herindeling

traefik/dynamic/.bak/authentik.yml

@@ -0,0 +1,6 @@
+http:
+  services:
+    authentik:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.22:9000

traefik/dynamic/.bak/gitea.yml

@@ -0,0 +1,6 @@
+http:
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:3000

traefik/dynamic/.bak/hass.yml

@@ -0,0 +1,6 @@
+http:
+  services:
+    hass:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.54:8123

traefik/dynamic/.bak/searxng.yml

@@ -0,0 +1,6 @@
+http:
+  services:
+    searxng:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:4001

traefik/dynamic/_all.yml

@@ -0,0 +1,37 @@
+http:
+  routers:
+    gitea-https:
+      rule: Host("git.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: gitea
+      tls:
+        certResolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans:
+              - "*.japnet.nl"
+
+    hass-https:
+      rule: Host("hass.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: hass
+      tls:
+        certResolver: cf
+
+    searxng-https:
+      rule: Host("searxng.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file, searxng-ratelimit@file]
+      service: searxng
+      tls:
+        certResolver: cf
+
+    authentik-https:
+      rule: Host("auth.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: authentik
+      tls:
+        certResolver: cf

traefik/dynamic/_health.yml

@@ -0,0 +1,11 @@
+http:
+  routers:
+    ok:
+      rule: PathPrefix(`/traefik-ok`)
+      entryPoints: [web]
+      service: ok
+  services:
+    ok:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.22:8080

traefik/dynamic/_kees.yml

@@ -0,0 +1,103 @@
+http:
+  routers:
+    # --- Gitea ---
+    gitea-http:
+      rule: Host("git.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: gitea
+
+    gitea-https:
+      rule: Host("git.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: gitea
+      tls:
+        certresolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+    # --- Home Assistant ---
+    hass-http:
+      rule: Host("hass.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: hass
+
+    hass-https:
+      rule: Host("hass.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: hass
+      tls:
+        certResolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+    # --- SearXNG ---
+    searxng-http:
+      rule: Host("searxng.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: searxng
+      tls:
+        certresolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+    searxng-https:
+      rule: Host("searxng.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file, searxng-ratelimit@file]
+      service: searxng
+      tls:
+        certResolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+    # --- Authentik ---
+    authentik-http:
+      rule: Host("auth.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: authentik
+
+    authentik-https:
+      rule: Host("auth.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: authentik
+      tls:
+        certResolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:3000
+
+    hass:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.54:8123
+
+    searxng:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:4001
+
+    authentik:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.22:9000

traefik/dynamic/_old.yml

@@ -0,0 +1,103 @@
+http:
+  routers:
+    # --- Gitea ---
+    gitea-http:
+      rule: Host("git.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: gitea
+
+    gitea-https:
+      rule: Host("git.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: gitea
+      tls:
+        certresolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+    # --- Home Assistant ---
+    hass-http:
+      rule: Host("hass.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: hass
+
+    hass-https:
+      rule: Host("hass.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: hass
+      tls:
+        certResolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+    # --- SearXNG ---
+    searxng-http:
+      rule: Host("searxng.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: searxng
+      tls:
+        certresolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+    searxng-https:
+      rule: Host("searxng.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file, searxng-ratelimit@file]
+      service: searxng
+      tls:
+        certResolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+    # --- Authentik ---
+    authentik-http:
+      rule: Host("auth.japnet.nl")
+      entryPoints: [web]
+      middlewares: [https-redirect@file]
+      service: authentik
+
+    authentik-https:
+      rule: Host("auth.japnet.nl")
+      entryPoints: [websecure]
+      middlewares: [security@file]
+      service: authentik
+      tls:
+        certResolver: cf
+        domains:
+          - main: "japnet.nl"
+            sans: ["*.japnet.nl"]
+
+
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:3000
+
+    hass:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.54:8123
+
+    searxng:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:4001
+
+    authentik:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.22:9000

traefik/dynamic/https-redirect.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    https-redirect:
+      redirectScheme:
+        scheme: https
+        permanent: true

traefik/dynamic/middlewares/https-redirect.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    https-redirect:
+      redirectScheme:
+        scheme: https
+        permanent: true

traefik/dynamic/middlewares/ratelimit.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    searxng-ratelimit:
+      rateLimit:
+        average: 30
+        burst: 60

traefik/dynamic/middlewares/security.yml

@@ -0,0 +1,11 @@
+http:
+  middlewares:
+    security:
+      headers:
+        frameDeny: true
+        contentTypeNosniff: true
+        browserXssFilter: true
+        referrerPolicy: no-referrer-when-downgrade
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true

traefik/dynamic/routers/_all.yml

@@ -0,0 +1,21 @@
+http:
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:3000
+
+    hass:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.54:8123
+
+    searxng:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.45:4080
+
+    authentik:
+      loadBalancer:
+        servers:
+          - url: http://192.168.2.22:9000