infra/systems/x86_64-linux/pkpnafs/traefik.nix

{ config, lib, pkgs, inputs, ... }:
{
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      api = {
        dashboard = false;
        insecure = false;
      }; 
      entryPoints = {
        http = {
          address = ":80";
          http.redirections.entrypoint = {
            to = "https";
            scheme = "https";
          };
        };
        https = {
          address = ":443";
        };
      };
      certificatesResolvers.letsencrypt.acme = {
        storage = "/run/secrets/acme.json";
        httpchallenge.entrypoint = "http";
      };
    }; 
  };

  services.traefik.dynamicConfigOptions = {
    # Traefik Dashbaord
    http.routers.dashboard.rule = "Host(`traefik.pkpnafs.kb-one.de`)";
    http.routers.dashboard.service = "api@internal";
    # Mailcow
    http.services.nginx-mailcow.loadbalancer.servers = [ { url = "http://localhost:8080/"; } ];
    http.routers.nginx-mailcow.entrypoints = "https";
    http.routers.nginx-mailcow.tls.certresolver = "letsencrypt";
    http.routers.nginx-mailcow.rule = "Host(`mail.kb-one.de`)";
    http.routers.nginx-mailcow.service = "nginx-mailcow";
  };

}