commit 7c2fc1060f1d439847be06cff7de1b06d677cae2
Author: claude <claude@core.bob>
Date:   Tue Jun 2 07:30:42 2026 +0000

    Initial commit: Traefik + Gitea Compose-Files

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3171ad0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.mkcert-ca/
+certs/
+data/
diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml
new file mode 100644
index 0000000..507d66a
--- /dev/null
+++ b/gitea/docker-compose.yml
@@ -0,0 +1,29 @@
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__server__DOMAIN=gitea.core.bob
+      - GITEA__server__ROOT_URL=https://gitea.core.bob/
+      - GITEA__server__SSH_DOMAIN=gitea.core.bob
+      - GITEA__server__SSH_PORT=2222
+      - GITEA__database__DB_TYPE=sqlite3
+    ports:
+      - "2222:22"
+    volumes:
+      - ./data:/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`gitea.core.bob`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+    networks:
+      - traefik
+
+networks:
+  traefik:
+    external: true
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
new file mode 100644
index 0000000..747f9f3
--- /dev/null
+++ b/traefik/docker-compose.yml
@@ -0,0 +1,25 @@
+services:
+  traefik:
+    image: traefik:v3
+    container_name: traefik
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik.yml:/etc/traefik/traefik.yml:ro
+      - ./dynamic:/etc/traefik/dynamic:ro
+      - ./certs:/etc/traefik/certs:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.core.bob`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.service=api@internal"
+    networks:
+      - traefik
+
+networks:
+  traefik:
+    external: true
diff --git a/traefik/dynamic-tls.yml b/traefik/dynamic-tls.yml
new file mode 100644
index 0000000..809175f
--- /dev/null
+++ b/traefik/dynamic-tls.yml
@@ -0,0 +1,6 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/traefik/certs/core.bob.crt
+        keyFile: /etc/traefik/certs/core.bob.key
diff --git a/traefik/traefik.yml b/traefik/traefik.yml
new file mode 100644
index 0000000..c06c626
--- /dev/null
+++ b/traefik/traefik.yml
@@ -0,0 +1,24 @@
+api:
+  dashboard: true
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ":443"
+
+providers:
+  docker:
+    exposedByDefault: false
+    network: traefik
+  file:
+    directory: /etc/traefik/dynamic
+    watch: true
+
+log:
+  level: INFO