[traefik] Moves traefik config into the repo

2025-04-07 14:45:58 -07:00
parent a0987c0e11
commit 932f78bfe4
7 changed files with 86 additions and 31 deletions
--- a/system/hosts/mcp/containers/email.nix
+++ b/system/hosts/mcp/containers/email.nix
@@ -1,6 +1,6 @@
 { config, ... }:
 let
-  inherit (import ../lib.nix config) blazestar;
+  inherit (import ./lib.nix config) blazestar;
 in {
  
  virtualisation.oci-containers.containers.docker-mailserver = {
--- a/system/hosts/mcp/containers/lib.nix
+++ b/system/hosts/mcp/containers/lib.nix
@@ -36,7 +36,7 @@ in
    let routerRule = if public then hostRule hostName domain else localHostRule hostName domain;
    in
    {
-      inherit image dependsOn volumes environment environmentFiles;
+      inherit image dependsOn volumes environment environmentFiles ports;
      autoStart = true;
      extraOptions = [
        "-l=traefik.enable=true"
--- a/system/hosts/mcp/containers/traefik.nix
+++ b/system/hosts/mcp/containers/traefik.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+let
+  inherit (import ./lib.nix config) mkContainer blazestar;
+  traefikConfigDir = builtins.path {
+    name = "traefik-config";
+    path = ./traefik;
+  };
+in {
+  virtualisation.oci-containers.containers.traefik = mkContainer {
+      image = "traefik";
+      hostName = "proxy";
+      port = 8080;
+      domain = blazestar;
+      public = false;
+      ports = [
+        "80:80"
+        "443:443"
+      ];
+      volumes =
+      [
+        "/var/run/podman/podman.sock:/var/run/docker.sock:ro"
+        "${traefikConfigDir}:/etc/traefik"
+        "/tank/config/traefik/acme:/etc/traefik/acme"
+      ];
+      homepageOpts = {
+        name = "Traefik";
+        icon = "traefik.svg";
+        group = "Infra";
+        description = "Reverse Proxy";
+      };
+    };
+  }
--- a/system/hosts/mcp/containers/traefik/static/dockerRegistry.yaml
+++ b/system/hosts/mcp/containers/traefik/static/dockerRegistry.yaml
@@ -0,0 +1,10 @@
+http:
+  services:
+    dockerRegistry:
+      loadBalancer:
+        servers:
+          - url: "http://10.88.0.1:5000/"
+  routers:
+    dockerRegistry:
+      service: dockerRegistry
+      rule: "ClientIP(`192.168.1.0/24`) && Host(`docker.havenisms.com`)"
--- a/system/hosts/mcp/containers/traefik/traefik.yaml
+++ b/system/hosts/mcp/containers/traefik/traefik.yaml
@@ -0,0 +1,39 @@
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entrypoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        certResolver: letsencrypt
+  metrics:
+    address: ":8082"
+
+api:
+  insecure: true
+
+providers:
+  docker:
+    exposedByDefault: false
+  file:
+    directory: /etc/traefik/static
+    watch: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: drew.haven@gmail.com
+      storage: /etc/traefik/acme/acme.json
+      httpChallenge:
+        entryPoint: web
+
+metrics:
+  prometheus:
+    addEntryPointsLabels: true
+    addServicesLabels: true
+    entryPoint: "metrics"