From 7ffe9399e778576a85fafed921582e0cfb58cba6 Mon Sep 17 00:00:00 2001 From: smayzy Date: Tue, 2 Sep 2025 15:49:10 +0200 Subject: [PATCH] add traefik dashboard --- hosts/desktop1/configuration.nix | 8 +++++++- hosts/server1/configuration.nix | 4 +++- modules/nix/containers/nixos/traefik.nix | 14 ++++++++++++-- modules/nix/containers/nixos/unbound.nix | 1 + 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/hosts/desktop1/configuration.nix b/hosts/desktop1/configuration.nix index a6cfe1f..4fe8d60 100644 --- a/hosts/desktop1/configuration.nix +++ b/hosts/desktop1/configuration.nix @@ -11,7 +11,9 @@ networking.bridges.br0.interfaces = [ "enp4s0" ]; networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.146"; prefixLength = 24; } ]; networking.defaultGateway = "192.168.1.254"; - networking.nameservers = [ "192.168.1.137" "192.168.1.49" ]; + networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ]; + + age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; smayzy = { desktop.enable = true; @@ -22,6 +24,10 @@ docker.enable = true; containers = { nixos = { + traefik = { + enable = true; + ip = "192.168.1.203/24"; + }; }; docker = { }; diff --git a/hosts/server1/configuration.nix b/hosts/server1/configuration.nix index b350430..ebc728d 100644 --- a/hosts/server1/configuration.nix +++ b/hosts/server1/configuration.nix @@ -11,7 +11,9 @@ networking.bridges.br0.interfaces = [ "ens18" ]; networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.197"; prefixLength = 24; } ]; networking.defaultGateway = "192.168.1.254"; - networking.nameservers = [ "192.168.1.137" "192.168.1.49" ]; + networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ]; + + age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; smayzy = { server.enable = true; diff --git a/modules/nix/containers/nixos/traefik.nix b/modules/nix/containers/nixos/traefik.nix index 4f33dc7..356ac56 100644 --- a/modules/nix/containers/nixos/traefik.nix +++ b/modules/nix/containers/nixos/traefik.nix @@ -41,7 +41,7 @@ in networking.defaultGateway = net.gateway; networking.nameservers = net.dns; - networking.firewall.allowedTCPPorts = [ 8080 80 443 880 4443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 880 4443 ]; systemd.services.traefik.serviceConfig.EnvironmentFile = [ "/run/secrets/traefik-cf-tk" @@ -55,7 +55,6 @@ in }; api = { dashboard = true; - insecure = true; }; entryPoints = { local = { @@ -75,6 +74,7 @@ in cloudflare = { acme = { email = "smayzy@smayzy.ovh"; + storage = "/var/lib/traefik/acme.json"; dnsChallenge = { provider = "cloudflare"; resolvers = [ "192.168.1.202" ]; @@ -86,6 +86,16 @@ in }; dynamicConfigOptions = { + http = { + routers = { + traefik = { + rule = "Host(`traefik.internal.smayzy.ovh`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"; + entryPoints = [ "localSec" ]; + service = "api@internal"; + tls.certResolver = "cloudflare"; + }; + }; + }; }; }; }; diff --git a/modules/nix/containers/nixos/unbound.nix b/modules/nix/containers/nixos/unbound.nix index 3f5483b..afa3235 100644 --- a/modules/nix/containers/nixos/unbound.nix +++ b/modules/nix/containers/nixos/unbound.nix @@ -41,6 +41,7 @@ in ''"npm-local.internal.smayzy.ovh. A 192.168.1.181"'' ''"npm.internal.smayzy.ovh. A 192.168.1.200"'' ''"nfs-srv1.internal.smayzy.ovh. A 192.168.1.48"'' + ''"traefik.internal.smayzy.ovh. A 192.168.1.203"'' ''"npm.internal.internal.smayzy.ovh. CNAME npm-local.internal.smayzy.ovh."'' ''"bazarr-anime.internal.smayzy.ovh. CNAME npm-local.internal.smayzy.ovh."''