Opened Firewall, Added Dashboard-stuff

2024-11-30 02:34:20 +01:00 · 2024-11-30 02:34:20 +01:00 · 5be4192143
commit 5be4192143
parent e8e469f2a9
1 changed files with 14 additions and 12 deletions
--- a/modules/nixos/services/nas/traefik-proxy.nix
+++ b/modules/nixos/services/nas/traefik-proxy.nix
@ -11,25 +11,27 @@ let
 in
 {
  config = lib.mkIf (cfg.enable && cfg.useTraefik.enable) {
-
+    # Default Config
    services.traefik = {
      enable = true;
      staticConfigOptions = {
        entryPoints.web.address = ":80";
        entryPoints.websecure.address = ":443";
        api = {
          insecure = true;
      };
    };
-      dynamicConfigOptions = {
+    networking.firewall.interfaces.eth0.allowedTCPPorts = [ 80 443 ];
-        # http.routers.dashboard.entrypoints = "websecure";
+
-        # http.routers.dashboard.tls = true;
+    # Enable Secure Dashboard
-        # http.routers.dashboard.rule = "Host(`traefik.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))";
+    services.traefik.staticConfigOptions.api = {};
-        # http.routers.dashboard.service = "api@internal";
+    services.traefik.dynamicConfigOptions = {
-        # http.routers.dashboard.middlewares = "auth";
+      http.routers.dashboard.entrypoints = "websecure";
-        # http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$YWM0ZknINeHpJsNqqsd91eF/yl.S8t12TPQsDmf92glrjGW9Y1RvO";
+      http.routers.dashboard.tls = true;
-      };
+      http.routers.dashboard.rule = "Host(`traefik.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))";
      http.routers.dashboard.service = "api@internal";
      http.routers.dashboard.middlewares = "auth";
      http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$JwzsNHz7CMJh0RU1eMe3AOfY5H30Qr1Q/glS1r/qEHCNpo5LvWnRW";
    };
  };
 }