walkah/athens
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

🔧 plato: clean up traefik config

Browse Source
This commit is contained in:
James Walker 2022-12-03 23:14:48 -05:00
parent ca1fab4f9f
commit db869ea59c
Signed by: walkah
GPG Key ID: 3C127179D6086E93
4 changed files with 75 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
flake.lock generated
View File

@ -141,11 +141,11 @@
"utils": "utils_2"
},
"locked": {
"lastModified": 1669328018,
"narHash": "sha256-aJRMobnNDEXKwoSZFS4hGjGU1WDNxkQ82BVKAEohOfY=",
"lastModified": 1670058827,
"narHash": "sha256-T+yyncPpZWeIkFrG/Cgj21iopULY3BZGWIhcT5ZmCgM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "62cb5bcf93896e4dd6b4507dac7ba2e2e3abc9d7",
"rev": "eb3598cf44aa10f2a16fe38488a102c0f474d766",
"type": "github"
},
"original": {
@ -156,11 +156,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1669146234,
"narHash": "sha256-HEby7EG1yaq1oT2Ze6Cvok9CFju1XHkSvVHmkptLW9U=",
"lastModified": 1669650994,
"narHash": "sha256-uwASLUfedIQ5q01TtMwZDEV2HCZr5nVPZjzVgCG+D5I=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "0099253ad0b5283f06ffe31cf010af3f9ad7837d",
"rev": "7883883d135ce5b7eae5dce4bfa12262b85c1c46",
"type": "github"
},
"original": {
@ -188,11 +188,11 @@
},
"nixpkgs-22_05": {
"locked": {
"lastModified": 1668908668,
"narHash": "sha256-oimCE4rY7Btuo/VYmA8khIyTHSMV7qUWTpz9w8yc9LQ=",
"lastModified": 1669513802,
"narHash": "sha256-AmTRNi8bHgJlmaNe3r5k+IMFbbXERM/KarqveMAZmsY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b68a6a27adb452879ab66c0eaac0c133e32823b2",
"rev": "6649e08812f579581bfb4cada3ba01e30485c891",
"type": "github"
},
"original": {
@ -204,11 +204,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1667629849,
"narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
"lastModified": 1669542132,
"narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
"rev": "a115bb9bd56831941be3776c8a94005867f316a7",
"type": "github"
},
"original": {
@ -220,11 +220,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1669387357,
"narHash": "sha256-z1azVj/5Em5kGhh9OgBOsjTEgMab7hXL/aRilH9tzyI=",
"lastModified": 1670086663,
"narHash": "sha256-hT8C8AQB74tdoCPwz4nlJypLMD7GI2F5q+vn+VE/qQk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55b3f68bda6d4f4dc6092eed0508063f154fa4fd",
"rev": "813836d64fa57285d108f0dbf2356457ccd304e3",
"type": "github"
},
"original": {
@ -256,11 +256,11 @@
"nixpkgs-22_05": "nixpkgs-22_05"
},
"locked": {
"lastModified": 1668915833,
"narHash": "sha256-7VYPiDJZdGct8Nl3kKhg580XZfoRcViO+zUGPkfBsqM=",
"lastModified": 1669714206,
"narHash": "sha256-9aiMbzRL8REsyi9U0eZ+lT4s7HaILA1gh9n2apKzLxU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "f72e050c3ef148b1131a0d2df55385c045e4166b",
"rev": "8295b8139ef7baadeb90c5cad7a40c4c9297ebf7",
"type": "github"
},
"original": {

47
hosts/plato/configuration.nix
View File

@ -15,6 +15,7 @@
../../modules/pleroma
../../modules/postgresql
../../modules/sops
../../modules/traefik
];
# Use the systemd-boot EFI boot loader.
@ -105,52 +106,6 @@
networking.firewall.enable = false;
walkah.coredns = { enable = true; };
services.traefik = {
enable = true;
group = "docker";
staticConfigOptions = {
api = {
dashboard = true;
insecure = true;
};
certificatesResolvers = {
myresolver = {
acme = {
email = "walkah@walkah.net";
storage = "/var/lib/traefik/acme.json";
dnsChallenge = {
provider = "cloudflare";
};
};
};
};
entryPoints = {
web = {
address = ":80";
http = {
redirections = {
entryPoint = {
to = "websecure";
scheme = "https";
};
};
};
};
websecure = {
address = ":443";
};
};
providers = {
docker = { };
};
};
};
systemd.services.traefik = {
serviceConfig = {
EnvironmentFile = "/var/lib/traefik/env";
};
};
services = {
borgbackup.jobs."borgbase" = {
paths = [

53
modules/traefik/default.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
{
services.traefik = {
enable = true;
group = "docker";
staticConfigOptions = {
api = {
dashboard = true;
insecure = true;
};
certificatesResolvers = {
myresolver = {
acme = {
email = "walkah@walkah.net";
storage = "/var/lib/traefik/acme.json";
dnsChallenge = {
provider = "cloudflare";
};
};
};
};
entryPoints = {
web = {
address = ":80";
http = {
redirections = {
entryPoint = {
to = "websecure";
scheme = "https";
};
};
};
};
websecure = {
address = ":443";
};
};
providers = {
docker = { };
};
};
};
systemd.services.traefik = {
serviceConfig = {
EnvironmentFile = config.sops.secrets.traefik.path;
};
};
sops.secrets.traefik = {
owner = "traefik";
};
}

5
secrets/secrets.yaml
View File

@ -1,6 +1,7 @@
matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str]
ipfs-cluster-secret: ENC[AES256_GCM,data:Z9i7ZLhlXw4m8myNUSiY5ej2/6UIwCwIe0bvbCttVLdv8cAHwzR2f22poKD6KnPBe9yaym+X3YtrHTCM4pVIbiSzMsHwYZ00vRQi35ZmYg==,iv:9PBz/olzA4X7JEL1xG8ACUaH1WDHSzApzlG5q0ZqSYk=,tag:9I4PGf91MHAKNeG4fVKIow==,type:str]
drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str]
traefik: ENC[AES256_GCM,data:SEjgraDDpdJnaOEZVi/0Vtr3J/jQ3zC2kZaMmMRKhRd77EkXC6eeSbOaORv30QSXcfipm8INT45TKZfRSdbnoV6XbgAqLyLmef3LkmMt+eA=,iv:bbns12ZiqeBha0eWEARMixFfPDHzF8PBjUEeEdkwf6Q=,tag:ft2k2CQk7VmfWiGhhyHVfQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -61,8 +62,8 @@ sops:
alB4LzZGSTJmUEt0TFBkUTdzR1pOOTQKG8T65JhLKx602YnEmG/Gqi/rY8X/9XgF
61ejhZ1DucTrM3sfUKjTFwaNVJLJgGEoPRioZW0SJkckjm5NNlutLw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-30T20:47:05Z"
mac: ENC[AES256_GCM,data:S/DfCcsk7oURR8zHW5jkLsDExNBl8G4gPJ5CQzS1R6i38ncEP7yT0pMiwizvZEVHHLP8lxTqsnyquEWhQfcKxojOysgiuGOl/SiiuXGBA91vWzURNN1ricJ+g5SXp593+0cMnkpC8ej6Bkja/QX/DORn74BF+dKLFT3InRi0ucI=,iv:btU0YLRTSnqlOIFzlI0Xbd6IX0noOo0ORqG7+nd8qHs=,tag:JUEWkaaFt0lm5YyW73q7ug==,type:str]
lastmodified: "2022-12-04T04:02:03Z"
mac: ENC[AES256_GCM,data:LceCSjhcE6XKS62XydiWq4JcaNYPjP7VU2EFtd1lAkS4vi4KiFgchBCmv8vqIHQLOoXLyI5RkZbn78z0M5FqA/Pc2ApEo/Wx4eHogmW+r3qojTTqrlpfS5ssXK3Svk8hppz1MpWGQOI8rMY1jEUYgkmqq6ClKDUc8+v59wNHHvY=,iv:XyQBSKekk5e5UDTVVWXtc/nyCmWTCKcAvl7QDXZOgmA=,tag:cGnc2ZqEJBQ8kiOqLX6kLw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3