mdlayher-homelab/nixos/routnerr-2/traefik.nix

{ ... }:

let
  secrets = import ./lib/secrets.nix;
  vars = import ./lib/vars.nix;

in {
  services.traefik = {
    enable = true;

    staticConfigOptions = {
      certificatesResolvers.letsencrypt.acme = {
        email = "mdlayher@gmail.com";
        storage = "/var/lib/traefik/acme.json";
        httpChallenge.entryPoint = "http";
      };

      entryPoints = {
        # External entry points.
        http = {
          address = ":80";
          http.redirections.entryPoint = {
            to = "https";
            scheme = "https";
          };
        };
        https.address = ":443";
      };
    };

    dynamicConfigOptions = {
      http = {
        routers = {
          alertmanager = {
            rule = "Host(`alertmanager.servnerr.com`)";
            middlewares = [ "alertmanager" ];
            service = "alertmanager";
            tls.certResolver = "letsencrypt";
          };

          grafana = {
            rule = "Host(`grafana.servnerr.com`)";
            service = "grafana";
            tls.certResolver = "letsencrypt";
          };

          hass = {
            rule = "Host(`hass.servnerr.com`)";
            service = "hass";
            tls.certResolver = "letsencrypt";
          };

          plex = {
            rule = "Host(`plex.servnerr.com`)";
            service = "plex";
            tls.certResolver = "letsencrypt";
          };

          prometheus = {
            rule = "Host(`prometheus.servnerr.com`)";
            middlewares = [ "prometheus" ];
            service = "prometheus";
            tls.certResolver = "letsencrypt";
          };
        };

        middlewares = {
          alertmanager.basicAuth.users =
            [ "${secrets.traefik.alertmanager_auth}" ];
          prometheus.basicAuth.users = [ "${secrets.traefik.prometheus_auth}" ];
        };

        services = {
          alertmanager.loadBalancer.servers =
            [{ url = "http://servnerr-3.${vars.domain}:9093"; }];
          grafana.loadBalancer.servers =
            [{ url = "http://servnerr-3.${vars.domain}:3000"; }];
          hass.loadBalancer.servers =
            [{ url = "http://servnerr-3.${vars.domain}:8123"; }];
          plex.loadBalancer.servers =
            [{ url = "http://servnerr-3.${vars.domain}:32400"; }];
          prometheus.loadBalancer.servers =
            [{ url = "http://servnerr-3.${vars.domain}:9090"; }];
        };
      };
    };
  };
}
nixos/routnerr-2: apply nix-linter fixes 2020-04-27 18:27:17 +00:00			`{ ... }:`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
			`let`
nixos/lib: set matt password hash, force immutable users 2020-04-28 13:05:51 +00:00			`secrets = import ./lib/secrets.nix;`
nixos/lib: move vars, add lan0 subnets 2020-04-28 13:22:01 +00:00			`vars = import ./lib/vars.nix;`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
			`in {`
			`services.traefik = {`
			`enable = true;`

nixos/routnerr-2: first pass at NixOS 20.09 upgrade Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-27 21:02:48 +00:00			`staticConfigOptions = {`
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`certificatesResolvers.letsencrypt.acme = {`
			`email = "mdlayher@gmail.com";`
			`storage = "/var/lib/traefik/acme.json";`
			`httpChallenge.entryPoint = "http";`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
			`entryPoints = {`
			`# External entry points.`
			`http = {`
			`address = ":80";`
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`http.redirections.entryPoint = {`
			`to = "https";`
			`scheme = "https";`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00			`};`
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`https.address = ":443";`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00			`};`
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`dynamicConfigOptions = {`
			`http = {`
			`routers = {`
			`alertmanager = {`
			rule = "Host(`alertmanager.servnerr.com`)";
			`middlewares = [ "alertmanager" ];`
			`service = "alertmanager";`
			`tls.certResolver = "letsencrypt";`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`grafana = {`
			rule = "Host(`grafana.servnerr.com`)";
			`service = "grafana";`
			`tls.certResolver = "letsencrypt";`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
nixos/routnerr-2: add hass traefik configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2021-05-09 15:35:22 +00:00			`hass = {`
			rule = "Host(`hass.servnerr.com`)";
			`service = "hass";`
			`tls.certResolver = "letsencrypt";`
			`};`

nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`plex = {`
			rule = "Host(`plex.servnerr.com`)";
			`service = "plex";`
			`tls.certResolver = "letsencrypt";`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`prometheus = {`
			rule = "Host(`prometheus.servnerr.com`)";
			`middlewares = [ "prometheus" ];`
			`service = "prometheus";`
			`tls.certResolver = "letsencrypt";`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00			`};`

nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`middlewares = {`
			`alertmanager.basicAuth.users =`
			`[ "${secrets.traefik.alertmanager_auth}" ];`
			`prometheus.basicAuth.users = [ "${secrets.traefik.prometheus_auth}" ];`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`services = {`
			`alertmanager.loadBalancer.servers =`
			`[{ url = "http://servnerr-3.${vars.domain}:9093"; }];`
			`grafana.loadBalancer.servers =`
			`[{ url = "http://servnerr-3.${vars.domain}:3000"; }];`
nixos/routnerr-2: add hass traefik configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2021-05-09 15:35:22 +00:00			`hass.loadBalancer.servers =`
			`[{ url = "http://servnerr-3.${vars.domain}:8123"; }];`
nixos/routnerr-2: migrate to traefik 2 configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-10-28 16:31:18 +00:00			`plex.loadBalancer.servers =`
			`[{ url = "http://servnerr-3.${vars.domain}:32400"; }];`
			`prometheus.loadBalancer.servers =`
			`[{ url = "http://servnerr-3.${vars.domain}:9090"; }];`
			`};`
nixos: move traefik configs to router 2020-01-23 19:47:42 +00:00			`};`
			`};`
			`};`
			`}`