gortium/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Some more work toward a modular config

Browse Source
This commit is contained in:
Thierry Pouplier
2025-08-04 22:15:59 -04:00
parent 94f0ce50ae
commit ac6c3688ef
11 changed files with 252 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/nixos/bundles/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, lib, config, ... }: {
imports =
[
./graphical-desktop.nix
];
}

20
modules/nixos/bundles/graphical-desktop.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, lib, config, ... }: {
options = {
grapfical-desktop.enable = lib.mkEnableOption "enable graphical desktop";
};
config = lib.mkIf config.grapfical-desktop.enable {
# Enable the X11 windowing system.
services.xserver.enable = true;
# Hyprland
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
programs.waybar.enable = true;
};
}

8
modules/nixos/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, lib, config, ... }: {
imports =
[
./bundles
# ./programs
# ./services
];
}

32
modules/nixos/services/podman.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.podman;
in {
options.services.podman.enable = mkEnableOption "enable podman";
config = mkIf cfg.enable {
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [
"--filter=until=24h"
"--filter=label!=important"
];
};
defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
podman-compose
];
};
}

101
modules/nixos/services/traefik.nix Normal file
View File

@@ -0,0 +1,101 @@
{config, ...}: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = {level = "WARN";};
certificatesResolvers = {
godaddy = {
acme = {
email = "letsencrypt.org.btlc2@passmail.net";
storage = "/var/lib/traefik/acme.json";
caserver = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "godaddy";
resolvers = ["1.1.1.1:53" "8.8.8.8:53"];
propagation = {
delayBeforeChecks = 60;
disableChecks = true;
};
};
};
};
};
api = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
rtmp = {
address = ":1935";
};
rtmps = {
address = ":1945";
};
websecure = {
address = ":443";
};
};
};
dynamicConfigOptions = {
http = {
services = {
dummy = {
loadBalancer.servers = [
{url = "http://192.168.0.1";} # Diese URL wird nie verwendet
];
};
};
middlewares = {
domain-redirect = {
redirectRegex = {
regex = "^https://www\\.m3tam3re\\.com(.*)";
replacement = "https://m3ta.dev$1";
permanent = true;
};
};
strip-www = {
redirectRegex = {
regex = "^https://www\\.(.+)";
replacement = "https://$1";
permanent = true;
};
};
subdomain-redirect = {
redirectRegex = {
regex = "^https://([a-zA-Z0-9-]+)\\.m3tam3re\\.com(.*)";
replacement = "https://$1.m3ta.dev$2";
permanent = true;
};
};
auth = {
basicAuth = {
users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
};
};
};
routers = {
api = {
rule = "Host(`r.m3tam3re.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.traefik.path}"];
};
networking.firewall.allowedTCPPorts = [80 443];
}