ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add custom video backup & bump arion

Browse source 
videos which are so precious they are hard to get in case of a system
failure

Arion: Bump auth

Arion: Bump dashboard

Arion: Bump DNS

Arion: Bump git

Arion: Bump infrastructure

Arion: Bump media

Arion: Bump minio

Arion: Bump nextcloud

Arion: Bump

bump
This commit is contained in:
GHOSCHT 2024-12-18 22:47:58 +01:00
parent d8df732fdd
commit 857a925476
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
15 changed files with 29 additions and 196 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/franz/arion/auth/arion-compose.nix
View file

@ -1,5 +1,5 @@
let let
authentikImage = "ghcr.io/goauthentik/server:2024.10.4"; authentikImage = "ghcr.io/goauthentik/server:2024.12.0";
in { in {
project.name = "auth"; project.name = "auth";

4
hosts/franz/arion/dashboard/arion-compose.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "dashboard"; project.name = "dashboard";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
homarr.service = { homarr.service = {
image = "ghcr.io/ajnart/homarr:0.15.3"; image = "ghcr.io/ajnart/homarr:0.15.10";
container_name = "homarr"; container_name = "homarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

6
hosts/franz/arion/dns/arion-compose.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "dns"; project.name = "dns";
networks.dmz = { networks.dmz = {
@ -20,7 +20,7 @@
services = { services = {
pihole.service = { pihole.service = {
image = "pihole/pihole:2024.03.1"; image = "pihole/pihole:2024.07.0";
container_name = "pihole"; container_name = "pihole";
hostname = "pihole"; hostname = "pihole";
environment = { environment = {
@ -59,7 +59,7 @@
]; ];
}; };
unbound.service = { unbound.service = {
image = "mvance/unbound:1.19.3"; image = "mvance/unbound:1.21.1";
container_name = "unbound"; container_name = "unbound";
volumes = [ volumes = [
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound" "/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"

2
hosts/franz/arion/git/arion-compose.nix
View file

@ -10,7 +10,7 @@
services = { services = {
forgejo.service = { forgejo.service = {
image = "codeberg.org/forgejo/forgejo:9.0.2"; image = "codeberg.org/forgejo/forgejo:9.0.3";
container_name = "forgejo"; container_name = "forgejo";
useHostStore = true; useHostStore = true;
labels = { labels = {

4
hosts/franz/arion/infrastructure/arion-compose.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "infrastructure"; project.name = "infrastructure";
networks.dmz = { networks.dmz = {
@ -12,7 +12,7 @@
services = { services = {
traefik.service = { traefik.service = {
image = "traefik:3.1.4"; image = "traefik:3.2.3";
container_name = "traefik"; container_name = "traefik";
useHostStore = true; useHostStore = true;
ports = [ ports = [

113
hosts/franz/arion/matrix/arion-compose.nix
View file

@ -1,113 +0,0 @@
{pkgs, ...}: {
project.name = "matrix";
networks.dmz = {
name = "dmz";
external = true;
};
networks.transport = {};
services = {
synapse.service = {
image = "matrixdotorg/synapse:v1.118.0";
container_name = "synapse";
labels = {
"traefik.enable" = "true";
"traefik.http.services.synapse.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse.service" = "synapse";
"traefik.http.routers.synapse.entrypoints" = "websecure";
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.synapse.tls" = "true";
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
"traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse-external.service" = "synapse-external";
"traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
"traefik.http.routers.synapse-external.tls" = "true";
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
};
volumes = [
"/storage/dataset/docker/matrix/synapse_data:/data"
];
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
environment = {
UID = "1000";
GID = "1000";
TZ = "Europe/Berlin";
};
restart = "unless-stopped";
networks = [
"dmz"
"transport"
];
};
postgres.service = {
image = "postgres:14";
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
volumes = [
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
];
restart = "unless-stopped";
networks = [
"transport"
];
};
matrix-nginx.service = {
container_name = "matrix-nginx";
image = "nginx:1.25.4";
volumes = [
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
];
labels = {
"traefik.enable" = "true";
"traefik.http.services.matrix.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix.service" = "matrix";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.matrix.tls" = "true";
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
"traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix-external.service" = "matrix-external";
"traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
"traefik.http.routers.matrix-external.tls" = "true";
"traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"transport"
"dmz"
];
};
element.service = {
image = "vectorim/element-web:v1.11.64";
volumes = [
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.element.entrypoints" = "websecure";
"traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.element.tls" = "true";
"traefik.http.routers.element.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"dmz"
];
};
};
}

6
hosts/franz/arion/matrix/arion-pkgs.nix
View file

@ -1,6 +0,0 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

30
hosts/franz/arion/matrix/default.nix
View file

@ -1,30 +0,0 @@
{config, ...}: let
vars = import ../../../../vars.nix;
in {
# virtualisation.arion = {
# projects.matrix.settings = {
# imports = [./arion-compose.nix];
# };
# };
sops.secrets."matrix/postgres_password" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_database" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_user" = {
owner = vars.user;
};
sops.templates."synapse.env" = {
path = "/home/${vars.user}/.docker/matrix/synapse.env";
owner = vars.user;
mode = "0775";
content = ''
POSTGRES_DB="${config.sops.placeholder."matrix/postgres_database"}"
POSTGRES_USER="${config.sops.placeholder."matrix/postgres_user"}"
POSTGRES_PASSWORD="${config.sops.placeholder."matrix/postgres_password"}"
'';
};
}

35
hosts/franz/arion/media/arion-compose.nix
View file

@ -44,7 +44,7 @@
]; ];
}; };
navidrome.service = { navidrome.service = {
image = "deluan/navidrome:0.53.3"; image = "deluan/navidrome:0.54.1";
container_name = "navidrome"; container_name = "navidrome";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -146,7 +146,7 @@
]; ];
}; };
prowlarr.service = { prowlarr.service = {
image = "linuxserver/prowlarr:1.27.0"; image = "linuxserver/prowlarr:1.28.2";
container_name = "prowlarr"; container_name = "prowlarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -206,7 +206,7 @@
restart = "always"; restart = "always";
}; };
radarr.service = { radarr.service = {
image = "linuxserver/radarr:5.15.1"; image = "linuxserver/radarr:5.16.3";
container_name = "radarr"; container_name = "radarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -237,7 +237,7 @@
restart = "always"; restart = "always";
}; };
lidarr.service = { lidarr.service = {
image = "linuxserver/lidarr:2.7.1"; image = "linuxserver/lidarr:2.8.2";
container_name = "lidarr"; container_name = "lidarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -353,33 +353,6 @@
}; };
restart = "always"; restart = "always";
}; };
# deemix.service = {
# image = "finniedj/deemix:latest";
# container_name = "deemix";
# labels = {
# "traefik.enable" = "true";
# "traefik.http.routers.deemix.entrypoints" = "websecure";
# "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)";
# "traefik.http.services.deemix.loadbalancer.server.port" = "6595";
# "traefik.docker.network" = "dmz";
# "traefik.http.routers.deemix.tls" = "true";
# "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
# };
# volumes = [
# "/home/ghoscht/.data/deemix:/downloads"
# ];
# environment = {
# PUID = 1000;
# PGID = 1000;
# UMASK_SET = 022;
# TZ = "Europe/Berlin";
# };
# network_mode = "service:vpn";
# depends_on = {
# vpn = {condition = "service_healthy";};
# };
# restart = "always";
# };
unpackerr.service = { unpackerr.service = {
image = "golift/unpackerr:0.14.5"; image = "golift/unpackerr:0.14.5";
container_name = "unpackerr"; container_name = "unpackerr";

2
hosts/franz/arion/minio/arion-compose.nix
View file

@ -8,7 +8,7 @@
services = { services = {
minio.service = { minio.service = {
image = "bitnami/minio:2024.5.10"; image = "bitnami/minio:2024.12.18";
container_name = "minio"; container_name = "minio";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

3
hosts/franz/arion/nextcloud/arion-compose.nix
View file

@ -10,7 +10,7 @@
services = { services = {
nextcloud.service = { nextcloud.service = {
image = "nextcloud:28.0.4"; image = "nextcloud:30.0.4";
container_name = "nextcloud"; container_name = "nextcloud";
useHostStore = true; useHostStore = true;
labels = { labels = {
@ -30,6 +30,7 @@
environment = { environment = {
REDIS_HOST = "nextcloud-redis"; REDIS_HOST = "nextcloud-redis";
REDIS_PORT = 6379; REDIS_PORT = 6379;
TRUSTED_PROXIES = "172.27.0.9/24";
}; };
restart = "unless-stopped"; restart = "unless-stopped";
networks = [ networks = [

2
hosts/franz/arion/passwords/arion-compose.nix
View file

@ -8,7 +8,7 @@
services = { services = {
vaultwarden.service = { vaultwarden.service = {
image = "vaultwarden/server:1.32.5"; image = "vaultwarden/server:1.32.7";
container_name = "vaultwarden"; container_name = "vaultwarden";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

4
hosts/franz/arion/push/arion-compose.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "push"; project.name = "push";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
ntfy.service = { ntfy.service = {
image = "binwiederhier/ntfy:v2.10.0"; image = "binwiederhier/ntfy:v2.11.0";
container_name = "ntfy"; container_name = "ntfy";
user = "1000:1000"; user = "1000:1000";
command = "serve"; command = "serve";

4
hosts/franz/arion/smarthome/arion-compose.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "smarthome"; project.name = "smarthome";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
homeassistant.service = { homeassistant.service = {
image = "ghcr.io/home-assistant/home-assistant:2024.4.1"; image = "ghcr.io/home-assistant/home-assistant:2024.12.5";
container_name = "homeassistant"; container_name = "homeassistant";
privileged = true; privileged = true;
labels = { labels = {

8
hosts/franz/restic.nix
View file

@ -302,6 +302,14 @@ in {
cron: '55 3 * * *' # Every Day at 3:55 cron: '55 3 * * *' # Every Day at 3:55
hooks: hooks:
<<: *default_hooks <<: *default_hooks
videos:
from: /home/ghoscht/Videos
to:
- zfs
- eustachius
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks
backends: backends:
zfs: zfs:
type: local type: local