{ config, ... }: { services.traefik = { enable = true; staticConfigOptions = { log = { level = "WARN"; }; certificatesResolvers = { godaddy = { acme = { email = "dev@lanakk.com"; storage = "/var/lib/traefik/acme.json"; dnsChallenge = { provider = "godaddy"; }; }; }; }; api = { }; entryPoints = { web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; }; }; }; dynamicConfigOptions = { http = { middlewares = { auth = { basicAuth = { users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ]; }; }; }; services = { baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }]; gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }]; n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }]; }; routers = { api = { rule = "Host(`r.lanakk.com`)"; tls = { certResolver = "godaddy"; }; service = "api@internal"; middlewares = "auth"; entrypoints = "websecure"; }; baserow = { rule = "Host(`db.lanakk.com`)"; tls = { certResolver = "godaddy"; }; service = "baserow"; entrypoints = "websecure"; }; gitea = { rule = "Host(`code.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "code.lanakk.com"; }; service = "gitea"; entrypoints = "websecure"; }; n8n = { rule = "Host(`wf.lanakk.com`)"; tls = { certResolver = "godaddy"; domains = "wf.lanakk.com"; }; service = "n8n"; entrypoints = "websecure"; }; }; }; }; }; systemd.services.traefik.environment = { GODADDY_API_KEY_FILE = config.age.secrets.godaddy-api-key.path; GODADDY_API_SECRET_FILE = config.age.secrets.godaddy-api-secret.path; }; # TODO put all the variables into an env file systemd.services.traefik.postStart = '' /run/current-system/sw/bin/bash -c GODADDY_API_KEY=`cat $GODADDY_API_KEY_FILE` && export GODADDY_API_KEY /run/current-system/sw/bin/bash -c GODADDY_API_SECRET=`cat $GODADDY_API_SECRET_FILE` && export GODADDY_API_SECRET ''; }