mob next [ci-skip] [ci skip] [skip ci]

lastFile:machines/rigel/networking.nix
2025-10-20 17:45:33 +07:00
parent dd1b82a2de
commit 7e113ed2af
1 changed files with 61 additions and 1 deletions
--- a/machines/rigel/networking.nix
+++ b/machines/rigel/networking.nix
@@ -36,9 +36,69 @@ in
    };
  };
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      # log.level = "DEBUG";
      log = {
        level = "DEBUG";
        filePath = "/data/traefik/traefik.log";
      };
      serversTransport.insecureSkipVerify = true;
      entryPoints = {
        web = {
          address = ":80";
          transport.respondingTimeouts = {
            readTimeout = "3600s";
            writeTimeout = "0";
            idleTimeout = "300s";
          };
        };
        websecure = {
          address = ":443";
          transport.respondingTimeouts = {
            readTimeout = "3600s";
            writeTimeout = "0";
            idleTimeout = "300s";
          };
        };
      };
      global = {
        checkNewVersion = false;
        sendAnonymousUsage = false;
      };
    };
    dynamicConfigOptions = {
      http.middlewares = {
        redirect-to-https.redirectscheme = {
          scheme = "https";
          permanent = true;
        };
        redirect-to-www.redirectregex = {
          permanent = true;
          regex = "^https?://(?:www\\.)?(.+)";
          replacement = "https://www.\${1}";
        };
      };
      http = {
        routers.ata-web = {
          rule = "";
          service = "ata-web";
        };
        services.ata-web.loadBalancer.servers = [ { url = "http://192.168.254.96"; } ];
      };
    };
  };
  networking.firewall.allowedUDPPorts = [
    53
    67
  ];
-  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedTCPPorts = [
    53
    80
    443
  ];
 }