Folder reorg if prep for using git runner

2026-01-10 21:25:19 -06:00 · 2026-01-10 21:25:19 -06:00 · 1a3749112d
commit 1a3749112d
parent 304e85e450
102 changed files with 833 additions and 244 deletions
--- a/swarm/stack/caddy/Caddyfile
+++ b/swarm/stack/caddy/Caddyfile
@ -0,0 +1,134 @@
+(authentik) {
+    route /outpost.goauthentik.io/* {
+        reverse_proxy http://authentik:9000
+    }
+
+    forward_auth http://authentik:9000 {
+        uri /outpost.goauthentik.io/auth/caddy
+        header_up X-Forwarded-Host {http.request.host}
+        header_up X-Forwarded-Proto {http.request.scheme}
+        header_up X-Forwarded-URI {http.request.uri}
+        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+    }
+}
+
+(authelia) {
+  forward_auth http://authelia:9091 {
+    uri /api/verify?rd=https://login.wasted-bandwidth.net/
+    copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+  }
+}
+
+
+
+
+(email-proxy) {
+    redir https://mail.netgrimoire.com/sogo 301
+}
+
+(mailcow-proxy) {
+    reverse_proxy nginx-mailcow:80
+}
+
+
+cloud.netgrimoire.com {
+    reverse_proxy http://nextcloud-aio-apache:11000
+}
+
+log.netgrimoire.com {
+    reverse_proxy http://graylog:9000
+}
+
+win.netgrimoire.com {
+    reverse_proxy http://192.168.5.12:8006
+}
+
+
+#jellyfin.netgrimoire.com {
+#    reverse_proxy http://jellyfin:8096
+#}
+
+docker.netgrimoire.com {
+    reverse_proxy http://portainer:9000
+}
+
+immich.netgrimoire.com {
+    reverse_proxy http://192.168.5.12:2283
+}
+
+npm.netgrimoire.com {
+    reverse_proxy http://librenms:8000
+}
+
+
+dozzle.netgrimoire.com {
+    import authentik
+    reverse_proxy http://192.168.4.72:8043
+}
+
+
+dns.netgrimoire.com {
+    import authentik
+    reverse_proxy http://192.168.5.7:5380
+}
+
+webtop.netgrimoire.com {
+    import authentik
+    reverse_proxy http://webtop:3000
+}
+
+
+jackett.netgrimoire.com {
+    import authentik
+    reverse_proxy http://gluetun:9117
+}
+
+transmission.netgrimoire.com {
+    import authentik
+    reverse_proxy http://gluetun:9091
+}
+
+stash.wasted-bandwidth.net  {
+    import authelia
+    reverse_proxy http://stash:9999
+}
+
+namer.wasted-bandwidth.net  {
+    import authelia
+    reverse_proxy http://namer:6980
+}
+
+fish.pncharris.com {
+    reverse_proxy http://web
+}
+
+www.wasted-bandwidth.net {
+    reverse_proxy http://web
+}
+
+scrutiny.netgrimoire.com  {
+    import authentik
+    reverse_proxy http://192.168.5.12:8081
+}
+
+
+
+
+mail.netgrimoire.com, autodiscover.netgrimoire.com, autoconfig.netgrimoire.com, \
+mail.wasted-bandwidth.net, autodiscover.wasted-bandwidth.net, autoconfig.wasted-bandwidth.net, \
+mail.gnarlypandaproductions.com, autodiscover.gnarlypandaproductions.com, autoconfig.gnarlypandaproductions.com, \
+mail.pncfishandmore.com, autodiscover.pncfishandmore.com, autoconfig.pncfishandmore.com, \
+mail.pncharrisenterprises.com, autodiscover.pncharrisenterprises.com, autoconfig.pncharrisenterprises.com, \
+mail.pncharris.com, autodiscover.pncharris.com, autoconfig.pncharris.com, \
+mail.florosafd.org, autodiscover.florosafd.org, autoconfig.florosafd.org {
+    import mailcow-proxy
+}
+
+
+
+
+
+
+
+
+
--- a/swarm/stack/caddy/caddy.sh
+++ b/swarm/stack/caddy/caddy.sh
@ -0,0 +1,4 @@
+# /bin/sh
+docker service rm caddy_caddy
+docker config rm caddy_caddy-basic-content
+docker stack deploy -c caddy.yaml caddy
--- a/swarm/stack/caddy/caddy.yaml
+++ b/swarm/stack/caddy/caddy.yaml
@ -0,0 +1,44 @@
+configs:
+  caddy-basic-content:
+    file: ./Caddyfile
+    labels:
+      caddy:
+
+services:
+  caddy:
+    image: lucaslorentz/caddy-docker-proxy:ci-alpine
+    #image: ghcr.io/serfriz/caddy-crowdsec:latest
+    #image: caddy-crowdsec
+    #image: git.netgrimoire.com/traveler/caddy-crowdsec
+    ports:
+      - 8900:80
+      - 443:443
+    environment:
+      - CADDY_INGRESS_NETWORKS=netgrimoire
+    networks:
+      - netgrimoire
+      - vpn
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /export/Docker/caddy/Caddyfile:/etc/caddy/Caddyfile
+      - /export/Docker/caddy:/data
+      - /export/Docker/caddy/logs:/var/log/caddy # Mount logs for CrowdSec
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://192.168.5.17:12201"
+        tag: "vikunja"
+    deploy:
+      placement:
+        constraints:
+          - node.hostname == nas
+    
+    # restart: unless-stopped
+
+networks:
+  netgrimoire:
+    external: true   
+  vpn:
+    external: true 
+
+