mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-06-13 10:44:00 -05:00
parent ab2a1e000c
commit 888167afc2
18 changed files with 958 additions and 563 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
hosts/nas/apps/traefik/default.nix
View File

@@ -1,25 +1,24 @@
{ config, ... }:
let
domain = "mjallen.dev";
serverIp = "10.0.1.18";
# Forward services
authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io";
authentikUrl = "http://10.0.1.18:9000";
onlyofficeUrl = "http://10.0.2.18:9980";
cloudUrl = "http://10.0.2.18:80";
jellyfinUrl = "http://10.0.1.18:8096";
jellyseerrUrl = "http://10.0.1.52:5055";
hassUrl = "http://homeassistant.local:8123";
openWebUIUrl = "http://10.0.1.18:8888";
paperlessUrl = "http://10.0.1.20:28981";
cacheUrl = "http://10.0.1.18:5000";
giteaUrl = "http://10.0.4.18:3000";
actualUrl = "http://10.0.3.18:3333";
lubeloggerUrl = "http://10.0.1.18:6754";
immichUrl = "http://10.0.1.18:2283";
authUrl = "http://${serverIp}:9000/outpost.goauthentik.io";
# internal services
codeUrl = "http://10.0.1.18:4444";
actualUrl = "http://${config.containers.actual.localAddress}:${toString config.containers.actual.config.services.actual.settings.port}";
authentikUrl = "http://${serverIp}:9000";
cacheUrl = "http://${serverIp}:${toString config.services.nix-serve.port}";
cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
giteaUrl = "http://${config.containers.gitea.localAddress}:${toString config.containers.gitea.config.services.gitea.settings.server.SSH_PORT}";
hassUrl = "http://homeassistant.local:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://${config.containers.jellyseerr.localAddress}:${toString config.containers.jellyseerr.config.services.jellyseerr.port}";
lubeloggerUrl = "http://${serverIp}:6754";
onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}";
openWebUIUrl = "http://${serverIp}:8888";
paperlessUrl = "http://${config.containers.paperless.localAddress}:${toString config.containers.paperless.config.services.paperless.port}";
# Plugins
traefikPlugins = {
@@ -33,7 +32,7 @@ let
};
};
crowdsecAppsecHost = "10.0.1.18:7422";
crowdsecAppsecHost = "${serverIp}:7422";
crowdsecLapiKeyFile = config.sops.secrets."jallen-nas/traefik/crowdsec-lapi-key".path;
# Ports
@@ -52,8 +51,7 @@ let
# misc
letsEncryptEmail = "jalle008@proton.me";
dataDir = "/media/nas/ssd/nix-app-data/traefik";
authentikAddress = "http://10.0.1.18:9000/outpost.goauthentik.io/auth/traefik";
group = [ config.users.users.nix-apps.group.name ];
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in
{
sops = {
@@ -228,14 +226,25 @@ in
url = authUrl;
}
];
actual.loadBalancer.servers = [
{
url = actualUrl;
}
];
authentik.loadBalancer.servers = [
{
url = authentikUrl;
}
];
onlyoffice.loadBalancer.servers = [
cache.loadBalancer.servers = [
{
url = onlyofficeUrl;
url = cacheUrl;
}
];
chat.loadBalancer.servers = [
{
url = openWebUIUrl;
}
];
cloud.loadBalancer.servers = [
@@ -243,6 +252,21 @@ in
url = cloudUrl;
}
];
gitea.loadBalancer.servers = [
{
url = giteaUrl;
}
];
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
immich.loadBalancer.servers = [
{
url = immichUrl;
}
];
jellyfin.loadBalancer.servers = [
{
url = jellyfinUrl;
@@ -253,51 +277,19 @@ in
url = jellyseerrUrl;
}
];
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
chat.loadBalancer.servers = [
{
url = openWebUIUrl;
}
];
cache.loadBalancer.servers = [
{
url = cacheUrl;
}
];
paperless.loadBalancer.servers = [
{
url = paperlessUrl;
}
];
gitea.loadBalancer.servers = [
{
url = giteaUrl;
}
];
actual.loadBalancer.servers = [
{
url = actualUrl;
}
];
lubelogger.loadBalancer.servers = [
{
url = lubeloggerUrl;
}
];
immich.loadBalancer.servers = [
onlyoffice.loadBalancer.servers = [
{
url = immichUrl;
url = onlyofficeUrl;
}
];
# internal services
code.loadBalancer.servers = [
paperless.loadBalancer.servers = [
{
url = codeUrl;
url = paperlessUrl;
}
];
};
@@ -311,6 +303,14 @@ in
priority = 15;
tls.certResolver = "letsencrypt";
};
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
@@ -318,11 +318,12 @@ in
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
cloud = {
@@ -332,6 +333,28 @@ in
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
immich = {
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
@@ -346,36 +369,6 @@ in
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
@@ -383,20 +376,11 @@ in
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
immich = {
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
# internal services
code = {
entryPoints = [ "websecure" ];
rule = "Host(`code.${domain}`)";
service = "code";
middlewares = [ "internal-ipallowlist" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
tls.certResolver = "letsencrypt";
};
};