feat(elcafe): add new server configuration

system/boot/boot.nix

@@ -44,7 +44,7 @@ in {
     grub = {
       enable = mkEnableOption "Does the system use GRUB? (Disables systemd-boot)";
       device = mkOption {
-        type = types.str;
+        type = types.path;
         description = "The GRUB device";
         default = "";
       };

system/dev/docker.nix

@@ -12,6 +12,11 @@ in {
     podman.enable = mkEnableOption "Enable Podman rather than Docker";
     nvidia.enable = mkEnableOption "Activate Nvidia support";
     autoprune.enable = mkEnableOption "Enable autoprune";
+    storage = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      example = "/path/to/docker/storage";
+    };
   };
 
   config = mkIf cfg.enable {
@@ -29,6 +34,9 @@ in {
         enable = true;
         enableNvidia = cfg.nvidia.enable;
         autoPrune.enable = cfg.autoprune.enable;
+        daemon.settings = mkIf (cfg.storage != null) {
+          "data-root" = cfg.storage;
+        };
       };
       podman = mkIf cfg.podman.enable {
         enable = true;

system/hardware/default.nix

@@ -1,8 +1,10 @@
-{
+{lib, ...}: {
   imports = [
     ./amdgpu.nix
     ./bluetooth.nix
     ./sound.nix
     ./input
   ];
+
+  hardware.enableAllFirmware = lib.mkDefault true;
 }

system/network/tailscale.nix

@@ -13,7 +13,7 @@ in {
     };
   };
   config.services.tailscale = {
-    enable = cfg.enable;
+    inherit (cfg) enable;
     extraSetFlags = [
       "--accept-dns"
       "--accept-routes"

system/services/sunshine.nix

@@ -15,7 +15,12 @@ in {
     autoStart = cfg.autostart;
     capSysAdmin = true;
     openFirewall = true;
-    settings.sunshine_name = config.mySystem.networking.hostname;
+    settings = {
+      sunshine_name = config.mySystem.networking.hostname;
+      locale = "en_GB";
+      system_tray = "enabled";
+      output_name = 1;
+    };
     applications.apps = [
       {
         name = "Desktop";
@@ -42,6 +47,12 @@ in {
       {
         name = "OpenMW";
         cmd = "openmw";
+        image-path = "/home/phundrak/.config/sunshine/covers/igdb_24775.png";
+      }
+      {
+        name = "Vintage Story";
+        cmd = "flatpak run at.vintagestory.VintageStory";
+        image-path = "/home/phundrak/.config/sunshine/covers/igdb_69547.png";
       }
     ];
   };

system/services/traefik.nix

@@ -8,18 +8,28 @@ with lib; let
 in {
   options.mySystem.services.traefik = {
     enable = mkEnableOption "Enable Traefik";
-    dataDir = mkOption {
-      type = types.path;
-      default = "/tank/traefik";
-    };
     email = mkOption {
       type = types.str;
       default = "";
     };
+    dataDir = mkOption {
+      type = types.path;
+      default = "/tank/traefik";
+      example = "/path/to/traefik/data";
+    };
+    environmentFiles = mkOption {
+      type = types.listOf types.path;
+      example = ["/var/traefik/traefik.env"];
+      default = [];
+    };
+    dynamicConfigFile = mkOption {
+      type = types.path;
+      default = "${cfg.dataDir}/traefik.yaml";
+      example = "/var/traefik/dynamic.yaml";
+    };
   };
   config.services.traefik = {
-    inherit (cfg) enable;
-    dynamicConfigFile = "${cfg.dataDir}/dynamic_config.toml";
+    inherit (cfg) enable dynamicConfigFile environmentFiles;
     staticConfigOptions = {
       api.dashboard = true;
       log = {
@@ -29,18 +39,18 @@ in {
       };
       accessLog.filePath = "${cfg.dataDir}/access.log";
       entryPoints = {
-        http = {
+        web = {
           address = ":80";
           asDefault = true;
           http.redirections.entrypoint = {
-            to = "https";
+            to = "websecure";
             scheme = "https";
           };
         };
-        https = {
+        websecure = {
           address = ":443";
           asDefault = true;
-          httpChallenge.entryPoint = "https";
+          httpChallenge.entryPoint = "websecure";
         };
       };
       providers.docker = {
@@ -53,6 +63,7 @@ in {
         dnsChallenge = {
           provider = "cloudflare";
           resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
+          propagation.delayBeforeChecks = 60;
         };
       };
     };

system/users/default.nix

@@ -1,5 +1,7 @@
 {
   imports = [
     ./phundrak.nix
+    ./root.nix
   ];
+  programs.zsh.enable = true;
 }

system/users/phundrak.nix

@@ -5,27 +5,23 @@
   ...
 }:
 with lib; let
-  cfg = config.mySystem.users;
+  cfg = config.mySystem.users.phundrak;
 in {
-  options.mySystem.users = {
-    root.disablePassword = mkEnableOption "Disables root password";
-    phundrak.enable = mkEnableOption "Enables users phundrak";
+  options.mySystem.users.phundrak = {
+    enable = mkEnableOption "Enables user phundrak";
+    trusted = mkEnableOption "Mark the user as trusted by Nix";
   };
 
   config = {
-    users.users = {
-      root = {
-        hashedPassword = mkIf cfg.root.disablePassword "*";
-        shell = pkgs.zsh;
-      };
-      phundrak = mkIf cfg.phundrak.enable {
-        isNormalUser = true;
-        description = "Lucien Cartier-Tilet";
-        extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman" "plugdev" "games" "audio" "input"];
-        shell = pkgs.zsh;
-        openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../keys;
-      };
+    users.users.phundrak = mkIf cfg.enable {
+      isNormalUser = true;
+      description = "Lucien Cartier-Tilet";
+      extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman" "plugdev" "games" "audio" "input"];
+      shell = pkgs.zsh;
+      openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../users/phundrak/keys;
+    };
+    nix.settings = mkIf cfg.trusted {
+      trusted-users = ["phundrak"];
     };
-    programs.zsh.enable = true;
   };
 }

system/users/root.nix

@@ -0,0 +1,17 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.users.root;
+in {
+  options.mySystem.users.root.disablePassword = mkEnableOption "Disables root password";
+  config = {
+    users.users.root = {
+      hashedPassword = mkIf cfg.disablePassword "*";
+      shell = pkgs.zsh;
+    };
+  };
+}