nki/nix-home
1
0
Fork 0
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

Add dashboard support

Browse source
This commit is contained in:
Natsu Kagami 2021-11-01 15:44:19 -04:00
parent fea90592fe
commit 0842bd53a2
Signed by: nki
GPG key ID: 7306B3D3C3AD6E51
5 changed files with 52 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/cloud/traefik/config.nix
View file

@ -46,7 +46,7 @@ let
description = "The entrypoints that will serve the host"; description = "The entrypoints that will serve the host";
}; };
middlewares = mkOption { middlewares = mkOption {
type = listOf jsonType; type = listOf jsonValue;
default = []; default = [];
description = "The middlewares to be used with the host."; description = "The middlewares to be used with the host.";
}; };

40
modules/cloud/traefik/dashboard.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.cloud.traefik.dashboard;
in
{
options.cloud.traefik.dashboard = {
enable = mkEnableOption "Enables the Traefik Dashboard";
usersFile = mkOption {
type = types.path;
description = ''
The path to the users authentication file.
This is passed to the basicAuth middleware, see https://doc.traefik.io/traefik/middlewares/http/basicauth/
'';
};
host = mkOption {
type = types.str;
default = "traefik.nkagami.me";
description = "The host to be used for the dashboard";
};
};
config = mkIf cfg.enable {
# Enable it in the static config options.
services.traefik.staticConfigOptions.api.dashboard = true;
# Dynamic configuration
# ---------------------
## Middleware
services.traefik.dynamicConfigOptions.http.middlewares.dashboard-auth.basicAuth.usersFile = cfg.usersFile;
## Router
services.traefik.dynamicConfigOptions.http.routers.dashboard = {
rule = "Host(`${cfg.host}`)";
entryPoints = [ "https" ];
middlewares = [ "dashboard-auth" ];
service = "api@internal";
};
};
}

6
modules/cloud/traefik/default.nix
View file

@ -21,7 +21,7 @@ let
cfg = config.cloud.traefik; cfg = config.cloud.traefik;
in in
{ {
imports = [ ./config.nix ]; imports = [ ./config.nix ./dashboard.nix ];
options.cloud.traefik = { options.cloud.traefik = {
cloudflareKeyFile = mkOption { cloudflareKeyFile = mkOption {
type = types.path; type = types.path;
@ -58,10 +58,6 @@ in
accessLog = {}; accessLog = {};
log.level = "info"; log.level = "info";
# Dashboard
# ---------
api.dashboard = true;
# ACME Automatic SSL # ACME Automatic SSL
# ------------------ # ------------------
certificatesResolvers.le.acme = { certificatesResolvers.le.acme = {

7
nki-personal-do/configuration.nix
View file

@ -47,6 +47,11 @@
services.my-tinc.rsaPrivateKey = config.sops.secrets.tinc-private-key.path; services.my-tinc.rsaPrivateKey = config.sops.secrets.tinc-private-key.path;
# Set up traefik # Set up traefik
sops.secrets.cloudflare-dns-api-token = {}; sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
cloud.traefik.cloudflareKeyFile = config.sops.secrets.cloudflare-dns-api-token.path; cloud.traefik.cloudflareKeyFile = config.sops.secrets.cloudflare-dns-api-token.path;
cloud.traefik.dashboard = {
enable = true;
usersFile = config.sops.secrets.traefik-dashboard-users.path;
};
} }

6
nki-personal-do/secrets/secrets.yaml
View file

File diff suppressed because one or more lines are too long