diff --git a/modules/services/traefik.nix b/modules/services/traefik.nix index 770c8cb..1ab0cf2 100644 --- a/modules/services/traefik.nix +++ b/modules/services/traefik.nix @@ -1,6 +1,15 @@ -{...}: { +{config, ...}: { networking.firewall.allowedTCPPorts = [80 443 8080]; + systemd.user.services.traefik.after = ["docker.service"]; + systemd.services.traefik = { + environment = { + CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev"; + }; + serviceConfig = { + EnvironmentFile = config.sops.secrets.cloudflare-api-key.path; + }; + }; services.traefik = { enable = true; group = "docker"; @@ -13,29 +22,39 @@ service = "api@internal"; }; homepage = { - rule = "Host(`homepage.lab`)"; + rule = "Host(`dashboard.lab`)"; entrypoints = ["web"]; service = "homepage@docker"; }; searxng = { - rule = "Host(`test`)"; + rule = "Host(`searxng.lab`)"; entrypoints = ["web"]; service = "searxng@docker"; }; hugo = { - rule = "Host(`hugo.lab`)"; + rule = "Host(`notohh.dev`)"; entryPoints = ["websecure"]; service = "hugo@docker"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "staging"; }; stash = { rule = "Host(`stash.lab`)"; entrypoints = ["web"]; service = "stash@docker"; }; + foundryvtt = { + rule = "Host(`foundry.notohh.dev`)"; + entrypoints = ["websecure"]; + service = "foundryvtt@docker"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "staging"; + }; }; }; }; staticConfigOptions = { + log.level = "DEBUG"; api.dashboard = true; api.insecure = true; providers.docker = true; @@ -54,7 +73,7 @@ caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; dnsChallenge = { provider = "cloudflare"; - delayBeforeCheck = 0; + delayBeforeCheck = "0"; }; }; production.acme = { @@ -63,7 +82,7 @@ caServer = "https://acme-v02.api.letsencrypt.org/directory"; dnsChallenge = { provider = "cloudflare"; - delayBeforeCheck = 0; + delayBeforeCheck = "0"; }; }; };