mob next [ci-skip] [ci skip] [skip ci]

lastFile:machines/rigel/networking.nix
2025-10-20 17:45:33 +07:00
parent dd1b82a2de
commit 7e113ed2af
1 changed files with 61 additions and 1 deletions
--- a/machines/rigel/networking.nix
+++ b/machines/rigel/networking.nix
@@ -36,9 +36,69 @@ in
    };
  };

+  services.traefik = {
+    enable = true;
+    staticConfigOptions = {
+      # log.level = "DEBUG";
+      log = {
+        level = "DEBUG";
+        filePath = "/data/traefik/traefik.log";
+      };
+
+      serversTransport.insecureSkipVerify = true;
+
+      entryPoints = {
+        web = {
+          address = ":80";
+          transport.respondingTimeouts = {
+            readTimeout = "3600s";
+            writeTimeout = "0";
+            idleTimeout = "300s";
+          };
+        };
+        websecure = {
+          address = ":443";
+          transport.respondingTimeouts = {
+            readTimeout = "3600s";
+            writeTimeout = "0";
+            idleTimeout = "300s";
+          };
+        };
+      };
+      global = {
+        checkNewVersion = false;
+        sendAnonymousUsage = false;
+      };
+    };
+    dynamicConfigOptions = {
+      http.middlewares = {
+        redirect-to-https.redirectscheme = {
+          scheme = "https";
+          permanent = true;
+        };
+        redirect-to-www.redirectregex = {
+          permanent = true;
+          regex = "^https?://(?:www\\.)?(.+)";
+          replacement = "https://www.\${1}";
+        };
+      };
+      http = {
+        routers.ata-web = {
+          rule = "";
+          service = "ata-web";
+        };
+        services.ata-web.loadBalancer.servers = [ { url = "http://192.168.254.96"; } ];
+      };
+    };
+  };
+
  networking.firewall.allowedUDPPorts = [
    53
    67
  ];
-  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedTCPPorts = [
+    53
+    80
+    443
+  ];
 }