From 369000d68b4583879e5f8a7948aa5300f041663f Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Wed, 13 Apr 2022 14:22:44 -0700
Subject: traefik: remove the module

---
 modules/services/traefik/default.nix | 99 ------------------------------------
 1 file changed, 99 deletions(-)
 delete mode 100644 modules/services/traefik/default.nix

(limited to 'modules/services/traefik/default.nix')

diff --git a/modules/services/traefik/default.nix b/modules/services/traefik/default.nix
deleted file mode 100644
index a5cff3d..0000000
--- a/modules/services/traefik/default.nix
+++ /dev/null
@@ -1,99 +0,0 @@
-{ pkgs, inputs, config, lib, ... }:
-
-with lib;
-
-let
-  cfg = config.my.services.traefik;
-  secrets = config.age.secrets;
-  domainPublic = "fcuny.net";
-  domainPrivate = "fcuny.xyz";
-  mkServiceConfig = name: url: domain: certResolver: {
-    http.routers."${name}.${domain}" = {
-      rule = "Host(`${name}.${domain}`)";
-      service = "${name}.${domain}";
-      tls.certResolver = certResolver;
-    };
-    http.services."${name}.${domain}" = {
-      loadBalancer.servers = [{ url = url; }];
-    };
-  };
-in {
-  options.my.services.traefik = with lib; {
-    enable = mkEnableOption "traefik router";
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.traefik = {
-      enable = true;
-
-      staticConfigOptions = {
-        metrics.prometheus = {
-          addEntryPointsLabels = true;
-          addRoutersLabels = true;
-          addServicesLabels = true;
-        };
-
-        global = {
-          checkNewVersion = false;
-          sendAnonymousUsage = false;
-        };
-
-        accessLog.format = "json";
-        log.level = "warn";
-
-        entryPoints.http.http.redirections = {
-          entryPoint.to = "https";
-          entryPoint.scheme = "https";
-          entryPoint.permanent = true;
-        };
-
-        entryPoints.http.address = ":80";
-        entryPoints.https.address = ":443";
-        # the default is 8080, which conflict with unifi
-        entryPoints.traefik.address = ":8090";
-
-        api = {
-          dashboard = true;
-          insecure = true;
-        };
-
-        # The unifi controller runs on HTTPS with a self-signed
-        # certificate, as a result we need to accept insecure
-        # certificates.
-        serversTransport.insecureSkipVerify = true;
-
-        certificatesResolvers = {
-          le-http.acme = {
-            email = "franck@fcuny.net";
-            storage = "/var/lib/traefik/cert.json";
-            httpChallenge = { entryPoint = "http"; };
-          };
-          le-dns.acme = {
-            email = "franck@fcuny.net";
-            storage = "/var/lib/traefik/cert.json";
-            dnsChallenge = {
-              provider = "gcloud";
-              delayBeforeCheck = 0;
-            };
-          };
-        };
-      };
-    };
-
-    services.traefik.dynamicConfigOptions = mkMerge [
-      (mkServiceConfig "dash" "http://127.0.0.1:3000/" domainPrivate "le-dns")
-      (mkServiceConfig "bt" "http://127.0.0.1:9091/" domainPrivate "le-dns")
-      (mkServiceConfig "unifi" "https://127.0.0.1:8443/" domainPrivate "le-dns")
-      (mkServiceConfig "music" "http://127.0.0.1:4533/" domainPrivate "le-dns")
-      (mkServiceConfig "git" "http://127.0.0.1:8002/" domainPrivate "le-dns")
-      (mkServiceConfig "git" "http://127.0.0.1:8002/" domainPublic "le-http")
-    ];
-
-    systemd.services.traefik.environment.GCE_SERVICE_ACCOUNT_FILE =
-      secrets."traefik/gcp_service_account.json".path;
-    systemd.services.traefik.environment.GCE_PROJECT = "fcuny-homelab";
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
-    networking.firewall.allowedUDPPorts = [ 443 ]; # QUIC
-  };
-}
-- 
cgit 1.4.1