48 lines
978 B
Nix
48 lines
978 B
Nix
{ config, lib, ... }:
|
|
let
|
|
inherit (lib) mkForce;
|
|
secrets = config.sops.secrets;
|
|
domain = "net.dn";
|
|
in
|
|
{
|
|
sops.secrets = {
|
|
"pangolin/env" = { };
|
|
"pangolin/traefik" = {
|
|
key = "acme/pdns";
|
|
};
|
|
};
|
|
|
|
services.pangolin = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
dashboardDomain = "auth.${domain}";
|
|
baseDomain = domain;
|
|
|
|
environmentFile = secrets."pangolin/env".path;
|
|
letsEncryptEmail = "danny@net.dn";
|
|
dnsProvider = "pdns";
|
|
|
|
settings = {
|
|
app = {
|
|
save_logs = true;
|
|
};
|
|
domains = {
|
|
|
|
};
|
|
traefik.prefer_wildcard_cert = true;
|
|
};
|
|
};
|
|
|
|
services.traefik = {
|
|
staticConfigOptions = {
|
|
certificatesResolvers.letsencrypt.acme = {
|
|
caServer = mkForce "https://ca.net.dn/acme/acme/directory";
|
|
dnsChallenge = {
|
|
provider = "pdns";
|
|
resolvers = [ "10.0.0.1:53" ];
|
|
};
|
|
};
|
|
};
|
|
environmentFiles = [ secrets."pangolin/traefik".path ];
|
|
};
|
|
}
|