diff --git a/profiles/homebox/default.nix b/profiles/homebox/default.nix index 5a7a687..3d4849b 100644 --- a/profiles/homebox/default.nix +++ b/profiles/homebox/default.nix @@ -76,38 +76,25 @@ enable = true; portainer.enable = true; + traefik.enable = true; pihole.enable = true; + authentik.enable = true; + ollama.enable = true; searxng.enable = true; home-assistant.enable = true; n8n.enable = true; - authentik.enable = true; }; containers = { - traefik.enable = true; jellyfin.enable = true; "esotericbytes.com".enable = true; - nextcloud.enable = true; - ntfy.enable = false; gitea.enable = true; - netbird.enable = true; openwebui.enable = true; - wyoming = { - enable = false; - piper = false; - openwakeword = true; - faster-whisper = true; - }; - - rustdesk.enable = false; #broken - code-server.enable = true; - novnc.enable = false; - minecraft.enable = true; sandbox.enable = false; diff --git a/system/virtualization/docker/gitea/default.nix b/system/virtualization/docker/gitea/default.nix index e69de29..0967ef4 100644 --- a/system/virtualization/docker/gitea/default.nix +++ b/system/virtualization/docker/gitea/default.nix @@ -0,0 +1 @@ +{} diff --git a/system/virtualization/docker/home-assistant/default.nix b/system/virtualization/docker/home-assistant/default.nix index 620da70..8343ae6 100644 --- a/system/virtualization/docker/home-assistant/default.nix +++ b/system/virtualization/docker/home-assistant/default.nix @@ -44,10 +44,6 @@ in { "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; }; - extraOptions = [ - "--ip=192.168.101.6" - ]; - environment = { TZ = "America/Chicago"; }; diff --git a/system/virtualization/docker/jellyfin/default.nix b/system/virtualization/docker/jellyfin/default.nix index e69de29..0967ef4 100644 --- a/system/virtualization/docker/jellyfin/default.nix +++ b/system/virtualization/docker/jellyfin/default.nix @@ -0,0 +1 @@ +{} diff --git a/system/virtualization/docker/minecraft/default.nix b/system/virtualization/docker/minecraft/default.nix index e69de29..0967ef4 100644 --- a/system/virtualization/docker/minecraft/default.nix +++ b/system/virtualization/docker/minecraft/default.nix @@ -0,0 +1 @@ +{} diff --git a/system/virtualization/docker/n8n/default.nix b/system/virtualization/docker/n8n/default.nix index c577579..18b94bb 100644 --- a/system/virtualization/docker/n8n/default.nix +++ b/system/virtualization/docker/n8n/default.nix @@ -43,10 +43,6 @@ in { "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; }; - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--ip=192.168.101.7" - ]; - ports = [ "${builtins.toString hostPort}:5678" ]; diff --git a/system/virtualization/docker/nextcloud/default.nix b/system/virtualization/docker/nextcloud/default.nix index e69de29..0967ef4 100644 --- a/system/virtualization/docker/nextcloud/default.nix +++ b/system/virtualization/docker/nextcloud/default.nix @@ -0,0 +1 @@ +{} diff --git a/system/virtualization/docker/ollama/default.nix b/system/virtualization/docker/ollama/default.nix index d79c991..c037ce7 100644 --- a/system/virtualization/docker/ollama/default.nix +++ b/system/virtualization/docker/ollama/default.nix @@ -60,7 +60,6 @@ in { extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ "--device=nvidia.com/gpu=all" - "--ip=192.168.101.4" ]; environment = { diff --git a/system/virtualization/docker/openwebui/default.nix b/system/virtualization/docker/openwebui/default.nix index e69de29..0967ef4 100644 --- a/system/virtualization/docker/openwebui/default.nix +++ b/system/virtualization/docker/openwebui/default.nix @@ -0,0 +1 @@ +{} diff --git a/system/virtualization/docker/pihole/default.nix b/system/virtualization/docker/pihole/default.nix index fee4bb5..427b06c 100644 --- a/system/virtualization/docker/pihole/default.nix +++ b/system/virtualization/docker/pihole/default.nix @@ -55,10 +55,6 @@ in { "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; }; - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--ip=192.168.101.3" - ]; - ports = [ "${builtins.toString hostPort}:80" "127.0.0.1:53:53/tcp" diff --git a/system/virtualization/docker/portainer/default.nix b/system/virtualization/docker/portainer/default.nix index 253ece2..fa770fb 100644 --- a/system/virtualization/docker/portainer/default.nix +++ b/system/virtualization/docker/portainer/default.nix @@ -41,10 +41,6 @@ in { "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; }; - - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--ip=192.168.101.2" - ]; ports = [ "127.0.0.1:8000:8000" diff --git a/system/virtualization/docker/rustdesk/default.nix b/system/virtualization/docker/rustdesk/default.nix index e69de29..0967ef4 100644 --- a/system/virtualization/docker/rustdesk/default.nix +++ b/system/virtualization/docker/rustdesk/default.nix @@ -0,0 +1 @@ +{} diff --git a/system/virtualization/docker/searxng/default.nix b/system/virtualization/docker/searxng/default.nix index 32eaaf5..45ae2f1 100644 --- a/system/virtualization/docker/searxng/default.nix +++ b/system/virtualization/docker/searxng/default.nix @@ -44,10 +44,6 @@ in { "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}"; }; - extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ - "--ip=192.168.101.5" - ]; - ports = [ "${builtins.toString hostPort}:8080" ]; diff --git a/system/virtualization/docker/traefik/config/dynamic/routing.yml b/system/virtualization/docker/traefik/config/dynamic/routing.yml new file mode 100644 index 0000000..d778a74 --- /dev/null +++ b/system/virtualization/docker/traefik/config/dynamic/routing.yml @@ -0,0 +1,38 @@ +http: + routers: + + homepageSecure: + entryPoints: + - "websecure" + - "localsecure" + rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)" + service: "homepage" + tls: + certResolver: "cloudflare" + + traefik: + entryPoints: + - "localsecure" + rule: "Host(`traefik.esotericbytes.com`)" + service: "api@internal" + tls: + certResolver: "cloudflare" + + code-server: + entryPoints: + - "localsecure" + rule: "Host(`code.esotericbytes.com`)" + service: "code-server" + tls: + certResolver: "cloudflare" + + services: + homepage: + loadBalancer: + servers: + - url: "http://192.168.100.13:80" + + code-server: + loadBalancer: + servers: + - url: "http://192.168.100.31:4444" diff --git a/system/virtualization/docker/traefik/config/traefik.yml b/system/virtualization/docker/traefik/config/traefik.yml new file mode 100644 index 0000000..8a3df51 --- /dev/null +++ b/system/virtualization/docker/traefik/config/traefik.yml @@ -0,0 +1,71 @@ +providers: + docker: + exposedByDefault: false + file: + directory: "/etc/traefik/dynamic" + +serversTransport: + insecureSkipVerify: true + +api: + dashboard: true + +global: + checknewversion: true + sendanonymoususage: false + +entryPoints: + web: + address: ":81" + http: + redirections: + entryPoint: + to: "websecure" + scheme: "https" + + websecure: + address: ":444" + asDefault: true + http: + tls: + certResolver: "cloudflare" + domains: + main: "esotericbytes.com" + sans: + - "*.esotericbytes.com" + + local: + address: ":80" + http: + redirections: + entryPoint: + to: "localsecure" + scheme: "https" + + localsecure: + address: ":443" + asDefault: true + http: + tls: + certResolver: "cloudflare" + domains: + main: "esotericbytes.com" + sans: + - "*.esotericbytes.com" + +log: + level: "INFO" + filePath: "/etc/traefik/logs/traefik.log" + format: "json" + +certificatesResolvers: + cloudflare: + acme: + storage: "/etc/traefik/acme.json" + keyType: "EC256" + dnsChallenge: + provider: "cloudflare" + resolvers: + - "1.1.1.1:53" + - "1.0.0.1:53" + diff --git a/system/virtualization/docker/traefik/default.nix b/system/virtualization/docker/traefik/default.nix index b80c9af..9b9406b 100644 --- a/system/virtualization/docker/traefik/default.nix +++ b/system/virtualization/docker/traefik/default.nix @@ -19,17 +19,25 @@ ''; }; + environment.etc = builtins.listToAttrs builtins.map (x: { + name = "traefik/${x}"; + value = { + source = ./config/${x}; + }; + }) builtins.attrNames builtins.readDir ./config; + virtualisation.oci-containers.containers.traefik = { - image = "traefik:3.6"; + image = "traefik:v3.6"; environment = { + TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}"; }; environmentFiles = [ config.sops.templates."traefik.env".path ]; volumes = [ - "vol_traefik:/etc/traefik/data" + "/etc/traefik/:/etc/traefik/" "/run/docker.sock:/var/run/docker.sock" ]; @@ -37,6 +45,11 @@ "docker-main" ]; + ports = [ + "80" + "443" + ]; + log-driver = "journald"; }; systemd.services."docker-traefik" = { @@ -47,12 +60,10 @@ RestartSteps = lib.mkOverride 90 9; }; after = [ - "docker-network-authentik_default.service" - "docker-volume-vol_traefik.service" + "docker-network-setup.service" ]; requires = [ - "docker-network-authentik_default.service" - "docker-volume-vol_traefik.service" + "docker-network-setup.service" ]; partOf = [ "docker-compose-traefik-root.target" @@ -62,20 +73,6 @@ ]; }; -# Volumes - systemd.services."docker-volume-vol_traefik" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect vol_traefik || docker volume create vol_traefik --driver=btrfs - ''; - partOf = [ "docker-compose-traefik-root.target" ]; - wantedBy = [ "docker-compose-traefik-root.target" ]; - }; - # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. diff --git a/system/virtualization/docker/wyoming/default.nix b/system/virtualization/docker/wyoming/default.nix index e69de29..0967ef4 100644 --- a/system/virtualization/docker/wyoming/default.nix +++ b/system/virtualization/docker/wyoming/default.nix @@ -0,0 +1 @@ +{}