From 69aba935c0c85b186e53d656a4791d637357e324 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:39:25 +0100 Subject: [PATCH 1/7] Arion: Bump auth --- hosts/franz/arion/auth/arion-compose.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/franz/arion/auth/arion-compose.nix b/hosts/franz/arion/auth/arion-compose.nix index 34d18ad..6937a1a 100644 --- a/hosts/franz/arion/auth/arion-compose.nix +++ b/hosts/franz/arion/auth/arion-compose.nix @@ -1,5 +1,5 @@ let - authentikImage = "ghcr.io/goauthentik/server:2024.8.2"; + authentikImage = "ghcr.io/goauthentik/server:2024.10.2"; in { project.name = "auth"; From 515eb067d395811f5f70925645cde6517863206a Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:39:49 +0100 Subject: [PATCH 2/7] Arion: Bump git --- hosts/franz/arion/git/arion-compose.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/franz/arion/git/arion-compose.nix b/hosts/franz/arion/git/arion-compose.nix index 93aabd8..9f0e903 100644 --- a/hosts/franz/arion/git/arion-compose.nix +++ b/hosts/franz/arion/git/arion-compose.nix @@ -10,7 +10,7 @@ services = { forgejo.service = { - image = "codeberg.org/forgejo/forgejo:8.0.3"; + image = "codeberg.org/forgejo/forgejo:9.0.2"; container_name = "forgejo"; useHostStore = true; labels = { From c6ad76c196e9541b0e81b6c87664bf80c09d346a Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:40:10 +0100 Subject: [PATCH 3/7] Arion: Add new crowdsec collections --- hosts/franz/arion/infrastructure/arion-compose.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/franz/arion/infrastructure/arion-compose.nix b/hosts/franz/arion/infrastructure/arion-compose.nix index 4373ed5..25759ca 100644 --- a/hosts/franz/arion/infrastructure/arion-compose.nix +++ b/hosts/franz/arion/infrastructure/arion-compose.nix @@ -58,7 +58,7 @@ container_name = "crowdsec"; environment = { GID = "1000"; - COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden"; + COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching"; }; volumes = [ "/home/ghoscht/.docker/infrastructure/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml" From 69e8ca76f9fbbcd97dead9266a8b7a6762450e81 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:40:19 +0100 Subject: [PATCH 4/7] Arion: Bump passwords --- hosts/franz/arion/passwords/arion-compose.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/franz/arion/passwords/arion-compose.nix b/hosts/franz/arion/passwords/arion-compose.nix index 501d865..1e96753 100644 --- a/hosts/franz/arion/passwords/arion-compose.nix +++ b/hosts/franz/arion/passwords/arion-compose.nix @@ -8,7 +8,7 @@ services = { vaultwarden.service = { - image = "vaultwarden/server:1.32.4"; + image = "vaultwarden/server:1.32.5"; container_name = "vaultwarden"; labels = { "traefik.enable" = "true"; From 55eedcea01604d2c6b98ce8ddcae232b4fcf6685 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:43:29 +0100 Subject: [PATCH 5/7] Arion: Enable promtail docker discovery --- hosts/franz/arion/default.nix | 2 +- hosts/franz/arion/stats/arion-compose.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/franz/arion/default.nix b/hosts/franz/arion/default.nix index 1d62a11..4b87fb6 100644 --- a/hosts/franz/arion/default.nix +++ b/hosts/franz/arion/default.nix @@ -21,7 +21,7 @@ ./headscale ./auth ./minio - # ./stats + ./stats ./wiki ]; diff --git a/hosts/franz/arion/stats/arion-compose.nix b/hosts/franz/arion/stats/arion-compose.nix index f2acb5e..9788f12 100644 --- a/hosts/franz/arion/stats/arion-compose.nix +++ b/hosts/franz/arion/stats/arion-compose.nix @@ -63,6 +63,7 @@ image = "grafana/promtail:3.0.0"; volumes = [ "/var/log:/var/log" + "/var/run/docker.sock:/var/run/docker.sock:ro" "/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml" ]; command = "-config.file=/etc/promtail/promtail-config.yml"; From 29bc56b8a5a6d4a1d11d7b5167e641af7fe17008 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:44:33 +0100 Subject: [PATCH 6/7] Arion: Move ntfy to ssd --- hosts/franz/arion/push/arion-compose.nix | 4 +-- hosts/franz/restic.nix | 32 +++++++++++-------- .../{ntfy_data => ntfy_config}/server.yml | 0 3 files changed, 20 insertions(+), 16 deletions(-) rename rsc/docker/franz/push/{ntfy_data => ntfy_config}/server.yml (100%) diff --git a/hosts/franz/arion/push/arion-compose.nix b/hosts/franz/arion/push/arion-compose.nix index 6212010..ad78c44 100644 --- a/hosts/franz/arion/push/arion-compose.nix +++ b/hosts/franz/arion/push/arion-compose.nix @@ -31,8 +31,8 @@ "traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt"; }; volumes = [ - "/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml" - "/storage/dataset/docker/push/ntfy_data:/etc/ntfy/data" + "/home/ghoscht/.docker/push/ntfy_config/server.yml:/etc/ntfy/server.yml" + "/home/ghoscht/.docker/push/ntfy_data:/etc/ntfy/data" ]; environment = { TZ = "Europe/Berlin"; diff --git a/hosts/franz/restic.nix b/hosts/franz/restic.nix index eb93070..b14b3f4 100644 --- a/hosts/franz/restic.nix +++ b/hosts/franz/restic.nix @@ -46,9 +46,6 @@ in { sops.secrets."autorestic/zfs_key" = { owner = vars.user; }; - sops.secrets."autorestic/ssd_key" = { - owner = vars.user; - }; sops.secrets."autorestic/eustachius_key" = { owner = vars.user; }; @@ -173,7 +170,6 @@ in { from: /home/ghoscht/.docker/passwords to: - zfs - # - ssd - eustachius cron: '0 4 * * *' # Every Day at 4:00 hooks: @@ -182,19 +178,31 @@ in { - arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop after: - arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start - matrix: - from: /home/ghoscht/.docker/matrix + push: + from: /storage/dataset/docker/push/ to: - zfs - eustachius - forget: prune - cron: '0 4 * * 0' # Every Sunday at 4:00 + cron: '0 4 * * *' # Every Day at 4:00 hooks: <<: *default_hooks before: - - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop + - arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix stop after: - - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start + - arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix start + # matrix: + # from: /home/ghoscht/.docker/matrix + # to: + # - zfs + # - eustachius + # forget: prune + # cron: '0 4 * * 0' # Every Sunday at 4:00 + # hooks: + # <<: *default_hooks + # before: + # - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop + # after: + # - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start music: from: /storage/dataset/data/media/music to: @@ -299,10 +307,6 @@ in { type: local path: /storage/dataset/backups key: '${config.sops.placeholder."autorestic/zfs_key"}' - # ssd: - # type: local - # path: /home/ghoscht/Backups - # key: '${config.sops.placeholder."autorestic/ssd_key"}' eustachius: type: rest path: http://100.64.0.3:8000/franz diff --git a/rsc/docker/franz/push/ntfy_data/server.yml b/rsc/docker/franz/push/ntfy_config/server.yml similarity index 100% rename from rsc/docker/franz/push/ntfy_data/server.yml rename to rsc/docker/franz/push/ntfy_config/server.yml From 528246061aa0eba2bcb35bb7ff146f89ba55c854 Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:44:50 +0100 Subject: [PATCH 7/7] Arion: Fix matrix --- hosts/franz/arion/matrix/arion-compose.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/franz/arion/matrix/arion-compose.nix b/hosts/franz/arion/matrix/arion-compose.nix index 38b3a72..b37fbeb 100644 --- a/hosts/franz/arion/matrix/arion-compose.nix +++ b/hosts/franz/arion/matrix/arion-compose.nix @@ -10,7 +10,7 @@ services = { synapse.service = { - image = "matrixdotorg/synapse:v1.113.0"; + image = "matrixdotorg/synapse:v1.118.0"; container_name = "synapse"; labels = { "traefik.enable" = "true"; @@ -31,7 +31,7 @@ "traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt"; }; volumes = [ - "/home/ghoscht/.docker/matrix/synapse_data:/data" + "/storage/dataset/docker/matrix/synapse_data:/data" ]; env_file = [ "/home/ghoscht/.docker/matrix/synapse.env" @@ -53,7 +53,7 @@ "/home/ghoscht/.docker/matrix/synapse.env" ]; volumes = [ - "/home/ghoscht/.docker/matrix/synapse_db:/var/lib/postgresql/data" + "/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data" ]; restart = "unless-stopped"; networks = [ @@ -64,8 +64,8 @@ container_name = "matrix-nginx"; image = "nginx:1.25.4"; volumes = [ - "/home/ghoscht/.docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf" - "/home/ghoscht/.docker/matrix/nginx_data/www:/var/www/" + "/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf" + "/storage/dataset/docker/matrix/nginx_data/www:/var/www/" ]; labels = { "traefik.enable" = "true"; @@ -94,7 +94,7 @@ element.service = { image = "vectorim/element-web:v1.11.64"; volumes = [ - "/home/ghoscht/.docker/matrix/element_data/element-config.json:/app/config.json" + "/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json" ]; labels = { "traefik.enable" = "true";