{ config, lib, ... }: { options.sysconfig.opts.virtualization.traefik.enable = lib.options.mkOption { type = lib.types.bool; default = false; }; config = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable { containers.traefik = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; forwardPorts = [ { containerPort = 80; hostPort = 80; } { containerPort = 443; hostPort = 443; } ]; bindMounts = { "/etc/traefik/data" = { hostPath = "/ssd1/Traefik/data"; isReadOnly = false; }; }; config = { services.traefik = { enable = true; dataDir = "/etc/traefik/data"; environmentFiles = [ "/etc/traefik/data/traefik.env" ]; staticConfigOptions = { serversTransport.insecureSkipVerify = true; api = { dashboard = true; debug = true; }; global = { checknewversion = false; sendanonymoususage = false; }; entryPoints = { web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; asDefault = true; http.tls = { certResolver = "cloudflare"; domains = { main = "blunkall.us"; sans = [ "*.blunkall.us" "blunkall.us" ]; }; }; }; }; log = { level = "DEBUG"; filePath = "/etc/traefik/data/traefik.log"; format = "json"; }; certificatesResolvers = { cloudflare = { acme = { email = "nathanblunkall5@gmail.com"; storage = "/etc/traefik/data/acme.json"; keyType = "EC256"; dnsChallenge = { provider = "cloudflare"; resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ]; }; }; }; }; }; dynamicConfigOptions = { http = { routers = { homepageSecure = { entryPoints = [ "websecure" ]; rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)"; service = "homepage"; tls.certResolver = "cloudflare"; }; /*remote = { entryPoints = [ "websecure" ]; rule = "Host(`remote.blunkall.us`)"; service = "novnc"; tls.certResolver = "cloudflare"; #middlewares = [ "authentik" ]; };*/ /*homeassistant = { entryPoints = [ "websecure" ]; rule = "Host(`hass.blunkall.us`)"; service = "homeassistant"; tls.certResolver = "cloudflare"; };*/ jellyfin = { entryPoints = [ "websecure" ]; rule = "Host(`jellyfin.blunkall.us`)"; service = "jellyfin"; tls.certResolver = "cloudflare"; }; auth = { entryPoints = [ "websecure" ]; rule = "Host(`auth.blunkall.us`)"; service = "keycloak"; tls.certResolver = "cloudflare"; }; /*gitlab = { entryPoints = [ "websecure" ]; rule = "Host(`gitlab.blunkall.us`)"; service = "gitlab"; tls.certResolver = "cloudflare"; };*/ gitea = { entryPoints = [ "websecure" ]; rule = "Host(`gitea.blunkall.us`)"; service = "gitea"; tls.certResolver = "cloudflare"; }; nextcloud = { entryPoints = [ "websecure" ]; rule = "Host(`nextcloud.blunkall.us`)"; service = "nextcloud"; tls.certResolver = "cloudflare"; middlewares = [ "nextcloud_redirectregex" ]; }; /*traefik = { entryPoints = [ "websecure" ]; rule = "Host(`traefik.blunkall.us`)"; service = "api@internal"; tls.certResolver = "cloudflare"; #middlewares = [ "authentik" ]; };*/ /*ntfy = { entryPoints = [ "websecure" ]; rule = "Host(`ntfy.blunkall.us`)"; service = "ntfy"; tls.certResolver = "cloudflare"; };*/ /*pihole = { entryPoints = [ "localsecure" ]; rule = "Host(`pihole.blunkall.us`)"; service = "pihole"; tls.certResolver = "cloudflare"; };*/ netbird = { entryPoints = [ "websecure" ]; rule = "Host(`vpn.blunkall.us`)"; service = "netbird"; tls.certResolver = "cloudflare"; }; netbirdApi = { entryPoints = [ "websecure" ]; rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/api`)"; service = "netbirdApi"; tls.certResolver = "cloudflare"; }; netbirdMgmt = { entryPoints = [ "websecure" ]; rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/management.ManagementService`)"; service = "netbirdMgmt"; tls.certResolver = "cloudflare"; }; netbirdSignal = { entryPoints = [ "websecure" ]; rule = "Host(`vpn.blunkall.us`) && PathPrefix(`/signalexchange.SignalExchange`)"; service = "netbirdSignal"; tls.certResolver = "cloudflare"; }; }; middlewares = { nextcloud_redirectregex.redirectregex = { permanent = true; regex = "https://nextcloud.blunkall.us/.well-known/(?:card|cal)dav"; replacement = "https://nextcloud.blunkall.us/remote.php/dav"; }; }; services = { #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ]; gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ]; homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ]; jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ]; authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; #pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ]; keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ]; #novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ]; nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ]; #ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ]; netbird.loadBalancer = { passHostHeader = true; servers = [ { url = "http://192.168.100.21:33073"; } ]; }; netbirdApi.loadBalancer.servers = [ { url = "http://192.168.100.21:33073"; } ]; netbirdMgmt.loadBalancer.servers = [ { url = "h2c://192.168.100.21:33073"; } ]; netbirdSignal.loadBalancer.servers = [ { url = "h2c://192.168.100.21:10000"; } ]; #homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.10:8123"; } ]; }; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ 80 443 ]; system.stateVersion = "24.05"; }; }; }; }