From 86a82a5e4eaf1db45e72182e8dc14ca85e9988cc Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 6 Mar 2022 08:09:06 -0800
Subject: traefik: initial configuration

I want to run traefik on the NAS, so I can reach grafana and other
future services running on that host.

To manage TLS, we use let's encrypt with a DNS challenge. For this to
work we need a service account configuration, that is encrypted with
age.
---
 hosts/common/nas.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'hosts/common/nas.nix')

diff --git a/hosts/common/nas.nix b/hosts/common/nas.nix
index 92b0d3f..a45cab4 100644
--- a/hosts/common/nas.nix
+++ b/hosts/common/nas.nix
@@ -7,5 +7,17 @@
     ./server/prometheus.nix
     ./server/grafana.nix
     ./server/backups/users.nix
+    ./server/traefik.nix
   ];
+
+  age.secrets.traefik-gcp-sa = {
+    file = ../secrets/traefik/gcp_sa.age;
+    mode = "0440";
+    owner = "0";
+  };
+
+  traefik = {
+    gcpKeyFile = "/run/agenix/gcp_sa";
+    gcpProjectName = "fcuny-homelab";
+  };
 }
-- 
cgit v1.2.3