dump

2025-07-05 11:12:20 +02:00 · 2025-07-05 11:12:20 +02:00 · a90630ecb6
commit a90630ecb6
parent 4ed9ba0d24
98 changed files with 2063 additions and 729 deletions
--- a/nixos/hosts/traefik/traefik.nix
+++ b/nixos/hosts/traefik/traefik.nix
@ -1,23 +1,59 @@
-{ config, lib, pkgs, ... }:
-
-let
-  staticConfig = import ./configuration/static.nix { inherit lib config; };
-  middlewaresConfig = import ./configuration/middlewares.nix { inherit lib config; };
-  routersConfig = import ./configuration/routers.nix { inherit lib config; };
-  servicesConfig = import ./configuration/services.nix { inherit lib config; };
-in
 {
+  config,
+  lib,
+  ...
+}: let
+  # Import router and service declarations grouped in files
+  infraRouters = import ./configuration/infra/routers.nix;
+  infraServices = import ./configuration/infra/services.nix;
+
+  monitoringRouters = import ./configuration/monitoring/routers.nix;
+  monitoringServices = import ./configuration/monitoring/services.nix;
+
+  mediaRouters = import ./configuration/media-center/routers.nix;
+  mediaServices = import ./configuration/media-center/services.nix;
+
+  photosRouters = import ./configuration/photos/routers.nix;
+  photosServices = import ./configuration/photos/services.nix;
+
+  authRouters = import ./configuration/auth/routers.nix;
+  authServices = import ./configuration/auth/services.nix;
+
+  miscRouters = import ./configuration/misc/routers.nix;
+  miscServices = import ./configuration/misc/services.nix;
+
+  middlewares = import ./configuration/middlewares.nix;
+  staticConfig = import ./configuration/static.nix;
+
+  # Combine all routers and services from groups
+  allRouters = lib.foldl' (acc: routers: acc // routers) {} [
+    infraRouters
+    monitoringRouters
+    mediaRouters
+    photosRouters
+    authRouters
+    miscRouters
+  ];
+
+  allServices = lib.foldl' (acc: services: acc // services) {} [
+    infraServices
+    monitoringServices
+    mediaServices
+    photosServices
+    authServices
+    miscServices
+  ];
+in {
  services.traefik = {
    enable = true;
+    environmentFiles = [config.sops.secrets."traefik-env".path];

-    # ==== Static Configuration ====
    staticConfigOptions = staticConfig;

-    # ==== Dynamic Configuration ====
    dynamicConfigOptions.http = {
-      routers = routersConfig;
-      services = servicesConfig;
-      middlewares = middlewaresConfig;
+      routers = allRouters;
+      services = allServices;
+      middlewares = middlewares;

      serversTransports = {
        insecureTransport = {
@ -26,11 +62,4 @@ in
      };
    };
  };
-
-  systemd.services.traefik.serviceConfig.Environment = [
-    "CLOUDFLARE_DNS_API_TOKEN=gQYyG6cRw-emp_qpsUj9TrkYgoVC1v9UUtv94ozA"
-    "CLOUDFLARE_ZONE_API_TOKEN=gQYyG6cRw-emp_qpsUj9TrkYgoVC1v9UUtv94ozA"
-  ];
-
-  virtualisation.docker.enable = true;
 }