nix-configurations/hosts/lkk-nix-1/services/traefik.nix

89 lines
2.6 KiB
Nix

{ config, ... }: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = { level = "WARN"; };
certificatesResolvers = {
godaddy = {
acme = {
email = "dev@lanakk.com";
storage = "/var/lib/traefik/acme.json";
dnsChallenge = { provider = "godaddy"; };
};
};
};
api = { };
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = { address = ":443"; };
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ];
};
};
};
services = {
baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }];
gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }];
n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }];
};
routers = {
api = {
rule = "Host(`r.lanakk.com`)";
tls = { certResolver = "godaddy"; };
service = "api@internal";
middlewares = "auth";
entrypoints = "websecure";
};
baserow = {
rule = "Host(`db.lanakk.com`)";
tls = { certResolver = "godaddy"; };
service = "baserow";
entrypoints = "websecure";
};
gitea = {
rule = "Host(`code.lanakk.com`)";
tls = {
certResolver = "godaddy";
domains = "code.lanakk.com";
};
service = "gitea";
entrypoints = "websecure";
};
n8n = {
rule = "Host(`wf.lanakk.com`)";
tls = {
certResolver = "godaddy";
domains = "wf.lanakk.com";
};
service = "n8n";
entrypoints = "websecure";
};
};
};
};
};
systemd.services.traefik.environment = {
GODADDY_API_KEY_FILE = config.age.secrets.godaddy-api-key.path;
GODADDY_API_SECRET_FILE = config.age.secrets.godaddy-api-secret.path;
}; # TODO put all the variables into an env file
systemd.services.traefik.postStart = ''
/run/current-system/sw/bin/bash -c GODADDY_API_KEY=`cat $GODADDY_API_KEY_FILE` && export GODADDY_API_KEY
/run/current-system/sw/bin/bash -c GODADDY_API_SECRET=`cat $GODADDY_API_SECRET_FILE` && export GODADDY_API_SECRET
'';
}