Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try compartmental traefik

Browse Source
This commit is contained in:
Nathan
2026-01-18 23:14:32 -06:00
parent 0947941c11
commit ea2a03037a
2 changed files with 38 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
system/services/containers/traefik/default.nix
View File

@@ -27,11 +27,11 @@
localAddress = "192.168.100.11"; localAddress = "192.168.100.11";
forwardPorts = [ forwardPorts = [
{ {
containerPort = 80; containerPort = 81;
hostPort = 80; hostPort = 80;
} }
{ {
containerPort = 443; containerPort = 444;
hostPort = 443; hostPort = 443;
} }
]; ];
@@ -66,14 +66,38 @@
sendanonymoususage = false; sendanonymoususage = false;
}; };
entryPoints = { entryPoints = {
web = { web = {
address = ":80"; address = ":81";
http.redirections.entryPoint = { http.redirections.entryPoint = {
to = "websecure"; to = "websecure";
scheme = "https"; scheme = "https";
}; };
}; };
websecure = { websecure = {
address = ":444";
asDefault = true;
http.tls = {
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [
"*.esotericbytes.com"
];
};
};
};
local = {
address = ":80";
http.redirections.entryPoint = {
to = "localsecure";
scheme = "https";
};
};
localsecure = {
address = ":443"; address = ":443";
asDefault = true; asDefault = true;
http.tls = { http.tls = {
@@ -82,14 +106,10 @@
main = "esotericbytes.com"; main = "esotericbytes.com";
sans = [ sans = [
"*.esotericbytes.com" "*.esotericbytes.com"
"local.internal.esotericbytes.com"
]; ];
}; };
}; };
}; };
dns = {
address = ":53";
};
}; };
log = { log = {
level = "INFO"; level = "INFO";
@@ -128,8 +148,8 @@
#middlewares = [ "authentik" ]; #middlewares = [ "authentik" ];
};*/ };*/
homeassistant = { homeassistant = {
entryPoints = [ "websecure" ]; entryPoints = [ "localsecure" ];
rule = "Host(`hass.local`)"; rule = "Host(`hass.esotericbytes.com`)";
service = "homeassistant"; service = "homeassistant";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };
@@ -168,8 +188,8 @@
]; ];
}; };
traefik = { traefik = {
entryPoints = [ "websecure" ]; entryPoints = [ "localsecure" ];
rule = "Host(`traefik.local`)"; rule = "Host(`traefik.esotericbytes.com`)";
service = "api@internal"; service = "api@internal";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ]; #middlewares = [ "authentik" ];
@@ -182,8 +202,8 @@
};*/ };*/
pihole = { pihole = {
entryPoints = [ "websecure" ]; entryPoints = [ "localsecure" ];
rule = "Host(`pihole.local`)"; rule = "Host(`pihole.esotericbytes.com`)";
service = "pihole"; service = "pihole";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };
@@ -196,8 +216,8 @@
}; };
n8n = { n8n = {
entryPoints = [ "websecure" ]; entryPoints = [ "localsecure" ];
rule = "Host(`n8n.local`)"; rule = "Host(`n8n.esotericbytes.com`)";
service = "n8n"; service = "n8n";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };
@@ -243,35 +263,11 @@
n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ]; n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
}; };
}; };
/*tcp = {
routers = {
pihole = {
entryPoints = [ "dns" ];
};
};
services = {
pihole.loadBalancer.servers = [ { url = "tcp://192.168.100.28:53"; } ];
};
};
udp = {
routers = {
pihole = {
entryPoints = [ "dns" ];
};
};
services = {
pihole.loadBalancer.servers = [ { url = "udp://192.168.100.28:53"; } ];
};
};*/
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 53 ]; networking.firewall.allowedTCPPorts = [ 80 443 81 444 ];
networking.firewall.allowedUDPPorts = [ 80 443 53 ]; networking.firewall.allowedUDPPorts = [ 80 443 81 444 ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
}; };

23
system/services/docker/pihole/default.nix
View File

@@ -17,29 +17,6 @@
user = "root"; user = "root";
mode = "0664"; mode = "0664";
}; };
/*
environment.etc."nsswitch.conf" = {
enable = true;
text = ''
passwd: files systemd
group: files [success=merge] systemd
shadow: files systemd
sudoers: files
hosts: dns mymachines files myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
'';
user = "root";
};
*/
system.nssDatabases.hosts = lib.mkForce [ "dns" "mymachines" "files" "myhostname" ];
virtualisation.oci-containers.containers.pihole = { virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:latest"; image = "pihole/pihole:latest";