35 lines
1,013 B
Nix
35 lines
1,013 B
Nix
{ ... }:
|
|
{
|
|
imports = [ ./fail2ban.nix ];
|
|
services.traefik = {
|
|
enable = true;
|
|
staticConfigOptions = {
|
|
api = { insecure = true; };
|
|
entryPoints = {
|
|
http = { address = ":80"; };
|
|
https = { address = ":443"; };
|
|
};
|
|
certificatesResolvers = {
|
|
default = {
|
|
acme = {
|
|
email = "evie@xenia.me.uk";
|
|
storage = "/var/lib/traefik/acme.json";
|
|
httpChallenge = { entryPoint = "http"; };
|
|
};
|
|
};
|
|
};
|
|
};
|
|
dynamicConfigOptions.http = {
|
|
routers.traefik = { rule = "Host(`traefik.xenia.me.uk`)"; service = "traefik-webinterface"; tls = { certResolver = "default"; }; };
|
|
services.traefik-webinterface.loadBalancer.servers = [{ url = "http://localhost:8080"; }];
|
|
};
|
|
};
|
|
networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 8080 ]; };
|
|
services.fail2ban.jails.traefik = ''
|
|
enabled = true
|
|
filter = traefik-auth
|
|
ports = http,https,8080
|
|
backend = systemd
|
|
'';
|
|
}
|