daniel/dotfiles
1
0
Fork 0
Code Actions Activity

webserver: Remove traefik

Browse source
This commit is contained in:
Daniel Kempkens 2022-11-19 20:58:20 +01:00
parent 8bd2b8afd9
commit 57434cb466
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 3 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
container/webserver/config.nix
View file

@ -27,69 +27,6 @@
mode = "0644";
};
# traefik
environment.etc."container-webserver/traefik/traefik.toml" = {
text = ''
[providers]
[providers.file]
directory = "/custom_config"
watch = true
[providers.docker]
exposedByDefault = false
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.cfresolver.acme]
email = "${secret.container.webserver.traefik.config.acme.email}"
storage = "/acme.json"
keyType = "EC384"
[certificatesResolvers.cfresolver.acme.dnsChallenge]
provider = "cloudflare"
[api]
dashboard = true
'';
mode = "0644";
};
environment.etc."container-webserver/traefik/custom/middlewares.toml" = {
text = ''
[http.middlewares]
[http.middlewares.non-www-redirect.redirectRegex]
regex = "^https://www.(.*)"
replacement = "https://''${1}"
permanent = true
[http.middlewares.https-redirect.redirectScheme]
scheme = "https"
permanent = true
[http.middlewares.content-compression.compress]
[http.middlewares.very-low-request-rate.rateLimit]
average = 3
period = "1m"
[http.middlewares.security-headers.headers]
frameDeny = true
browserXssFilter = true
contentTypeNosniff = true
referrerPolicy = "no-referrer"
contentSecurityPolicy = "default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; font-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'self'"
'';
mode = "0644";
};
# weewx
environment.etc."container-webserver/weewx/weewx.conf" = {

75
container/webserver/default.nix
View file

@ -43,29 +43,6 @@ in
};
};
traefik = {
service = {
image = "traefik:v2.8";
container_name = "traefik";
restart = "unless-stopped";
depends_on = [ "ipv6nat" ];
networks = [ "webserver" ];
ports = [
"80:80"
"443:443"
];
command = [ "--configFile=/traefik.toml" ];
environment = secret.container.webserver.traefik.environment;
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
"/etc/container-webserver/traefik/traefik.toml:/traefik.toml:ro"
"/etc/container-webserver/traefik/acme.json:/acme.json"
"/etc/container-webserver/traefik/custom:/custom_config:ro"
];
labels = secret.container.webserver.traefik.labels;
};
};
cloudflared = {
service = {
image = "cloudflare/cloudflared:latest";
@ -79,49 +56,14 @@ in
};
};
ifconfig-sexy = {
service = {
image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master";
restart = "unless-stopped";
depends_on = [
"ipv6nat"
"traefik"
];
networks = [ "webserver" ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.ifconfig-sexy-http.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
"traefik.http.routers.ifconfig-sexy-http.entrypoints" = "web";
"traefik.http.routers.ifconfig-sexy-http.middlewares" = "https-redirect@file";
"traefik.http.routers.ifconfig-sexy.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
"traefik.http.routers.ifconfig-sexy.entrypoints" = "websecure";
"traefik.http.routers.ifconfig-sexy.tls" = "true";
"traefik.http.routers.ifconfig-sexy.tls.certresolver" = "cfresolver";
"traefik.http.routers.ifconfig-sexy.middlewares" = "non-www-redirect@file, content-compression@file";
"com.centurylinklabs.watchtower.enable" = "true";
};
};
};
nifoc-pw-docs = {
service = {
image = "ghcr.io/nifoc/nifoc.pw-docs:master";
container_name = "nifoc-pw-docs";
restart = "unless-stopped";
depends_on = [
"ipv6nat"
"traefik"
];
depends_on = [ "ipv6nat" ];
networks = [ "webserver" ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.nifoc-pw-docs.rule" = "HostRegexp(`{subdomain:[a-z_]+}.nifoc.pw`)";
"traefik.http.routers.nifoc-pw-docs.entrypoints" = "websecure";
"traefik.http.routers.nifoc-pw-docs.tls" = "true";
"traefik.http.routers.nifoc-pw-docs.tls.certresolver" = "cfresolver";
"traefik.http.routers.nifoc-pw-docs.tls.domains[0].main" = "nifoc.pw";
"traefik.http.routers.nifoc-pw-docs.tls.domains[0].sans" = "*.nifoc.pw";
"traefik.http.routers.nifoc-pw-docs.middlewares" = "content-compression@file";
"com.centurylinklabs.watchtower.enable" = "true";
};
};
@ -135,7 +77,6 @@ in
depends_on = [
"ipv6nat"
"mosquitto"
"traefik"
];
networks = [ "webserver" ];
environment = {
@ -155,10 +96,7 @@ in
image = "matrixdotorg/synapse:latest";
container_name = "synapse";
restart = "unless-stopped";
depends_on = [
"ipv6nat"
"traefik"
];
depends_on = [ "ipv6nat" ];
networks = [ "webserver" ];
volumes = [
"/etc/container-matrix/synapse:/data"
@ -167,15 +105,6 @@ in
"/etc/container-matrix/whatsapp:/bridge-data/whatsapp:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.matrix.rule" = "Host(`matrix.kempkens.io`)";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.service" = "matrix-web";
"traefik.http.routers.matrix.tls.certresolver" = "cfresolver";
"traefik.http.routers.matrix.tls.domains[0].main" = "kempkens.io";
"traefik.http.routers.matrix.tls.domains[0].sans" = "*.kempkens.io";
"traefik.http.routers.matrix.middlewares" = "content-compression@file";
"traefik.http.services.matrix-web.loadbalancer.server.port" = "8008";
"com.centurylinklabs.watchtower.enable" = "true";
};
};

1
hardware/hosts/sail.nix
View file

@ -16,6 +16,7 @@
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.rmem_max" = "2500000";
};
};

BIN
secret/container/webserver/default.nix
View file

Binary file not shown.