diff --git a/modules/services/traefik.nix b/modules/services/traefik.nix index d6f25a4..35cb865 100644 --- a/modules/services/traefik.nix +++ b/modules/services/traefik.nix @@ -1,5 +1,5 @@ {...}: { - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [80 443 8080]; services.traefik = { enable = true; @@ -7,15 +7,33 @@ dynamicConfigOptions = { http = { routers = { - homepage = { - rule = "Host(`dashboard.lab`)"; + api = { + rule = "PathPrefix(`/api/`)"; entryPoints = ["websecure"]; - service = "homepage"; + service = "api@internal"; + }; + homepage = { + rule = "Host(`homepage.lab`)"; + entrypoints = ["web"]; + service = "homepage@docker"; + }; + searxng = { + rule = "Host(`test`)"; + entrypoints = ["web"]; + service = "searxng@docker"; + }; + hugo = { + rule = "Host(``)"; + entryPoints = ["websecure"]; + service = "hugo@docker"; }; }; }; }; staticConfigOptions = { + api.dashboard = true; + api.insecure = true; + providers.docker = true; global = { checkNewVersion = false; sendAnonymousUsage = false; @@ -24,6 +42,26 @@ websecure.address = ":443"; web.address = ":80"; }; + certificatesResolvers = { + staging.acme = { + email = "x3xr6n66@notohh.dev"; + storage = "/var/lib/traefik/acme.json"; + caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; + dnsChallenge = { + provider = "cloudflare"; + delayBeforeCheck = 0; + }; + }; + production.acme = { + email = "x3xr6n66@notohh.dev"; + storage = "/var/lib/traefik/acme.json"; + caServer = "https://acme-v02.api.letsencrypt.org/directory"; + dnsChallenge = { + provider = "cloudflare"; + delayBeforeCheck = 0; + }; + }; + }; }; }; }