hosts/franz/arion/git/arion-compose.nix

@@ -15,21 +15,12 @@
       useHostStore = true;
       labels = {
         "traefik.enable" = "true";
-        "traefik.docker.network" = "dmz";
-
-        "traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
-        "traefik.http.routers.forgejo.service" = "forgejo";
         "traefik.http.routers.forgejo.entrypoints" = "websecure";
         "traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)";
+        "traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
+        "traefik.docker.network" = "dmz";
         "traefik.http.routers.forgejo.tls" = "true";
         "traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
-
-        "traefik.http.services.forgejo-external.loadbalancer.server.port" = "3000";
-        "traefik.http.routers.forgejo-external.service" = "forgejo-external";
-        "traefik.http.routers.forgejo-external.rule" = "Host(`git.ghoscht.com`)";
-        "traefik.http.routers.forgejo-external.entrypoints" = "websecure-external";
-        "traefik.http.routers.forgejo-external.tls" = "true";
-        "traefik.http.routers.forgejo-external.tls.certresolver" = "letsencrypt";
       };
       volumes = [
         "/storage/dataset/docker/git/forgejo_data:/data"

hosts/franz/arion/headscale/arion-compose.nix

@@ -16,7 +16,7 @@
         "traefik.enable" = "true";
         "traefik.http.services.headscale.loadbalancer.server.port" = "8080";
         "traefik.http.routers.headscale.service" = "headscale";
-        "traefik.http.routers.headscale.entrypoints" = "websecure";
+        "traefik.http.routers.headscale.entrypoints" = "websecure-external";
         "traefik.http.routers.headscale.rule" = "Host(`headscale.ghoscht.com`)";
         "traefik.http.routers.headscale.tls" = "true";
         "traefik.http.routers.headscale.tls.certresolver" = "letsencrypt";
@@ -24,7 +24,7 @@
         "traefik.http.services.headscale-external.loadbalancer.server.port" = "8080";
         "traefik.http.routers.headscale-external.service" = "headscale-external";
         "traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)";
-        "traefik.http.routers.headscale-external.entrypoints" = "websecure-external";
+        "traefik.http.routers.headscale-external.entrypoints" = "websecure";
         "traefik.http.routers.headscale-external.tls" = "true";
         "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt";
       };

hosts/franz/arion/infrastructure/arion-compose.nix

@@ -45,18 +45,18 @@
         "dmz"
       ];
     };
-    # cloudflared.service = {
+    cloudflared.service = {
-    #   image = "cloudflare/cloudflared:2024.2.1";
+      image = "cloudflare/cloudflared:2024.2.1";
-    #   container_name = "cloudflared";
+      container_name = "cloudflared";
-    #   env_file = [
+      env_file = [
-    #     "/home/ghoscht/.docker/infrastructure/cloudflared.env"
+        "/home/ghoscht/.docker/infrastructure/cloudflared.env"
-    #   ];
+      ];
-    #   restart = "always";
+      restart = "always";
-    #   command = "tunnel --no-autoupdate --protocol http2 run";
+      command = "tunnel --no-autoupdate --protocol http2 run";
-    #   networks = [
+      networks = [
-    #     "dmz"
+        "dmz"
-    #   ];
+      ];
-    # };
+    };
     scrutiny.service = {
       image = "ghcr.io/analogj/scrutiny:v0.8.0-omnibus";
       container_name = "scrutiny";

hosts/franz/arion/matrix/arion-compose.nix

@@ -14,21 +14,11 @@
       container_name = "synapse";
       labels = {
         "traefik.enable" = "true";
-
-        "traefik.http.services.synapse.loadbalancer.server.port" = "8008";
-        "traefik.http.routers.synapse.service" = "synapse";
         "traefik.http.routers.synapse.entrypoints" = "websecure";
         "traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
         "traefik.docker.network" = "dmz";
         "traefik.http.routers.synapse.tls" = "true";
         "traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
-
-        "traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
-        "traefik.http.routers.synapse-external.service" = "synapse-external";
-        "traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
-        "traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
-        "traefik.http.routers.synapse-external.tls" = "true";
-        "traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
       };
       volumes = [
         "/storage/dataset/docker/matrix/synapse_data:/data"
@@ -69,21 +59,11 @@
       ];
       labels = {
         "traefik.enable" = "true";
-
-        "traefik.http.services.matrix.loadbalancer.server.port" = "80";
-        "traefik.http.routers.matrix.service" = "matrix";
         "traefik.http.routers.matrix.entrypoints" = "websecure";
         "traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
         "traefik.docker.network" = "dmz";
         "traefik.http.routers.matrix.tls" = "true";
         "traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
-
-        "traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
-        "traefik.http.routers.matrix-external.service" = "matrix-external";
-        "traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
-        "traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
-        "traefik.http.routers.matrix-external.tls" = "true";
-        "traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
       };
       restart = "unless-stopped";
       networks = [

hosts/franz/arion/push/arion-compose.nix

@@ -15,20 +15,10 @@
       useHostStore = true;
       labels = {
         "traefik.enable" = "true";
-
-        "traefik.http.routers.ntfy.service" = "ntfy";
-        "traefik.http.services.ntfy.loadbalancer.server.port" = "80";
         "traefik.http.routers.ntfy.entrypoints" = "websecure";
         "traefik.http.routers.ntfy.rule" = "Host(`push.ghoscht.com`)";
         "traefik.http.routers.ntfy.tls" = "true";
         "traefik.http.routers.ntfy.tls.certresolver" = "letsencrypt";
-
-        "traefik.http.routers.ntfy-external.service" = "ntfy-external";
-        "traefik.http.services.ntfy-external.loadbalancer.server.port" = "80";
-        "traefik.http.routers.ntfy-external.rule" = "Host(`push.ghoscht.com`)";
-        "traefik.http.routers.ntfy-external.entrypoints" = "websecure-external";
-        "traefik.http.routers.ntfy-external.tls" = "true";
-        "traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
       };
       volumes = [
         "/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"

hosts/franz/arion/signal/arion-compose.nix

@@ -18,20 +18,11 @@
       working_dir = "/data";
       labels = {
         "traefik.enable" = "true";
-
         "traefik.http.routers.mollysocket.rule" = "Host(`signal.ghoscht.com`)";
-        "traefik.http.routers.mollysocket.service" = "mollysocket";
         "traefik.http.routers.mollysocket.entrypoints" = "websecure";
         "traefik.http.services.mollysocket.loadbalancer.server.port" = "8020";
         "traefik.http.routers.mollysocket.tls" = "true";
         "traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
-
-        "traefik.http.services.mollysocket-external.loadbalancer.server.port" = "8020";
-        "traefik.http.routers.mollysocket-external.service" = "mollysocket-external";
-        "traefik.http.routers.mollysocket-external.rule" = "Host(`signal.ghoscht.com`)";
-        "traefik.http.routers.mollysocket-external.entrypoints" = "websecure-external";
-        "traefik.http.routers.mollysocket-external.tls" = "true";
-        "traefik.http.routers.mollysocket-external.tls.certresolver" = "letsencrypt";
       };
       environment = {
         MOLLY_DB = "/data/mollysocket.db";

hosts/franz/restic.nix

@@ -191,7 +191,7 @@ in {
           to:
             - zfs
             - eustachius
-          cron: '55 3 * * *' # Every Day at 3:55
+          cron: '0 4 * * 0' # Every Sunday at 4:00
           hooks:
             before:
               -  arion -f ${arionPath}/auth/arion-compose.nix -p ${arionPath}/auth/arion-pkgs.nix stop