nixos/server/traefik.nix

47 lines
1.3 KiB
Nix

{...}: {
imports = [./fail2ban.nix];
services.traefik = {
enable = true;
staticConfigOptions = {
api = {insecure = true;};
entryPoints = {
http = {address = ":80";};
https = {address = ":443";};
};
certificatesResolvers = {
default = {
acme = {
email = "evie@xenia.me.uk";
storage = "/var/lib/traefik/acme.json";
httpChallenge = {entryPoint = "http";};
};
};
};
};
dynamicConfigOptions.http = {
routers.traefik = {
rule = "Host(`traefik.xenia.me.uk`)";
service = "traefik-webinterface";
tls = {certResolver = "default";};
};
services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];
routers.qbittorrent = {
rule = "Host(`torrent.xenia.me.uk`)";
service = "qbittorrent-webinterface";
tls = {certResolver = "default";};
};
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443 8080 8090];
};
services.fail2ban.jails.traefik = ''
enabled = true
filter = traefik-auth
ports = http,https,8080
backend = systemd
'';
}