homelab
/
config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add traefik role

main
kalle 2024-12-26 19:20:22 +01:00
parent 7e729aea40
commit 16396b5459
6 changed files with 150 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@ -18,7 +18,11 @@
in
{
nixosConfigurations = nixpkgs.lib.mapAttrs (
hostname: value: (utils.mkSystem (value // { inherit hostname; }))
hostname: value:
(utils.mkSystem {
inherit hosts;
hostConfig = (value // { inherit hostname; });
})
) hosts;
};
}

11
hosts.nix
View File

@ -15,6 +15,7 @@ in
nix-test = {
roles = with roles; [
traefik
sonarr
];
config = {
@ -22,4 +23,14 @@ in
};
stateVersion = "24.05";
};
nix-test2 = {
roles = with roles; [
sonarr
];
config = {
sonarr.domain = "sonarr2.${hlConfig.domain}";
};
stateVersion = "24.05";
};
}

1
roles/default.nix
View File

@ -3,4 +3,5 @@
}:
{
sonarr = utils.mkRole (import ./sonarr.nix);
traefik = utils.mkRole (import ./traefik.nix);
}

1
roles/sonarr.nix
View File

@ -15,7 +15,6 @@
name = "${hostname}-sonarr";
rule = "Host(`${config.sonarr.domain}`)";
target = "http://${hostname}.lan:8989";
}
];

126
roles/traefik.nix Normal file
View File

@ -0,0 +1,126 @@
{
name = "Traefik";
description = ''
Runs the Traefik reverse proxy.
'';
nixosModule =
{
lib,
pkgs,
config,
hosts,
...
}:
with lib;
{
options.traefik = {
wildcardDomains = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
config =
let
cfg = config.traefik;
routes = concatMap (
hostname:
concatMap (
role:
role.traefikRoutes {
inherit hostname;
config = hosts.${hostname}.config;
}
) hosts.${hostname}.roles
) (builtins.attrNames hosts);
in
{
sops.secrets = {
"traefik.acmeEmail" = {
owner = "traefik";
format = "dotenv";
};
"traefik.CLOUDFLARE_EMAIL" = {
owner = "traefik";
format = "dotenv";
};
"traefik.CLOUDFLARE_DNS_API_TOKEN" = {
owner = "traefik";
format = "dotenv";
};
};
services.traefik = {
enable = true;
environmentFiles = [
config.sops.secrets."traefik.acmeEmail".path
config.sops.secrets."traefik.CLOUDFLARE_EMAIL".path
config.sops.secrets."traefik.CLOUDFLARE_DNS_API_TOKEN".path
];
staticConfiguration = {
entryPoints = {
web = {
address = ":80";
http = {
redirections = {
entryPoint = {
to = "websecure";
scheme = "https";
};
};
};
};
websecure = {
address = ":443";
tls = {
certResolver = "letsencrypt";
domains = mkList (
map (domain: {
main = domain;
sans = [ "*.${domain}" ];
}) cfg.wildcardDomains
);
};
};
};
certificatesResolvers = {
letsencrypt = {
acme = {
email = "$acmeEmail";
storage = "acme.json";
dnsChallenge = {
provider = "cloudflare";
};
};
};
};
http = {
routers = listToAttrs (
map (route: {
name = route.name;
value = {
entrypoints = [ "websecure" ];
service = route.name;
rule = route.rule;
};
}) routes
);
services = listToAttrs (
map (route: {
name = route.name;
value.loadBalancer.servers.url = [ route.target ];
}) routes
);
};
};
};
};
};
}

9
utils.nix
View File

@ -6,11 +6,16 @@
}:
{
mkSystem =
hostConfig:
{ hostConfig, hosts }:
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs outputs hostConfig;
inherit
inputs
outputs
hostConfig
hosts
;
};
modules = [
inputs.impermanence.nixosModules.impermanence