stuff lol

2024-12-29 17:30:45 -06:00
parent 161dc2d411
commit 886f1e979b
13 changed files with 302 additions and 391 deletions
--- a/hosts/nas/apps/traefik/default.nix
+++ b/hosts/nas/apps/traefik/default.nix
@@ -1,15 +1,15 @@
 { config, ... }:
 let
-  traefikDataDir = "/var/lib/traefik";
-  traefikUserId = config.users.users.nix-apps.uid;
-  traefikGroupId = config.users.groups.jallen-nas.gid;
  domain = "mjallen.dev";

+  authUrl       = "http://10.0.1.18:9000/outpost.goauthentik.io";
  authentikUrl  = "http://10.0.1.18:9000";
  collaboraUrl  = "http://10.0.1.18:9980";
  cloudUrl      = "http://10.0.2.18:80";
  jellyfinUrl   = "http://10.0.1.18:8096";
-  jellyseerrUrl = "http://10.0.1.18:5055";
+  jellyseerrUrl = "http://10.0.1.52:5055";
+  hassUrl       = "http://10.0.1.183:8123";
+  openWebUIUrl  = "http://10.0.1.18:8888";
 in
 {
  networking.firewall = {
@@ -67,7 +67,7 @@ in

      api.dashboard = true;
      # Access the Traefik dashboard on <Traefik IP>:8080 of your server
-      # api.insecure = true;
+      api.insecure = true;
    };

    dynamicConfigOptions = {
@@ -76,7 +76,7 @@ in
          authentik = {
            forwardAuth = {
              tls.insecureSkipVerify = true;
-              address = "https://authentik.${domain}/outpost.goauthentik.io/auth/traefik";
+              address = "http://10.0.1.18:9000/outpost.goauthentik.io/auth/traefik";
              trustForwardHeader = true;
              authResponseHeaders = [
                "X-authentik-username"
@@ -93,9 +93,25 @@ in
              ];
            };
          };
+          # test-errors = {
+          #   errors = {
+          #     status = [
+          #       "500"
+          #       "501"
+          #       "503"
+          #       "505-599"
+          #     ];
+          #     service = 
+          #   };
+          # }
        };

        services = {
+          auth.loadBalancer.servers = [
+            {
+              url = authUrl;
+            }
+          ];
          authentik.loadBalancer.servers = [
            {
              url = authentikUrl;
@@ -121,9 +137,26 @@ in
              url = jellyseerrUrl;
            }
          ];
+          hass.loadBalancer.servers = [
+            {
+              url = hassUrl;
+            }
+          ];
+          chat.loadBalancer.servers = [
+            {
+              url = openWebUIUrl;
+            }
+          ];
        };

        routers = {
+          auth = {
+            entryPoints = ["websecure"];
+            rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
+            service = "auth";
+            priority = 15;
+            tls.certResolver = "letsencrypt";
+          };
          authentik = {
            entryPoints = ["websecure"];
            rule = "Host(`authentik.${domain}`)";
@@ -154,6 +187,22 @@ in
            service = "jellyseerr";
            tls.certResolver = "letsencrypt";
          };
+          hass = {
+            entryPoints = ["websecure"];
+            rule = "Host(`hass.${domain}`)";
+            service = "hass";
+            middlewares = "authentik";
+            priority = 10;
+            tls.certResolver = "letsencrypt";
+          };
+          open-webui = {
+            entryPoints = ["websecure"];
+            rule = "Host(`chat.${domain}`)";
+            service = "chat";
+            # middlewares = [ "authentik" ];
+            priority = 10;
+            tls.certResolver = "letsencrypt";
+          };
        };
      };
    };