From 4fee8726a9fe39a769c04fa6246aa97f9b23c375 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Wed, 17 Jun 2026 17:13:59 +0200
Subject: [PATCH 1/5] Add modules/server/containers/apps/robotstxt.nix

---
 modules/server/containers/apps/robotstxt.nix | 52 ++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 modules/server/containers/apps/robotstxt.nix

diff --git a/modules/server/containers/apps/robotstxt.nix b/modules/server/containers/apps/robotstxt.nix
new file mode 100644
index 0000000..1e52737
--- /dev/null
+++ b/modules/server/containers/apps/robotstxt.nix
@@ -0,0 +1,52 @@
+{ containerCfg, pkgs, builder, name, ... }:
+let
+  port = 8080;
+  priority = toString (containerCfg.extra.priority or 2147482647);
+  defaultRobots = ''
+    User-agent: *
+    Disallow: /
+  '';
+  robots =
+    if containerCfg.extra ? robots then
+      containerCfg.extra.robots
+    else
+      defaultRobots + (containerCfg.extra.extraRobots or "");
+  robotsRoot = pkgs.writeTextDir "robots.txt" robots;
+  image = pkgs.dockerTools.streamLayeredImage {
+    name = "robots";
+    tag = "1";
+    contents = [
+      robotsRoot
+      pkgs.busybox
+    ];
+    config = {
+      Entrypoint = [
+        "${pkgs.busybox}/bin/httpd"
+        "-f"
+        "-p"
+        "0.0.0.0:${toString port}"
+        "-h"
+        "${robotsRoot}"
+      ];
+      ExposedPorts = { "${toString port}/tcp" = { }; };
+      WorkingDir = "/";
+    };
+  };
+in {
+  runtime = {
+    containers = {
+      server = builder.mkContainer {
+        imageStream = image;
+        port = port;
+        extraLabels = {
+          "traefik.enable" = "true";
+          "traefik.http.routers.${name}.entrypoints" = "web-secure";
+          "traefik.http.routers.${name}.rule" = "Path(`/robots.txt`)";
+          "traefik.http.routers.${name}.priority" = priority;
+          "traefik.http.routers.${name}.tls" = "true";
+          "traefik.http.services.${name}.loadbalancer.server.port" = toString port;
+        };
+      };
+    };
+  };
+}

From a66c08551cb9c204b69cea5c4c38a12d5f2ebf44 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Wed, 17 Jun 2026 17:14:13 +0200
Subject: [PATCH 2/5] Update modules/server/containers/apps/influx.nix

---
 modules/server/containers/apps/influx.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/server/containers/apps/influx.nix b/modules/server/containers/apps/influx.nix
index 8ecb0b1..df22dcc 100644
--- a/modules/server/containers/apps/influx.nix
+++ b/modules/server/containers/apps/influx.nix
@@ -111,6 +111,11 @@ in {
           GF_LIVE_HA_ENGINE_ADRESS = "${builder.host}:6379";
           DEFAULT_INFLUX_SERVER = "http://${builder.host}:8181";
         };
+        extraLabels = {
+          "traefik.http.routers.grafana-pub.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.domain}`) && PathPrefix(`/public-dashboards`)";
+          "traefik.http.routers.grafana-pub.entrypoints" = "web-secure";
+          "traefik.http.routers.grafana-pub.tls" = "true";
+        };
         overrides = { 
           user = "1500:1500";
           environmentFiles =  [ config.sops.secrets."INFLUX".path config.sops.secrets."CUSTOM".path ] ;

From 5effa640cc0934b38b79be0ef33d0c68e9585913 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Wed, 17 Jun 2026 17:14:28 +0200
Subject: [PATCH 3/5] Add modules/server/containers/apps/excalidraw.nix

---
 modules/server/containers/apps/excalidraw.nix | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 modules/server/containers/apps/excalidraw.nix

diff --git a/modules/server/containers/apps/excalidraw.nix b/modules/server/containers/apps/excalidraw.nix
new file mode 100644
index 0000000..77e7543
--- /dev/null
+++ b/modules/server/containers/apps/excalidraw.nix
@@ -0,0 +1,35 @@
+{ config, containerCfg, pkgs, lib, builder, name,... }:
+let
+  version = "latest";
+  serverCfg = config.syscfg.server;
+in {
+  runtime = {
+    paths = [{
+      path="${serverCfg.path.data.path}/excalidraw/";
+      owner = "root:root";
+      mode = "0777";
+    }];
+
+    containers = {
+      server = builder.mkContainer {
+        subdomain = containerCfg.subdomain;
+        image = "excalidraw/excalidraw:${version}";
+        port = 80;
+        tmpfs = true;
+      #   secret = name;
+        extraEnv = {
+          NODE_ENV="production";
+          VITE_APP_WS_SERVER_URL="${containerCfg.subdomain}.${serverCfg.domain}";
+        };
+          extraLabels = {
+        };
+        overrides = {
+          volumes = [
+            "${serverCfg.path.data.path}/excalidraw:/app/data"
+          ];
+        };
+      };
+    };
+  };
+
+}

From bae41101e31e607a1c9272b5ab487c7a05f65fe3 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Wed, 17 Jun 2026 17:14:41 +0200
Subject: [PATCH 4/5] Add modules/server/containers/apps/drawio.nix

---
 modules/server/containers/apps/drawio.nix | 55 +++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 modules/server/containers/apps/drawio.nix

diff --git a/modules/server/containers/apps/drawio.nix b/modules/server/containers/apps/drawio.nix
new file mode 100644
index 0000000..12be21b
--- /dev/null
+++ b/modules/server/containers/apps/drawio.nix
@@ -0,0 +1,55 @@
+{ config, containerCfg, pkgs, lib, builder, name, ... }:
+let
+  version = "latest";
+  serverCfg = config.syscfg.server;
+in
+{
+  runtime = {
+    paths = [
+      {
+        path = "${serverCfg.path.data.path}/drawio/";
+        owner = "root:root";
+        mode = "0777";
+      }
+    ];
+
+    containers = {
+      server = builder.mkContainer {
+        subdomain = containerCfg.subdomain;
+        image = "jgraph/drawio:${version}";
+        port = 8080;
+        extraEnv = {
+          VIRTUAL_HOST = "${containerCfg.subdomain}.${serverCfg.domain}";
+          VIRTUAL_PORT = "8080";
+          LETS_ENCRYPT_ENABLED = "false";
+          DRAWIO_SERVER_URL = "https://${containerCfg.subdomain}.${serverCfg.domain}";
+          DRAWIO_SELF_CONTAINED = "1";
+          EXPORT_URL = "http://drawio-exporter:8000/";
+          DRAWIO_CONFIG = ''
+            {
+              "defaultFonts": [
+                "Helvetica", "Arial", "Verdana",
+                "IBM Plex Mono",
+                "IBM Plex Sans",
+                "Noto Sans",
+                "Latin Modern Math"
+              ]
+            }
+          '';
+        };
+        overrides = {
+          ports = ["8080:8080"];
+        };
+      };
+      exporter = builder.mkContainer {
+        image = "jgraph/export-server:${version}";
+        extraEnv = {
+          DRAWIO_SERVER_URL = "https://${containerCfg.subdomain}.${serverCfg.domain}";
+        };
+        overrides = {
+          volumes = ["/run/current-system/sw/share/X11/fonts:/usr/share/fonts/drawio:ro" "/nix/store:/nix/store:ro"];
+        };
+      };
+    };
+  };
+}

From ece075ffafa75b4ae860ad287a26d92c37ffdad6 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Wed, 17 Jun 2026 17:15:52 +0200
Subject: [PATCH 5/5] Update modules/nixos/system/network/base/default.nix

---
 modules/nixos/system/network/base/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/nixos/system/network/base/default.nix b/modules/nixos/system/network/base/default.nix
index 57cadfe..4b2544e 100644
--- a/modules/nixos/system/network/base/default.nix
+++ b/modules/nixos/system/network/base/default.nix
@@ -4,7 +4,6 @@
     useDHCP = true;
     nameservers = [ "1.1.1.1" "9.9.9.9" ];
     dhcpcd = {
-      enable = true;
       wait = "background";
     };