nix-stuff/roles/server/traefik.nix

{config, ...}: {
  specialisation.traefikEnableWebUI.configuration.services.traefik = {
    staticConfigOptions = {
      api = {
        # Enable the web ui
        insecure = true;
        dashboard = true;
      };
    };
  };

  services.traefik = {
    enable = true;
    staticConfigOptions = {
      entryPoints = {
        http = {address = "100.73.96.48:80";};
      };
    };
  };

  systemd = {
    units.tailscaled.requiredBy = ["traefik.service"];
    # We have somewhat frequent power outages, and our ISP router takes
    # ages to boot up. If I don't add a delay, traefik tries to bind to
    # the tailscale interface before it's ready, making it crash too much
    # in too little time
    services.traefik.serviceConfig.RestartSec = 120;
  };

  networking.firewall.allowedTCPPorts = [80 8080];
}