nixos/services/traefik/default.nix

{...}: {
  imports = [../fail2ban/traefik.nix];
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      api = {dashboard = true;};
      entryPoints = {
        http = {
          address = ":80";
          http.redirections.entryPoint = {
            to = "https";
            scheme = "https";
          };
        };
        https = {address = ":443";};
        ssh = {address = ":2222";};
      };
      certificatesResolvers = {
        default = {
          acme = {
            email = "evie@xenia.me.uk";
            storage = "/var/lib/traefik/acme.json";
            httpChallenge = {entryPoint = "http";};
          };
        };
      };
    };
    dynamicConfigOptions.http = {
      routers.api = {
        rule = "Host(`traefik.xenia.me.uk`)";
        entryPoints = ["http" "https"];
        service = "api@internal";
        middlewares = ["auth"];
        tls = {certResolver = "default";};
      };
      middlewares.auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
    };
  };
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [80 443 2222];
  };
  services.fail2ban.jails = {
    traefik-http = ''
      enabled = true
      filter = traefik-auth
      ports = http,https,2222
      backend = systemd
    '';
    traefik-ssh = ''
      enabled = true
      filter = sshd
      ports = 2222
      backend = systemd
    '';
  };
}
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`{...}: {`
Move server directory and syncthing into services directory Separate service setup from traefik config for each, prep for future server separation 2023-05-26 08:52:46 +01:00			`imports = [../fail2ban/traefik.nix];`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`services.traefik = {`
			`enable = true;`
			`staticConfigOptions = {`
Set up and use auth middleware for traefik and qbittorrent Remove use of traefik insecure dashboard/API 2023-05-25 17:17:23 +01:00			`api = {dashboard = true;};`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`entryPoints = {`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`http = {`
			`address = ":80";`
			`http.redirections.entryPoint = {`
			`to = "https";`
			`scheme = "https";`
			`};`
			`};`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`https = {address = ":443";};`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`ssh = {address = ":2222";};`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`};`
Add https/tls support to traefik sites 2023-05-15 07:51:06 +01:00			`certificatesResolvers = {`
			`default = {`
			`acme = {`
			`email = "evie@xenia.me.uk";`
			`storage = "/var/lib/traefik/acme.json";`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`httpChallenge = {entryPoint = "http";};`
Add https/tls support to traefik sites 2023-05-15 07:51:06 +01:00			`};`
			`};`
			`};`
			`};`
			`dynamicConfigOptions.http = {`
Set up and use auth middleware for traefik and qbittorrent Remove use of traefik insecure dashboard/API 2023-05-25 17:17:23 +01:00			`routers.api = {`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			rule = "Host(`traefik.xenia.me.uk`)";
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`entryPoints = ["http" "https"];`
Set up and use auth middleware for traefik and qbittorrent Remove use of traefik insecure dashboard/API 2023-05-25 17:17:23 +01:00			`service = "api@internal";`
			`middlewares = ["auth"];`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`tls = {certResolver = "default";};`
			`};`
Set up and use auth middleware for traefik and qbittorrent Remove use of traefik insecure dashboard/API 2023-05-25 17:17:23 +01:00			`middlewares.auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`};`
			`};`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`networking.firewall = {`
			`enable = true;`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`allowedTCPPorts = [80 443 2222];`
			`};`
			`services.fail2ban.jails = {`
			`traefik-http = ''`
			`enabled = true`
			`filter = traefik-auth`
			`ports = http,https,2222`
			`backend = systemd`
			`'';`
			`traefik-ssh = ''`
			`enabled = true`
			`filter = sshd`
			`ports = 2222`
			`backend = systemd`
			`'';`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`};`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`}`