{ config, pkgs, ... }: let container_name = "traefik"; compose_file = "podman/traefik/compose.yaml"; config_dir = "/mnt/config/traefik"; in { config = { environment.etc."${compose_file}".text = /* yaml */ '' services: traefik: image: docker.io/library/traefik:latest container_name: ${container_name} networks: nextcloud-aio: ipv4_address: 172.16.1.253 passbolt_frontend: ipv4_address: 172.16.20.253 pihole: ipv4_address: 172.16.3.253 hass_frontend: ipv4_address: 172.16.40.253 immich_frontend: ipv4_address: 172.16.50.253 gitea_frontend: ipv4_address: 172.16.60.253 it-tools: ipv4_address: 172.16.7.253 ports: - 80:80 - 443:443 volumes: - /run/user/1000/podman/podman.sock:/run/docker.sock:ro - ${config_dir}/rules/:/etc/traefik/conf/:ro - ${config_dir}/traefik.yaml:/etc/traefik/traefik.yaml:ro - ${config_dir}/certs/:/var/traefik/certs/:rw environment: - CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN labels: - traefik.enable=true - traefik.http.services.traefik.loadbalancer.server.port=8080 - traefik.http.services.traefik.loadbalancer.server.scheme=http - traefik.http.routers.traefik-https.entrypoints=websecure - traefik.http.routers.traefik-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.traefik-https.tls=true - traefik.http.routers.traefik-https.tls.certresolver=cloudflare restart: always networks: nextcloud-aio: name: nextcloud-aio driver: bridge ipam: config: - subnet: "172.16.1.0/24" gateway: "172.16.1.254" passbolt_backend: name: passbolt_backend driver: bridge ipam: config: - subnet: "172.16.2.0/24" gateway: "172.16.2.254" passbolt_frontend: name: passbolt_frontend driver: bridge ipam: config: - subnet: "172.16.20.0/24" gateway: "172.16.20.254" pihole: name: pihole driver: bridge ipam: config: - subnet: "172.16.3.0/24" gateway: "172.16.3.254" hass_backend: name: hass_backend driver: bridge ipam: config: - subnet: "172.16.4.0/24" gateway: "172.16.4.254" hass_frontend: name: hass_frontend driver: bridge ipam: config: - subnet: "172.16.40.0/24" gateway: "172.16.40.254" immich_backend: name: immich_backend driver: bridge ipam: config: - subnet: "172.16.5.0/24" gateway: "172.16.5.254" immich_frontend: name: immich_frontend driver: bridge ipam: config: - subnet: "172.16.50.0/24" gateway: "172.16.50.254" gitea_backend: name: gitea_backend driver: bridge ipam: config: - subnet: "172.16.6.0/24" gateway: "172.16.6.254" gitea_frontend: name: gitea_frontend driver: bridge ipam: config: - subnet: "172.16.60.0/24" gateway: "172.16.60.254" it-tools: name: it-tools driver: bridge ipam: config: - subnet: "172.16.7.0/24" gateway: "172.16.7.254" ''; systemd.services.traefik = { description = "Podman container : ${container_name}"; after = [ "network.target" "docker.socket" ]; requires = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.podman-compose ]; serviceConfig = { Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; # Bring the service up ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; }; }; }; }