From e04382742fe13792a1edeb6c866486ca3ed80802 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Sat, 9 May 2026 10:03:09 +0200
Subject: [PATCH] cleanup traefik

---
 modules/server/containers/defs/traefik.nix | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/modules/server/containers/defs/traefik.nix b/modules/server/containers/defs/traefik.nix
index 58bc310..57da970 100644
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
@@ -24,22 +24,19 @@ in {
         "traefik.http.routers.${containerCfg.subdomain}.tls.certresolver" = "default";
         "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].main" = "${serverCfg.hostDomain}";
         "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].sans" = "*.${serverCfg.hostDomain}";
+        
         "traefik.http.middlewares.authentik.forwardauth.address" = "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik";
         "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
         "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
       };
-      extraEnv = {
-
-      };
-      # extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
+      extraEnv = { };
       overrides = {
         cmd = [ 
           "--api"
-          "--log.level=DEBUG"
+          "--log.level=INFO"
           "--providers.docker=true"
           "--global.checknewversion=false"
           "--global.sendanonymoususage=false"
-          "--api.debug=true"
           "--api.insecure=true"
           "--api.dashboard=true"
           "--providers.docker.exposedByDefault=false"
@@ -55,15 +52,10 @@ in {
           "--certificatesresolvers.default.acme.dnschallenge=true"
           "--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra.provider}"
           "--certificatesresolvers.default.acme.storage=/custom/acme.json"
-          "--entrypoints.web-secure.http.tls=true"
-          "--entrypoints.web-secure.http.tls.certresolver=default"
-          "--entrypoints.web-secure.http.tls.domains[0].main=*.${serverCfg.hostDomain}"
-          "--entrypoints.web-secure.http.tls.domains[0].sans=${serverCfg.hostDomain}"
         ];
         ports = [ "443:443" "80:80" ];
         volumes = [
-          "/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS
-          # "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
+          "/var/run/podman/podman.sock:/var/run/docker.sock"
           # "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log"
           "${serverCfg.configPath}/traefik:/custom"
         ];