73 lines
1.6 KiB
Nix
73 lines
1.6 KiB
Nix
# NOTE: environment file at: `/etc/traefik-env` with mode 600
|
|
# content (for Cloudflare API):
|
|
# CF_API_EMAIL=your-email@example.com
|
|
# CF_DNS_API_TOKEN=your-cloudflare-api-token
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
services.traefik = {
|
|
enable = true;
|
|
|
|
dynamic.dir = "/var/lib/traefik/dynamic";
|
|
|
|
static.settings = {
|
|
providers.docker = {
|
|
endpoint = "unix:///var/run/docker.sock";
|
|
exposedByDefault = false;
|
|
network = "podman";
|
|
};
|
|
entrypoints = {
|
|
web = {
|
|
address = ":80";
|
|
http.redirections.entrypoint = {
|
|
to = "websecure";
|
|
scheme = "https";
|
|
permanent = true;
|
|
};
|
|
};
|
|
websecure = {
|
|
address = ":443";
|
|
transport.respondingTimeouts.readTimeout = "0s";
|
|
};
|
|
};
|
|
|
|
certificatesResolvers.cloudflare = {
|
|
acme = {
|
|
email = "cloudflare@yanlincs.com";
|
|
storage = "/var/lib/traefik/acme.json";
|
|
dnsChallenge = {
|
|
provider = "cloudflare";
|
|
delayBeforeCheck = 60;
|
|
resolvers = [
|
|
"1.1.1.1:53"
|
|
"8.8.8.8:53"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
api = {
|
|
dashboard = true;
|
|
debug = false;
|
|
};
|
|
|
|
log = {
|
|
level = "INFO";
|
|
};
|
|
accessLog = {};
|
|
|
|
global = {
|
|
checkNewVersion = false;
|
|
sendAnonymousUsage = false;
|
|
};
|
|
};
|
|
|
|
environmentFiles = [ "/etc/traefik-env" ];
|
|
};
|
|
|
|
systemd.services.traefik.serviceConfig = {
|
|
SupplementaryGroups = [ "podman" ];
|
|
BindPaths = [ "/run/podman/podman.sock:/var/run/docker.sock" ];
|
|
};
|
|
}
|