feature: Adds base Traefik stack

2025-05-06 07:48:49 -04:00 · 2025-05-06 07:48:49 -04:00 · efe245787a
commit efe245787a
parent 8a2f7309ec
4 changed files with 76 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,6 @@ result-*

 # Ignore automatically generated direnv output
 .direnv
+
+# Docker garbage
+hosts/andromeda/stacks/*/*.yml
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@ -14,6 +14,9 @@
    ../../system/sshd.nix
    ../../system/avahifixes.nix
    ../../system/i18n.nix
+
+    # Docker stacks
+    ./andromeda/stacks/traefik/docker-compose.nix
  ];

  users.mutableUsers = false;
@ -32,6 +35,10 @@
      "networkmanager"
    ];

+    packages = with pkgs; [
+      git
+    ];
+
    openssh.authorizedKeys.keys = [
      (builtins.readFile ../../data/id_user.pub)
    ];
@ -46,12 +53,27 @@
  # Services
  virtualisation.docker = {
    enable = true;
+    autoPrune.enable = true;
+
    storageDriver = "btrfs";
  };

+  virtualisation.oci-containers.backend = "docker";
+
+  # Volumes
+  fileSystems."/mnt/NASBox" = {
+    device = "192.168.0.3:/mnt/Diskette/KubeData";
+    fsType = "nfs";
+  };
+
  environment.systemPackages = builtins.attrValues {
    inherit (pkgs) htop btop micro nano;
  };

+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [80 443 8000];
+  };
+
  system.stateVersion = "24.11";
 }
--- a/hosts/andromeda/stacks/traefik/docker-compose.nix
+++ b/hosts/andromeda/stacks/traefik/docker-compose.nix
@ -0,0 +1,39 @@
+# Auto-generated using compose2nix v0.3.1.
+{ pkgs, lib, ... }:
+
+{
+  # Containers
+  virtualisation.oci-containers.containers."traefik-reverse-proxy" = {
+    image = "traefik:v3.3";
+    volumes = [
+      "/var/run/docker.sock:/var/run/docker.sock:rw"
+    ];
+    cmd = [ "--api.insecure=true" "--entryPoints.web.address=:8000" "--providers.docker" ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network=host"
+    ];
+  };
+
+  systemd.services."docker-traefik-reverse-proxy" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "no";
+    };
+    partOf = [
+      "docker-compose-traefik-root.target"
+    ];
+    wantedBy = [
+      "docker-compose-traefik-root.target"
+    ];
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."docker-compose-traefik-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}
--- a/hosts/andromeda/stacks/traefik/docker-compose.yml
+++ b/hosts/andromeda/stacks/traefik/docker-compose.yml
@ -0,0 +1,12 @@
+version: '3'
+
+services:
+  reverse-proxy:
+    # The official v3 Traefik docker image
+    image: traefik:v3.3
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --entryPoints.web.address=:8000 --providers.docker
+    network_mode: host
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock