From 4b0fcdb39dc1379859c39ee6f4c4435444806285 Mon Sep 17 00:00:00 2001
From: knight <gitea@ghost.tel>
Date: Wed, 31 Dec 2025 14:49:06 -0500
Subject: [PATCH] Add missing configs: traefik middlewares, gollum config.rb,
 brain nginx.conf

---
 stacks/brain/nginx.conf                | 16 +++++++
 stacks/gollum/config.rb                | 12 +++++
 stacks/traefik/conf.d/middlewares.yaml | 61 ++++++++++++++++++++++++++
 3 files changed, 89 insertions(+)
 create mode 100644 stacks/brain/nginx.conf
 create mode 100644 stacks/gollum/config.rb
 create mode 100644 stacks/traefik/conf.d/middlewares.yaml

diff --git a/stacks/brain/nginx.conf b/stacks/brain/nginx.conf
new file mode 100644
index 0000000..8999978
--- /dev/null
+++ b/stacks/brain/nginx.conf
@@ -0,0 +1,16 @@
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name  localhost;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri $uri/ $uri.html =404;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
diff --git a/stacks/gollum/config.rb b/stacks/gollum/config.rb
new file mode 100644
index 0000000..f7b2c5b
--- /dev/null
+++ b/stacks/gollum/config.rb
@@ -0,0 +1,12 @@
+module Gollum
+  Gollum::GIT_ADAPTER = "my"
+end
+
+Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
+  committer.wiki.repo.git.pull('origin', committer.wiki.ref)
+  committer.wiki.repo.git.push('origin', committer.wiki.ref)
+end
+
+wiki_options = {}
+
+Precious::App.set(:wiki_options, wiki_options)
diff --git a/stacks/traefik/conf.d/middlewares.yaml b/stacks/traefik/conf.d/middlewares.yaml
new file mode 100644
index 0000000..991fb1b
--- /dev/null
+++ b/stacks/traefik/conf.d/middlewares.yaml
@@ -0,0 +1,61 @@
+# Core middlewares for traefik
+# External service routers should be added as separate files or via docker labels
+
+http:
+  routers:
+    # Redirect HTTP to HTTPS
+    https-redirect:
+      entryPoints:
+        - http
+      rule: "HostRegexp(`{host:.+}`)"
+      service: noop@internal
+      middlewares:
+        - redirect-to-https
+      priority: 1
+
+  middlewares:
+    # HTTPS redirect
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+
+    # Authentik forward auth - update URL after authentik is deployed
+    auth:
+      forwardAuth:
+        address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
+
+    # Security headers
+    securityHeaders:
+      headers:
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
+          server: ""
+          X-Forwarded-Proto: "https"
+        sslProxyHeaders:
+          X-Forwarded-Proto: https
+        referrerPolicy: "same-origin"
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        contentTypeNosniff: true
+        browserXssFilter: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsSeconds: 63072000
+        stsPreload: true
+
+    # Gzip compression
+    gzip:
+      compress: {}