{ config, lib, ... }: { options.sysconfig.opts.virtualization.traefik.enable = lib.options.mkOption { type = lib.types.bool; default = false; }; config = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable { containers.traefik = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; forwardPorts = [ { containerPort = 80; hostPort = 80; } { containerPort = 443; hostPort = 443; } { containerPort = 9080; hostPort = 9080; } { containerPort = 9443; hostPort = 9443; } ]; bindMounts = { "/etc/traefik/data" = { hostPath = "/ssd1/Traefik/data"; isReadOnly = false; }; }; config = { services.traefik = { enable = true; dataDir = "/etc/traefik/data"; environmentFiles = [ "/etc/traefik/data/traefik.env" ]; staticConfigOptions = { serversTransport.insecureSkipVerify = true; api = { dashboard = true; insecure = true; debug = true; }; global = { checknewversion = false; sendanonymoususage = false; }; entryPoints = { local = { address = ":9080"; http.redirections.entryPoint = { to = "localsecure"; scheme = "https"; }; }; localsecure = { address = ":9443"; asDefault = true; http.tls.certResolver = "cloudflare"; }; web = { address = ":80"; http.redirections.entryPoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; asDefault = true; http.tls.certResolver = "cloudflare"; }; }; log = { level = "DEBUG"; filePath = "/etc/traefik/data/traefik.log"; format = "json"; }; certificatesResolvers = { cloudflare = { acme = { email = "nathanblunkall5@gmail.com"; storage = "/etc/traefik/data/acme.json"; keyType = "EC256"; dnsChallenge = { provider = "cloudflare"; resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ]; }; }; }; /*letsencrypt.acme = { email = "postmaster@blunkall.us"; storage = "/root/data/acme.json"; httpChallenge.entryPoint = "web"; };*/ }; }; dynamicConfigOptions = { http = { routers = { homepageSecure = { entryPoints = [ "localsecure" "websecure" ]; rule = "Host(`blunkall.us`)"; service = "homepage"; tls = { certResolver = "cloudflare"; domains = { main = "blunkall.us"; sans = [ "*.blunkall.us" "*.local.blunkall.us" ]; }; }; }; homepage = { entryPoints = [ "localsecure" "websecure" ]; rule = "Host(`www.blunkall.us`)"; service = "homepage"; tls = { certResolver = "cloudflare"; domains = { main = "blunkall.us"; sans = [ "*.blunkall.us" "*.local.blunkall.us" ]; }; }; }; /*gitlab = { entryPoints = [ "localsecure" "websecure" ]; rule = "Host(`gitlab.blunkall.us`)"; service = "gitlab"; tls = { certResolver = "cloudflare"; domains = { main = "blunkall.us"; sans = [ "*.blunkall.us" "*.local.blunkall.us" ]; }; }; };*/ local = { entryPoints = [ "localsecure" ]; rule = "Host(`traefik.local.blunkall.us`)"; service = "dashboard@internal"; tls = { certResolver = "cloudflare"; domains = { main = "blunkall.us"; sans = [ "*.blunkall.us" "*.local.blunkall.us" ]; }; }; }; }; services = { #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.12:80"; } ]; homepage.loadBalancer.servers = [ { url = "http://192.168.100.10:8000"; } ]; }; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 8080 ]; system.stateVersion = "24.05"; }; }; }; }