Merge remote-tracking branch 'ext/dev' into dev

2026-06-17 21:25:04 +02:00
parent 9936f538e1 ece075ffaf
commit 0611ab0077
5 changed files with 147 additions and 1 deletions
--- a/modules/nixos/system/network/base/default.nix
+++ b/modules/nixos/system/network/base/default.nix
@@ -4,7 +4,6 @@
    useDHCP = true;
    nameservers = [ "1.1.1.1" "9.9.9.9" ];
    dhcpcd = {
-      enable = true;
      wait = "background";
    };

--- a/modules/server/containers/apps/drawio.nix
+++ b/modules/server/containers/apps/drawio.nix
@@ -0,0 +1,55 @@
+{ config, containerCfg, pkgs, lib, builder, name, ... }:
+let
+  version = "latest";
+  serverCfg = config.syscfg.server;
+in
+{
+  runtime = {
+    paths = [
+      {
+        path = "${serverCfg.path.data.path}/drawio/";
+        owner = "root:root";
+        mode = "0777";
+      }
+    ];
+
+    containers = {
+      server = builder.mkContainer {
+        subdomain = containerCfg.subdomain;
+        image = "jgraph/drawio:${version}";
+        port = 8080;
+        extraEnv = {
+          VIRTUAL_HOST = "${containerCfg.subdomain}.${serverCfg.domain}";
+          VIRTUAL_PORT = "8080";
+          LETS_ENCRYPT_ENABLED = "false";
+          DRAWIO_SERVER_URL = "https://${containerCfg.subdomain}.${serverCfg.domain}";
+          DRAWIO_SELF_CONTAINED = "1";
+          EXPORT_URL = "http://drawio-exporter:8000/";
+          DRAWIO_CONFIG = ''
+            {
+              "defaultFonts": [
+                "Helvetica", "Arial", "Verdana",
+                "IBM Plex Mono",
+                "IBM Plex Sans",
+                "Noto Sans",
+                "Latin Modern Math"
+              ]
+            }
+          '';
+        };
+        overrides = {
+          ports = ["8080:8080"];
+        };
+      };
+      exporter = builder.mkContainer {
+        image = "jgraph/export-server:${version}";
+        extraEnv = {
+          DRAWIO_SERVER_URL = "https://${containerCfg.subdomain}.${serverCfg.domain}";
+        };
+        overrides = {
+          volumes = ["/run/current-system/sw/share/X11/fonts:/usr/share/fonts/drawio:ro" "/nix/store:/nix/store:ro"];
+        };
+      };
+    };
+  };
+}
--- a/modules/server/containers/apps/excalidraw.nix
+++ b/modules/server/containers/apps/excalidraw.nix
@@ -0,0 +1,35 @@
+{ config, containerCfg, pkgs, lib, builder, name,... }:
+let
+  version = "latest";
+  serverCfg = config.syscfg.server;
+in {
+  runtime = {
+    paths = [{
+      path="${serverCfg.path.data.path}/excalidraw/";
+      owner = "root:root";
+      mode = "0777";
+    }];
+
+    containers = {
+      server = builder.mkContainer {
+        subdomain = containerCfg.subdomain;
+        image = "excalidraw/excalidraw:${version}";
+        port = 80;
+        tmpfs = true;
+      #   secret = name;
+        extraEnv = {
+          NODE_ENV="production";
+          VITE_APP_WS_SERVER_URL="${containerCfg.subdomain}.${serverCfg.domain}";
+        };
+          extraLabels = {
+        };
+        overrides = {
+          volumes = [
+            "${serverCfg.path.data.path}/excalidraw:/app/data"
+          ];
+        };
+      };
+    };
+  };
+
+}
--- a/modules/server/containers/apps/influx.nix
+++ b/modules/server/containers/apps/influx.nix
@@ -111,6 +111,11 @@ in {
          GF_LIVE_HA_ENGINE_ADRESS = "${builder.host}:6379";
          DEFAULT_INFLUX_SERVER = "http://${builder.host}:8181";
        };
+        extraLabels = {
+          "traefik.http.routers.grafana-pub.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.domain}`) && PathPrefix(`/public-dashboards`)";
+          "traefik.http.routers.grafana-pub.entrypoints" = "web-secure";
+          "traefik.http.routers.grafana-pub.tls" = "true";
+        };
        overrides = { 
          user = "1500:1500";
          environmentFiles =  [ config.sops.secrets."INFLUX".path config.sops.secrets."CUSTOM".path ] ;
--- a/modules/server/containers/apps/robotstxt.nix
+++ b/modules/server/containers/apps/robotstxt.nix
@@ -0,0 +1,52 @@
+{ containerCfg, pkgs, builder, name, ... }:
+let
+  port = 8080;
+  priority = toString (containerCfg.extra.priority or 2147482647);
+  defaultRobots = ''
+    User-agent: *
+    Disallow: /
+  '';
+  robots =
+    if containerCfg.extra ? robots then
+      containerCfg.extra.robots
+    else
+      defaultRobots + (containerCfg.extra.extraRobots or "");
+  robotsRoot = pkgs.writeTextDir "robots.txt" robots;
+  image = pkgs.dockerTools.streamLayeredImage {
+    name = "robots";
+    tag = "1";
+    contents = [
+      robotsRoot
+      pkgs.busybox
+    ];
+    config = {
+      Entrypoint = [
+        "${pkgs.busybox}/bin/httpd"
+        "-f"
+        "-p"
+        "0.0.0.0:${toString port}"
+        "-h"
+        "${robotsRoot}"
+      ];
+      ExposedPorts = { "${toString port}/tcp" = { }; };
+      WorkingDir = "/";
+    };
+  };
+in {
+  runtime = {
+    containers = {
+      server = builder.mkContainer {
+        imageStream = image;
+        port = port;
+        extraLabels = {
+          "traefik.enable" = "true";
+          "traefik.http.routers.${name}.entrypoints" = "web-secure";
+          "traefik.http.routers.${name}.rule" = "Path(`/robots.txt`)";
+          "traefik.http.routers.${name}.priority" = priority;
+          "traefik.http.routers.${name}.tls" = "true";
+          "traefik.http.services.${name}.loadbalancer.server.port" = toString port;
+        };
+      };
+    };
+  };
+}