reverse proxy stuff

modules/nixos/services/traefik/default.nix

@@ -8,6 +8,48 @@ with lib;
 let
   cfg = config.${namespace}.services.traefik;
 
+  # Process extraServices into service configurations
+  extraServiceConfigs = 
+    let
+      makeService = service: nameValuePair service.name {
+        loadBalancer.servers = [
+          {
+            url = service.url;
+          }
+        ];
+      };
+    in
+    listToAttrs (map makeService cfg.extraServices);
+
+  # Process extraRouters into router configurations
+  extraRouterConfigs = 
+    let
+      makeRouter = router: nameValuePair router.subdomain {
+        entryPoints = router.entryPoints;
+        rule = "Host(`${router.subdomain}.${domain}`)";
+        service = router.service;
+        middlewares = router.middlewares ++ [
+          "crowdsec"
+          "whitelist-geoblock"
+        ];
+        tls.certResolver = "letsencrypt";
+      };
+    in
+    listToAttrs (map makeRouter cfg.extraRouters);
+
+  # Process reverseProxies into service and router configurations
+  reverseProxyServiceConfigs = 
+    let
+      makeService = reverseProxy: nameValuePair reverseProxy.service.name reverseProxy.service.config;
+    in
+    listToAttrs (map makeService cfg.reverseProxies);
+
+  reverseProxyRouterConfigs = 
+    let
+      makeRouter = reverseProxy: nameValuePair reverseProxy.router.subdomain reverseProxy.router.config;
+    in
+    listToAttrs (map makeRouter cfg.reverseProxies);
+
   domain = "mjallen.dev";
   serverIp = "10.0.1.3";
 
@@ -318,7 +360,7 @@ in
                 url = paperlessUrl;
               }
             ];
-          };
+          } // extraServiceConfigs // reverseProxyServiceConfigs;
 
           routers = {
             auth = {
@@ -447,7 +489,7 @@ in
               ];
               tls.certResolver = "letsencrypt";
             };
-          };
+          } // extraRouterConfigs // reverseProxyRouterConfigs;
         };
       };
     };