2 changed files with 209 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -12,6 +12,7 @@ $ cd rtm-config
 $ abra server add laylotta.resisttechmonopolies.online
 $ abra server add mango.resisttechmonmopolies.online
 $ abra server add sootie.resisttechmonopolies.online
+$ abra server add hazel.resisttechmonopolies.online
 ```

 If you skipped the `--recurse-submodules` flag, you can still do `git submodule update --init` later to get the rtm-astro-recipe recipe.
--- a/abra/servers/hazel.resisttechmonopolies.online/traefik.hazel.resisttechmonopolies.online.env
+++ b/abra/servers/hazel.resisttechmonopolies.online/traefik.hazel.resisttechmonopolies.online.env
@ -0,0 +1,208 @@
+TYPE=traefik:5.1.1+v3.6.15
+TIMEOUT=300
+ENABLE_AUTO_UPDATE=true
+ENABLE_BACKUPS=true
+
+DOMAIN=traefik.hazel.resisttechmonopolies.online
+LETS_ENCRYPT_ENV=production
+
+LETS_ENCRYPT_EMAIL=besties@resisttechmonopolies.online
+DASHBOARD_ENABLED=false
+# WARN, INFO etc.
+LOG_LEVEL=WARN
+LOG_MAX_AGE=1
+
+# This is here so later lines can extend it; you likely don't wanna edit
+COMPOSE_FILE="compose.yml"
+
+#####################################################################
+# General settings                                                  #
+#####################################################################
+
+## Ingress-mode port publishing for ports 80 and 443
+##
+## /!\ Using this prevents the use of any compose override adding
+##     published ports to the traefik_app service (almost all of them)
+##     and it prevents the use of IPv6 for ingress traffic.
+##     Do not uncomment unless you know exactly what you are doing
+##
+#COMPOSE_FILE="$COMPOSE_FILE:compose.no-host.yml"
+
+## "Headless mode" (no domain configured)
+#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"
+
+#####################################################################
+# Automatic DNS set-up for Letsencrypt                              #
+#####################################################################
+
+## Enable dns challenge (for wildcard domains)
+##   https://go-acme.github.io/lego/dns/#dns-providers
+#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
+## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun.
+## Uncomment the corresponding provider below to insert your secret token/key.
+#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
+
+## OVH, https://ovh.com
+#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"
+#OVH_ENABLED=1
+#OVH_APPLICATION_KEY=
+#OVH_ENDPOINT=
+#SECRET_OVH_APP_SECRET_VERSION=v1
+#SECRET_OVH_CONSUMER_KEY=v1
+
+## Gandi, https://gandi.net
+## note(3wc): only "V5" (new) API is supported, so far
+#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
+#GANDI_API_KEY_ENABLED=1
+#SECRET_GANDIV5_API_KEY_VERSION=v1
+
+## Gandi, https://gandi.net
+## note: uses GandiV5 Personal Access Token
+#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
+#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
+#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1
+
+## DigitalOcean, https://digitalocean.com
+#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
+#DIGITALOCEAN_ENABLED=1
+#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
+
+## Azure, https://azure.com
+## To insert your Azure client secret:
+## abra app secret insert {myapp.example.coop} azure_secret v1 "<CLIENT_SECRET>"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.azure.yml"
+#AZURE_ENABLED=1
+#AZURE_TENANT_ID=
+#AZURE_CLIENT_ID=
+#AZURE_SUBSCRIPTION_ID=
+#AZURE_RESOURCE_GROUP=
+#SECRET_AZURE_SECRET_VERSION=v1
+
+## Porkbun, https://porkbun.com
+## To insert your secrets:
+## abra app secret insert 1312.net pb_api_key v1 pk1_413
+## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
+#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
+#SECRET_PORKBUN_API_KEY_VERSION=v1
+#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
+
+#####################################################################
+# Manual wildcard certificate insertion                             #
+#####################################################################
+
+# Set wildcards = 1, and uncomment compose_file to enable.
+# Create your certs elsewhere and add them like:
+# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
+# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
+#WILDCARDS_ENABLED=1
+#SECRET_WILDCARD_CERT_VERSION=v1
+#SECRET_WILDCARD_KEY_VERSION=v1
+#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
+
+#####################################################################
+# Authentication                                                    #
+#####################################################################
+
+## Enable Keycloak
+#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
+#KEYCLOAK_MIDDLEWARE_ENABLED=1
+#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
+#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
+#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
+
+## BASIC_AUTH
+## Use httpasswd to generate the secret
+#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
+#BASIC_AUTH=1
+#SECRET_USERSFILE_VERSION=v1
+
+#####################################################################
+# Prometheus metrics                                                #
+#####################################################################
+
+## Enable prometheus metrics collection
+## used used by the coop-cloud monitoring stack
+## BASIC_AUTH should also be enabled
+#COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
+#METRICS_ENABLED=1
+#METRICS_FQDN=metrics.traefik.hazel.resisttechmonopolies.online
+
+#####################################################################
+# File provider directory configuration                             #
+# (Route bare metal and non-docker services on the machine!)        #
+#####################################################################
+#FILE_PROVIDER_DIRECTORY_ENABLED=1
+
+#####################################################################
+# Additional services                                               #
+#####################################################################
+
+## SMTP port 587
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+#SMTP_ENABLED=1
+
+## Compy
+#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"
+#COMPY_ENABLED=1
+
+## Gitea SSH
+# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
+# GITEA_SSH_ENABLED=1
+
+## P2Panda UDP
+# COMPOSE_FILE="$COMPOSE_FILE:compose.p2panda.yml"
+# P2PANDA_ENABLED=1
+
+## Foodsoft SMTP
+# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
+# FOODSOFT_SMTP_ENABLED=1
+
+## Peertube RTMP
+#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"
+#PEERTUBE_RTMP_ENABLED=1
+
+## Secure Scuttlebutt MUXRPC
+#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"
+#SSB_MUXRPC_ENABLED=1
+
+## MSSQL
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"
+#MSSQL_ENABLED=1
+
+## Mumble
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
+#MUMBLE_ENABLED=1
+
+## Matrix
+#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
+#MATRIX_FEDERATION_ENABLED=1
+
+## "Web alt", an alternative web port
+# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
+#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
+#WEB_ALT_ENABLED=1
+
+## Matrix
+#COMPOSE_FILE="$COMPOSE_FILE:compose.irc.yml"
+#IRC_ENABLED=1
+
+## Garage
+#COMPOSE_FILE="$COMPOSE_FILE:compose.garage.yml"
+#GARAGE_RPC_ENABLED=1
+
+## Nextcloud Talk HPB
+#COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
+#NEXTCLOUD_TALK_HPB_ENABLED=1
+
+## Anubis
+#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
+#ANUBIS_COOKIE_DOMAIN=example.com
+#ANUBIS_DOMAIN=anubis.example.com
+#ANUBIS_REDIRECT_DOMAINS=
+#ANUBIS_OG_PASSTHROUGH=true
+#ANUBIS_OG_EXPIRY_TIME=1h
+#ANUBIS_OG_CACHE_CONSIDER_HOST=true
+#ANUBIS_SERVE_ROBOTS_TXT=true
+
+## Enable onion service support
+#ONION_ENABLED=1