diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/appdata/crowdsec/acquis.yaml b/appdata/crowdsec/acquis.yaml
new file mode 100644
index 0000000..bbbb2f9
--- /dev/null
+++ b/appdata/crowdsec/acquis.yaml
@@ -0,0 +1,21 @@
+#filenames:
+#  - /var/log/nginx/*.log
+#  - ./tests/nginx/nginx.log
+##this is not a syslog log, indicate which kind of logs it is
+#labels:
+#  type: nginx
+---
+filenames:
+ - /var/log/auth.log
+ - /var/log/syslog
+labels:
+  type: syslog
+---
+#filename: /var/log/apache2/*.log
+#labels:
+#  type: apache2
+---
+filenames:
+  - /var/log/traefik/traefik-access.log
+labels:
+  type: traefik
\ No newline at end of file
diff --git a/appdata/crowdsec/ban.html b/appdata/crowdsec/ban.html
new file mode 100644
index 0000000..122575e
--- /dev/null
+++ b/appdata/crowdsec/ban.html
@@ -0,0 +1,330 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <title>CrowdSec Access Forbidden</title>
+    <meta content="text/html; charset=utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <style>
+        /*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
+        *,
+        :after,
+        :before {
+            border: 0 solid #e5e7eb;
+            box-sizing: border-box
+        }
+
+        :after,
+        :before {
+            --tw-content: ""
+        }
+
+        html {
+            -webkit-text-size-adjust: 100%;
+            font-feature-settings: normal;
+            font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
+            line-height: 1.5;
+            -moz-tab-size: 4;
+            -o-tab-size: 4;
+            tab-size: 4
+        }
+
+        body {
+            line-height: inherit;
+            margin: 0
+        }
+
+        h1,
+        h2,
+        h3,
+        h4,
+        h5,
+        h6 {
+            font-size: inherit;
+            font-weight: inherit
+        }
+
+        a {
+            color: inherit;
+            text-decoration: inherit
+        }
+
+        h1,
+        h2,
+        h3,
+        h4,
+        h5,
+        h6,
+        hr,
+        p,
+        pre {
+            margin: 0
+        }
+
+        *,
+        ::backdrop,
+        :after,
+        :before {
+            --tw-border-spacing-x: 0;
+            --tw-border-spacing-y: 0;
+            --tw-translate-x: 0;
+            --tw-translate-y: 0;
+            --tw-rotate: 0;
+            --tw-skew-x: 0;
+            --tw-skew-y: 0;
+            --tw-scale-x: 1;
+            --tw-scale-y: 1;
+            --tw-pan-x: ;
+            --tw-pan-y: ;
+            --tw-pinch-zoom: ;
+            --tw-scroll-snap-strictness: proximity;
+            --tw-ordinal: ;
+            --tw-slashed-zero: ;
+            --tw-numeric-figure: ;
+            --tw-numeric-spacing: ;
+            --tw-numeric-fraction: ;
+            --tw-ring-inset: ;
+            --tw-ring-offset-width: 0px;
+            --tw-ring-offset-color: #fff;
+            --tw-ring-color: #3b82f680;
+            --tw-ring-offset-shadow: 0 0 #0000;
+            --tw-ring-shadow: 0 0 #0000;
+            --tw-shadow: 0 0 #0000;
+            --tw-shadow-colored: 0 0 #0000;
+            --tw-blur: ;
+            --tw-brightness: ;
+            --tw-contrast: ;
+            --tw-grayscale: ;
+            --tw-hue-rotate: ;
+            --tw-invert: ;
+            --tw-saturate: ;
+            --tw-sepia: ;
+            --tw-drop-shadow: ;
+            --tw-backdrop-blur: ;
+            --tw-backdrop-brightness: ;
+            --tw-backdrop-contrast: ;
+            --tw-backdrop-grayscale: ;
+            --tw-backdrop-hue-rotate: ;
+            --tw-backdrop-invert: ;
+            --tw-backdrop-opacity: ;
+            --tw-backdrop-saturate: ;
+            --tw-backdrop-sepia:
+        }
+
+        .flex {
+            display: flex
+        }
+
+        .flex-wrap {
+            flex-wrap: wrap
+        }
+
+        .inline-flex {
+            display: inline-flex
+        }
+
+        .h-24 {
+            height: 6rem
+        }
+
+        .h-6 {
+            height: 1.5rem
+        }
+
+        .h-full {
+            height: 100%
+        }
+
+        .h-screen {
+            height: 100vh
+        }
+
+        .text-center {
+            text-align: center
+        }
+
+        .w-24 {
+            width: 6rem
+        }
+
+        .w-6 {
+            width: 1.5rem
+        }
+
+        .w-full {
+            width: 100%
+        }
+
+        .w-screen {
+            width: 100vw
+        }
+
+        .my-3 {
+            margin-top: 0.75rem;
+            margin-bottom: 0.75rem
+        }
+
+        .flex-col {
+            flex-direction: column
+        }
+
+        .items-center {
+            align-items: center
+        }
+
+        .justify-center {
+            justify-content: center
+        }
+
+        .justify-between {
+            justify-content: space-between
+        }
+
+        .space-y-1>:not([hidden])~:not([hidden]) {
+            --tw-space-y-reverse: 0;
+            margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
+            margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
+        }
+
+        .space-y-4>:not([hidden])~:not([hidden]) {
+            --tw-space-y-reverse: 0;
+            margin-bottom: calc(1rem*var(--tw-space-y-reverse));
+            margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
+        }
+
+        .rounded-xl {
+            border-radius: .75rem
+        }
+
+        .border-2 {
+            border-width: 2px
+        }
+
+        .border-black {
+            --tw-border-opacity: 1;
+            border-color: rgb(0 0 0/var(--tw-border-opacity))
+        }
+
+        .p-4 {
+            padding: 1rem
+        }
+
+        .px-4 {
+            padding-left: 1rem;
+            padding-right: 1rem
+        }
+
+        .py-2 {
+            padding-bottom: .5rem;
+            padding-top: .5rem
+        }
+
+        .text-2xl {
+            font-size: 1.5rem;
+            line-height: 2rem
+        }
+
+        .text-sm {
+            font-size: .875rem;
+            line-height: 1.25rem
+        }
+
+        .text-xl {
+            font-size: 1.25rem;
+            line-height: 1.75rem
+        }
+
+        .font-bold {
+            font-weight: 700
+        }
+
+        .text-white {
+            --tw-text-opacity: 1;
+            color: rgb(255 255 255/var(--tw-text-opacity))
+        }
+
+        @media (min-width:640px) {
+            .sm\:w-2\/3 {
+                width: 66.666667%
+            }
+        }
+
+        @media (min-width:768px) {
+            .md\:flex-row {
+                flex-direction: row
+            }
+        }
+
+        @media (min-width:1024px) {
+            .lg\:w-1\/2 {
+                width: 50%
+            }
+
+            .lg\:text-3xl {
+                font-size: 1.875rem;
+                line-height: 2.25rem
+            }
+
+            .lg\:text-xl {
+                font-size: 1.25rem;
+                line-height: 1.75rem
+            }
+        }
+
+        @media (min-width:1280px) {
+            .xl\:text-4xl {
+                font-size: 2.25rem;
+                line-height: 2.5rem
+            }
+        }
+    </style>
+</head>
+
+<body class="h-screen w-screen p-4">
+<div class="h-full w-full flex flex-col justify-center items-center">
+    <div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
+        <div class="flex flex-col items-center space-y-4">
+            <svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
+                 data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
+                 class="warning">
+                <path
+                        d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
+                </path>
+            </svg>
+            <h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Access Forbidden</h1>
+        </div>
+        <div class="flex justify-center flex-wrap">
+            <p class="my-3">This security check has been powered by</p>
+            <a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
+                <svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
+                    <defs>
+                        <clipPath id="a">
+                            <path d="M0 52h84v201.2H0zm0 0" />
+                        </clipPath>
+                        <clipPath id="b">
+                            <path d="M170 52h84.4v201.2H170zm0 0" />
+                        </clipPath>
+                    </defs>
+                    <path
+                            d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
+                    <path
+                            d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
+                    <g clip-path="url(#a)">
+                        <path
+                                d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
+                    </g>
+                    <g clip-path="url(#b)">
+                        <path
+                                d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
+                    </g>
+                    <path
+                            d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
+                </svg>
+                <span>CrowdSec</span>
+            </a>
+        </div>
+    </div>
+</div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/appdata/crowdsec/whitelists_custom.yaml b/appdata/crowdsec/whitelists_custom.yaml
new file mode 100644
index 0000000..9e014b1
--- /dev/null
+++ b/appdata/crowdsec/whitelists_custom.yaml
@@ -0,0 +1,13 @@
+name: crowdsecurity/whitelists
+description: "Whitelist events from private ipv4 addresses"
+whitelist:
+  reason: "private ipv4/ipv6 ip/ranges"
+  ip:
+    - "127.0.0.1"
+    - "::1"
+    - "10.0.0.168"
+    - "10.0.0.137"
+  cidr:
+    - "192.168.0.0/16"
+    - "10.0.0.0/8"
+    - "172.16.0.0/12"
\ No newline at end of file
diff --git a/appdata/homepage/config/bookmarks.yaml b/appdata/homepage/config/bookmarks.yaml
new file mode 100644
index 0000000..d0f64e4
--- /dev/null
+++ b/appdata/homepage/config/bookmarks.yaml
@@ -0,0 +1,26 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/bookmarks
+- Social:
+    - Twitter:
+        - icon: twitter.png
+          href: https://twitter.com/home?lang=fr
+          description: Social media platform
+    - LinkedIn:
+        - icon: linkedin.png
+          href: https://www.linkedin.com/home/?originalSubdomain=fr
+          description: Professional networking
+
+- Travail:
+    - GitLab:
+        - icon: gitlab.png
+          href: https://gitlab.com/users/sign_in
+          description: DevOps platform
+    - GitHub:
+        - icon: github.png
+          href: https://git.hhf.technology/
+          description: Code hosting platform
+    - Stack Overflow:
+        - abbr: SOV
+          href: https://stackoverflow.com/questions/69185617/caddy-allow-http-with-api-platform
+          description: Developer Q&A
diff --git a/appdata/homepage/config/custom.css b/appdata/homepage/config/custom.css
new file mode 100644
index 0000000..e69de29
diff --git a/appdata/homepage/config/custom.js b/appdata/homepage/config/custom.js
new file mode 100644
index 0000000..e69de29
diff --git a/appdata/homepage/config/docker.yaml b/appdata/homepage/config/docker.yaml
new file mode 100644
index 0000000..602f4af
--- /dev/null
+++ b/appdata/homepage/config/docker.yaml
@@ -0,0 +1,10 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/docker/
+
+# my-docker:
+ #  host: 10.0.0.243
+#   port: 2375
+
+ #my-docker:
+#   socket: /var/run/docker.sock
diff --git a/appdata/homepage/config/icons/authentik.png b/appdata/homepage/config/icons/authentik.png
new file mode 100644
index 0000000..5c64b87
Binary files /dev/null and b/appdata/homepage/config/icons/authentik.png differ
diff --git a/appdata/homepage/config/icons/cloudflare.png b/appdata/homepage/config/icons/cloudflare.png
new file mode 100644
index 0000000..4d33c5f
Binary files /dev/null and b/appdata/homepage/config/icons/cloudflare.png differ
diff --git a/appdata/homepage/config/icons/crowdsec.png b/appdata/homepage/config/icons/crowdsec.png
new file mode 100644
index 0000000..7c724c9
Binary files /dev/null and b/appdata/homepage/config/icons/crowdsec.png differ
diff --git a/appdata/homepage/config/icons/github.png b/appdata/homepage/config/icons/github.png
new file mode 100644
index 0000000..9490ffc
Binary files /dev/null and b/appdata/homepage/config/icons/github.png differ
diff --git a/appdata/homepage/config/icons/gitlab.png b/appdata/homepage/config/icons/gitlab.png
new file mode 100644
index 0000000..983cd85
Binary files /dev/null and b/appdata/homepage/config/icons/gitlab.png differ
diff --git a/appdata/homepage/config/icons/linkedin.png b/appdata/homepage/config/icons/linkedin.png
new file mode 100644
index 0000000..3fbdd62
Binary files /dev/null and b/appdata/homepage/config/icons/linkedin.png differ
diff --git a/appdata/homepage/config/icons/passbolt.png b/appdata/homepage/config/icons/passbolt.png
new file mode 100644
index 0000000..2a0db74
Binary files /dev/null and b/appdata/homepage/config/icons/passbolt.png differ
diff --git a/appdata/homepage/config/icons/portainer.png b/appdata/homepage/config/icons/portainer.png
new file mode 100644
index 0000000..a3a7e09
Binary files /dev/null and b/appdata/homepage/config/icons/portainer.png differ
diff --git a/appdata/homepage/config/icons/qBittorrent.png b/appdata/homepage/config/icons/qBittorrent.png
new file mode 100644
index 0000000..4e7c852
Binary files /dev/null and b/appdata/homepage/config/icons/qBittorrent.png differ
diff --git a/appdata/homepage/config/icons/traefik.png b/appdata/homepage/config/icons/traefik.png
new file mode 100644
index 0000000..7e068f2
Binary files /dev/null and b/appdata/homepage/config/icons/traefik.png differ
diff --git a/appdata/homepage/config/icons/twitter.png b/appdata/homepage/config/icons/twitter.png
new file mode 100644
index 0000000..eb76313
Binary files /dev/null and b/appdata/homepage/config/icons/twitter.png differ
diff --git a/appdata/homepage/config/kubernetes.yaml b/appdata/homepage/config/kubernetes.yaml
new file mode 100644
index 0000000..aca6e82
--- /dev/null
+++ b/appdata/homepage/config/kubernetes.yaml
@@ -0,0 +1,2 @@
+---
+# sample kubernetes config
diff --git a/appdata/homepage/config/services.yaml b/appdata/homepage/config/services.yaml
new file mode 100644
index 0000000..270af71
--- /dev/null
+++ b/appdata/homepage/config/services.yaml
@@ -0,0 +1,146 @@
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/services
+- Containers:
+    - Portainer:
+        icon: portainer.png
+        href: {{HOMEPAGE_VAR_PORTAINER_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_PORTAINER_URL_EXTERNAL}}
+        container: portainer
+        description: docker gestionnary
+        widget:
+          type: portainer
+          url: {{HOMEPAGE_VAR_PORTAINER_URL_INTERNAL}}
+          env: 1
+          key: {{HOMEPAGE_VAR_PORTAINER_KEY}}
+    - Traefik:
+        icon: traefik.png
+        href: {{HOMEPAGE_VAR_TRAEFIK_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_TRAEFIK_URL_EXTERNAL}}
+        container: traefik
+        description: reverse proxy
+        widget:
+          type: traefik
+          url: {{HOMEPAGE_VAR_TRAEFIK_URL_EXTERNAL}}
+          username: {{HOMEPAGE_VAR_TRAEFIK_USERNAME}}
+          password: {{HOMEPAGE_VAR_TRAEFIK_PASSWORD}} # optional
+    - authentik:
+        icon: authentik.png
+        href: {{HOMEPAGE_VAR_AUTHENTIK_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_AUTHENTIK_URL_EXTERNAL}}
+        container: authentik_server
+        description: SSO connexion
+        widget:
+          type: authentik
+          url: {{HOMEPAGE_VAR_AUTHENTIK_URL_EXTERNAL}}
+          key: {{HOMEPAGE_VAR_AUTHENTIK_API_KEY}}
+    - Crowdsec:
+        icon: /icons/crowdsec.png
+        container: crowdsec
+        href: {{HOMEPAGE_VAR_CROWDSEC_WEBSITE}}
+        description: ip firewall
+        widget:
+          type: crowdsec
+          url: {{HOMEPAGE_VAR_CROWDSEC_URL_INTERNAL}}
+          username: {{HOMEPAGE_VAR_CROWDSEC_USERNAME}}
+          password: {{HOMEPAGE_VAR_CROWDSEC_PASSWORD}}
+    - Passbolt:
+        icon: /icons/passbolt.png
+        container: passbolt
+        href: {{HOMEPAGE_VAR_PASSBOLT_URL_EXTERNAL}}
+        description: password gestionnary
+
+- Media:
+    - Calendar:
+        widget:
+          type: calendar
+          view: monthly # or 'agenda' if you prefer a list view
+          firstDayInWeek: sunday # or 'monday', depending on your preference
+          showTime: true # to show event times
+          integrations:
+          - type: sonarr # active widget type that is currently enabled on homepage - possible values: radarr, sonarr, lidarr, readarr
+            service_group: Media # group name where widget exists
+            service_name: Sonarr # service name for that widget
+            #color: teal # optional - defaults to pre-defined color for the service (teal for sonarr)
+            params: # optional - additional params for the service
+              unmonitored: true # optional - defaults to false, used with *arr stack
+          - type: radarr # active widget type that is currently enabled on homepage - possible values: radarr, sonarr, lidarr, readarr
+            service_group: Media # group name where widget exists
+            service_name: Radarr # service name for that widget
+            #color: teal # optional - defaults to pre-defined color for the service (teal for sonarr)
+            params: # optional - additional params for the service
+              unmonitored: true # optional - defaults to false, used with *arr stack
+          - type: lidarr # active widget type that is currently enabled on homepage - possible values: radarr, sonarr, lidarr, readarr
+            service_group: Media # group name where widget exists
+            service_name: Lidarr # service name for that widget
+            #color: teal # optional - defaults to pre-defined color for the service (teal for sonarr)
+            params: # optional - additional params for the service
+              unmonitored: true # optional - defaults to false, used with *arr stack
+          - type: readarr # active widget type that is currently enabled on homepage - possible values: radarr, sonarr, lidarr, readarr
+            service_group: Media # group name where widget exists
+            service_name: Readarr # service name for that widget
+            #color: teal # optional - defaults to pre-defined color for the service (teal for sonarr)
+            params: # optional - additional params for the service
+              unmonitored: true # optional - defaults to false, used with *arr stack
+                
+    - Sonarr:
+        icon: sonarr.png
+        href: {{HOMEPAGE_VAR_SONARR_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_SONARR_URL_EXTERNAL}}
+        description: gestionnaire de séries TV
+        widget:
+          type: sonarr
+          url: {{HOMEPAGE_VAR_SONARR_URL_INTERNAL}}
+          key: {{HOMEPAGE_VAR_SONARR_KEY}}
+          enableQueue: true
+    - Readarr:
+        icon: readarr.png
+        href: {{HOMEPAGE_VAR_READARR_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_READARR_URL_EXTERNAL}}
+        description: gestionnaire de livres
+        widget:
+          type: readarr
+          url: {{HOMEPAGE_VAR_READARR_URL_INTERNAL}}
+          key: {{HOMEPAGE_VAR_READARR_KEY}}
+    - Prowlarr:
+        icon: prowlarr.png
+        href: {{HOMEPAGE_VAR_PROWLARR_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_PROWLARR_URL_EXTERNAL}}
+        description: gestionnaire d'indexeurs
+        widget:
+          type: prowlarr
+          url: {{HOMEPAGE_VAR_PROWLARR_URL_INTERNAL}}
+          key: {{HOMEPAGE_VAR_PROWLARR_KEY}}
+    - Lidarr:
+        icon: lidarr.png
+        href: {{HOMEPAGE_VAR_LIDARR_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_LIDARR_URL_EXTERNAL}}
+        description: gestionnaire de musique
+        widget:
+          type: lidarr
+          url: {{HOMEPAGE_VAR_LIDARR_URL_INTERNAL}}
+          key: {{HOMEPAGE_VAR_LIDARR_KEY}}
+    - Radarr:
+        icon: radarr.png
+        href: {{HOMEPAGE_VAR_RADARR_URL_EXTERNAL}}
+        siteMonitor: {{HOMEPAGE_VAR_RADARR_URL_EXTERNAL}}
+        description: gestionnaire de films
+        widget:
+          type: radarr
+          url: {{HOMEPAGE_VAR_RADARR_URL_INTERNAL}}
+          key: {{HOMEPAGE_VAR_RADARR_KEY}}
+
+- DNS:
+    - Cloudflare:
+        icon: /icons/cloudflare.png
+        href: {{HOMEPAGE_VAR_CLOUDFLARE_URL}}
+        description: gestion des DNS externe
+
+- downloads:
+    - qBittorrent:
+        href: {{HOMEPAGE_VAR_QBITTORRENT_URL_EXTERNAL}}
+        description: torrent downloader
+        widget:
+          type: qbittorrent
+          url: {{HOMEPAGE_VAR_QBITTORRENT_URL_EXTERNAL}}
+          username: {{HOMEPAGE_VAR_QBITTORRENT_USERNAME}}
+          password: {{HOMEPAGE_VAR_QBITTORRENT_PASSWORD}}
diff --git a/appdata/homepage/config/settings.yaml b/appdata/homepage/config/settings.yaml
new file mode 100644
index 0000000..1727195
--- /dev/null
+++ b/appdata/homepage/config/settings.yaml
@@ -0,0 +1,31 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/settings
+
+title: My custom Homepage
+background:
+  image: https://images.unsplash.com/photo-1502790671504-542ad42d5189?auto=format&fit=crop&w=2560&q=80
+  #image: https://cdnb.artstation.com/p/assets/images/images/006/897/659/large/mikael-gustafsson-wallpaper-m>
+  blur: sm # sm, md, xl... see https://tailwindcss.com/docs/backdrop-blur
+  saturate: 100 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
+  brightness: 50 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
+  opacity: 100 # 0-100
+
+language: fr 
+useEqualHeights: true
+showStats: true
+
+
+
+
+layout:
+  Containers:
+    tab: Services
+  Hypervisor:
+    tab: Services
+  DNS:
+    tab: utilities
+  Media:
+    tab: Media Management
+  downloads:
+    tab: Media Management
diff --git a/appdata/homepage/config/widgets.yaml b/appdata/homepage/config/widgets.yaml
new file mode 100644
index 0000000..a30e8d1
--- /dev/null
+++ b/appdata/homepage/config/widgets.yaml
@@ -0,0 +1,23 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/service-widgets
+
+- resources:
+    cpu: true
+    memory: true
+
+- search:
+    provider: google
+    target: _blank
+
+- openweathermap:
+      label: Lyon #optional
+      latitude:  45.750000
+      longitude: 4.850000
+      units: metric # or imperial
+      provider: openweathermap
+      apiKey: d1de5d84854a33108d9360b3a88f84b8 # required only if not using provider, this reveals api key in requests
+      cache: 5 # Time in minutes to cache API responses, to stay within limits
+      format: # optional, Intl.NumberFormat options
+          maximumFractionDigits: 1
+
diff --git a/appdata/traefik/config/traefik.yaml b/appdata/traefik/config/traefik.yaml
new file mode 100644
index 0000000..015a5e2
--- /dev/null
+++ b/appdata/traefik/config/traefik.yaml
@@ -0,0 +1,140 @@
+################################################################
+# Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/
+################################################################
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false
+
+################################################################
+# Providers - https://doc.traefik.io/traefik/providers/docker/
+################################################################
+providers:
+  docker:
+    #endpoint: "unix:///var/run/docker.sock" # Comment if using socket-proxy
+    endpoint: "tcp://socket-proxy:2375" # Uncomment if using socket proxy
+    exposedByDefault: false
+    network: traefik # network to use for connections to all containers
+
+  # Enable auto loading of newly created rules by watching a directory
+  file:
+    # Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains
+    directory: /rules
+    watch: true
+
+################################################################
+# Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/
+################################################################
+entryPoints:
+  web:
+    address: ":80"
+    # Global HTTP to HTTPS redirection
+    http:
+      redirections:
+        entrypoint:
+          to: websecure
+          scheme: https
+      middlewares:
+        - crowdsec@file
+        - middlewares-compress@file
+        - middlewares-secure-headers@file
+  websecure:
+    address: ":443"
+    http:
+      middlewares:
+        - crowdsec@file
+        - middlewares-compress@file
+        - middlewares-secure-headers@file
+      tls:
+        options: tls-opts@file
+        certResolver: le
+    http3: {}
+    forwardedHeaders:
+      trustedIPs:
+        # Cloudflare (https://www.cloudflare.com/ips-v4)
+        - "173.245.48.0/20"
+        - "103.21.244.0/22"
+        - "103.22.200.0/22"
+        - "103.31.4.0/22"
+        - "141.101.64.0/18"
+        - "108.162.192.0/18"
+        - "190.93.240.0/20"
+        - "188.114.96.0/20"
+        - "197.234.240.0/22"
+        - "198.41.128.0/17"
+        - "162.158.0.0/15"
+        - "104.16.0.0/13"
+        - "104.24.0.0/14"
+        - "172.64.0.0/13"
+        - "131.0.72.0/22"
+        # Local IPs
+        - "127.0.0.1/32"
+        - "10.0.0.0/8"
+        - "192.168.0.0/16"
+        - "172.16.0.0/12"
+
+################################################################
+# Logs - https://doc.traefik.io/traefik/observability/logs/
+################################################################
+log:
+  level: INFO # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO
+  filePath: /logs/traefik-container.log # Default is to STDOUT
+  # format: json # Uses text format (common) by default
+  noColor: false # Recommended to be true when using common
+  maxSize: 100 # In megabytes
+  compress: true # gzip compression when rotating
+
+################################################################
+# Access logs - https://doc.traefik.io/traefik/observability/access-logs/
+################################################################
+accessLog:
+  addInternals: true # things like ping@internal
+  filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default
+  bufferingSize: 100 # Number of log lines
+  fields:
+    names:
+      StartUTC: drop # Write logs in Container Local Time instead of UTC
+  filters:
+    statusCodes:
+      - "204-299"
+      - "400-499"
+      - "500-599"
+
+################################################################
+# API and Dashboard
+################################################################
+api:
+  dashboard: true
+  # Rely on api@internal and Traefik with Middleware to control access
+  # insecure: true
+
+################################################################
+# Let's Encrypt (ACME)
+################################################################
+certificatesResolvers:
+  le:
+    acme:
+      email: "CHANGEME"
+      storage: "/data/acme.json"
+      caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
+      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
+      dnsChallenge:
+        provider: cloudflare
+        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
+        # Custom DNS server resolution
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
+
+################################################################
+# Bouncer traefik  (crowdsec)
+################################################################
+experimental:
+  plugins:
+    # crowdsec bouncer for traefik
+    traefik-bouncer:
+      moduleName: git.hhf.technology/maxlerebourg/crowdsec-bouncer-traefik-plugin
+      version: v1.3.3-beta1
+    # http cache for traefik
+    souin:
+      moduleName: git.hhf.technology/darkweak/souin
+      version: v1.6.50
diff --git a/appdata/traefik/rules/bouncer-crowdsec.yaml b/appdata/traefik/rules/bouncer-crowdsec.yaml
new file mode 100644
index 0000000..b934baa
--- /dev/null
+++ b/appdata/traefik/rules/bouncer-crowdsec.yaml
@@ -0,0 +1,18 @@
+http:
+  middlewares:
+    crowdsec:
+      plugin:
+        traefik-bouncer:
+          enabled: true
+          logLevel: DEBUG
+          updateIntervalSeconds: 60
+          defaultDecisionSeconds: 60
+          httpTimeoutSeconds: 10
+          crowdsecMode: live #live stream #alone
+          crowdsecAppsecEnabled: false
+          crowdsecAppsecHost: crowdsec:7422
+          crowdsecAppsecFailureBlock: true
+          crowdsecLapiKey: {{ env "CROWDSEC_TRAEFIK_BOUNCER_LAPI_KEY" }}
+          crowdsecLapiHost: crowdsec:8080
+          crowdsecLapiScheme: http
+          banHTMLFilePath: ./ban.html
diff --git a/appdata/traefik/rules/default-headers.yaml b/appdata/traefik/rules/default-headers.yaml
new file mode 100644
index 0000000..6e6ed79
--- /dev/null
+++ b/appdata/traefik/rules/default-headers.yaml
@@ -0,0 +1,14 @@
+http:
+  middlewares:
+    default-headers:
+      headers:
+        frameDeny: true
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 15552000
+        customFrameOptionsValue: SAMEORIGIN
+        customRequestHeaders:
+          X-Forwarded-Proto: https
\ No newline at end of file
diff --git a/appdata/traefik/rules/forwardAuth-authentik.yaml b/appdata/traefik/rules/forwardAuth-authentik.yaml
new file mode 100644
index 0000000..1feec75
--- /dev/null
+++ b/appdata/traefik/rules/forwardAuth-authentik.yaml
@@ -0,0 +1,30 @@
+################################################################
+# Middlewares (https://git.hhf.technology/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://git.hhf.technology/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    ################################################################
+    # Forward Authentication - OAUTH / 2FA
+    ################################################################
+    #
+    # https://git.hhf.technology/goauthentik/authentik/issues/2366
+    forwardAuth-authentik:
+      forwardAuth:
+        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
diff --git a/appdata/traefik/rules/middlewares-authentik.yaml b/appdata/traefik/rules/middlewares-authentik.yaml
new file mode 100644
index 0000000..a1b9ff5
--- /dev/null
+++ b/appdata/traefik/rules/middlewares-authentik.yaml
@@ -0,0 +1,19 @@
+http:
+  middlewares:
+    # https://git.hhf.technology/goauthentik/authentik/issues/2366
+    middlewares-authentik:
+      forwardAuth:
+        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
diff --git a/appdata/traefik/rules/middlewares-buffering.yaml b/appdata/traefik/rules/middlewares-buffering.yaml
new file mode 100644
index 0000000..f6bc7ac
--- /dev/null
+++ b/appdata/traefik/rules/middlewares-buffering.yaml
@@ -0,0 +1,18 @@
+################################################################
+# Middlewares (https://git.hhf.technology/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://git.hhf.technology/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Prevent too large of a body
+    # https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik
+    middlewares-buffering:
+      buffering:
+        maxRequestBodyBytes: 10485760
+        memRequestBodyBytes: 2097152
+        maxResponseBodyBytes: 10485760
+        memResponseBodyBytes: 2097152
+        retryExpression: "IsNetworkError() && Attempts() <= 2"
diff --git a/appdata/traefik/rules/middlewares-compress.yaml b/appdata/traefik/rules/middlewares-compress.yaml
new file mode 100644
index 0000000..01ce650
--- /dev/null
+++ b/appdata/traefik/rules/middlewares-compress.yaml
@@ -0,0 +1,17 @@
+################################################################
+# Middlewares (https://git.hhf.technology/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://git.hhf.technology/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    middlewares-compress:
+      compress:
+        includedContentTypes:
+          - application/json
+          - text/html
+          - text/plain
+        minResponseBodyBytes: 1024
+        defaultEncoding: gzip
diff --git a/appdata/traefik/rules/middlewares-http-cache.yaml b/appdata/traefik/rules/middlewares-http-cache.yaml
new file mode 100644
index 0000000..b8a9614
--- /dev/null
+++ b/appdata/traefik/rules/middlewares-http-cache.yaml
@@ -0,0 +1,80 @@
+http:
+  middlewares:
+    http-cache:
+      plugin:
+        souin:
+          api:
+            # prometheus: {}
+            souin: {}
+          default_cache:
+            ttl: 60s  # TTL par défaut pour toutes les URLs
+            allowed_http_verbs:
+              - GET
+              - HEAD
+              - POST
+            default_cache_control: public, max-age=60
+            force: true
+          log_level: debug
+
+    portainer-cache:
+      plugin:
+        souin:
+          api:
+            prometheus: {}
+            souin: {}
+          default_cache:
+            regex:
+              exclude: '/api/.*|/auth/.*|/settings/.*'  # Exclure les APIs sensibles de Portainer du cache
+            ttl: 60s  # TTL global par défaut
+            allowed_http_verbs:
+              - GET
+              - HEAD
+            default_cache_control: public, max-age=60
+          log_level: debug
+          urls:
+            'portainer.{{ env "DOMAINNAME"}}':
+              ttl: 120s
+              default_cache_control: public, max-age=120
+            'portainer.{{ env "DOMAINNAME"}}/login':
+              ttl: 0s  # Ne pas mettre en cache la page de login
+          ykeys:
+            Portainer_API_Key:
+              headers:
+                Content-Type: 'application/json'
+          surrogate_keys:
+            Portainer_Surrogate_Key:
+              headers:
+                Content-Type: 'application/json'
+
+    servarr-cache:
+      plugin:
+        souin:
+          api:
+            prometheus: {}
+            souin: {}
+          default_cache:
+            regex:
+              exclude: '/api/.*|/auth/.*|/indexers/.*|/download/.*|/profile/.*'  # Exclure les API, indexeurs, et téléchargements du cache
+            ttl: 60s  # TTL global par défaut
+            allowed_http_verbs:
+              - GET
+              - HEAD
+            default_cache_control: public, max-age=60
+          log_level: debug
+          urls:
+            'sonarr.{{ env "DOMAINNAME" }}/':
+              ttl: 300s
+            'radarr.{{ env "DOMAINNAME" }}/':
+              ttl: 300s 
+            'lidarr.{{ env "DOMAINNAME" }}/':
+              ttl: 300s 
+            'readarr.{{ env "DOMAINNAME" }}/':
+              ttl: 300s 
+          ykeys:
+            Servarr_Static_Key:
+              headers:
+                Content-Type: 'text/html'
+          surrogate_keys:
+            Servarr_Surrogate_Key:
+              headers:
+                Content-Type: 'application/json'
diff --git a/appdata/traefik/rules/middlewares-https-redirectscheme.yaml b/appdata/traefik/rules/middlewares-https-redirectscheme.yaml
new file mode 100644
index 0000000..21f4a86
--- /dev/null
+++ b/appdata/traefik/rules/middlewares-https-redirectscheme.yaml
@@ -0,0 +1,15 @@
+################################################################
+# Middlewares (https://git.hhf.technology/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://git.hhf.technology/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Middleware for Redirection
+    # This can be used instead of global redirection
+    middlewares-https-redirectscheme:
+      redirectScheme:
+        scheme: https
+        permanent: true
diff --git a/appdata/traefik/rules/middlewares-rate-limit.yaml b/appdata/traefik/rules/middlewares-rate-limit.yaml
new file mode 100644
index 0000000..7259094
--- /dev/null
+++ b/appdata/traefik/rules/middlewares-rate-limit.yaml
@@ -0,0 +1,14 @@
+################################################################
+# Middlewares (https://git.hhf.technology/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://git.hhf.technology/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # DDoS Prevention
+    middlewares-rate-limit:
+      rateLimit:
+        average: 100
+        burst: 50
diff --git a/appdata/traefik/rules/middlewares-secure-headers.yaml b/appdata/traefik/rules/middlewares-secure-headers.yaml
new file mode 100644
index 0000000..28a9086
--- /dev/null
+++ b/appdata/traefik/rules/middlewares-secure-headers.yaml
@@ -0,0 +1,39 @@
+################################################################
+# Middlewares (https://git.hhf.technology/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://git.hhf.technology/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    ################################################################
+    # Good Basic Security Practices
+    ################################################################
+    middlewares-secure-headers:
+      headers:
+        accessControlAllowMethods:
+          - GET
+          - OPTIONS
+          - PUT
+        accessControlMaxAge: 100
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        stsSeconds: 63072000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+        # customFrameOptionsValue: "allow-from https:{{env "DOMAINNAME"}}" #CSP takes care of this but may be needed for organizr.
+        customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+        contentTypeNosniff: true
+        browserXssFilter: true
+        sslForceHost: true # add sslHost to all of the services
+        sslHost: "{{env "DOMAINNAME"}}"
+        referrerPolicy: "same-origin"
+        permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()"
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,noindex,nofollow" #global not tracking with websearch
+          # X-Robots-Tag: "noindex,nofollow" "  # nextcloud recommandation 
+          server: ""
+          # https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
+          # X-Forwarded-Proto: "https"
\ No newline at end of file
diff --git a/appdata/traefik/rules/routing.yaml b/appdata/traefik/rules/routing.yaml
new file mode 100644
index 0000000..ed0943b
--- /dev/null
+++ b/appdata/traefik/rules/routing.yaml
@@ -0,0 +1,114 @@
+http:
+      # if you want add athentik on your service just add this on rour router
+  routers:
+
+    authentik-rtr:
+      service: authentik-svc
+      rule: Host(`{{ env "AUTHENTIK_HOST" }}`)
+    
+    authentik-output-rtr:
+      service: authentik-svc
+      rule: HostRegexp(`{subdomain:[a-z0-9-]+}.{{ env "DOMAINNAME" }}`) && PathPrefix(`{{ env "AUTHENTIK_OUTPOST_PATH_PREFIX" }}`)
+
+    traefik-rtr:
+      rule: "Host(`{{ env "TRAEFIK_DASHBOARD_HOST" }}`)"
+      service: api@internal
+      middlewares:
+        - traefik-dashboard-auth@file
+
+    portainer-rtr:
+      service: portainer-svc
+      rule: Host(`{{ env "PORTAINER_HOST" }}`)
+      middlewares:
+       - portainer-cache@file
+
+    homepage-rtr:
+      service: homepage-svc
+      rule: Host(`{{ env "HOMEPAGE_HOST" }}`)
+      middlewares:
+        - middlewares-authentik@file
+
+    prowlarr-rtr:
+      service: prowlarr-svc
+      rule: Host(`{{ env "PROWLARR_HOST" }}`)
+      middlewares:
+        - servarr-cache@file
+
+    sonarr-rtr:
+      service: sonarr-svc
+      rule: Host(`{{ env "SONARR_HOST" }}`)
+      middlewares:
+        - servarr-cache@file
+
+    radarr-rtr:
+      service: radarr-svc
+      rule: Host(`{{ env "RADARR_HOST" }}`)
+      middlewares:
+        - servarr-cache@file
+
+    lidarr-rtr:
+      service: lidarr-svc
+      rule: Host(`{{ env "LIDARR_HOST" }}`)
+      middlewares:
+        - servarr-cache@file
+        
+    readarr-rtr:
+      service: readarr-svc
+      rule: Host(`{{ env "READARR_HOST" }}`)
+      middlewares:
+        - servarr-cache@file
+        
+    torrent-rtr:
+      service: torrent-svc
+      rule: Host(`{{ env "TORRENT_HOST" }}`)
+
+  services:
+
+    authentik-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "AUTHENTIK_URL" }}
+
+    portainer-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "PORTAINER_URL" }}
+
+    homepage-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "HOMEPAGE_URL" }}
+
+    prowlarr-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "PROWLARR_URL" }}
+
+    sonarr-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "SONARR_URL" }}
+
+    radarr-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "RADARR_URL" }}
+
+    lidarr-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "LIDARR_URL" }}
+
+    readarr-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "READARR_URL" }}
+
+    torrent-svc:
+      loadBalancer:
+        servers:
+          - url: {{ env "TORRENT_URL" }}
+
+  serversTransports:
+    insecureTransport:
+      insecureSkipVerify: true
\ No newline at end of file
diff --git a/appdata/traefik/rules/tls-opts.yaml b/appdata/traefik/rules/tls-opts.yaml
new file mode 100644
index 0000000..fa20898
--- /dev/null
+++ b/appdata/traefik/rules/tls-opts.yaml
@@ -0,0 +1,35 @@
+################################################################
+# TLS Options (https://jellyfin.org/docs/general/networking/traefik2.html#traefik-providertoml)
+# toml -> yml
+# 2024 updates to cipherSuites from (https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/)
+#
+# Set secure options by disabling insecure older TLS/SSL versions
+# and insecure ciphers. SNIStrict disabled leaves TLS1.0 open.
+# If you have problems with older clients, you can may need to relax
+# these minimums. This configuration will give you an A+ SSL security
+# score supporting TLS1.2 and TLS1.3
+#
+# Dynamic configuration
+# https://doc.traefik.io/traefik/https/tls/
+################################################################
+tls:
+  options:
+    tls-opts:
+      sniStrict: true
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
+      curvePreferences:
+        - secp521r1 # CurveP521
+        - secp384r1 # CurveP384
+    mintls13:
+      minVersion: VersionTLS13
\ No newline at end of file
diff --git a/appdata/traefik/rules/traefik-dashboard-auth.yaml b/appdata/traefik/rules/traefik-dashboard-auth.yaml
new file mode 100644
index 0000000..58ecbde
--- /dev/null
+++ b/appdata/traefik/rules/traefik-dashboard-auth.yaml
@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    traefik-dashboard-auth:
+      basicAuth:
+        users:
+          - "{{ env "TRAEFIK_DASHBOARD_CREDENTIALS" }}"
\ No newline at end of file
diff --git a/docs/Authentik_en.md b/docs/Authentik_en.md
new file mode 100644
index 0000000..e69de29
diff --git a/docs/Authentik_fr.md b/docs/Authentik_fr.md
new file mode 100644
index 0000000..e69de29
diff --git a/docs/doc_en.md b/docs/doc_en.md
new file mode 100644
index 0000000..1e38538
--- /dev/null
+++ b/docs/doc_en.md
@@ -0,0 +1,210 @@
+# Homelab Docker Server
+
+## Version Information
+
+The secrets will be set up progressively, taking into account the compatibility of each service.
+
+This project configures a Homelab Docker server with a simple setup. In the future, more services will be added.
+
+## Project Inspiration and More Details
+
+### CrowdSec
+
+- [CrowdSec Blog - Enhance Docker Compose Security](https://www.crowdsec.net/blog/enhance-docker-compose-security)
+- [Traefik Bouncer GitHub](https://git.hhf.technology/maxlerebourg/crowdsec-bouncer-traefik-plugin)
+- [Traefik Bouncer Tutorial](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin)
+
+### Project Architecture Inspiration and Authentik Documentation:
+
+- [GitHub - hhf](https://git.hhf.technology/hhf/authentik_traefik)
+- Thanks to @hhf
+
+## Initial Setup
+
+1. **Rename the `.env.example` file to `.env`.**
+
+2. **Fill in the variables in the `.env` file:**
+
+   - `DOMAINNAME`: Domain name.
+   - `TZ`: Time zone.
+   - Create an account on [CrowdSec](https://www.crowdsec.net) (free).
+   - Create a secret with the API key generated on Cloudflare for Let's Encrypt. See the [tutorial here](https://youtu.be/n1vOfdz5Nm8?si=a7WRX2rLfm4HydtU&t=1012).
+   - Add the Cloudflare API key to `/secret/cf_dns_api_token`.
+
+3. Generate the secrets for Authentik:
+
+# Secrets to Create
+
+The following secrets (defined in the base `compose.yaml` file) need to be created:
+
+I recommend creating secrets with the following syntax:
+
+```bash
+echo -n 'VALUE_CHANGEME' > SECRET_NAME_CHANGEME
+```
+
+Check out Traefik's info at https://doc.traefik.io/traefik/https/acme/#providers. Cloudflare specific information: https://go-acme.github.io/lego/dns/cloudflare/
+
+- `cf_email`
+- `cf_dns_api_token`
+  ```bash
+  echo -n 'CHANGEME@gmail.com' > cf_email
+  echo -n 'CHANGEME-LONGAPI-CHANGEME' > cf_dns_api_token
+  ```
+
+Specific to Authentik (https://docs.goauthentik.io/docs/installation/docker-compose#preparation)
+
+- `authentik_postgresql_db`
+- `authentik_postgresql_user`
+- `authentik_postgresql_password`
+- `authentik_secret_key`
+  ```bash
+  echo -n 'authentik_db' > authentik_postgresql_db
+  echo -n 'authentik_user' > authentik_postgresql_user
+  openssl rand 36 | base64 -w 0 > authentik_postgresql_password
+  openssl rand 60 | base64 -w 0 > authentik_secret_key
+  ```
+
+Create a Gmail account and enter the information:
+
+- `gmail_smtp_username`
+- `gmail_smtp_password`
+  ```bash
+  echo -n 'CHANGEME@gmail.com' > gmail_smtp_username
+  echo -n 'CHANGEME' > gmail_smtp_password
+  ```
+
+Go to https://dev.maxmind.com/geoip/geolite2-free-geolocation-data to generate a free license key (https://www.maxmind.com/en/accounts/current/license-key) for use.
+
+- `geoip_account_id`
+- `geoip_license_key`
+  ```bash
+  echo -n 'CHANGEME' > geoip_account_id
+  echo -n 'CHANGEME' > geoip_license_key
+  ```
+
+---
+
+4. **Let's Encrypt Configuration in `/appdata/traefik/config/traefik.yaml`:**
+
+   **Development Mode**
+
+   - During installation, ensure the line `caServer: https://acme-v02.api.letsencrypt.org/directory` is commented out.
+   - Replace `CHANGEME` with your email.
+
+   **Switch to Production:**
+
+   - Delete the `acme.json` file in `/appdata/traefik/data/`.
+   - Uncomment the line `caServer: https://acme-v02.api.letsencrypt.org/directory` in `/appdata/traefik/config/traefik.yaml`.
+   - Restart the project to obtain a production SSL certificate.
+
+## Project Launch
+
+1. **Start the project:**
+
+   Navigate to the `/my-compose/` folder where the `docker-compose.yaml` file is located, then run the command:
+
+   ```bash
+   docker compose up -d
+   ```
+
+2. **Check the services:**
+
+   To check if all services are active, run:
+
+   ```bash
+   docker ps
+   ```
+
+   _Tip: To read the logs of a specific container, use:_
+
+   ```bash
+   docker logs 'container_name'
+   ```
+
+3. **Add the security engine on CrowdSec:**
+
+   - Go to [CrowdSec](https://www.crowdsec.net), click on "Add Security Engine," and copy the token displayed after `sudo`.
+
+   ![add security engine](images/crowdsec_1.png)
+   ![add security engine](images/crowdsec_2.png)
+
+4. **Run the following command in the terminal:**
+
+   ```bash
+   docker exec crowdsec cscli console enroll -e context 'retrieved token'
+   ```
+
+   ![add security engine](images/crowdsec_3.png)
+
+5. **Return to the CrowdSec website:**
+
+   - In the "Engines" section, accept the invitation. You should see an active item appear.
+
+   ![add security engine](images/crowdsec_4.png)
+
+6. **Create the Traefik bouncer:**
+
+   To allow CrowdSec to read Traefik logs, run:
+
+   ```bash
+   docker exec crowdsec cscli bouncers add traefik-bouncer
+   ```
+
+7. **Add the API key:**
+
+   - Copy the generated API key and set the variable `CROWDSEC_TRAEFIK_BOUNCER_LAPI_KEY` in the `.env` file located in `/my-compose/.env`.
+
+8. **Restart the project:**
+
+   ```bash
+   docker compose up -d --force-recreate
+   ```
+
+9. **Wait a few minutes for the CrowdSec service to activate:**
+
+   - After a few minutes, you should see the active page on the CrowdSec web interface.
+
+   ![add security engine](images/crowdsec_6.png)
+
+## Additional Information
+
+- **Logs**: To read the startup logs of CrowdSec or Traefik, use the following commands:
+
+  ```bash
+  docker logs --tail 100 -f traefik
+  ```
+
+  ```bash
+  docker logs --tail 100 -f crowdsec
+  ```
+
+- **If errors occur:** Delete the `config` folder and restart the services with:
+
+  ```bash
+  docker compose up -d --force-recreate
+  ```
+
+  If that fails, delete the `appdata/crowdsec/db` and `appdata/crowdsec/config` folders and restart the setup from scratch (bouncer + add engine).
+
+- **Add a database other than SQLite:**
+
+  - First, launch the project with SQLite.
+  - Follow the tutorial [CrowdSec database custom](https://docs.crowdsec.net/docs/next/local_api/database/).
+  - Edit the file `appdata/crowdsec/config/crowdsec/config.yaml`.
+  - Delete the `appdata/crowdsec/data` folder.
+  - Reconfigure from scratch (engine + bouncer).
+
+- **Available `cscli` commands:** Check the documentation [here](https://docs.crowdsec.net/docs/cscli/).
+
+### Qbittorrent (documentation coming soon)
+
+To retrieve the Qbittorrent password: run the command
+
+`docker logs qbittorrent`.
+
+### Servarr (documentation coming soon):
+
+### Authentik
+
+Follow this documentation [Authentik](https://git.hhf.technology/hhf/authentik_traefik/blob/traefik3/README.md)
diff --git a/docs/doc_fr.md b/docs/doc_fr.md
new file mode 100644
index 0000000..8f79af8
--- /dev/null
+++ b/docs/doc_fr.md
@@ -0,0 +1,210 @@
+# Homelab Docker Server
+
+## Information de version
+
+Les secrets seront mis en place progressivement, en prenant en compte les compatibilités de chaque service.
+
+Ce projet configure un serveur Homelab Docker avec une configuration simple à l'avenir, d'autres services
+
+## Inspiration du projet et plus de détails
+
+### CrowdSec
+
+- [CrowdSec Blog - Enhance Docker Compose Security](https://www.crowdsec.net/blog/enhance-docker-compose-security)
+- [Traefik Bouncer GitHub](https://git.hhf.technology/maxlerebourg/crowdsec-bouncer-traefik-plugin)
+- [Traefik Bouncer Tutorial](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin)
+
+### Inspiration architecture du projet et documentation pour authentik :
+
+- [GitHub - hhf](https://git.hhf.technology/hhf/authentik_traefik)
+- Merci à @hhf
+
+## Configuration Initiale
+
+1. **Renommer le fichier `.env.example` en `.env`.**
+
+2. **Renseigner les variables dans le fichier `.env` :**
+
+   - `DOMAINNAME` : Nom de domaine.
+   - `TZ` : Fuseau horaire.
+   - Créer un compte sur [CrowdSec](https://www.crowdsec.net) (gratuit).
+   - Créer un secret avec la clé API générée sur Cloudflare pour Let's Encrypt. Voir le [tutoriel ici](https://youtu.be/n1vOfdz5Nm8?si=a7WRX2rLfm4HydtU&t=1012).
+   - Ajouter la clé API Cloudflare dans `/secret/cf_dns_api_token`.
+
+3. Génerer les secrets pour authentik :
+
+# Secrets à créer
+
+Les secrets suivants (définis dans le fichier `compose.yaml` de base) doivent être créés :
+
+Je vous recommande de créer les secrets avec la syntaxe suivante :
+
+```bash
+echo -n 'VALEUR_CHANGEME' > NOM_DU_SECRET_CHANGEME
+```
+
+Consultez les informations sur Traefik à l'adresse suivante : https://doc.traefik.io/traefik/https/acme/#providers. Informations spécifiques à Cloudflare : https://go-acme.github.io/lego/dns/cloudflare/
+
+- `cf_email`
+- `cf_dns_api_token`
+  ```bash
+  echo -n 'CHANGEME@gmail.com' > cf_email
+  echo -n 'CHANGEME-LONGAPI-CHANGEME' > cf_dns_api_token
+  ```
+
+Spécifique à Authentik (https://docs.goauthentik.io/docs/installation/docker-compose#preparation)
+
+- `authentik_postgresql_db`
+- `authentik_postgresql_user`
+- `authentik_postgresql_password`
+- `authentik_secret_key`
+  ```bash
+  echo -n 'authentik_db' > authentik_postgresql_db
+  echo -n 'authentik_user' > authentik_postgresql_user
+  openssl rand 36 | base64 -w 0 > authentik_postgresql_password
+  openssl rand 60 | base64 -w 0 > authentik_secret_key
+  ```
+
+Créez un compte Gmail et saisissez les informations :
+
+- `gmail_smtp_username`
+- `gmail_smtp_password`
+  ```bash
+  echo -n 'CHANGEME@gmail.com' > gmail_smtp_username
+  echo -n 'CHANGEME' > gmail_smtp_password
+  ```
+
+Allez sur https://dev.maxmind.com/geoip/geolite2-free-geolocation-data pour générer une clé de licence gratuite (https://www.maxmind.com/en/accounts/current/license-key) à utiliser.
+
+- `geoip_account_id`
+- `geoip_license_key`
+  ```bash
+  echo -n 'CHANGEME' > geoip_account_id
+  echo -n 'CHANGEME' > geoip_license_key
+  ```
+
+---
+
+4. **Configuration Let's Encrypt dans `/appdata/traefik/config/traefik.yaml` :**
+
+   **Developpement mode**
+
+   - Pendant l'installation, assurez-vous que la ligne `caServer: https://acme-v02.api.letsencrypt.org/directory` est commentée.
+   - remplacez `CHANGEME` par votre email
+
+   **Passage en production :**
+
+   - Supprimez le fichier `acme.json` dans `/appdata/traefik/data/`.
+   - Décommentez la ligne `caServer: https://acme-v02.api.letsencrypt.org/directory` dans `/appdata/traefik/config/traefik.yaml`.
+   - Relancez le projet pour obtenir un certificat SSL en production.
+
+## Lancement du Projet
+
+1. **Démarrer le projet :**
+
+   Allez dans le dossier `/my-compose/` où se trouve le fichier `docker-compose.yaml`, puis exécutez la commande :
+
+   ```bash
+   docker compose up -d
+   ```
+
+2. **Vérification des services :**
+
+   Pour vérifier que tous les services sont actifs, exécutez :
+
+   ```bash
+   docker ps
+   ```
+
+   _Astuce : Pour lire les logs d'un conteneur spécifique, utilisez :_
+
+   ```bash
+   docker logs 'nom_du_conteneur'
+   ```
+
+3. **Ajouter le moteur de sécurité sur CrowdSec :**
+
+   - Allez sur [CrowdSec](https://www.crowdsec.net), cliquez sur "Add Security Engine", et copiez le token affiché après `sudo`.
+
+   ![add security engine](images/crowdsec_1.png)
+   ![add security engine](images/crowdsec_2.png)
+
+4. **Exécuter la commande suivante dans le terminal :**
+
+   ```bash
+   docker exec crowdsec cscli console enroll -e context 'token récupéré'
+   ```
+
+   ![add security engine](images/crowdsec_3.png)
+
+5. **Retourner sur le site CrowdSec :**
+
+   - Dans la section "Engines", acceptez l'invitation. Vous devriez voir un élément actif apparaître.
+
+   ![add security engine](images/crowdsec_4.png)
+
+6. **Créer le bouncer Traefik :**
+
+   Pour que CrowdSec puisse lire les logs de Traefik, exécutez :
+
+   ```bash
+   docker exec crowdsec cscli bouncers add traefik-bouncer
+   ```
+
+7. **Ajouter la clé API :**
+
+   - Copiez la clé API générée et définissez la variable `CROWDSEC_TRAEFIK_BOUNCER_LAPI_KEY` dans le fichier `.env` situé dans `/my-compose/.env`.
+
+8. **Relancer le projet :**
+
+   ```bash
+   docker compose up -d --force-recreate
+   ```
+
+9. **Attendre quelques minutes pour l'activation du service CrowdSec :**
+
+   - Après quelques minutes, vous devriez voir la page active sur l'interface web de CrowdSec.
+
+   ![add security engine](images/crowdsec_6.png)
+
+## Informations supplémentaires
+
+- **Logs** : Pour lire les logs de démarrage de CrowdSec ou Traefik, utilisez les commandes suivantes :
+
+  ```bash
+  docker logs --tail 100 -f traefik
+  ```
+
+  ```bash
+  docker logs --tail 100 -f crowdsec
+  ```
+
+- **En cas d'erreurs :** Supprimez le dossier `config` et relancez les services avec :
+
+  ```bash
+  docker compose up -d --force-recreate
+  ```
+
+  Si cela échoue, supprimez les dossiers `appdata/crowdsec/db` et `appdata/crowdsec/config` puis recommencez la configuration depuis le début (bouncer + add engine).
+
+- **Ajouter une base de données autre que SQLite :**
+
+  - Lancez d'abord le projet avec SQLite.
+  - Suivez le tutoriel [CrowdSec database custom](https://docs.crowdsec.net/docs/next/local_api/database/).
+  - Modifiez le fichier `appdata/crowdsec/config/crowdsec/config.yaml`.
+  - Supprimez le dossier `appdata/crowdsec/data`.
+  - Reconfigurez à partir de zéro (engine + bouncer).
+
+- **Commandes `cscli` disponibles :** Consultez la documentation [ici](https://docs.crowdsec.net/docs/cscli/).
+
+### Qbittorrent (documentation à venir)
+
+Pour obtenir le mot de passe Qbittorrent : exécutez la commande
+
+`docker logs qbittorrent`.
+
+### Servarr (documentation à venir) :
+
+### AUthentik
+
+suivre cette documentation [Authentik](https://git.hhf.technology/hhf/authentik_traefik/blob/traefik3/README.md)
diff --git a/docs/images/authentik_admin.png b/docs/images/authentik_admin.png
new file mode 100644
index 0000000..0b28a9a
Binary files /dev/null and b/docs/images/authentik_admin.png differ
diff --git a/docs/images/crowdsec_1.png b/docs/images/crowdsec_1.png
new file mode 100644
index 0000000..78f5d62
Binary files /dev/null and b/docs/images/crowdsec_1.png differ
diff --git a/docs/images/crowdsec_10.png b/docs/images/crowdsec_10.png
new file mode 100644
index 0000000..4131e53
Binary files /dev/null and b/docs/images/crowdsec_10.png differ
diff --git a/docs/images/crowdsec_2.png b/docs/images/crowdsec_2.png
new file mode 100644
index 0000000..64d3063
Binary files /dev/null and b/docs/images/crowdsec_2.png differ
diff --git a/docs/images/crowdsec_3.png b/docs/images/crowdsec_3.png
new file mode 100644
index 0000000..0329afd
Binary files /dev/null and b/docs/images/crowdsec_3.png differ
diff --git a/docs/images/crowdsec_4.png b/docs/images/crowdsec_4.png
new file mode 100644
index 0000000..fb0062f
Binary files /dev/null and b/docs/images/crowdsec_4.png differ
diff --git a/docs/images/crowdsec_5.png b/docs/images/crowdsec_5.png
new file mode 100644
index 0000000..df396ed
Binary files /dev/null and b/docs/images/crowdsec_5.png differ
diff --git a/docs/images/crowdsec_6.png b/docs/images/crowdsec_6.png
new file mode 100644
index 0000000..65a42a9
Binary files /dev/null and b/docs/images/crowdsec_6.png differ
diff --git a/docs/images/crowdsec_7.png b/docs/images/crowdsec_7.png
new file mode 100644
index 0000000..f5daa2f
Binary files /dev/null and b/docs/images/crowdsec_7.png differ
diff --git a/docs/images/crowdsec_8.png b/docs/images/crowdsec_8.png
new file mode 100644
index 0000000..f29de0a
Binary files /dev/null and b/docs/images/crowdsec_8.png differ
diff --git a/docs/images/crowdsec_9.png b/docs/images/crowdsec_9.png
new file mode 100644
index 0000000..103936b
Binary files /dev/null and b/docs/images/crowdsec_9.png differ
diff --git a/docs/images/lets-encrypt-conf.png b/docs/images/lets-encrypt-conf.png
new file mode 100644
index 0000000..d59e0c3
Binary files /dev/null and b/docs/images/lets-encrypt-conf.png differ
diff --git a/docs/images/prowlarr_1.png b/docs/images/prowlarr_1.png
new file mode 100644
index 0000000..92d2005
Binary files /dev/null and b/docs/images/prowlarr_1.png differ
diff --git a/docs/images/prowlarr_2.png b/docs/images/prowlarr_2.png
new file mode 100644
index 0000000..2f9013a
Binary files /dev/null and b/docs/images/prowlarr_2.png differ
diff --git a/docs/images/prowlarr_3.png b/docs/images/prowlarr_3.png
new file mode 100644
index 0000000..a0e5a7f
Binary files /dev/null and b/docs/images/prowlarr_3.png differ
diff --git a/docs/images/prowlarr_4.png b/docs/images/prowlarr_4.png
new file mode 100644
index 0000000..0624401
Binary files /dev/null and b/docs/images/prowlarr_4.png differ
diff --git a/docs/images/qbittorent_3.png b/docs/images/qbittorent_3.png
new file mode 100644
index 0000000..98b9383
Binary files /dev/null and b/docs/images/qbittorent_3.png differ
diff --git a/docs/images/qbittorent_4.png b/docs/images/qbittorent_4.png
new file mode 100644
index 0000000..17425d8
Binary files /dev/null and b/docs/images/qbittorent_4.png differ
diff --git a/docs/images/traefik_1.png b/docs/images/traefik_1.png
new file mode 100644
index 0000000..7477e80
Binary files /dev/null and b/docs/images/traefik_1.png differ
diff --git a/docs/images/traefik_dashboard.png b/docs/images/traefik_dashboard.png
new file mode 100644
index 0000000..499ba2b
Binary files /dev/null and b/docs/images/traefik_dashboard.png differ
diff --git a/my-compose/.env.example b/my-compose/.env.example
new file mode 100644
index 0000000..815a4a3
--- /dev/null
+++ b/my-compose/.env.example
@@ -0,0 +1,223 @@
+################################################################
+# Base Configuration
+################################################################
+DOCKERDIR=/CHAMGEME/Homelab-docker-server
+PUID=root
+PGID=root
+TZ=Europe/Paris
+DOMAINNAME=CHANGE_ME
+################################################################
+# SMTP  Configuration base conf wit google smtp
+# https://support.google.com/accounts/answer/185833?hl=fr
+################################################################
+SMPT_EMAIL_HOST=smtp.gmail.com
+SMPT_EMAIL_PORT=25
+SMPT_EMAIL_USERNAME=gmail_smtp_username # secrets name
+SMPT_EMAIL_PASSWORD=gmail_smtp_password # secrets name
+SMPT_EMAIL_USE_TLS=true
+SMPT_EMAIL_USE_SSL=false
+SMPT_EMAIL_TIMEOUT=10
+SMPT_EMAIL_FROM=gmail_smtp_username # secrets name
+
+################################################################
+#################### Traefik 3 - June 2024 #####################
+# Cloudflare IPs (IPv4 and/or IPv6): https://www.cloudflare.com/ips/
+################################################################
+
+CF_EMAIL=CHANGEME
+CLOUDFLARE_IPS=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
+LOCAL_IPS=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+
+################################################################
+# Secrets command
+################################################################
+SECRETS_RUN=/run/secrets/
+SECRETS_FILE=file://${SECRETS_RUN}
+
+################################################################
+# Proxy services
+################################################################
+
+DOCKER_HOST=tcp://socket-proxy:2375
+
+################################################################
+# Traefik Configuration
+# generate TRAEFIK_DASHBOARD_CREDENTIALS here :  https://www.web2generators.com/apache-tools/htpasswd-generator
+################################################################
+
+TRAEFIK_DASHBOARD_CREDENTIALS=CHANGE_ME
+TRAEFIK_DASHBOARD_NAME=traefik-dashboard
+TRAEFIK_DASHBOARD_HOST=${TRAEFIK_DASHBOARD_NAME}.${DOMAINNAME}
+
+# Traefik load balancing
+# https://gethomepage.dev/latest/widgets/services/traefik/
+HOMEPAGE_VAR_TRAEFIK_URL_EXTERNAL=https://${TRAEFIK_DASHBOARD_HOST}
+HOMEPAGE_VAR_TRAEFIK_USERNAME=admin
+HOMEPAGE_VAR_TRAEFIK_PASSWORD=CHANGE_ME
+
+################################################################
+# Portainer Configuration
+################################################################
+PORTAINER_SERVICE_NAME=portainer
+PORTAINER_HOST=${PORTAINER_SERVICE_NAME}.${DOMAINNAME}
+PORTAINER_URL=http://${PORTAINER_SERVICE_NAME}:9000
+
+# Homepage configuration for Portainer
+# https://gethomepage.dev/latest/widgets/services/portainer/
+HOMEPAGE_VAR_PORTAINER_URL_EXTERNAL=https://${PORTAINER_HOST}
+HOMEPAGE_VAR_PORTAINER_URL_INTERNAL=${PORTAINER_URL}
+HOMEPAGE_VAR_PORTAINER_KEY=CHANGE_ME
+
+################################################################
+# Authentik Configuration
+################################################################
+
+AUTHENTIK_SERVICE_NAME=authentik_server
+AUTHENTIK_SERVICE_PORT=9000
+AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
+AUTHENTIK_HOST=authentik.${DOMAINNAME}
+AUTHENTIK_URL=http://${AUTHENTIK_SERVICE_NAME}:${AUTHENTIK_SERVICE_PORT}
+AUTHENTIK_OUTPOST_PATH_PREFIX=/outpost.goauthentik.io/
+
+POSTGRES_PASSWORD_FILE=${SECRETS_RUN}authentik_postgresql_password
+#POSTGRES_USER_FILE=${SECRETS_RUN}authentik_postgresql_user
+POSTGRES_USER_FILE=${SECRETS_RUN}authentik_postgresql_db
+POSTGRES_DB_FILE=${SECRETS_RUN}authentik_postgresql_db
+AUTHENTIK_REDIS__HOST=authentik_redis
+AUTHENTIK_POSTGRESQL__HOST=authentik_postgresql
+AUTHENTIK_POSTGRESQL__NAME=${SECRETS_FILE}authentik_postgresql_db
+#AUTHENTIK_POSTGRESQL__USER=${SECRETS_FILE}authentik_postgresql_user
+AUTHENTIK_POSTGRESQL__USER=${SECRETS_FILE}authentik_postgresql_db
+AUTHENTIK_POSTGRESQL__PASSWORD=${SECRETS_FILE}authentik_postgresql_password
+AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
+AUTHENTIK_DISABLE_UPDATE_CHECK=false
+AUTHENTIK_ERROR_REPORTING__ENABLED=false
+AUTHENTIK_LOG_LEVEL=info # debug, info, warning, error, trace
+AUTHENTIK_SECRET_KEY=${SECRETS_FILE}authentik_secret_key # openssl rand 60 | base64 -w 0
+AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
+# AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS: CHANGEME_IFAPPLICABLE # Defaults to all of: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fe80::/10, ::1/128
+DOCKER_HOST=tcp://socket-proxy:2375 # Use this if you have Socket Proxy enabled.
+
+# SMPT authentik configuration
+AUTHENTIK_EMAIL__HOST=${SMPT_EMAIL_HOST}
+AUTHENTIK_EMAIL__PORT=${SMPT_EMAIL_PORT}
+AUTHENTIK_EMAIL__USERNAME=${SECRETS_FILE}${SMPT_EMAIL_USERNAME}
+AUTHENTIK_EMAIL__PASSWORD=${SECRETS_FILE}${SMPT_EMAIL_PASSWORD}
+AUTHENTIK_EMAIL__USE_TLS=${SMPT_EMAIL_USE_TLS}
+AUTHENTIK_EMAIL__USE_SSL=${SMPT_EMAIL_USE_SSL}
+AUTHENTIK_EMAIL__TIMEOUT=${SMPT_EMAIL_TIMEOUT}
+AUTHENTIK_EMAIL__FROM=${SECRETS_FILE}${SMPT_EMAIL_FROM}
+
+# Homepage configuration for Authentik
+# https://gethomepage.dev/latest/widgets/services/authentik/
+HOMEPAGE_VAR_AUTHENTIK_URL_EXTERNAL=https://${AUTHENTIK_HOST}
+HOMEPAGE_VAR_AUTHENTIK_URL_INTERNAL=${AUTHENTIK_URL}
+HOMEPAGE_VAR_AUTHENTIK_API_KEY=CHANGE_ME
+
+################################################################
+# GeoIP Configuration
+# Go to https://dev.maxmind.com/geoip/geolite2-free-geolocation-data in order to generate a free license key 
+# https://www.maxmind.com/en/accounts/current/license-key for use.
+################################################################
+GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
+GEOIPUPDATE_FREQUENCY=8
+GEOIPUPDATE_ACCOUNT_ID_FILE=${SECRETS_RUN}geoip_acccount_id
+GEOIPUPDATE_LICENSE_KEY_FILE=${SECRETS_RUN}geoip_license_key
+
+################################################################
+# Crowdsec Configuration
+################################################################
+CROWDSEC_TRAEFIK_BOUNCER_LAPI_KEY=CHANGE_ME #to get api key : docker exec crowdsec cscli bouncers add traefik-bouncer
+
+# Homepage configuration for Crowdsec
+# got to /appdata/crowdsec/config/local_api_credentials.yaml and past HOMEPAGE_VAR_CROWDSEC_PASSWORD value
+HOMEPAGE_VAR_CROWDSEC_WEBSITE=https://app.crowdsec.net
+HOMEPAGE_VAR_CROWDSEC_URL_INTERNAL=http://crowdsec:8080
+HOMEPAGE_VAR_CROWDSEC_USERNAME=localhost
+HOMEPAGE_VAR_CROWDSEC_PASSWORD=CHANGE_ME
+
+################################################################
+# Homepage Configuration
+################################################################
+HOMEPAGE_SERVICE_NAME=homepage
+HOMEPAGE_PORT=3000
+HOMEPAGE_HOST=${HOMEPAGE_SERVICE_NAME}.${DOMAINNAME}
+HOMEPAGE_URL=http://${HOMEPAGE_SERVICE_NAME}:${HOMEPAGE_PORT}
+
+################################################################
+# Cloudflare Configuration (not a docker)
+################################################################
+HOMEPAGE_VAR_CLOUDFLARE_URL=https://dash.cloudflare.com/login/?lang=fr-fr
+
+################################################################
+# qBittorrent Configuration
+################################################################
+TORRENT_SERVICE_NAME=torrent
+TORRENT_PORT=8090
+TORRENT_HOST=${TORRENT_SERVICE_NAME}.${DOMAINNAME}
+TORRENT_URL=http://CHANGE_ME:${TORRENT_PORT} # service name host not work actually, just add docker host ip
+
+# Homepage configuration for qBittorrent
+# See Homepage tutorial: https://gethomepage.dev/latest/widgets/services/qbittorrent/
+HOMEPAGE_VAR_QBITTORRENT_URL_EXTERNAL=https://${TORRENT_HOST}
+HOMEPAGE_VAR_QBITTORRENT_URL_INTERNAL=${TORRENT_URL}
+HOMEPAGE_VAR_QBITTORRENT_USERNAME=admin
+HOMEPAGE_VAR_QBITTORRENT_PASSWORD=CHANGE_ME
+
+################################################################
+# Servarr Configuration
+# See Homepage tutorial: 
+# https://gethomepage.dev/latest/widgets/services/prowlarr/
+# https://gethomepage.dev/latest/widgets/services/lidarr/
+# https://gethomepage.dev/latest/widgets/services/readarr/
+# https://gethomepage.dev/latest/widgets/services/sonarr/
+# https://gethomepage.dev/latest/widgets/services/radarr/
+################################################################
+BASE_PATH_MEDIA=CHANGEME
+
+PROWLARR_SERVICE_NAME=prowlarr
+SONARR_SERVICE_NAME=sonarr
+RADARR_SERVICE_NAME=radarr
+LIDARR_SERVICE_NAME=lidarr
+READARR_SERVICE_NAME=readarr
+
+PROWLARR_SERVICE_PORT=9696
+SONARR_SERVICE_PORT=8989
+RADARR_SERVICE_PORT=7878
+LIDARR_SERVICE_PORT=8686
+READARR_SERVICE_PORT=8787
+
+
+PROWLARR_HOST=${PROWLARR_SERVICE_NAME}.${DOMAINNAME}
+SONARR_HOST=${SONARR_SERVICE_NAME}.${DOMAINNAME}
+RADARR_HOST=${RADARR_SERVICE_NAME}.${DOMAINNAME}
+LIDARR_HOST=${LIDARR_SERVICE_NAME}.${DOMAINNAME}
+READARR_HOST=${READARR_SERVICE_NAME}.${DOMAINNAME}
+
+PROWLARR_URL=http://${PROWLARR_SERVICE_NAME}:${PROWLARR_SERVICE_PORT}
+SONARR_URL=http://${SONARR_SERVICE_NAME}:${SONARR_SERVICE_PORT}
+RADARR_URL=http://${RADARR_SERVICE_NAME}:${RADARR_SERVICE_PORT}
+LIDARR_URL=http://${LIDARR_SERVICE_NAME}:${LIDARR_SERVICE_PORT}
+READARR_URL=http://${READARR_SERVICE_NAME}:${READARR_SERVICE_PORT}
+
+# Homepage configuration for Servarr Services
+HOMEPAGE_VAR_PROWLARR_URL_EXTERNAL=https://${PROWLARR_HOST}
+HOMEPAGE_VAR_PROWLARR_URL_INTERNAL=${PROWLARR_URL}
+HOMEPAGE_VAR_PROWLARR_KEY=CHANGE_ME
+
+HOMEPAGE_VAR_SONARR_URL_EXTERNAL=https://${SONARR_HOST}
+HOMEPAGE_VAR_SONARR_URL_INTERNAL=${SONARR_URL}
+HOMEPAGE_VAR_SONARR_KEY=CHANGE_ME
+
+HOMEPAGE_VAR_RADARR_URL_EXTERNAL=https://${RADARR_HOST}
+HOMEPAGE_VAR_RADARR_URL_INTERNAL=${RADARR_URL}
+HOMEPAGE_VAR_RADARR_KEY=CHANGE_ME
+
+HOMEPAGE_VAR_LIDARR_URL_EXTERNAL=https://${LIDARR_HOST}
+HOMEPAGE_VAR_LIDARR_URL_INTERNAL=${LIDARR_URL}
+HOMEPAGE_VAR_LIDARR_KEY=CHANGE_ME
+
+HOMEPAGE_VAR_READARR_URL_EXTERNAL=https://${READARR_HOST}
+HOMEPAGE_VAR_READARR_URL_INTERNAL=${READARR_URL}
+HOMEPAGE_VAR_READARR_KEY=CHANGE_ME
+
diff --git a/my-compose/authentik/authentik-compose.yaml b/my-compose/authentik/authentik-compose.yaml
new file mode 100644
index 0000000..01a0038
--- /dev/null
+++ b/my-compose/authentik/authentik-compose.yaml
@@ -0,0 +1,179 @@
+# ------------------------------
+# -- authentik (Identity Provider / SSO)
+# -- Updated/Created 2024-July-02
+# ------------------------------
+name: authentik # Project Name
+
+networks:
+  authentik-backend:
+    name: authentik-backend
+
+services:
+  authentik_postgresql:
+    image: docker.io/library/postgres:16-alpine
+    container_name: authentik_postgresql
+    shm_size: 128mb # https://hub.docker.com/_/postgres
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    networks:
+      - authentik-backend
+    volumes:
+      - "$DOCKERDIR/appdata/authentik/postgresql/data:/var/lib/postgresql/data"
+    secrets:
+      - authentik_postgresql_db
+      - authentik_postgresql_user
+      - authentik_postgresql_password
+    environment:
+      - POSTGRES_PASSWORD_FILE
+      - POSTGRES_USER_FILE
+      - POSTGRES_DB_FILE
+
+  authentik_redis:
+    image: docker.io/library/redis:alpine
+    container_name: authentik_redis
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    networks:
+      - authentik-backend
+    volumes:
+      - "$DOCKERDIR/appdata/authentik/redis/data:/data"
+
+  authentik_server:
+    image: ghcr.io/goauthentik/server:latest
+    container_name: authentik_server
+    restart: unless-stopped
+    command: server
+    depends_on:
+      - authentik_postgresql
+      - authentik_redis
+      - traefik
+      - crowdsec 
+    networks:
+      - traefik
+      - socket_proxy
+      - authentik-backend
+    secrets:
+      - authentik_postgresql_db
+      - authentik_postgresql_user
+      - authentik_postgresql_password
+      - authentik_secret_key
+    environment:
+      - AUTHENTIK_REDIS__HOST
+      - AUTHENTIK_POSTGRESQL__HOST
+      - AUTHENTIK_POSTGRESQL__NAME
+      - AUTHENTIK_POSTGRESQL__USER
+      - AUTHENTIK_POSTGRESQL__PASSWORD
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS
+      - AUTHENTIK_DISABLE_UPDATE_CHECK
+      - AUTHENTIK_ERROR_REPORTING__ENABLED
+      - AUTHENTIK_LOG_LEVEL
+      - AUTHENTIK_SECRET_KEY
+      - AUTHENTIK_COOKIE_DOMAIN
+    volumes:
+      - "$DOCKERDIR/appdata/authentik/media:/media"
+      - "$DOCKERDIR/appdata/authentik/custom-templates:/templates"
+      - "$DOCKERDIR/appdata/authentik/geoip/data:/geoip"
+
+  authentik_worker:
+    image: ghcr.io/goauthentik/server:latest
+    container_name: authentik_worker
+    restart: unless-stopped
+    user: 1000:1000
+    command: worker
+    depends_on:
+      - authentik_postgresql
+      - authentik_redis
+    networks:
+      - socket_proxy
+      - authentik-backend
+    secrets:
+      - authentik_postgresql_db
+      - authentik_postgresql_user
+      - authentik_postgresql_password
+      - authentik_secret_key
+      - gmail_smtp_username
+      - gmail_smtp_password
+    environment:
+      - DOCKER_HOST
+      - AUTHENTIK_REDIS__HOST
+      - AUTHENTIK_POSTGRESQL__HOST
+      - AUTHENTIK_POSTGRESQL__NAME
+      - AUTHENTIK_POSTGRESQL__USER
+      - AUTHENTIK_POSTGRESQL__PASSWORD
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS
+      - AUTHENTIK_DISABLE_UPDATE_CHECK
+      - AUTHENTIK_ERROR_REPORTING__ENABLED
+      - AUTHENTIK_SECRET_KEY
+      - AUTHENTIK_COOKIE_DOMAIN
+      - AUTHENTIK_LOG_LEVEL
+      - AUTHENTIK_EMAIL__HOST
+      - AUTHENTIK_EMAIL__PORT
+      - AUTHENTIK_EMAIL__USERNAME
+      - AUTHENTIK_EMAIL__PASSWORD
+      - AUTHENTIK_EMAIL__USE_TLS
+      - AUTHENTIK_EMAIL__USE_SSL
+      - AUTHENTIK_EMAIL__TIMEOUT
+      - AUTHENTIK_EMAIL__FROM
+    volumes:
+      - "$DOCKERDIR/appdata/authentik/media:/media"
+      - "$DOCKERDIR/appdata/authentik/custom-templates:/templates"
+      - "$DOCKERDIR/appdata/authentik/geoip/data:/geoip"
+      
+  geoipupdate:
+    image: ghcr.io/maxmind/geoipupdate:latest
+    container_name: geoipupdate
+    restart: unless-stopped
+    user: ${PUID}:${PGID}
+    volumes:
+      - "$DOCKERDIR/appdata/authentik/geoip/data:/usr/share/GeoIP"
+    networks:
+      - authentik-backend
+    secrets:
+      - geoip_account_id
+      - geoip_license_key
+    environment:
+      - GEOIPUPDATE_EDITION_IDS
+      - GEOIPUPDATE_FREQUENCY
+      - GEOIPUPDATE_ACCOUNT_ID_FILE
+      - GEOIPUPDATE_LICENSE_KEY_FILE
+
+  whoami-individual:
+    image: traefik/whoami:latest
+    container_name: whoami-individual
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    depends_on:
+      - traefik
+      - authentik_server
+      - authentik_worker
+    networks:
+      - traefik
+    environment:
+      - TZ
+
+  whoami-catchall:
+    image: traefik/whoami:latest
+    container_name: whoami-catchall
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    depends_on:
+      - traefik
+      - authentik_server
+      - authentik_worker
+    networks:
+      - traefik
+    environment:
+      - TZ
diff --git a/my-compose/compose.yaml b/my-compose/compose.yaml
new file mode 100644
index 0000000..ec42715
--- /dev/null
+++ b/my-compose/compose.yaml
@@ -0,0 +1,59 @@
+###############################################################
+# Networks
+###############################################################
+networks:
+  socket_proxy:
+    name: socket_proxy
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.16.224.0/24
+  traefik:
+    name: traefik
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 10.255.224.0/20
+###############################################################
+# Docker Secrets
+# Owner (default): root:root
+# Recommend Set Owner to match container user Example: UID=1100, GID=1100
+# Permissions of files & directory on host to: 0400 (-r--)
+###############################################################
+secrets:
+  ## Cloudflare / Traefik
+  cf_email:
+    file: ${DOCKERDIR}/secrets/cf_email
+  cf_dns_api_token:
+    file: ${DOCKERDIR}/secrets/cf_dns_api_token
+  ## Authentik
+  authentik_postgresql_db:
+    file: ${DOCKERDIR}/secrets/authentik_postgresql_db
+  authentik_postgresql_user:
+    file: ${DOCKERDIR}/secrets/authentik_postgresql_user
+  authentik_postgresql_password:
+    file: ${DOCKERDIR}/secrets/authentik_postgresql_password
+  authentik_secret_key:
+    file: ${DOCKERDIR}/secrets/authentik_secret_key
+  gmail_smtp_username:
+    file: ${DOCKERDIR}/secrets/gmail_smtp_username
+  gmail_smtp_password:
+    file: ${DOCKERDIR}/secrets/gmail_smtp_password
+  # ## GeoIP
+  geoip_account_id:
+    file: ${DOCKERDIR}/secrets/geoip_account_id
+  geoip_license_key:
+    file: ${DOCKERDIR}/secrets/geoip_license_key
+###############################################################
+# Include
+# Merge all of the below compose files into one large compose at run time
+# Thanks to Anand (SmartHomeBeginner), this is clean!
+###############################################################
+include:
+  - ${DOCKERDIR}/my-compose/traefik/traefik-compose.yaml
+  - ${DOCKERDIR}/my-compose/socket-proxy/socket-proxy-compose.yaml
+  - ${DOCKERDIR}/my-compose/crowdsec/crowdsec-compose.yaml
+  - ${DOCKERDIR}/my-compose/authentik/authentik-compose.yaml
+  - ${DOCKERDIR}/my-compose/portainer/portainer-compose.yaml
+  - ${DOCKERDIR}/my-compose/servarr/servarr-compose.yaml
+  - ${DOCKERDIR}/my-compose/homepage/homepage-compose.yaml
diff --git a/my-compose/crowdsec/crowdsec-compose.yaml b/my-compose/crowdsec/crowdsec-compose.yaml
new file mode 100644
index 0000000..4a75917
--- /dev/null
+++ b/my-compose/crowdsec/crowdsec-compose.yaml
@@ -0,0 +1,26 @@
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    container_name: crowdsec
+    expose:
+      - "8080"
+    depends_on:
+      - traefik
+    environment:
+      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/sshd"
+    volumes:
+      - /var/log/crowdsec:/var/log/crowdsec:ro
+      - $DOCKERDIR/appdata/crowdsec/data:/var/lib/crowdsec/data/
+      - $DOCKERDIR/appdata/crowdsec/config/crowdsec:/etc/crowdsec
+      - $DOCKERDIR/appdata/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml  
+      - $DOCKERDIR/appdata/crowdsec/whitelists_custom.yaml:/etc/crowdsec/parsers/s02-enrich/whitelists.yaml
+      # read traefik logs   
+      - $DOCKERDIR/logs/traefik/:/var/log/traefik/:ro
+      # read linux auth logs 
+      - /var/log/auth.log:/var/log/auth.log:ro
+      - /var/log/syslog:/var/log/syslog:ro
+    restart: unless-stopped
+    labels:
+      - traefik.enable=false
+    networks:
+      - traefik
diff --git a/my-compose/homepage/homepage-compose.yaml b/my-compose/homepage/homepage-compose.yaml
new file mode 100644
index 0000000..b3f886d
--- /dev/null
+++ b/my-compose/homepage/homepage-compose.yaml
@@ -0,0 +1,15 @@
+services:
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    restart: unless-stopped
+    env_file:
+      - ${DOCKERDIR}/my-compose/.env
+    ports:
+      - 3000:3000
+    volumes:
+      - $DOCKERDIR/appdata/homepage/config:/app/config # Make sure your local config directory exists
+      - $DOCKERDIR/appdata/homepage/config/icons:/app/public/icons
+    networks:
+      - traefik
+      - socket_proxy
diff --git a/my-compose/portainer/portainer-compose.yaml b/my-compose/portainer/portainer-compose.yaml
new file mode 100644
index 0000000..68e0959
--- /dev/null
+++ b/my-compose/portainer/portainer-compose.yaml
@@ -0,0 +1,18 @@
+services:
+  portainer:
+    image: portainer/portainer-ee:2.20.3
+    container_name: portainer
+    restart: unless-stopped
+    command:  --host tcp://socket-proxy:2375
+    depends_on:
+      - socket-proxy
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - "$DOCKERDIR/appdata/portainer/data:/data"
+    networks:
+      - socket_proxy
+      - traefik
+    ports:
+      - "9090:9000"
+
diff --git a/my-compose/servarr/servarr-compose.yaml b/my-compose/servarr/servarr-compose.yaml
new file mode 100644
index 0000000..ea13165
--- /dev/null
+++ b/my-compose/servarr/servarr-compose.yaml
@@ -0,0 +1,119 @@
+services:
+  prowlarr:
+    image: lscr.io/linuxserver/prowlarr:latest
+    container_name: prowlarr
+    environment:
+      - TZ=${TZ}
+      - PUID=${SERVARR_PUID}
+      - PGID=${SERVARR_PGID}
+    volumes:
+      - $DOCKERDIR/appdata/servarr/prowlarr/config:/config
+      - $DOCKERDIR/appdata/servarr/prowlarr/Backup:/data/Backup
+      - ${BASE_PATH_MEDIA}/downloads:/data/downloads
+    ports:
+      - 9696:9696
+    restart: unless-stopped
+    networks:
+      - traefik
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    environment:
+      - TZ=${TZ}
+      - PUID=${SERVARR_PUID}
+      - PGID=${SERVARR_PGID}
+    volumes:
+      - $DOCKERDIR/appdata/servarr/sonarr/Config:/config
+      - $DOCKERDIR/appdata/servarr/sonarr/Backup:/data/Backup
+      - ${BASE_PATH_MEDIA}/series:/data/tvshows
+      - ${BASE_PATH_MEDIA}/downloads:/data/downloads
+    ports:
+      - 8989:8989
+    restart: unless-stopped
+    networks:
+      - traefik
+
+  radarr:
+    image: lscr.io/linuxserver/radarr:latest
+    container_name: radarr
+    environment:
+      - TZ=${TZ}
+      - PUID=${SERVARR_PUID}
+      - PGID=${SERVARR_PGID}
+    volumes:
+      - $DOCKERDIR/appdata/servarr/radarr/Config:/config
+      - $DOCKERDIR/appdata/servarr/radarr/Backup:/data/Backup
+      - ${BASE_PATH_MEDIA}/movies:/data/movies
+      - ${BASE_PATH_MEDIA}/downloads:/data/downloads
+    ports:
+      - 7878:7878
+    restart: unless-stopped
+    networks:
+      - traefik
+
+  lidarr:
+    image: lscr.io/linuxserver/lidarr:latest
+    container_name: lidarr
+    environment:
+      - TZ=${TZ}
+      - PUID=${SERVARR_PUID}
+      - PGID=${SERVARR_PGID}
+    volumes:
+      - $DOCKERDIR/appdata/servarr/lidarr/Config:/config
+      - $DOCKERDIR/appdata/servarr/lidarr/Backup:/data/Backup
+      - ${BASE_PATH_MEDIA}/music:/data/musicfolder
+      - ${BASE_PATH_MEDIA}/downloads:/data/downloads
+    ports:
+      - 8686:8686
+    restart: unless-stopped
+    networks:
+      - traefik
+
+  readarr:
+    image: lscr.io/linuxserver/readarr:develop
+    container_name: readarr
+    environment:
+      - TZ=Etc/UTC
+      - PUID=${SERVARR_PUID}
+      - PGID=${SERVARR_PGID}
+    volumes:
+      - $DOCKERDIR/appdata/servarr/readarr/config:/config
+      - ${BASE_PATH_MEDIA}/books:/data/books # optional
+      - ${BASE_PATH_MEDIA}/downloads:/data/downloads # optional
+    ports:
+      - 8787:8787
+    restart: unless-stopped
+    networks:
+      - traefik
+
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    environment:
+      - TZ=${TZ}
+      - WEBUI_PORT=8090
+      - TORRENTING_PORT=6881
+      - PUID=${SERVARR_PUID}
+      - PGID=${SERVARR_PGID}
+    volumes:
+      - $DOCKERDIR/appdata/servarr/qbittorrent:/config
+      - ${BASE_PATH_MEDIA}/downloads:/downloads #optional
+    ports:
+      - 8090:8090
+      - 6881:6881
+      - 6881:6881/udp
+    restart: unless-stopped
+    networks:
+      - traefik
+
+  flaresolverr:
+    image: ghcr.io/flaresolverr/flaresolverr:latest
+    container_name: flaresolverr
+    environment:
+      - LOG_LEVEL=info
+    ports:
+      - 8191:8191
+    restart: unless-stopped
+    networks:
+      - traefik
+
diff --git a/my-compose/socket-proxy/socket-proxy-compose.yaml b/my-compose/socket-proxy/socket-proxy-compose.yaml
new file mode 100644
index 0000000..937f63f
--- /dev/null
+++ b/my-compose/socket-proxy/socket-proxy-compose.yaml
@@ -0,0 +1,50 @@
+name: socket-proxy # Project Name
+services:
+  socket-proxy:
+    image: tecnativa/docker-socket-proxy:0.1.2
+    container_name: socket-proxy
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges=true
+    networks:
+      - socket_proxy
+      #socket_proxy:
+      #  ipv4_address: 172.16.224.254
+    privileged: true  # true for VM.  false for unprivileged LXC container.
+    ports:
+      - "127.0.0.1:2375:2375"
+    environment:
+      - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
+      ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
+      ### 0 to revoke access.
+      ### 1 to grant access.
+      ## Granted by Default
+      - EVENTS=1
+      - PING=1
+      - VERSION=1
+      ## Revoked by Default
+      ### Security critical
+      - AUTH=0
+      - SECRETS=0
+      - POST=1          # Watchtower
+      ### Not always needed
+      - BUILD=0
+      - COMMIT=0
+      - CONFIGS=0
+      - CONTAINERS=1    # Traefik, portainer, etc.
+      - POST=1
+      - DISTRIBUTION=0
+      - EXEC=1
+      - IMAGES=1        # Portainer
+      - INFO=1          # Portainer
+      - NETWORKS=1      # Portainer
+      - NODES=0
+      - PLUGINS=0
+      - SERVICES=1      # Portainer
+      - SESSION=0
+      - SWARM=0
+      - SYSTEM=0
+      - TASKS=1         # Portainer
+      - VOLUMES=1       # Portainer
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
diff --git a/my-compose/traefik/traefik-compose.yaml b/my-compose/traefik/traefik-compose.yaml
new file mode 100644
index 0000000..b59e7c5
--- /dev/null
+++ b/my-compose/traefik/traefik-compose.yaml
@@ -0,0 +1,60 @@
+###############################################################
+# 
+# https://docs.docker.com/compose/compose-file/05-services/#security_opt
+# https://docs.docker.com/compose/environment-variables/set-environment-variables/
+# 
+###############################################################
+name: traefik
+
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: unless-stopped
+#    user: ${PUID}:${PGID} # uncomment if you using a user and group role
+    env_file:
+      - ${DOCKERDIR}/my-compose/.env
+    security_opt:
+      - no-new-privileges=true
+    depends_on:
+      - socket-proxy
+    networks:
+      traefik:
+          aliases:
+            - traefik.${DOMAINNAME}
+      socket_proxy:
+    command:
+      - "--configFile=/config/traefik.yaml"
+      - "--certificatesResolvers.le.acme.email=${CF_EMAIL}" # set email on lets encrypt because environment variable not work on traefik.yaml
+    ports:
+      # - "80:80"           # SHORT Syntax of below verbose definition
+      - name: web
+        host_ip: 0.0.0.0    # All interfaces, not a specific one
+        target: 80          # Container Port
+        published: "80"     # STRING
+        protocol: tcp       # tcp or udp
+        app_protocol: http  # OPTIONAL. Layer 7 Protocol used.  "Richer behavior"
+        mode: host          # or Ingress for load balancing
+      - name: websecure
+        host_ip: 0.0.0.0
+        target: 443
+        published: "443"
+        protocol: tcp
+        app_protocol: https
+        mode: host
+    secrets:
+      - cf_dns_api_token
+    environment:
+      - TZ=${TZ}
+      - DOMAINNAME=${DOMAINNAME}
+      - TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_DOMAINS_0_MAIN=${DOMAINNAME} # domain for websecure and let's encrypt
+      - TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_DOMAINS_0_SANS=*.${DOMAINNAME} # domain for websecure and let's encrypt
+      ## uncomment if you want activate dashboard auth credentials
+      ## Docker Secrets
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token
+    volumes:
+      - "$DOCKERDIR/appdata/traefik/config:/config" # traefik.yaml
+      - "$DOCKERDIR/appdata/traefik/data:/data"     # acme.json defined in traefik.yaml
+      - "$DOCKERDIR/appdata/traefik/rules:/rules"   # Dynamic File Provider directory
+      - "$DOCKERDIR/appdata/crowdsec/ban.html:/ban.html" # html file for crowdsec ban  ### comment if you dont use crowdsec
+      - "$DOCKERDIR/logs/traefik:/logs"
\ No newline at end of file
diff --git a/secrets/authentik_postgresql_db b/secrets/authentik_postgresql_db
new file mode 100644
index 0000000..ef4f1fd
--- /dev/null
+++ b/secrets/authentik_postgresql_db
@@ -0,0 +1 @@
+authentik_db
\ No newline at end of file
diff --git a/secrets/authentik_postgresql_password b/secrets/authentik_postgresql_password
new file mode 100644
index 0000000..d049fd5
--- /dev/null
+++ b/secrets/authentik_postgresql_password
@@ -0,0 +1 @@
+CHANGEME
\ No newline at end of file
diff --git a/secrets/authentik_postgresql_user b/secrets/authentik_postgresql_user
new file mode 100644
index 0000000..d049fd5
--- /dev/null
+++ b/secrets/authentik_postgresql_user
@@ -0,0 +1 @@
+CHANGEME
\ No newline at end of file
diff --git a/secrets/authentik_secret_key b/secrets/authentik_secret_key
new file mode 100644
index 0000000..d049fd5
--- /dev/null
+++ b/secrets/authentik_secret_key
@@ -0,0 +1 @@
+CHANGEME
\ No newline at end of file
diff --git a/secrets/cf_dns_api_token b/secrets/cf_dns_api_token
new file mode 100644
index 0000000..f25b7f0
--- /dev/null
+++ b/secrets/cf_dns_api_token
@@ -0,0 +1 @@
+CHANGME 
\ No newline at end of file
diff --git a/secrets/cf_email b/secrets/cf_email
new file mode 100644
index 0000000..d049fd5
--- /dev/null
+++ b/secrets/cf_email
@@ -0,0 +1 @@
+CHANGEME
\ No newline at end of file
diff --git a/secrets/gmail_smtp_password b/secrets/gmail_smtp_password
new file mode 100644
index 0000000..d049fd5
--- /dev/null
+++ b/secrets/gmail_smtp_password
@@ -0,0 +1 @@
+CHANGEME
\ No newline at end of file
diff --git a/secrets/gmail_smtp_username b/secrets/gmail_smtp_username
new file mode 100644
index 0000000..d049fd5
--- /dev/null
+++ b/secrets/gmail_smtp_username
@@ -0,0 +1 @@
+CHANGEME
\ No newline at end of file