{ config, pkgs, ... }: { project.name = "traefik"; networks = { internal = { name = lib.mkForce "internal"; internal = true; }; external = { name = lib.mkForce "external"; internal = false; }; }; services = { traefik.service = { image = "traefik:latest"; container_name = "traefik"; restart = "unless-stopped"; networks = [ "internal" "external" ]; command = [ "--api" "--providers.docker=true" "--entrypoints.web.address=:80" "--entrypoints.web-secure.address=:443" ]; port = [ "443" "80" ]; volumes = [ "/var/run/docker.sock:/var/run/docker.sock:ro" "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml" "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log" "${serverCfg.configPath}/traefik/acme.json:/acme.json" ]; environment = { "INFOMANIAK_ACCESS_TOKEN" = config.sops.secrets.INFOMANIAK_API_KEY.path; }; labels = { "traefik.enable" = "false"; }; }; matomo.service = { image = "matomo:latest"; container_name = "matomo"; restart = "unless-stopped"; networks = [ "external" ]; volumes = [ "/etc/localtime:/etc/localtime:ro" "${serverCfg.configPath}/matomo:/var/www/html/config:rw" "${serverCfg.configPath}/traefik/access.log:/var/log/taccess.log:ro" ]; environment = { }; labels = { "traefik.http.routers.matomo.rule" = "Host(`matomo.${serverCfg.hostDomain}`)"; "traefik.http.routers.matomo.entrypoints" = "web-secure"; "traefik.http.routers.matomo.tls" = "true"; }; }; searx.service = { image = "searxng/searxng:latest"; container_name = "searx"; restart = "unless-stopped"; networks = [ "external" ]; volumes = [ "/etc/localtime:/etc/localtime:ro" ]; environment = { "BASE_URL" = "https://searx.${serverCfg.hostDomain}"; "AUTOCOMPLETE" = "true"; "INSTANCE_NAME" = "searx${serverCfg.shortName}"; }; labels = { "traefik.http.routers.matomo.rule" = "Host(`searx.${serverCfg.hostDomain}`)"; "traefik.http.routers.matomo.entrypoints" = "web-secure"; "traefik.http.routers.matomo.tls" = "true"; }; }; }; }