updates and formatting
This commit is contained in:
mjallen18
@@ -2,36 +2,36 @@
|
||||
let
|
||||
domain = "mjallen.dev";
|
||||
|
||||
authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io";
|
||||
authentikUrl = "http://10.0.1.18:9000";
|
||||
collaboraUrl = "http://10.0.1.18:9980";
|
||||
cloudUrl = "http://10.0.2.18:80";
|
||||
jellyfinUrl = "http://10.0.1.18:8096";
|
||||
authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io";
|
||||
authentikUrl = "http://10.0.1.18:9000";
|
||||
collaboraUrl = "http://10.0.1.18:9980";
|
||||
cloudUrl = "http://10.0.2.18:80";
|
||||
jellyfinUrl = "http://10.0.1.18:8096";
|
||||
jellyseerrUrl = "http://10.0.1.52:5055";
|
||||
hassUrl = "http://10.0.1.183:8123";
|
||||
openWebUIUrl = "http://10.0.1.18:8888";
|
||||
paperlessUrl = "http://10.0.1.20:28981";
|
||||
hassUrl = "http://10.0.1.183:8123";
|
||||
openWebUIUrl = "http://10.0.1.18:8888";
|
||||
paperlessUrl = "http://10.0.1.20:28981";
|
||||
in
|
||||
{
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
8080
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
80
|
||||
443
|
||||
8080
|
||||
];
|
||||
};
|
||||
|
||||
allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
8080
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
80
|
||||
443
|
||||
8080
|
||||
];
|
||||
};
|
||||
|
||||
services.traefik = {
|
||||
enable = true;
|
||||
dataDir = "/media/nas/ssd/nix-app-data/traefik";
|
||||
group = "jallen-nas";
|
||||
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
|
||||
|
||||
|
||||
staticConfigOptions = {
|
||||
entryPoints = {
|
||||
web = {
|
||||
@@ -102,7 +102,7 @@ in
|
||||
# "503"
|
||||
# "505-599"
|
||||
# ];
|
||||
# service =
|
||||
# service =
|
||||
# };
|
||||
# }
|
||||
};
|
||||
@@ -157,44 +157,44 @@ in
|
||||
|
||||
routers = {
|
||||
auth = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
|
||||
service = "auth";
|
||||
priority = 15;
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
authentik = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`authentik.${domain}`)";
|
||||
service = "authentik";
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
collabora = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`office.${domain}`)";
|
||||
service = "collabora";
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
cloud = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`cloud.${domain}`)";
|
||||
service = "cloud";
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
jellyfin = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`jellyfin.${domain}`)";
|
||||
service = "jellyfin";
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
jellyseerr = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`jellyseerr.${domain}`)";
|
||||
service = "jellyseerr";
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
hass = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`hass.${domain}`)";
|
||||
service = "hass";
|
||||
middlewares = "authentik";
|
||||
@@ -202,7 +202,7 @@ in
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
open-webui = {
|
||||
entryPoints = ["websecure"];
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`chat.${domain}`)";
|
||||
service = "chat";
|
||||
# middlewares = [ "authentik" ];
|
||||
@@ -220,4 +220,4 @@ in
|
||||
};
|
||||
};
|
||||
# todo: fail2ban/etc
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user