Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[traefik] Moves traefik config into the repo

Browse Source
This commit is contained in:
Drew Haven
2025-04-07 14:45:58 -07:00
parent a0987c0e11
commit b07b34b66a
6 changed files with 85 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
home-manager/features/development/nix.nix
View File

@@ -10,7 +10,8 @@
home.shellAliases = {
# This assumes that the repository is in ~/system-config
rebuild = "sudo nixos-rebuild switch --flake ~/system-config --show-trace --print-build-logs --verbose";
rebuild-switch = "sudo nixos-rebuild switch --flake ~/system-config --show-trace --print-build-logs --verbose";
rebuild-boot = "sudo nixos-rebuild boot --flake ~/system-config --show-trace --print-build-logs --verbose";
};
}

29
system/hosts/mcp/containers.nix
View File

@@ -17,6 +17,7 @@
./containers/searxng.nix
./containers/shared-postgres.nix
./containers/synapse.nix
./containers/traefik.nix
];
# Enable common container config files in /etc/containers
@@ -72,34 +73,6 @@
havenisms;
in
{
traefik = {
image = "traefik";
autoStart = true;
cmd = [ ];
extraOptions = [
# Proxying Traefik itself
"-l=traefik.enable=true"
"-l=traefik.http.routers.traefik.rule=${localHostRuleHavenisms "proxy"}"
"-l=traefik.http.services.traefik.loadbalancer.server.port=8080"
"-l=homepage.group=Infra"
"-l=homepage.name=Traefik"
"-l=homepage.icon=traefik.svg"
"-l=homepage.href=https://proxy.${havenisms}"
"-l=homepage.description=Reverse proxy"
"-l=homepage.widget.type=traefik"
"-l=homepage.widget.url=http://traefik:8080"
];
ports = [
"443:443"
"80:80"
];
environmentFiles = [
];
volumes = [
"/var/run/podman/podman.sock:/var/run/docker.sock:ro"
"/tank/config/traefik:/etc/traefik"
];
};
jellyfin = {
image = "lscr.io/linuxserver/jellyfin";
autoStart = true;

2
system/hosts/mcp/containers/email.nix
View File

@@ -1,6 +1,6 @@
{ config, ... }:
let
inherit (import ../lib.nix config) blazestar;
inherit (import ./lib.nix config) blazestar;
in {
virtualisation.oci-containers.containers.docker-mailserver = {

32
system/hosts/mcp/containers/traefik.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, ... }:
let
inherit (import ./lib.nix config) mkContainer blazestar;
traefikConfigDir = builtins.path {
name = "traefik-config";
path = ./traefik;
};
in {
virtualisation.oci-containers.containers.traefik = mkContainer {
image = "traefik";
hostName = "proxy";
port = 8080;
domain = blazestar;
public = false;
ports = [
"443:443"
"80:80"
];
volumes =
[
"/var/run/podman/podman.sock:/var/run/docker.sock:ro"
"${traefikConfigDir}:/etc/traefik"
"/tank/config/traefik/acme:/etc/traefik/acme"
];
homepageOpts = {
name = "Traefik";
icon = "traefik.svg";
group = "Infra";
description = "Reverse Proxy";
};
};
}

10
system/hosts/mcp/containers/traefik/static/dockerRegistry.yaml Normal file
View File

@@ -0,0 +1,10 @@
http:
services:
dockerRegistry:
loadBalancer:
servers:
- url: "http://10.88.0.1:5000/"
routers:
dockerRegistry:
service: dockerRegistry
rule: "ClientIP(`192.168.1.0/24`) && Host(`docker.havenisms.com`)"

39
system/hosts/mcp/containers/traefik/traefik.yaml Normal file
View File

@@ -0,0 +1,39 @@
entryPoints:
web:
address: ":80"
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
tls:
certResolver: letsencrypt
metrics:
address: ":8082"
api:
insecure: true
providers:
docker:
exposedByDefault: false
file:
directory: /etc/traefik/static
watch: true
certificatesResolvers:
letsencrypt:
acme:
email: drew.haven@gmail.com
storage: /etc/traefik/acme/acme.json
httpChallenge:
entryPoint: web
metrics:
prometheus:
addEntryPointsLabels: true
addServicesLabels: true
entryPoint: "metrics"