Merge branch 'main' of ssh://git.ghoscht.com:2222/ghoscht/nix-config
This commit is contained in:
commit
4c82c3afba
10 changed files with 32 additions and 27 deletions
|
@ -1,5 +1,5 @@
|
|||
let
|
||||
authentikImage = "ghcr.io/goauthentik/server:2024.8.2";
|
||||
authentikImage = "ghcr.io/goauthentik/server:2024.10.2";
|
||||
in {
|
||||
project.name = "auth";
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
./headscale
|
||||
./auth
|
||||
./minio
|
||||
# ./stats
|
||||
./stats
|
||||
./wiki
|
||||
];
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
services = {
|
||||
forgejo.service = {
|
||||
image = "codeberg.org/forgejo/forgejo:8.0.3";
|
||||
image = "codeberg.org/forgejo/forgejo:9.0.2";
|
||||
container_name = "forgejo";
|
||||
useHostStore = true;
|
||||
labels = {
|
||||
|
|
|
@ -58,7 +58,7 @@
|
|||
container_name = "crowdsec";
|
||||
environment = {
|
||||
GID = "1000";
|
||||
COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden";
|
||||
COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/infrastructure/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml"
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
services = {
|
||||
synapse.service = {
|
||||
image = "matrixdotorg/synapse:v1.113.0";
|
||||
image = "matrixdotorg/synapse:v1.118.0";
|
||||
container_name = "synapse";
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
|
@ -31,7 +31,7 @@
|
|||
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/matrix/synapse_data:/data"
|
||||
"/storage/dataset/docker/matrix/synapse_data:/data"
|
||||
];
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/matrix/synapse.env"
|
||||
|
@ -53,7 +53,7 @@
|
|||
"/home/ghoscht/.docker/matrix/synapse.env"
|
||||
];
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/matrix/synapse_db:/var/lib/postgresql/data"
|
||||
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
|
||||
];
|
||||
restart = "unless-stopped";
|
||||
networks = [
|
||||
|
@ -64,8 +64,8 @@
|
|||
container_name = "matrix-nginx";
|
||||
image = "nginx:1.25.4";
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
|
||||
"/home/ghoscht/.docker/matrix/nginx_data/www:/var/www/"
|
||||
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
|
||||
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
|
@ -94,7 +94,7 @@
|
|||
element.service = {
|
||||
image = "vectorim/element-web:v1.11.64";
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/matrix/element_data/element-config.json:/app/config.json"
|
||||
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
services = {
|
||||
vaultwarden.service = {
|
||||
image = "vaultwarden/server:1.32.4";
|
||||
image = "vaultwarden/server:1.32.5";
|
||||
container_name = "vaultwarden";
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
|
|
|
@ -31,8 +31,8 @@
|
|||
"traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"
|
||||
"/storage/dataset/docker/push/ntfy_data:/etc/ntfy/data"
|
||||
"/home/ghoscht/.docker/push/ntfy_config/server.yml:/etc/ntfy/server.yml"
|
||||
"/home/ghoscht/.docker/push/ntfy_data:/etc/ntfy/data"
|
||||
];
|
||||
environment = {
|
||||
TZ = "Europe/Berlin";
|
||||
|
|
|
@ -63,6 +63,7 @@
|
|||
image = "grafana/promtail:3.0.0";
|
||||
volumes = [
|
||||
"/var/log:/var/log"
|
||||
"/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
"/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
|
||||
];
|
||||
command = "-config.file=/etc/promtail/promtail-config.yml";
|
||||
|
|
|
@ -46,9 +46,6 @@ in {
|
|||
sops.secrets."autorestic/zfs_key" = {
|
||||
owner = vars.user;
|
||||
};
|
||||
sops.secrets."autorestic/ssd_key" = {
|
||||
owner = vars.user;
|
||||
};
|
||||
sops.secrets."autorestic/eustachius_key" = {
|
||||
owner = vars.user;
|
||||
};
|
||||
|
@ -173,7 +170,6 @@ in {
|
|||
from: /home/ghoscht/.docker/passwords
|
||||
to:
|
||||
- zfs
|
||||
# - ssd
|
||||
- eustachius
|
||||
cron: '0 4 * * *' # Every Day at 4:00
|
||||
hooks:
|
||||
|
@ -182,19 +178,31 @@ in {
|
|||
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
|
||||
after:
|
||||
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
|
||||
matrix:
|
||||
from: /home/ghoscht/.docker/matrix
|
||||
push:
|
||||
from: /storage/dataset/docker/push/
|
||||
to:
|
||||
- zfs
|
||||
- eustachius
|
||||
forget: prune
|
||||
cron: '0 4 * * 0' # Every Sunday at 4:00
|
||||
cron: '0 4 * * *' # Every Day at 4:00
|
||||
hooks:
|
||||
<<: *default_hooks
|
||||
before:
|
||||
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
|
||||
- arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix stop
|
||||
after:
|
||||
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
|
||||
- arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix start
|
||||
# matrix:
|
||||
# from: /home/ghoscht/.docker/matrix
|
||||
# to:
|
||||
# - zfs
|
||||
# - eustachius
|
||||
# forget: prune
|
||||
# cron: '0 4 * * 0' # Every Sunday at 4:00
|
||||
# hooks:
|
||||
# <<: *default_hooks
|
||||
# before:
|
||||
# - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
|
||||
# after:
|
||||
# - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
|
||||
music:
|
||||
from: /storage/dataset/data/media/music
|
||||
to:
|
||||
|
@ -299,10 +307,6 @@ in {
|
|||
type: local
|
||||
path: /storage/dataset/backups
|
||||
key: '${config.sops.placeholder."autorestic/zfs_key"}'
|
||||
# ssd:
|
||||
# type: local
|
||||
# path: /home/ghoscht/Backups
|
||||
# key: '${config.sops.placeholder."autorestic/ssd_key"}'
|
||||
eustachius:
|
||||
type: rest
|
||||
path: http://100.64.0.3:8000/franz
|
||||
|
|
Loading…
Reference in a new issue