testing pangolin

2025-05-10 12:46:47 -05:00
parent c3a885ad1a
commit 5b5bd1ba87
13 changed files with 44 additions and 902 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,13 @@
+#GLOBAL SETTINGS
+COMPOSE_HTTP_TIMEOUT=120
+COMPOSE_IGNORE_ORPHANS=1
+DOCKER_CONFIGS=.
+DOCKERGID=999
+DOCKERHOSTNAME=ReverseProxy
+DOCKERLOGGING_MAXFILE=10
+DOCKERLOGGING_MAXSIZE=200k
+SERVERIP=192.168.1.4
+PGID=1000
+PUID=1000
+UMASK=000
+TZ=America/Chicago
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*.db
+*.sqlite
+acme.json
--- a/authentik/.env
+++ b/authentik/.env
@@ -1,18 +0,0 @@
-TZ=America/Chicago
-
-POSTGRES_PASSWORD=nu8Vohx1ot1eesoono5teshu6bohn9eiteich6Bu
-AUTHENTIK_SECRET_KEY=7kIHbomK9MV4lEvObyOGGvzF222eLZ1RC6fKn28EDEIB4iF8kC
-
-# SMTP Host Emails are sent to
-AUTHENTIK_EMAIL__HOST=smtp.gmail.com
-AUTHENTIK_EMAIL__PORT=587
-# Optionally authenticate (don't add quotation marks to your password)
-AUTHENTIK_EMAIL__USERNAME=akanealw@gmail.com
-AUTHENTIK_EMAIL__PASSWORD=nhwdzlpwzjjzwchx
-# Use StartTLS
-AUTHENTIK_EMAIL__USE_TLS=true
-# Use SSL
-AUTHENTIK_EMAIL__USE_SSL=false
-AUTHENTIK_EMAIL__TIMEOUT=10
-# Email address authentik will send from, should have a correct @domain
-AUTHENTIK_EMAIL__FROM=akanealw@gmail.com
--- a/authentik/compose.yml
+++ b/authentik/compose.yml
@@ -1,108 +0,0 @@
-services:
-  authentik-server:
-    image: ghcr.io/goauthentik/server:2025.2.2
-    container_name: authentik-server
-    command: server
-    environment:
-      - AUTHENTIK_REDIS__HOST=authentik-redis
-      - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
-      - AUTHENTIK_POSTGRESQL__USER=authentik
-      - AUTHENTIK_POSTGRESQL__NAME=authentik
-      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
-      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
-      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
-      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
-      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
-      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
-      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
-      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
-      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
-    ports:
-      - 9000:9000
-      - 9443:9443
-    networks:
-      - reverseproxy
-      - authentik
-    volumes:
-      - ./media:/media
-      - ./custom-templates:/templates
-    depends_on:
-      - authentik-postgres
-      - authentik-redis
-    restart: unless-stopped
-
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:2025.2.2
-    container_name: authentik-worker
-    command: worker
-    environment:
-      - AUTHENTIK_REDIS__HOST=authentik-redis
-      - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
-      - AUTHENTIK_POSTGRESQL__USER=authentik
-      - AUTHENTIK_POSTGRESQL__NAME=authentik
-      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
-      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
-      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
-      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
-      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
-      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
-      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
-      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
-      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
-    networks:
-      - reverseproxy
-      - authentik
-    user: root
-    volumes:
-      - /run/docker.sock:/run/docker.sock
-      - ./media:/media
-      - ./certs:/certs
-      - ./custom-templates:/templates
-    depends_on:
-      - authentik-postgres
-      - authentik-redis
-    restart: unless-stopped
-
-  authentik-redis:
-    image: docker.io/library/redis:7.4.2
-    container_name: authentik-redis
-    command: --save 60 1 --loglevel warning
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    networks:
-      - authentik
-    volumes:
-      - ./redis:/data
-    restart: unless-stopped
-
-  authentik-postgres:
-    image: docker.io/library/postgres:17.4
-    container_name: authentik-postgres
-    environment:
-      - POSTGRES_USER=authentik
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB=authentik
-      - TZ=${TZ}
-    healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -U "authentik"']
-      start_period: 30s
-      interval: 10s
-      timeout: 10s
-      retries: 5
-    networks:
-        - authentik
-    volumes:
-      - ./postgres:/var/lib/postgresql/data
-    restart: unless-stopped
-  
-networks:
-  authentik:
-    name: authentik
-  reverseproxy:
-    external: true
--- a/caddy/.env
+++ b/caddy/.env
@@ -1 +0,0 @@
-CROWDSEC_API_KEY=GIWtpt78Iogley5euk7caGt0RwxAclgW
--- a/caddy/Dockerfile
+++ b/caddy/Dockerfile
@@ -1,16 +0,0 @@
-ARG CADDY_VERSION=2
-
-FROM caddy:${CADDY_VERSION}-builder-alpine AS builder
-
-RUN xcaddy build \
-    --with github.com/caddy-dns/cloudflare \
-    --with github.com/mholt/caddy-l4 \
-    --with github.com/caddyserver/transform-encoder \
-    --with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
-    --with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
-
-FROM caddy:${CADDY_VERSION} AS caddy
-
-WORKDIR /
-
-COPY --from=builder /usr/bin/caddy /usr/bin/caddy
--- a/caddy/compose.yml
+++ b/caddy/compose.yml
@@ -1,48 +0,0 @@
-services:
-  caddy:
-    build:
-      context: ./
-      target: caddy
-    container_name: caddy
-    security_opt:
-      - no-new-privileges=true
-    environment:
-      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
-    networks:
-      - reverseproxy
-    ports:
-      - "80:80"
-      - "443:443"
-    restart: unless-stopped
-    volumes:
-      - ./data:/data
-      - ./config:/config
-      - ./logs:/var/log/caddy
-      - ./etc-caddy:/etc/caddy
-
-  crowdsec:
-    image: docker.io/crowdsecurity/crowdsec:latest
-    container_name: crowdsec
-    security_opt:
-      - no-new-privileges=true
-    environment:
-      - GID=1000
-      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
-      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
-    networks:
-      - reverseproxy
-    restart: unless-stopped
-    volumes:
-      - ./crowdsec-db:/var/lib/crowdsec/data/
-      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
-      - ./logs:/var/log/caddy:ro
-
-  whoami:
-    image: traefik/whoami
-    container_name: whoami
-    networks:
-      - reverseproxy
-
-networks:
-  reverseproxy:
-    external: true
--- a/caddy/crowdsec/acquis.yaml
+++ b/caddy/crowdsec/acquis.yaml
@@ -1,4 +0,0 @@
-filenames:
-  - /var/log/caddy/*.log
-labels:
-  type: caddy
--- a/caddy/etc-caddy/Caddyfile
+++ b/caddy/etc-caddy/Caddyfile
@@ -1,95 +0,0 @@
-# --------------------------------------------------
-# global options
-# --------------------------------------------------
-{
-	acme_ca https://acme-v02.api.letsencrypt.org/directory
-#	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
-
-	admin :2019
-	log {
-		output file /var/log/caddy/caddy.log
-		level info
-	}
-
-	servers {
-		trusted_proxies static private_ranges
-	}
-
-    crowdsec {
-        api_url http://crowdsec:8080
-        api_key {$CROWDSEC_API_KEY}
-    }
-}
-
-# --------------------------------------------------
-# cloudflare tls snippet for sites
-# --------------------------------------------------
-
-(cloudflare) {
-	tls {
-		dns cloudflare BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
-		resolvers 1.1.1.1 1.0.0.1
-	}
-}
-
-# --------------------------------------------------
-# auth snippet for authentik
-# --------------------------------------------------
-
-(auth) {
-        reverse_proxy /outpost.goauthentik.io/* authentik-server:9000
-
-        forward_auth authentik-server:9000 {
-                uri /outpost.goauthentik.io/auth/caddy
-                copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
-        }
-}
-
-# --------------------------------------------------
-# akanealw.com root domain
-# --------------------------------------------------
-
-akanealw.com {
-	import cloudflare
-	@akanealwcom host akanealw.com
-	handle @akanealwcom {
-		import auth
-		reverse_proxy 192.168.1.4:3005
-	}
-}
-
-# --------------------------------------------------
-# authentik subdomain
-# --------------------------------------------------
-
-authentik.akanealw.com {
-	import cloudflare
-	reverse_proxy authentik-server:9000
-}
-
-# --------------------------------------------------
-# *.akanealw.com subdomains
-# --------------------------------------------------
-
-import *.caddy
-
-# --------------------------------------------------
-# aknlw.com root domain
-# --------------------------------------------------
-
-aknlw.com {
-	import cloudflare
-	@shlink host aknlw.com
-	handle @shlink {
-		reverse_proxy 192.168.1.30:8380
-	}
-}
-
-# --------------------------------------------------
-# *.aknlw.com subdomains
-# --------------------------------------------------
-
-repo.aknlw.com {
-	import cloudflare
-	reverse_proxy 192.168.1.50:3000
-}
--- a/caddy/etc-caddy/akanealw-subdomains.caddy
+++ b/caddy/etc-caddy/akanealw-subdomains.caddy
@@ -1,612 +0,0 @@
-*.akanealw.com {
-
-	# --------------------------------------------------
-	# external subdomains without authelia
-	#
-	#
-	#        @ host .akanealw.com
-	#        handle @ {
-	#                reverse_proxy 192.168.1.
-	#        }
-	#
-	#
-	#       @ host .akanealw.com
-	#       handle @ {
-    #               reverse_proxy https://192.168.1. {
-    #                   transport http {
-    #                       tls_insecure_skip_verify
-    #                       }
-    #                   }
-    #       }
-    #
-    #
-	# --------------------------------------------------
-    
-	@internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
-	@external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
-	import cloudflare
-
-
-	@bitwarden host bitwarden.akanealw.com
-	handle @bitwarden {
-		reverse_proxy 192.168.1.4:8089
-	}
-
-	@giteadocker host gitea-docker.akanealw.com
-	handle @giteadocker {
-		reverse_proxy 192.168.1.4:3001
-	}
-
-	@gitea host gitea.akanealw.com
-	handle @gitea {
-		reverse_proxy 192.168.1.50:3000
-	}
-
-	@jellyfin host jellyfin.akanealw.com
-	handle @jellyfin {
-		reverse_proxy 192.168.1.42:8096
-	}
-
-	@headscale host headscale.akanealw.com
-	handle @headscale {
-		reverse_proxy 192.168.1.95:8888
-	}
-
-	# --------------------------------------------------
-	# external subdomains with authelia
-	#
-	#
-	#       @ host .akanealw.com
-	#       handle @ {
-	#               import auth
-	#               reverse_proxy 192.168.1.
-	#       }
-	#        
-	#       @ host .akanealw.com
-	#       handle @ {
-	#				import auth
-    #               reverse_proxy https://192.168.1. {
-    #                   transport http {
-    #                       tls_insecure_skip_verify
-    #                       }
-    #                   }
-    #       		}
-    #
-	#
-	# --------------------------------------------------
-
-	@docmost host docmost.akanealw.com
-	handle @docmost {
-		import auth
-		reverse_proxy 192.168.1.4:3300
-	}
-
-	@memos host memos.akanealw.com
-	handle @memos {
-		import auth
-		reverse_proxy 192.168.1.4:5230
-	}
-
-	@whoami host whoami.akanealw.com
-	handle @whoami {
-		import auth
-		reverse_proxy localhost:80
-	}
-
-	@wallos host wallos.akanealw.com
-	handle @wallos {
-		import auth
-		reverse_proxy 192.168.1.4:8389
-	}
-
-	@homepage host www.akanealw.com
-	handle @homepage {
-		import auth
-		reverse_proxy 192.168.1.4:3005
-	}
-
-	@filebrowser host filebrowser.akanealw.com
-	@bypass {
-			path /share/*
-			path /static/*
-			path /api/public/*
-			}
-	handle @filebrowser {
-			handle @bypass {
-				reverse_proxy 192.168.1.30:8484
-			}
-		import auth
-		reverse_proxy 192.168.1.30:8484
-	}
-
-
-
-
-
-
-	@archive host archive.akanealw.com
-	handle @archive {
-		import auth
-		reverse_proxy 192.168.1.30:8283
-	}
-
-	@archivebox host archivebox.akanealw.com
-	handle @archivebox {
-		import auth
-		reverse_proxy 192.168.1.30:8283
-	}
-
-	@codeserver host codeserver.akanealw.com
-	handle @codeserver {
-		import auth
-		reverse_proxy 192.168.1.50:3001
-	}
-
-	@freshrss host freshrss.akanealw.com
-	handle @freshrss {
-		import auth
-		reverse_proxy 192.168.1.30:8088
-	}
-
-	@jackett host jackett.akanealw.com
-	handle @jackett {
-		import auth
-		reverse_proxy 192.168.1.30:9117
-	}
-
-	@jdownloader host jdownloader.akanealw.com
-	handle @jdownloader {
-		import auth
-		reverse_proxy 192.168.1.30:5800
-	}
-
-	@jellyseerr host jellyseerr.akanealw.com
-	handle @jellyseerr {
-		import auth
-		reverse_proxy 192.168.1.30:5056
-	}
-
-	@kavita host kavita.akanealw.com
-	handle @kavita {
-		import auth
-		reverse_proxy 192.168.1.30:5002
-	}
-
-	@lidarr host lidarr.akanealw.com
-	handle @lidarr {
-		import auth
-		reverse_proxy 192.168.1.30:8686
-	}
-
-	@metube host metube.akanealw.com
-	handle @metube {
-		import auth
-		reverse_proxy 192.168.1.30:8082
-	}
-
-	@mstream host mstream.akanealw.com
-	handle @mstream {
-		import auth
-		reverse_proxy 192.168.1.30:3001
-	}
-
-	@nzbhydra host nzbhydra.akanealw.com
-	handle @nzbhydra {
-		import auth
-		reverse_proxy 192.168.1.30:5076
-	}
-
-	@olivetin host olivetin.akanealw.com
-	handle @olivetin {
-		import auth
-		reverse_proxy 192.168.1.30:1337
-	}
-
-	@opengist host opengist.akanealw.com
-	handle @opengist {
-		import auth
-		reverse_proxy 192.168.1.4:6157
-	}
-
-	@paperless host paperless.akanealw.com
-	handle @paperless {
-		import auth
-		reverse_proxy 192.168.1.30:8112
-	}
-
-	@prowlarr host prowlarr.akanealw.com
-	handle @prowlarr {
-		import auth
-		reverse_proxy 192.168.1.30:9696
-	}
-
-	@qbittorrent host qbittorrent.akanealw.com
-	handle @qbittorrent {
-		import auth
-		reverse_proxy 192.168.1.30:8282
-	}
-
-	@radarr host radarr.akanealw.com
-	handle @radarr {
-		import auth
-		reverse_proxy 192.168.1.30:7878
-	}
-
-	@sabnzbd host sabnzbd.akanealw.com
-	handle @sabnzbd {
-		import auth
-		reverse_proxy 192.168.1.30:8181
-	}
-
-	@shlinkweb host shlink.akanealw.com
-	handle @shlinkweb {
-		import auth
-		reverse_proxy 192.168.1.30:8381
-	}
-
-	@sonarr host sonarr.akanealw.com
-	handle @sonarr {
-		import auth
-		reverse_proxy 192.168.1.30:8989
-	}
-
-	@spdf host spdf.akanealw.com
-	handle @spdf {
-		import auth
-		reverse_proxy 192.168.1.30:8086
-	}
-
-	@ittools host it-tools.akanealw.com
-	handle @ittools {
-		import auth
-		reverse_proxy 192.168.1.30:8383
-	}
-
-	@wikidocs host wiki.akanealw.com
-	handle @wikidocs {
-		import auth
-		reverse_proxy 192.168.1.30:8022
-	}
-
-
-	# --------------------------------------------------
-	# internal only subdomains
-	#
-	#
-	#        @ host .akanealw.com
-	#        handle @ {
-	#                        handle @internal {
-	#                                reverse_proxy 192.168.1.
-	#                }
-	#                respond "ip range not allowed"
-	#        }
-	#
-	#
-	#       @ host .akanealw.com
-	#       handle @ {
-	#                       handle @internal {
-	#                               reverse_proxy https://192.168.1. {
-	#                                        transport http {
-	#                                                tls_insecure_skip_verify
-	#                                        }
-	#                               }
-	#               }
-	#               respond "ip range not allowed"
-	#       }
-	#
-	#
-	# --------------------------------------------------
-
-	@checkmk host checkmk.akanealw.com
-	handle @checkmk {
-		handle @internal {
-			reverse_proxy 192.168.1.4:8888
-		}
-		respond "ip range not allowed"
-	}
-
-	@linkwarden host linkwarden.akanealw.com
-	handle @linkwarden {
-		handle @internal {
-			reverse_proxy 192.168.1.4:3232
-		}
-		respond "ip range not allowed"
-	}
-
-	@adguardhome host adguardhome.akanealw.com
-	handle @adguardhome {
-		handle @internal {
-			reverse_proxy 192.168.1.1:3000
-		}
-		respond "ip range not allowed"
-	}
-
-	@adguard1 host adguardserver1.akanealw.com
-	handle @adguard1 {
-		handle @internal {
-			reverse_proxy 192.168.1.2:80
-		}
-		respond "ip range not allowed"
-	}
-
-	@adguard2 host adguardserver2.akanealw.com
-	handle @adguard2 {
-		handle @internal {
-			reverse_proxy 192.168.1.3:80
-		}
-		respond "ip range not allowed"
-	}
-
-	@bale host bale.akanealw.com
-	handle @bale {
-		handle @internal {
-			reverse_proxy 192.168.1.51:8080
-		}
-		respond "ip range not allowed"
-	}
-
-	@cronicle host cronicle.akanealw.com
-	handle @cronicle {
-		handle @internal {
-			reverse_proxy 192.168.1.30:3012
-		}
-		respond "ip range not allowed"
-	}
-
-	@devdockge host dev-dockge.akanealw.com
-	handle @devdockge {
-		handle @internal {
-			reverse_proxy 192.168.1.35:5001
-		}
-		respond "ip range not allowed"
-	}
-
-	@devdozzle host dev-dozzle.akanealw.com
-	handle @devdozzle {
-		handle @internal {
-			reverse_proxy 192.168.1.35:8080
-		}
-		respond "ip range not allowed"
-	}
-
-	@dockerdockge host dockerserver-dockge.akanealw.com
-	handle @dockerdockge {
-		handle @internal {
-			reverse_proxy 192.168.1.30:5001
-		}
-		respond "ip range not allowed"
-	}
-
-	@dockerdozzle host dockerserver-dozzle.akanealw.com
-	handle @dockerdozzle {
-		handle @internal {
-			reverse_proxy 192.168.1.30:8080
-		}
-		respond "ip range not allowed"
-	}
-
-	@dockertestdockge host dockerservertest-dockge.akanealw.com
-	handle @dockertestdockge {
-		handle @internal {
-			reverse_proxy 192.168.1.33:5001
-		}
-		respond "ip range not allowed"
-	}
-
-	@dockertestdozzle host dockerservertest-dozzle.akanealw.com
-	handle @dockertestdozzle {
-		handle @internal {
-			reverse_proxy 192.168.1.33:8080
-		}
-		respond "ip range not allowed"
-	}
-
-	@proxyserverdockge host proxyserver-dockge.akanealw.com
-	handle @proxyserverdockge {
-		handle @internal {
-			reverse_proxy 192.168.1.4:5001
-		}
-		respond "ip range not allowed"
-	}
-
-	@proxyserverdozzle host proxyserver-dozzle.akanealw.com
-	handle @proxyserverdozzle {
-		handle @internal {
-			reverse_proxy 192.168.1.4:8080
-		}
-		respond "ip range not allowed"
-	}
-
-	@files host files.akanealw.com
-	handle @files {
-		handle @internal {
-			redir / /files{uri}
-			reverse_proxy 192.168.1.50:80
-		}
-		respond "ip range not allowed"
-	}
-
-	@icons host icons.akanealw.com
-	handle @icons {
-		handle @internal {
-			rewrite * /files/icons{uri}
-			reverse_proxy 192.168.1.50:80
-		}
-		respond "ip range not allowed"
-	}
-
-	@peanut host peanut.akanealw.com
-	handle @peanut {
-		handle @internal {
-			reverse_proxy 192.168.1.30:8980
-		}
-		respond "ip range not allowed"
-	}
-
-	@photoprism host photoprism.akanealw.com
-	handle @photoprism {
-		handle @internal {
-			reverse_proxy 192.168.1.30:2342
-		}
-		respond "ip range not allowed"
-	}
-
-	@photoprismdadandmom host photos.akanealw.com
-	handle @photoprismdadandmom {
-		handle @internal {
-			reverse_proxy 192.168.1.25:2342
-		}
-		respond "ip range not allowed"
-	}
-
-	@proxmox1 host proxmox1.akanealw.com
-	handle @proxmox1 {
-		handle @internal {
-			reverse_proxy https://192.168.1.51:8006 {
-				transport http {
-					tls_insecure_skip_verify
-				}
-			}
-		}
-		respond "ip range not allowed"
-	}
-
-	@proxmox2 host proxmox2.akanealw.com
-	handle @proxmox2 {
-		handle @internal {
-			reverse_proxy https://192.168.1.52:8006 {
-				transport http {
-					tls_insecure_skip_verify
-				}
-			}
-		}
-		respond "ip range not allowed"
-	}
-
-	@proxmoxbackup host proxmoxbackup.akanealw.com
-	handle @proxmoxbackup {
-		handle @internal {
-			reverse_proxy https://192.168.1.51:8007 {
-				transport http {
-					tls_insecure_skip_verify
-				}
-			}
-		}
-		respond "ip range not allowed"
-	}
-
-	@router host router.akanealw.com
-	handle @router {
-		handle @internal {
-			reverse_proxy http://192.168.1.1:80
-		}
-		respond "ip range not allowed"
-	}
-
-	@rssbridge host rss-bridge.akanealw.com
-	handle @rssbridge {
-		handle @internal {
-			reverse_proxy 192.168.1.30:3006
-		}
-		respond "ip range not allowed"
-	}
-
-	@invidious host invidious.akanealw.com
-	handle @invidious {
-		handle @internal {
-			reverse_proxy 192.168.1.30:3000
-		}
-		respond "ip range not allowed"
-	}
-
-	@scripts host scripts.akanealw.com
-	handle @scripts {
-		handle @internal {
-			redir / /scripts{uri}
-			reverse_proxy 192.168.1.50:80
-		}
-		respond "ip range not allowed"
-	}
-
-	@speedtest host speedtest.akanealw.com
-	handle @speedtest {
-		handle @internal {
-			reverse_proxy 192.168.1.30:8765
-		}
-		respond "ip range not allowed"
-	}
-
-	@dockersyncthing host dockerserver-syncthing.akanealw.com
-	handle @dockersyncthing {
-		handle @internal {
-			reverse_proxy https://192.168.1.30:8384 {
-				transport http {
-					tls_insecure_skip_verify
-				}
-			}
-		}
-		respond "ip range not allowed"
-	}
-
-	@gamingpcsyncthing host gamingpc-syncthing.akanealw.com
-	handle @gamingpcsyncthing {
-		handle @internal {
-			reverse_proxy https://192.168.1.11:8384 {
-				transport http {
-					tls_insecure_skip_verify
-				}
-			}
-		}
-		respond "ip range not allowed"
-	}
-
-	@laptoppcsyncthing host laptoppc-syncthing.akanealw.com
-	handle @laptoppcsyncthing {
-		handle @internal {
-			reverse_proxy https://192.168.1.12:8384 {
-				transport http {
-					tls_insecure_skip_verify
-				}
-			}
-		}
-		respond "ip range not allowed"
-	}
-
-	@webmin host webmin.akanealw.com
-	handle @webmin {
-		handle @internal {
-			reverse_proxy https://192.168.1.51:10000 {
-				transport http {
-					tls_insecure_skip_verify
-				}
-			}
-		}
-		respond "ip range not allowed"
-	}
-
-	@wireguardui host wireguardui.akanealw.com
-	handle @wireguardui {
-		handle @internal {
-			reverse_proxy 192.168.1.4:5000
-		}
-		respond "ip range not allowed"
-	}
-
-	@zabbix host zabbix.akanealw.com
-	handle @zabbix {
-		handle @internal {
-			reverse_proxy 192.168.1.44:8080
-		}
-		respond "ip range not allowed"
-	}
-
-	@piholewg host pihole-wg.akanealw.com
-	handle @piholewg {
-		handle @internal {
-			redir / /admin{uri}
-			reverse_proxy 192.168.1.4:3000
-		}
-		respond "ip range not allowed"
-	}
-
-}
--- a/filebrowser/compose.yml
+++ b/filebrowser/compose.yml
@@ -0,0 +1,19 @@
+services:
+  filebrowser:
+    container_name: filebrowser
+    image: filebrowser/filebrowser:latest
+    networks:
+      - reverse-proxy
+    ports:
+      - 8484:80
+    restart: always
+    volumes:
+      - ${DOCKER_CONFIGS}/config/filebrowser.db:/database/filebrowser.db
+      - ${DOCKER_CONFIGS}/config/.filebrowser.json:/.filebrowser.json
+      - ${DOCKER_CONFIGS}/files:/srv
+      - ${STORAGE_DIR}:/storage
+
+networks:
+  reverse-proxy:
+    name: reverse-proxy
+    external: true
--- a/filebrowser/config/.filebrowser.json
+++ b/filebrowser/config/.filebrowser.json
@@ -0,0 +1,8 @@
+{
+    "port": 80,
+    "baseURL": "/",
+    "address": "",
+    "log": "stdout",
+    "database": "/database/filebrowser.db",
+    "root": "/storage"
+  }
--- a/1
+++ b/1
				`@@ -1 +0,0 @@`
				`CROWDSEC_API_KEY=GIWtpt78Iogley5euk7caGt0RwxAclgW`