From 94af34c68cef8fc5ac7f23bf826d935b84730ade Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 6 Mar 2022 19:21:22 -0800
Subject: traefik: proper configuration for unifi

---
 hosts/common/server/traefik.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'hosts/common/server/traefik.nix')

diff --git a/hosts/common/server/traefik.nix b/hosts/common/server/traefik.nix
index 8765856..3bc5d26 100644
--- a/hosts/common/server/traefik.nix
+++ b/hosts/common/server/traefik.nix
@@ -44,6 +44,19 @@ in {
 
       entryPoints.http.address = ":80";
       entryPoints.https.address = ":443";
+      # the default is 8080, which conflict with unifi
+      entryPoints.traefik.address = ":8090";
+
+      api = {
+        dashboard = true;
+        insecure = true;
+      };
+
+      # The unifi controller runs on HTTPS with a self-signed
+      # certificate, as a result we need to accept insecure
+      # certificates.
+      serversTransport.insecureSkipVerify = true;
+
       certificatesResolvers = {
         le.acme = {
           email = "franck@fcuny.net";
@@ -60,6 +73,7 @@ in {
   services.traefik.dynamicConfigOptions = mkMerge [
     (mkServiceConfig "dash" "http://127.0.0.1:3000/")
     (mkServiceConfig "bt" "http://127.0.0.1:9091/")
+    (mkServiceConfig "unifi" "https://127.0.0.1:8443/")
   ];
 
   systemd.services.traefik.environment.GCE_SERVICE_ACCOUNT_FILE =
-- 
cgit 1.4.1