nixos/roles/traefik.nix

{ config, ... }:

{
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      providers = {
        docker = { };
      };
      entryPoints = {
        web = {
          address = ":80";
          asDefault = true;
          http.redirections.entrypoint = {
            to = "websecure";
            scheme = "https";
          };
        };

        websecure = {
          address = ":443";
          asDefault = true;
          http.tls.certResolver = "letsencrypt";
        };
      };

      certificatesResolvers.letsencrypt.acme = {
        email = "nolan@thewordnerd.info";
        storage = "${config.services.traefik.dataDir}/acme.json";
        httpChallenge.entryPoint = "web";
      };
    };
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
  users.users.traefik.extraGroups = [ "podman" ];
}
Initial commit. 2024-12-18 18:19:37 -06:00			`{ config, ... }:`

			`{`
			`services.traefik = {`
			`enable = true;`
			`staticConfigOptions = {`
			`providers = {`
			`docker = { };`
			`};`
			`entryPoints = {`
			`web = {`
			`address = ":80";`
			`asDefault = true;`
			`http.redirections.entrypoint = {`
			`to = "websecure";`
			`scheme = "https";`
			`};`
			`};`

			`websecure = {`
			`address = ":443";`
			`asDefault = true;`
			`http.tls.certResolver = "letsencrypt";`
			`};`
			`};`

			`certificatesResolvers.letsencrypt.acme = {`
			`email = "nolan@thewordnerd.info";`
			`storage = "${config.services.traefik.dataDir}/acme.json";`
			`httpChallenge.entryPoint = "web";`
			`};`
			`};`
			`};`
			`networking.firewall.allowedTCPPorts = [`
			`80`
			`443`
			`];`
			`users.users.traefik.extraGroups = [ "podman" ];`
			`}`