viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1156 commits 2 branches 0 tags 2.3 GiB
Commit graph

37 commits

Author SHA1 Message Date
Viktor Barzin
eef9d25874 [ci skip] Strip Authentik auth headers before forwarding to backend 
Add strip-auth-headers Traefik middleware that removes X-authentik-*
headers from requests before they reach the backend. Backends like
iDRAC and TP-Link gateway break when receiving these extra headers.
 2026-02-07 20:28:44 +00:00
Viktor Barzin
f01e92b1d9 [ci skip] Fix HTTPS backend proxying for reverse-proxy services 
- Add insecureSkipVerify=true globally for self-signed backend certs
- Name service ports with https- prefix for HTTPS backends so Traefik uses HTTPS
- Add ServersTransport CRD for per-service insecureSkipVerify
- Add serversscheme/serverstransport annotations to reverse-proxy factory
 2026-02-07 13:56:24 +00:00
Viktor Barzin
b36932f9a3 Migrate all service modules from nginx-ingress to Traefik 
- Remove nginx-specific ingress variables (use_proxy_protocol, proxy_timeout, additional_configuration_snippet)
- Update ingress annotations to use Traefik middleware CRDs
- Delete nginx-ingress module (replaced by traefik)
- Add new traefik middleware.tf for shared middleware definitions
- Update service modules to work with new ingress_factory interface
 2026-02-07 13:25:49 +00:00
Viktor Barzin
8601c26e63 add boilerplate for adding basic auth as fallback when authentik is down [ci skip] 2026-01-18 14:05:24 +00:00
Viktor Barzin
fb84affce6 disable auth-response-headers for idrac and gw ingresses as they cause errors on the upstream [ci skip] 2026-01-10 20:41:00 +00:00
Viktor Barzin
f1e9fb9afe add tier to all deployments [ci skip] 2026-01-10 16:28:14 +00:00
Viktor Barzin
cb42771a57 add some more headers when authenticating with authentik [ci skip] 2025-12-28 20:07:50 +00:00
Viktor Barzin
7afd3e758e add rybbit monitoring to ingresses [ci skip] 2025-12-18 08:53:19 +00:00
Viktor Barzin
0616f05ec1 disable protected mode on ingress for ha-london - rely on crowdsec[ci skip] 2025-11-09 19:25:15 +00:00
Viktor Barzin
95f6ea8ba4 remove authentik protection from ha-sofia because nativ apps cannot sign in [ci skip] 2025-10-18 19:03:34 +00:00
Viktor Barzin
9ce0a47a41 replace esxi ingress with proxmox [ci skip] 2025-10-08 20:33:11 +00:00
Viktor Barzin
7596d3e0ce remove server switch reverse proxy module as that was never used [ci skip] 2025-01-25 17:22:17 +00:00
Viktor Barzin
dffff2d831 pass fewer authentik headers to upstream [ci skip] 2024-12-24 10:57:21 +00:00
Viktor Barzin
7e39482649 [ci skip] 2024-12-23 18:22:10 +00:00
Viktor Barzin
1adf7a7c05 some leftover stuff [ci skip] 2024-12-15 18:13:37 +00:00
Viktor Barzin
b6d114ed20 add protected route to expose the led lights on the london pi [ci skip] 2024-11-30 23:05:23 +00:00
Viktor Barzin
72d780c26f replace oauth proxy with authentik auth [ci skip] 2024-11-18 22:06:31 +00:00
Viktor Barzin
08673ad94c readd not working headscale ui [ci skip] 2024-10-27 18:19:15 +00:00
Viktor Barzin
446d3f4e7a add truenas and pfsense widgets to homepage [ci skip] 2024-10-20 13:10:04 +00:00
Viktor Barzin
cf39034bdf add homepage module and some more integrations [ci skip] 2024-10-20 13:05:03 +00:00
Viktor Barzin
bc62373ae7 add some tls debugging for mailserver [ci skip] 2024-01-26 22:16:19 +00:00
Viktor Barzin
e65f05b3d3 add london.viktorbarzin.me -> london openwrt web page (protected) [ci skip] 2024-01-02 17:06:31 +00:00
Viktor Barzin
1156575f29 update valchedrym reversep proxy to use port 80 instead of the hack [ci skip] 2023-12-20 22:41:50 +00:00
Viktor Barzin
2425509b26 rename camera module in dashy [ci skip] 2023-12-16 20:17:01 +00:00
Viktor Barzin
33a85b1dd9 use external name for ip150 instead going through nginx bc the server is quite shit [ci skip] 2023-12-16 18:06:33 +00:00
Viktor Barzin
9e39d5e447 add proxy protocol and proxy timeout to reverse-proxy ingresses [ci skip] 2023-12-16 14:40:22 +00:00
Viktor Barzin
f868340fea add depends on in reverse proxy ns as too some modules get created before the ns [ci skip] 2023-12-15 15:04:15 +00:00
Viktor Barzin
1998e50b83 add home assistant london deployment to dashy [ci skip] 2023-12-15 01:13:22 +00:00
Viktor Barzin
b82746b276 add home assistant sofia deployment to dashy [ci skip] 2023-12-15 00:27:54 +00:00
Viktor Barzin
5a3e9ea76c add option to set max proxy body size in the reverse proxy factory [ci skip] 2023-12-02 21:36:23 +00:00
Viktor Barzin
9288a884e4 redirect users to external ip of oauth2 while doing the verification against the internal to avoid hairpinning [ci skip] 2023-11-12 16:08:32 +00:00
Viktor Barzin
9e5e6469ff set max body size to 50mb [ci skip] 2023-11-10 22:19:20 +00:00
Viktor Barzin
48b70e9ac2 do not do hairpin for oauth2 proxy redirects [ci skip] 2023-11-10 10:59:56 +00:00
Viktor Barzin
dd100a8e1a add another synology js file that is available when downloading files[ci skip] 2023-11-03 23:47:02 +00:00
Viktor Barzin
7d8110f41d add option to specify which ingresses are protected and also expose list of paths to allow [ci skip] 2023-11-03 23:27:12 +00:00
Viktor Barzin
d0438dcc7f connect to https port on idrac [ci skip] 2023-11-01 20:34:25 +00:00
Viktor Barzin
4e7752306d add reverse proxy with a bunch of internal sites exposed behind oauth; also update dashy [ci skip] 2023-11-01 13:27:25 +00:00