feat(elcafe): add new server configuration

2025-11-02 00:00:12 +01:00
parent 4658b8392e
commit 22e21be60a
8 changed files with 205 additions and 3 deletions
--- a/system/dev/docker.nix
+++ b/system/dev/docker.nix
@@ -9,6 +9,13 @@ with lib; let
 in {
  options.mySystem.dev.docker = {
    enable = mkEnableOption "Enable Docker";
+    extraDaemonSettings = mkOption {
+      type = types.nullOr (types.attrsOf types.str);
+      default = {};
+      example = {
+        data-root = "/custom/path";
+      };
+    };
    podman.enable = mkEnableOption "Enable Podman rather than Docker";
    nvidia.enable = mkEnableOption "Activate Nvidia support";
    autoprune.enable = mkEnableOption "Enable autoprune";
--- a/system/hardware/default.nix
+++ b/system/hardware/default.nix
@@ -1,3 +1,4 @@
+{lib, ...}:
 {
  imports = [
    ./amdgpu.nix
@@ -7,4 +8,5 @@
    ./opentablet.nix
    ./sound.nix
  ];
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
 }
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -9,5 +9,6 @@
    ./printing.nix
    ./ssh.nix
    ./sunshine.nix
+    ./traefik.nix
  ];
 }
--- a/system/services/traefik.nix
+++ b/system/services/traefik.nix
@@ -0,0 +1,65 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.traefik;
+in {
+  options.mySystem.services.traefik = {
+    enable = mkEnableOption "Enable Traefikse";
+    email = mkOption {
+      type = types.str;
+      default = "lucien@phundrak.com";
+      example = "admin@example.com";
+    };
+    envFiles = mkOption {
+      type = types.listOf types.path;
+      example = ["/run/secrets/traefik.env"];
+      default = [];
+    };
+    dynConf = mkOption {
+      type = types.path;
+      example = "/var/traefik/dynamic.yaml";
+    };
+  };
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [80 443];
+    services.traefik = {
+      inherit (cfg) enable;
+      environmentFiles = cfg.envFiles;
+      dynamicConfigFile = cfg.dynConf;
+      staticConfigOptions = {
+        log = {
+          level = "WARN";
+          filePath = "/var/log/traefik/traefik.log";
+        };
+        accessLog.filePath = "/var/log/traefik/access.log";
+        api.dashboard = true;
+        entryPoints = {
+          web = {
+            address = ":80";
+            http.redirections.entryPoint = {
+              to = "websecure";
+              scheme = "https";
+            };
+          };
+          websecure.address = ":443";
+        };
+        certificatesResolvers.cloudflare.acme = {
+          inherit (cfg) email;
+          storage = "/var/lib/traefik/acme.json";
+          dnsChallenge = {
+            provider = "cloudflare";
+            resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
+            propagation.delayBeforeChecks = 60;
+          };
+        };
+        providers.docker = {
+          endpoint = "unix:///var/run/docker.sock";
+          exposedByDefault = false;
+        };
+      };
+    };
+  };
+}