWS
 ;class = S3Storage
 ;[model_options]
 ;region = "eu-central-1"
 ;version = "latest"
 ;bucket = "my-bucket"
 ;accesskey = "access key id"
 ;secretkey = "secret access key"
 ;[model]
 ; example of S3 configuration for AWS using its SDK default credential provider chain
 ; if relying on environment variables, the AWS SDK will look for the following:
 ; - AWS_ACCESS_KEY_ID
 ; - AWS_SECRET_ACCESS_KEY
 ; - AWS_SESSION_TOKEN (if needed)
 ; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain
 ;class = S3Storage
 ;[model_options]
 ;region = "eu-central-1"
 ;version = "latest"
 ;bucket = "my-bucket"
 ;[yourls]
 ; When using YOURLS as a "urlshortener" config item:
 ; - By default, "urlshortener" will point to the YOURLS API URL, with or without
 ;   credentials, and will be visible in public on the PrivateBin web page.
 ;   Only use this if you allow short URL creation without credentials.
 ; - Alternatively, using the parameters in this section ("signature" and
 ;   "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
 ;   instance with "?shortenviayourls&link=" appended. For example:
 ;   urlshortener = "${basepath}?shortenviayourls&link="
 ;   This URL will in turn call YOURLS on the server side, using the URL from
 ;   "apiurl" and the "access signature" from the "signature" parameters below.
 ; (optional) the "signature" (access key) issued by YOURLS for the using account
 ; signature = ""
 ; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
 ; apiurl = "https://yourls.example.com/yourls-api.php"
 ;[sri]
 ; Subresource integrity (SRI) hashes used in template files. Uncomment and set
 ; these for all js files used. See:
 ; https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files
 ;js/privatebin.js = "sha512-[…]"
--- a/config/docker/current/traefik/acme.json
+++ b/config/docker/current/traefik/acme.json
--- a/config/docker/current/traefik/config/mw-authentik.yaml
+++ b/config/docker/current/traefik/config/mw-authentik.yaml
@@ -0,0 +1,19 @@
 http:
  middlewares:
    middlewares-authentik:
      forwardAuth:
        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-username
          - X-authentik-groups
          - X-authentik-email
          - X-authentik-name
          - X-authentik-uid
          - X-authentik-jwt
          - X-authentik-meta-jwks
          - X-authentik-meta-outpost
          - X-authentik-meta-provider
          - X-authentik-meta-app
          - X-authentik-meta-version
--- a/config/docker/current/traefik/config/mw-basic-auth.yaml
+++ b/config/docker/current/traefik/config/mw-basic-auth.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    middlewares-basic-auth:
      basicAuth:
        # users:
        #   - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
        usersFile: "/users" #be sure to mount the volume through docker-compose.yml
        realm: "Traefik 3 Basic Auth"
--- a/config/docker/current/traefik/config/mw-buffering.yaml
+++ b/config/docker/current/traefik/config/mw-buffering.yaml
@@ -0,0 +1,18 @@
 ################################################################
 # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
 # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
 # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
 #
 # Dynamic configuration
 ################################################################
 http:
  middlewares:
    # Prevent too large of a body
    # https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik
    middlewares-buffering:
      buffering:
        maxRequestBodyBytes: 10485760
        memRequestBodyBytes: 2097152
        maxResponseBodyBytes: 10485760
        memResponseBodyBytes: 2097152
        retryExpression: "IsNetworkError() && Attempts() <= 2"
--- a/config/docker/current/traefik/config/mw-chain-authentik.yaml
+++ b/config/docker/current/traefik/config/mw-chain-authentik.yaml
@@ -0,0 +1,9 @@
 http:
  middlewares:        
    chain-authentik:
      chain:
        middlewares:
 #          - middlewares-crowdsec-bouncer
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-authentik
--- a/config/docker/current/traefik/config/mw-chain-basic-auth.yaml
+++ b/config/docker/current/traefik/config/mw-chain-basic-auth.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    chain-basic-auth:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-basic-auth
--- a/config/docker/current/traefik/config/mw-chain-no-auth.yaml
+++ b/config/docker/current/traefik/config/mw-chain-no-auth.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    chain-no-auth:
      chain:
        middlewares:
          - middlewares-default-whitelist
          - middlewares-rate-limit
          - middlewares-secure-headers
--- a/config/docker/current/traefik/config/mw-compress.yaml
+++ b/config/docker/current/traefik/config/mw-compress.yaml
@@ -0,0 +1,12 @@
 ################################################################
 # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
 # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
 # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
 #
 # Dynamic configuration
 ################################################################
 http:
  middlewares:
    # Compress to save bandwidth
    middlewares-compress:
      compress: {}
--- a/config/docker/current/traefik/config/mw-crowdsec-bouncer.yaml
+++ b/config/docker/current/traefik/config/mw-crowdsec-bouncer.yaml
@@ -0,0 +1,6 @@
 http:
  middlewares:    
    middlewares-crowdsec-bouncer:
      forwardauth:
        address: http://bouncer-traefik:8080/api/v1/forwardAuth
        trustForwardHeader: true
--- a/config/docker/current/traefik/config/mw-default-whitelist.yaml
+++ b/config/docker/current/traefik/config/mw-default-whitelist.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    middlewares-default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
--- a/config/docker/current/traefik/config/mw-https-redirectscheme.yaml
+++ b/config/docker/current/traefik/config/mw-https-redirectscheme.yaml
@@ -0,0 +1,15 @@
 ################################################################
 # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
 # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
 # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
 #
 # Dynamic configuration
 ################################################################
 http:
  middlewares:
    # Middleware for Redirection
    # This can be used instead of global redirection
    middlewares-https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
--- a/config/docker/current/traefik/config/mw-rate-limit.yaml
+++ b/config/docker/current/traefik/config/mw-rate-limit.yaml
@@ -0,0 +1,6 @@
 http:
  middlewares:
    middlewares-rate-limit:
      rateLimit:
        average: 100
        burst: 50
--- a/config/docker/current/traefik/config/mw-secure-headers.yaml
+++ b/config/docker/current/traefik/config/mw-secure-headers.yaml
@@ -0,0 +1,38 @@
 ################################################################
 # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
 # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
 # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
 #
 # Dynamic configuration
 ################################################################
 http:
  middlewares:
    ################################################################
    # Good Basic Security Practices
    ################################################################
    middlewares-secure-headers:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        customFrameOptionsValue: "allow-from https:{{env "DOMAINNAME"}}" #CSP takes care of this but may be needed for organizr.
        #customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
        contentTypeNosniff: true
        browserXssFilter: true
        # sslForceHost: true # add sslHost to all of the services
        # sslHost: "{{env "DOMAINNAME"}}"
        referrerPolicy: "same-origin"
        # permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()"
        customResponseHeaders:
          # X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
          # server: ""
          # https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
          X-Forwarded-Proto: "https"
--- a/config/docker/current/traefik/config/tls-opts.yaml
+++ b/config/docker/current/traefik/config/tls-opts.yaml
@@ -0,0 +1,35 @@
 ################################################################
 # TLS Options (https://jellyfin.org/docs/general/networking/traefik2.html#traefik-providertoml)
 # toml -> yml
 # 2024 updates to cipherSuites from (https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/)
 #
 # Set secure options by disabling insecure older TLS/SSL versions
 # and insecure ciphers. SNIStrict disabled leaves TLS1.0 open.
 # If you have problems with older clients, you can may need to relax
 # these minimums. This configuration will give you an A+ SSL security
 # score supporting TLS1.2 and TLS1.3
 #
 # Dynamic configuration
 # https://doc.traefik.io/traefik/https/tls/
 ################################################################
 tls:
  options:
    tls-opts:
      sniStrict: true
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
      curvePreferences:
        - secp521r1 # CurveP521
        - secp384r1 # CurveP384
    mintls13:
      minVersion: VersionTLS13
--- a/config/docker/current/traefik/logs/access.log
+++ b/config/docker/current/traefik/logs/access.log
--- a/config/docker/current/traefik/logs/traefik-access.log
+++ b/config/docker/current/traefik/logs/traefik-access.log
--- a/config/docker/current/traefik/logs/traefik-container.log
+++ b/config/docker/current/traefik/logs/traefik-container.log
--- a/config/docker/current/traefik/logs/traefik.log
+++ b/config/docker/current/traefik/logs/traefik.log
--- a/config/docker/current/traefik/old/acme.json
+++ b/config/docker/current/traefik/old/acme.json
--- a/config/docker/current/traefik/old/config/mw-authelia.yaml
+++ b/config/docker/current/traefik/old/config/mw-authelia.yaml
@@ -0,0 +1,9 @@
 http:
  middlewares:
    middlewares-authelia:
      forwardAuth:
        address: "http://authelia:9091/api/verify?rd=https://auth.local.gurulandia.eu"
        trustForwardHeader: true
        authResponseHeaders:
          - "Remote-User"
          - "Remote-Groups"
--- a/config/docker/current/traefik/old/config/mw-basic-auth.yaml
+++ b/config/docker/current/traefik/old/config/mw-basic-auth.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    middlewares-basic-auth:
      basicAuth:
        # users:
        #   - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
        usersFile: "/users" #be sure to mount the volume through docker-compose.yml
        realm: "Traefik 2 Basic Auth"
--- a/config/docker/current/traefik/old/config/mw-chain-authelia.yaml
+++ b/config/docker/current/traefik/old/config/mw-chain-authelia.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:        
    chain-authelia:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-authelia
--- a/config/docker/current/traefik/old/config/mw-chain-basic-auth.yaml
+++ b/config/docker/current/traefik/old/config/mw-chain-basic-auth.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    chain-basic-auth:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-basic-auth
--- a/config/docker/current/traefik/old/config/mw-chain-no-auth.yaml
+++ b/config/docker/current/traefik/old/config/mw-chain-no-auth.yaml
@@ -0,0 +1,9 @@
 http:
  middlewares:
    chain-no-auth:
      chain:
        middlewares:
          - middlewares-crowdsec-bouncer
          - middlewares-default-whitelist
          - middlewares-rate-limit
          - middlewares-secure-headers
--- a/config/docker/current/traefik/old/config/mw-chain-oauth.yaml
+++ b/config/docker/current/traefik/old/config/mw-chain-oauth.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    chain-oauth:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-oauth
--- a/config/docker/current/traefik/old/config/mw-crowdsec-bouncer.yaml
+++ b/config/docker/current/traefik/old/config/mw-crowdsec-bouncer.yaml
@@ -0,0 +1,6 @@
 http:
  middlewares:    
    middlewares-crowdsec-bouncer:
      forwardauth:
        address: http://bouncer-traefik:8080/api/v1/forwardAuth
        trustForwardHeader: true
--- a/config/docker/current/traefik/old/config/mw-default-whitelist.yaml
+++ b/config/docker/current/traefik/old/config/mw-default-whitelist.yaml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    middlewares-default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
--- a/config/docker/current/traefik/old/config/mw-rate-limit.yaml
+++ b/config/docker/current/traefik/old/config/mw-rate-limit.yaml
@@ -0,0 +1,6 @@
 http:
  middlewares:
    middlewares-rate-limit:
      rateLimit:
        average: 100
        burst: 50
--- a/config/docker/current/traefik/old/config/mw-secure-headers.yaml
+++ b/config/docker/current/traefik/old/config/mw-secure-headers.yaml
@@ -0,0 +1,31 @@
 http:
  middlewares:
    middlewares-secure-headers:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        sslRedirect: true
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        # frameDeny: true #overwritten by customFrameOptionsValue
        customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
        contentTypeNosniff: true
        browserXssFilter: true
        # sslForceHost: true # add sslHost to all of the services
        # sslHost: "example.com"
        referrerPolicy: "same-origin"
        # Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
        # the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
        # contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
        featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
        customResponseHeaders:
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
          server: ""
--- a/config/docker/current/traefik/old/config/tls-opts.yaml
+++ b/config/docker/current/traefik/old/config/tls-opts.yaml
@@ -0,0 +1,19 @@
 tls:
  options:
    tls-opts:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true
--- a/config/docker/current/traefik/old/logs/access.log
+++ b/config/docker/current/traefik/old/logs/access.log
--- a/config/docker/current/traefik/old/logs/traefik.log
+++ b/config/docker/current/traefik/old/logs/traefik.log
--- a/config/docker/current/traefik/traefik.yaml
+++ b/config/docker/current/traefik/traefik.yaml
@@ -0,0 +1,141 @@
 # Traefik 3.x (YAML)
 # Updated 2024-June-04
 ################################################################
 # Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/
 ################################################################
 global:
  checkNewVersion: true #false
  sendAnonymousUsage: false
 ################################################################
 # Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/
 ################################################################
 entryPoints:
  web:
    address: ":80"
    # Global HTTP to HTTPS redirection
    http:
 #      middlewares:
 #        - crowdsec-bouncer@file
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"
    http:
 #      middlewares:
 #        - crowdsec-bouncer@file
      tls:
        options: tls-opts@file
        certResolver: dns-cloudflare
        domains:
          - main: "{{env "DOMAINNAME0"}}"
            sans:
              - "*.{{env "DOMAINNAME0"}}"
          - main: "{{env "DOMAINNAME1"}}"
            sans:
              - "*.{{env "DOMAINNAME1"}}"
          - main: "{{env "DOMAINNAME2"}}"
            sans:
              - "*.{{env "DOMAINNAME2"}}"
          - main: "{{env "DOMAINNAME3"}}"
            sans:
              - "*.{{env "DOMAINNAME3"}}"
    forwardedHeaders:
      trustedIPs:
        # Cloudflare (https://www.cloudflare.com/ips-v4)
        - "173.245.48.0/20"
        - "103.21.244.0/22"
        - "103.22.200.0/22"
        - "103.31.4.0/22"
        - "141.101.64.0/18"
        - "108.162.192.0/18"
        - "190.93.240.0/20"
        - "188.114.96.0/20"
        - "197.234.240.0/22"
        - "198.41.128.0/17"
        - "162.158.0.0/15"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
        - "172.64.0.0/13"
        - "131.0.72.0/22"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
        # Local IPs
        - "127.0.0.1/32"
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
 ################################################################
 # Logs - https://doc.traefik.io/traefik/observability/logs/
 ################################################################
 log:
  level: INFO # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO
  filePath: /logs/traefik-container.log # Default is to STDOUT
  # format: json # Uses text format (common) by default
  noColor: false # Recommended to be true when using common
  maxSize: 100 # In megabytes
  compress: true # gzip compression when rotating
 ################################################################
 # Access logs - https://doc.traefik.io/traefik/observability/access-logs/
 ################################################################
 accessLog:
  addInternals: true  # things like ping@internal
  filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default
  bufferingSize: 100 # Number of log lines
  fields:
    names:
      StartUTC: drop  # Write logs in Container Local Time instead of UTC
  filters:
    statusCodes:
      - "204-299"
      - "400-499"
      - "500-599"
 ################################################################
 # API and Dashboard
 ################################################################
 api:
  dashboard: true
  # Rely on api@internal and Traefik with Middleware to control access
  # insecure: true
 ################################################################
 # Providers - https://doc.traefik.io/traefik/providers/docker/
 ################################################################
 providers:
  docker:
    #endpoint: "unix:///var/run/docker.sock" # Comment if using socket-proxy
    endpoint: "tcp://socket-proxy:2375" # Uncomment if using socket proxy
    exposedByDefault: false
    network: proxy  # network to use for connections to all containers
    # defaultRule: TODO
  # Enable auto loading of newly created rules by watching a directory
  file:
  # Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains
    directory: /config
    watch: true
 ################################################################
 # Let's Encrypt (ACME)
 ################################################################
 certificatesResolvers:
  dns-cloudflare:
    acme:
      email: "{{env "CF_API_EMAIL"}}"
      storage: "/acme.json"
      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod
      dnsChallenge:
        provider: cloudflare
        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
        # Custom DNS server resolution
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
--- a/config/docker/old/traefik/acme.json
+++ b/config/docker/old/traefik/acme.json
--- a/config/docker/old/traefik/config/app-bookstack.yml
+++ b/config/docker/old/traefik/config/app-bookstack.yml
@@ -0,0 +1,15 @@
 http:
  routers:
    wiki-rtr: # Bookstack
      rule: "Host(`wiki.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-no-auth # - chain-authelia
      tls: {}
      service: wiki-svc
  services:
    wiki-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.5.30:53002"
--- a/config/docker/old/traefik/config/app-ha-pihole.yml
+++ b/config/docker/old/traefik/config/app-ha-pihole.yml
@@ -0,0 +1,46 @@
 http:
  routers:
    ha-pihole-rtr: # piHole
      rule: "Host(`ha-pihole.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-no-auth
        - pihole-add-admin
      service: ha-pihole-svc
      tls: {}
    ha-pihole-01-rtr: # piHole
      rule: "Host(`ha-pihole-01.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-no-auth
        - pihole-add-admin
      service: ha-pihole-01-svc
      tls: {}
    ha-pihole-02-rtr: # piHole
      rule: "Host(`ha-pihole-02.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-no-auth
        - pihole-add-admin
      service: ha-pihole-02-svc
      tls: {}
  middlewares:
    pihole-add-admin:
      addPrefix:
        prefix: "/admin"
  services:
    ha-pihole-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.99.250:80"
    ha-pihole-01-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.99.245:80"
    ha-pihole-02-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.99.246:80"
--- a/config/docker/old/traefik/config/app-pihole.yml
+++ b/config/docker/old/traefik/config/app-pihole.yml
@@ -0,0 +1,46 @@
 http:
  routers:
    pihole-rtr: # piHole
      rule: "Host(`pihole.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-authelia
        - pihole-add-admin
      service: pihole-svc
      tls: {}
    pihole-01-rtr: # piHole
      rule: "Host(`pihole-01.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-authelia
        - pihole-add-admin
      service: pihole-01-svc
      tls: {}
    pihole-02-rtr: # piHole
      rule: "Host(`pihole-02.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-authelia
        - pihole-add-admin
      service: pihole-02-svc
      tls: {}
  middlewares:
    pihole-add-admin:
      addPrefix:
        prefix: "/admin"
  services:
    pihole-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.99.250:80"
    pihole-01-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.99.245:80"
    pihole-02-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.99.246:80"
--- a/config/docker/old/traefik/config/app-sophos-xg.yml
+++ b/config/docker/old/traefik/config/app-sophos-xg.yml
@@ -0,0 +1,15 @@
 http:
  routers:
    sophos-rtr: # Sophos XG
      rule: "Host(`fw.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-no-auth # - chain-authelia
      tls: {}
      service: sophos-svc
  services:
    sophos-svc:
      loadBalancer:
        servers:
          - url: "https://192.168.99.1:4444"
--- a/config/docker/old/traefik/config/app-wac.yml
+++ b/config/docker/old/traefik/config/app-wac.yml
@@ -0,0 +1,15 @@
 http:
  routers:
    wac-rtr: # Sophos XG
      rule: "Host(`wac.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-no-auth # - chain-authelia
      tls: {}
      service: wac-svc
  services:
    wac-svc:
      loadBalancer:
        servers:
          - url: "https://192.168.5.50"
--- a/config/docker/old/traefik/config/mw-authelia.yml
+++ b/config/docker/old/traefik/config/mw-authelia.yml
@@ -0,0 +1,9 @@
 http:
  middlewares:
    middlewares-authelia:
      forwardAuth:
        address: "http://authelia:9091/api/verify?rd=https://auth.local.gurulandia.eu"
        trustForwardHeader: true
        authResponseHeaders:
          - "Remote-User"
          - "Remote-Groups"
--- a/config/docker/old/traefik/config/mw-basic-auth.yml
+++ b/config/docker/old/traefik/config/mw-basic-auth.yml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    middlewares-basic-auth:
      basicAuth:
        # users:
        #   - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
        usersFile: "/users" #be sure to mount the volume through docker-compose.yml
        realm: "Traefik 2 Basic Auth"
--- a/config/docker/old/traefik/config/mw-chain-authelia.yml
+++ b/config/docker/old/traefik/config/mw-chain-authelia.yml
@@ -0,0 +1,8 @@
 http:
  middlewares:        
    chain-authelia:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-authelia
--- a/config/docker/old/traefik/config/mw-chain-basic-auth.yml
+++ b/config/docker/old/traefik/config/mw-chain-basic-auth.yml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    chain-basic-auth:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-basic-auth
--- a/config/docker/old/traefik/config/mw-chain-no-auth.yml
+++ b/config/docker/old/traefik/config/mw-chain-no-auth.yml
@@ -0,0 +1,9 @@
 http:
  middlewares:
    chain-no-auth:
      chain:
        middlewares:
          - middlewares-crowdsec-bouncer
          - middlewares-default-whitelist
          - middlewares-rate-limit
          - middlewares-secure-headers
--- a/config/docker/old/traefik/config/mw-chain-oauth.yml
+++ b/config/docker/old/traefik/config/mw-chain-oauth.yml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    chain-oauth:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-secure-headers
          - middlewares-oauth
--- a/config/docker/old/traefik/config/mw-crowdsec-bouncer.yml
+++ b/config/docker/old/traefik/config/mw-crowdsec-bouncer.yml
@@ -0,0 +1,6 @@
 http:
  middlewares:    
    middlewares-crowdsec-bouncer:
      forwardauth:
        address: http://bouncer-traefik:8080/api/v1/forwardAuth
        trustForwardHeader: true
--- a/config/docker/old/traefik/config/mw-default-whitelist.yml
+++ b/config/docker/old/traefik/config/mw-default-whitelist.yml
@@ -0,0 +1,8 @@
 http:
  middlewares:
    middlewares-default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
--- a/config/docker/old/traefik/config/mw-rate-limit.yml
+++ b/config/docker/old/traefik/config/mw-rate-limit.yml
@@ -0,0 +1,6 @@
 http:
  middlewares:
    middlewares-rate-limit:
      rateLimit:
        average: 100
        burst: 50
--- a/config/docker/old/traefik/config/mw-secure-headers.yml
+++ b/config/docker/old/traefik/config/mw-secure-headers.yml
@@ -0,0 +1,31 @@
 http:
  middlewares:
    middlewares-secure-headers:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        sslRedirect: true
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        # frameDeny: true #overwritten by customFrameOptionsValue
        customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
        contentTypeNosniff: true
        browserXssFilter: true
        # sslForceHost: true # add sslHost to all of the services
        # sslHost: "example.com"
        referrerPolicy: "same-origin"
        # Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
        # the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
        # contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
        featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
        customResponseHeaders:
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
          server: ""
--- a/config/docker/old/traefik/config/svc-asustor.yml
+++ b/config/docker/old/traefik/config/svc-asustor.yml
@@ -0,0 +1,15 @@
 http:
  routers:
    asustor-rtr: # Asustor Nas
      rule: "Host(`nas-01.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-authelia 
      service: asustor-svc
      tls: {}    
  services:
    asustor-svc:
      loadBalancer:
        servers:
          - url: "https://gl-p-nas-01.srv.gurulandia.lan:8001"
--- a/config/docker/old/traefik/config/svc-homeassistant.yml
+++ b/config/docker/old/traefik/config/svc-homeassistant.yml
@@ -0,0 +1,16 @@
 http:
  routers:
    homeassistant-rtr: # Home Assistant
      rule: "Host(`homeassistant.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      service: homeassistant-svc
      tls:  {}
  services:
    homeassistant-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.42.242:50000"
--- a/config/docker/old/traefik/config/svc-observium.yml
+++ b/config/docker/old/traefik/config/svc-observium.yml
@@ -0,0 +1,16 @@
 http:
  routers:
    observium-rtr: # Observium
      rule: "Host(`observium.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      service: observium-svc
      tls:  {}
  services:
    observium-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.99.81"
--- a/config/docker/old/traefik/config/svc-pbs.yml
+++ b/config/docker/old/traefik/config/svc-pbs.yml
@@ -0,0 +1,15 @@
 http:
  routers:
    pbs-rtr: # Proxmox PBS
      entryPoints:
        - "https"
      rule: "Host(`pbs-01.local.gurulandia.eu`)"
      middlewares:
        - chain-authelia
      tls: {}
      service: pbs-svc
  services:
    pbs-svc:
      loadBalancer:
        servers:
          - url: "https://gl-v-pbs-01.mgmt.gurulandia.lan:8007"
--- a/config/docker/old/traefik/config/svc-plex.yml
+++ b/config/docker/old/traefik/config/svc-plex.yml
@@ -0,0 +1,15 @@
 http:
  routers:
    plex-rtr: # Asustor Nas
      rule: "Host(`plex.local.gurulandia.eu`) "
      entryPoints:
        - https
      middlewares:
        - chain-authelia 
      service: plex-svc
      tls: {}    
  services:
    plex-svc:
      loadBalancer:
        servers:
          - url: "https://gl-p-nas-01.srv.gurulandia.lan:32400"
--- a/config/docker/old/traefik/config/svc-pve.yml
+++ b/config/docker/old/traefik/config/svc-pve.yml
@@ -0,0 +1,27 @@
 http:
  routers:
    pve-01-rtr: # Proxmox PVE 1
      rule: "Host(`pve-01.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: pve-01-svc      
    pve-02-rtr: # Proxmox PVE 2
      rule: "Host(`pve-02.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: pve-02-svc
  services:
    pve-01-svc:
      loadBalancer:
        servers:
          - url: "https://gl-p-pve-01.mgmt.gurulandia.lan:8006"
    pve-02-svc:
      loadBalancer:
        servers:
          - url: "https://gl-p-pve-02.mgmt.gurulandia.lan:8006"
--- a/config/docker/old/traefik/config/svc-routers.yml
+++ b/config/docker/old/traefik/config/svc-routers.yml
@@ -0,0 +1,39 @@
 http:
  routers:
    gl-p-ap-01-rtr: # AsusWRT
      rule: "Host(`ap-01.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-ap-01-svc
    gl-p-ap-02-rtr: # OpenWRT
      rule: "Host(`ap-02.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-ap-02-svc
    gl-p-ap-03-rtr: # OpenWRT
      rule: "Host(`ap-03.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-ap-03-svc
  services:
    gl-p-ap-01-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-ap-01.wifi.gurulandia.lan"
    gl-p-ap-02-svc:
      loadBalancer:
        servers:
          - url: "https://gl-p-ap-02.mgmt.gurulandia.lan"
    gl-p-ap-03-svc:
      loadBalancer:
        servers:
          - url: "https://gl-p-ap-03.mgmt.gurulandia.lan"  
--- a/config/docker/old/traefik/config/svc-switchs.yml
+++ b/config/docker/old/traefik/config/svc-switchs.yml
@@ -0,0 +1,99 @@
 http:
  routers:
    gl-p-sw-01-rtr: 
      rule: "Host(`sw-01.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-01-svc
    gl-p-sw-02-rtr: 
      rule: "Host(`sw-02.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-02-svc
    gl-p-sw-03-rtr: 
      rule: "Host(`sw-03.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-03-svc
    gl-p-sw-04-rtr: 
      rule: "Host(`sw-04.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-04-svc
    gl-p-sw-05-rtr: 
      rule: "Host(`sw-05.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-05-svc
    gl-p-sw-06-rtr: 
      rule: "Host(`sw-06.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-06-svc
    gl-p-sw-07-rtr: 
      rule: "Host(`sw-07.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-07-svc
    gl-p-sw-08-rtr: 
      rule: "Host(`sw-08.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      tls: {}
      service: gl-p-sw-08-svc
  services:
    gl-p-sw-01-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-01.mgmt.gurulandia.lan"
    gl-p-sw-02-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-02.mgmt.gurulandia.lan"
    gl-p-sw-03-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-03.mgmt.gurulandia.lan"
    gl-p-sw-04-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-04.mgmt.gurulandia.lan"
    gl-p-sw-05-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-05.mgmt.gurulandia.lan"
    gl-p-sw-06-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-06.mgmt.gurulandia.lan"
    gl-p-sw-07-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-07.mgmt.gurulandia.lan"
    gl-p-sw-08-svc:
      loadBalancer:
        servers:
          - url: "http://gl-p-sw-08.mgmt.gurulandia.lan"
--- a/config/docker/old/traefik/config/svc-tasmoadmin.yml
+++ b/config/docker/old/traefik/config/svc-tasmoadmin.yml
@@ -0,0 +1,16 @@
 http:
  routers:
    tasmoadmin-rtr: # Tasmo Admin
      rule: "Host(`tasmoadmin.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-no-auth #authelia
      service: tasmoadmin-svc
      tls:  {}
  services:
    tasmoadmin-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.42.242:9541"
--- a/config/docker/old/traefik/config/svc-truenas.yml
+++ b/config/docker/old/traefik/config/svc-truenas.yml
@@ -0,0 +1,16 @@
 http:
  routers:
    truenas-rtr: # TrueNAS Core
      rule: "Host(`nas-02.local.gurulandia.eu`)"
      entryPoints:
        - "https"
      middlewares:
        - chain-authelia
      service: truenas-svc
      tls:  {}
  services:
    truenas-svc:
      loadBalancer:
        servers:
          - url: "https://gl-p-nas-02.mgmt.gurulandia.lan"
--- a/config/docker/old/traefik/config/tls-opts.yml
+++ b/config/docker/old/traefik/config/tls-opts.yml
@@ -0,0 +1,19 @@
 tls:
  options:
    tls-opts:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true
--- a/config/docker/old/traefik/logs/access.log
+++ b/config/docker/old/traefik/logs/access.log
--- a/config/docker/old/traefik/logs/traefik.log
+++ b/config/docker/old/traefik/logs/traefik.log
--- a/config/docker/old/traefik/traefik.yml
+++ b/config/docker/old/traefik/traefik.yml
@@ -0,0 +1,209 @@
 ################################################################
 # Global configuration
 ################################################################
 global:
  checkNewVersion: true
  sendAnonymousUsage: false
 ################################################################
 # EntryPoints configuration
 ################################################################
 # EntryPoints definition
 #
 # Optional
 #
 entryPoints:
  http:
    address: :80
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: :443
    http:
      tls:
        options: tls-opts@file
        certResolver: cloudflarels
        domains: 
        - main: gurulandia.eu
          sans: 
            - '*.gurulandia.eu'
        - main: local.gurulandia.eu
          sans: 
            - '*.local.gurulandia.eu'
        - main: gurulandia.fi
          sans: 
            - '*.gurulandia.fi'
        - main: local.gurulandia.fi
          sans: 
            - '*.local.gurulandia.fi'
    forwardedHeaders:
      trustedIPs: &trustedIps
        - "127.0.0.1/32"
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
        - "173.245.48.0/20"
        - "103.21.244.0/22"
        - "103.22.200.0/22"
        - "103.31.4.0/22"
        - "141.101.64.0/18"
        - "108.162.192.0/18"
        - "190.93.240.0/20"
        - "188.114.96.0/20"
        - "197.234.240.0/22"
        - "198.41.128.0/17"
        - "162.158.0.0/15"
        - "172.64.0.0/13"
        - "131.0.72.0/22"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
 serversTransport:
  insecureSkipVerify: true
 ################################################################
 # Traefik logs configuration
 ################################################################
 # Traefik logs
 # Enabled by default and log to stdout
 #
 # Optional
 #
 log:
  # Log level
  #
  # Optional
  # Default: "ERROR"
  #
  level: INFO
  # Sets the filepath for the traefik log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  filePath: "/var/log/traefik/traefik.log"
  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
 #  format: json
 ################################################################
 # Access logs configuration
 ################################################################
 # Enable access logs
 # By default it will write to stdout and produce logs in the textual
 # Common Log Format (CLF), extended with additional fields.
 #
 # Optional
 #
 accessLog:
  # Sets the file path for the access log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  filePath: "/var/log/traefik/access.log"
  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
 #  format: json
 ################################################################
 # API and dashboard configuration
 ################################################################
 # Enable API and dashboard
 #
 # Optional
 #
 api:
  # Enable the API in insecure mode
  #
  # Optional
  # Default: false
  #
  #insecure: true
  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  dashboard: true
 ################################################################
 # Ping configuration
 ################################################################
 # Enable ping
 #ping:
  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
 #  entryPoint: traefik
 ################################################################
 # Providers configuration
 ################################################################
 providers:
  # Enable Docker configuration backend
  docker:
    # Docker server endpoint. Can be a tcp or a unix socket endpoint.
    #
    # Required
    # Default: "unix:///var/run/docker.sock"
    #
    endpoint: tcp://socket-proxy:2375 
    network: proxy
    # Default host rule.
    #
    # Optional
    # Default: "Host(`{{ normalize .Name }}`)"
    #
 #    defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
    # Expose containers by default in traefik
    #
    # Optional
    # Default: true
    #
    exposedByDefault: false
  # Enable File configuration backend
  file:
    directory: /config
    watch: true
  # Enable Redis configuration backend
  #redis:
    #endpoints:
     # - "redis:6379"
 ################################################################
 # Certificate Resolvers
 ################################################################
 certificatesResolvers:
  cloudflare:
    acme:
      email: ${CF_API_EMAIL}
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
--- a/config/docker/old/traefik/traefik.yml.old
+++ b/config/docker/old/traefik/traefik.yml.old
@@ -0,0 +1,204 @@
 ################################################################
 #
 # Configuration sample for Traefik v2.
 #
 # For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
 #
 ################################################################
 ################################################################
 # Global configuration
 ################################################################
 global:
  checkNewVersion: true
  sendAnonymousUsage: false
 ################################################################
 # EntryPoints configuration
 ################################################################
 # EntryPoints definition
 #
 # Optional
 #
 entryPoints:
  http:
    address: :80
 #    http:
 #      redirections:
 #        entryPoint:
 #          to: https
 #          scheme: https
  https:
    address: :443
 #    http:
      #tls:
        #options: tls-opts@file
        #certResolver: cloudflare
        #domains:
          #- main: gurulandia.eu
          #- sans: *.gurulandia.eu
          #- main: local.gurulandia.eu
          #- sans: *.local.gurulandia.eu
          #- main: gurulandia.fi
          #  sans: 
          #    - *.gurulandia.fi
    #forwardedHeaders:
    #  trustedIPs:
    #    - "173.245.48.0/20"
    #    - "103.21.244.0/22"
    #    - "103.22.200.0/22"
    #    - "103.31.4.0/22"
    #    - "141.101.64.0/18"
    #    - "108.162.192.0/18"
    #    - "190.93.240.0/20"
    #    - "188.114.96.0/20"
    #    - "197.234.240.0/22"
    #    - "198.41.128.0/17"
    #    - "162.158.0.0/15"
    #    - "172.64.0.0/13"
    #    - "131.0.72.0/22"
    #    - "104.16.0.0/13"
    #    - "104.24.0.0/14"
 serversTransport:
  insecureSkipVerify: true
 ################################################################
 # Traefik logs configuration
 ################################################################
 # Traefik logs
 # Enabled by default and log to stdout
 #
 # Optional
 #
 log:
  # Log level
  #
  # Optional
  # Default: "ERROR"
  #
  level: INFO
  # Sets the filepath for the traefik log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  filePath: "/var/log/traefik/traefik.log"
  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
 #  format: json
 ################################################################
 # Access logs configuration
 ################################################################
 # Enable access logs
 # By default it will write to stdout and produce logs in the textual
 # Common Log Format (CLF), extended with additional fields.
 #
 # Optional
 #
 accessLog:
  # Sets the file path for the access log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  filePath: "/var/log/traefik/access.log"
  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
 #  format: json
 ################################################################
 # API and dashboard configuration
 ################################################################
 # Enable API and dashboard
 #
 # Optional
 #
 api:
  # Enable the API in insecure mode
  #
  # Optional
  # Default: false
  #
  insecure: true
  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  #dashboard: true
 ################################################################
 # Ping configuration
 ################################################################
 # Enable ping
 #ping:
  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
 #  entryPoint: traefik
 providers:
  # Enable Docker configuration backend
  docker:
    # Docker server endpoint. Can be a tcp or a unix socket endpoint.
    #
    # Required
    # Default: "unix:///var/run/docker.sock"
    #
    endpoint: tcp://socket-proxy:2375
    # Default host rule.
    #
    # Optional
    # Default: "Host(`{{ normalize .Name }}`)"
    #
 #    defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
    # Expose containers by default in traefik
    #
    # Optional
    # Default: true
    #
    exposedByDefault: false
  # Enable File configuration backend
  file:
    directory: /config
    watch: true
  # Enable Redis configuration backend
  #redis:
    #endpoints:
     # - "redis:6379"
 ################################################################
 # Certificate Resolvers
 ################################################################
 certificatesResolvers:
  cloudflare:
    acme:
      email: gurulandia@outlook.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
--- a/config/docker/old/traefik/traefik.yml.test
+++ b/config/docker/old/traefik/traefik.yml.test
@@ -0,0 +1,47 @@
 api:
  dashboard: true
  debug: true
 entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: "https"
          scheme: "https"
  https:
    address: ":443"
    http:
      middlewares:
        - "crowdsec-bouncer@file"
  openvpn:
    address: ":1194/udp"
  k3s:
    address: ":6443"
 serversTransport:
  insecureSkipVerify: true
 providers:
  docker:
    endpoint: tcp://socket-proxy:2375
    exposedByDefault: false
  file:
    directory: /config
    watch: true
 certificatesResolvers:
  cloudflare:
    acme:
      email: ${CLOUDFLARE_EMAIL}
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
 log:
  level: INFO
  filePath: "/var/log/traefik/traefik.log"
 accessLog:
  filePath: "/var/log/traefik/access.log"
--- a/config/docker/old/traefik/users
+++ b/config/docker/old/traefik/users
@@ -0,0 +1 @@
 gurulandia:{SHA}pZz64lzpzvjBTCNPWBokXW/7qD0=
--- a/docker/.env
+++ b/docker/.env
@@ -9,36 +9,37 @@ TZ=Europe/HelsinkI
 DOCKERDIR=/gurulandia/data
 SECRETSDIR=/gurulandia/docker-shared/secrets
 ##### ProxyName
 PROXYNAME=proxy
 ##### DOMAIN
 DOMAINNAME0=gurulandia.eu
-DOMAINNAME1=home.gurulandia.eu
+DOMAINNAME1=lab.gurulandia.eu
 DOMAINNAME2=gurulandia.fi
 DOMAINNAME3=home.gurulandia.fi
 ##### SUBNETS
-
+#PROXY_SUBNET=192.168.91.0/24
-PROXY_SUBNET=192.168.91.0/24
+#SOCKET_PROXY_SUBNET=192.168.92.0/24
 SOCKET_PROXY_SUBNET=192.168.92.0/24
 ##### GATEWAYS
-
+#PROXY_GATEWAY=192.168.91.1
-PROXY_GATEWAY=192.168.91.1
+#SOCKET_PROXY_GATEWAY=192.168.92.1
 SOCKET_PROXY_GATEWAY=192.168.92.1
 ##### Traefik Container
 TRAEFIK_CONTAINER_NAME=traefik
 TRAEFIK_IMAGE=traefik
-TRAEFIK_VERSION=v3.0.0-rc1 #latest
+TRAEFIK_TAG=latest
 TRAEFIK_RESTART_POLICY=unless-stopped
-TRAEFIK_IP0=192.168.91.254
+#TRAEFIK_IP0=192.168.91.254
-TRAEFIK_IP1=192.168.92.252
+#TRAEFIK_IP1=192.168.92.252
 ##### socket-proxy Container
 SOCKET_PROXY_CONTAINER_NAME=socket-proxy
 SOCKET_PROXY_IMAGE=ghcr.io/tecnativa/docker-socket-proxy
-SOCKET_PROXY_VERSION=latest
+SOCKET_PROXY_TAG=latest
 SOCKET_PROXY_RESTART_POLICY=always
-SOCKET_PROXY_IP=192.168.92.254
+#SOCKET_PROXY_IP=192.168.92.254
 DOCKER_ENDPOINT=tcp://${SOCKET_PROXY_CONTAINER_NAME}:2375
@@ -60,18 +61,19 @@ RESOLVER1=1.0.0.1:53
 ##### Crowdsec Container
 CROWDSEC_CONTAINER_NAME=crowdsec
 CROWDSEC_IMAGE=crowdsecurity/crowdsec
-CROWDSEC_VERSION=latest
+CROWDSEC_TAG=latest
 CROWDSEC_RESTART_POLICY=unless-stopped
 #CROWDSEC_COLLECTIONS="crowdsecurity/linux crowdsecurity/traefik"
 CROWDSEC_COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux fulljackz/proxmox"
-CROWDSEC_IP=192.168.92.253
+#CROWDSEC_IP=192.168.92.253
 ##### bouncer-traefik Container
 BT_CONTAINER_NAME=bouncer-traefik
 BT_IMAGE=docker.io/fbonalair/traefik-crowdsec-bouncer
-BT_VERSION=latest
+BT_TAG=latest
 BT_RESTART_POLICY=unless-stopped
-BT_IP=192.168.92.251
+GIN_MODE=release
 #BT_IP=192.168.92.251
 ##### IP ADDRESSES
--- a/docker/.env.template
+++ b/docker/.env.template
@@ -0,0 +1,135 @@
 COMPOSE_PROJECT_NAME=proxy
 ##### SYSTEM
 PUID=1000
 PGID=1000
 TZ=Europe/HelsinkI
 #USERDIR=/home/gurulandia
 DOCKERDIR=/gurulandia/data
 SECRETSDIR=/gurulandia/docker-shared/secrets
 ##### ProxyName
 PROXYNAME=proxy
 ##### Traefik Container
 TRAEFIK_CONTAINER_NAME=traefik
 TRAEFIK_IMAGE=traefik
 TRAEFIK_VERSION=latest
 TRAEFIK_RESTART_POLICY=unless-stopped
 ##### socket-proxy Container
 SOCKET_PROXY_CONTAINER_NAME=socket-proxy
 SOCKET_PROXY_IMAGE=ghcr.io/tecnativa/docker-socket-proxy
 SOCKET_PROXY_VERSION=latest
 SOCKET_PROXY_RESTART_POLICY=always
 DOCKER_ENDPOINT=tcp://${SOCKET_PROXY_CONTAINER_NAME}:2375
 #Configure
 #COMPOSE_PROJECT_NAME
 #COMPOSE_FILE
 #Specifies the path to a Compose file. Specifying multiple Compose files is supported.
 #Default behavior: If not provided, Compose looks for a file named compose.yaml in the current directory and, if not found, then Compose searches each parent directory recursively until a file by that name is found.
 #When specifying multiple Compose files, the path separators are, by default, on:
 #Mac and Linux: : (colon)
 #Windows: ; (semicolon) For example:
 #COMPOSE_FILE=docker-compose.yml:docker-compose.prod.yml
 #The path separator can also be customized using COMPOSE_PATH_SEPARATOR.
 #See also the command-line options overview and using -f to specify name and path of one or more Compose files.
 #COMPOSE_PROFILES
 #Specifies one or more profiles to be enabled when docker compose up is run.
 #
 #Services with matching profiles are started as well as any services for which no profile has been defined.
 #
 #For example, calling docker compose upwith COMPOSE_PROFILES=frontend selects services with the frontend profile as well as any services without a profile specified.
 #
 #If specifying multiple profiles, use a comma as a separator.
 #This following example enables all services matching both the frontend and debug profiles and services without a profile.
 #COMPOSE_PROFILES=frontend,debug
 #See also Using profiles with Compose and the --profile command-line option.
 #COMPOSE_CONVERT_WINDOWS_PATHS
 #When enabled, Compose performs path conversion from Windows-style to Unix-style in volume definitions.
 #Supported values:
 #true or 1, to enable
 #false or 0, to disable
 #Defaults to: 0
 #COMPOSE_PATH_SEPARATOR
 #Specifies a different path separator for items listed in COMPOSE_FILE.
 #Defaults to:
 #On macOS and Linux to :
 #On Windows to;
 #COMPOSE_IGNORE_ORPHANS
 #When enabled, Compose doesn't try to detect orphaned containers for the project.
 #Supported values:
 #true or 1, to enable
 #false or 0, to disable
 #Defaults to: 0
 #COMPOSE_REMOVE_ORPHANS
 #When enabled, Compose automatically removes orphaned containers when updating a service or stack. Orphaned containers are those that were created by a previous configuration but are no longer defined in the current compose.yaml file.
 #Supported values:
 #true or 1, to enable automatic removal of orphaned containers
 #false or 0, to disable automatic removal. Compose displays a warning about orphaned containers instead.
 #Defaults to: 0
 #COMPOSE_PARALLEL_LIMIT
 #Specifies the maximum level of parallelism for concurrent engine calls.
 #COMPOSE_ANSI
 #Specifies when to print ANSI control characters.
 #Supported values:
 #auto, Compose detects if TTY mode can be used. Otherwise, use plain text mode
 #never, use plain text mode
 #always or 0, use TTY mode
 #Defaults to: auto
 #COMPOSE_STATUS_STDOUT
 #When enabled, Compose writes its internal status and progress messages to stdout instead of stderr. The default value is false to clearly separate the output streams between Compose messages and your container's logs.
 #Supported values:
 #true or 1, to enable
 #false or 0, to disable
 #Defaults to: 0
 #COMPOSE_ENV_FILES
 #Lets you specify which environment files Compose should use if --env-file isn't used.
 #When using multiple environment files, use a comma as a separator. For example:
 #COMPOSE_ENV_FILES=.env.envfile1, .env.envfile2
 #If COMPOSE_ENV_FILES is not set, and you don't provide --env-file in the CLI, Docker Compose uses the default behavior, which is to look for an .env file in the project directory.
 #COMPOSE_MENU
 #Requires:
 #Docker Compose 2.26.0 and later
 #When enabled, Compose displays a navigation menu where you can choose to open the Compose stack in Docker Desktop, switch on watch mode, or use Docker Debug.
 #Supported values:
 #true or 1, to enable
 #false or 0, to disable
 #Defaults to: 1 if you obtained Docker Compose through Docker Desktop, otherwise default is 0
 #COMPOSE_EXPERIMENTAL
 #Requires:
 #Docker Compose 2.26.0 and later
 #This is an opt-out variable. When turned off it deactivates the experimental features such as the navigation menu or Synchronized file shares.
 #Supported values:
 #true or 1, to enable
 #false or 0, to disable
 #Defaults to: 1
--- a/docker/Lenpaste/compose.yaml
+++ b/docker/Lenpaste/compose.yaml
@@ -0,0 +1,25 @@
 version: "3.4"
 services:
  postgres:
    image: docker.io/library/postgres:16.1
    environment:
      - PGDATA=/var/lib/postgresql/data/pgdata
      - POSTGRES_USER=lenpaste
      - POSTGRES_PASSWORD=pass
    volumes:
      - "${PWD}/data/postgres:/var/lib/postgresql/data"
  lenpaste:
    image: ghcr.io/lcomrade/lenpaste:1.3.1
    restart: on-failure:10
    environment:
      - LENPASTE_DB_DRIVER=postgres
      - LENPASTE_DB_SOURCE=postgres://lenpaste:lenpaste@10.0.6.178/lenpaste?sslmode=disable
    #postgresql://[user[:password]@][netloc][:port][/dbname][?param1=value1&...]
    volumes:
      - "${PWD}/data:/data"
    ports:
      - "58080:80"
    depends_on:
      - postgres
--- a/docker/Netbootxyz/compose.yaml
+++ b/docker/Netbootxyz/compose.yaml
@@ -0,0 +1,23 @@
 services:
  netbootxyz:
    # image: ghcr.io/netbootxyz/netbootxyz
    image: lscr.io/linuxserver/netbootxyz:latest
    container_name: netbootxyz
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      #- MENU_VERSION=1.9.9 #optional
      #- PORT_RANGE=30000:30010 #optional
      #- SUBFOLDER=/ #optional
      #- MENU_VERSION=2.0.47 # optional
      - NGINX_PORT=80 # optional
      - WEB_APP_PORT=3000 # optional
    volumes:
      - /gurulandia/data/netbootxyz/config:/config # optional
      - /gurulandia/data/netbootxyz/assets:/assets # optional
    ports:
      - 3001:3000  # optional, destination should match ${WEB_APP_PORT} variable above.
      - 69:69/udp
      - 8080:80  # optional, destination should match ${NGINX_PORT} variable above.
    restart: unless-stopped
--- a/docker/PrivateBin/behind-proxy-with-db/compose.override.yml
+++ b/docker/PrivateBin/behind-proxy-with-db/compose.override.yml
@@ -0,0 +1,24 @@
 services:
    privatebin:
        labels:
        - "traefik.enable=true"
        ## HTTP Routers
        - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.entrypoints=https"
        - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.rule=Host(`${PRIVATEBIN_HOSTNAME}.$DOMAINNAME1`)"
        ## Middlewares
    #      - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.middlewares=chain-authelia@file"
        - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.middlewares=chain-no-auth@file"
        ## HTTP Services
        - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.service=${PRIVATEBIN_HOSTNAME}-svc"
        - "traefik.http.services.${PRIVATEBIN_HOSTNAME}-svc.loadbalancer.server.port=8080"
        depends_on:
            db:
                condition: service_healthy
        networks:
            - ${PRIVATEBINDB_NETWORk_ID}
    db:
        image: ${PRIVATEBINDB_IMAGE}:${PRIVATEBINDB_TAG}
        container_name: ${PRIVATEBINDB_CONTAINER_NAME}
        restart: ${PRIVATEBINDB_RESTART_POLICY}
        networks:
            - ${PRIVATEBINDB_NETWORk_ID}
--- a/docker/PrivateBin/behind-proxy-with-db/compose.yaml
+++ b/docker/PrivateBin/behind-proxy-with-db/compose.yaml
@@ -0,0 +1,10 @@
 name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
  - ../../compose/networks/${PRIVATEBINDB_NETWORk_ID}.yaml
 #################### SERVICES ####################
  - ../../compose/postgres.yaml
  - ../../compose/privatebin.yaml
--- a/docker/PrivateBin/behind-proxy-with-db/deploy.sh
+++ b/docker/PrivateBin/behind-proxy-with-db/deploy.sh
@@ -0,0 +1,5 @@
 docker compose \
 --env-file ../../env/privatebin-stack.env \
 --env-file ../../env/privatebin-db.env \
 --env-file ../../env/common.env \
 $1
--- a/docker/PrivateBin/behind-proxy/compose.override.yml
+++ b/docker/PrivateBin/behind-proxy/compose.override.yml
@@ -0,0 +1,13 @@
 services:
  privatebin:
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.entrypoints=https"
      - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.rule=Host(`${PRIVATEBIN_HOSTNAME}.$DOMAINNAME1`)"
      ## Middlewares
 #      - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.middlewares=chain-authelia@file"
      - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.${PRIVATEBIN_HOSTNAME}-rtr.service=${PRIVATEBIN_HOSTNAME}-svc"
      - "traefik.http.services.${PRIVATEBIN_HOSTNAME}-svc.loadbalancer.server.port=8080"
--- a/docker/PrivateBin/behind-proxy/compose.yaml
+++ b/docker/PrivateBin/behind-proxy/compose.yaml
@@ -0,0 +1,7 @@
 name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
 #################### SERVICES ####################
  - ../../compose/privatebin.yaml
--- a/docker/PrivateBin/behind-proxy/deploy.sh
+++ b/docker/PrivateBin/behind-proxy/deploy.sh
@@ -0,0 +1,4 @@
 docker compose \
 --env-file ../../env/privatebin-stack.env \
 --env-file ../../env/common.env \
 $1
--- a/docker/PrivateBin/compose.override.yml
+++ b/docker/PrivateBin/compose.override.yml
@@ -0,0 +1,4 @@
 services:
    privatebin:
        volumes:
            - ${DOCKERDIR}/private-bin/conf.php:/srv/cfg/conf.php:ro
--- a/docker/PrivateBin/compose.yaml
+++ b/docker/PrivateBin/compose.yaml
@@ -0,0 +1,7 @@
 name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
 #################### SERVICES ####################
  - ../../compose/privatebin.yaml
--- a/docker/PrivateBin/deploy.sh
+++ b/docker/PrivateBin/deploy.sh
@@ -0,0 +1,4 @@
 docker compose \
 --env-file ../env/privatebin-stack.env \
 --env-file ../env/common.env \
 $1
--- a/docker/PrivateBin/with-db/compose.override.yml
+++ b/docker/PrivateBin/with-db/compose.override.yml
@@ -0,0 +1,13 @@
 services:
    privatebin:
        volumes:
            - ${DOCKERDIR}/private-bin/conf.php:/srv/cfg/conf.php:ro
        depends_on:
            db:
                condition: service_healthy
    db:
        image: ${PRIVATEBINDB_IMAGE}:${PRIVATEBINDB_TAG}
        container_name: ${PRIVATEBINDB_CONTAINER_NAME}
        restart: ${PRIVATEBINDB_RESTART_POLICY}
        networks:
            - ${PRIVATEBIN_NETWORk_ID}
--- a/docker/PrivateBin/with-db/compose.yml
+++ b/docker/PrivateBin/with-db/compose.yml
@@ -0,0 +1,9 @@
 name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
  - ../../compose/networks/${PRIVATEBINDB_NETWORk_ID}.yaml
 #################### SERVICES ####################
  - ../../compose/postgres.yaml
  - ../../compose/privatebin.yaml
--- a/docker/PrivateBin/with-db/deploy.sh
+++ b/docker/PrivateBin/with-db/deploy.sh
@@ -0,0 +1,5 @@
 docker compose \
 --env-file ../../env/privatebin-stack.env \
 --env-file ../../env/privatebin-db.env \
 --env-file ../../env/common.env \
 $1
--- a/docker/YeetFile/behind-proxy-with-db/compose.override.yml
+++ b/docker/YeetFile/behind-proxy-with-db/compose.override.yml
@@ -0,0 +1,37 @@
 services:
    api:
        environment:
            YEETFILE_DB_HOST: db
            YEETFILE_DOMAIN: "${YEETFILE_HOSTNAME}.$DOMAINNAME1"
        labels:
        - "traefik.enable=true"
        ## HTTP Routers
        - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.entrypoints=https"
        - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.rule=Host(`${YEETFILE_HOSTNAME}.$DOMAINNAME1`)"
        ## Middlewares
    #             - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.middlewares=chain-authelia@file"
        - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.middlewares=chain-no-auth@file"
        ## HTTP Services
        - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.service=${YEETFILE_HOSTNAME}-svc"
        - "traefik.http.services.${YEETFILE_HOSTNAME}-svc.loadbalancer.server.port=8090"
        networks:            
         - ${YEETFILEDB_NETWORk_ID}
        depends_on:
            db:
                condition: service_healthy
    db:
        image: ${YEETFILEDB_IMAGE}:${YEETFILEDB_TAG}
        container_name: ${YEETFILEDB_CONTAINER_NAME}
        restart: ${YEETFILEDB_RESTART_POLICY}
        environment:
            POSTGRES_HOST_AUTH_METHOD: ${POSTGRES_HOST_AUTH_METHOD:-md5}
            POSTGRES_USER: ${YEETFILE_DB_USER:-postgres}
            POSTGRES_PASSWORD: ${YEETFILE_DB_PASS:-postgres}
            POSTGRES_DB: ${YEETFILE_DB_NAME:-yeetfile}
        expose:
        - 5432
        healthcheck:
         test: [ "CMD-SHELL", "pg_isready -U postgres" ]
         interval: 3s
        networks:            
            - ${YEETFILEDB_NETWORk_ID}
--- a/docker/YeetFile/behind-proxy-with-db/compose.yml
+++ b/docker/YeetFile/behind-proxy-with-db/compose.yml
@@ -0,0 +1,10 @@
 name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../../compose/networks/${YEETFILE_NETWORk_ID}.yaml  
  - ../../compose/networks/${YEETFILEDB_NETWORk_ID}.yaml  
 #################### SERVICES ####################
  - ../../compose/postgres.yaml
  - ../../compose/yeetfile.yaml
--- a/docker/YeetFile/behind-proxy-with-db/deploy.sh
+++ b/docker/YeetFile/behind-proxy-with-db/deploy.sh
@@ -0,0 +1,6 @@
 #docker create network -d brigde proxy
 #docker create network -d bridge backend
 docker compose --env-file ../../env/YeetFile-stack.env \
 --env-file ../../env/YeetFile-db.env \
 --env-file ../../env/YeetFile.env \
 --env-file ../../env/common.env $1
--- a/docker/YeetFile/behind-proxy/compose.override.yml
+++ b/docker/YeetFile/behind-proxy/compose.override.yml
@@ -0,0 +1,15 @@
 services:
  api:
    environment:
      YEETFILE_DOMAIN: "${YEETFILE_HOSTNAME}.$DOMAINNAME1"
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.entrypoints=https"
      - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.rule=Host(`${YEETFILE_HOSTNAME}.$DOMAINNAME1`)"
      ## Middlewares
 #             - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.middlewares=chain-authentik@file"
      - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.service=${YEETFILE_HOSTNAME}-svc"
      - "traefik.http.services.${YEETFILE_HOSTNAME}-svc.loadbalancer.server.port=8090"
--- a/docker/YeetFile/behind-proxy/compose.yml
+++ b/docker/YeetFile/behind-proxy/compose.yml
@@ -0,0 +1,7 @@
 name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../../compose/networks/${YEETFILE_NETWORk_ID}.yaml
 #################### SERVICES ####################
  - ../../compose/yeetfile.yaml
--- a/docker/YeetFile/behind-proxy/deploy.sh
+++ b/docker/YeetFile/behind-proxy/deploy.sh
@@ -0,0 +1,2 @@
 #docker create network -d brigde proxy
 docker compose --env-file ../../env/YeetFile-stack.env --env-file ../../env/common.env $1
--- a/docker/YeetFile/compose..override.yaml
+++ b/docker/YeetFile/compose..override.yaml
@@ -0,0 +1,18 @@
 services:
  api:
    image: ${YEETFILE_IMAGE}:${YEETFILE_TAG}
    container_name: ${YEETFILE_CONTAINER_NAME}
    restart: ${YEETFILE_RESTART_POLICY}
    security_opt:
      - no-new-privileges:true
    networks:
      - ${YEETFILE_NETWORk_ID}    
    ports:
      - 8090:${YEETFILE_PORT:-8090}    
    environment:
      UID: ${UID:-1000}
      GID: ${GID:-1000}
      TZ: ${TZ}
      YEETFILE_ALLOW_INSECURE_LINKS: 1
      YEETFILE_SERVER_SECRET: 2N1oTtwOHTyEbTFtz0yDLuzq3DhgjIWmSKw4gNcH8Vk=
--- a/docker/YeetFile/compose.yml
+++ b/docker/YeetFile/compose.yml
@@ -0,0 +1,7 @@
 name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../compose/networks/${YEETFILE_NETWORk_ID}.yaml
 #################### SERVICES ####################
  - ../compose/yeetfile.yaml
--- a/docker/YeetFile/deploy.sh
+++ b/docker/YeetFile/deploy.sh
@@ -0,0 +1,2 @@
 #docker create network -d bridge yeetfile
 docker compose --env-file ../env/YeetFile-stack.env --env-file ../env/common.env $1
--- a/docker/YeetFile/with-db/compose.override.yml
+++ b/docker/YeetFile/with-db/compose.override.yml
@@ -0,0 +1,21 @@
 services:
    api:
        environment:
            YEETFILE_ALLOW_INSECURE_LINKS: 1
            YEETFILE_DB_HOST: db
        depends_on:
            db:
              condition: service_healthy
    db:
        image: ${YEETFILEDB_IMAGE}:${YEETFILEDB_TAG}
        container_name: ${YEETFILEDB_CONTAINER_NAME}
        restart: ${YEETFILEDB_RESTART_POLICY}
        environment:
            POSTGRES_HOST_AUTH_METHOD: ${POSTGRES_HOST_AUTH_METHOD:-md5}
            POSTGRES_USER: ${YEETFILE_DB_USER:-postgres}
            POSTGRES_PASSWORD: ${YEETFILE_DB_PASS:-postgres}
            POSTGRES_DB: ${YEETFILE_DB_NAME:-yeetfile}
        expose:
        - 5432
        networks:
            - ${YEETFILE_NETWORk_ID}
--- a/docker/YeetFile/with-db/compose.yml
+++ b/docker/YeetFile/with-db/compose.yml
@@ -0,0 +1,9 @@
 name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
  - ../../compose/networks/${YEETFILE_NETWORk_ID}.yaml
 #################### SERVICES ####################
  - ../../compose/postgres.yaml
  - ../../compose/yeetfile.yaml
--- a/docker/YeetFile/with-db/deploy.sh
+++ b/docker/YeetFile/with-db/deploy.sh
@@ -0,0 +1,6 @@
 #docker create network -d bridge yeetfile
 #docker create network -d bridge backend
 docker compose --env-file ../../env/YeetFile-stack.env \
 --env-file ../../env/YeetFile.env \
 --env-file ../../env/YeetFile-db.env \
 --env-file ../../env/common.env $1
--- a/docker/compose/dc-socket-proxy.yml
+++ b/docker/compose/dc-socket-proxy.yml
@@ -1,45 +0,0 @@
 ########################### SERVICES
 services:
  # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
  socket-proxy:
    container_name: ${SOCKET_PROXY_CONTAINER_NAME}
    image: ${SOCKET_PROXY_IMAGE}:${SOCKET_PROXY_VERSION}
 #    image: ghcr.io/tecnativa/docker-socket-proxy:latest
    restart: ${SOCKET_PROXY_RESTART_POLICY}
    networks:
      socket_proxy:
        ipv4_address: ${SOCKET_PROXY_IP} 
    privileged: true
    ports:
    #  - "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line.
    # I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network.
     - "2375:2375"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    env_file:
    - path: ./socket-proxy.env
    #environment:
    #  - LOG_LEVEL=${LOG_LEVEL}
    #  - EVENTS=${EVENTS}
    #  - PING=${PING}
    #  - VERSION=${VERSION}
    #  - AUTH=${AUTH}
    #  - SECRETS=${SECRETS}
    #  - POST=${POST}
    #  - BUILD=${BUILD}
    #  - COMMIT=${COMMIT}
    #  - CONFIGS=${CONFIGS}
    #  - CONTAINERS=${CONTAINERS}
    #  - DISTRIBUTION=${DISTRIBUTION}
    #  - EXEC=${EXEC}
    #  - IMAGES=${IMAGES}
    #  - INFO=${INFO}
    #  - NETWORKS=${NETWORKS}
    #  - NODES=${NODES}
    #  - PLUGINS=${PLUGINS}
    #  - SERVICES=${SERVICES}
    #  - SESSION=${SESSION}
    #  - SWARM=${SWARM}
    #  - SYSTEM=${SYSTEM}
    #  - TASKS=${TASKS}
    #  - VOLUMES=${VOLUMES}
--- a/docker/compose/dc-traefik-bouncer.yml
+++ b/docker/compose/dc-traefik-bouncer.yml
@@ -1,16 +0,0 @@
 services:
  bouncer-traefik:
    image: ${BT_IMAGE}:${BT_VERSION}
    container_name: ${BT_CONTAINER_NAME}
    restart: ${BT_RESTART_POLICY}
    environment:
      CROWDSEC_BOUNCER_API_KEY: uT3zy+bBevD4kQkEuxGEMrjWnW1yjHjqOw+8AbxPJIQ # docker exec -t crowdsec cscli bouncers add traefik-bouncer
      CROWDSEC_AGENT_HOST: ${CROWDSEC_CONTAINER_NAME}:8080
    networks:
      - proxy
      #proxy:
        #ipv4_address: ${BT_IP} 
 #    depends_on:
 #      - crowdsec
    security_opt:
      - no-new-privileges:true
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gurulandia	de98a0d48d	Talteen	2025-03-05 10:47:20 +02:00
Gurulandia	bdf14f68e9	Add Homarr	2025-03-05 10:29:42 +02:00
Gurulandia	6e9e27110d	Traefik config	2025-03-05 10:00:59 +02:00
Gurulandia	9d0dd4bdcf	add tag to ferretdb image	2025-03-05 09:37:36 +02:00
Gurulandia	861007b3a2	docker-compose,yml -> compose.yml	2025-03-05 09:37:09 +02:00
Gurulandia	89278bfecf	Modified	2025-03-05 09:36:40 +02:00
Gurulandia	352ddeb5fd	Modify	2025-03-04 21:00:45 +02:00
Gurulandia	030c5d2025	Initial commit	2025-03-04 20:59:29 +02:00
Gurulandia	09db1a8d08	Initial commit	2025-03-04 20:58:17 +02:00
Gurulandia	ef2e780434	Add Technitum DNS	2025-03-04 20:50:41 +02:00
Gurulandia	947ab4f86e	Fix rule	2025-02-16 10:28:06 +02:00
Gurulandia	9245d8eacd	Added parameters	2025-02-16 10:20:57 +02:00
Gurulandia	212a3a1620	Clean files	2025-02-16 10:18:25 +02:00
Gurulandia	a5612d74c3	Initial komodo commit	2025-02-16 09:44:34 +02:00
Gurulandia	71033032a4	Initial commit	2025-02-16 09:44:10 +02:00
Gurulandia	2dcef3a1f9	Komodo initial commit	2025-02-16 09:43:02 +02:00
Gurulandia	216371ea59	Initial commit	2025-02-09 20:47:02 +02:00
Gurulandia	d291fa594b	Correct env files name	2025-02-09 19:24:11 +02:00
Gurulandia	a05c48c672	change filename	2025-02-09 19:23:46 +02:00
Gurulandia	b2dde87abe	moved to own file	2025-02-09 19:21:49 +02:00
Gurulandia	394ce1cbd4	edited	2025-02-09 19:21:02 +02:00
Gurulandia	60d7915697	dcc.sh > deploy.sh	2025-02-09 19:19:48 +02:00
Gurulandia	7f527a0522	file renamed	2025-02-09 19:18:54 +02:00
Gurulandia	b8374792f7	remove unnessesary network	2025-02-09 12:35:27 +02:00
Gurulandia	5721a522e0	dcc.sh -> deploy.sh	2025-02-09 12:34:07 +02:00
Gurulandia	c8f735d744	edited	2025-02-09 12:24:01 +02:00
Gurulandia	8ae69e9064	remove project name	2025-02-09 12:05:58 +02:00
Gurulandia	3498a980e2	add name	2025-02-09 12:05:31 +02:00
Gurulandia	12c19660ce	remove name:	2025-02-09 12:04:47 +02:00
Gurulandia	87c88a8896	added project name	2025-02-09 12:02:55 +02:00
Gurulandia	bc071e578b	dcc.sh -> deploy.sh	2025-02-09 12:02:15 +02:00
Gurulandia	fc1a7eb541	rename env file	2025-02-09 12:01:43 +02:00
Gurulandia	970343ca09	dcc.sh -> deploy.sh	2025-02-09 12:01:09 +02:00
Gurulandia	5c6f308acb	fix compose file paths	2025-02-09 11:53:50 +02:00
Gurulandia	c7878f2272	dcc.sh -> deploy.sh	2025-02-09 11:51:47 +02:00
Gurulandia	e2898362a9	dcc.sh .> deploy.sh	2025-02-09 11:48:05 +02:00
Gurulandia	d1c49c2f46	change env file named	2025-02-09 11:47:01 +02:00
Gurulandia	b0e18606e9	edited	2025-02-09 11:41:23 +02:00
Gurulandia	6534ab161c	dcc.sh -> deploy.sh	2025-02-09 11:35:11 +02:00
Gurulandia	59818aa530	version to tag	2025-02-09 00:41:24 +02:00
Gurulandia	d375b3a7f8	remove unnessary network	2025-02-09 00:38:39 +02:00
Gurulandia	0794706f54	edited	2025-02-09 00:33:42 +02:00
Gurulandia	93ab81eada	change to external network	2025-02-09 00:31:45 +02:00
Gurulandia	2ab0862005	edited	2025-02-09 00:31:07 +02:00
Gurulandia	fdb989c4ff	rename file	2025-02-09 00:29:01 +02:00
Gurulandia	8ceb7e1a76	yml to yaml	2025-02-08 19:24:55 +02:00
Gurulandia	fd56710785	update volume mount	2025-02-07 11:49:42 +02:00
Gurulandia	0c16b80908	flatnotes initial commit	2025-02-07 11:20:29 +02:00
Gurulandia	84f89dbab6	fix file tabulators	2025-02-07 11:12:24 +02:00
Gurulandia	a8cf3f1bba	fix file tabulators	2025-02-07 11:11:26 +02:00
Gurulandia	eb12831665	change exntension yml to yaml	2025-02-07 10:27:13 +02:00
Gurulandia	d128804d0d	updated config	2025-02-07 10:23:08 +02:00
Gurulandia	6c33922677	move healthcheck to container compose file	2025-02-07 10:20:56 +02:00
Gurulandia	3e5169cba5	Initial commit	2025-02-07 10:19:13 +02:00
Gurulandia	c3ee1fdcc9	initial commit	2025-02-07 09:06:19 +02:00
Gurulandia	80665236c3	initial commit	2025-02-07 09:05:30 +02:00
Gurulandia	b8b020c6ac	initial commit	2025-02-07 09:02:53 +02:00
Gurulandia	d53940d1d4	db tag change	2025-02-07 08:59:52 +02:00
Gurulandia	83aaa54e37	add depend_on section	2025-02-05 20:33:30 +02:00
Gurulandia	28a72d8c7a	added compose variables	2025-02-05 20:32:58 +02:00
Gurulandia	ee4230ac58	Move network to include	2025-02-05 20:32:19 +02:00
Gurulandia	ff55ea012d	Initial Commit	2025-02-05 20:29:47 +02:00
Gurulandia	b765a8100c	Initial version	2025-02-03 10:17:18 +02:00
Gurulandia	3d1c095b60	enable accecss log filter	2025-02-03 10:16:56 +02:00
Gurulandia	8d217a76c5	Add some configs	2025-02-03 10:16:10 +02:00
Gurulandia	d5ba06fb78	rename follder compose to services	2025-02-02 12:14:03 +02:00
Gurulandia	24a5f78fed	move ennvfile to folder env-files	2025-02-02 12:10:22 +02:00
Gurulandia	08be33883b	move env files to folder env-files	2025-02-02 12:08:59 +02:00
Gurulandia	04915ea822	Remove unnecessary rows	2025-02-02 12:04:05 +02:00
Gurulandia	0387f346f2	Modify labes	2025-02-02 12:02:09 +02:00
Gurulandia	1d5a717465	remove not needed rows for file	2025-02-02 12:01:49 +02:00
Gurulandia	d312a50508	Change version to tag	2025-02-02 12:00:01 +02:00
Gurulandia	1bf5da7cd1	Fixed Typos	2025-02-02 11:59:35 +02:00
Gurulandia	2f1a9f79b4	change version to tag	2025-02-02 10:03:51 +02:00
Gurulandia	e191599b80	Add Env Variables info	2025-02-02 10:02:51 +02:00
Gurulandia	43e4e1543b	Add Domain and certresolver	2025-02-02 09:32:22 +02:00
Gurulandia	52094a036d	Add entrypoint maildefaukt (567) and mailsecure (465)	2025-02-02 09:31:39 +02:00
Gurulandia	f8c826a07b	Add Traefik labels	2025-02-02 09:29:01 +02:00
Gurulandia	213de5466d	Fixed	2025-02-01 17:40:36 +02:00
Gurulandia	c46bbbc075	Initial commit	2025-02-01 17:40:16 +02:00
Gurulandia	4ca9647a43	New Files for Traefik Reverse Proxy	2025-02-01 15:45:53 +02:00
Gurulandia	e5f729372d	Changed	2025-02-01 15:44:48 +02:00
Gurulandia	3313d32aac	Initial	2025-02-01 15:44:18 +02:00
Gurulandia	c80d2496db	Cleaner file	2025-02-01 15:43:41 +02:00
Gurulandia	4548271145	Cleaner filers	2025-02-01 15:42:37 +02:00
Gurulandia	645d2fbbef	Add template file	2025-02-01 15:41:51 +02:00
Gurulandia	6d51f6bb55	Move CROWDSEC_COLLECTIONS env variable to env file	2025-02-01 15:40:48 +02:00
		`@@ -0,0 +1 @@`
							`gurulandia:{SHA}pZz64lzpzvjBTCNPWBokXW/7qD0=`
		`@@ -0,0 +1,2 @@`
							`#docker create network -d brigde proxy`
							`docker compose --env-file ../../env/YeetFile-stack.env --env-file ../../env/common.env $1`
		`@@ -0,0 +1,2 @@`
							`#docker create network -d bridge yeetfile`
							`docker compose --env-file ../env/YeetFile-stack.env --env-file ../env/common.env $1`