commit 3971bea1b181a8c9d64e625a15fa0a372a52a889
Author: colin <colin@git@nixc.us>
Date:   Sat Nov 16 11:30:06 2024 -0500

    Add infra.yml

diff --git a/infra.yml b/infra.yml
new file mode 100644
index 0000000..c43f48a
--- /dev/null
+++ b/infra.yml
@@ -0,0 +1,118 @@
+  socketproxy:
+services:
+    networks:
+    image: tecnativa/docker-socket-proxy
+      - socketproxy
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    environment:
+      NETWORKS: 1
+      SERVICES: 1
+      TASKS: 1
+    #  Non Default permissions
+      CONTAINERS: 1
+    #   BUILD: 1
+    #   COMMIT: 1
+    #   CONFIGS: 1
+    #   CONTAINERS: 1
+    #   DISTRIBUTION: 1
+    #   EXEC: 1
+    #   GRPC: 1
+    #   IMAGES: 1
+    #   INFO: 1
+    #   NETWORKS: 1
+    #   NODES: 1
+    #   PLUGINS: 1
+    #   SERVICES: 1
+    #   SESSION: 1
+    #   SWARM: 1
+    #   SYSTEM: 1
+    #   TASKS: 1
+    #   VOLUMES: 1
+    deploy:
+      endpoint_mode: dnsrr
+      placement:
+        constraints:
+          - node.role == manager
+      update_config:
+        order: start-first
+        failure_action: rollback
+        delay: 0s
+        parallelism: 1
+      restart_policy:
+        condition: on-failure
+
+
+  traefik-http:
+    image: traefik:v2
+    command:
+      - "--providers.docker.endpoint=http://socketproxy_socketproxy:2375"
+      - "--log.level=ERROR"
+      - "--global.checknewversion=false"
+      - "--global.sendanonymoususage=false"
+      - "--providers.docker.swarmMode=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=traefik"
+      - "--serverstransport.insecureskipverify=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--entrypoints.web.http.redirections.entryPoint.permanent=true"  # Permanent redirect
+      - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.letsencryptresolver.acme.email=admin@nixc.us"
+      - "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
+      - "--api.dashboard=true"
+      - "--entryPoints.websecure.forwardedHeaders.insecure=true"
+      - "--entryPoints.websecure.transport.respondingTimeouts.idleTimeout=600s"
+      - "--entryPoints.websecure.transport.respondingTimeouts.readTimeout=600s"
+      - "--entryPoints.websecure.transport.respondingTimeouts.writeTimeout=600s"
+    ports:
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
+    volumes:
+      - /mnt/tank/persist/nixc.us/traefik/production/config:/letsencrypt
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - traefik
+      - socketproxy
+    deploy:
+      endpoint_mode: dnsrr
+      placement:
+        constraints:
+          - node.hostname == {{hostname}}
+      labels:
+        homepage.group: Infrastructure
+        homepage.name: Ingress
+        homepage.href: https://{{url}}/
+        homepage.description:
+        us.nixc.autodeploy: "true"
+        traefik.enable: "true"
+        traefik.docker.network: traefik
+        traefik.http.routers.traefik_traefik-http.tls: "true"
+        traefik.http.routers.traefik_traefik-http.rule: "Host(`{{url}}`)"
+        traefik.http.routers.traefik_traefik-http.entrypoints: "websecure"
+        traefik.http.routers.traefik_traefik-http.tls.certresolver: "letsencryptresolver"
+        traefik.http.routers.traefik_traefik-http.service: "api@internal"
+        traefik.http.services.traefik_traefik-http.loadbalancer.server.port: "888"
+      update_config:
+        order: stop-first
+        failure_action: rollback
+        delay: 15s
+        parallelism: 1
+      restart_policy:
+        condition: on-failure
+
+# docker network create --driver=overlay socketproxy
+networks:
+  socketproxy:
+    external: true
+  traefik:
+    external: true