JuliusFreudenberger/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Test traefik, arcane and immich on vServer

Browse source
This commit is contained in:
JuliusFreudenberger 2026-01-04 22:22:53 +01:00
parent cb0408abd4
commit 5115744f46
2 changed files with 47 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

41
hosts/srv01.hf/default.nix
View file

@ -17,6 +17,8 @@
../../modules/docker.nix
../../modules/teleport.nix
../../modules/portainer_agent.nix
../../modules/arcane.nix
../../modules/traefik.nix
../../modules/auto-upgrade.nix
# Include the results of the hardware scan.
./hardware-configuration.nix
@ -33,6 +35,45 @@
virtualisation.oci-containers.containers.portainer_agent.environmentFiles = [ config.age.secrets."portainer-join_token".path ];
services.traefik-docker = {
enable = true;
dashboardUrl = "traefik.juliusfr.eu";
dnsSecrets = [
config.age.secrets."netcup-dns"
];
mTLSCaCertSecret = config.age.secrets."step-ca-crt";
oidcAuthProviderUrl = "https://login.juliusfr.eu";
oidcClients = {
traefik-dashboard = {
secret = config.age.secrets."traefik-oidc-auth";
};
immich = {
secret = config.age.secrets."immich-oidc-auth";
scopes = [
"openid"
"email"
"profile"
];
enableBypassUsingClientCertificate = true;
};
arcane = {
secret = config.age.secrets."arcane-oidc-auth";
scopes = [
"openid"
"email"
"profile"
"groups"
];
};
};
};
services.arcane = {
enable = true;
appUrl = "arcane.juliusfr.eu";
secretFile = config.age.secrets."arcane-secrets";
};
systemd.network = {
enable = true;
networks."10-wan" = {