{ config, ... }: { services.traefik = { enable = true; staticConfigOptions = { log = { level = "WARN"; }; certificatesResolvers = { godaddy = { acme = { email = "dev@lanakk.com"; storage = "/var/lib/traefik/acme.json"; dnsChallenge = { provider = "godaddy"; }; }; }; }; api = { }; entryPoints = { web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; }; }; }; dynamicConfigOptions = { http = { middlewares = { auth = { basicAuth = { users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ]; }; }; nextcloud_redirectregex = { redirectRegex = { permanent = true; regex = "https://(.*)/.well-known/(?:card|cal)dav"; replacement = "https://\${1}/remote.php/dav"; }; }; }; services = { baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }]; gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }]; n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }]; lanakk_blog.loadBalancer.servers = [{ url = "http://localhost:3002/"; }]; matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }]; searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }]; nextcloud.loadBalancer.servers = [{ url = "http://localhost:3005/"; }]; invidious.loadBalancer.servers = [{ url = "http://localhost:3006/"; }]; wireguard.loadBalancer.servers = [{ url = "http://localhost:3007/"; }]; adguard.loadBalancer.servers = [{ url = "http://localhost:3008/"; }]; }; routers = { api = { rule = "Host(`r.lanakk.com`)"; tls = { certResolver = "godaddy"; }; service = "api@internal"; middlewares = "auth"; entrypoints = "websecure"; }; baserow = { rule = "Host(`db.lanakk.com`)"; tls = { certResolver = "godaddy"; }; service = "baserow"; entrypoints = "websecure"; }; gitea = { rule = "Host(`code.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "code.lanakk.com"; }; service = "gitea"; entrypoints = "websecure"; }; n8n = { rule = "Host(`wf.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "wf.lanakk.com"; }; service = "n8n"; entrypoints = "websecure"; }; lanakk_blog = { rule = "Host(`www.weltkarte-pinnwand.com`)"; tls = { certResolver = "godaddy"; domains = "www.weltkarte-pinnwand.com"; }; service = "lanakk_blog"; entrypoints = "websecure"; }; matomo = { rule = "Host(`stats.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "stats.lanakk.com"; }; service = "matomo"; entrypoints = "websecure"; }; searx = { rule = "Host(`search.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "search.lanakk.com"; }; service = "searx"; entrypoints = "websecure"; }; invidious = { rule = "Host(`video.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "video.lanakk.com"; }; service = "invidious"; entrypoints = "websecure"; }; nextcloud = { rule = "Host(`cloud.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "cloud.lanakk.com"; }; service = "nextcloud"; entrypoints = "websecure"; middlewares = "nextcloud_redirectregex"; }; wireguard = { rule = "Host(`wg.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "wg.lanakk.com"; }; service = "wireguard"; middlewares = "auth"; entrypoints = "websecure"; }; adguard = { rule = "Host(`ab.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "ab.lanakk.com"; }; service = "adguard"; middlewares = "auth"; entrypoints = "websecure"; }; }; }; }; }; systemd.services.traefik.environment = { GODADDY_API_KEY_FILE = config.age.secrets.godaddy-api-key.path; GODADDY_API_SECRET_FILE = config.age.secrets.godaddy-api-secret.path; }; # TODO put all the variables into an env file systemd.services.traefik.postStart = '' /run/current-system/sw/bin/bash -c GODADDY_API_KEY=`cat $GODADDY_API_KEY_FILE` && export GODADDY_API_KEY /run/current-system/sw/bin/bash -c GODADDY_API_SECRET=`cat $GODADDY_API_SECRET_FILE` && export GODADDY_API_SECRET ''; }