diff --git a/system-config/services/containers/keycloak/default.nix b/system-config/services/containers/keycloak/default.nix index 5b9c08e..8b702c1 100644 --- a/system-config/services/containers/keycloak/default.nix +++ b/system-config/services/containers/keycloak/default.nix @@ -49,6 +49,8 @@ settings = { hostname = "auth.blunkall.us"; }; + + initialAdminPassword = "7567"; }; system.stateVersion = "25.05"; diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index bd01555..32e4e92 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -22,14 +22,6 @@ containerPort = 443; hostPort = 443; } - { - containerPort = 9080; - hostPort = 9080; - } - { - containerPort = 9443; - hostPort = 9443; - } ]; bindMounts = { @@ -62,20 +54,6 @@ sendanonymoususage = false; }; entryPoints = { - local = { - address = ":9080"; - http.redirections.entryPoint = { - to = "localsecure"; - scheme = "https"; - }; - }; - - localsecure = { - address = ":9443"; - asDefault = true; - http.tls.certResolver = "cloudflare"; - }; - web = { address = ":80"; http.redirections.entryPoint = { @@ -90,7 +68,7 @@ certResolver = "cloudflare"; domains = { main = "blunkall.us"; - sans = [ "*.local.blunkall.us" "*.blunkall.us" "blunkall.us" ]; + sans = [ "*.blunkall.us" "blunkall.us" ]; }; }; }; @@ -112,12 +90,6 @@ }; }; }; - - /*letsencrypt.acme = { - email = "postmaster@blunkall.us"; - storage = "/root/data/acme.json"; - httpChallenge.entryPoint = "web"; - };*/ }; }; @@ -125,16 +97,14 @@ http = { routers = { homepageSecure = { - entryPoints = [ "localsecure" "websecure" ]; + entryPoints = [ "websecure" ]; rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)"; service = "homepage"; tls.certResolver = "cloudflare"; - middlewares = [ - "authentik" - ]; + #middlewares = [ "authentik" ]; }; nathan = { - entryPoints = [ "localsecure" "websecure" ]; + entryPoints = [ "websecure" ]; rule = "Host(`nathan.blunkall.us`)"; service = "homepage"; tls.certResolver = "cloudflare"; @@ -143,50 +113,42 @@ entryPoints = [ "websecure" ]; rule = "Host(`remote.blunkall.us`)"; service = "novnc"; - middlewares = [ "authentik" ]; tls.certResolver = "cloudflare"; + #middlewares = [ "authentik" ]; }; - homeassistant = { + /*homeassistant = { entryPoints = [ "websecure" ]; rule = "Host(`hass.blunkall.us`)"; service = "homeassistant"; tls.certResolver = "cloudflare"; - }; - ollama = { - entryPoints = [ "websecure" ]; - rule = "Host(`ollama.blunkall.us`)"; - service = "ollama"; - tls.certResolver = "cloudflare"; - }; + };*/ jellyfin = { - entryPoints = [ "localsecure" "websecure" ]; + entryPoints = [ "websecure" ]; rule = "Host(`jellyfin.blunkall.us`)"; service = "jellyfin"; tls.certResolver = "cloudflare"; }; auth = { - entryPoints = [ "localsecure" "websecure" ]; + entryPoints = [ "websecure" ]; rule = "Host(`auth.blunkall.us`)"; - service = "authentik"; + service = "keycloak"; tls.certResolver = "cloudflare"; }; - gitlab = { - entryPoints = [ "localsecure" "websecure" ]; + /*gitlab = { + entryPoints = [ "websecure" ]; rule = "Host(`gitlab.blunkall.us`)"; service = "gitlab"; tls.certResolver = "cloudflare"; - }; - + };*/ gitea = { - entryPoints = [ "localsecure" "websecure" ]; + entryPoints = [ "websecure" ]; rule = "Host(`gitea.blunkall.us`)"; service = "gitea"; tls.certResolver = "cloudflare"; }; - nextcloud = { - entryPoints = [ "localsecure" "websecure" ]; + entryPoints = [ "websecure" ]; rule = "Host(`nextcloud.blunkall.us`)"; service = "nextcloud"; tls.certResolver = "cloudflare"; @@ -194,21 +156,19 @@ "nextcloud_redirectregex" ]; }; - traefik = { - entryPoints = [ "localsecure" "websecure" ]; + entryPoints = [ "websecure" ]; rule = "Host(`traefik.blunkall.us`)"; service = "api@internal"; tls.certResolver = "cloudflare"; - middlewares = [ "authentik" ]; + #middlewares = [ "authentik" ]; }; - - ntfy = { + /*ntfy = { entryPoints = [ "websecure" ]; rule = "Host(`ntfy.blunkall.us`)"; service = "ntfy"; tls.certResolver = "cloudflare"; - }; + };*/ /*pihole = { entryPoints = [ "localsecure" ]; @@ -217,7 +177,7 @@ tls.certResolver = "cloudflare"; };*/ - netbird = { + /*netbird = { entryPoints = [ "websecure" ]; rule = "Host(`vpn.blunkall.us`)"; service = "netbird"; @@ -240,11 +200,11 @@ rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)"; service = "netbirdSignal"; tls.certResolver = "cloudflare"; - }; + };*/ }; middlewares = { - authentik.forwardAuth = { + /*authentik.forwardAuth = { address = "http://192.168.100.10:9000/outpost.goauthentik.io/auth/traefik"; trustForwardHeader = true; authResponseHeaders = [ @@ -260,7 +220,7 @@ "X-authentik-meta-app" "X-authentik-meta-version" ]; - }; + };*/ nextcloud_redirectregex.redirectregex = { permanent = true; @@ -270,7 +230,7 @@ }; services = { - gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ]; + #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ]; gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ]; homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ]; @@ -279,32 +239,32 @@ authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; - pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ]; + #pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ]; + + keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ]; novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ]; nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ]; - ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ]; + #ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ]; - netbird.loadBalancer = { + /*netbird.loadBalancer = { passHostHeader = true; servers = [ { url = "http://192.168.100.21"; } ]; }; netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ]; netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ]; netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ]; - - homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ]; - - ollama.loadBalancer.servers = [ { url = "http://192.168.100.10:11434"; } ]; +*/ + #homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ]; }; }; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ 80 443 ]; system.stateVersion = "24.05";