From 4ae1752f90d1090790b87a1f687878a9f53d45a7 Mon Sep 17 00:00:00 2001
From: Stefan Nilsson <s.nilsson@me.com>
Date: Wed, 2 Jul 2025 16:38:28 +0200
Subject: [PATCH] Added ssh for gitea

---
 conf.d/config.yaml |  4 +---
 conf.d/gitea.yaml  | 27 +++++++++++++++++++++++++--
 traefik.yaml       | 13 +++++--------
 3 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/conf.d/config.yaml b/conf.d/config.yaml
index fbf3805..e3b2cb1 100644
--- a/conf.d/config.yaml
+++ b/conf.d/config.yaml
@@ -4,12 +4,10 @@ http:
       rule: "Host(`hemlabb.uk`)"
       entrypoints:
         - websecure
-      service: "uptime-kuma@docker"
+      service: "kuma@docker"
       tls:
         certresolver: cloudflare
         domains:
           - main: "hemlabb.uk"
             sans:
               - "*.hemlabb.uk"
-
-
diff --git a/conf.d/gitea.yaml b/conf.d/gitea.yaml
index 905e8b4..97c60aa 100644
--- a/conf.d/gitea.yaml
+++ b/conf.d/gitea.yaml
@@ -1,12 +1,35 @@
+tcp:
+  routers:
+    gitea-ssh:
+      entryPoints:
+        - ssh
+      rule: "HostSNI(`*`)"
+      service: gitea-ssh
+
+  services:
+    gitea-ssh:
+      loadBalancer:
+        servers:
+          - address: "gitea.lab:22"
+
 http:
   routers:
     gitea:
       rule: "Host(`gitea.hemlabb.uk`)"
-      service: gitea
       entryPoints:
         - websecure
+      service: gitea
+      tls:
+        certResolver: cloudflare
+
   services:
     gitea:
       loadBalancer:
         servers:
-          - url: "https://gitea.lab:3000" # Replace with your service's address
\ No newline at end of file
+          - url: "http://gitea.lab:3000"
+
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
\ No newline at end of file
diff --git a/traefik.yaml b/traefik.yaml
index 86afe10..7356a73 100644
--- a/traefik.yaml
+++ b/traefik.yaml
@@ -17,7 +17,9 @@ entryPoints:
     address: ':443'
     http:
       tls:
-        certResolver: letsencrypt
+        certResolver: cloudflare
+  ssh:
+    address: ':2222'
   traefik:
     address: ':8080'
 
@@ -26,8 +28,8 @@ certificatesResolvers:
     acme:
       email: s.nilsson@me.com
       storage: /etc/traefik/ssl/acme.json
-      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
-      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
+      #caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
+      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
       dnsChallenge:
         provider: cloudflare
         #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
@@ -35,11 +37,6 @@ certificatesResolvers:
         resolvers:
           - "1.1.1.1:53"
           - "1.0.0.1:53"
-            #  letsencrypt:
-            #    acme:
-            #      email: "foo@bar.com"
-            #      storage: /etc/traefik/ssl/acme.json
-            #      tlsChallenge: {}
 
 api:
   dashboard: true