Clean up traefik routes

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix

@@ -115,13 +115,9 @@ in
           entrypoint = "/entrypoint.sh";
           labels = [
             "traefik.enable=true"
-
+            "traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
-            "traefik.http.routers.ntfy-public.rule=Host(`ntfy.karaolidis.com`)"
+            "traefik.http.routers.ntfy.entrypoints=websecure"
-            "traefik.http.routers.ntfy-public.entrypoints=websecure"
+            "traefik.http.routers.ntfy.tls.certresolver=letsencrypt"
-            "traefik.http.routers.ntfy-public.tls.certresolver=letsencrypt"
-
-            "traefik.http.routers.ntfy-local.rule=Host(`ntfy.karaolidis.local`)"
-            "traefik.http.routers.ntfy-local.entrypoints=websecure"
           ];
         };
 

hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix

@@ -13,8 +13,6 @@ in
   networking.firewall.allowedTCPPorts = [
     80
     443
-    # TODO: Remove
-    8080
   ];
 
   home-manager.users.${user} = {
@@ -38,12 +36,19 @@ in
         containerConfig = {
           autoUpdate = "registry";
           image = "docker.io/library/traefik:latest";
+          networks = [ networks.traefik.ref ];
+          volumes = [
+            "/run/user/${
+              builtins.toString config.users.users.${user}.uid
+            }/podman/podman.sock:/var/run/docker.sock"
+            "${volumes.letsencrypt.ref}:/letsencrypt"
+          ];
           exec = [
-            # TODO: Secure
-            "--api.insecure=true"
             "--api.dashboard=true"
             "--api.disabledashboardad=true"
 
+            "--global.sendAnonymousUsage=false"
+
             "--providers.docker=true"
             "--providers.docker.exposedbydefault=false"
 
@@ -60,19 +65,21 @@ in
             "--entrypoints.websecure.http.tls.domains[1].sans=*.krlds.com"
             "--entrypoints.websecure.forwardedHeaders.insecure=true"
 
+            # TODO: Middlewares: Compress, Headers
+            # TODO: HTTP3
+
             "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
             "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
             "--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com"
             "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
           ];
-          networks = [ networks.traefik.ref ];
+          labels = [
-          # TODO: Remove
+            "traefik.enable=true"
-          publishPorts = [ "0.0.0.0:8080:8080" ];
+            "traefik.http.routers.traefik.rule=Host(`proxy.karaolidis.com`)"
-          volumes = [
+            "traefik.http.routers.traefik.entrypoints=websecure"
-            "/run/user/${
+            "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
-              builtins.toString config.users.users.${user}.uid
+            "traefik.http.routers.traefik.service: 'api@internal'"
-            }/podman/podman.sock:/var/run/docker.sock"
+            "traefik.http.routers.traefik.middlewares: 'authelia@docker'"
-            "${volumes.letsencrypt.ref}:/letsencrypt"
           ];
           environmentFiles = [ hmConfig.sops.templates."traefik.env".path ];
         };

hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix

@@ -14,13 +14,9 @@ in
     networks = [ networks.traefik.ref ];
     labels = [
       "traefik.enable=true"
-
+      "traefik.http.routers.whoami.rule=Host(`whoami.karaolidis.com`)"
-      "traefik.http.routers.whoami-public.rule=Host(`whoami.karaolidis.com`)"
+      "traefik.http.routers.whoami.entrypoints=websecure"
-      "traefik.http.routers.whoami-public.entrypoints=websecure"
+      "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
-      "traefik.http.routers.whoami-public.tls.certresolver=letsencrypt"
-
-      "traefik.http.routers.whoami-local.rule=Host(`whoami.karaolidis.local`)"
-      "traefik.http.routers.whoami-local.entrypoints=websecure"
     ];
   };
 }