ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add nas & file sharing arion compose

Browse source
This commit is contained in:
GHOSCHT 2024-03-06 11:16:14 +01:00
parent fb666e0c55
commit 26f369a9ee
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
6 changed files with 105 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/franz/arion/default.nix
View file

@ -8,6 +8,11 @@
environment.systemPackages = with pkgs; [arion]; environment.systemPackages = with pkgs; [arion];
networking.firewall = {
allowedUDPPorts = [137 138];
allowedTCPPorts = [139 445];
};
virtualisation.arion = { virtualisation.arion = {
backend = "docker"; backend = "docker";
projects = { projects = {
@ -20,6 +25,9 @@
push.settings = { push.settings = {
imports = [./push/arion-compose.nix]; imports = [./push/arion-compose.nix];
}; };
nas.settings = {
imports = [./nas/arion-compose.nix];
};
}; };
}; };

34
hosts/franz/arion/nas/arion-compose.nix Normal file
View file

@ -0,0 +1,34 @@
{pkgs, ...}: {
project.name = "nas";
networks.dmz = {
name = "dmz";
external = true;
};
services = {
samba.service = {
image = "dperson/samba";
container_name = "samba";
ports = [
"137:137/udp"
"138:138/udp"
"139:139/tcp"
"445:445/tcp"
];
environment = {
USERID = 1000;
GROUPID = 1000;
TZ = "Europe/Berlin";
};
command = "-s 'public;/mount;yes;no;yes' -p";
volumes = [
"/home/ghoscht:/mount"
];
restart = "always";
networks = [
"dmz"
];
};
};
}

6
hosts/franz/arion/nas/arion-pkgs.nix Normal file
View file

@ -0,0 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

50
hosts/franz/arion/nextcloud/arion-compose.nix Normal file
View file

@ -0,0 +1,50 @@
{pkgs, ...}: {
project.name = "nextcloud";
networks.dmz = {
name = "dmz";
external = true;
};
networks.transport = {};
services = {
nextcloud.service = {
image = "nextcloud:latest";
container_name = "nextcloud";
useHostStore = true;
labels = {
"traefik.enable" = "true";
"traefik.http.routers.nextcloud.entrypoints" = "websecure";
"traefik.http.routers.nextcloud.rule" = "Host(`nextcloud.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.nextcloud.tls" = "true";
"traefik.http.routers.nextcloud.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
];
environment = {MYSQL_HOST = "nextcloud-db";};
env_file = [
"/home/ghoscht/.docker/nextcloud/nextcloud.env"
];
restart = "unless-stopped";
networks = [
"dmz"
"transport"
];
};
db.service = {
image = "mariadb:10.5";
env_file = [
"/home/ghoscht/.docker/nextcloud/nextcloud.env"
];
volumes = ["/home/ghoscht/.docker/nextcloud/nextcloud_db:/var/lib/mysql"];
restart = "unless-stopped";
command = "--transaction-isolation=READ-COMMITTED --binlog-format=ROW";
networks = [
"transport"
];
};
};
}

6
hosts/franz/arion/nextcloud/arion-pkgs.nix Normal file
View file

@ -0,0 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

2
hosts/franz/sops.nix
View file

@ -63,7 +63,7 @@ in {
}; };
sops.templates."nextcloud.env" = { sops.templates."nextcloud.env" = {
path = "/home/${vars.user}/.docker/nas/nextcloud.env"; path = "/home/${vars.user}/.docker/nextcloud/nextcloud.env";
owner = vars.user; owner = vars.user;
mode = "0775"; mode = "0775";
content = '' content = ''