{ config, ... }: { services.traefik = { enable = true; staticConfigOptions = { log = { level = "WARN"; }; certificatesResolvers = { godaddy = { acme = { email = "dev@lanakk.com"; storage = "/var/lib/traefik/acme.json"; dnsChallenge = { provider = "godaddy"; }; }; }; lets-encrypt = { acme = { email = "dev@lanakk.com"; storage = "/var/lib/traefik/acme.json"; tlsChallenge = {}; }; }; }; api = { }; entryPoints = { web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; }; }; }; dynamicConfigOptions = { http = { middlewares = { auth = { basicAuth = { users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ]; }; }; nextcloud_redirectregex = { redirectRegex = { permanent = true; regex = "https://(.*)/.well-known/(?:card|cal)dav"; replacement = "https://\${1}/remote.php/dav"; }; }; nextcloud_headers = { headers = { referrerPolicy = "no-referrer"; stsSeconds = "31536000"; forceSTSHeader = true; stsPreload = true; stsIncludeSubdomains = true; }; }; }; services = { baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }]; gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }]; n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }]; lanakk_blog.loadBalancer.servers = [{ url = "http://localhost:3002/"; }]; matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }]; searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }]; nextcloud.loadBalancer.servers = [{ url = "http://localhost:3005/"; }]; invidious.loadBalancer.servers = [{ url = "http://localhost:3006/"; }]; wireguard.loadBalancer.servers = [{ url = "http://localhost:3007/"; }]; adguard.loadBalancer.servers = [{ url = "http://localhost:3008/"; }]; briefkasten.loadBalancer.servers = [{ url = "http://localhost:3009/"; }]; littlelink-lanakk.loadBalancer.servers = [{ url = "http://localhost:3010/"; }]; littlelink-m3tam3re.loadBalancer.servers = [{ url = "http://localhost:3011/"; }]; http-images.loadBalancer.servers = [{ url = "http://localhost:3012/"; }]; syncthing.loadBalancer.servers = [{ url = "http://localhost:8384/"; }]; minio.loadBalancer.servers = [{ url = "http://localhost:9000/"; }]; minio-console.loadBalancer.servers = [{ url = "http://localhost:9001/"; }]; }; routers = { api = { rule = "Host(`r.lanakk.com`)"; tls = { certResolver = "godaddy"; }; service = "api@internal"; middlewares = "auth"; entrypoints = "websecure"; }; baserow = { rule = "Host(`db.lanakk.com`)"; tls = { certResolver = "godaddy"; }; service = "baserow"; entrypoints = "websecure"; }; gitea = { rule = "Host(`code.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "code.lanakk.com"; }; service = "gitea"; entrypoints = "websecure"; }; n8n = { rule = "Host(`wf.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "wf.lanakk.com"; }; service = "n8n"; entrypoints = "websecure"; }; lanakk_blog = { rule = "Host(`www.weltkarte-pinnwand.com`)"; tls = { certResolver = "godaddy"; domains = "www.weltkarte-pinnwand.com"; }; service = "lanakk_blog"; entrypoints = "websecure"; }; matomo = { rule = "Host(`stats.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "stats.lanakk.com"; }; service = "matomo"; entrypoints = "websecure"; }; matomo-weltkarte-pinnwand = { rule = "Host(`stats.weltkarte-pinnwand.com`)"; tls = { certResolver = "godaddy"; domains = "stats.weltkarte-pinnwand.com"; }; service = "matomo"; entrypoints = "websecure"; }; minio = { rule = "Host(`s3.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "s3.lanakk.com"; }; service = "minio"; entrypoints = "websecure"; }; minio-console = { rule = "Host(`minio.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "minio.lanakk.com"; }; service = "minio-console"; entrypoints = "websecure"; }; searx = { rule = "Host(`search.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "search.lanakk.com"; }; service = "searx"; entrypoints = "websecure"; }; invidious = { rule = "Host(`video.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "video.lanakk.com"; }; service = "invidious"; entrypoints = "websecure"; }; nextcloud = { rule = "Host(`cloud.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "cloud.lanakk.com"; }; service = "nextcloud"; entrypoints = "websecure"; middlewares = "nextcloud_redirectregex,nextcloud_headers"; }; wireguard = { rule = "Host(`wg.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "wg.lanakk.com"; }; service = "wireguard"; middlewares = "auth"; entrypoints = "websecure"; }; adguard = { rule = "Host(`ab.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "ab.lanakk.com"; }; service = "adguard"; middlewares = "auth"; entrypoints = "websecure"; }; briefkasten = { rule = "Host(`bm.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "bm.lanakk.com"; }; service = "briefkasten"; entrypoints = "websecure"; }; littlelink-lanakk = { rule = "Host(`links.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "links.lanakk.com"; }; service = "littlelink-lanakk"; entrypoints = "websecure"; }; http-images = { rule = "Host(`media.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "media.lanakk.com"; }; service = "http-images"; entrypoints = "websecure"; }; syncthing = { rule = "Host(`sync.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "sync.lanakk.com"; }; service = "syncthing"; entrypoints = "websecure"; }; littlelink-m3tm3re = { rule = "Host(`links.m3tam3re.com`)"; tls = { certResolver = "lets-encrypt"; domains = "links.m3tam3re.com"; }; service = "littlelink-m3tam3re"; entrypoints = "websecure"; }; }; }; }; }; systemd.services.traefik.serviceConfig = { EnvironmentFile="${config.age.secrets.traefik-env.path}"; }; }