From efe245787a6590f49aac98c028b42891c880f0f7 Mon Sep 17 00:00:00 2001 From: imterah Date: Tue, 6 May 2025 07:48:49 -0400 Subject: [PATCH] feature: Adds base Traefik stack --- .gitignore | 3 ++ hosts/andromeda/configuration.nix | 22 +++++++++++ .../stacks/traefik/docker-compose.nix | 39 +++++++++++++++++++ .../stacks/traefik/docker-compose.yml | 12 ++++++ 4 files changed, 76 insertions(+) create mode 100644 hosts/andromeda/stacks/traefik/docker-compose.nix create mode 100644 hosts/andromeda/stacks/traefik/docker-compose.yml diff --git a/.gitignore b/.gitignore index 5631c13..c347735 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,6 @@ result-* # Ignore automatically generated direnv output .direnv + +# Docker garbage +hosts/andromeda/stacks/*/*.yml diff --git a/hosts/andromeda/configuration.nix b/hosts/andromeda/configuration.nix index 50eb5d4..7e6366f 100755 --- a/hosts/andromeda/configuration.nix +++ b/hosts/andromeda/configuration.nix @@ -14,6 +14,9 @@ ../../system/sshd.nix ../../system/avahifixes.nix ../../system/i18n.nix + + # Docker stacks + ./andromeda/stacks/traefik/docker-compose.nix ]; users.mutableUsers = false; @@ -32,6 +35,10 @@ "networkmanager" ]; + packages = with pkgs; [ + git + ]; + openssh.authorizedKeys.keys = [ (builtins.readFile ../../data/id_user.pub) ]; @@ -46,12 +53,27 @@ # Services virtualisation.docker = { enable = true; + autoPrune.enable = true; + storageDriver = "btrfs"; }; + virtualisation.oci-containers.backend = "docker"; + + # Volumes + fileSystems."/mnt/NASBox" = { + device = "192.168.0.3:/mnt/Diskette/KubeData"; + fsType = "nfs"; + }; + environment.systemPackages = builtins.attrValues { inherit (pkgs) htop btop micro nano; }; + networking.firewall = { + enable = true; + allowedTCPPorts = [80 443 8000]; + }; + system.stateVersion = "24.11"; } diff --git a/hosts/andromeda/stacks/traefik/docker-compose.nix b/hosts/andromeda/stacks/traefik/docker-compose.nix new file mode 100644 index 0000000..ab1b51c --- /dev/null +++ b/hosts/andromeda/stacks/traefik/docker-compose.nix @@ -0,0 +1,39 @@ +# Auto-generated using compose2nix v0.3.1. +{ pkgs, lib, ... }: + +{ + # Containers + virtualisation.oci-containers.containers."traefik-reverse-proxy" = { + image = "traefik:v3.3"; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock:rw" + ]; + cmd = [ "--api.insecure=true" "--entryPoints.web.address=:8000" "--providers.docker" ]; + log-driver = "journald"; + extraOptions = [ + "--network=host" + ]; + }; + + systemd.services."docker-traefik-reverse-proxy" = { + serviceConfig = { + Restart = lib.mkOverride 90 "no"; + }; + partOf = [ + "docker-compose-traefik-root.target" + ]; + wantedBy = [ + "docker-compose-traefik-root.target" + ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."docker-compose-traefik-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/hosts/andromeda/stacks/traefik/docker-compose.yml b/hosts/andromeda/stacks/traefik/docker-compose.yml new file mode 100644 index 0000000..2f3092a --- /dev/null +++ b/hosts/andromeda/stacks/traefik/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3' + +services: + reverse-proxy: + # The official v3 Traefik docker image + image: traefik:v3.3 + # Enables the web UI and tells Traefik to listen to docker + command: --api.insecure=true --entryPoints.web.address=:8000 --providers.docker + network_mode: host + volumes: + # So that Traefik can listen to the Docker events + - /var/run/docker.sock:/var/run/docker.sock