diff options
| -rw-r--r-- | hosts/common/server/traefik.nix | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/hosts/common/server/traefik.nix b/hosts/common/server/traefik.nix index 3bc5d26..5cfa229 100644 --- a/hosts/common/server/traefik.nix +++ b/hosts/common/server/traefik.nix @@ -3,12 +3,13 @@ with lib; let - domain = "fcuny.xyz"; - mkServiceConfig = name: url: { + domainPublic = "fcuny.net"; + domainPrivate = "fcuny.xyz"; + mkServiceConfig = name: url: domain: certResolver: { http.routers."${name}" = { rule = "Host(`${name}.${domain}`)"; service = "${name}"; - tls.certResolver = "le"; + tls.certResolver = certResolver; }; http.services."${name}" = { loadBalancer.servers = [{ url = url; }]; }; }; @@ -58,7 +59,12 @@ in { serversTransport.insecureSkipVerify = true; certificatesResolvers = { - le.acme = { + le-http.acme = { + email = "franck@fcuny.net"; + storage = "/var/lib/traefik/cert.json"; + httpChallenge = { entryPoint = "http"; }; + }; + le-dns.acme = { email = "franck@fcuny.net"; storage = "/var/lib/traefik/cert.json"; dnsChallenge = { @@ -71,9 +77,11 @@ in { }; services.traefik.dynamicConfigOptions = mkMerge [ - (mkServiceConfig "dash" "http://127.0.0.1:3000/") - (mkServiceConfig "bt" "http://127.0.0.1:9091/") - (mkServiceConfig "unifi" "https://127.0.0.1:8443/") + (mkServiceConfi "dash" "http://127.0.0.1:3000/" domainPrivate "le-dns") + (mkServiceConfi "bt" "http://127.0.0.1:9091/" domainPrivate "le-dns") + (mkServiceConfi "unifi" "https://127.0.0.1:8443/" domainPrivate "le-dns") + (mkServiceConfi "git" "http://127.0.0.1:8002/" domainPrivate "le-dns") + (mkServiceConfi "git" "http://127.0.0.1:8002/" domainPublic "le-http") ]; systemd.services.traefik.environment.GCE_SERVICE_ACCOUNT_FILE = |