{config, ...}: {
networking.firewall.allowedTCPPorts = [80 443 8080];
sops.secrets.cloudflare-api-key = {};
systemd.services.traefik = {
environment = {
CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev";
};
serviceConfig = {
EnvironmentFile = [config.sops.secrets.cloudflare-api-key.path];
};
};
services.traefik = {
enable = true;
dynamicConfigOptions = {
http = {
routers = let
fqdn = "internal.flake.sh";
in {
# local
api = {
rule = "PathPrefix(`/api/`)";
entryPoints = ["websecure"];
service = "api@internal";
};
homepage = {
rule = "Host(`dashboard.${fqdn}`)";
entrypoints = ["websecure"];
service = "homepage";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
stash = {
rule = "Host(`stash.${fqdn}`)";
entrypoints = ["websecure"];
service = "stash";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
jellyfin = {
rule = "Host(`jellyfin.${fqdn}`)";
entrypoints = ["websecure"];
service = "jellyfin";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
jellyseerr = {
rule = "Host(`jellyseerr.${fqdn}`)";
entrypoints = ["websecure"];
service = "jellyseerr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
wallos = {
rule = "Host(`wallos.${fqdn}`)";
entrypoints = ["websecure"];
service = "wallos";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
hass = {
rule = "Host(`hass.${fqdn}`)";
entrypoints = ["websecure"];
service = "hass";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
paperless = {
rule = "Host(`paperless.${fqdn}`)";
entrypoints = ["websecure"];
service = "paperless";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
miniflux = {
rule = "Host(`rss.${fqdn}`)";
entrypoints = ["websecure"];
service = "miniflux";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
# kariru
sonarr = {
rule = "Host(`sonarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "sonarr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
radarr = {
rule = "Host(`radarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "radarr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
readarr = {
rule = "Host(`readarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "readarr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
lidarr = {
rule = "Host(`lidarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "lidarr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
bazarr = {
rule = "Host(`bazarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "bazarr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
whisparr = {
rule = "Host(`whisparr.${fqdn}`)";
entryPoints = ["websecure"];
service = "whisparr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
prowlarr = {
rule = "Host(`prowlarr.${fqdn}`)";
entrypoints = ["websecure"];
service = "prowlarr";
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
};
services = let
kariruHost = "192.168.1.54:";
in {
# local
stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
homepage.loadBalancer.servers = [{url = "http://localhost:7676";}];
jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}];
jellyseerr.loadBalancer.servers = [{url = "http://localhost:5055";}];
wallos.loadBalancer.servers = [{url = "http://localhost:8282";}];
hass.loadBalancer.servers = [{url = "http://localhost:8123";}];
paperless.loadBalancer.servers = [{url = "http://localhost:28981";}];
miniflux.loadBalancer.servers = [{url = "http://localhost:9000";}];
# kariru
sonarr.loadBalancer.servers = [{url = "http://${kariruHost}8989";}];
radarr.loadBalancer.servers = [{url = "http://${kariruHost}7878";}];
readarr.loadBalancer.servers = [{url = "http://${kariruHost}8787";}];
lidarr.loadBalancer.servers = [{url = "http://${kariruHost}8686";}];
bazarr.loadBalancer.servers = [{url = "http://${kariruHost}6767";}];
whisparr.loadBalancer.servers = [{url = "http://${kariruHost}6969";}];
prowlarr.loadBalancer.servers = [{url = "http://${kariruHost}9696";}];
};
};
};
staticConfigOptions = {
log.level = "DEBUG";
api.dashboard = true;
api.insecure = true;
global = {
checkNewVersion = false;
sendAnonymousUsage = false;
};
entryPoints = {
websecure = {
address = ":443";
forwardedHeaders.insecure = true;
};
web = {
address = ":80";
forwardedHeaders.insecure = true;
};
};
certificatesResolvers = {
production.acme = {
email = "x3xr6n66@notohh.dev";
storage = "/var/lib/traefik/acme.json";
caServer = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
delayBeforeCheck = "0";
};
};
};
};
};
}