kubernetes-deployments/modules/traefik.nix

{ lib, globals, config, ... }: {
  options.traefik.enable = lib.mkEnableOption "traefik";

  config = lib.mkIf config.traefik.enable {
    kubernetes.resources = {
      helmChartConfigs = {
        traefik = {
          # Override Traefik's service with a static load balancer IP.
          # Create endpoint for HTTPS on port 444.
          # Allow external name services for servers in LAN.
          spec.valuesContent = lib.generators.toYAML { } {
            providers.kubernetesIngress.allowExternalNameServices = true;
            service.loadBalancerIP = globals.traefikIPv4;

            ports = {
              localsecure = {
                port = 8444;
                expose = true;
                exposedPort = 444;
                protocol = "TCP";

                tls = {
                  enabled = true;
                  options = "";
                  certResolver = "";
                  domains = [ ];
                };
              };

              web.redirectTo.port = "websecure";
            };
          };
        };
      };

      services = {
        esrom.spec = {
          type = "ExternalName";
          externalName = "esrom.dmz";

          ports.web = {
            port = 80;
            targetPort = 80;
          };
        };

        traefik-dashboard.spec = {
          selector = {
            "app.kubernetes.io/name" = "traefik";
            "app.kubernetes.io/instance" = "traefik-kube-system";
          };

          ports.web = {
            port = 80;
            targetPort = "traefik";
          };
        };
      };
    };

    lab = {
      ingresses.esrom = {
        host = "esrom.kun.is";

        service = {
          name = "esrom";
          portName = "web";
        };
      };

      tailscaleIngresses.traefik-dashboard = {
        host = "traefik";
        service.name = "traefik-dashboard";
      };
    };
  };
}
Init 2024-09-07 10:35:02 +00:00			`{ lib, globals, config, ... }: {`
			`options.traefik.enable = lib.mkEnableOption "traefik";`

			`config = lib.mkIf config.traefik.enable {`
			`kubernetes.resources = {`
			`helmChartConfigs = {`
			`traefik = {`
			`# Override Traefik's service with a static load balancer IP.`
			`# Create endpoint for HTTPS on port 444.`
			`# Allow external name services for servers in LAN.`
			`spec.valuesContent = lib.generators.toYAML { } {`
			`providers.kubernetesIngress.allowExternalNameServices = true;`
			`service.loadBalancerIP = globals.traefikIPv4;`

			`ports = {`
			`localsecure = {`
			`port = 8444;`
			`expose = true;`
			`exposedPort = 444;`
			`protocol = "TCP";`

			`tls = {`
			`enabled = true;`
			`options = "";`
			`certResolver = "";`
			`domains = [ ];`
			`};`
			`};`

			`web.redirectTo.port = "websecure";`
			`};`
			`};`
			`};`
			`};`

			`services = {`
			`esrom.spec = {`
			`type = "ExternalName";`
			`externalName = "esrom.dmz";`

			`ports.web = {`
			`port = 80;`
			`targetPort = 80;`
			`};`
			`};`

			`traefik-dashboard.spec = {`
			`selector = {`
			`"app.kubernetes.io/name" = "traefik";`
			`"app.kubernetes.io/instance" = "traefik-kube-system";`
			`};`

			`ports.web = {`
			`port = 80;`
			`targetPort = "traefik";`
			`};`
			`};`
			`};`
			`};`

			`lab = {`
			`ingresses.esrom = {`
			`host = "esrom.kun.is";`

			`service = {`
			`name = "esrom";`
			`portName = "web";`
			`};`
			`};`

			`tailscaleIngresses.traefik-dashboard = {`
			`host = "traefik";`
			`service.name = "traefik-dashboard";`
			`};`
			`};`
			`};`
			`}`