karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update traefik options

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-03-12 10:14:22 +00:00
parent 10e0980f8f
commit eb7fc4a122
4 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
View File

@@ -149,8 +149,8 @@ in
labels = [
"traefik.enable=true"
"traefik.http.routers.authelia.rule=Host(`id.karaolidis.com`)"
"traefik.http.routers.authelia.entryPoints=https"
"traefik.http.routers.traefik.tls.certresolver=letsencrypt"
"traefik.http.routers.authelia.tls.certresolver=letsencrypt"
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
"traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name"

1
hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix
View File

@@ -130,7 +130,6 @@ in
labels = [
"traefik.enable=true"
"traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
"traefik.http.routers.ntfy.entrypoints=websecure"
"traefik.http.routers.ntfy.tls.certresolver=letsencrypt"
];
};

26
hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
View File

@@ -14,10 +14,16 @@ let
inherit (hmConfig.virtualisation.quadlet) networks volumes containers;
in
{
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall = {
allowedTCPPorts = [
80
443
];
allowedUDPPorts = [
80
443
];
};
home-manager.users.${user} = {
sops = {
@@ -54,19 +60,21 @@ in
"--entryPoints.web.address=:80"
"--entrypoints.web.http.redirections.entryPoint.to=websecure"
"--entrypoints.web.http.redirections.entryPoint.scheme=https"
"--entryPoints.web.http3"
"--entrypoints.web.forwardedHeaders.insecure=true"
"--entryPoints.websecure.address=:443"
"--entryPoints.websecure.asDefault=true"
"--entrypoints.websecure.http.tls=true"
"--entrypoints.websecure.http.tls.certResolver=letsencrypt"
"--entrypoints.websecure.http.tls.domains[0].main=karaolidis.com"
"--entrypoints.websecure.http.tls.domains[0].sans=*.karaolidis.com"
"--entrypoints.websecure.http.tls.domains[1].main=krlds.com"
"--entrypoints.websecure.http.tls.domains[1].sans=*.krlds.com"
"--entrypoints.websecure.http.middlewares=compress@docker"
"--entryPoints.websecure.http3"
"--entrypoints.websecure.forwardedHeaders.insecure=true"
# TODO: Middlewares: Compress, Headers
# TODO: HTTP3
"--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
"--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
"--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com"
@@ -75,10 +83,12 @@ in
labels = [
"traefik.enable=true"
"traefik.http.routers.traefik.rule=Host(`proxy.karaolidis.com`)"
"traefik.http.routers.traefik.entrypoints=websecure"
"traefik.http.routers.traefik.tls.certresolver=letsencrypt"
"traefik.http.routers.traefik.service: 'api@internal'"
"traefik.http.routers.traefik.middlewares: 'authelia@docker'"
"traefik.http.middlewares.compress.compress=true"
# TODO: Middlewares: Headers
];
environmentFiles = [ hmConfig.sops.templates."traefik.env".path ];
};

1
hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix
View File

@@ -26,7 +26,6 @@ in
labels = [
"traefik.enable=true"
"traefik.http.routers.whoami.rule=Host(`whoami.karaolidis.com`)"
"traefik.http.routers.whoami.entrypoints=websecure"
"traefik.http.routers.whoami.tls.certresolver=letsencrypt"
];
};