54 lines
1.0 KiB
Nix
54 lines
1.0 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
services.traefik = {
|
|
enable = true;
|
|
group = "docker";
|
|
staticConfigOptions = {
|
|
api = {
|
|
dashboard = true;
|
|
insecure = true;
|
|
};
|
|
certificatesResolvers = {
|
|
myresolver = {
|
|
acme = {
|
|
email = "walkah@walkah.net";
|
|
storage = "/var/lib/traefik/acme.json";
|
|
dnsChallenge = {
|
|
provider = "cloudflare";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
entryPoints = {
|
|
web = {
|
|
address = ":80";
|
|
http = {
|
|
redirections = {
|
|
entryPoint = {
|
|
to = "websecure";
|
|
scheme = "https";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
websecure = {
|
|
address = ":443";
|
|
};
|
|
};
|
|
providers = {
|
|
docker = { };
|
|
};
|
|
};
|
|
};
|
|
systemd.services.traefik = {
|
|
serviceConfig = {
|
|
EnvironmentFile = config.sops.secrets.traefik.path;
|
|
};
|
|
};
|
|
|
|
sops.secrets.traefik = {
|
|
owner = "traefik";
|
|
};
|
|
}
|