diff --git a/stacks/monitoring/modules/monitoring/grafana_chart_values.yaml b/stacks/monitoring/modules/monitoring/grafana_chart_values.yaml index 2bcd474e..50ae668b 100644 --- a/stacks/monitoring/modules/monitoring/grafana_chart_values.yaml +++ b/stacks/monitoring/modules/monitoring/grafana_chart_values.yaml @@ -32,7 +32,7 @@ ingress: enabled: "true" ingressClassName: "traefik" annotations: - traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" + traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" traefik.ingress.kubernetes.io/router.entrypoints: "websecure" gethomepage.dev/enabled: "true" gethomepage.dev/name: "Grafana" diff --git a/stacks/monitoring/modules/monitoring/prometheus_chart_values.tpl b/stacks/monitoring/modules/monitoring/prometheus_chart_values.tpl index f7bbe256..f2510951 100755 --- a/stacks/monitoring/modules/monitoring/prometheus_chart_values.tpl +++ b/stacks/monitoring/modules/monitoring/prometheus_chart_values.tpl @@ -15,7 +15,7 @@ alertmanager: enabled: true ingressClassName: "traefik" annotations: - traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" + traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" traefik.ingress.kubernetes.io/router.entrypoints: "websecure" gethomepage.dev/enabled: "true" gethomepage.dev/name: "Alertmanager" @@ -399,7 +399,7 @@ server: enabled: true ingressClassName: "traefik" annotations: - traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" + traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" traefik.ingress.kubernetes.io/router.entrypoints: "websecure" gethomepage.dev/enabled: "true" diff --git a/stacks/owntracks/main.tf b/stacks/owntracks/main.tf index b5c20645..d8d3627a 100644 --- a/stacks/owntracks/main.tf +++ b/stacks/owntracks/main.tf @@ -49,7 +49,7 @@ resource "kubernetes_namespace" "owntracks" { name = "owntracks" labels = { "istio-injection" : "disabled" - tier = local.tiers.aux + tier = local.tiers.aux "keel.sh/enrolled" = "true" } } @@ -249,7 +249,7 @@ module "ingress" { tls_secret_name = var.tls_secret_name port = 80 extra_annotations = { - "traefik.ingress.kubernetes.io/router.middlewares" = "owntracks-basic-auth@kubernetescrd,traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd" + "traefik.ingress.kubernetes.io/router.middlewares" = "owntracks-basic-auth@kubernetescrd,traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd" "gethomepage.dev/enabled" = "true" "gethomepage.dev/name" = "OwnTracks" "gethomepage.dev/description" = "Location tracking" diff --git a/stacks/reverse-proxy/modules/reverse_proxy/factory/main.tf b/stacks/reverse-proxy/modules/reverse_proxy/factory/main.tf index 850675d5..3ee18e8e 100644 --- a/stacks/reverse-proxy/modules/reverse_proxy/factory/main.tf +++ b/stacks/reverse-proxy/modules/reverse_proxy/factory/main.tf @@ -211,7 +211,6 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { "traefik-retry@kubernetescrd", var.skip_global_rate_limit ? null : "traefik-rate-limit@kubernetescrd", var.custom_content_security_policy == null ? "traefik-csp-headers@kubernetescrd" : null, - "traefik-crowdsec@kubernetescrd", var.protected ? "traefik-authentik-forward-auth@kubernetescrd" : null, var.strip_auth_headers ? "traefik-strip-auth-headers@kubernetescrd" : null, var.custom_content_security_policy != null ? "${var.namespace}-custom-csp-${var.name}@kubernetescrd" : null, diff --git a/stacks/reverse-proxy/modules/reverse_proxy/main.tf b/stacks/reverse-proxy/modules/reverse_proxy/main.tf index deb5a83b..b891139f 100644 --- a/stacks/reverse-proxy/modules/reverse_proxy/main.tf +++ b/stacks/reverse-proxy/modules/reverse_proxy/main.tf @@ -31,11 +31,11 @@ module "tls_secret" { # https://pfsense.viktorbarzin.me/ module "pfsense" { - source = "./factory" - dns_type = "proxied" - name = "pfsense" - external_name = "pfsense.viktorbarzin.lan" - tls_secret_name = var.tls_secret_name + source = "./factory" + dns_type = "proxied" + name = "pfsense" + external_name = "pfsense.viktorbarzin.lan" + tls_secret_name = var.tls_secret_name # webGUI moved to :8443 on 2026-06-10 — :443 on pfSense is now the # SNI-routed HAProxy frontend (hostname->Traefik, no-SNI->GUI). Direct # backend port avoids a Traefik->HAProxy->GUI double hop. @@ -163,7 +163,7 @@ module "docker-registry-ui" { depends_on = [kubernetes_namespace.reverse-proxy] extra_annotations = { # Override middleware chain to remove rate-limit; the UI fires many API calls to list repos/tags - "traefik.ingress.kubernetes.io/router.middlewares" = "traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" + "traefik.ingress.kubernetes.io/router.middlewares" = "traefik-csp-headers@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd" "gethomepage.dev/enabled" = "true" "gethomepage.dev/name" = "Docker Registry" "gethomepage.dev/description" = "Container registry"