{ lib, globals, config, ... }: { options.traefik.enable = lib.mkEnableOption "traefik"; config = lib.mkIf config.traefik.enable { kubernetes.resources = { helmChartConfigs = { traefik = { # Override Traefik's service with a static load balancer IP. # Create endpoint for HTTPS on port 444. # Allow external name services for servers in LAN. spec.valuesContent = lib.generators.toYAML {} { providers.kubernetesIngress.allowExternalNameServices = true; service.loadBalancerIP = globals.traefikIPv4; ports = { localsecure = { port = 8444; expose = true; exposedPort = 444; protocol = "TCP"; tls = { enabled = true; options = ""; certResolver = ""; domains = []; }; }; web.redirectTo.port = "websecure"; }; }; }; }; services = { esrom.spec = { type = "ExternalName"; externalName = "esrom.dmz"; ports.web = { port = 80; targetPort = 80; }; }; traefik-dashboard.spec = { selector = { "app.kubernetes.io/name" = "traefik"; "app.kubernetes.io/instance" = "traefik-kube-system"; }; ports.web = { port = 80; targetPort = "traefik"; }; }; }; }; lab = { ingresses.esrom = { host = "esrom.kun.is"; service = { name = "esrom"; portName = "web"; }; }; tailscaleIngresses.traefik-dashboard = { host = "traefik"; service.name = "traefik-dashboard"; }; }; }; }