{ config, ... }: { services.traefik = { enable = true; staticConfigOptions = { log = { level = "WARN"; }; certificatesResolvers = { lets-encrypt = { acme = { email = "acc@m3tam3re.com"; storage = "/var/lib/traefik/acme.json"; tlsChallenge = { }; }; }; }; api = { }; entryPoints = { web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; }; }; }; dynamicConfigOptions = { http = { middlewares = { auth = { basicAuth = { users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ]; }; }; nextcloud_redirectregex = { redirectRegex = { permanent = true; regex = "https://(.*)/.well-known/(?:card|cal)dav"; replacement = "https://\${1}/remote.php/dav"; }; }; nextcloud_headers = { headers = { referrerPolicy = "no-referrer"; stsSeconds = "31536000"; forceSTSHeader = true; stsPreload = true; stsIncludeSubdomains = true; }; }; }; services = { baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }]; gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }]; n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }]; littlelink-m3tam3re.loadBalancer.servers = [{ url = "http://localhost:3011/"; }]; matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }]; searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }]; mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }]; m3tam3re.loadBalancer.servers = [{ url = "http://localhost:3012/"; }]; syncthing.loadBalancer.servers = [{ url = "http://localhost:8384/"; }]; vaultwarden.loadBalancer.servers = [{ url = "http://localhost:3014/"; }]; }; routers = { api = { rule = "Host(`r.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; }; service = "api@internal"; middlewares = "auth"; entrypoints = "websecure"; }; baserow = { rule = "Host(`br.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; }; service = "baserow"; entrypoints = "websecure"; }; gitea = { rule = "Host(`code.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "code.m3tam3re.com"; }; service = "gitea"; entrypoints = "websecure"; }; littlelink-m3tm3re = { rule = "Host(`links.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "links.m3tam3re.com"; }; service = "littlelink-m3tam3re"; entrypoints = "websecure"; }; n8n = { rule = "Host(`io.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "io.m3tam3re.com"; }; service = "n8n"; entrypoints = "websecure"; }; m3tam3re = { rule = "Host(`www.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "www.m3tam3re.com"; }; service = "m3tam3re"; entrypoints = "websecure"; }; matomo-m3tam3re = { rule = "Host(`stats.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "stats.m3tam3re.com"; }; service = "matomo"; entrypoints = "websecure"; }; searx = { rule = "Host(`search.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "search.m3tam3re.com"; }; service = "searx"; entrypoints = "websecure"; }; mautic = { rule = "Host(`ma.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "ma.m3tam3re.com"; }; service = "mautic"; entrypoints = "websecure"; }; syncthing = { rule = "Host(`sync.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "sync.m3tam3re.com"; }; service = "syncthing"; entrypoints = "websecure"; }; vaultwarden = { rule = "Host(`vw.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "vw.m3tam3re.com"; }; service = "vaultwarden"; middlewares = "auth"; entrypoints = "websecure"; }; }; }; }; }; systemd.services.traefik.serviceConfig = { EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ]; }; }