sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity
Files
48b40d819b1051ad3d3fe389c355912572cea843
nixconfig/modules/server/containers/defs/traefik.nix
soraefir 48b40d819b fix typo
2026-05-09 09:56:28 +02:00

75 lines
3.5 KiB
Nix
Raw Blame History

{ config, containerCfg, pkgs, lib, builder, name,... }:
let
version = "3";
serverCfg = config.syscfg.server;
in {
paths = [{
path="${serverCfg.configPath}/traefik";
owner = "1000:1000";
mode = "0755";
}];
containers = {
server = builder.mkContainer {
subdomain = containerCfg.subdomain;
image = "ghcr.io/traefik/traefik:${version}";
ip = containerCfg.ip;
port = 8080;
secret = name;
extraLabels = {
"traefik.http.routers.${containerCfg.subdomain}.priority" = "10";
"traefik.http.routers.${containerCfg.subdomain}.service" = "api@internal";
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
"traefik.http.routers.${containerCfg.subdomain}.tls.certresolver" = "default";
"traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].main" = "${serverCfg.hostDomain}";
"traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].sans" = "*.${serverCfg.hostDomain}";
"traefik.http.middlewares.authentik.forwardauth.address" = "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
};
extraEnv = {
};
# extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
overrides = {
cmd = [
"--api"
"--log.level=DEBUG"
"--providers.docker=true"
"--global.checknewversion=false"
"--global.sendanonymoususage=false"
"--api.debug=true"
"--api.insecure=true"
"--api.dashboard=true"
"--providers.docker.exposedByDefault=false"
"--entrypoints.web.address=:80"
"--entrypoints.web-secure.address=:443"
"--entrypoints.web.http.redirections.entrypoint.to=web-secure"
"--entrypoints.web.http.redirections.entrypoint.scheme=https"
"--entrypoints.web-secure.transport.respondingtimeouts.readtimeout=0s"
"--entrypoints.web-secure.proxyprotocol.trustedips=127.0.0.1/32,192.168.1.1/16,10.10.0.0/16"
"--certificatesresolvers.default.acme.email=acme@${serverCfg.hostDomain}"
"--certificatesresolvers.default.acme.tlschallenge=false"
"--certificatesresolvers.default.acme.httpchallenge=false"
"--certificatesresolvers.default.acme.dnschallenge=true"
"--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra.provider}"
"--certificatesresolvers.default.acme.storage=/custom/acme.json"
"--entrypoints.web-secure.http.tls=true"
"--entrypoints.web-secure.http.tls.certresolver=default"
"--entrypoints.web-secure.http.tls.domains[0].main=*.${serverCfg.hostDomain}"
"--entrypoints.web-secure.http.tls.domains[0].sans=${serverCfg.hostDomain}"
];
ports = [ "443:443" "80:80" ];
volumes = [
"/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS
# "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
# "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log"
"${serverCfg.configPath}/traefik:/custom"
];
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink