roles/syncthingserver: change reverse proxy from caddy to traefik

2025-10-24 15:30:29 -04:00
parent 241674cb83
commit bc623309ba
1 changed files with 12 additions and 8 deletions
--- a/roles/syncthingserver.nix
+++ b/roles/syncthingserver.nix
@@ -45,15 +45,19 @@ in
      };
    };

-    services.tailscale.permitCertUid = "caddy";
-
-    services.caddy = {
-      enable = true;
-      virtualHosts."${config.networking.hostName}.tail755c5.ts.net" = {
-        extraConfig = ''
-          reverse_proxy localhost:${toString syncthingGuiPort}
-        '';
+    traefik.enable = true;
+    services.traefik.dynamicConfigOptions = {
+      http.routers.syncthing = {
+        entrypoints = [ "websecure" ];
+        rule = "Host(`${config.networking.hostName}.tail755c5.ts.net`)";
+        tls.certresolver = "tailscale";
+        service = "syncthing";
      };
+      http.services.syncthing.loadbalancer.servers = [
+        {
+          url = "http://127.0.0.1:${toString syncthingGuiPort}";
+        }
+      ];
    };

    networking.firewall.allowedTCPPorts = [