diff --git a/hosts/franz/arion/auth/arion-compose.nix b/hosts/franz/arion/auth/arion-compose.nix index 12bd7c5..699b9ff 100644 --- a/hosts/franz/arion/auth/arion-compose.nix +++ b/hosts/franz/arion/auth/arion-compose.nix @@ -1,5 +1,5 @@ let - authentikImage = "ghcr.io/goauthentik/server:2024.10.4"; + authentikImage = "ghcr.io/goauthentik/server:2024.12.0"; in { project.name = "auth"; diff --git a/hosts/franz/arion/dashboard/arion-compose.nix b/hosts/franz/arion/dashboard/arion-compose.nix index 43be6b0..ae830ee 100644 --- a/hosts/franz/arion/dashboard/arion-compose.nix +++ b/hosts/franz/arion/dashboard/arion-compose.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ project.name = "dashboard"; networks.dmz = { @@ -8,7 +8,7 @@ services = { homarr.service = { - image = "ghcr.io/ajnart/homarr:0.15.3"; + image = "ghcr.io/ajnart/homarr:0.15.10"; container_name = "homarr"; labels = { "traefik.enable" = "true"; diff --git a/hosts/franz/arion/dns/arion-compose.nix b/hosts/franz/arion/dns/arion-compose.nix index ac63223..42b0296 100644 --- a/hosts/franz/arion/dns/arion-compose.nix +++ b/hosts/franz/arion/dns/arion-compose.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ project.name = "dns"; networks.dmz = { @@ -20,7 +20,7 @@ services = { pihole.service = { - image = "pihole/pihole:2024.03.1"; + image = "pihole/pihole:2024.07.0"; container_name = "pihole"; hostname = "pihole"; environment = { @@ -59,7 +59,7 @@ ]; }; unbound.service = { - image = "mvance/unbound:1.19.3"; + image = "mvance/unbound:1.21.1"; container_name = "unbound"; volumes = [ "/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound" diff --git a/hosts/franz/arion/git/arion-compose.nix b/hosts/franz/arion/git/arion-compose.nix index c6ad394..48693e0 100644 --- a/hosts/franz/arion/git/arion-compose.nix +++ b/hosts/franz/arion/git/arion-compose.nix @@ -10,7 +10,7 @@ services = { forgejo.service = { - image = "codeberg.org/forgejo/forgejo:9.0.2"; + image = "codeberg.org/forgejo/forgejo:9.0.3"; container_name = "forgejo"; useHostStore = true; labels = { diff --git a/hosts/franz/arion/infrastructure/arion-compose.nix b/hosts/franz/arion/infrastructure/arion-compose.nix index b0bafa7..c6643ad 100644 --- a/hosts/franz/arion/infrastructure/arion-compose.nix +++ b/hosts/franz/arion/infrastructure/arion-compose.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ project.name = "infrastructure"; networks.dmz = { @@ -12,7 +12,7 @@ services = { traefik.service = { - image = "traefik:3.1.4"; + image = "traefik:3.2.3"; container_name = "traefik"; useHostStore = true; ports = [ diff --git a/hosts/franz/arion/matrix/arion-compose.nix b/hosts/franz/arion/matrix/arion-compose.nix deleted file mode 100644 index b37fbeb..0000000 --- a/hosts/franz/arion/matrix/arion-compose.nix +++ /dev/null @@ -1,113 +0,0 @@ -{pkgs, ...}: { - project.name = "matrix"; - - networks.dmz = { - name = "dmz"; - external = true; - }; - - networks.transport = {}; - - services = { - synapse.service = { - image = "matrixdotorg/synapse:v1.118.0"; - container_name = "synapse"; - labels = { - "traefik.enable" = "true"; - - "traefik.http.services.synapse.loadbalancer.server.port" = "8008"; - "traefik.http.routers.synapse.service" = "synapse"; - "traefik.http.routers.synapse.entrypoints" = "websecure"; - "traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)"; - "traefik.docker.network" = "dmz"; - "traefik.http.routers.synapse.tls" = "true"; - "traefik.http.routers.synapse.tls.certresolver" = "letsencrypt"; - - "traefik.http.services.synapse-external.loadbalancer.server.port" = "8008"; - "traefik.http.routers.synapse-external.service" = "synapse-external"; - "traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)"; - "traefik.http.routers.synapse-external.entrypoints" = "websecure-external"; - "traefik.http.routers.synapse-external.tls" = "true"; - "traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt"; - }; - volumes = [ - "/storage/dataset/docker/matrix/synapse_data:/data" - ]; - env_file = [ - "/home/ghoscht/.docker/matrix/synapse.env" - ]; - environment = { - UID = "1000"; - GID = "1000"; - TZ = "Europe/Berlin"; - }; - restart = "unless-stopped"; - networks = [ - "dmz" - "transport" - ]; - }; - postgres.service = { - image = "postgres:14"; - env_file = [ - "/home/ghoscht/.docker/matrix/synapse.env" - ]; - volumes = [ - "/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data" - ]; - restart = "unless-stopped"; - networks = [ - "transport" - ]; - }; - matrix-nginx.service = { - container_name = "matrix-nginx"; - image = "nginx:1.25.4"; - volumes = [ - "/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf" - "/storage/dataset/docker/matrix/nginx_data/www:/var/www/" - ]; - labels = { - "traefik.enable" = "true"; - - "traefik.http.services.matrix.loadbalancer.server.port" = "80"; - "traefik.http.routers.matrix.service" = "matrix"; - "traefik.http.routers.matrix.entrypoints" = "websecure"; - "traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)"; - "traefik.docker.network" = "dmz"; - "traefik.http.routers.matrix.tls" = "true"; - "traefik.http.routers.matrix.tls.certresolver" = "letsencrypt"; - - "traefik.http.services.matrix-external.loadbalancer.server.port" = "80"; - "traefik.http.routers.matrix-external.service" = "matrix-external"; - "traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)"; - "traefik.http.routers.matrix-external.entrypoints" = "websecure-external"; - "traefik.http.routers.matrix-external.tls" = "true"; - "traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt"; - }; - restart = "unless-stopped"; - networks = [ - "transport" - "dmz" - ]; - }; - element.service = { - image = "vectorim/element-web:v1.11.64"; - volumes = [ - "/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json" - ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.element.entrypoints" = "websecure"; - "traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)"; - "traefik.docker.network" = "dmz"; - "traefik.http.routers.element.tls" = "true"; - "traefik.http.routers.element.tls.certresolver" = "letsencrypt"; - }; - restart = "unless-stopped"; - networks = [ - "dmz" - ]; - }; - }; -} diff --git a/hosts/franz/arion/matrix/arion-pkgs.nix b/hosts/franz/arion/matrix/arion-pkgs.nix deleted file mode 100644 index 69aad13..0000000 --- a/hosts/franz/arion/matrix/arion-pkgs.nix +++ /dev/null @@ -1,6 +0,0 @@ -# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH -import { - # We specify the architecture explicitly. Use a Linux remote builder when - # calling arion from other platforms. - system = "x86_64-linux"; -} diff --git a/hosts/franz/arion/matrix/default.nix b/hosts/franz/arion/matrix/default.nix deleted file mode 100644 index 19d7e74..0000000 --- a/hosts/franz/arion/matrix/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{config, ...}: let - vars = import ../../../../vars.nix; -in { - # virtualisation.arion = { - # projects.matrix.settings = { - # imports = [./arion-compose.nix]; - # }; - # }; - - sops.secrets."matrix/postgres_password" = { - owner = vars.user; - }; - sops.secrets."matrix/postgres_database" = { - owner = vars.user; - }; - sops.secrets."matrix/postgres_user" = { - owner = vars.user; - }; - - sops.templates."synapse.env" = { - path = "/home/${vars.user}/.docker/matrix/synapse.env"; - owner = vars.user; - mode = "0775"; - content = '' - POSTGRES_DB="${config.sops.placeholder."matrix/postgres_database"}" - POSTGRES_USER="${config.sops.placeholder."matrix/postgres_user"}" - POSTGRES_PASSWORD="${config.sops.placeholder."matrix/postgres_password"}" - ''; - }; -} diff --git a/hosts/franz/arion/media/arion-compose.nix b/hosts/franz/arion/media/arion-compose.nix index 595e08b..23eee2c 100644 --- a/hosts/franz/arion/media/arion-compose.nix +++ b/hosts/franz/arion/media/arion-compose.nix @@ -44,7 +44,7 @@ ]; }; navidrome.service = { - image = "deluan/navidrome:0.53.3"; + image = "deluan/navidrome:0.54.1"; container_name = "navidrome"; labels = { "traefik.enable" = "true"; @@ -146,7 +146,7 @@ ]; }; prowlarr.service = { - image = "linuxserver/prowlarr:1.27.0"; + image = "linuxserver/prowlarr:1.28.2"; container_name = "prowlarr"; labels = { "traefik.enable" = "true"; @@ -206,7 +206,7 @@ restart = "always"; }; radarr.service = { - image = "linuxserver/radarr:5.15.1"; + image = "linuxserver/radarr:5.16.3"; container_name = "radarr"; labels = { "traefik.enable" = "true"; @@ -237,7 +237,7 @@ restart = "always"; }; lidarr.service = { - image = "linuxserver/lidarr:2.7.1"; + image = "linuxserver/lidarr:2.8.2"; container_name = "lidarr"; labels = { "traefik.enable" = "true"; @@ -353,33 +353,6 @@ }; restart = "always"; }; - # deemix.service = { - # image = "finniedj/deemix:latest"; - # container_name = "deemix"; - # labels = { - # "traefik.enable" = "true"; - # "traefik.http.routers.deemix.entrypoints" = "websecure"; - # "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)"; - # "traefik.http.services.deemix.loadbalancer.server.port" = "6595"; - # "traefik.docker.network" = "dmz"; - # "traefik.http.routers.deemix.tls" = "true"; - # "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt"; - # }; - # volumes = [ - # "/home/ghoscht/.data/deemix:/downloads" - # ]; - # environment = { - # PUID = 1000; - # PGID = 1000; - # UMASK_SET = 022; - # TZ = "Europe/Berlin"; - # }; - # network_mode = "service:vpn"; - # depends_on = { - # vpn = {condition = "service_healthy";}; - # }; - # restart = "always"; - # }; unpackerr.service = { image = "golift/unpackerr:0.14.5"; container_name = "unpackerr"; diff --git a/hosts/franz/arion/minio/arion-compose.nix b/hosts/franz/arion/minio/arion-compose.nix index 0272363..02b1137 100644 --- a/hosts/franz/arion/minio/arion-compose.nix +++ b/hosts/franz/arion/minio/arion-compose.nix @@ -8,7 +8,7 @@ services = { minio.service = { - image = "bitnami/minio:2024.5.10"; + image = "bitnami/minio:2024.12.18"; container_name = "minio"; labels = { "traefik.enable" = "true"; diff --git a/hosts/franz/arion/nextcloud/arion-compose.nix b/hosts/franz/arion/nextcloud/arion-compose.nix index ca955f5..7865874 100644 --- a/hosts/franz/arion/nextcloud/arion-compose.nix +++ b/hosts/franz/arion/nextcloud/arion-compose.nix @@ -10,7 +10,7 @@ services = { nextcloud.service = { - image = "nextcloud:28.0.4"; + image = "nextcloud:30.0.4"; container_name = "nextcloud"; useHostStore = true; labels = { @@ -30,6 +30,7 @@ environment = { REDIS_HOST = "nextcloud-redis"; REDIS_PORT = 6379; + TRUSTED_PROXIES = "172.27.0.9/24"; }; restart = "unless-stopped"; networks = [ diff --git a/hosts/franz/arion/passwords/arion-compose.nix b/hosts/franz/arion/passwords/arion-compose.nix index 1e96753..a37dfd8 100644 --- a/hosts/franz/arion/passwords/arion-compose.nix +++ b/hosts/franz/arion/passwords/arion-compose.nix @@ -8,7 +8,7 @@ services = { vaultwarden.service = { - image = "vaultwarden/server:1.32.5"; + image = "vaultwarden/server:1.32.7"; container_name = "vaultwarden"; labels = { "traefik.enable" = "true"; diff --git a/hosts/franz/arion/push/arion-compose.nix b/hosts/franz/arion/push/arion-compose.nix index ad78c44..4ff17cb 100644 --- a/hosts/franz/arion/push/arion-compose.nix +++ b/hosts/franz/arion/push/arion-compose.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ project.name = "push"; networks.dmz = { @@ -8,7 +8,7 @@ services = { ntfy.service = { - image = "binwiederhier/ntfy:v2.10.0"; + image = "binwiederhier/ntfy:v2.11.0"; container_name = "ntfy"; user = "1000:1000"; command = "serve"; diff --git a/hosts/franz/arion/smarthome/arion-compose.nix b/hosts/franz/arion/smarthome/arion-compose.nix index d47b039..0f84e60 100644 --- a/hosts/franz/arion/smarthome/arion-compose.nix +++ b/hosts/franz/arion/smarthome/arion-compose.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ project.name = "smarthome"; networks.dmz = { @@ -8,7 +8,7 @@ services = { homeassistant.service = { - image = "ghcr.io/home-assistant/home-assistant:2024.4.1"; + image = "ghcr.io/home-assistant/home-assistant:2024.12.5"; container_name = "homeassistant"; privileged = true; labels = { diff --git a/hosts/franz/restic.nix b/hosts/franz/restic.nix index 6d599b1..16354ff 100644 --- a/hosts/franz/restic.nix +++ b/hosts/franz/restic.nix @@ -302,6 +302,14 @@ in { cron: '55 3 * * *' # Every Day at 3:55 hooks: <<: *default_hooks + videos: + from: /home/ghoscht/Videos + to: + - zfs + - eustachius + cron: '55 3 * * *' # Every Day at 3:55 + hooks: + <<: *default_hooks backends: zfs: type: local