diff --git a/system/services/containers/traefik/default.nix b/system/services/containers/traefik/default.nix index ce1de8f..d66f21a 100644 --- a/system/services/containers/traefik/default.nix +++ b/system/services/containers/traefik/default.nix @@ -27,11 +27,11 @@ localAddress = "192.168.100.11"; forwardPorts = [ { - containerPort = 80; + containerPort = 81; hostPort = 80; } { - containerPort = 443; + containerPort = 444; hostPort = 443; } ]; @@ -66,14 +66,38 @@ sendanonymoususage = false; }; entryPoints = { + web = { - address = ":80"; + address = ":81"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; + websecure = { + address = ":444"; + asDefault = true; + http.tls = { + certResolver = "cloudflare"; + domains = { + main = "esotericbytes.com"; + sans = [ + "*.esotericbytes.com" + ]; + }; + }; + }; + + local = { + address = ":80"; + http.redirections.entryPoint = { + to = "localsecure"; + scheme = "https"; + }; + }; + + localsecure = { address = ":443"; asDefault = true; http.tls = { @@ -82,14 +106,10 @@ main = "esotericbytes.com"; sans = [ "*.esotericbytes.com" - "local.internal.esotericbytes.com" ]; }; }; }; - dns = { - address = ":53"; - }; }; log = { level = "INFO"; @@ -128,8 +148,8 @@ #middlewares = [ "authentik" ]; };*/ homeassistant = { - entryPoints = [ "websecure" ]; - rule = "Host(`hass.local`)"; + entryPoints = [ "localsecure" ]; + rule = "Host(`hass.esotericbytes.com`)"; service = "homeassistant"; tls.certResolver = "cloudflare"; }; @@ -168,8 +188,8 @@ ]; }; traefik = { - entryPoints = [ "websecure" ]; - rule = "Host(`traefik.local`)"; + entryPoints = [ "localsecure" ]; + rule = "Host(`traefik.esotericbytes.com`)"; service = "api@internal"; tls.certResolver = "cloudflare"; #middlewares = [ "authentik" ]; @@ -182,8 +202,8 @@ };*/ pihole = { - entryPoints = [ "websecure" ]; - rule = "Host(`pihole.local`)"; + entryPoints = [ "localsecure" ]; + rule = "Host(`pihole.esotericbytes.com`)"; service = "pihole"; tls.certResolver = "cloudflare"; }; @@ -196,8 +216,8 @@ }; n8n = { - entryPoints = [ "websecure" ]; - rule = "Host(`n8n.local`)"; + entryPoints = [ "localsecure" ]; + rule = "Host(`n8n.esotericbytes.com`)"; service = "n8n"; tls.certResolver = "cloudflare"; }; @@ -243,35 +263,11 @@ n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ]; }; }; - - /*tcp = { - routers = { - pihole = { - entryPoints = [ "dns" ]; - }; - }; - - services = { - pihole.loadBalancer.servers = [ { url = "tcp://192.168.100.28:53"; } ]; - }; - }; - - udp = { - routers = { - pihole = { - entryPoints = [ "dns" ]; - }; - }; - - services = { - pihole.loadBalancer.servers = [ { url = "udp://192.168.100.28:53"; } ]; - }; - };*/ }; }; - networking.firewall.allowedTCPPorts = [ 80 443 53 ]; - networking.firewall.allowedUDPPorts = [ 80 443 53 ]; + networking.firewall.allowedTCPPorts = [ 80 443 81 444 ]; + networking.firewall.allowedUDPPorts = [ 80 443 81 444 ]; system.stateVersion = "24.05"; }; diff --git a/system/services/docker/pihole/default.nix b/system/services/docker/pihole/default.nix index 236113a..f8aed78 100644 --- a/system/services/docker/pihole/default.nix +++ b/system/services/docker/pihole/default.nix @@ -17,30 +17,7 @@ user = "root"; mode = "0664"; }; -/* - environment.etc."nsswitch.conf" = { - enable = true; - text = '' - passwd: files systemd - group: files [success=merge] systemd - shadow: files systemd - sudoers: files - - hosts: dns mymachines files myhostname - networks: files - - ethers: files - services: files - protocols: files - rpc: files - ''; - - user = "root"; - }; -*/ - - system.nssDatabases.hosts = lib.mkForce [ "dns" "mymachines" "files" "myhostname" ]; - + virtualisation.oci-containers.containers.pihole = { image = "pihole/pihole:latest";