NixiN/nixin-krops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add parameter to reverse proxy

Browse source
This commit is contained in:
Douze Bé 2024-12-22 00:00:31 +01:00
parent 7dd07de4e5
commit bdebaa19de
2 changed files with 87 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/arachnide/configuration.nix
View file

@ -38,6 +38,10 @@
ipv6 = "2a01:4f9:1a:9a05::2/128"; ipv6 = "2a01:4f9:1a:9a05::2/128";
}; };
nixin.traefik = {
dashboard-domain = "traefik.lab12.fr";
};
nixin.web = { nixin.web = {
domain = "nixin.lab12.fr"; domain = "nixin.lab12.fr";
http-port = 8081; http-port = 8081;

34
modules/reverse-proxy.nix
View file

@ -1,9 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (lib) mkOption mkDefault;
localCertificationDirectory = config.security.localCertification.directory; localCertificationDirectory = config.security.localCertification.directory;
in in
{ {
options = {
nixin.traefik = {
dashboard-domain = mkOption { type = lib.types.str; };
};
};
config = {
# Enable Traefik # Enable Traefik
services.traefik.enable = true; services.traefik.enable = true;
@ -68,7 +76,7 @@ in
# Dashboard # Dashboard
services.traefik.dynamicConfigOptions.http.routers.dashboard = { services.traefik.dynamicConfigOptions.http.routers.dashboard = {
rule = lib.mkDefault "Host(`traefik.lab12.fr`)"; rule = lib.mkDefault "Host(`${config.nixin.traefik.dashboard-domain}`)";
service = "api@internal"; service = "api@internal";
# restrict access to the dashboard # restrict access to the dashboard
middlewares = [ "wg-whitelist" ]; middlewares = [ "wg-whitelist" ];
@ -79,17 +87,17 @@ in
# You can find and example proxy for a non-docker service in the nixin-web.nix module # You can find and example proxy for a non-docker service in the nixin-web.nix module
# Example docker service with traefik proxy enabled through labels # Example docker service with traefik proxy enabled through labels
virtualisation.oci-containers.containers.whoami = { # virtualisation.oci-containers.containers.whoami = {
autoStart = true; # autoStart = true;
image = "jwilder/whoami"; # image = "jwilder/whoami";
extraOptions = [ # extraOptions = [
"--label=traefik.enable=true" # "--label=traefik.enable=true"
"--label=traefik.http.routers.whoami.entrypoints=websecure" # "--label=traefik.http.routers.whoami.entrypoints=websecure"
"--label=traefik.http.routers.whoami.rule=Host(`whoami.lab12.fr`)" # "--label=traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)"
"--label=traefik.http.routers.whoami.tls=true" # "--label=traefik.http.routers.whoami.tls=true"
"--label=traefik.http.services.whoami.loadbalancer.server.port=8000" # "--label=traefik.http.services.whoami.loadbalancer.server.port=8000"
"--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge" # "--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge"
]; # ];
# };
}; };
} }