{ config, lib, ... }: { options.sysconfig.virtualization.traefik.enable = lib.options.mkOption { type = lib.types.bool; default = false; }; config = lib.mkIf config.sysconfig.virtualization.traefik.enable { networking = { hosts."192.168.100.11" = [ "esotericbytes.com" "*.esotericbytes.com" ]; firewall.allowedTCPPorts = [ 22 80 443 ]; nat.internalInterfaces = [ "ve-traefik" ]; }; containers.traefik = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; forwardPorts = [ { containerPort = 81; hostPort = 80; } { containerPort = 444; hostPort = 443; } ]; bindMounts = { "/etc/traefik/data" = { hostPath = "/ssd1/Traefik/data"; isReadOnly = false; }; "/var/run/docker.sock" = lib.mkIf config.sysconfig.docker.enable { hostPath = "/run/docker.sock"; isReadOnly = false; }; }; config = { environment.etc."resolv.conf" = { enable = true; text = '' nameserver 1.1.1.1 nameserver 1.0.0.1 options edns0 ''; user = "root"; mode = "0664"; }; virtualisation.docker.enable = lib.mkIf config.sysconfig.docker.enable true; services.traefik = { enable = true; group = lib.mkIf config.sysconfig.docker.enable "docker"; dataDir = "/etc/traefik/data"; environmentFiles = [ "/etc/traefik/data/traefik.env" ]; staticConfigOptions = { serversTransport.insecureSkipVerify = true; api = { dashboard = true; debug = true; }; global = { checknewversion = false; sendanonymoususage = false; }; providers.docker = lib.mkIf config.sysconfig.docker.enable {}; entryPoints = { web = { address = ":81"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":444"; asDefault = true; http.tls = { certResolver = "cloudflare"; domains = { main = "esotericbytes.com"; sans = [ "*.esotericbytes.com" ]; }; }; }; local = { address = ":80"; http.redirections.entryPoint = { to = "localsecure"; scheme = "https"; }; }; localsecure = { address = ":443"; asDefault = true; http.tls = { certResolver = "cloudflare"; domains = { main = "esotericbytes.com"; sans = [ "*.esotericbytes.com" ]; }; }; }; }; log = { level = "INFO"; filePath = "/etc/traefik/data/logs/traefik.log"; format = "json"; }; certificatesResolvers = { cloudflare = { acme = { email = "nathanblunkall5@gmail.com"; storage = "/etc/traefik/data/acme.json"; keyType = "EC256"; dnsChallenge = { provider = "cloudflare"; resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ]; }; }; }; }; }; dynamicConfigOptions = { http = { routers = { homepageSecure = { entryPoints = [ "websecure" "localsecure" ]; rule = "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"; service = "homepage"; tls.certResolver = "cloudflare"; }; /*remote = { entryPoints = [ "websecure" ]; rule = "Host(`remote.esotericbytes.com`)"; service = "novnc"; tls.certResolver = "cloudflare"; #middlewares = [ "authentik" ]; };*/ homeassistant = { entryPoints = [ "localsecure" ]; rule = "Host(`hass.esotericbytes.com`)"; service = "homeassistant"; tls.certResolver = "cloudflare"; }; jellyfin = { entryPoints = [ "websecure" "localsecure" ]; rule = "Host(`jellyfin.esotericbytes.com`)"; service = "jellyfin"; tls.certResolver = "cloudflare"; }; auth = { entryPoints = [ "websecure" "localsecure" ]; rule = "Host(`auth.esotericbytes.com`)"; service = "keycloak"; tls.certResolver = "cloudflare"; }; /*gitlab = { entryPoints = [ "websecure" ]; rule = "Host(`gitlab.esotericbytes.com`)"; service = "gitlab"; tls.certResolver = "cloudflare"; };*/ gitea = { entryPoints = [ "websecure" "localsecure" ]; rule = "Host(`gitea.esotericbytes.com`)"; service = "gitea"; tls.certResolver = "cloudflare"; }; nextcloud = { entryPoints = [ "websecure" "localsecure" ]; rule = "Host(`nextcloud.esotericbytes.com`)"; service = "nextcloud"; tls.certResolver = "cloudflare"; middlewares = [ "nextcloud_redirectregex" ]; }; traefik = { entryPoints = [ "localsecure" ]; rule = "Host(`traefik.esotericbytes.com`)"; service = "api@internal"; tls.certResolver = "cloudflare"; #middlewares = [ "authentik" ]; }; /*ntfy = { entryPoints = [ "websecure" ]; rule = "Host(`ntfy.esotericbytes.com`)"; service = "ntfy"; tls.certResolver = "cloudflare"; };*/ /*pihole = { entryPoints = [ "localsecure" ]; rule = "Host(`pihole.esotericbytes.com`)"; service = "pihole"; tls.certResolver = "cloudflare"; }; portainer = { entryPoints = [ "localsecure" ]; rule = "Host(`portainer.esotericbytes.com`)"; service = "portainer"; tls.certResolver = "cloudflare"; };*/ netbird = { entryPoints = [ "websecure" "localsecure" ]; rule = "Host(`vpn.esotericbytes.com`)"; service = "netbird"; tls.certResolver = "cloudflare"; }; n8n = { entryPoints = [ "localsecure" ]; rule = "Host(`n8n.esotericbytes.com`)"; service = "n8n"; tls.certResolver = "cloudflare"; }; /*ollama = { entryPoints = [ "localsecure" ]; rule = "Host(`ollama.esotericbytes.com`)"; service = "ollama"; tls.certResolver = "cloudflare"; };*/ openwebui = { entryPoints = [ "localsecure" ]; rule = "Host(`ai.esotericbytes.com`)"; service = "openwebui"; tls.certResolver = "cloudflare"; }; code-server = { entryPoints = [ "localsecure" ]; rule = "Host(`code.esotericbytes.com`)"; service = "code-server"; tls.certResolver = "cloudflare"; }; }; middlewares = { nextcloud_redirectregex.redirectregex = { permanent = true; regex = "https://nextcloud.esotericbytes.com/.well-known/(?:card|cal)dav"; replacement = "https://nextcloud.esotericbytes.com/remote.php/dav"; }; }; services = { #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ]; gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ]; homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ]; jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ]; authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9003"; } ]; #pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:9001"; } ]; #portainer.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ]; #novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ]; nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ]; #ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ]; netbird.loadBalancer = { passHostHeader = true; servers = [ { url = "http://192.168.100.23:80"; } ]; }; #ollama.loadBalancer.servers = [ { url = "http://192.168.100.10:11434"; } ]; openwebui.loadBalancer.servers = [ { url = "http://192.168.100.33:8080"; } ]; code-server.loadBalancer.servers = [ { url = "http://192.168.100.31:4444"; } ]; homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.25:8123"; } ]; n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ]; }; }; }; }; networking = { firewall = { allowedTCPPorts = [ 80 443 81 444 ]; allowedUDPPorts = [ 80 443 81 444 ]; }; useHostResolvConf = false; }; system.stateVersion = "24.05"; }; }; }; }