api:
  dashboard: true
  insecure: false

entryPoints:
  web:
    address: ":80"
    # Trusted IPs config (zodat Authentik straks de juiste IP's ziet via de NAS)
    forwardedHeaders:
      trustedIPs:
        - "127.0.0.1/32"
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
        - "10.52.150.20/32" # Jouw NAS IP

  websecure:
    address: ":443"
    forwardedHeaders:
      trustedIPs:
        - "127.0.0.1/32"
        - "10.52.150.20/32" # Jouw NAS IP

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: proxy
    # DE REGEL 'apiVersion' IS HIER WEGGEHAALD!

  # Hiermee kun je externe hosts (zoals je NAS zelf) koppelen via bestanden in /rules
  file:
    directory: "/rules"
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: csteenbergen@stackbabber.nl
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"