{ pkgs, ... }: { environment.systemPackages = [ pkgs.traefik ]; environment.persistence."/persist".files = [ "/acme/acme.json" ]; services.traefik = { enable = true; staticConfigOptions = { global = { checkNewVersion = false; sendAnonymousUsage = false; }; accessLog = {}; api = { dashboard = true; }; certificatesResolvers = { letsencrypt = { acme = { email = "petru@paler.net"; storage = "/acme/acme.json"; tlsChallenge = {}; }; }; }; entryPoints = { web = { address = ":80"; http = { redirections = { entrypoint = { to = "websecure"; scheme = "https"; permanent = true; }; }; }; }; websecure = { address = ":443"; http = { tls = { certResolver = "letsencrypt"; }; }; }; tailscale = { address = "100.75.147.49:8080"; }; }; }; dynamicConfigOptions = { http = { services = { alo-cluster = { loadBalancer = { servers = [ { # edgy over Tailscale url = "http://100.64.229.126:10080"; } ]; }; }; }; routers = { api = { entryPoints = "tailscale"; rule = "Host(`traefik-cloud.v.paler.net`)"; service = "api@internal"; }; wordpress-paler-net = { entryPoints = "websecure"; rule = "Host(`wordpress.paler.net`)"; service = "alo-cluster"; }; ines-paler-net = { entryPoints = "websecure"; rule = "Host(`ines.paler.net`)"; service = "alo-cluster"; }; coachingfor-me = { entryPoints = "websecure"; rule = "Host(`coachingfor.me`)"; service = "alo-cluster"; }; coachingfor-work = { entryPoints = "websecure"; rule = "Host(`coachingfor.work`)"; service = "alo-cluster"; }; petru-ines-paler-net = { entryPoints = "websecure"; rule = "Host(`petru.ines.paler.net`)"; service = "alo-cluster"; }; liam-paler-net = { entryPoints = "websecure"; rule = "Host(`liam.paler.net`)"; service = "alo-cluster"; }; tomas-paler-net = { entryPoints = "websecure"; rule = "Host(`tomas.paler.net`)"; service = "alo-cluster"; }; musictogethersilvercoast-pt = { entryPoints = "websecure"; rule = "Host(`musictogethersilvercoast.pt`)"; service = "alo-cluster"; }; }; }; }; }; }