m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

*basic traefik

Browse Source
This commit is contained in:
m3tam3re
2024-11-17 18:29:52 +01:00
parent 79df3dd5c7
commit 1864141a1b
14 changed files with 100 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/m3-helios/default.nix
View File

@ -37,6 +37,7 @@
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];

15
hosts/m3-helios/secrets.nix Normal file
View File

@ -0,0 +1,15 @@
{
age = {
secrets = {
traefik = {
file = ../../secrets/traefik.age;
mode = "770";
owner = "traefik";
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}

2
hosts/m3-helios/services/adguard.nix
View File

@ -12,4 +12,6 @@
};
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
}

1
hosts/m3-helios/services/default.nix
View File

@ -2,6 +2,7 @@
imports = [
./adguard.nix
./containers
./traefik.nix
];
systemd.sleep.extraConfig = ''
AllowSuspend=no

78
hosts/m3-helios/services/traefik.nix Normal file
View File

@ -0,0 +1,78 @@
{config, ...}: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = {level = "WARN";};
certificatesResolvers = {
godaddy = {
acme = {
email = "letsencrypt.org.btlc2@passmail.net";
storage = "/var/lib/traefik/acme.json";
caserver = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "godaddy";
};
};
};
};
api = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {address = ":443";};
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
};
};
};
services = {
m3-prox-1.loadBalancer.servers = [{url = "http://192.168.178.200:8006";}];
ag.loadBalancer.servers = [{url = "http://192.168.178.210:3000";}];
};
routers = {
api = {
rule = "Host(`traefik.l.m3tam3re.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
m3-prox-1 = {
rule = "Host(`m3-prox-1.l.m3tam3re.com`)";
service = "m3-prox-1";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
ag = {
rule = "Host(`ag.l.m3tam3re.com`)";
service = "ag";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.traefik.path}"];
};
networking.firewall.allowedTCPPorts = [80 443];
}

3
secrets.nix
View File

@ -2,14 +2,17 @@ let
# SYSTEMS
m3-ares = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
m3-kratos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDl+LtFGsk/A7BvxwiUCyq5wjRzGtQSrBJzzLGxINF4O";
m3-helios = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyHuLITpI+M45ZZem33wDusY2X988mBoWpD1HDeZNRJ";
systems = [
m3-ares
m3-helios
m3-kratos
];
in {
"secrets/m3tam3re-secrets.age".publicKeys = systems;
"secrets/tailscale-key.age".publicKeys = systems;
"secrets/traefik.age".publicKeys = systems;
"secrets/wg-DE.age".publicKeys = systems;
"secrets/wg-NL.age".publicKeys = systems;
"secrets/wg-NO.age".publicKeys = systems;

BIN
secrets/m3tam3re-secrets.age
View File

Binary file not shown.

BIN
secrets/tailscale-key.age
View File

Binary file not shown.

BIN
secrets/traefik.age Normal file
View File

Binary file not shown.

BIN
secrets/wg-BR.age
View File

Binary file not shown.

BIN
secrets/wg-DE.age
View File

Binary file not shown.

BIN
secrets/wg-NL.age
View File

Binary file not shown.

BIN
secrets/wg-NO.age
View File

Binary file not shown.

BIN
secrets/wg-US.age
View File

Binary file not shown.