add traefik dashboard

2025-09-02 15:49:10 +02:00 · 2025-09-02 15:49:10 +02:00 · 7ffe9399e7
commit 7ffe9399e7
parent fe057f88e5
4 changed files with 23 additions and 4 deletions
--- a/hosts/desktop1/configuration.nix
+++ b/hosts/desktop1/configuration.nix
@ -11,7 +11,9 @@
  networking.bridges.br0.interfaces = [ "enp4s0" ];
  networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.146"; prefixLength = 24; } ];
  networking.defaultGateway = "192.168.1.254";
-  networking.nameservers = [ "192.168.1.137" "192.168.1.49" ];
+  networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ];
+
+  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  smayzy = {
    desktop.enable = true;
@ -22,6 +24,10 @@
    docker.enable = true;
    containers = { 
      nixos = {
+        traefik = {
+          enable = true;
+          ip = "192.168.1.203/24";
+        };
      };
      docker = {
      };
--- a/hosts/server1/configuration.nix
+++ b/hosts/server1/configuration.nix
@ -11,7 +11,9 @@
  networking.bridges.br0.interfaces = [ "ens18" ];
  networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.197"; prefixLength = 24; } ];
  networking.defaultGateway = "192.168.1.254";
-  networking.nameservers = [ "192.168.1.137" "192.168.1.49" ];
+  networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ];
+
+  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  smayzy = {
    server.enable = true;
--- a/modules/nix/containers/nixos/traefik.nix
+++ b/modules/nix/containers/nixos/traefik.nix
@ -41,7 +41,7 @@ in

        networking.defaultGateway = net.gateway;
        networking.nameservers = net.dns;
-        networking.firewall.allowedTCPPorts = [ 8080 80 443 880 4443 ];
+        networking.firewall.allowedTCPPorts = [ 80 443 880 4443 ];

        systemd.services.traefik.serviceConfig.EnvironmentFile = [
          "/run/secrets/traefik-cf-tk"
@ -55,7 +55,6 @@ in
            };
            api = {
              dashboard = true;
-              insecure = true;
            };
            entryPoints = {
              local = {
@ -75,6 +74,7 @@ in
              cloudflare = {
                acme = {
                  email = "smayzy@smayzy.ovh";
+                  storage = "/var/lib/traefik/acme.json";
                  dnsChallenge = {
                    provider = "cloudflare";
                    resolvers = [ "192.168.1.202" ];
@ -86,6 +86,16 @@ in

          };
          dynamicConfigOptions = {
+            http = {
+              routers = {
+                traefik = {
+                  rule = "Host(`traefik.internal.smayzy.ovh`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))";
+                  entryPoints = [ "localSec" ];
+                  service = "api@internal";
+                  tls.certResolver = "cloudflare";
+                };
+              };
+            };
          };
        };
      };
--- a/modules/nix/containers/nixos/unbound.nix
+++ b/modules/nix/containers/nixos/unbound.nix
@ -41,6 +41,7 @@ in
                ''"npm-local.internal.smayzy.ovh. A 192.168.1.181"''
                ''"npm.internal.smayzy.ovh.       A 192.168.1.200"''
                ''"nfs-srv1.internal.smayzy.ovh.  A 192.168.1.48"''
+                ''"traefik.internal.smayzy.ovh.   A 192.168.1.203"''

                ''"npm.internal.internal.smayzy.ovh. CNAME npm-local.internal.smayzy.ovh."''
                ''"bazarr-anime.internal.smayzy.ovh. CNAME npm-local.internal.smayzy.ovh."''