nixos/server/traefik.nix

{...}: {
  imports = [./fail2ban.nix];
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      api = {insecure = true;};
      entryPoints = {
        http = {address = ":80";};
        https = {address = ":443";};
      };
      certificatesResolvers = {
        default = {
          acme = {
            email = "evie@xenia.me.uk";
            storage = "/var/lib/traefik/acme.json";
            httpChallenge = {entryPoint = "http";};
          };
        };
      };
    };
    dynamicConfigOptions.http = {
      routers.traefik = {
        rule = "Host(`traefik.xenia.me.uk`)";
        service = "traefik-webinterface";
        tls = {certResolver = "default";};
      };
      services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];
    };
  };
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [80 443 8080];
  };
  services.fail2ban.jails.traefik = ''
    enabled = true
    filter = traefik-auth
    ports = http,https,8080
    backend = systemd
  '';
}
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`{...}: {`
			`imports = [./fail2ban.nix];`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`services.traefik = {`
			`enable = true;`
			`staticConfigOptions = {`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`api = {insecure = true;};`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`entryPoints = {`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`http = {address = ":80";};`
			`https = {address = ":443";};`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`};`
Add https/tls support to traefik sites 2023-05-15 07:51:06 +01:00			`certificatesResolvers = {`
			`default = {`
			`acme = {`
			`email = "evie@xenia.me.uk";`
			`storage = "/var/lib/traefik/acme.json";`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`httpChallenge = {entryPoint = "http";};`
Add https/tls support to traefik sites 2023-05-15 07:51:06 +01:00			`};`
			`};`
			`};`
			`};`
			`dynamicConfigOptions.http = {`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`routers.traefik = {`
			rule = "Host(`traefik.xenia.me.uk`)";
			`service = "traefik-webinterface";`
			`tls = {certResolver = "default";};`
			`};`
			`services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`};`
			`};`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`networking.firewall = {`
			`enable = true;`
			`allowedTCPPorts = [80 443 8080];`
			`};`
Add fail2ban config for traefik 2023-05-16 11:24:19 +01:00			`services.fail2ban.jails.traefik = ''`
			`enabled = true`
			`filter = traefik-auth`
			`ports = http,https,8080`
			`backend = systemd`
			`'';`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`}`