diff --git a/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix b/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix index 4e12a4b..e67f1d2 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix @@ -115,13 +115,9 @@ in entrypoint = "/entrypoint.sh"; labels = [ "traefik.enable=true" - - "traefik.http.routers.ntfy-public.rule=Host(`ntfy.karaolidis.com`)" - "traefik.http.routers.ntfy-public.entrypoints=websecure" - "traefik.http.routers.ntfy-public.tls.certresolver=letsencrypt" - - "traefik.http.routers.ntfy-local.rule=Host(`ntfy.karaolidis.local`)" - "traefik.http.routers.ntfy-local.entrypoints=websecure" + "traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)" + "traefik.http.routers.ntfy.entrypoints=websecure" + "traefik.http.routers.ntfy.tls.certresolver=letsencrypt" ]; }; diff --git a/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix b/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix index d5c6856..3909401 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix @@ -13,8 +13,6 @@ in networking.firewall.allowedTCPPorts = [ 80 443 - # TODO: Remove - 8080 ]; home-manager.users.${user} = { @@ -38,12 +36,19 @@ in containerConfig = { autoUpdate = "registry"; image = "docker.io/library/traefik:latest"; + networks = [ networks.traefik.ref ]; + volumes = [ + "/run/user/${ + builtins.toString config.users.users.${user}.uid + }/podman/podman.sock:/var/run/docker.sock" + "${volumes.letsencrypt.ref}:/letsencrypt" + ]; exec = [ - # TODO: Secure - "--api.insecure=true" "--api.dashboard=true" "--api.disabledashboardad=true" + "--global.sendAnonymousUsage=false" + "--providers.docker=true" "--providers.docker.exposedbydefault=false" @@ -60,19 +65,21 @@ in "--entrypoints.websecure.http.tls.domains[1].sans=*.krlds.com" "--entrypoints.websecure.forwardedHeaders.insecure=true" + # TODO: Middlewares: Compress, Headers + # TODO: HTTP3 + "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" "--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com" "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" ]; - networks = [ networks.traefik.ref ]; - # TODO: Remove - publishPorts = [ "0.0.0.0:8080:8080" ]; - volumes = [ - "/run/user/${ - builtins.toString config.users.users.${user}.uid - }/podman/podman.sock:/var/run/docker.sock" - "${volumes.letsencrypt.ref}:/letsencrypt" + labels = [ + "traefik.enable=true" + "traefik.http.routers.traefik.rule=Host(`proxy.karaolidis.com`)" + "traefik.http.routers.traefik.entrypoints=websecure" + "traefik.http.routers.traefik.tls.certresolver=letsencrypt" + "traefik.http.routers.traefik.service: 'api@internal'" + "traefik.http.routers.traefik.middlewares: 'authelia@docker'" ]; environmentFiles = [ hmConfig.sops.templates."traefik.env".path ]; }; diff --git a/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix b/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix index d8d7fe2..2f230a9 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix @@ -14,13 +14,9 @@ in networks = [ networks.traefik.ref ]; labels = [ "traefik.enable=true" - - "traefik.http.routers.whoami-public.rule=Host(`whoami.karaolidis.com`)" - "traefik.http.routers.whoami-public.entrypoints=websecure" - "traefik.http.routers.whoami-public.tls.certresolver=letsencrypt" - - "traefik.http.routers.whoami-local.rule=Host(`whoami.karaolidis.local`)" - "traefik.http.routers.whoami-local.entrypoints=websecure" + "traefik.http.routers.whoami.rule=Host(`whoami.karaolidis.com`)" + "traefik.http.routers.whoami.entrypoints=websecure" + "traefik.http.routers.whoami.tls.certresolver=letsencrypt" ]; }; }