{ inputs, config, lib, pkgs, system, ... }: let cfg = config.suites.senfnvp; in { imports = [ ./website.nix ./forgejo.nix ]; options.suites.senfnvp.enable = lib.mkOption { type = with lib.types; uniq bool; default = false; description = "Enables the senfnvp Stack"; }; options.suites.senfnvp.hostname = lib.mkOption { type = with lib.types; string; default = "kb-one.de"; description = "Hostname of senfnvp Stack"; }; options.suites.senfnvp.database.enable = lib.mkOption { type = with lib.types; uniq bool; default = true; description = "Enable senfnvp Database"; }; options.suites.senfnvp.proxy.enable = lib.mkOption { type = with lib.types; uniq bool; default = true; description = "Enable senfnvp Proxy"; }; config = lib.mkIf (cfg.enable) { containers.proxy = lib.mkIf (cfg.enable && cfg.proxy.enable) { autoStart = true; config = { config, pkgs, lib, ... }: { services.traefik = { enable = true; staticConfigOptions = { entryPoints = { web = { address = ":80"; asDefault = true; http.redirections.entrypoint = { to = "websecure"; scheme = "https"; }; }; websecure = { address = ":443"; asDefault = true; http.tls.certResolver = "letsencrypt"; }; git-ssh.address = ":9522"; }; certificatesResolvers.letsencrypt.acme = { tlsChallenge = {}; storage = "/var/secrets/traefik/acme.json"; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 9522]; }; }; # Core Container # A Guide to Nix Containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html containers.core = { autoStart = true; privateNetwork = true; config = { config, pkgs, lib, ... }: { }; }; }; }