m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nixos-config/hosts/m3-helios/services/traefik.nix

153 lines
4.2 KiB
Nix
Raw Permalink Normal View History

*basic traefik
2024-11-17 18:29:52 +01:00
{config, ...}: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = {level = "WARN";};
certificatesResolvers = {
godaddy = {
acme = {
email = "letsencrypt.org.btlc2@passmail.net";
storage = "/var/lib/traefik/acme.json";
caserver = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "godaddy";
};
};
};
};
api = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {address = ":443";};
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
};
};
traefik config
2024-11-18 10:29:41 +01:00
default-headers = {
headers = {
frameDeny = "true";
browserXssFilter = "true";
contentTypeNosniff = "true";
forceSTSHeader = "true";
stsIncludeSubdomains = true;
stsPreload = true;
stsSeconds = 15552000;
customFrameOptionsValue = "SAMEORIGIN";
customResponseHeaders = {
X-Forwarded-Proto = "https";
};
};
};
default-whitelist = {
ipAllowList = {
sourceRange = ["10.0.0.0/8" "192.168.178.0/16"];
};
};
secured = {
chain = {
middlewares = ["default-headers" "default-whitelist"];
};
};
*basic traefik
2024-11-17 18:29:52 +01:00
};
traefik config
2024-11-18 10:29:41 +01:00
*basic traefik
2024-11-17 18:29:52 +01:00
services = {
traefik config
2024-11-18 10:29:41 +01:00
m3-prox-1.loadBalancer = {
servers = [
{url = "https://192.168.178.200:8006";}
];
passHostHeader = true;
serversTransport = "pve";
};
ag.loadBalancer.servers = [
{url = "http://192.168.178.210:3000";}
];
+homarr
2024-11-19 18:59:45 +01:00
homarr.loadBalancer.servers = [
{url = "http://192.168.178.210:7575";}
];
+difftastic
2024-11-21 12:50:31 +01:00
plex.loadBalancer.servers = [
{url = "http://192.168.178.175:32400";}
];
skynet.loadBalancer.servers = [
{url = "http://192.168.178.175:5000";}
];
traefik config
2024-11-18 10:29:41 +01:00
};
# Skip verification for PVE servers
serversTransports = {
pve = {insecureSkipVerify = true;};
*basic traefik
2024-11-17 18:29:52 +01:00
};
traefik config
2024-11-18 10:29:41 +01:00
*basic traefik
2024-11-17 18:29:52 +01:00
routers = {
api = {
rule = "Host(`traefik.l.m3tam3re.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
m3-prox-1 = {
rule = "Host(`m3-prox-1.l.m3tam3re.com`)";
service = "m3-prox-1";
traefik config
2024-11-18 10:29:41 +01:00
middlewares = ["default-headers"];
*basic traefik
2024-11-17 18:29:52 +01:00
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
ag = {
rule = "Host(`ag.l.m3tam3re.com`)";
service = "ag";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
+homarr
2024-11-19 18:59:45 +01:00
homarr = {
rule = "Host(`dash.l.m3tam3re.com`)";
service = "homarr";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
+difftastic
2024-11-21 12:50:31 +01:00
plex = {
rule = "Host(`plex.l.m3tam3re.com`)";
service = "plex";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
skynet = {
rule = "Host(`skynet.l.m3tam3re.com`)";
service = "homarr";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
*basic traefik
2024-11-17 18:29:52 +01:00
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.traefik.path}"];
};
traefik config
2024-11-18 10:29:41 +01:00
*basic traefik
2024-11-17 18:29:52 +01:00
networking.firewall.allowedTCPPorts = [80 443];
}
Reference in New Issue Copy Permalink