viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1644 commits 2 branches 0 tags 2.3 GiB
Commit graph

41 commits

Author SHA1 Message Date
Viktor Barzin
e0ff08978d
[ci skip] add vibetunnel proxy 2026-02-13 18:20:50 +00:00
Viktor Barzin
220f4a18b7
[ci skip] Fix rewrite-body plugin corrupting compressed responses 
The packruler/rewrite-body plugin (used for rybbit analytics injection)
fails to decompress gzip responses with "flate: corrupt input before
offset 5", corrupting the response body. This broke HA Companion app's
external_auth flow and WebSocket connections on ha-sofia.

Fix: add a strip-accept-encoding middleware that removes Accept-Encoding
from requests when rybbit is active, forcing backends to send uncompressed
responses that the plugin can safely process.

Also add extra_middlewares variable to reverse_proxy factory for
extensibility.
 2026-02-11 21:40:11 +00:00
Viktor Barzin
6acf5ee300
[ci skip] Assorted pending changes: ollama API auth, nvidia dashboard, traefik rewrite-body plugin 
- ollama: Add basicAuth middleware for external API access
- monitoring: Update nvidia dashboard (add GPU memory per app panel, bump to v9)
- plotting-book: Switch to ancamilea/book-plotter:latest, add lifecycle ignore
- reverse_proxy/factory: Fix rybbit plugin name (rewritebody -> rewrite-body)
- traefik: Switch to packruler/rewrite-body plugin v1.2.0
 2026-02-10 21:29:54 +00:00
Viktor Barzin
b27e1ad9f1
Add Docker registry UI and tag cleanup automation 
Deploy joxit/docker-registry-ui on port 8080 for browsing images/tags.
Add Python script to prune old registry tags (keeps last N per image),
scheduled daily at 2am via cron. Expose UI via reverse proxy at
registry.viktorbarzin.me with Authentik auth.
 2026-02-07 22:38:15 +00:00
Viktor Barzin
a81e44dd82
[ci skip] Strip Authentik auth headers before forwarding to backend 
Add strip-auth-headers Traefik middleware that removes X-authentik-*
headers from requests before they reach the backend. Backends like
iDRAC and TP-Link gateway break when receiving these extra headers.
 2026-02-07 20:28:44 +00:00
Viktor Barzin
d4cf63dce9
[ci skip] Fix HTTPS backend proxying for reverse-proxy services 
- Add insecureSkipVerify=true globally for self-signed backend certs
- Name service ports with https- prefix for HTTPS backends so Traefik uses HTTPS
- Add ServersTransport CRD for per-service insecureSkipVerify
- Add serversscheme/serverstransport annotations to reverse-proxy factory
 2026-02-07 13:56:24 +00:00
Viktor Barzin
c32acc70e6
Migrate all service modules from nginx-ingress to Traefik 
- Remove nginx-specific ingress variables (use_proxy_protocol, proxy_timeout, additional_configuration_snippet)
- Update ingress annotations to use Traefik middleware CRDs
- Delete nginx-ingress module (replaced by traefik)
- Add new traefik middleware.tf for shared middleware definitions
- Update service modules to work with new ingress_factory interface
 2026-02-07 13:25:49 +00:00
Viktor Barzin
9aa7328b9b
add boilerplate for adding basic auth as fallback when authentik is down [ci skip] 2026-01-18 14:05:24 +00:00
Viktor Barzin
9f34337d04
disable auth-response-headers for idrac and gw ingresses as they cause errors on the upstream [ci skip] 2026-01-10 20:41:00 +00:00
Viktor Barzin
8abb8eddc0
add tier to all deployments [ci skip] 2026-01-10 16:28:14 +00:00
Viktor Barzin
cd3f7b9cd6
add some more headers when authenticating with authentik [ci skip] 2025-12-28 20:07:50 +00:00
Viktor Barzin
d51e0f7aaf
add rybbit monitoring to ingresses [ci skip] 2025-12-18 08:53:19 +00:00
Viktor Barzin
9fd11e97b7
disable protected mode on ingress for ha-london - rely on crowdsec[ci skip] 2025-11-09 19:25:15 +00:00
Viktor Barzin
0b472385a3
remove authentik protection from ha-sofia because nativ apps cannot sign in [ci skip] 2025-10-18 19:03:34 +00:00
Viktor Barzin
10a8c5096e
replace esxi ingress with proxmox [ci skip] 2025-10-08 20:33:11 +00:00
Viktor Barzin
04ccb13239
remove server switch reverse proxy module as that was never used [ci skip] 2025-01-25 17:22:17 +00:00
Viktor Barzin
067b29c900
pass fewer authentik headers to upstream [ci skip] 2024-12-24 10:57:21 +00:00
Viktor Barzin
f439f5b281
[ci skip] 2024-12-23 18:22:10 +00:00
Viktor Barzin
390d985dad some leftover stuff [ci skip] 2024-12-15 18:13:37 +00:00
Viktor Barzin
eb94e378c6
add protected route to expose the led lights on the london pi [ci skip] 2024-11-30 23:05:23 +00:00
Viktor Barzin
185a944acd
replace oauth proxy with authentik auth [ci skip] 2024-11-18 22:06:31 +00:00
Viktor Barzin
2279477661
readd not working headscale ui [ci skip] 2024-10-27 18:19:15 +00:00
Viktor Barzin
0481ac84bc
add truenas and pfsense widgets to homepage [ci skip] 2024-10-20 13:10:04 +00:00
Viktor Barzin
64f81621c8 add homepage module and some more integrations [ci skip] 2024-10-20 13:05:03 +00:00
Viktor Barzin
0d1c9c850b
add some tls debugging for mailserver [ci skip] 2024-01-26 22:16:19 +00:00
Viktor Barzin
172a9dbfd8
add london.viktorbarzin.me -> london openwrt web page (protected) [ci skip] 2024-01-02 17:06:31 +00:00
Viktor Barzin
c7deaa06dc
update valchedrym reversep proxy to use port 80 instead of the hack [ci skip] 2023-12-20 22:41:50 +00:00
Viktor Barzin
4ff5a6fc8b
rename camera module in dashy [ci skip] 2023-12-16 20:17:01 +00:00
Viktor Barzin
e1f00b43d9
use external name for ip150 instead going through nginx bc the server is quite shit [ci skip] 2023-12-16 18:06:33 +00:00
Viktor Barzin
73d293d1ba
add proxy protocol and proxy timeout to reverse-proxy ingresses [ci skip] 2023-12-16 14:40:22 +00:00
Viktor Barzin
cc26c84653
add depends on in reverse proxy ns as too some modules get created before the ns [ci skip] 2023-12-15 15:04:15 +00:00
Viktor Barzin
11f2a3a00a
add home assistant london deployment to dashy [ci skip] 2023-12-15 01:13:22 +00:00
Viktor Barzin
be638c62b7
add home assistant sofia deployment to dashy [ci skip] 2023-12-15 00:27:54 +00:00
Viktor Barzin
b620d3c018
add option to set max proxy body size in the reverse proxy factory [ci skip] 2023-12-02 21:36:23 +00:00
Viktor Barzin
5206aa7438
redirect users to external ip of oauth2 while doing the verification against the internal to avoid hairpinning [ci skip] 2023-11-12 16:08:32 +00:00
Viktor Barzin
9ef1b97f83
set max body size to 50mb [ci skip] 2023-11-10 22:19:20 +00:00
Viktor Barzin
e02be21cdf
do not do hairpin for oauth2 proxy redirects [ci skip] 2023-11-10 10:59:56 +00:00
Viktor Barzin
5bd6abe963
add another synology js file that is available when downloading files[ci skip] 2023-11-03 23:47:02 +00:00
Viktor Barzin
3f809e946a
add option to specify which ingresses are protected and also expose list of paths to allow [ci skip] 2023-11-03 23:27:12 +00:00
Viktor Barzin
c4c3554e55
connect to https port on idrac [ci skip] 2023-11-01 20:34:25 +00:00
Viktor Barzin
a373ee0a8c
add reverse proxy with a bunch of internal sites exposed behind oauth; also update dashy [ci skip] 2023-11-01 13:27:25 +00:00