update

dmz/internalproxy/templates/gitea.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+spec:
+  ports:
+    - name: app
+      port: 3000
+      protocol: TCP
+      targetPort: 3000
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: gitea
+subsets:
+  - addresses:
+      - ip: 192.168.20.200
+    ports:
+      - name: app
+        port: 3000
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`gitea.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: gitea
+          port: 3000
+          scheme: http
+  tls:
+    secretName: gitea-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-tls
+spec:
+  secretName: gitea-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "gitea.durp.info"
+  dnsNames:
+    - "gitea.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: gitea-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: gitea.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

dmz/internalproxy/templates/kasm.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kasm
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: kasm
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: kasm-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`kasm.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: kasm
+          port: 443
+          scheme: https
+  tls:
+    secretName: kasm-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kasm-tls
+spec:
+  secretName: kasm-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "kasm.durp.info"
+  dnsNames:
+    - "kasm.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: kasm-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: kasm.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

dmz/internalproxy/templates/nexus.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nexus
+spec:
+  ports:
+  - name: app
+    port: 8081
+    protocol: TCP
+    targetPort: 8081
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: nexus
+subsets:
+- addresses:
+  - ip: 192.168.20.200
+  ports:
+  - name: app
+    port: 8081
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nexus-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`nexus.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: nexus
+      port: 8081
+  tls:
+    secretName: nexus-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nexus-tls
+spec:
+  secretName: nexus-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "nexus.durp.info"
+  dnsNames:
+  - "nexus.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: nexus-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: nexus.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

dmz/internalproxy/templates/ollama.yaml

@@ -1,101 +1,102 @@
-#apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1beta1
-#kind: ExternalSecret
+kind: ExternalSecret
-#metadata:
+metadata:
-#  name: ollama-secret
+  name: ollama-secret
-#spec:
+spec:
-#  secretStoreRef:
+  secretStoreRef:
-#    name: vault
+    name: vault
-#    kind: ClusterSecretStore
+    kind: ClusterSecretStore
-#  target:
+  target:
-#    name: ollama-secret
+    name: ollama-secret
-#  data:
+  data:
-#    - secretKey: users
+    - secretKey: users
-#      remoteRef:
+      remoteRef:
-#        key: secrets/internalproxy/ollama
+        key: secrets/internalproxy/ollama
-#        property: users
+        property: users
-#
+
-#---
+---
-#
+
-#apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.containo.us/v1alpha1
-#kind: Middleware
+kind: Middleware
-#metadata:
+metadata:
-#  name: ollama-basic-auth
+  name: ollama-basic-auth
-#spec:
+spec:
-#  basicAuth:
+  basicAuth:
-#    secret: ollama-secret
+    headerField: x-api-key
-#
+    secret: ollama-secret
-#---
+
-#
+---
-#apiVersion: v1
+
-#kind: Service
+apiVersion: v1
-#metadata:
+kind: Service
-#  name: ollama
+metadata:
-#spec:
+  name: ollama
-#  ports:
+spec:
-#    - name: app
+  ports:
-#      port: 11435
+    - name: app
-#      protocol: TCP
+      port: 11435
-#      targetPort: 11435
+      protocol: TCP
-#  clusterIP: None
+      targetPort: 11435
-#  type: ClusterIP
+  clusterIP: None
-#
+  type: ClusterIP
-#---
+
-#
+---
-#apiVersion: v1
+
-#kind: Endpoints
+apiVersion: v1
-#metadata:
+kind: Endpoints
-#  name: ollama
+metadata:
-#subsets:
+  name: ollama
-#  - addresses:
+subsets:
-#      - ip: 192.168.20.104
+  - addresses:
-#    ports:
+      - ip: 192.168.20.104
-#      - name: app
+    ports:
-#        port: 11435
+      - name: app
-#        protocol: TCP
+        port: 11435
-#
+        protocol: TCP
-#---
+
-#
+---
-#apiVersion: traefik.containo.us/v1alpha1
+
-#kind: IngressRoute
+apiVersion: traefik.containo.us/v1alpha1
-#metadata:
+kind: IngressRoute
-#  name: ollama-ingress
+metadata:
-#spec:
+  name: ollama-ingress
-#  entryPoints:
+spec:
-#    - websecure
+  entryPoints:
-#  routes:
+    - websecure
-#    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
+  routes:
-#      middlewares:
+    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
-#        - name: ollama-basic-auth
+      middlewares:
-#      kind: Rule
+        - name: ollama-basic-auth
-#      services:
+      kind: Rule
-#        - name: ollama
+      services:
-#          port: 11435
+        - name: ollama
-#  tls:
+          port: 11435
-#    secretName: ollama-tls
+  tls:
-#
+    secretName: ollama-tls
-#---
+
-#
+---
-#apiVersion: cert-manager.io/v1
+
-#kind: Certificate
+apiVersion: cert-manager.io/v1
-#metadata:
+kind: Certificate
-#  name: ollama-tls
+metadata:
-#spec:
+  name: ollama-tls
-#  secretName: ollama-tls
+spec:
-#  issuerRef:
+  secretName: ollama-tls
-#    name: letsencrypt-production
+  issuerRef:
-#    kind: ClusterIssuer
+    name: letsencrypt-production
-#  commonName: "ollama.durp.info"
+    kind: ClusterIssuer
-#  dnsNames:
+  commonName: "ollama.durp.info"
-#    - "ollama.durp.info"
+  dnsNames:
-#
+    - "ollama.durp.info"
-#---
+
-#
+---
-#kind: Service
+
-#apiVersion: v1
+kind: Service
-#metadata:
+apiVersion: v1
-#  name: ollama-external-dns
+metadata:
-#  annotations:
+  name: ollama-external-dns
-#    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
+  annotations:
-#spec:
+    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
-#  type: ExternalName
+spec:
-#  externalName: durp.info
+  type: ExternalName
+  externalName: durp.info

dmz/internalproxy/templates/plex.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex
+spec:
+  ports:
+    - name: app
+      port: 32400
+      protocol: TCP
+      targetPort: 32400
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: plex
+subsets:
+  - addresses:
+      - ip: 192.168.20.200
+    ports:
+      - name: app
+        port: 32400
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: plex-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`plex.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: plex
+          port: 32400
+          scheme: https
+  tls:
+    secretName: plex-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: plex-tls
+spec:
+  secretName: plex-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "plex.durp.info"
+  dnsNames:
+    - "plex.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: plex-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: plex.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

dmz/internalproxy/templates/redlib.yaml

@@ -0,0 +1,68 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redlib
+spec:
+  ports:
+  - name: app
+    port: 8082
+    protocol: TCP
+    targetPort: 8082
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: redlib
+subsets:
+- addresses:
+  - ip: 192.168.20.200
+  ports:
+  - name: app
+    port: 8082
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: redlib-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`redlib.durp.info`) && PathPrefix(`/`)
+    middlewares:
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: redlib
+      port: 8082
+  - match: Host(`redlib.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+    kind: Rule
+    services:
+    - name: ak-outpost-authentik-embedded-outpost
+      namespace: authentik
+      port: 9000
+  tls:
+    secretName: redlib-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: redlib-tls
+spec:
+  secretName: redlib-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "redlib.durp.info"
+  dnsNames:
+  - "redlib.durp.info"  

dmz/internalproxy/templates/registry.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry
+spec:
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+    targetPort: 5000
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: registry
+subsets:
+- addresses:
+  - ip: 192.168.20.200
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: registry-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`registry.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: registry
+      port: 5000
+  tls:
+    secretName: registry-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: registry-tls
+spec:
+  secretName: registry-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "registry.durp.info"
+  dnsNames:
+  - "registry.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: registry-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: registry.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

dmz/internalproxy/templates/smokeping.yaml

@@ -0,0 +1,82 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: smokeping
+spec:
+  ports:
+  - name: app
+    port: 81
+    protocol: TCP
+    targetPort: 81
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: smokeping
+subsets:
+- addresses:
+  - ip: 192.168.20.200
+  ports:
+  - name: app
+    port: 81
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: smokeping-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`smokeping.durp.info`) && PathPrefix(`/`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: smokeping
+      port: 81
+  - match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+    kind: Rule
+    services:
+    - name: ak-outpost-authentik-embedded-outpost
+      namespace: authentik
+      port: 9000
+  tls:
+    secretName: smokeping-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: smokeping-tls
+spec:
+  secretName: smokeping-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "smokeping.durp.info"
+  dnsNames:
+  - "smokeping.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: smokeping-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

dmz/internalproxy/templates/speedtest.yaml

@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: speedtest
+spec:
+  ports:
+  - name: app
+    port: 6580
+    protocol: TCP
+    targetPort: 6580
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: speedtest
+subsets:
+- addresses:
+  - ip: 192.168.20.200
+  ports:
+  - name: app
+    port: 6580
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: speedtest-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`speedtest.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    middlewares:
+    - name: authentik-proxy-provider
+      namespace: traefik 
+    services:
+    - name: speedtest
+      port: 6580
+  tls:
+    secretName: speedtest-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: speedtest-tls
+spec:
+  secretName: speedtest-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "speedtest.durp.info"
+  dnsNames:
+  - "speedtest.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: speedtest-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info