ready for runners
This commit is contained in:
parent
fc9971ddc9
commit
7dd5043b5d
49 changed files with 2569 additions and 1085 deletions
10
nixos/hosts/traefik/configuration/middlewares.nix
Normal file
10
nixos/hosts/traefik/configuration/middlewares.nix
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
{ lib, config, ... }:
|
||||
|
||||
let
|
||||
internalNetwork = "192.168.1.0/24";
|
||||
in
|
||||
{
|
||||
internal-whitelist = {
|
||||
ipWhiteList.sourceRange = [ internalNetwork ];
|
||||
};
|
||||
}
|
||||
140
nixos/hosts/traefik/configuration/routers.nix
Normal file
140
nixos/hosts/traefik/configuration/routers.nix
Normal file
|
|
@ -0,0 +1,140 @@
|
|||
{ lib, config, ... }:
|
||||
|
||||
{
|
||||
traefik = {
|
||||
rule = "Host(`traefik.procopius.dk`)";
|
||||
service = "traefik";
|
||||
entryPoints = [ "websecure" ];
|
||||
middlewares = [ "internal-whitelist" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
proxmox = {
|
||||
rule = "Host(`proxmox.procopius.dk`)";
|
||||
service = "proxmox";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
forgejo = {
|
||||
rule = "Host(`git.procopius.dk`)";
|
||||
service = "forgejo";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
prometheus = {
|
||||
rule = "Host(`prometheus.procopius.dk`)";
|
||||
service = "prometheus";
|
||||
entryPoints = [ "websecure" ];
|
||||
middlewares = [ "internal-whitelist" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
grafana = {
|
||||
rule = "Host(`grafana.procopius.dk`)";
|
||||
service = "grafana";
|
||||
entryPoints = [ "websecure" ];
|
||||
middlewares = [ "internal-whitelist" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
alertmanager = {
|
||||
rule = "Host(`alertmanager.procopius.dk`)";
|
||||
service = "alertmanager";
|
||||
entryPoints = [ "websecure" ];
|
||||
middlewares = [ "internal-whitelist" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
jellyfin = {
|
||||
rule = "Host(`jellyfin.procopius.dk`)";
|
||||
service = "jellyfin";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
sonarr = {
|
||||
rule = "Host(`sonarr.procopius.dk`)";
|
||||
service = "sonarr";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
radarr = {
|
||||
rule = "Host(`radarr.procopius.dk`)";
|
||||
service = "radarr";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
ente = {
|
||||
rule = "Host(`ente.procopius.dk`)";
|
||||
service = "ente";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
photos = {
|
||||
rule = "Host(`photos.procopius.dk`)";
|
||||
service = "photos";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
minio = {
|
||||
rule = "Host(`minio.procopius.dk`)";
|
||||
service = "minio";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
minio-api = {
|
||||
rule = "Host(`minio-api.procopius.dk`)";
|
||||
service = "minio-api";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
account = {
|
||||
rule = "Host(`account.procopius.dk`)";
|
||||
service = "account";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
auth = {
|
||||
rule = "Host(`auth.procopius.dk`)";
|
||||
service = "auth";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
nas = {
|
||||
rule = "Host(`nas.procopius.dk`)";
|
||||
service = "nas";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
umami = {
|
||||
rule = "Host(`umami.procopius.dk`)";
|
||||
service = "umami";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
mesterjakob = {
|
||||
rule = "Host(`mester.jakobblum.dk`)";
|
||||
service = "mesterjakob";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
|
||||
catchAll = {
|
||||
rule = "HostRegexp(`.+`)";
|
||||
service = "nginx";
|
||||
entryPoints = [ "websecure" ];
|
||||
tls = { certResolver = "letsencrypt"; };
|
||||
};
|
||||
}
|
||||
38
nixos/hosts/traefik/configuration/services.nix
Normal file
38
nixos/hosts/traefik/configuration/services.nix
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
{ lib, config, ... }:
|
||||
|
||||
{
|
||||
proxmox.loadBalancer.servers = [ { url = "https://192.168.1.205:8006"; } ];
|
||||
proxmox.loadBalancer.serversTransport = "insecureTransport";
|
||||
|
||||
traefik.loadBalancer.servers = [ { url = "http://localhost:8080"; } ];
|
||||
|
||||
forgejo.loadBalancer.servers = [ { url = "http://forgejo.lab:3000"; } ];
|
||||
|
||||
nginx.loadBalancer.servers = [ { url = "https://192.168.1.226:4433"; } ];
|
||||
nginx.loadBalancer.serversTransport = "insecureTransport";
|
||||
|
||||
prometheus.loadBalancer.servers = [ { url = "http://monitor.lab:9090"; } ];
|
||||
grafana.loadBalancer.servers = [ { url = "http://monitor.lab:3000"; } ];
|
||||
alertmanager.loadBalancer.servers = [ { url = "http://monitor.lab:9093"; } ];
|
||||
|
||||
|
||||
# from nginx
|
||||
account.loadBalancer.servers = [ { url = "http://192.168.1.226:3001"; } ];
|
||||
auth.loadBalancer.servers = [ { url = "http://192.168.1.226:3005"; } ];
|
||||
ente.loadBalancer.servers = [ { url = "http://192.168.1.226:8087"; } ];
|
||||
photos.loadBalancer.servers = [ { url = "http://192.168.1.226:3000"; } ];
|
||||
minio.loadBalancer.servers = [ { url = "http://192.168.1.226:3201"; } ];
|
||||
minio-api.loadBalancer.servers = [ { url = "http://192.168.1.226:3200"; } ];
|
||||
|
||||
nas.loadBalancer.servers = [ { url = "https://192.168.1.226:5001"; } ];
|
||||
nas.loadBalancer.serversTransport = "insecureTransport";
|
||||
|
||||
|
||||
jellyfin.loadBalancer.servers = [ { url = "http://192.168.1.226:8096"; } ];
|
||||
radarr.loadBalancer.servers = [ { url = "http://192.168.1.226:7878"; } ];
|
||||
sonarr.loadBalancer.servers = [ { url = "http://192.168.1.226:8989"; } ];
|
||||
|
||||
umami.loadBalancer.servers = [ { url = "http://192.168.1.226:3333"; } ];
|
||||
|
||||
mesterjakob.loadBalancer.servers = [ { url = "http://192.168.1.226:4200"; } ];
|
||||
}
|
||||
61
nixos/hosts/traefik/configuration/static.nix
Normal file
61
nixos/hosts/traefik/configuration/static.nix
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
{ lib, config, ... }:
|
||||
|
||||
{
|
||||
entryPoints = {
|
||||
web = {
|
||||
address = ":80";
|
||||
asDefault = true;
|
||||
http.redirections.entrypoint = {
|
||||
to = "websecure";
|
||||
scheme = "https";
|
||||
};
|
||||
};
|
||||
|
||||
websecure = {
|
||||
address = ":443";
|
||||
http.tls.certResolver = "letsencrypt";
|
||||
};
|
||||
|
||||
metrics = {
|
||||
address = ":8082";
|
||||
};
|
||||
};
|
||||
|
||||
api = {
|
||||
dashboard = true;
|
||||
insecure = true;
|
||||
};
|
||||
|
||||
certificatesResolvers = {
|
||||
letsencrypt = {
|
||||
acme = {
|
||||
email = "david.mikael@proton.me";
|
||||
storage = "/var/lib/traefik/acme.json";
|
||||
# httpChallenge = {
|
||||
# entryPoint = "web";
|
||||
# };
|
||||
dnsChallenge = {
|
||||
provider = "cloudflare";
|
||||
delayBeforeCheck = 10;
|
||||
resolvers = [ "1.1.1.1:53" "8.8.8.8:53" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
metrics = {
|
||||
prometheus = {
|
||||
entryPoint = "metrics";
|
||||
};
|
||||
};
|
||||
|
||||
log = {
|
||||
level = "DEBUG";
|
||||
filePath = "/var/log/traefik/traefik.log";
|
||||
};
|
||||
|
||||
accessLog = {
|
||||
format = "json";
|
||||
filePath = "/var/log/traefik/access.log";
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue