Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try keycloak

Browse Source
This commit is contained in:
Nathan
2025-07-24 16:27:55 -05:00
parent aa3c76c3ea
commit 11044fb61f
2 changed files with 34 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
system-config/services/containers/traefik/default.nix
View File

@@ -22,14 +22,6 @@
containerPort = 443;
hostPort = 443;
}
{
containerPort = 9080;
hostPort = 9080;
}
{
containerPort = 9443;
hostPort = 9443;
}
];
bindMounts = {
@@ -62,20 +54,6 @@
sendanonymoususage = false;
};
entryPoints = {
local = {
address = ":9080";
http.redirections.entryPoint = {
to = "localsecure";
scheme = "https";
};
};
localsecure = {
address = ":9443";
asDefault = true;
http.tls.certResolver = "cloudflare";
};
web = {
address = ":80";
http.redirections.entryPoint = {
@@ -90,7 +68,7 @@
certResolver = "cloudflare";
domains = {
main = "blunkall.us";
sans = [ "*.local.blunkall.us" "*.blunkall.us" "blunkall.us" ];
sans = [ "*.blunkall.us" "blunkall.us" ];
};
};
};
@@ -112,12 +90,6 @@
};
};
};
/*letsencrypt.acme = {
email = "postmaster@blunkall.us";
storage = "/root/data/acme.json";
httpChallenge.entryPoint = "web";
};*/
};
};
@@ -125,16 +97,14 @@
http = {
routers = {
homepageSecure = {
entryPoints = [ "localsecure" "websecure" ];
entryPoints = [ "websecure" ];
rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)";
service = "homepage";
tls.certResolver = "cloudflare";
middlewares = [
"authentik"
];
#middlewares = [ "authentik" ];
};
nathan = {
entryPoints = [ "localsecure" "websecure" ];
entryPoints = [ "websecure" ];
rule = "Host(`nathan.blunkall.us`)";
service = "homepage";
tls.certResolver = "cloudflare";
@@ -143,50 +113,42 @@
entryPoints = [ "websecure" ];
rule = "Host(`remote.blunkall.us`)";
service = "novnc";
middlewares = [ "authentik" ];
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
homeassistant = {
/*homeassistant = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.blunkall.us`)";
service = "homeassistant";
tls.certResolver = "cloudflare";
};
ollama = {
entryPoints = [ "websecure" ];
rule = "Host(`ollama.blunkall.us`)";
service = "ollama";
tls.certResolver = "cloudflare";
};
};*/
jellyfin = {
entryPoints = [ "localsecure" "websecure" ];
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.blunkall.us`)";
service = "jellyfin";
tls.certResolver = "cloudflare";
};
auth = {
entryPoints = [ "localsecure" "websecure" ];
entryPoints = [ "websecure" ];
rule = "Host(`auth.blunkall.us`)";
service = "authentik";
service = "keycloak";
tls.certResolver = "cloudflare";
};
gitlab = {
entryPoints = [ "localsecure" "websecure" ];
/*gitlab = {
entryPoints = [ "websecure" ];
rule = "Host(`gitlab.blunkall.us`)";
service = "gitlab";
tls.certResolver = "cloudflare";
};
};*/
gitea = {
entryPoints = [ "localsecure" "websecure" ];
entryPoints = [ "websecure" ];
rule = "Host(`gitea.blunkall.us`)";
service = "gitea";
tls.certResolver = "cloudflare";
};
nextcloud = {
entryPoints = [ "localsecure" "websecure" ];
entryPoints = [ "websecure" ];
rule = "Host(`nextcloud.blunkall.us`)";
service = "nextcloud";
tls.certResolver = "cloudflare";
@@ -194,21 +156,19 @@
"nextcloud_redirectregex"
];
};
traefik = {
entryPoints = [ "localsecure" "websecure" ];
entryPoints = [ "websecure" ];
rule = "Host(`traefik.blunkall.us`)";
service = "api@internal";
tls.certResolver = "cloudflare";
middlewares = [ "authentik" ];
#middlewares = [ "authentik" ];
};
ntfy = {
/*ntfy = {
entryPoints = [ "websecure" ];
rule = "Host(`ntfy.blunkall.us`)";
service = "ntfy";
tls.certResolver = "cloudflare";
};
};*/
/*pihole = {
entryPoints = [ "localsecure" ];
@@ -217,7 +177,7 @@
tls.certResolver = "cloudflare";
};*/
netbird = {
/*netbird = {
entryPoints = [ "websecure" ];
rule = "Host(`vpn.blunkall.us`)";
service = "netbird";
@@ -240,11 +200,11 @@
rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)";
service = "netbirdSignal";
tls.certResolver = "cloudflare";
};
};*/
};
middlewares = {
authentik.forwardAuth = {
/*authentik.forwardAuth = {
address = "http://192.168.100.10:9000/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
@@ -260,7 +220,7 @@
"X-authentik-meta-app"
"X-authentik-meta-version"
];
};
};*/
nextcloud_redirectregex.redirectregex = {
permanent = true;
@@ -270,7 +230,7 @@
};
services = {
gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
#gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ];
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
@@ -279,32 +239,32 @@
authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
#pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];
ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
#ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
netbird.loadBalancer = {
/*netbird.loadBalancer = {
passHostHeader = true;
servers = [ { url = "http://192.168.100.21"; } ];
};
netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ];
netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ];
netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ];
homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];
ollama.loadBalancer.servers = [ { url = "http://192.168.100.10:11434"; } ];
*/
#homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ];
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
system.stateVersion = "24.05";