Used agenix to manage secrets, 4 services up, ssh

modules/nixos/bundles/graphical-desktop.nix

@@ -4,12 +4,9 @@
   options = {
     grapfical-desktop.enable = lib.mkEnableOption "enable graphical desktop";
   };
-
   config = lib.mkIf config.grapfical-desktop.enable {
-
     # Enable the X11 windowing system.
     services.xserver.enable = true;
-
     # Hyprland
     programs.hyprland = {
       enable = true;

modules/nixos/default.nix

@@ -3,6 +3,7 @@
     [
       ./bundles
       # ./programs
-      # ./services
+      ./services
+      ./filesystem
     ];
 }

modules/nixos/filesystem/default.nix

@@ -0,0 +1,6 @@
+{ pkgs, lib, config, ... }: {
+  imports =
+    [
+      ./hoardingcow-mount.nix
+    ];
+}

modules/nixos/filesystem/hoardingcow-mount.nix

@@ -0,0 +1,13 @@
+{ pkgs, lib, config, ... }: {
+
+  options = {
+    hoardingcow-mount.enable = lib.mkEnableOption "enable hoardingcow acces";
+  };
+  config = lib.mkIf config.hoardingcow-mount.enable {
+    fileSystems."/mnt/HoardingCow_docker_data" = {
+      device = "192.168.1.2:/WorkHorse_docker_data";
+      fsType = "nfs";
+      options = [ "defaults" "nofail" "_netdev" ];
+    };
+  };
+}

modules/nixos/services/default.nix

@@ -0,0 +1,6 @@
+{ pkgs, lib, config, ... }: {
+  imports =
+    [
+      ./systemd
+    ];
+}

modules/nixos/services/systemd/default.nix

@@ -0,0 +1,28 @@
+{ pkgs, lib, config, self, keys, paths, ... }: {
+  imports =
+    [
+      ./network.nix
+      ./passwordmanager.nix
+      ./versioncontrol.nix
+    ];
+
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      "dns" = [ "1.1.1.1" "8.8.8.8" ];
+    };
+  };
+
+  age = {
+    identityPaths = paths.identities;
+    secrets = {
+      containers_env = {
+        file = self + "/secrets/containers.env.age";
+        path = "/run/secrets/containers.env";
+        owner = "root";
+        group = "root";
+        mode = "0400";
+      };
+    };
+  };
+}

modules/nixos/services/systemd/network.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, self, ... }:
+
+let
+  network_compose_dir = pkgs.stdenv.mkDerivation {
+    name = "network_compose_dir";
+    src = self + "/assets/compose/network";
+    dontUnpack = true;
+    installPhase = ''
+      mkdir -p $out
+      cp -r $src/* $out/
+    '';
+  };
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  systemd.services.network_stack = {
+    description = "Traefik + DDNS updater via Docker Compose";
+    after = [ "network.target" "docker.service" ];
+    requires = [ "network.target" "docker.service" ];
+    serviceConfig = {
+      WorkingDirectory = "${network_compose_dir}";
+
+      EnvironmentFile = config.age.secrets.containers_env.path;
+
+      # Stop left over container by the same name
+      ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.docker-compose}/bin/docker-compose down || true'";
+
+      # Start the services using Docker Compose
+      ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d";
+
+      # Stop and remove containers on shutdown
+      ExecStop = "${pkgs.docker-compose}/bin/docker-compose down";
+
+      RemainAfterExit = true;
+      TimeoutStartSec = 0;
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

modules/nixos/services/systemd/passwordmanager.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, self, ... }:
+
+let
+  passwordmanager_compose_dir = pkgs.stdenv.mkDerivation {
+    name = "passwordmanager_compose_dir";
+    src = self + "/assets/compose/passwordmanager";
+    dontUnpack = true;
+    installPhase = ''
+      mkdir -p $out
+      cp -r $src/* $out/
+    '';
+  };
+in
+{
+  systemd.services.passwordmanager_stack = {
+    description = "Bitwarden via Docker Compose";
+    after = [ "network-online.target" "docker.service" ];
+    wants = [ "network-online.target" "docker.service" ];
+    serviceConfig = {
+      WorkingDirectory = "${passwordmanager_compose_dir}";
+
+      # Stop left over container by the same name
+      ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.docker-compose}/bin/docker-compose down || true'";
+
+      # Démarrer les conteneurs avec Docker Compose
+      ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d";
+
+      # Arrêter et supprimer les conteneurs à l’arrêt
+      ExecStop = "${pkgs.docker-compose}/bin/docker-compose down";
+
+      RemainAfterExit = true;
+      TimeoutStartSec = 0;
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

modules/nixos/services/systemd/versioncontrol.nix

@@ -0,0 +1,38 @@
+{ config, pkgs, self, ... }:
+
+let
+  versioncontrol_compose_dir = pkgs.stdenv.mkDerivation {
+    name = "versioncontrol_compose_dir";
+    src = self + "/assets/compose/versioncontrol";
+    dontUnpack = true;
+    installPhase = ''
+      mkdir -p $out
+      cp -r $src/* $out/
+    '';
+  };
+in
+{
+  networking.firewall.allowedTCPPorts = [ 2222 ];
+
+  systemd.services.versioncontrol_stack = {
+    description = "Gitea via Docker Compose";
+    after = [ "network-online.target" "docker.service" ];
+    wants = [ "network-online.target" "docker.service" ];
+    serviceConfig = {
+      WorkingDirectory = "${versioncontrol_compose_dir}";
+
+      # Stop left over container by the same name
+      ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.docker-compose}/bin/docker-compose down || true'";
+
+      # Démarrer les conteneurs avec Docker Compose
+      ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d";
+
+      # Arrêter et supprimer les conteneurs à l’arrêt
+      ExecStop = "${pkgs.docker-compose}/bin/docker-compose down";
+
+      RemainAfterExit = true;
+      TimeoutStartSec = 0;
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}