2023-02-26 22:49:16 +01:00
|
|
|
{
|
2023-03-02 17:14:11 +01:00
|
|
|
services = {
|
2023-02-26 22:49:16 +01:00
|
|
|
traefik = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
staticConfigOptions = {
|
|
|
|
entryPoints = {
|
|
|
|
http = {
|
|
|
|
address = ":80";
|
|
|
|
http.redirections.entryPoint = {
|
|
|
|
to = "https";
|
|
|
|
scheme = "https";
|
|
|
|
permanent = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
https.address = ":443";
|
|
|
|
};
|
|
|
|
providers = {
|
2023-08-25 23:23:54 +02:00
|
|
|
# TODO: adjust for podman
|
2023-02-26 22:49:16 +01:00
|
|
|
docker = {
|
|
|
|
endpoint = "unix:///var/run/docker.sock";
|
|
|
|
exposedByDefault = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
api = {
|
|
|
|
dashboard = true;
|
|
|
|
insecure = false;
|
|
|
|
debug = false;
|
|
|
|
};
|
|
|
|
log.level = "INFO";
|
|
|
|
accessLog = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
dynamicConfigOptions = {
|
|
|
|
tls.options.default.minVersion = "VersionTLS13";
|
|
|
|
tls.stores.default.defaultCertificate = {
|
|
|
|
# this would be an impurity, since it's generated inside the flake
|
|
|
|
# via mkcert, another reason why it's deactivated as of now
|
|
|
|
certFile = builtins.toString ../certs/local.crt;
|
|
|
|
keyFile = builtins.toString ../certs/local.key;
|
|
|
|
};
|
|
|
|
http.routers.traefik = {
|
|
|
|
entryPoints = ["http" "https"];
|
|
|
|
rule = "Host(`traefik.this.test`)";
|
|
|
|
tls = true;
|
|
|
|
service = "api@internal";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|