From 5be4192143c5cf450d4ed615fa319776a8aec50c Mon Sep 17 00:00:00 2001 From: kB01 Date: Sat, 30 Nov 2024 02:34:20 +0100 Subject: [PATCH] Opened Firewall, Added Dashboard-stuff --- modules/nixos/services/nas/traefik-proxy.nix | 26 +++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/modules/nixos/services/nas/traefik-proxy.nix b/modules/nixos/services/nas/traefik-proxy.nix index 8e97556..5f2c764 100644 --- a/modules/nixos/services/nas/traefik-proxy.nix +++ b/modules/nixos/services/nas/traefik-proxy.nix @@ -11,25 +11,27 @@ let in { config = lib.mkIf (cfg.enable && cfg.useTraefik.enable) { - + # Default Config services.traefik = { enable = true; staticConfigOptions = { entryPoints.web.address = ":80"; entryPoints.websecure.address = ":443"; - api = { - insecure = true; - }; - }; - dynamicConfigOptions = { - # http.routers.dashboard.entrypoints = "websecure"; - # http.routers.dashboard.tls = true; - # http.routers.dashboard.rule = "Host(`traefik.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"; - # http.routers.dashboard.service = "api@internal"; - # http.routers.dashboard.middlewares = "auth"; - # http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$YWM0ZknINeHpJsNqqsd91eF/yl.S8t12TPQsDmf92glrjGW9Y1RvO"; }; }; + networking.firewall.interfaces.eth0.allowedTCPPorts = [ 80 443 ]; + + # Enable Secure Dashboard + services.traefik.staticConfigOptions.api = {}; + services.traefik.dynamicConfigOptions = { + http.routers.dashboard.entrypoints = "websecure"; + http.routers.dashboard.tls = true; + http.routers.dashboard.rule = "Host(`traefik.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"; + http.routers.dashboard.service = "api@internal"; + http.routers.dashboard.middlewares = "auth"; + http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$JwzsNHz7CMJh0RU1eMe3AOfY5H30Qr1Q/glS1r/qEHCNpo5LvWnRW"; + }; + }; }