add traefik dashboard

2025-09-02 15:49:10 +02:00 · 2025-09-02 15:49:10 +02:00 · 7ffe9399e7
commit 7ffe9399e7
parent fe057f88e5
4 changed files with 23 additions and 4 deletions
--- a/hosts/desktop1/configuration.nix
+++ b/hosts/desktop1/configuration.nix
@ -11,7 +11,9 @@
  networking.bridges.br0.interfaces = [ "enp4s0" ];
  networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.146"; prefixLength = 24; } ];
  networking.defaultGateway = "192.168.1.254";
-  networking.nameservers = [ "192.168.1.137" "192.168.1.49" ];
+  networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ];
  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  smayzy = {
    desktop.enable = true;
@ -22,6 +24,10 @@
    docker.enable = true;
    containers = { 
      nixos = {
        traefik = {
          enable = true;
          ip = "192.168.1.203/24";
        };
      };
      docker = {
      };
--- a/hosts/server1/configuration.nix
+++ b/hosts/server1/configuration.nix
@ -11,7 +11,9 @@
  networking.bridges.br0.interfaces = [ "ens18" ];
  networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.197"; prefixLength = 24; } ];
  networking.defaultGateway = "192.168.1.254";
-  networking.nameservers = [ "192.168.1.137" "192.168.1.49" ];
+  networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ];
  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  smayzy = {
    server.enable = true;
--- a/modules/nix/containers/nixos/traefik.nix
+++ b/modules/nix/containers/nixos/traefik.nix
@ -41,7 +41,7 @@ in
        networking.defaultGateway = net.gateway;
        networking.nameservers = net.dns;
-        networking.firewall.allowedTCPPorts = [ 8080 80 443 880 4443 ];
+        networking.firewall.allowedTCPPorts = [ 80 443 880 4443 ];
        systemd.services.traefik.serviceConfig.EnvironmentFile = [
          "/run/secrets/traefik-cf-tk"
@ -55,7 +55,6 @@ in
            };
            api = {
              dashboard = true;
              insecure = true;
            };
            entryPoints = {
              local = {
@ -75,6 +74,7 @@ in
              cloudflare = {
                acme = {
                  email = "smayzy@smayzy.ovh";
                  storage = "/var/lib/traefik/acme.json";
                  dnsChallenge = {
                    provider = "cloudflare";
                    resolvers = [ "192.168.1.202" ];
@ -86,6 +86,16 @@ in
          };
          dynamicConfigOptions = {
            http = {
              routers = {
                traefik = {
                  rule = "Host(`traefik.internal.smayzy.ovh`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))";
                  entryPoints = [ "localSec" ];
                  service = "api@internal";
                  tls.certResolver = "cloudflare";
                };
              };
            };
          };
        };
      };
--- a/modules/nix/containers/nixos/unbound.nix
+++ b/modules/nix/containers/nixos/unbound.nix
@ -41,6 +41,7 @@ in
                ''"npm-local.internal.smayzy.ovh. A 192.168.1.181"''
                ''"npm.internal.smayzy.ovh.       A 192.168.1.200"''
                ''"nfs-srv1.internal.smayzy.ovh.  A 192.168.1.48"''
                ''"traefik.internal.smayzy.ovh.   A 192.168.1.203"''
                ''"npm.internal.internal.smayzy.ovh. CNAME npm-local.internal.smayzy.ovh."''
                ''"bazarr-anime.internal.smayzy.ovh. CNAME npm-local.internal.smayzy.ovh."''