first commit

2025-07-02 10:57:48 +08:00 · 2025-06-24 15:00:31 +08:00 · 2025-06-24 15:00:31 +08:00 · 149e02a10d
commit 149e02a10d
72 changed files with 3442 additions and 0 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@ -0,0 +1,106 @@
+## Global Options ##
+
+{
+	acme_dns cloudflare {env.CF_API_TOKEN}
+	auto_https prefer_wildcard
+	email mail@fern.garden
+}
+
+## Snippets ##
+
+(internal) {
+	@denied not remote_ip private_ranges
+	abort @denied
+}
+
+(authentik) {
+        reverse_proxy authentik_proxy:9000
+}
+
+## Root Hosts ##
+
+*.fern.garden {
+	redir https://fern.garden
+}
+
+*.ferngarden.net {
+	import internal
+	redir https://ferngarden.net
+}
+
+*.transgender.pet {
+	redir https://transgender.pet
+}
+
+fern.garden {
+	route {
+		reverse_proxy /.well-known/matrix/* https://matrix.fern.garden {
+			header_up Host {upstream_hostport}
+		}
+		root * /srv/fern.garden
+		file_server
+	}
+}
+
+ferngarden.net {
+	import internal
+	respond / "nothing here :(" 404
+}
+
+transgender.pet {
+	file_server
+	root * /srv/transgender.pet
+}
+
+## Proxmox ##
+
+spoonbill.ferngarden.net {
+	import internal
+	reverse_proxy 10.0.1.2:8006 {
+		transport http {
+			tls_insecure_skip_verify
+		}
+	}
+}
+
+egret.ferngarden.net {
+	import internal
+	reverse_proxy 10.0.1.3:8006 {
+		transport http {
+			tls_insecure_skip_verify
+		}
+	}
+}
+
+pdm.ferngarden.net {
+	import internal
+	reverse_proxy 10.0.1.120:8443 {
+		transport http {
+			tls_insecure_skip_verify
+		}
+	}
+}
+
+pbs.ferngarden.net {
+	import internal
+	reverse_proxy 10.0.1.121:8007 {
+		transport http {
+			tls_insecure_skip_verify
+		}
+	}
+}
+
+## VMs/Containers ##
+
+dns.ferngarden.net {
+	import internal
+	reverse_proxy 10.0.1.111:5380
+}
+
+ffsync.fern.garden {
+	reverse_proxy 10.0.1.102:8000
+}
+
+home.fern.garden {
+	reverse_proxy 10.0.1.103:8123
+}
--- a/caddy/Dockerfile
+++ b/caddy/Dockerfile
@ -0,0 +1,16 @@
+ARG CADDY_VERSION=2.10.0
+FROM caddy:${CADDY_VERSION}-builder AS builder
+
+RUN xcaddy build \
+    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
+    --with github.com/caddy-dns/cloudflare \
+    --with github.com/caddyserver/caddy/v2/modules/standard \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/http \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/layer4 \
+    --with github.com/hslatman/caddy-crowdsec-bouncer/appsec
+
+FROM caddy:${CADDY_VERSION}-alpine
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+
+CMD ["caddy", "docker-proxy"]
--- a/caddy/README.md
+++ b/caddy/README.md
@ -0,0 +1,3 @@
+# Compose file for caddy
+## Environment Variables
+- CF_API_TOKEN - token for CloudFlare DNS challenge
--- a/caddy/compose.yaml
+++ b/caddy/compose.yaml
@ -0,0 +1,34 @@
+services:
+  caddy:
+    image: git.fern.garden/fern/caddy:latest
+    container_name: caddy
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+      - 443:443/udp
+    networks:
+      - default
+      - proxy
+      - traefik
+    environment:
+      - CADDY_INGRESS_NETWORKS=proxy
+      - CF_API_TOKEN=${CF_API_TOKEN}
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
+      - CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - /srv:/srv
+      - caddy_data:/data
+
+volumes:
+  caddy_data:
+    name: caddy_data
+
+networks:
+  default:
+  proxy:
+    external: true
+  traefik:
+    external: true