{config, ...}: { services.traefik = { enable = true; staticConfigOptions = { log = {level = "WARN";}; certificatesResolvers = { godaddy = { acme = { email = "letsencrypt.org.btlc2@passmail.net"; storage = "/var/lib/traefik/acme.json"; caserver = "https://acme-v02.api.letsencrypt.org/directory"; dnsChallenge = { provider = "godaddy"; }; }; }; }; api = {}; entryPoints = { web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = {address = ":443";}; }; }; dynamicConfigOptions = { http = { middlewares = { auth = { basicAuth = { users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."]; }; }; }; services = { m3-prox-1.loadBalancer.servers = [{url = "http://192.168.178.200:8006";}]; ag.loadBalancer.servers = [{url = "http://192.168.178.210:3000";}]; }; routers = { api = { rule = "Host(`traefik.l.m3tam3re.com`)"; service = "api@internal"; middlewares = ["auth"]; entrypoints = ["websecure"]; tls = { certResolver = "godaddy"; }; }; m3-prox-1 = { rule = "Host(`m3-prox-1.l.m3tam3re.com`)"; service = "m3-prox-1"; entrypoints = ["websecure"]; tls = { certResolver = "godaddy"; }; }; ag = { rule = "Host(`ag.l.m3tam3re.com`)"; service = "ag"; entrypoints = ["websecure"]; tls = { certResolver = "godaddy"; }; }; }; }; }; }; systemd.services.traefik.serviceConfig = { EnvironmentFile = ["${config.age.secrets.traefik.path}"]; }; networking.firewall.allowedTCPPorts = [80 443]; }