{ config, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 8080 ]; sops.secrets.cloudflare-api-key = { }; systemd.services.traefik = { environment = { CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev"; }; serviceConfig = { EnvironmentFile = [ config.sops.secrets.cloudflare-api-key.path ]; }; }; services.traefik = { enable = true; dynamicConfigOptions = { http = { routers = let fqdn = "internal.flake.sh"; in { # local api = { rule = "PathPrefix(`/api/`)"; entryPoints = [ "websecure" ]; service = "api@internal"; }; homepage = { rule = "Host(`dashboard.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "homepage"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; stash = { rule = "Host(`stash.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "stash"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; jellyfin = { rule = "Host(`jellyfin.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "jellyfin"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; jellyseerr = { rule = "Host(`jellyseerr.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "jellyseerr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; wallos = { rule = "Host(`wallos.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "wallos"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; hass = { rule = "Host(`hass.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "hass"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; paperless = { rule = "Host(`paperless.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "paperless"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; miniflux = { rule = "Host(`rss.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "miniflux"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; # kariru sonarr = { rule = "Host(`sonarr.${fqdn}`)"; entryPoints = [ "websecure" ]; service = "sonarr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; radarr = { rule = "Host(`radarr.${fqdn}`)"; entryPoints = [ "websecure" ]; service = "radarr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; readarr = { rule = "Host(`readarr.${fqdn}`)"; entryPoints = [ "websecure" ]; service = "readarr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; lidarr = { rule = "Host(`lidarr.${fqdn}`)"; entryPoints = [ "websecure" ]; service = "lidarr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; bazarr = { rule = "Host(`bazarr.${fqdn}`)"; entryPoints = [ "websecure" ]; service = "bazarr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; whisparr = { rule = "Host(`whisparr.${fqdn}`)"; entryPoints = [ "websecure" ]; service = "whisparr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; prowlarr = { rule = "Host(`prowlarr.${fqdn}`)"; entrypoints = [ "websecure" ]; service = "prowlarr"; tls.domains = [ { main = "*.${fqdn}"; } ]; tls.certresolver = "production"; }; }; services = let kariruHost = "192.168.1.54:"; in { # local stash.loadBalancer.servers = [ { url = "http://localhost:9999"; } ]; homepage.loadBalancer.servers = [ { url = "http://localhost:7676"; } ]; jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096"; } ]; jellyseerr.loadBalancer.servers = [ { url = "http://localhost:5055"; } ]; wallos.loadBalancer.servers = [ { url = "http://localhost:8282"; } ]; hass.loadBalancer.servers = [ { url = "http://localhost:8123"; } ]; paperless.loadBalancer.servers = [ { url = "http://localhost:28981"; } ]; miniflux.loadBalancer.servers = [ { url = "http://localhost:9000"; } ]; # kariru sonarr.loadBalancer.servers = [ { url = "http://${kariruHost}8989"; } ]; radarr.loadBalancer.servers = [ { url = "http://${kariruHost}7878"; } ]; readarr.loadBalancer.servers = [ { url = "http://${kariruHost}8787"; } ]; lidarr.loadBalancer.servers = [ { url = "http://${kariruHost}8686"; } ]; bazarr.loadBalancer.servers = [ { url = "http://${kariruHost}6767"; } ]; whisparr.loadBalancer.servers = [ { url = "http://${kariruHost}6969"; } ]; prowlarr.loadBalancer.servers = [ { url = "http://${kariruHost}9696"; } ]; }; }; }; staticConfigOptions = { log.level = "DEBUG"; api.dashboard = true; api.insecure = true; global = { checkNewVersion = false; sendAnonymousUsage = false; }; entryPoints = { websecure = { address = ":443"; forwardedHeaders.insecure = true; }; web = { address = ":80"; forwardedHeaders.insecure = true; }; }; certificatesResolvers = { production.acme = { email = "x3xr6n66@notohh.dev"; storage = "/var/lib/traefik/acme.json"; caServer = "https://acme-v02.api.letsencrypt.org/directory"; dnsChallenge = { provider = "cloudflare"; resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ]; delayBeforeCheck = "0"; }; }; }; }; }; }