snowflake/hosts/sora/services/traefik.nix

273 lines
9.2 KiB
Nix
Raw Normal View History

2023-06-24 19:11:16 -04:00
{config, ...}: {
sops.secrets.cloudflare-api-key = {};
2023-10-17 00:48:08 -04:00
networking.firewall.allowedTCPPorts = [80 443 2222 8080];
2023-06-24 19:11:16 -04:00
systemd.services.traefik = {
environment = {
CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev";
};
serviceConfig = {
EnvironmentFile = [config.sops.secrets.cloudflare-api-key.path];
};
};
services.traefik = {
enable = true;
dynamicConfigOptions = {
2023-10-07 17:06:51 -04:00
tcp = {
routers = {
gitssh = {
rule = "HostSNI(`*`)";
entrypoints = ["gitssh"];
service = "gitssh";
};
};
};
2023-06-24 19:11:16 -04:00
http = {
2023-10-12 02:16:22 -04:00
middlewares = {
authelia = {
forwardauth = {
address = "http://100.121.201.47:9091/api/verify?rd=https://passport.notohh.dev/";
trustForwardHeader = true;
};
};
redirect-to-https = {
redirectscheme.scheme = "https";
redirectscheme.permanent = true;
2023-06-24 19:11:16 -04:00
};
2023-10-27 12:33:05 -04:00
cors = {
headers = {
accessControlAllowOriginList = "https://daphbot.notohh.dev";
};
};
2023-06-24 19:11:16 -04:00
};
routers = {
api = {
rule = "PathPrefix(`/api/`)";
entrypoints = ["websecure"];
service = "api@internal";
};
2023-10-12 02:16:22 -04:00
uptime-kuma-insecure = {
rule = "Host(`status.flake.sh`)";
entrypoints = ["web"];
service = "uptime-kuma";
middlewares = "redirect-to-https";
};
2023-06-24 19:11:16 -04:00
uptime-kuma = {
2023-10-03 14:24:26 -04:00
rule = "Host(`status.flake.sh`)";
2023-06-24 19:11:16 -04:00
entrypoints = ["websecure"];
service = "uptime-kuma";
2023-10-03 14:24:26 -04:00
tls.domains = [{main = "*.flake.sh";}];
2023-06-24 19:11:16 -04:00
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
gotify-insecure = {
rule = "Host(`gotify.flake.sh`)";
entrypoints = ["web"];
service = "gotify";
middlewares = "redirect-to-https";
};
2023-09-19 16:02:44 -04:00
gotify = {
2023-10-03 14:24:26 -04:00
rule = "Host(`gotify.flake.sh`)";
2023-09-19 16:02:44 -04:00
entrypoints = ["websecure"];
service = "gotify";
2023-10-03 14:24:26 -04:00
tls.domains = [{main = "*.flake.sh";}];
2023-09-18 18:28:26 -04:00
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
conduit-insecure = {
rule = "Host(`matrix.flake.sh`)";
entrypoints = ["web"];
service = "conduit";
middlewares = "redirect-to-https";
};
2023-09-25 12:49:20 -04:00
conduit = {
2023-10-03 14:24:26 -04:00
rule = "Host(`matrix.flake.sh`)";
2023-09-25 12:49:20 -04:00
entrypoints = ["websecure"];
service = "conduit";
2023-10-03 14:24:26 -04:00
tls.domains = [{main = "*.flake.sh";}];
2023-09-25 12:49:20 -04:00
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
authelia-insecure = {
rule = "Host(`passport.notohh.dev`)";
entrypoints = ["web"];
service = "authelia";
middlewares = "redirect-to-https";
};
2023-10-04 21:49:22 -04:00
authelia = {
rule = "Host(`passport.notohh.dev`)";
entrypoints = ["websecure"];
service = "authelia";
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
foundryvtt-insecure = {
rule = "Host(`foundry.flake.sh`)";
entrypoints = ["web"];
service = "authelia";
middlewares = "redirect-to-https";
};
foundryvtt = {
rule = "Host(`foundry.flake.sh`)";
entrypoints = ["websecure"];
service = "foundryvtt";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
forgejo-insecure = {
rule = "Host(`git.flake.sh`)";
entrypoints = ["web"];
service = "forgejo";
middlewares = "redirect-to-https";
};
forgejo = {
rule = "Host(`git.flake.sh`)";
entrypoints = ["websecure"];
service = "forgejo";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
2023-10-27 12:33:05 -04:00
middlewares = "cors";
};
2023-10-12 02:16:22 -04:00
rustypaste-insecure = {
rule = "Host(`i.flake.sh`)";
entrypoints = ["web"];
service = "rustypaste";
middlewares = "redirect-to-https";
};
rustypaste = {
rule = "Host(`i.flake.sh`)";
entrypoints = ["websecure"];
service = "rustypaste";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
grafana-insecure = {
rule = "Host(`metrics.flake.sh`)";
entrypoints = ["web"];
service = "grafana";
middlewares = "redirect-to-https";
};
grafana = {
rule = "Host(`metrics.flake.sh`)";
entrypoints = ["websecure"];
service = "grafana";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
hedgedoc-insecure = {
rule = "Host(`scratch.flake.sh`)";
entrypoints = ["web"];
service = "hedgedoc";
middlewares = "redirect-to-https";
};
hedgedoc = {
rule = "Host(`scratch.flake.sh`)";
entrypoints = ["websecure"];
service = "hedgedoc";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
2023-10-12 02:16:22 -04:00
vaultwarden-insecure = {
rule = "Host(`vault.flake.sh`)";
entrypoints = ["web"];
service = "vaultwarden";
middlewares = "redirect-to-https";
};
vaultwarden = {
rule = "Host(`vault.flake.sh`)";
entrypoints = ["websecure"];
service = "vaultwarden";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
2023-11-30 10:54:55 -05:00
neko-insecure = {
rule = "Host(`neko.flake.sh`)";
entrypoints = ["web"];
service = "neko";
middlewares = "redirect-to-https";
};
neko = {
rule = "Host(`neko.flake.sh`)";
entrypoints = ["websecure"];
service = "neko";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
2023-12-15 08:28:33 -05:00
justlog-insecure = {
rule = "Host(`logs.flake.sh`)";
entrypoints = ["web"];
service = "justlog";
middlewares = "redirect-to-https";
};
justlog = {
rule = "Host(`logs.flake.sh`)";
entrypoints = ["websecure"];
service = "justlog";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
2023-06-24 19:11:16 -04:00
};
services = {
2023-10-10 15:42:45 -04:00
gitssh.loadBalancer.servers = [{url = "tcp://100.121.201.47:2222";}];
2023-11-30 14:55:40 -05:00
uptime-kuma.loadBalancer.servers = [{url = "http://100.104.42.96:4000";}];
gotify.loadBalancer.servers = [{url = "http://100.104.42.96:3000";}];
2023-09-28 17:06:50 -04:00
conduit.loadBalancer.servers = [{url = "http://100.121.201.47:6167";}];
2023-10-04 21:49:22 -04:00
authelia.loadBalancer.servers = [{url = "http://100.121.201.47:9091";}];
foundryvtt.loadBalancer.servers = [{url = "http://100.121.201.47:30000";}];
forgejo.loadBalancer.servers = [{url = "http://100.121.201.47:3200";}];
rustypaste.loadBalancer.servers = [{url = "http://100.121.201.47:8000";}];
grafana.loadBalancer.servers = [{url = "http://100.121.201.47:3100";}];
hedgedoc.loadBalancer.servers = [{url = "http://100.121.201.47:3300";}];
vaultwarden.loadBalancer.servers = [{url = "http://100.121.201.47:8222";}];
2023-10-16 23:14:43 -04:00
searxng.loadBalancer.servers = [{url = "http://100.121.201.47:8100";}];
2023-11-30 10:54:55 -05:00
neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}];
2023-12-15 08:28:33 -05:00
justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}];
2023-06-24 19:11:16 -04:00
};
};
};
staticConfigOptions = {
log.level = "DEBUG";
2023-10-17 00:48:08 -04:00
api.dashboard = true;
2023-11-11 16:28:21 -05:00
api.insecure = true;
2023-06-24 19:11:16 -04:00
global = {
checkNewVersion = false;
sendAnonymousUsage = false;
};
entryPoints = {
websecure = {
address = ":443";
};
web = {
address = ":80";
};
2023-10-07 17:06:51 -04:00
gitssh = {
address = ":2222";
};
2023-06-24 19:11:16 -04:00
};
metrics = {
prometheus = {
addServicesLabels = true;
};
};
certificatesResolvers = {
staging.acme = {
email = "x3xr6n66@notohh.dev";
storage = "/var/lib/traefik/acme.json";
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
delayBeforeCheck = "0";
};
};
production.acme = {
email = "x3xr6n66@notohh.dev";
storage = "/var/lib/traefik/acme.json";
caServer = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
delayBeforeCheck = "0";
};
};
};
};
};
}