re-enable traefik
This commit is contained in:
mjallen18
@@ -3,7 +3,7 @@
|
||||
imports = [
|
||||
./apps/actual
|
||||
./apps/arrs
|
||||
# ./apps/crowdsec
|
||||
./apps/crowdsec
|
||||
./apps/gitea
|
||||
./apps/jellyfin
|
||||
./apps/jellyseerr
|
||||
|
||||
@@ -85,6 +85,15 @@ in
|
||||
api.dashboard = true;
|
||||
# Access the Traefik dashboard on <Traefik IP>:8080 of your server
|
||||
api.insecure = true;
|
||||
|
||||
experimental = {
|
||||
plugins = {
|
||||
bouncer = {
|
||||
moduleName = "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin";
|
||||
version = "v1.4.2";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
dynamicConfigOptions = {
|
||||
@@ -115,6 +124,17 @@ in
|
||||
X-Forwarded-Proto = "https";
|
||||
};
|
||||
};
|
||||
crowdsec = {
|
||||
plugin = {
|
||||
bouncer = {
|
||||
crowdsecAppsecEnabled = true;
|
||||
crowdsecAppsecHost = "10.0.1.18:7422";
|
||||
crowdsecAppsecFailureBlock = true;
|
||||
crowdsecAppsecUnreachableBlock = true;
|
||||
crowdsecLapiKey = "1daH89qmJ41r2Lpd9hvDw4sxtOAtBzaj3aKFOFqE";
|
||||
};
|
||||
};
|
||||
};
|
||||
# test-errors = {
|
||||
# errors = {
|
||||
# status = [
|
||||
@@ -196,6 +216,7 @@ in
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
|
||||
service = "auth";
|
||||
middlewares = [ "crowdsec" ];
|
||||
priority = 15;
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
@@ -203,50 +224,56 @@ in
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`authentik.${domain}`)";
|
||||
service = "authentik";
|
||||
middlewares = [ "crowdsec" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
onlyoffice = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`office.${domain}`)";
|
||||
service = "onlyoffice";
|
||||
middlewares = "onlyoffice-websocket";
|
||||
middlewares = [ "crowdsec" "onlyoffice-websocket" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
cloud = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`cloud.${domain}`)";
|
||||
service = "cloud";
|
||||
middlewares = [ "crowdsec" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
jellyfin = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`jellyfin.${domain}`)";
|
||||
service = "jellyfin";
|
||||
middlewares = [ "crowdsec" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
jellyseerr = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`jellyseerr.${domain}`)";
|
||||
service = "jellyseerr";
|
||||
middlewares = [ "crowdsec" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
gitea = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`gitea.${domain}`)";
|
||||
service = "gitea";
|
||||
middlewares = [ "crowdsec" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
actual = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`actual.${domain}`)";
|
||||
service = "actual";
|
||||
middlewares = [ "crowdsec" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
hass = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`hass.${domain}`)";
|
||||
service = "hass";
|
||||
middlewares = "authentik";
|
||||
middlewares = [ "crowdsec" "authentik" ];
|
||||
priority = 10;
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
@@ -262,7 +289,7 @@ in
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`cache.${domain}`)";
|
||||
service = "cache";
|
||||
middlewares = "authentik";
|
||||
middlewares = [ "crowdsec" "authentik" ];
|
||||
priority = 10;
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
|
||||
@@ -46,6 +46,12 @@
|
||||
group = "crowdsec";
|
||||
mode = "u=rwx,g=rwx,o=rx";
|
||||
}
|
||||
{
|
||||
directory = "/plugins-storage";
|
||||
user = "traefik";
|
||||
group = "traefik";
|
||||
mode = "u=rwx,g=rwx,o=rx";
|
||||
}
|
||||
];
|
||||
files = [
|
||||
"/var/cache-priv-key.pem"
|
||||
|
||||
@@ -17,6 +17,7 @@ let
|
||||
4080 # netbootxyz
|
||||
3000 # gitea
|
||||
3300
|
||||
9898
|
||||
];
|
||||
in
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user