sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

cleanup traefik

Browse Source
This commit is contained in:
soraefir
2026-05-09 10:03:09 +02:00
parent 48b40d819b
commit e04382742f
1 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
modules/server/containers/defs/traefik.nix
View File

@@ -24,22 +24,19 @@ in {
"traefik.http.routers.${containerCfg.subdomain}.tls.certresolver" = "default"; "traefik.http.routers.${containerCfg.subdomain}.tls.certresolver" = "default";
"traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].main" = "${serverCfg.hostDomain}"; "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].main" = "${serverCfg.hostDomain}";
"traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].sans" = "*.${serverCfg.hostDomain}"; "traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].sans" = "*.${serverCfg.hostDomain}";
"traefik.http.middlewares.authentik.forwardauth.address" = "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"; "traefik.http.middlewares.authentik.forwardauth.address" = "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true"; "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"; "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
}; };
extraEnv = { extraEnv = { };
};
# extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
overrides = { overrides = {
cmd = [ cmd = [
"--api" "--api"
"--log.level=DEBUG" "--log.level=INFO"
"--providers.docker=true" "--providers.docker=true"
"--global.checknewversion=false" "--global.checknewversion=false"
"--global.sendanonymoususage=false" "--global.sendanonymoususage=false"
"--api.debug=true"
"--api.insecure=true" "--api.insecure=true"
"--api.dashboard=true" "--api.dashboard=true"
"--providers.docker.exposedByDefault=false" "--providers.docker.exposedByDefault=false"
@@ -55,15 +52,10 @@ in {
"--certificatesresolvers.default.acme.dnschallenge=true" "--certificatesresolvers.default.acme.dnschallenge=true"
"--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra.provider}" "--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra.provider}"
"--certificatesresolvers.default.acme.storage=/custom/acme.json" "--certificatesresolvers.default.acme.storage=/custom/acme.json"
"--entrypoints.web-secure.http.tls=true"
"--entrypoints.web-secure.http.tls.certresolver=default"
"--entrypoints.web-secure.http.tls.domains[0].main=*.${serverCfg.hostDomain}"
"--entrypoints.web-secure.http.tls.domains[0].sans=${serverCfg.hostDomain}"
]; ];
ports = [ "443:443" "80:80" ]; ports = [ "443:443" "80:80" ];
volumes = [ volumes = [
"/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS "/var/run/podman/podman.sock:/var/run/docker.sock"
# "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
# "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log" # "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log"
"${serverCfg.configPath}/traefik:/custom" "${serverCfg.configPath}/traefik:/custom"
]; ];