viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1527 commits 2 branches 0 tags 2.3 GiB
Commit graph

18 commits

Author SHA1 Message Date
Viktor Barzin
6acf5ee300
[ci skip] Assorted pending changes: ollama API auth, nvidia dashboard, traefik rewrite-body plugin 
- ollama: Add basicAuth middleware for external API access
- monitoring: Update nvidia dashboard (add GPU memory per app panel, bump to v9)
- plotting-book: Switch to ancamilea/book-plotter:latest, add lifecycle ignore
- reverse_proxy/factory: Fix rybbit plugin name (rewritebody -> rewrite-body)
- traefik: Switch to packruler/rewrite-body plugin v1.2.0
 2026-02-10 21:29:54 +00:00
Viktor Barzin
a81e44dd82
[ci skip] Strip Authentik auth headers before forwarding to backend 
Add strip-auth-headers Traefik middleware that removes X-authentik-*
headers from requests before they reach the backend. Backends like
iDRAC and TP-Link gateway break when receiving these extra headers.
 2026-02-07 20:28:44 +00:00
Viktor Barzin
d4cf63dce9
[ci skip] Fix HTTPS backend proxying for reverse-proxy services 
- Add insecureSkipVerify=true globally for self-signed backend certs
- Name service ports with https- prefix for HTTPS backends so Traefik uses HTTPS
- Add ServersTransport CRD for per-service insecureSkipVerify
- Add serversscheme/serverstransport annotations to reverse-proxy factory
 2026-02-07 13:56:24 +00:00
Viktor Barzin
c32acc70e6
Migrate all service modules from nginx-ingress to Traefik 
- Remove nginx-specific ingress variables (use_proxy_protocol, proxy_timeout, additional_configuration_snippet)
- Update ingress annotations to use Traefik middleware CRDs
- Delete nginx-ingress module (replaced by traefik)
- Add new traefik middleware.tf for shared middleware definitions
- Update service modules to work with new ingress_factory interface
 2026-02-07 13:25:49 +00:00
Viktor Barzin
9aa7328b9b
add boilerplate for adding basic auth as fallback when authentik is down [ci skip] 2026-01-18 14:05:24 +00:00
Viktor Barzin
8abb8eddc0
add tier to all deployments [ci skip] 2026-01-10 16:28:14 +00:00
Viktor Barzin
cd3f7b9cd6
add some more headers when authenticating with authentik [ci skip] 2025-12-28 20:07:50 +00:00
Viktor Barzin
d51e0f7aaf
add rybbit monitoring to ingresses [ci skip] 2025-12-18 08:53:19 +00:00
Viktor Barzin
067b29c900
pass fewer authentik headers to upstream [ci skip] 2024-12-24 10:57:21 +00:00
Viktor Barzin
185a944acd
replace oauth proxy with authentik auth [ci skip] 2024-11-18 22:06:31 +00:00
Viktor Barzin
64f81621c8 add homepage module and some more integrations [ci skip] 2024-10-20 13:05:03 +00:00
Viktor Barzin
73d293d1ba
add proxy protocol and proxy timeout to reverse-proxy ingresses [ci skip] 2023-12-16 14:40:22 +00:00
Viktor Barzin
b620d3c018
add option to set max proxy body size in the reverse proxy factory [ci skip] 2023-12-02 21:36:23 +00:00
Viktor Barzin
5206aa7438
redirect users to external ip of oauth2 while doing the verification against the internal to avoid hairpinning [ci skip] 2023-11-12 16:08:32 +00:00
Viktor Barzin
9ef1b97f83
set max body size to 50mb [ci skip] 2023-11-10 22:19:20 +00:00
Viktor Barzin
e02be21cdf
do not do hairpin for oauth2 proxy redirects [ci skip] 2023-11-10 10:59:56 +00:00
Viktor Barzin
3f809e946a
add option to specify which ingresses are protected and also expose list of paths to allow [ci skip] 2023-11-03 23:27:12 +00:00
Viktor Barzin
a373ee0a8c
add reverse proxy with a bunch of internal sites exposed behind oauth; also update dashy [ci skip] 2023-11-01 13:27:25 +00:00