From 6ecfa3e0e9a9d80e94c2d6c0c4f85a5990833003 Mon Sep 17 00:00:00 2001
From: Hermes <hermes@hermes.local>
Date: Sat, 23 May 2026 23:30:11 +0000
Subject: [PATCH] brain.gharbeia.net: add Traefik router + update gharbeia-site
 to external LXC nginx

- Add brain router with Authentik forward-auth pointing to LXC nginx on 8082
- Update gharbeia-site-internal from production-1 Docker nginx to LXC nginx on 8083
- Add brain-internal service (10.10.10.29:8082)
---
 infrastructure.org | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/infrastructure.org b/infrastructure.org
index a11c969..96d290f 100644
--- a/infrastructure.org
+++ b/infrastructure.org
@@ -502,7 +502,20 @@
    502|      tls:
    503|        certResolver: letsencrypt
    504|
-   505|    # -- Management ------------------------------------------------
+   505|    # -- Brain Knowledge Base (private, behind Authentik) ------------
+   506|
+   507|    brain:
+   508|      rule: "Host(`brain.gharbeia.net`)"
+   509|      service: brain-internal
+   510|      entryPoints:
+   511|        - secureweb
+   512|      tls:
+   513|        certResolver: letsencrypt
+   514|      middlewares:
+   515|        - authentik-forwardauth@file
+   516|        - security-headers@file
+   517|
+   518|    # -- Management ------------------------------------------------
    506|
    507|    gitea:
    508|      rule: "Host(`git.gharbeia.net`)"
@@ -696,8 +709,12 @@
    696|    gharbeia-site-internal:
    697|      loadBalancer:
    698|        servers:
-   699|          - url: http://gharbeia-site:80
-   700|    gitea-internal:
+   699|          - url: http://10.10.10.29:8083
+   700|    brain-internal:
+   701|      loadBalancer:
+   702|        servers:
+   703|          - url: "http://10.10.10.29:8082"
+   704|    gitea-internal:
    701|      loadBalancer:
    702|        servers:
    703|          - url: http://gitea:3000