diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix index 5337bfa..afee7db 100644 --- a/hosts/sakura/services/default.nix +++ b/hosts/sakura/services/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./traefik.nix ./authelia.nix ./forgejo.nix ./rustypaste.nix diff --git a/hosts/sakura/services/traefik.nix b/hosts/sakura/services/traefik.nix deleted file mode 100644 index 7cd740f..0000000 --- a/hosts/sakura/services/traefik.nix +++ /dev/null @@ -1,83 +0,0 @@ -{config, ...}: { - sops.secrets.cloudflare-api-key = {}; - systemd.services.traefik = { - environment = { - CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev"; - }; - serviceConfig = { - EnvironmentFile = [config.sops.secrets.cloudflare-api-key.path]; - }; - }; - services.traefik = { - enable = true; - dynamicConfigOptions = { - http = { - middlewares.authelia = { - forwardauth = { - address = "http://localhost:9091/api/verify?rd=https://passport.notohh.dev/"; - trustForwardHeader = true; - }; - }; - routers = { - api = { - rule = "PathPrefix(`/api/`)"; - entrypoints = ["websecure"]; - service = "api@internal"; - }; - dashdot = { - rule = "Host(`dashdot.sakura.internal.flake.sh`)"; - entrypoints = ["web"]; - service = "dashdot"; - }; - }; - services = { - dashdot.loadBalancer.servers = [{url = "http://localhost:4000";}]; - }; - }; - }; - staticConfigOptions = { - log.level = "DEBUG"; - api.dashboard = false; - api.insecure = false; - global = { - checkNewVersion = false; - sendAnonymousUsage = false; - }; - entryPoints = { - websecure = { - address = ":443"; - }; - web = { - address = ":80"; - }; - }; - metrics = { - prometheus = { - addServicesLabels = true; - }; - }; - certificatesResolvers = { - staging.acme = { - email = "x3xr6n66@notohh.dev"; - storage = "/var/lib/traefik/acme.json"; - caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; - dnsChallenge = { - provider = "cloudflare"; - resolvers = ["1.1.1.1:53" "1.0.0.1:53"]; - delayBeforeCheck = "0"; - }; - }; - production.acme = { - email = "x3xr6n66@notohh.dev"; - storage = "/var/lib/traefik/acme.json"; - caServer = "https://acme-v02.api.letsencrypt.org/directory"; - dnsChallenge = { - provider = "cloudflare"; - resolvers = ["1.1.1.1:53" "1.0.0.1:53"]; - delayBeforeCheck = "0"; - }; - }; - }; - }; - }; -}