From 3d1fc2a2c91737df4e6da4711471ae02074f8d4e Mon Sep 17 00:00:00 2001 From: soraefir Date: Fri, 8 May 2026 22:53:41 +0200 Subject: [PATCH] traefik --- modules/server/containers/defs/traefik.nix | 17 +++++++++++++++-- systems/sandbox/cfg.nix | 5 +++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/modules/server/containers/defs/traefik.nix b/modules/server/containers/defs/traefik.nix index a3631d1..35b22bc 100644 --- a/modules/server/containers/defs/traefik.nix +++ b/modules/server/containers/defs/traefik.nix @@ -19,15 +19,28 @@ in { image = "traefik:${version}"; ip = containerCfg.ip; secret = name; - extraEnv = { - config.sops.secrets.INFOMANIAK_API_KEY.path + extraLabels = { + "traefik.http.routers.${subdomain}.priority" = "10"; + "traefik.http.routers.${subdomain}.service" = "api@internal"; + "traefik.http.routers.${subdomain}.middlewares" = "authentik"; }; overrides = { cmd = [ "--api" "--providers.docker=true" + "--global.checknewversion=false" + "--global.sendanonymoususage=false" + "--api.debug=false" + "--api.insecure=true" + "--api.dashboard=true" + "--core.defaultrulesyntax=v3" + "--providers.docker.exposedByDefault=false" "--entrypoints.web.address=:80" "--entrypoints.web-secure.address=:443" + "--entrypoints.web.http.redirections.entrypoint.to=web-secure" + "--entrypoints.web.http.redirections.entrypoint.scheme=https" + "--entrypoints.web-secure.transport.respondingtimeouts.readtimeout=0s" + "--entrypoints.web-secure.proxyprotocol.trustedips=127.0.0.1/32,192.168.1.1/16,10.10.0.0/16" ]; ports = [ "443" "80" ]; volumes = [ diff --git a/systems/sandbox/cfg.nix b/systems/sandbox/cfg.nix index 520231f..74e3b2e 100644 --- a/systems/sandbox/cfg.nix +++ b/systems/sandbox/cfg.nix @@ -27,6 +27,11 @@ mailServer = "infomaniak.ch"; containers = { + + traefik = { + enable = true; + subdomain = "traefik"; + }; authentik = { enable = true; db = true;