system/machines/magenta/services/traefik.nix

{ config, lib, ... }:

let
  traefikCfg = config.services.traefik;

  magentaData = import ../data.secret.nix;
in
{
  networking.firewall.allowedTCPPorts = [ 80 443 8080 ];

  age.secrets.traefik-dashboard-basicauth-users = {
    file = ../../../secrets/traefik-dashboard-basicauth-users.age;
    owner = "traefik";
    inherit (traefikCfg) group;
  };

  users.groups.docker.members = [ "traefik" ];

  services.traefik = {
    enable = true;
    staticConfigOptions = {
      entryPoints = {
        http = {
          address = ":80";
          http.redirections.entryPoint = {
            to = "https";
            scheme = "https";
          };
        };
        https.address = ":443";
        dashboard.address = ":8080";
      };
      api = { };
      log = { };
      accessLog = { };
      certificatesResolvers.le.acme = {
        storage = "${traefikCfg.dataDir}/acme.json";
        email = "dmitriy@pleshevski.ru";
        tlschallenge = true;
      };
      providers.docker = {
        network = "rp_public";
        constraints = "Label(`traefik.constraint-label`, `${config.networking.hostName}_public`)";
        exposedByDefault = false;
        swarmMode = true;
      };
    };
    dynamicConfigOptions.http = {
      routers.to_traefik_dashboard = {
        rule = "Host(`${magentaData.addr}`)";
        entryPoints = [ "dashboard" ];
        middlewares = [ "traefik_dashboard_auth" ];
        service = "api@internal";
      };
      middlewares = {
        traefik_dashboard_auth.basicAuth = {
          usersFile = config.age.secrets.traefik-dashboard-basicauth-users.path;
        };
      };
    };
  };

}
machines/magenta: add woodpecker ci service 2023-03-09 14:15:44 +03:00			`{ config, lib, ... }:`
machines/magenta: add traefik 2023-03-04 23:22:03 +03:00
			`let`
			`traefikCfg = config.services.traefik;`

			`magentaData = import ../data.secret.nix;`
			`in`
			`{`
			`networking.firewall.allowedTCPPorts = [ 80 443 8080 ];`

			`age.secrets.traefik-dashboard-basicauth-users = {`
			`file = ../../../secrets/traefik-dashboard-basicauth-users.age;`
			`owner = "traefik";`
			`inherit (traefikCfg) group;`
			`};`

machines/magenta: add woodpecker ci service 2023-03-09 14:15:44 +03:00			`users.groups.docker.members = [ "traefik" ];`

machines/magenta: add traefik 2023-03-04 23:22:03 +03:00			`services.traefik = {`
			`enable = true;`
			`staticConfigOptions = {`
			`entryPoints = {`
machines/magenta: use entrypoint configuration to https redirection 2023-03-05 16:09:24 +03:00			`http = {`
			`address = ":80";`
			`http.redirections.entryPoint = {`
			`to = "https";`
			`scheme = "https";`
			`};`
			`};`
machines/magenta: add traefik 2023-03-04 23:22:03 +03:00			`https.address = ":443";`
			`dashboard.address = ":8080";`
			`};`
			`api = { };`
			`log = { };`
			`accessLog = { };`
			`certificatesResolvers.le.acme = {`
			`storage = "${traefikCfg.dataDir}/acme.json";`
			`email = "dmitriy@pleshevski.ru";`
			`tlschallenge = true;`
			`};`
machines/magenta: add woodpecker ci service 2023-03-09 14:15:44 +03:00			`providers.docker = {`
			`network = "rp_public";`
			constraints = "Label(`traefik.constraint-label`, `${config.networking.hostName}_public`)";
			`exposedByDefault = false;`
			`swarmMode = true;`
			`};`
machines/magenta: add traefik 2023-03-04 23:22:03 +03:00			`};`
machines/magenta: add woodpecker ci service 2023-03-09 14:15:44 +03:00			`dynamicConfigOptions.http = {`
			`routers.to_traefik_dashboard = {`
			rule = "Host(`${magentaData.addr}`)";
			`entryPoints = [ "dashboard" ];`
			`middlewares = [ "traefik_dashboard_auth" ];`
			`service = "api@internal";`
			`};`
			`middlewares = {`
			`traefik_dashboard_auth.basicAuth = {`
			`usersFile = config.age.secrets.traefik-dashboard-basicauth-users.path;`
machines/magenta: add traefik 2023-03-04 23:22:03 +03:00			`};`
			`};`
			`};`
			`};`
machines/magenta: add woodpecker ci service 2023-03-09 14:15:44 +03:00
machines/magenta: add traefik 2023-03-04 23:22:03 +03:00			`}`