{config, ...}: let vars = import ../../../../vars.nix; in { virtualisation.arion = { projects.infrastructure.settings = { imports = [./arion-compose.nix]; }; }; sops.secrets."cloudflared/tunnel_token" = { owner = vars.user; }; sops.secrets."traefik/acme_email" = { owner = vars.user; }; sops.secrets."traefik/cloudflare_email" = { owner = vars.user; }; sops.secrets."traefik/cloudflare_api_key" = { owner = vars.user; }; sops.secrets."dyndns/cloudflare_api_key" = { owner = vars.user; }; sops.templates."cloudflared.env" = { path = "/home/${vars.user}/.docker/infrastructure/cloudflared.env"; owner = vars.user; mode = "0775"; content = '' TUNNEL_TOKEN="${config.sops.placeholder."cloudflared/tunnel_token"}" ''; }; sops.templates."traefik.env" = { path = "/home/${vars.user}/.docker/infrastructure/traefik.env"; owner = vars.user; mode = "0775"; content = '' CLOUDFLARE_EMAIL="${config.sops.placeholder."traefik/cloudflare_email"}" CLOUDFLARE_API_KEY="${config.sops.placeholder."traefik/cloudflare_api_key"}" ''; }; sops.templates."dyndns.env" = { path = "/home/${vars.user}/.docker/infrastructure/dyndns.env"; owner = vars.user; mode = "0775"; content = '' CLOUDFLARE_API_TOKEN="${config.sops.placeholder."dyndns/cloudflare_api_key"}" ''; }; sops.templates."traefik.toml" = { path = "/home/${vars.user}/.docker/infrastructure/traefik_data/traefik.toml"; owner = vars.user; mode = "0775"; content = '' [entryPoints] [entryPoints.web] address = ":80" [entryPoints.web-external] address = ":81" [entryPoints.websecure] address = ":443" [entryPoints.websecure-external] address = ":444" [api] dashboard = true insecure = true [certificatesResolvers.letsencrypt.acme] email = "${config.sops.placeholder."traefik/acme_email"}" storage = "/letsencrypt/acme.json" [certificatesResolvers.letsencrypt.acme.dnsChallenge] provider = "cloudflare" resolvers = ["1.1.1.1:53", "1.0.0.1:53"] [serversTransport] insecureSkipVerify = true [providers.docker] watch = true network = "dmz" exposedByDefault = false # overriden by traefik.enable=true ''; }; }