From 1e641f92254cddb6cf5c093439ff6696a108eb9b Mon Sep 17 00:00:00 2001
From: chriswin <tech@crescentec.ch>
Date: Tue, 13 Jan 2026 23:18:01 +0100
Subject: [PATCH] crowdsec and traefik init

---
 docker-compose.yml                  |   5 +-
 services/crowdsec/crowdsec.yml      |  23 ++
 services/traefik/config/config.yml  | 164 ++++++++++++++
 services/traefik/config/traefik.yml |  67 ++++++
 services/traefik/html/ban.html      | 338 ++++++++++++++++++++++++++++
 services/traefik/html/captcha.html  | 338 ++++++++++++++++++++++++++++
 services/traefik/traefik.yml        |  96 ++++++++
 services/watchtower/watchtower.yml  |  26 ---
 8 files changed, 1029 insertions(+), 28 deletions(-)
 create mode 100644 services/crowdsec/crowdsec.yml
 create mode 100644 services/traefik/config/config.yml
 create mode 100644 services/traefik/config/traefik.yml
 create mode 100644 services/traefik/html/ban.html
 create mode 100644 services/traefik/html/captcha.html
 create mode 100644 services/traefik/traefik.yml
 delete mode 100644 services/watchtower/watchtower.yml

diff --git a/docker-compose.yml b/docker-compose.yml
index 6495eb6..e4c4b9c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,12 +3,13 @@
 
 # Here I will include all "child" docker compose files that I need.
 # The paths can relative to this file or absolue. I've used INCLUDE_PATH variable to make it more cofigurable.
-# Whenever I need to remove some service then I can comment out the lines here. 
+# Whenever I need to remove some service then I can comment out the lines here.
 include:
   - path:
       - ${SERVICE_PATH}/caddy/caddy.yml
+      - ${SERVICE_PATH}/crowdsec/crowdsec.yml
       - ${SERVICE_PATH}/headscale/headscale.yml
-      - ${SERVICE_PATH}/watchtower/watchtower.yml
+      # - ${SERVICE_PATH}/traefik/traefik.yml
     env_file: ${SERVICE_PATH}/.env
 
 networks:
diff --git a/services/crowdsec/crowdsec.yml b/services/crowdsec/crowdsec.yml
new file mode 100644
index 0000000..a76c254
--- /dev/null
+++ b/services/crowdsec/crowdsec.yml
@@ -0,0 +1,23 @@
+services:
+  crowdsec:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: crowdsec
+    image: crowdsecurity/crowdsec:v1.7.4
+    environment:
+      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
+      CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}
+      CUSTOM_HOSTNAME: crowdsec
+    ports:
+      - 6061:8080
+      - 6060:6060
+    networks:
+      - ip4net
+    volumes:
+      - ${SERVICE_PATH}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
+      - ${SERVICE_PATH}/crowdsec/config:/etc/crowdsec
+      - ${SERVICE_PATH}/crowdsec/data:/var/lib/crowdsec/data
+      - /var/log/traefik:/var/log/crowdsec:ro
+      - /var/log/syslog:/var/log/syslog:ro
+      - /var/log/kern.log:/var/log/kern.log:ro
diff --git a/services/traefik/config/config.yml b/services/traefik/config/config.yml
new file mode 100644
index 0000000..6859554
--- /dev/null
+++ b/services/traefik/config/config.yml
@@ -0,0 +1,164 @@
+http:
+  middlewares:
+
+    # Crowdsec
+    crowdsec-bouncer:
+      plugin:
+        crowdsec-bouncer-plugin:
+          enabled: true
+          logLevel: INFO
+          updateIntervalSeconds: 60
+          crowdsecMode: stream
+          crowdsecAppsecEnabled: true
+          crowdsecAppsecHost: crowdsec:7422
+          crowdsecLapiScheme: http
+          crowdsecLapiHost: crowdsec:8080
+          # generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
+          crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
+          forwardedHeadersTrustedIPs:
+            - 10.0.6.0/24
+          clientTrustedIPs:
+            - 192.168.178.0/24
+          captchaProvider: hcaptcha
+          captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
+          captchaSecretKey: ES_9511d34bbec34dada169afad0a36991a
+          captchaGracePeriodSeconds: 1800
+          captchaHTMLFilePath: /captcha.html
+          banHTMLFilePath: /ban.html
+
+  routers:
+    authelia:
+      rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    audiobookshelf:
+      rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    gitea:
+      rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    headscale:
+      rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    immich:
+      rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    lldap:
+      rule: "Host(`lldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    linkwarden:
+      rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    mealie:
+      rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    navidrome:
+      rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    ntfy:
+      rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    paperless:
+      rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    pdf:
+      rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    radicale:
+      rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    rss:
+      rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    superset:
+      rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    vaultwarden:
+      rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+    vikunja:
+      rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      service: node 
+      entryPoints: https
+      tls: {}
+      middlewares: crowdsec-bouncer@file
+
+  services:
+    node:
+      loadBalancer:
+        servers:
+          - url: {{ env TRAEFIK_MAIN_SERVER_NODE_IP }}
+
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/certs/server.crt
+        keyFile: /etc/certs/server.key
+  certificates:
+    - certFile: /etc/certs/server.crt
+      keyFile: /etc/certs/server.key
+
diff --git a/services/traefik/config/traefik.yml b/services/traefik/config/traefik.yml
new file mode 100644
index 0000000..35c4d1d
--- /dev/null
+++ b/services/traefik/config/traefik.yml
@@ -0,0 +1,67 @@
+api:
+  dashboard: true
+
+log:
+  level: "INFO"
+
+serversTransport:
+  insecureSkipVerify: true
+
+accessLog:
+  filePath: "/var/log/traefik/access.log" # location of traefik logs for crowdsec
+  format: json
+  bufferingSize: 100 # Configuring a buffer of 100 lines
+  filters:
+    statusCodes:
+      - "204-299"
+      - "400-499"
+      - "500-559" # logged status codes
+
+entryPoints:
+  http:
+    address: "[::]:80" # Create the HTTP entrypoint on port 80
+    forwardedHeaders:
+      insecure: false
+      trustedIPs:
+        - "10.0.0.0/8"
+        - "192.168.178.0/16"
+        - "2a07:600:200:1::/64"
+    proxyProtocol:
+      insecure: false
+      trustedIPs:
+        - "10.0.0.0/8"
+        - "192.168.178.0/16"
+        - "2a07:600:200:1::/64"
+    http:
+      redirections: # HTTPS redirection (80 to 443)
+        entryPoint:
+          to: "https" # The target element
+          scheme: "https" # The redirection target scheme
+          permanent: true # The target element
+
+  https:
+    address: "[::]:443" # Create the HTTPS entrypoint on port 443
+    forwardedHeaders:
+      insecure: false
+      trustedIPs:
+        - "10.0.0.0/8"
+        - "192.168.178.0/16"
+        - "2a07:600:200:1::/64"
+    proxyProtocol:
+      insecure: false
+      trustedIPs:
+        - "10.0.0.0/8"
+        - "192.168.178.0/16"
+        - "2a07:600:200:1::/64"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock" # Listen to the UNIX Docker socket
+    exposedByDefault: false
+  file:
+    directory: "/etc/traefik" # Link to the dynamic configuration
+    watch: true # Watch for modifications
+  providersThrottleDuration: "10" # Configuration reload frequency
+
+metrics:
+  prometheus: {}
diff --git a/services/traefik/html/ban.html b/services/traefik/html/ban.html
new file mode 100644
index 0000000..0fd982b
--- /dev/null
+++ b/services/traefik/html/ban.html
@@ -0,0 +1,338 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <title>CrowdSec Captcha</title>
+  <meta content="text/html; charset=utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <style>
+    /*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
+    *,
+    :after,
+    :before {
+      border: 0 solid #e5e7eb;
+      box-sizing: border-box
+    }
+
+    :after,
+    :before {
+      --tw-content: ""
+    }
+
+    html {
+      -webkit-text-size-adjust: 100%;
+      font-feature-settings: normal;
+      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
+      line-height: 1.5;
+      -moz-tab-size: 4;
+      -o-tab-size: 4;
+      tab-size: 4
+    }
+
+    body {
+      line-height: inherit;
+      margin: 0
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-size: inherit;
+      font-weight: inherit
+    }
+
+    a {
+      color: inherit;
+      text-decoration: inherit
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6,
+    hr,
+    p,
+    pre {
+      margin: 0
+    }
+
+    *,
+    ::backdrop,
+    :after,
+    :before {
+      --tw-border-spacing-x: 0;
+      --tw-border-spacing-y: 0;
+      --tw-translate-x: 0;
+      --tw-translate-y: 0;
+      --tw-rotate: 0;
+      --tw-skew-x: 0;
+      --tw-skew-y: 0;
+      --tw-scale-x: 1;
+      --tw-scale-y: 1;
+      --tw-pan-x: ;
+      --tw-pan-y: ;
+      --tw-pinch-zoom: ;
+      --tw-scroll-snap-strictness: proximity;
+      --tw-ordinal: ;
+      --tw-slashed-zero: ;
+      --tw-numeric-figure: ;
+      --tw-numeric-spacing: ;
+      --tw-numeric-fraction: ;
+      --tw-ring-inset: ;
+      --tw-ring-offset-width: 0px;
+      --tw-ring-offset-color: #fff;
+      --tw-ring-color: #3b82f680;
+      --tw-ring-offset-shadow: 0 0 #0000;
+      --tw-ring-shadow: 0 0 #0000;
+      --tw-shadow: 0 0 #0000;
+      --tw-shadow-colored: 0 0 #0000;
+      --tw-blur: ;
+      --tw-brightness: ;
+      --tw-contrast: ;
+      --tw-grayscale: ;
+      --tw-hue-rotate: ;
+      --tw-invert: ;
+      --tw-saturate: ;
+      --tw-sepia: ;
+      --tw-drop-shadow: ;
+      --tw-backdrop-blur: ;
+      --tw-backdrop-brightness: ;
+      --tw-backdrop-contrast: ;
+      --tw-backdrop-grayscale: ;
+      --tw-backdrop-hue-rotate: ;
+      --tw-backdrop-invert: ;
+      --tw-backdrop-opacity: ;
+      --tw-backdrop-saturate: ;
+      --tw-backdrop-sepia:
+    }
+
+    .flex {
+      display: flex
+    }
+    .flex-wrap {
+      flex-wrap: wrap
+    }
+
+    .inline-flex {
+      display: inline-flex
+    }
+
+    .h-24 {
+      height: 6rem
+    }
+
+    .h-6 {
+      height: 1.5rem
+    }
+
+    .h-full {
+      height: 100%
+    }
+
+    .h-screen {
+      height: 100vh
+    }
+
+    .text-center {
+      text-align: center
+    }
+
+    .w-24 {
+      width: 6rem
+    }
+
+    .w-6 {
+      width: 1.5rem
+    }
+
+    .w-full {
+      width: 100%
+    }
+
+    .w-screen {
+      width: 100vw
+    }
+
+    .my-3 {
+      margin-top: 0.75rem;
+      margin-bottom: 0.75rem
+    }
+
+    .flex-col {
+      flex-direction: column
+    }
+
+    .items-center {
+      align-items: center
+    }
+
+    .justify-center {
+      justify-content: center
+    }
+
+    .justify-between {
+      justify-content: space-between
+    }
+
+    .space-y-1>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
+      margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .space-y-4>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(1rem*var(--tw-space-y-reverse));
+      margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .rounded-xl {
+      border-radius: .75rem
+    }
+
+    .border-2 {
+      border-width: 2px
+    }
+
+    .border-black {
+      --tw-border-opacity: 1;
+      border-color: rgb(0 0 0/var(--tw-border-opacity))
+    }
+
+    .p-4 {
+      padding: 1rem
+    }
+
+    .px-4 {
+      padding-left: 1rem;
+      padding-right: 1rem
+    }
+
+    .py-2 {
+      padding-bottom: .5rem;
+      padding-top: .5rem
+    }
+
+    .text-2xl {
+      font-size: 1.5rem;
+      line-height: 2rem
+    }
+
+    .text-sm {
+      font-size: .875rem;
+      line-height: 1.25rem
+    }
+
+    .text-xl {
+      font-size: 1.25rem;
+      line-height: 1.75rem
+    }
+
+    .font-bold {
+      font-weight: 700
+    }
+
+    .text-white {
+      --tw-text-opacity: 1;
+      color: rgb(255 255 255/var(--tw-text-opacity))
+    }
+
+    @media (min-width:640px) {
+      .sm\:w-2\/3 {
+        width: 66.666667%
+      }
+    }
+
+    @media (min-width:768px) {
+      .md\:flex-row {
+        flex-direction: row
+      }
+    }
+
+    @media (min-width:1024px) {
+      .lg\:w-1\/2 {
+        width: 50%
+      }
+
+      .lg\:text-3xl {
+        font-size: 1.875rem;
+        line-height: 2.25rem
+      }
+
+      .lg\:text-xl {
+        font-size: 1.25rem;
+        line-height: 1.75rem
+      }
+    }
+
+    @media (min-width:1280px) {
+      .xl\:text-4xl {
+        font-size: 2.25rem;
+        line-height: 2.5rem
+      }
+    }
+  </style>
+  <script src="{{ .FrontendJS }}" async defer></script>
+</head>
+
+<body class="h-screen w-screen p-4">
+  <div class="h-full w-full flex flex-col justify-center items-center">
+    <div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
+      <div class="flex flex-col items-center space-y-4">
+        <svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
+          data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
+          class="warning">
+          <path
+            d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
+          </path>
+        </svg>
+        <h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Captcha</h1>
+      </div>
+      <form action="" method="POST" class="flex flex-col space-y-1" id="captcha-form">
+        <div id="captcha" class="{{ .FrontendKey }}" data-sitekey="{{ .SiteKey }}" data-callback="captchaCallback">
+        </div>
+      </form>
+      <div class="flex justify-center flex-wrap">
+        <p class="my-3">This security check has been powered by</p>
+        <a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
+          <svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
+            <defs>
+              <clipPath id="a">
+                <path d="M0 52h84v201.2H0zm0 0" />
+              </clipPath>
+              <clipPath id="b">
+                <path d="M170 52h84.4v201.2H170zm0 0" />
+              </clipPath>
+            </defs>
+            <path
+              d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
+            <path
+              d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
+            <g clip-path="url(#a)">
+              <path
+                d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
+            </g>
+            <g clip-path="url(#b)">
+              <path
+                d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
+            </g>
+            <path
+              d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
+          </svg>
+          <span>CrowdSec</span>
+        </a>
+      </div>
+    </div>
+  </div>
+  <script>
+    function captchaCallback() {
+      setTimeout(() => document.querySelector('#captcha-form').submit(), 500);
+    }
+  </script>
+</body>
+</html>
diff --git a/services/traefik/html/captcha.html b/services/traefik/html/captcha.html
new file mode 100644
index 0000000..0fd982b
--- /dev/null
+++ b/services/traefik/html/captcha.html
@@ -0,0 +1,338 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <title>CrowdSec Captcha</title>
+  <meta content="text/html; charset=utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <style>
+    /*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
+    *,
+    :after,
+    :before {
+      border: 0 solid #e5e7eb;
+      box-sizing: border-box
+    }
+
+    :after,
+    :before {
+      --tw-content: ""
+    }
+
+    html {
+      -webkit-text-size-adjust: 100%;
+      font-feature-settings: normal;
+      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
+      line-height: 1.5;
+      -moz-tab-size: 4;
+      -o-tab-size: 4;
+      tab-size: 4
+    }
+
+    body {
+      line-height: inherit;
+      margin: 0
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-size: inherit;
+      font-weight: inherit
+    }
+
+    a {
+      color: inherit;
+      text-decoration: inherit
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6,
+    hr,
+    p,
+    pre {
+      margin: 0
+    }
+
+    *,
+    ::backdrop,
+    :after,
+    :before {
+      --tw-border-spacing-x: 0;
+      --tw-border-spacing-y: 0;
+      --tw-translate-x: 0;
+      --tw-translate-y: 0;
+      --tw-rotate: 0;
+      --tw-skew-x: 0;
+      --tw-skew-y: 0;
+      --tw-scale-x: 1;
+      --tw-scale-y: 1;
+      --tw-pan-x: ;
+      --tw-pan-y: ;
+      --tw-pinch-zoom: ;
+      --tw-scroll-snap-strictness: proximity;
+      --tw-ordinal: ;
+      --tw-slashed-zero: ;
+      --tw-numeric-figure: ;
+      --tw-numeric-spacing: ;
+      --tw-numeric-fraction: ;
+      --tw-ring-inset: ;
+      --tw-ring-offset-width: 0px;
+      --tw-ring-offset-color: #fff;
+      --tw-ring-color: #3b82f680;
+      --tw-ring-offset-shadow: 0 0 #0000;
+      --tw-ring-shadow: 0 0 #0000;
+      --tw-shadow: 0 0 #0000;
+      --tw-shadow-colored: 0 0 #0000;
+      --tw-blur: ;
+      --tw-brightness: ;
+      --tw-contrast: ;
+      --tw-grayscale: ;
+      --tw-hue-rotate: ;
+      --tw-invert: ;
+      --tw-saturate: ;
+      --tw-sepia: ;
+      --tw-drop-shadow: ;
+      --tw-backdrop-blur: ;
+      --tw-backdrop-brightness: ;
+      --tw-backdrop-contrast: ;
+      --tw-backdrop-grayscale: ;
+      --tw-backdrop-hue-rotate: ;
+      --tw-backdrop-invert: ;
+      --tw-backdrop-opacity: ;
+      --tw-backdrop-saturate: ;
+      --tw-backdrop-sepia:
+    }
+
+    .flex {
+      display: flex
+    }
+    .flex-wrap {
+      flex-wrap: wrap
+    }
+
+    .inline-flex {
+      display: inline-flex
+    }
+
+    .h-24 {
+      height: 6rem
+    }
+
+    .h-6 {
+      height: 1.5rem
+    }
+
+    .h-full {
+      height: 100%
+    }
+
+    .h-screen {
+      height: 100vh
+    }
+
+    .text-center {
+      text-align: center
+    }
+
+    .w-24 {
+      width: 6rem
+    }
+
+    .w-6 {
+      width: 1.5rem
+    }
+
+    .w-full {
+      width: 100%
+    }
+
+    .w-screen {
+      width: 100vw
+    }
+
+    .my-3 {
+      margin-top: 0.75rem;
+      margin-bottom: 0.75rem
+    }
+
+    .flex-col {
+      flex-direction: column
+    }
+
+    .items-center {
+      align-items: center
+    }
+
+    .justify-center {
+      justify-content: center
+    }
+
+    .justify-between {
+      justify-content: space-between
+    }
+
+    .space-y-1>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
+      margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .space-y-4>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(1rem*var(--tw-space-y-reverse));
+      margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .rounded-xl {
+      border-radius: .75rem
+    }
+
+    .border-2 {
+      border-width: 2px
+    }
+
+    .border-black {
+      --tw-border-opacity: 1;
+      border-color: rgb(0 0 0/var(--tw-border-opacity))
+    }
+
+    .p-4 {
+      padding: 1rem
+    }
+
+    .px-4 {
+      padding-left: 1rem;
+      padding-right: 1rem
+    }
+
+    .py-2 {
+      padding-bottom: .5rem;
+      padding-top: .5rem
+    }
+
+    .text-2xl {
+      font-size: 1.5rem;
+      line-height: 2rem
+    }
+
+    .text-sm {
+      font-size: .875rem;
+      line-height: 1.25rem
+    }
+
+    .text-xl {
+      font-size: 1.25rem;
+      line-height: 1.75rem
+    }
+
+    .font-bold {
+      font-weight: 700
+    }
+
+    .text-white {
+      --tw-text-opacity: 1;
+      color: rgb(255 255 255/var(--tw-text-opacity))
+    }
+
+    @media (min-width:640px) {
+      .sm\:w-2\/3 {
+        width: 66.666667%
+      }
+    }
+
+    @media (min-width:768px) {
+      .md\:flex-row {
+        flex-direction: row
+      }
+    }
+
+    @media (min-width:1024px) {
+      .lg\:w-1\/2 {
+        width: 50%
+      }
+
+      .lg\:text-3xl {
+        font-size: 1.875rem;
+        line-height: 2.25rem
+      }
+
+      .lg\:text-xl {
+        font-size: 1.25rem;
+        line-height: 1.75rem
+      }
+    }
+
+    @media (min-width:1280px) {
+      .xl\:text-4xl {
+        font-size: 2.25rem;
+        line-height: 2.5rem
+      }
+    }
+  </style>
+  <script src="{{ .FrontendJS }}" async defer></script>
+</head>
+
+<body class="h-screen w-screen p-4">
+  <div class="h-full w-full flex flex-col justify-center items-center">
+    <div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
+      <div class="flex flex-col items-center space-y-4">
+        <svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
+          data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
+          class="warning">
+          <path
+            d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
+          </path>
+        </svg>
+        <h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Captcha</h1>
+      </div>
+      <form action="" method="POST" class="flex flex-col space-y-1" id="captcha-form">
+        <div id="captcha" class="{{ .FrontendKey }}" data-sitekey="{{ .SiteKey }}" data-callback="captchaCallback">
+        </div>
+      </form>
+      <div class="flex justify-center flex-wrap">
+        <p class="my-3">This security check has been powered by</p>
+        <a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
+          <svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
+            <defs>
+              <clipPath id="a">
+                <path d="M0 52h84v201.2H0zm0 0" />
+              </clipPath>
+              <clipPath id="b">
+                <path d="M170 52h84.4v201.2H170zm0 0" />
+              </clipPath>
+            </defs>
+            <path
+              d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
+            <path
+              d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
+            <g clip-path="url(#a)">
+              <path
+                d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
+            </g>
+            <g clip-path="url(#b)">
+              <path
+                d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
+            </g>
+            <path
+              d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
+          </svg>
+          <span>CrowdSec</span>
+        </a>
+      </div>
+    </div>
+  </div>
+  <script>
+    function captchaCallback() {
+      setTimeout(() => document.querySelector('#captcha-form').submit(), 500);
+    }
+  </script>
+</body>
+</html>
diff --git a/services/traefik/traefik.yml b/services/traefik/traefik.yml
new file mode 100644
index 0000000..9969069
--- /dev/null
+++ b/services/traefik/traefik.yml
@@ -0,0 +1,96 @@
+services:
+  traefik:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: traefik:v3.6.6
+    container_name: traefik
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8079:8080"
+    networks:
+      - ip4net
+    environment:
+      TRAEFIK_EMAIL: ${EMAIL}
+      TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
+      TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
+      TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
+      INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
+    volumes:
+      - "/var/log/traefik/:/var/log/traefik/"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "${SERVICE_PATH}/traefik/letsencrypt:/letsencrypt"
+      - "${SERVICE_PATH}/traefik/config:/etc/traefik"
+      - "${SERVICE_PATH}/traefik/certs:/etc/certs"
+      - "${SERVICE_PATH}/traefik/html/ban.html:/ban.html"
+      - "${SERVICE_PATH}/traefik/html/captcha.html:/captcha.html"
+    labels:
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.tls=true"
+
+  # traefik-agent:
+  #   extends:
+  #     file: ${TEMPLATES_PATH}
+  #     service: default
+  #   image: hhftechnology/traefik-log-dashboard-agent:2.4.0
+  #   container_name: traefik-log-dashboard-agent
+  #   networks:
+  #     - ip4net
+  #   ports:
+  #     - "8078:5000"
+  #   volumes:
+  #     - "/var/log/crowdsec/:/logs:ro"
+  #     - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
+  #   environment:
+  #     TRAEFIK_LOG_DASHBOARD_ACCESS_PATH: /logs/traefik.log
+  #     TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
+  #     TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
+  #     TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
+  #   healthcheck:
+  #     test:
+  #       [
+  #         "CMD",
+  #         "wget",
+  #         "--no-verbose",
+  #         "--tries=1",
+  #         "--spider",
+  #         "http://localhost:5000/api/logs/status",
+  #       ]
+  #     interval: 2m
+  #     timeout: 10s
+  #     retries: 3
+  #     start_period: 30s
+  #
+  # traefik-dashboard:
+  #   extends:
+  #     file: ${TEMPLATES_PATH}
+  #     service: default
+  #   image: hhftechnology/traefik-log-dashboard:2.4.0
+  #   container_name: traefik-log-dashboard
+  #   networks:
+  #     - ip4net
+  #   ports:
+  #     - "8077:3000"
+  #   volumes:
+  #     - ./data/dashboard:/app/data
+  #     - "${SERVICE_PATH}/traefik/log-dashboard/dashboard:/app/data"
+  #     - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
+  #   environment:
+  #     AGENT_API_URL: http://192.168.178.35:8078
+  #     AGENT_API_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
+  #     # Display Configuration
+  #     NEXT_PUBLIC_SHOW_DEMO_PAGE: false
+  #   depends_on:
+  #     traefik-agent:
+  #       condition: service_healthy
+  #   labels:
+  #     # traefik
+  #     - "traefik.enable=true"
+  #     - "traefik.http.routers.traefik-log-dashboard.rule=Host(`traefik-dashboard.${LOCAL_DOMAIN}`)"
+  #     - "traefik.http.routers.traefik-log-dashboard.entrypoints=https"
+  #     - "traefik.http.routers.traefik-log-dashboard.tls=true"
diff --git a/services/watchtower/watchtower.yml b/services/watchtower/watchtower.yml
deleted file mode 100644
index e623160..0000000
--- a/services/watchtower/watchtower.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-services:
-  watchtower:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: containrrr/watchtower:latest
-    container_name: watchtower
-    environment:
-      - WATCHTOWER_CLEANUP=true
-      - WATCHTOWER_POLL_INTERVAL=43200 # 12h
-      - WATCHTOWER_INCLUDE_RESTARTING=true
-      - WATCHTOWER_LABEL_ENABLE=true
-      - WATCHTOWER_HTTP_API_METRICS=true
-      - WATCHTOWER_HTTP_API_TOKEN=mytoken
-      - WATCHTOWER_HTTP_API_UPDATE=true
-      - WATCHTOWER_HTTP_API_PERIODIC_POLLS=true
-    ports:
-      - 1003:8080
-    networks:
-      - ip4net
-    volumes:
-      # - ${SERVICE_PATH}/watchtower/config:/config.json
-      - /var/run/docker.sock:/var/run/docker.sock
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"