genofire
/
nix
1
1
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
nix/nixos/k3s/traefik-external.nix

64 lines
1.4 KiB
Nix
Raw Blame History

{
imports = [
./default.nix
];
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [
443
];
# for quic3 - max size to 2.5MB
boot.kernelParams = [
"net.core.rmem_max=2500000"
"net.core.wmem_max=2500000"
];
services.traefik = {
enable = true;
staticConfigOptions = {
experimental.http3 = true;
entryPoints = {
web = {
address = ":80";
};
websecure = {
address = ":443";
http3 = {};
};
};
providers = {
kubernetesIngress = {
allowEmptyServices = true;
allowExternalNameServices = true;
};
kubernetesCRD = {
allowCrossNamespace = true;
allowEmptyServices = true;
allowExternalNameServices = true;
};
};
api.dashboard = true;
metrics.prometheus.entryPoint = "websecure";
certificatesResolvers.letsencrypt.acme = {
storage = "/var/lib/traefik/acme/acme.json";
caServer = "https://acme-v02.api.letsencrypt.org/directory";
tlsChallenge = {};
};
};
dynamicConfigOptions = {
http.middlewares = {
"redirect-https".redirectScheme = {
scheme = "https";
permanent = true;
};
};
};
};
systemd.services.traefik.environment = {
KUBECONFIG = "/var/lib/traefik/k3s-kubeconfig.yaml";
};
}
Reference in New Issue View Git Blame Copy Permalink