Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try compartmental traefik

Browse Source
This commit is contained in:
Nathan
2026-01-18 23:14:32 -06:00
parent 0947941c11
commit ea2a03037a
2 changed files with 38 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
system/services/containers/traefik/default.nix
View File

@@ -27,11 +27,11 @@
localAddress = "192.168.100.11";
forwardPorts = [
{
containerPort = 80;
containerPort = 81;
hostPort = 80;
}
{
containerPort = 443;
containerPort = 444;
hostPort = 443;
}
];
@@ -66,14 +66,38 @@
sendanonymoususage = false;
};
entryPoints = {
web = {
address = ":80";
address = ":81";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":444";
asDefault = true;
http.tls = {
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [
"*.esotericbytes.com"
];
};
};
};
local = {
address = ":80";
http.redirections.entryPoint = {
to = "localsecure";
scheme = "https";
};
};
localsecure = {
address = ":443";
asDefault = true;
http.tls = {
@@ -82,14 +106,10 @@
main = "esotericbytes.com";
sans = [
"*.esotericbytes.com"
"local.internal.esotericbytes.com"
];
};
};
};
dns = {
address = ":53";
};
};
log = {
level = "INFO";
@@ -128,8 +148,8 @@
#middlewares = [ "authentik" ];
};*/
homeassistant = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.local`)";
entryPoints = [ "localsecure" ];
rule = "Host(`hass.esotericbytes.com`)";
service = "homeassistant";
tls.certResolver = "cloudflare";
};
@@ -168,8 +188,8 @@
];
};
traefik = {
entryPoints = [ "websecure" ];
rule = "Host(`traefik.local`)";
entryPoints = [ "localsecure" ];
rule = "Host(`traefik.esotericbytes.com`)";
service = "api@internal";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
@@ -182,8 +202,8 @@
};*/
pihole = {
entryPoints = [ "websecure" ];
rule = "Host(`pihole.local`)";
entryPoints = [ "localsecure" ];
rule = "Host(`pihole.esotericbytes.com`)";
service = "pihole";
tls.certResolver = "cloudflare";
};
@@ -196,8 +216,8 @@
};
n8n = {
entryPoints = [ "websecure" ];
rule = "Host(`n8n.local`)";
entryPoints = [ "localsecure" ];
rule = "Host(`n8n.esotericbytes.com`)";
service = "n8n";
tls.certResolver = "cloudflare";
};
@@ -243,35 +263,11 @@
n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
};
};
/*tcp = {
routers = {
pihole = {
entryPoints = [ "dns" ];
};
};
services = {
pihole.loadBalancer.servers = [ { url = "tcp://192.168.100.28:53"; } ];
};
};
udp = {
routers = {
pihole = {
entryPoints = [ "dns" ];
};
};
services = {
pihole.loadBalancer.servers = [ { url = "udp://192.168.100.28:53"; } ];
};
};*/
};
};
networking.firewall.allowedTCPPorts = [ 80 443 53 ];
networking.firewall.allowedUDPPorts = [ 80 443 53 ];
networking.firewall.allowedTCPPorts = [ 80 443 81 444 ];
networking.firewall.allowedUDPPorts = [ 80 443 81 444 ];
system.stateVersion = "24.05";
};

25
system/services/docker/pihole/default.nix
View File

@@ -17,30 +17,7 @@
user = "root";
mode = "0664";
};
/*
environment.etc."nsswitch.conf" = {
enable = true;
text = ''
passwd: files systemd
group: files [success=merge] systemd
shadow: files systemd
sudoers: files
hosts: dns mymachines files myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
'';
user = "root";
};
*/
system.nssDatabases.hosts = lib.mkForce [ "dns" "mymachines" "files" "myhostname" ];
virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:latest";