+portainer +baserow

hosts/AZ-CLD-1/default.nix

@@ -5,4 +5,8 @@
     ./secrets.nix
     ./services
   ];
+
+  extraServices = {
+    podman.enable = true;
+  };
 }

hosts/AZ-CLD-1/secrets.nix

@@ -4,28 +4,22 @@
       traefik-env = {
         file = ../../secrets/traefik-env.age;
       };
+      baserow-env = {
+        file = ../../secrets/baserow-env.age;
+      };
       n8n-env = {
         file = ../../secrets/n8n-env.age;
       };
-      n8n-db = {
-        file = ../../secrets/n8n-db.age;
-      };
       outline-env = {
         file = ../../secrets/outline-env.age;
-	owner = "outline";
-      };
-      outline-db = {
-        file = ../../secrets/outline-db.age;
-      };
-      vaultwarden-db = {
-        file = ../../secrets/vaultwarden-db.age;
+      	owner = "outline";
       };
       vaultwarden-env = {
         file = ../../secrets/vaultwarden-env.age;
       };
       hetzner-s3-az-intern-secret-key = {
         file = ../../secrets/hetzner-s3-az-intern-secret-key.age;
-	owner = "outline";
+      	owner = "outline";
       };
       hetzner-s3-az-intern-access-key = {
         file = ../../secrets/hetzner-s3-az-intern-access-key.age;

hosts/AZ-CLD-1/services/containers/baserow.nix

@@ -0,0 +1,26 @@
+{config, ...}: {
+  virtualisation.oci-containers.containers."baserow" = {
+    image = "docker.io/baserow/baserow:1.34.5";
+    environmentFiles = [config.age.secrets.baserow-env.path];
+    ports = ["127.0.0.1:3050:80"];
+    volumes = ["baserow_data:/baserow/data"];
+    extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"];
+  };
+  # Traefik configuration specific to baserow
+  services.traefik.dynamicConfigOptions.http = {
+    services.baserow.loadBalancer.servers = [
+      {
+        url = "http://localhost:3050/";
+      }
+    ];
+
+    routers.baserow = {
+      rule = "Host(`br.az-gruppe.com`)";
+      tls = {
+        certResolver = "ionos";
+      };
+      service = "baserow";
+      entrypoints = "websecure";
+    };
+  };
+}

hosts/AZ-CLD-1/services/containers/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./baserow.nix
+    ./portainer.nix
+  ];
+}

hosts/AZ-CLD-1/services/containers/portainer.nix

@@ -0,0 +1,28 @@
+{
+  virtualisation.oci-containers.containers.portainer = {
+    image = "docker.io/portainer/portainer-ce:latest";
+    ports = ["127.0.0.1:9000:9000"];
+    volumes = [
+      "/etc/localtime:/etc/localtime:ro"
+      "/run/podman/podman.sock:/var/run/docker.sock:ro"
+      "portainer_data:/data"
+    ];
+  };
+  # Traefik configuration specific to baserow
+  services.traefik.dynamicConfigOptions.http = {
+    services.portainer.loadBalancer.servers = [
+      {
+        url = "http://localhost:9000/";
+      }
+    ];
+
+    routers.portainer = {
+      rule = "Host(`pt.az-gruppe.com`)";
+      tls = {
+        certResolver = "ionos";
+      };
+      service = "portainer";
+      entrypoints = "websecure";
+    };
+  };
+}

hosts/AZ-CLD-1/services/default.nix

@@ -1,5 +1,7 @@
 {
   imports = [
+    ./containers
+
     ./gitea.nix
     ./n8n.nix
     ./ntfy.nix

hosts/common/default.nix

@@ -6,6 +6,7 @@
   ...
 }: {
   imports = [
+    ./extraServices
     ./users
     inputs.home-manager.nixosModules.home-manager
   ];

hosts/common/extraServices/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./podman.nix
+  ];
+}

hosts/common/extraServices/podman.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        dockerSocket.enable = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}