mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

re-enable traefik

Browse Source
This commit is contained in:
mjallen18
2025-04-21 12:09:08 -05:00
parent 353f3d6d57
commit 3b9397bee8
4 changed files with 38 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/nas/apps.nix
View File

@@ -3,7 +3,7 @@
imports = [ imports = [
./apps/actual ./apps/actual
./apps/arrs ./apps/arrs
# ./apps/crowdsec ./apps/crowdsec
./apps/gitea ./apps/gitea
./apps/jellyfin ./apps/jellyfin
./apps/jellyseerr ./apps/jellyseerr

33
hosts/nas/apps/traefik/default.nix
View File

@@ -85,6 +85,15 @@ in
api.dashboard = true; api.dashboard = true;
# Access the Traefik dashboard on <Traefik IP>:8080 of your server # Access the Traefik dashboard on <Traefik IP>:8080 of your server
api.insecure = true; api.insecure = true;
experimental = {
plugins = {
bouncer = {
moduleName = "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin";
version = "v1.4.2";
};
};
};
}; };
dynamicConfigOptions = { dynamicConfigOptions = {
@@ -115,6 +124,17 @@ in
X-Forwarded-Proto = "https"; X-Forwarded-Proto = "https";
}; };
}; };
crowdsec = {
plugin = {
bouncer = {
crowdsecAppsecEnabled = true;
crowdsecAppsecHost = "10.0.1.18:7422";
crowdsecAppsecFailureBlock = true;
crowdsecAppsecUnreachableBlock = true;
crowdsecLapiKey = "1daH89qmJ41r2Lpd9hvDw4sxtOAtBzaj3aKFOFqE";
};
};
};
# test-errors = { # test-errors = {
# errors = { # errors = {
# status = [ # status = [
@@ -196,6 +216,7 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)"; rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth"; service = "auth";
middlewares = [ "crowdsec" ];
priority = 15; priority = 15;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -203,50 +224,56 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)"; rule = "Host(`authentik.${domain}`)";
service = "authentik"; service = "authentik";
middlewares = [ "crowdsec" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
onlyoffice = { onlyoffice = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)"; rule = "Host(`office.${domain}`)";
service = "onlyoffice"; service = "onlyoffice";
middlewares = "onlyoffice-websocket"; middlewares = [ "crowdsec" "onlyoffice-websocket" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
cloud = { cloud = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)"; rule = "Host(`cloud.${domain}`)";
service = "cloud"; service = "cloud";
middlewares = [ "crowdsec" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyfin = { jellyfin = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)"; rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin"; service = "jellyfin";
middlewares = [ "crowdsec" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyseerr = { jellyseerr = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)"; rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr"; service = "jellyseerr";
middlewares = [ "crowdsec" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
gitea = { gitea = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)"; rule = "Host(`gitea.${domain}`)";
service = "gitea"; service = "gitea";
middlewares = [ "crowdsec" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
actual = { actual = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)"; rule = "Host(`actual.${domain}`)";
service = "actual"; service = "actual";
middlewares = [ "crowdsec" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
hass = { hass = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)"; rule = "Host(`hass.${domain}`)";
service = "hass"; service = "hass";
middlewares = "authentik"; middlewares = [ "crowdsec" "authentik" ];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -262,7 +289,7 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)"; rule = "Host(`cache.${domain}`)";
service = "cache"; service = "cache";
middlewares = "authentik"; middlewares = [ "crowdsec" "authentik" ];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };

6
hosts/nas/impermanence.nix
View File

@@ -46,6 +46,12 @@
group = "crowdsec"; group = "crowdsec";
mode = "u=rwx,g=rwx,o=rx"; mode = "u=rwx,g=rwx,o=rx";
} }
{
directory = "/plugins-storage";
user = "traefik";
group = "traefik";
mode = "u=rwx,g=rwx,o=rx";
}
]; ];
files = [ files = [
"/var/cache-priv-key.pem" "/var/cache-priv-key.pem"

1
hosts/nas/networking.nix
View File

@@ -17,6 +17,7 @@ let
4080 # netbootxyz 4080 # netbootxyz
3000 # gitea 3000 # gitea
3300 3300
9898
]; ];
in in
{ {