{ config, ... }: { services.traefik = { enable = true; staticConfigOptions = { log = { level = "WARN"; }; certificatesResolvers = { godaddy = { acme = { email = "dev@lanakk.com"; storage = "/var/lib/traefik/acme.json"; dnsChallenge = { provider = "godaddy"; }; }; }; lets-encrypt = { acme = { email = "dev@lanakk.com"; storage = "/var/lib/traefik/acme.json"; tlsChallenge = { }; }; }; }; api = { }; entryPoints = { web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; }; }; }; dynamicConfigOptions = { http = { middlewares = { auth = { basicAuth = { users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ]; }; }; nextcloud_redirectregex = { redirectRegex = { permanent = true; regex = "https://(.*)/.well-known/(?:card|cal)dav"; replacement = "https://\${1}/remote.php/dav"; }; }; nextcloud_headers = { headers = { referrerPolicy = "no-referrer"; stsSeconds = "31536000"; forceSTSHeader = true; stsPreload = true; stsIncludeSubdomains = true; }; }; }; services = { baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }]; gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }]; n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }]; lanakk_blog.loadBalancer.servers = [{ url = "http://localhost:3002/"; }]; matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }]; ordercollector.loadBalancer.servers = [{ url = "http://localhost:3004/"; }]; nextcloud.loadBalancer.servers = [{ url = "http://localhost:3005/"; }]; mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }]; littlelink-lanakk.loadBalancer.servers = [{ url = "http://localhost:3010/"; }]; http-images.loadBalancer.servers = [{ url = "http://localhost:3012/"; }]; syncthing.loadBalancer.servers = [{ url = "http://localhost:8384/"; }]; metabase.loadBalancer.servers = [{ url = "http://localhost:3013/"; }]; pgadmin.loadBalancer.servers = [{ url = "http://localhost:5050/"; }]; vaultwarden.loadBalancer.servers = [{ url = "http://localhost:3014/"; }]; kk_blog.loadBalancer.servers = [{ url = "http://localhost:3015/"; }]; }; routers = { api = { rule = "Host(`r.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; }; service = "api@internal"; middlewares = "auth"; entrypoints = "websecure"; }; baserow = { rule = "Host(`db.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; }; service = "baserow"; entrypoints = "websecure"; }; gitea = { rule = "Host(`code.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "code.lanakk.com"; }; service = "gitea"; entrypoints = "websecure"; }; n8n = { rule = "Host(`wf.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "wf.lanakk.com"; }; service = "n8n"; entrypoints = "websecure"; }; ordercollector = { rule = "Host(`api.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "api.lanakk.com"; }; service = "ordercollector"; entrypoints = "websecure"; }; lanakk_blog = { rule = "Host(`www.weltkarte-pinnwand.com`)"; tls = { certResolver = "lets-encrypt"; domains = "www.weltkarte-pinnwand.com"; }; service = "lanakk_blog"; entrypoints = "websecure"; }; kk_blog = { rule = "Host(`kk.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "kk.lanakk.com"; }; service = "kk_blog"; entrypoints = "websecure"; }; matomo = { rule = "Host(`stats.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "stats.lanakk.com"; }; service = "matomo"; entrypoints = "websecure"; }; matomo-weltkarte-pinnwand = { rule = "Host(`stats.weltkarte-pinnwand.com`)"; tls = { certResolver = "lets-encrypt"; domains = "stats.weltkarte-pinnwand.com"; }; service = "matomo"; entrypoints = "websecure"; }; pgadmin = { rule = "Host(`pg.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "pg.lanakk.com"; }; service = "pgadmin"; entrypoints = "websecure"; }; nextcloud = { rule = "Host(`cloud.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "cloud.lanakk.com"; }; service = "nextcloud"; entrypoints = "websecure"; middlewares = "nextcloud_redirectregex,nextcloud_headers"; }; mautic = { rule = "Host(`ma.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "ma.lanakk.com"; }; service = "mautic"; entrypoints = "websecure"; }; littlelink-lanakk = { rule = "Host(`links.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "links.lanakk.com"; }; service = "littlelink-lanakk"; entrypoints = "websecure"; }; http-images = { rule = "Host(`media.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "media.lanakk.com"; }; service = "http-images"; entrypoints = "websecure"; }; syncthing = { rule = "Host(`sync.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "sync.lanakk.com"; }; service = "syncthing"; entrypoints = "websecure"; }; metabase = { rule = "Host(`kpi.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "kpi.lanakk.com"; }; service = "metabase"; entrypoints = "websecure"; }; vaultwarden = { rule = "Host(`vw.lanakk.com`)"; tls = { certResolver = "lets-encrypt"; domains = "vw.lanakk.com"; }; service = "vaultwarden"; entrypoints = "websecure"; }; }; }; }; }; systemd.services.traefik.serviceConfig = { EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ]; }; }