1 files changed, 15 insertions, 7 deletions

diff --git a/hosts/common/server/traefik.nix b/hosts/common/server/traefik.nix
index 3bc5d26..5cfa229 100644
--- a/hosts/common/server/traefik.nix
+++ b/hosts/common/server/traefik.nix
@@ -3,12 +3,13 @@
 with lib;
 
 let
-  domain = "fcuny.xyz";
-  mkServiceConfig = name: url: {
+  domainPublic = "fcuny.net";
+  domainPrivate = "fcuny.xyz";
+  mkServiceConfig = name: url: domain: certResolver: {
     http.routers."${name}" = {
       rule = "Host(`${name}.${domain}`)";
       service = "${name}";
-      tls.certResolver = "le";
+      tls.certResolver = certResolver;
     };
     http.services."${name}" = { loadBalancer.servers = [{ url = url; }]; };
   };
@@ -58,7 +59,12 @@ in {
       serversTransport.insecureSkipVerify = true;
 
       certificatesResolvers = {
-        le.acme = {
+        le-http.acme = {
+          email = "franck@fcuny.net";
+          storage = "/var/lib/traefik/cert.json";
+          httpChallenge = { entryPoint = "http"; };
+        };
+        le-dns.acme = {
           email = "franck@fcuny.net";
           storage = "/var/lib/traefik/cert.json";
           dnsChallenge = {
@@ -71,9 +77,11 @@ in {
   };
 
   services.traefik.dynamicConfigOptions = mkMerge [
-    (mkServiceConfig "dash" "http://127.0.0.1:3000/")
-    (mkServiceConfig "bt" "http://127.0.0.1:9091/")
-    (mkServiceConfig "unifi" "https://127.0.0.1:8443/")
+    (mkServiceConfi "dash" "http://127.0.0.1:3000/" domainPrivate "le-dns")
+    (mkServiceConfi "bt" "http://127.0.0.1:9091/" domainPrivate "le-dns")
+    (mkServiceConfi "unifi" "https://127.0.0.1:8443/" domainPrivate "le-dns")
+    (mkServiceConfi "git" "http://127.0.0.1:8002/" domainPrivate "le-dns")
+    (mkServiceConfi "git" "http://127.0.0.1:8002/" domainPublic "le-http")
   ];
 
   systemd.services.traefik.environment.GCE_SERVICE_ACCOUNT_FILE =