sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

fix traefik

Browse Source
This commit is contained in:
soraefir
2026-05-08 23:30:04 +02:00
parent 4c684cf9b1
commit e652c12bf2
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/server/containers/defs/traefik.nix
View File

@@ -23,6 +23,10 @@ in {
"traefik.http.routers.${containerCfg.subdomain}.priority" = "10"; "traefik.http.routers.${containerCfg.subdomain}.priority" = "10";
"traefik.http.routers.${containerCfg.subdomain}.service" = "api@internal"; "traefik.http.routers.${containerCfg.subdomain}.service" = "api@internal";
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik"; "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
"traefik.http.middlewares.authentik.forwardauth.address" = "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
}; };
overrides = { overrides = {
cmd = [ cmd = [
@@ -30,7 +34,7 @@ in {
"--providers.docker=true" "--providers.docker=true"
"--global.checknewversion=false" "--global.checknewversion=false"
"--global.sendanonymoususage=false" "--global.sendanonymoususage=false"
"--api.debug=false" "--api.debug=true"
"--api.insecure=true" "--api.insecure=true"
"--api.dashboard=true" "--api.dashboard=true"
"--providers.docker.exposedByDefault=false" "--providers.docker.exposedByDefault=false"
@@ -40,6 +44,11 @@ in {
"--entrypoints.web.http.redirections.entrypoint.scheme=https" "--entrypoints.web.http.redirections.entrypoint.scheme=https"
"--entrypoints.web-secure.transport.respondingtimeouts.readtimeout=0s" "--entrypoints.web-secure.transport.respondingtimeouts.readtimeout=0s"
"--entrypoints.web-secure.proxyprotocol.trustedips=127.0.0.1/32,192.168.1.1/16,10.10.0.0/16" "--entrypoints.web-secure.proxyprotocol.trustedips=127.0.0.1/32,192.168.1.1/16,10.10.0.0/16"
"--certificatesresolvers.default.acme.email=acme@${serverCfg.domain}"
"--certificatesresolvers.default.acme.storage=/acme.json"
"--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra}"
"--certificatesresolvers.default.acme.domains[0].main=*.${serverCfg.domain}"
"--certificatesresolvers.default.acme.domains[0].sans=${serverCfg.domain}"
]; ];
ports = [ "443:443" "80:80" ]; ports = [ "443:443" "80:80" ];
volumes = [ volumes = [

2
modules/shared/syscfg/default.nix
View File

@@ -103,7 +103,7 @@ let
subdomain = mkOption { type = types.nullOr types.str; default=null;}; subdomain = mkOption { type = types.nullOr types.str; default=null;};
port = mkOption { type = types.nullOr types.port; default = null; }; port = mkOption { type = types.nullOr types.port; default = null; };
pubPort = mkOption { type = types.nullOr types.port; default = null; }; pubPort = mkOption { type = types.nullOr types.port; default = null; };
extraParam = mkOption { type = types.str; default = ""; }; extra = mkOption { type = types.attrs; default = {}; };
}; };
}); });
default = {}; default = {};

1
systems/sandbox/cfg.nix
View File

@@ -32,6 +32,7 @@
enable = true; enable = true;
sops = true; sops = true;
subdomain = "traefik"; subdomain = "traefik";
extra={provider="infomaniak";};
}; };
authentik = { authentik = {
enable = true; enable = true;