Added back config-files that were lost.

config-files/docker/hass/mosquitto.conf

@@ -0,0 +1,8 @@
+persistence true
+persistence_location /mosquitto/data/
+log_dest file /mosquitto/log/mosquitto.log
+listener 1883
+
+## Authentication ##
+allow_anonymous false
+password_file /mosquitto/config/password.txt

config-files/docker/traefik/headers.yaml

@@ -0,0 +1,20 @@
+http:
+  middlewares:
+    passbolt:
+      headers:
+        FrameDeny: true
+        AccessControlAllowMethods: 'GET,OPTIONS,PUT'
+        AccessControlAllowOriginList:
+          - origin-list-or-null
+        AccessControlMaxAge: 100
+        AddVaryHeader: true
+        BrowserXssFilter: true
+        ContentTypeNosniff: true
+        ForceSTSHeader: true
+        STSIncludeSubdomains: true
+        STSPreload: true
+        ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
+        CustomFrameOptionsValue: SAMEORIGIN
+        ReferrerPolicy: same-origin
+        PermissionsPolicy: vibrate 'self'
+        STSSeconds: 315360000

config-files/docker/traefik/nextcloud.yaml

@@ -0,0 +1,41 @@
+http:
+  routers:
+    nextcloud:
+      rule: "Host(`nextcloud.${DOMAIN_NAME}`)"
+      entrypoints:
+        - "websecure"
+      service: nextcloud
+      middlewares:
+        - nextcloud-chain
+      tls:
+        certresolver: "cloudflare"
+
+  services:
+    nextcloud:
+      loadBalancer:
+        servers:
+          - url: "http://nextcloud-aio-apache:11000"
+
+  middlewares:
+    nextcloud-secure-headers:
+      headers:
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        referrerPolicy: "same-origin"
+        BrowserXssFilter: true
+        ContentTypeNosniff: true
+        ForceSTSHeader: true
+        STSIncludeSubdomains: true
+        STSPreload: true
+        STSSeconds: 315360000
+
+    https-redirect:
+      redirectscheme:
+        scheme: https
+
+    nextcloud-chain:
+      chain:
+        middlewares:
+          # - ... (e.g. rate limiting middleware)
+          - https-redirect
+          - nextcloud-secure-headers

config-files/docker/traefik/tls.yaml

@@ -0,0 +1,12 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      sniStrict: true
+      curvePreferences:
+        - CurveP521
+        - CurveP384
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

config-files/docker/traefik/traefik.yaml

@@ -0,0 +1,54 @@
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false
+
+#     - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL]
+log:
+  level: ERROR
+
+accesslog: {}
+
+api:
+  dashboard: true
+  insecure: true
+
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: :443
+    forwardedHeaders:
+      trustedIPs:
+        # Local IPs
+        - "127.0.0.1/32"
+        - "10.0.0.0/8"
+        - "192.168.0.0/16"
+        - "172.16.0.0/12"
+
+certificatesResolvers:
+  cloudflare:
+    acme:
+      email: ${EMAIL_ADDRESS}
+      storage: /var/traefik/certs/cloudflare-acme.json
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+      dnsChallenge:
+        provider: cloudflare
+        resolvers:
+          - "1.1.1.1:53"
+          - "9.9.9.9:53"
+
+serversTransport:
+  insecureSkipVerify: true
+
+providers:
+  docker:
+    exposedByDefault: false
+    network: nextcloud-aio, passbolt_frontend, pihole, hass_frontend, immich_frontend
+  file:
+    directory: "/etc/traefik/conf/"
+    watch: true