clean up base infra

infra/compose/traefik/compose.yaml

@@ -1,39 +0,0 @@
-# FILE: infra/compose/traefik/compose.yaml
-# there is another traefik instance in the infra used by the application.
-# Current instance used for company services on the dev environment.
-# TODO: Unify the two traefik instances.
----
-services:
-  traefik:
-    image: docker.io/library/traefik:v3.5.1
-    container_name: traefik
-    ports:
-      - 80:80
-      - 443:443
-      # --> (Optional) Enable Dashboard, don't do in production
-      # - 8080:8080
-      # <--
-    volumes:
-      - /run/docker.sock:/run/docker.sock:ro
-      - ./config/:/etc/traefik/:ro
-      - ./certs/:/var/traefik/certs/:rw
-    environment:
-      - CF_DNS_API_TOKEN=your-cloudflare-api-token # <-- Change this to your Cloudflare API Token
-    env_file:
-      - ./.provider.env # contains the GoDaddy API Key and Secret
-    networks:
-      - frontend
-    restart: unless-stopped
-    labels:
-      - traefik.enable=true
-      - traefik.http.middlewares.basicauth.basicauth.users=admin:$2y$05$/B2hjJGytCjjMK4Rah1/aeJofBrzqEnAVoZCMKKwetS9mgmck.MVS
-      - traefik.http.routers.traefik.rule=Host(`traefik.harkon.co.uk`)
-      - traefik.http.routers.traefik.entrypoints=websecure
-      - traefik.http.routers.traefik.tls.certresolver=le
-      - traefik.http.routers.traefik.middlewares=basicauth@docker
-      - traefik.http.routers.traefik.service=api@internal
-
-networks:
-  frontend:
-    external: true # <-- (Optional) Change this to false if you want to create a new network
-#

infra/compose/traefik/config/example.externalservice.yaml

@@ -1,21 +0,0 @@
-# --> (Example) Expose an external service using Traefik...
-# http:
-#   # -- Change Router Configuration here...
-#   routers:
-#     your-local-router:
-#       rule: "Host(`your-local-service.your-domain.com`)"  # <-- Change Rules here...
-#       service: your-local-service  # <-- Change Service Name here...
-#       priority: 1000  # <-- (Optional) Change Routing Priority here...
-#       entryPoints:
-#         - web
-#         - websecure
-#       tls:
-#         certResolver: cloudflare
-#
-#   # -- Change Service Configuration here...
-#   services:
-#     your-local-service:  # <-- Change Service Name here...
-#       loadBalancer:
-#         servers:
-#           - url: "http://your-local-service:port"  # <-- Change Target Service URL here...
-# <--

infra/compose/traefik/config/example.middleware-authentik.yaml

@@ -1,19 +0,0 @@
-# --> (Example) Securely expose apps using the Traefik proxy outpost...
-http:
-  middlewares:
-    authentik:
-      forwardAuth:
-        address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik
-        trustForwardHeader: true
-        authResponseHeaders:
-          - X-authentik-username
-          - X-authentik-groups
-          - X-authentik-email
-          - X-authentik-name
-          - X-authentik-uid
-          - X-authentik-jwt
-          - X-authentik-meta-jwks
-          - X-authentik-meta-outpost
-          - X-authentik-meta-provider
-          - X-authentik-meta-app
-          - X-authentik-meta-version

infra/compose/traefik/config/example.middleware-passbolt.yaml

@@ -1,22 +0,0 @@
-# --> (Optional) When using Passbolt with Traefik...
-# http:
-#   middlewares:
-#     passbolt-middleware:
-#       headers:
-#         FrameDeny: true
-#         AccessControlAllowMethods: 'GET,OPTIONS,PUT'
-#         AccessControlAllowOriginList:
-#           - origin-list-or-null
-#         AccessControlMaxAge: 100
-#         AddVaryHeader: true
-#         BrowserXssFilter: true
-#         ContentTypeNosniff: true
-#         ForceSTSHeader: true
-#         STSIncludeSubdomains: true
-#         STSPreload: true
-#         ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
-#         CustomFrameOptionsValue: SAMEORIGIN
-#         ReferrerPolicy: same-origin
-#         PermissionsPolicy: vibrate 'self'
-#         STSSeconds: 315360000
-# <--

infra/compose/traefik/config/example.tls.yaml

@@ -1,18 +0,0 @@
-# --> (Example) Change TLS Configuration here...
-# tls:
-#   options:
-#     default:
-#       minVersion: VersionTLS12
-#       sniStrict: true
-#       curvePreferences:
-#         - CurveP256
-#         - CurveP384
-#         - CurveP521
-#       cipherSuites:
-#         - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-#         - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-#         - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-#         - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-#         - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-#         - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-# <--

infra/compose/traefik/config/traefik.yaml

@@ -1,64 +0,0 @@
----
-global:
-  checkNewVersion: false
-  sendAnonymousUsage: false
-
-# --> (Optional) Change log level and format here ...
-#     - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL]
-log:
-  level: DEBUG
-# <--
-
-# --> (Optional) Enable accesslog here ...
-accesslog: {}
-# <--
-
-# --> (Optional) Enable API and Dashboard here, don't do in production
-api:
-  dashboard: true
-  insecure: true
-# <--
-
-# -- Change EntryPoints here...
-entryPoints:
-  web:
-    address: :80
-    # --> (Optional) Redirect all HTTP to HTTPS
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-    # <--
-  websecure:
-    address: :443
-
-# -- Configure your CertificateResolver here...
-certificatesResolvers:
-  godaddy:
-    acme:
-      email: info@harkon.co.uk
-      storage: /var/traefik/certs/godaddy-acme.json
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
-      dnsChallenge:
-        provider: godaddy
-        resolvers:
-          - 1.1.1.1:53
-          - 8.8.8.8:53
-          - 97.74.103.44:53
-          - 173.201.71.44:53
-
-# --> (Optional) Disable TLS Cert verification check
-# serversTransport:
-#   insecureSkipVerify: true
-# <--
-
-providers:
-  docker:
-    exposedByDefault: false # <-- (Optional) Change this to true if you want to expose all services
-    # Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks.
-    # E.g. Database container in a separate network and a container in the frontend and database network.
-    network: frontend
-  file:
-    directory: /etc/traefik
-    watch: true