From a69d0a1a921b0228e8379765df1cfdc1779d7093 Mon Sep 17 00:00:00 2001 From: Evie Litherland-Smith Date: Tue, 30 May 2023 10:08:26 +0100 Subject: [PATCH] Remove ssh forwarding from traefik, remove traefik auth from internal connections --- services/Vanguard.nix | 7 +++---- services/traefik/default.nix | 5 ++--- services/traefik/gitea.nix | 2 +- services/traefik/sshd.nix | 11 ----------- 4 files changed, 6 insertions(+), 19 deletions(-) delete mode 100644 services/traefik/sshd.nix diff --git a/services/Vanguard.nix b/services/Vanguard.nix index dcfd7b13..108584cd 100644 --- a/services/Vanguard.nix +++ b/services/Vanguard.nix @@ -1,14 +1,13 @@ {...}: { imports = [ ./adguardhome - ./traefik/adguardhome.nix ./gitea - ./traefik/gitea.nix ./nextcloud + ./sshd + ./traefik/adguardhome.nix + ./traefik/gitea.nix ./traefik/nextcloud.nix ./traefik/qbittorrent.nix - ./sshd - ./traefik/sshd.nix ./syncthing/Vanguard.nix ]; } diff --git a/services/traefik/default.nix b/services/traefik/default.nix index e0cbbad0..e008ec84 100644 --- a/services/traefik/default.nix +++ b/services/traefik/default.nix @@ -12,8 +12,8 @@ scheme = "https"; }; }; - https = {address = ":443";}; - traefik-internal = {address = ":8080";}; + https.address = ":443"; + traefik-internal.address = ":8080"; }; certificatesResolvers = { default = { @@ -37,7 +37,6 @@ rule = "ClientIP(`192.168.0.0/16`)"; entryPoints = ["traefik-internal"]; service = "api@internal"; - middlewares = ["auth"]; }; middlewares = { auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."]; diff --git a/services/traefik/gitea.nix b/services/traefik/gitea.nix index cc5551e3..fca6c38b 100644 --- a/services/traefik/gitea.nix +++ b/services/traefik/gitea.nix @@ -1,5 +1,5 @@ {...}: { - imports = [./default.nix ./sshd.nix]; + imports = [./default.nix]; services.traefik.dynamicConfigOptions = { http = { routers.gitea = { diff --git a/services/traefik/sshd.nix b/services/traefik/sshd.nix deleted file mode 100644 index b7e3b5ba..00000000 --- a/services/traefik/sshd.nix +++ /dev/null @@ -1,11 +0,0 @@ -{...}: { - imports = [./default.nix]; - services.traefik.dynamicConfigOptions.tcp = { - routers.ssh = { - rule = "ClientIP(`192.168.0.0/16`)"; - entryPoints = ["ssh"]; - service = "ssh-redirect"; - }; - services.ssh-redirect.loadBalancer.servers = [{address = "localhost:22";}]; - }; -}