84 lines
2 KiB
Nix
84 lines
2 KiB
Nix
{
|
|
inputs,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
system,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.suites.senfnvp;
|
|
in
|
|
{
|
|
imports = [
|
|
./website.nix
|
|
./forgejo.nix
|
|
];
|
|
options.suites.senfnvp.enable = lib.mkOption {
|
|
type = with lib.types; uniq bool;
|
|
default = false;
|
|
description = "Enables the senfnvp Stack";
|
|
};
|
|
options.suites.senfnvp.hostname = lib.mkOption {
|
|
type = with lib.types; string;
|
|
default = "kb-one.de";
|
|
description = "Hostname of senfnvp Stack";
|
|
};
|
|
options.suites.senfnvp.database.enable = lib.mkOption {
|
|
type = with lib.types; uniq bool;
|
|
default = true;
|
|
description = "Enable senfnvp Database";
|
|
};
|
|
options.suites.senfnvp.proxy.enable = lib.mkOption {
|
|
type = with lib.types; uniq bool;
|
|
default = true;
|
|
description = "Enable senfnvp Proxy";
|
|
};
|
|
|
|
config = lib.mkIf (cfg.enable) {
|
|
|
|
containers.proxy = lib.mkIf (cfg.enable && cfg.proxy.enable) {
|
|
autoStart = true;
|
|
config = { config, pkgs, lib, ... }: {
|
|
services.traefik = {
|
|
enable = true;
|
|
staticConfigOptions = {
|
|
entryPoints = {
|
|
web = {
|
|
address = ":80";
|
|
asDefault = true;
|
|
http.redirections.entrypoint = {
|
|
to = "websecure";
|
|
scheme = "https";
|
|
};
|
|
};
|
|
websecure = {
|
|
address = ":443";
|
|
asDefault = true;
|
|
http.tls.certResolver = "letsencrypt";
|
|
};
|
|
git-ssh.address = ":9522";
|
|
};
|
|
certificatesResolvers.letsencrypt.acme = {
|
|
tlsChallenge = {};
|
|
storage = "/var/secrets/traefik/acme.json";
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 443 9522];
|
|
};
|
|
};
|
|
|
|
# Core Container
|
|
# A Guide to Nix Containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html
|
|
containers.core = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
config = { config, pkgs, lib, ... }: {
|
|
};
|
|
};
|
|
|
|
};
|
|
}
|
|
|
|
|