mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

traefik geoblock

Browse Source
This commit is contained in:
mjallen18
2025-04-21 14:12:29 -05:00
parent 3b9397bee8
commit f313a6d32d
1 changed files with 38 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
hosts/nas/apps/traefik/default.nix
View File

@@ -92,6 +92,10 @@ in
moduleName = "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"; moduleName = "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin";
version = "v1.4.2"; version = "v1.4.2";
}; };
geoblock = {
moduleName = "github.com/PascalMinder/geoblock";
version = "v0.2.5";
};
}; };
}; };
}; };
@@ -135,17 +139,28 @@ in
}; };
}; };
}; };
# test-errors = { whitelist-geoblock = {
# errors = { plugin = {
# status = [ geoblock = {
# "500" silentStartUp = false;
# "501" allowLocalRequests = true;
# "503" logLocalRequests = false;
# "505-599" logAllowedRequests = false;
# ]; logApiRequests = false;
# service = api = "https://get.geojs.io/v1/ip/country/{ip}";
# }; apiTimeoutMs = 500;
# } cacheSize = 25;
forceMonthlyUpdate = true;
allowUnknownCountries = false;
unknownCountryApiResponse = "nil";
blackListMode = false;
countries = [
"CA"
"US"
];
};
};
};
}; };
services = { services = {
@@ -216,7 +231,7 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)"; rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth"; service = "auth";
middlewares = [ "crowdsec" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 15; priority = 15;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -224,56 +239,56 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)"; rule = "Host(`authentik.${domain}`)";
service = "authentik"; service = "authentik";
middlewares = [ "crowdsec" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
onlyoffice = { onlyoffice = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)"; rule = "Host(`office.${domain}`)";
service = "onlyoffice"; service = "onlyoffice";
middlewares = [ "crowdsec" "onlyoffice-websocket" ]; middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
cloud = { cloud = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)"; rule = "Host(`cloud.${domain}`)";
service = "cloud"; service = "cloud";
middlewares = [ "crowdsec" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyfin = { jellyfin = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)"; rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin"; service = "jellyfin";
middlewares = [ "crowdsec" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyseerr = { jellyseerr = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)"; rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr"; service = "jellyseerr";
middlewares = [ "crowdsec" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
gitea = { gitea = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)"; rule = "Host(`gitea.${domain}`)";
service = "gitea"; service = "gitea";
middlewares = [ "crowdsec" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
actual = { actual = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)"; rule = "Host(`actual.${domain}`)";
service = "actual"; service = "actual";
middlewares = [ "crowdsec" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
hass = { hass = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)"; rule = "Host(`hass.${domain}`)";
service = "hass"; service = "hass";
middlewares = [ "crowdsec" "authentik" ]; middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -281,7 +296,7 @@ in
# entryPoints = [ "websecure" ]; # entryPoints = [ "websecure" ];
# rule = "Host(`chat.${domain}`)"; # rule = "Host(`chat.${domain}`)";
# service = "chat"; # service = "chat";
# # middlewares = [ "authentik" ]; # middlewares = [ "authentik" "whitelist-geoblock" ];
# priority = 10; # priority = 10;
# tls.certResolver = "letsencrypt"; # tls.certResolver = "letsencrypt";
# }; # };
@@ -289,7 +304,7 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)"; rule = "Host(`cache.${domain}`)";
service = "cache"; service = "cache";
middlewares = [ "crowdsec" "authentik" ]; middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -297,11 +312,11 @@ in
# entryPoints = ["websecure"]; # entryPoints = ["websecure"];
# rule = "Host(`paperless.${domain}`)"; # rule = "Host(`paperless.${domain}`)";
# service = "paperless"; # service = "paperless";
# middlewares = [ "crowdsec" "whitelist-geoblock" ];
# tls.certResolver = "letsencrypt"; # tls.certResolver = "letsencrypt";
# }; # };
}; };
}; };
}; };
}; };
# todo: fail2ban/etc
} }