Begin Dendritic rewrite
This commit is contained in:
@@ -1,108 +1,111 @@
|
||||
{ config, lib, ... }: {
|
||||
{ ... }: {
|
||||
|
||||
options.sysconfig.docker.traefik.enable = with lib; mkOption {
|
||||
type = with types; bool;
|
||||
default = false;
|
||||
};
|
||||
flake.nixosModules.default = { config, lib, ... }: {
|
||||
|
||||
config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) {
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ];
|
||||
|
||||
sops.secrets = {
|
||||
"traefik/cf_email" = {};
|
||||
"traefik/cf_api_key" = {};
|
||||
options.sysconfig.docker.traefik.enable = with lib; mkOption {
|
||||
type = with types; bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
sops.templates."traefik.env" = {
|
||||
content = ''
|
||||
CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"}
|
||||
config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) {
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ];
|
||||
|
||||
sops.secrets = {
|
||||
"traefik/cf_email" = {};
|
||||
"traefik/cf_api_key" = {};
|
||||
};
|
||||
|
||||
sops.templates."traefik.env" = {
|
||||
content = ''
|
||||
CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"}
|
||||
CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"}
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc = (builtins.listToAttrs (builtins.map (x: {
|
||||
name = "traefik/${x}";
|
||||
value = {
|
||||
source = ./config/${x};
|
||||
mode = "0664";
|
||||
};
|
||||
}) (builtins.attrNames (builtins.readDir ./config))));
|
||||
|
||||
/*environment.etc."traefik/traefik.yml" = {
|
||||
source = ./config/traefik.yml;
|
||||
};
|
||||
environment.etc."traefik/routing.yml" = {
|
||||
source = ./config/routing.yml;
|
||||
};*/
|
||||
|
||||
virtualisation.oci-containers.containers.traefik = {
|
||||
|
||||
image = "traefik:v3.6";
|
||||
|
||||
environment = {
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
|
||||
};
|
||||
|
||||
environmentFiles = [ config.sops.templates."traefik.env".path ];
|
||||
|
||||
volumes = [
|
||||
"/etc/traefik/:/etc/traefik/"
|
||||
"/run/docker.sock:/var/run/docker.sock"
|
||||
];
|
||||
|
||||
networks = [
|
||||
"docker-main"
|
||||
];
|
||||
|
||||
ports = [
|
||||
"80:80"
|
||||
"81:81"
|
||||
"443:443"
|
||||
"444:444"
|
||||
"2222:2222"
|
||||
];
|
||||
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
|
||||
"traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure";
|
||||
"traefik.http.routers.dashboard.service" = "api@internal";
|
||||
"traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
|
||||
'';
|
||||
};
|
||||
|
||||
extraOptions = [
|
||||
"--ip=192.168.101.11"
|
||||
];
|
||||
environment.etc = (builtins.listToAttrs (builtins.map (x: {
|
||||
name = "traefik/${x}";
|
||||
value = {
|
||||
source = ./config/${x};
|
||||
mode = "0664";
|
||||
};
|
||||
}) (builtins.attrNames (builtins.readDir ./config))));
|
||||
|
||||
log-driver = "journald";
|
||||
};
|
||||
systemd.services."docker-traefik" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 90 "always";
|
||||
RestartMaxDelaySec = lib.mkOverride 90 "1m";
|
||||
RestartSec = lib.mkOverride 90 "100ms";
|
||||
RestartSteps = lib.mkOverride 90 9;
|
||||
/*environment.etc."traefik/traefik.yml" = {
|
||||
source = ./config/traefik.yml;
|
||||
};
|
||||
environment.etc."traefik/routing.yml" = {
|
||||
source = ./config/routing.yml;
|
||||
};*/
|
||||
|
||||
virtualisation.oci-containers.containers.traefik = {
|
||||
|
||||
image = "traefik:v3.6";
|
||||
|
||||
environment = {
|
||||
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
|
||||
};
|
||||
|
||||
environmentFiles = [ config.sops.templates."traefik.env".path ];
|
||||
|
||||
volumes = [
|
||||
"/etc/traefik/:/etc/traefik/"
|
||||
"/run/docker.sock:/var/run/docker.sock"
|
||||
];
|
||||
|
||||
networks = [
|
||||
"docker-main"
|
||||
];
|
||||
|
||||
ports = [
|
||||
"80:80"
|
||||
"81:81"
|
||||
"443:443"
|
||||
"444:444"
|
||||
"2222:2222"
|
||||
];
|
||||
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
|
||||
"traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure";
|
||||
"traefik.http.routers.dashboard.service" = "api@internal";
|
||||
"traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
|
||||
};
|
||||
|
||||
extraOptions = [
|
||||
"--ip=192.168.101.11"
|
||||
];
|
||||
|
||||
log-driver = "journald";
|
||||
};
|
||||
systemd.services."docker-traefik" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 90 "always";
|
||||
RestartMaxDelaySec = lib.mkOverride 90 "1m";
|
||||
RestartSec = lib.mkOverride 90 "100ms";
|
||||
RestartSteps = lib.mkOverride 90 9;
|
||||
};
|
||||
after = [
|
||||
"docker-network-setup.service"
|
||||
];
|
||||
requires = [
|
||||
"docker-network-setup.service"
|
||||
];
|
||||
partOf = [
|
||||
"docker-compose-traefik-root.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"docker-compose-traefik-root.target"
|
||||
];
|
||||
};
|
||||
after = [
|
||||
"docker-network-setup.service"
|
||||
];
|
||||
requires = [
|
||||
"docker-network-setup.service"
|
||||
];
|
||||
partOf = [
|
||||
"docker-compose-traefik-root.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"docker-compose-traefik-root.target"
|
||||
];
|
||||
};
|
||||
|
||||
# Root service
|
||||
# When started, this will automatically create all resources and start
|
||||
# the containers. When stopped, this will teardown all resources.
|
||||
systemd.targets."docker-compose-traefik-root" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
systemd.targets."docker-compose-traefik-root" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user