karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up traefik routes

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-03-07 22:57:29 +00:00
parent 4676201fce
commit 881b18065a
3 changed files with 25 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix
View File

@@ -115,13 +115,9 @@ in
entrypoint = "/entrypoint.sh";
labels = [
"traefik.enable=true"
"traefik.http.routers.ntfy-public.rule=Host(`ntfy.karaolidis.com`)"
"traefik.http.routers.ntfy-public.entrypoints=websecure"
"traefik.http.routers.ntfy-public.tls.certresolver=letsencrypt"
"traefik.http.routers.ntfy-local.rule=Host(`ntfy.karaolidis.local`)"
"traefik.http.routers.ntfy-local.entrypoints=websecure"
"traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
"traefik.http.routers.ntfy.entrypoints=websecure"
"traefik.http.routers.ntfy.tls.certresolver=letsencrypt"
];
};

31
hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
View File

@@ -13,8 +13,6 @@ in
networking.firewall.allowedTCPPorts = [
80
443
# TODO: Remove
8080
];
home-manager.users.${user} = {
@@ -38,12 +36,19 @@ in
containerConfig = {
autoUpdate = "registry";
image = "docker.io/library/traefik:latest";
networks = [ networks.traefik.ref ];
volumes = [
"/run/user/${
builtins.toString config.users.users.${user}.uid
}/podman/podman.sock:/var/run/docker.sock"
"${volumes.letsencrypt.ref}:/letsencrypt"
];
exec = [
# TODO: Secure
"--api.insecure=true"
"--api.dashboard=true"
"--api.disabledashboardad=true"
"--global.sendAnonymousUsage=false"
"--providers.docker=true"
"--providers.docker.exposedbydefault=false"
@@ -60,19 +65,21 @@ in
"--entrypoints.websecure.http.tls.domains[1].sans=*.krlds.com"
"--entrypoints.websecure.forwardedHeaders.insecure=true"
# TODO: Middlewares: Compress, Headers
# TODO: HTTP3
"--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
"--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
"--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com"
"--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
];
networks = [ networks.traefik.ref ];
# TODO: Remove
publishPorts = [ "0.0.0.0:8080:8080" ];
volumes = [
"/run/user/${
builtins.toString config.users.users.${user}.uid
}/podman/podman.sock:/var/run/docker.sock"
"${volumes.letsencrypt.ref}:/letsencrypt"
labels = [
"traefik.enable=true"
"traefik.http.routers.traefik.rule=Host(`proxy.karaolidis.com`)"
"traefik.http.routers.traefik.entrypoints=websecure"
"traefik.http.routers.traefik.tls.certresolver=letsencrypt"
"traefik.http.routers.traefik.service: 'api@internal'"
"traefik.http.routers.traefik.middlewares: 'authelia@docker'"
];
environmentFiles = [ hmConfig.sops.templates."traefik.env".path ];
};

10
hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix
View File

@@ -14,13 +14,9 @@ in
networks = [ networks.traefik.ref ];
labels = [
"traefik.enable=true"
"traefik.http.routers.whoami-public.rule=Host(`whoami.karaolidis.com`)"
"traefik.http.routers.whoami-public.entrypoints=websecure"
"traefik.http.routers.whoami-public.tls.certresolver=letsencrypt"
"traefik.http.routers.whoami-local.rule=Host(`whoami.karaolidis.local`)"
"traefik.http.routers.whoami-local.entrypoints=websecure"
"traefik.http.routers.whoami.rule=Host(`whoami.karaolidis.com`)"
"traefik.http.routers.whoami.entrypoints=websecure"
"traefik.http.routers.whoami.tls.certresolver=letsencrypt"
];
};
}