aux-config/modules/nixos/services/traefik-proxy/default.nix

{ inputs, config, lib, pkgs, ... }:
let
  cfg = config.services.traefik-proxy;
in
{
  imports = [
  ];

  options.services.traefik-proxy = {
    enable = lib.mkOption {
      type = with lib.types; uniq bool;
      default = false;
      description = "Enable Pre-Configured Traefik Proxy";
    };
  };

  config = lib.mkIf cfg.enable {
    services.traefik = {
      enable = true;
      staticConfigOptions = {
        entryPoints.web.address = ":80";
        entryPoints.websecure.address = ":443";
      };
    };
    networking.firewall.allowedTCPPorts = [ 80 443 ];
  
    # Enable Secure Dashboard
    services.traefik.staticConfigOptions.api = {};
    services.traefik.staticConfigOptions = {
      http.routers.dashboard.entrypoints = "websecure";
      http.routers.dashboard.tls.certResolver = "letsencrypt";
      http.routers.dashboard.rule = "Host(`game01.kb-one.de`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))";
      http.routers.dashboard.service = "api@internal";
      # TODO: Set Basicauth via SOPS
      # http.routers.dashboard.middlewares = "auth";
      # http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$JwzsNHz7CMJh0RU1eMe3AOfY5H30Qr1Q/glS1r/qEHCNpo5LvWnRW";
    };

    # Configure Letsencrypt
    services.traefik.staticConfigOptions = {
      certificatesResolvers.letsencrypt.acme = {
        email = "kb01@kb-one.de";
        tlsChallenge = {};
        storage = "/var/secrets/traefik/acme.json";
      };
    };

  };
}
Added Binary-Cache Experimental Implementation (Networking is borked) 2024-12-11 02:31:30 +01:00			`{ inputs, config, lib, pkgs, ... }:`
			`let`
			`cfg = config.services.traefik-proxy;`
			`in`
			`{`
			`imports = [`
			`];`

			`options.services.traefik-proxy = {`
			`enable = lib.mkOption {`
			`type = with lib.types; uniq bool;`
			`default = false;`
			`description = "Enable Pre-Configured Traefik Proxy";`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`services.traefik = {`
			`enable = true;`
			`staticConfigOptions = {`
			`entryPoints.web.address = ":80";`
			`entryPoints.websecure.address = ":443";`
			`};`
			`};`
			`networking.firewall.allowedTCPPorts = [ 80 443 ];`

			`# Enable Secure Dashboard`
			`services.traefik.staticConfigOptions.api = {};`
			`services.traefik.staticConfigOptions = {`
			`http.routers.dashboard.entrypoints = "websecure";`
			`http.routers.dashboard.tls.certResolver = "letsencrypt";`
			http.routers.dashboard.rule = "Host(`game01.kb-one.de`) && (PathPrefix(`/api`) \|\| PathPrefix(`/dashboard`))";
			`http.routers.dashboard.service = "api@internal";`
			`# TODO: Set Basicauth via SOPS`
			`# http.routers.dashboard.middlewares = "auth";`
			`# http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$JwzsNHz7CMJh0RU1eMe3AOfY5H30Qr1Q/glS1r/qEHCNpo5LvWnRW";`
			`};`

			`# Configure Letsencrypt`
			`services.traefik.staticConfigOptions = {`
			`certificatesResolvers.letsencrypt.acme = {`
			`email = "kb01@kb-one.de";`
			`tlsChallenge = {};`
			`storage = "/var/secrets/traefik/acme.json";`
			`};`
			`};`

			`};`
			`}`