add(server)

2026-02-08 00:01:25 +00:00
parent 3c57067a6f
commit 0d3c5c559f
11 changed files with 355 additions and 0 deletions
--- a/config/modules/raspberry-pi.nix
+++ b/config/modules/raspberry-pi.nix
@@ -0,0 +1,38 @@
+{
+  den,
+  __findFile,
+  modules,
+  inputs,
+  ...
+}:
+{
+  flake-file.inputs = {
+    raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix";
+  };
+  modules.raspberry-pi = {
+    # TODO, make this take an attr set which describes which rpi it is
+    nixos =
+      { pkgs, ... }:
+      let
+        rpi-pi = inputs.raspberry-pi-nix;
+      in
+      {
+        imports = [
+          rpi-pi.nixosModules.raspberry-pi
+          rpi-pi.nixosModules.sd-image
+        ];
+
+        environment.systemPackages = with pkgs; [
+          libraspberrypi
+        ];
+
+        sdImage.compressImage = false;
+        raspberry-pi-nix.board = "bcm2712"; # Rpi 5 - 64bit
+        # We need to rebuild kernel for 6.12
+        # raspberry-pi-nix.kernel-version = "v6_12_17";
+        raspberry-pi-nix.uboot.enable = false;
+
+        hardware.enableRedistributableFirmware = true;
+      };
+  };
+}
--- a/config/modules/services/traefik.nix
+++ b/config/modules/services/traefik.nix
@@ -0,0 +1,51 @@
+{
+  den,
+  __findFile,
+  modules,
+  ...
+}:
+{
+  # Basic traefik
+  modules.services.traefik = {
+    services.traefik = {
+      nixos =
+        { config, ... }:
+        {
+          enable = true;
+
+          staticConfigOptions = {
+            entryPoints = {
+              web = {
+                address = ":80";
+                http.redirections.entrypoint = {
+                  to = "websecure";
+                  scheme = "https";
+                };
+                asDefault = true;
+              };
+              websecure = {
+                address = ":443";
+                asDefault = true;
+                http.tls.certResolver = "letsencrypt";
+              };
+              traefik = {
+                address = ":8080";
+              };
+            };
+            certificatesResolvers.letsencrypt.acme = {
+              email = "doloroo@proton.me";
+              storage = "${config.services.traefik.dataDir}/acme.json";
+              httpChallenge.entryPoint = "web";
+            };
+            providers = {
+              docker = {
+                endpoint = "unix:///var/run/docker.sock";
+              };
+            };
+            api.dashboard = true;
+            api.insecure = true;
+          };
+        };
+    };
+  };
+}
--- a/config/modules/user/servers/root.nix
+++ b/config/modules/user/servers/root.nix
@@ -0,0 +1,16 @@
+{ modules, ... }:
+{
+  #	Applys public keys and various root account config
+  modules.servers.rootAcc =
+    { config, user, ... }:
+    {
+      nixos = {
+        users.users.root = {
+          openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key
+          ];
+        };
+      };
+    };
+}