53 lines
1.2 KiB
Nix
53 lines
1.2 KiB
Nix
{ inputs, config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.services.traefik-proxy;
|
|
in
|
|
{
|
|
imports = [
|
|
];
|
|
|
|
options.services.traefik-proxy = {
|
|
enable = lib.mkOption {
|
|
type = with lib.types; uniq bool;
|
|
default = false;
|
|
description = "Enable Pre-Configured Traefik Proxy";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf (cfg.enable ||
|
|
config.services.binary-cache.enable ||
|
|
config.suites.nas.media.enable) {
|
|
services.traefik = {
|
|
enable = true;
|
|
staticConfigOptions = {
|
|
entryPoints = {
|
|
web = {
|
|
address = ":80";
|
|
asDefault = true;
|
|
http.redirections.entrypoint = {
|
|
to = "websecure";
|
|
scheme = "https";
|
|
};
|
|
};
|
|
websecure = {
|
|
address = ":443";
|
|
asDefault = true;
|
|
http.tls.certResolver = "letsencrypt";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
# Configure Letsencrypt
|
|
services.traefik.staticConfigOptions = {
|
|
certificatesResolvers.letsencrypt.acme = {
|
|
email = "kb01@kb-one.de";
|
|
tlsChallenge = {};
|
|
storage = "/var/secrets/traefik/acme.json";
|
|
};
|
|
};
|
|
|
|
};
|
|
}
|
|
|