40 lines
844 B
Nix
40 lines
844 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
services.traefik = {
|
|
enable = true;
|
|
staticConfigOptions = {
|
|
providers = {
|
|
docker = { };
|
|
};
|
|
entryPoints = {
|
|
web = {
|
|
address = ":80";
|
|
asDefault = true;
|
|
http.redirections.entrypoint = {
|
|
to = "websecure";
|
|
scheme = "https";
|
|
};
|
|
};
|
|
|
|
websecure = {
|
|
address = ":443";
|
|
asDefault = true;
|
|
http.tls.certResolver = "letsencrypt";
|
|
};
|
|
};
|
|
|
|
certificatesResolvers.letsencrypt.acme = {
|
|
email = "nolan@thewordnerd.info";
|
|
storage = "${config.services.traefik.dataDir}/acme.json";
|
|
httpChallenge.entryPoint = "web";
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
users.users.traefik.extraGroups = [ "podman" ];
|
|
}
|