root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
the_prg_server_configuratio.../nix-system-configs/modules/system/traefik.nix

103 lines
2.4 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
...
}: {
config = {
local.hostname = "nixos-traefik";
local.username = "traefikprg";
local.userDescription = "NixOS PRG Traefik Service";
local.address = "10.1.1.250";
};
services.traefik = {
enable = true;
group = "acme";
staticConfigOptions = {
entryPoints = {
web = {
address = ":80";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":443";
asDefault = true;
http.tls = {
domains = [
{
main = "prg-radio.org";
sans = ["*.prg-radio.org"];
}
];
};
};
};
log = {
level = "INFO";
filePath = "${config.services.traefik.dataDir}/traefik.log";
format = "json";
};
api.dashboard = true;
api.insecure = true;
};
dynamicConfigOptions = {
tls.certificates = [
{
certFile = "/var/lib/acme/prg-radio.org/cert.pem";
keyFile = "/var/lib/acme/prg-radio.org/key.pem";
}
];
http.routers = {
forgejo = {
rule = "Host(`git.prg-radio.org`)";
service = "forgejo";
entryPoints = ["websecure"];
tls = {};
};
};
http.services = {
forgejo.loadBalancer = {
servers = [
{url = "http://10.1.1.4:3000";}
];
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "dtu.prg@gmail.com";
certs."prg-radio.org" = {
domain = "*.prg-radio.org";
group = "acme";
dnsProvider = "cloudflare";
environmentFile = "/home/traefikprg/cloudflare/cloudflare.env";
reloadServices = ["traefik.service"];
};
};
systemd.services.traefik = {
after = ["acme-finished-prg-radio.org.target"];
wants = ["acme-finished-prg-radio.org.target"];
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
imports = [
./modules/desktop-manager/sway_greetd_homemanager.nix
./modules/local/hostname_username.nix
./modules/local/networking_local.nix
./modules/bootloader/seabios.nix
./modules/lix-default.nix
# Optionally: ./modules/toolsets/remote_building.nix
];
system.stateVersion = "25.11";
}
Reference in a new issue View git blame Copy permalink