init

3 files changed, 81 insertions, 0 deletions

diff --git a/services/traefik/compose.yaml b/services/traefik/compose.yaml
new file mode 100644
index 0000000..504367c
--- /dev/null
+++ b/services/traefik/compose.yaml
@@ -0,0 +1,32 @@
+networks:
+  proxy:
+    external: true
+
+volumes:
+  acme:
+
+services:
+  traefik:
+    image: traefik
+    container_name: traefik
+    restart: always
+    environment:
+      CF_DNS_API_TOKEN:
+    networks:
+      - proxy
+    ports:
+      - 80:80
+      - 443:443
+    labels:
+      traefik.enable: true
+      traefik.http.routers.dashboard.rule: Host(`traefik.4d6178.work`)
+      traefik.http.routers.dashboard.service: api@internal
+      traefik.http.routers.dashboard.entrypoints: websecure
+      traefik.http.routers.dashboard.tls: true
+      traefik.http.routers.dashboard.tls.certresolver: le
+      traefik.http.routers.dashboard.middlewares: oidc-auth@file
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - acme:/acme
+      - /opt/traefik/traefik.yaml:/etc/traefik/traefik.yaml
+      - /opt/traefik/config.yaml:/etc/traefik/config.yaml
diff --git a/services/traefik/config.yaml b/services/traefik/config.yaml
new file mode 100644
index 0000000..1e7f78f
--- /dev/null
+++ b/services/traefik/config.yaml
@@ -0,0 +1,11 @@
+http:
+  middlewares: 
+    oidc-auth:
+      plugin:
+        traefik-oidc-auth:
+          Secret: ""
+          Provider:
+            Url: "https://id.4d6178.work"
+            ClientId:
+            ClientSecret:
+          Scopes: ["openid", "email", "profile"]
diff --git a/services/traefik/traefik.yaml b/services/traefik/traefik.yaml
new file mode 100644
index 0000000..dd1bbe6
--- /dev/null
+++ b/services/traefik/traefik.yaml
@@ -0,0 +1,38 @@
+entrypoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entrypoint:
+          to: websecure
+          scheme: https
+  websecure: 
+    address: ":443"
+
+providers:
+  docker:
+    exposedByDefault: false
+    network: proxy
+  file:
+    filename: /etc/traefik/config.yaml
+
+certificatesResolvers:
+  le:
+    acme:
+      dnschallenge:
+        provider: cloudflare
+        delaybeforecheck: 0 
+      email: max@bossi.ng
+      storage: /acme/acme.json
+
+api: 
+  dashboard: true
+
+log: 
+  level: DEBUG
+
+experimental:
+  plugins:
+    traefik-oidc-auth:
+      moduleName: "github.com/sevensolutions/traefik-oidc-auth"
+      version: "v0.13.0"