imterah/nix-infra
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feature: Adds base Traefik stack

Browse source
This commit is contained in:
Tera << 8 2025-05-06 07:48:49 -04:00
parent 8a2f7309ec
commit efe245787a
Signed by: imterah
GPG key ID: 8FA7DD57BA6CEA37
4 changed files with 76 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -5,3 +5,6 @@ result-*
# Ignore automatically generated direnv output # Ignore automatically generated direnv output
.direnv .direnv
# Docker garbage
hosts/andromeda/stacks/*/*.yml

22
hosts/andromeda/configuration.nix
View file

@ -14,6 +14,9 @@
../../system/sshd.nix ../../system/sshd.nix
../../system/avahifixes.nix ../../system/avahifixes.nix
../../system/i18n.nix ../../system/i18n.nix
# Docker stacks
./andromeda/stacks/traefik/docker-compose.nix
]; ];
users.mutableUsers = false; users.mutableUsers = false;
@ -32,6 +35,10 @@
"networkmanager" "networkmanager"
]; ];
packages = with pkgs; [
git
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
(builtins.readFile ../../data/id_user.pub) (builtins.readFile ../../data/id_user.pub)
]; ];
@ -46,12 +53,27 @@
# Services # Services
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
autoPrune.enable = true;
storageDriver = "btrfs"; storageDriver = "btrfs";
}; };
virtualisation.oci-containers.backend = "docker";
# Volumes
fileSystems."/mnt/NASBox" = {
device = "192.168.0.3:/mnt/Diskette/KubeData";
fsType = "nfs";
};
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit (pkgs) htop btop micro nano; inherit (pkgs) htop btop micro nano;
}; };
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443 8000];
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

39
hosts/andromeda/stacks/traefik/docker-compose.nix Normal file
View file

@ -0,0 +1,39 @@
# Auto-generated using compose2nix v0.3.1.
{ pkgs, lib, ... }:
{
# Containers
virtualisation.oci-containers.containers."traefik-reverse-proxy" = {
image = "traefik:v3.3";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:rw"
];
cmd = [ "--api.insecure=true" "--entryPoints.web.address=:8000" "--providers.docker" ];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
systemd.services."docker-traefik-reverse-proxy" = {
serviceConfig = {
Restart = lib.mkOverride 90 "no";
};
partOf = [
"docker-compose-traefik-root.target"
];
wantedBy = [
"docker-compose-traefik-root.target"
];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-traefik-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

12
hosts/andromeda/stacks/traefik/docker-compose.yml Normal file
View file

@ -0,0 +1,12 @@
version: '3'
services:
reverse-proxy:
# The official v3 Traefik docker image
image: traefik:v3.3
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --entryPoints.web.address=:8000 --providers.docker
network_mode: host
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock