Initial commit.

roles/traefik.nix

@@ -0,0 +1,39 @@
+{ config, ... }:
+
+{
+  services.traefik = {
+    enable = true;
+    staticConfigOptions = {
+      providers = {
+        docker = { };
+      };
+      entryPoints = {
+        web = {
+          address = ":80";
+          asDefault = true;
+          http.redirections.entrypoint = {
+            to = "websecure";
+            scheme = "https";
+          };
+        };
+
+        websecure = {
+          address = ":443";
+          asDefault = true;
+          http.tls.certResolver = "letsencrypt";
+        };
+      };
+
+      certificatesResolvers.letsencrypt.acme = {
+        email = "nolan@thewordnerd.info";
+        storage = "${config.services.traefik.dataDir}/acme.json";
+        httpChallenge.entryPoint = "web";
+      };
+    };
+  };
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+  users.users.traefik.extraGroups = [ "podman" ];
+}