Arion: Bump dashboard

2025-03-15 17:29:36 +01:00 · 2025-03-15 17:29:36 +01:00 · 9c2cca1d27
commit 9c2cca1d27
parent f84f3cc898
3 changed files with 26 additions and 20 deletions
--- a/hosts/franz/arion/dashboard/arion-compose.nix
+++ b/hosts/franz/arion/dashboard/arion-compose.nix
@ -8,11 +8,12 @@

  services = {
    homarr.service = {
-      image = "ghcr.io/ajnart/homarr:0.15.10";
+      image = "ghcr.io/homarr-labs/homarr:v1.11.0";
      container_name = "homarr";
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.homarr.entrypoints" = "websecure";
+        "traefik.http.services.homarr.loadbalancer.server.port" = "7575";
        "traefik.http.routers.homarr.rule" = "Host(`dashboard.ghoscht.com`)";
        "traefik.http.routers.homarr.tls" = "true";
        "traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
@ -20,20 +21,16 @@
        "pihole.custom-record" = "[[\"dashboard.ghoscht.com\", \"ghoscht.com\"]]";
      };
      environment = {
-        AUTH_PROVIDER = "oidc";
-        AUTH_OIDC_URI = "https://auth.ghoscht.com/application/o/homarr";
+        AUTH_PROVIDERS = "oidc";
+        AUTH_OIDC_ISSUER = "https://auth.ghoscht.com/application/o/homarr/";
        AUTH_OIDC_CLIENT_NAME = "authentik";
        NEXTAUTH_URL = "https://dashboard.ghoscht.com";
-        AUTH_OIDC_ADMIN_GROUP = "Homarr Admins";
-        AUTH_OIDC_OWNER_GROUP = "Homarr Admins";
      };
      env_file = [
        "/home/ghoscht/.docker/dashboard/homarr.env"
      ];
      volumes = [
-        "/home/ghoscht/.docker/dashboard/homarr_data:/data"
-        "/home/ghoscht/.docker/dashboard/homarr_config:/app/data/configs"
-        "/home/ghoscht/.docker/dashboard/homarr_icons:/app/public/imgs"
+        "/home/ghoscht/.docker/dashboard/homarr_data_NEW_GROUP:/appdata"
      ];
      restart = "always";
      networks = [
--- a/hosts/franz/arion/dashboard/default.nix
+++ b/hosts/franz/arion/dashboard/default.nix
@ -1,24 +1,32 @@
-{config, ...}: let
+{ config, ... }:
+let
  vars = import ../../../../vars.nix;
-in {
+in
+{
  virtualisation.arion = {
    projects.dashboard.settings = {
-      imports = [./arion-compose.nix];
+      imports = [ ./arion-compose.nix ];
    };
  };
-  sops.secrets."homarr/oidc_client_id" = {
-    owner = vars.user;
-  };
-  sops.secrets."homarr/oidc_client_secret" = {
-    owner = vars.user;
+  sops.secrets = {
+    "homarr/oidc_client_id" = {
+      owner = vars.user;
+    };
+    "homarr/oidc_client_secret" = {
+      owner = vars.user;
+    };
+    "homarr/secret_encryption_key" = {
+      owner = vars.user;
+    };
  };
  sops.templates."homarr.env" = {
    path = "/home/${vars.user}/.docker/dashboard/homarr.env";
    owner = vars.user;
    mode = "0775";
    content = ''
-      AUTH_OIDC_CLIENT_SECRET="${config.sops.placeholder."homarr/oidc_client_secret"}"
-      AUTH_OIDC_CLIENT_ID="${config.sops.placeholder."homarr/oidc_client_id"}"
+          AUTH_OIDC_CLIENT_SECRET="${config.sops.placeholder."homarr/oidc_client_secret"}"
+          AUTH_OIDC_CLIENT_ID="${config.sops.placeholder."homarr/oidc_client_id"}"
+      SECRET_ENCRYPTION_KEY="${config.sops.placeholder."homarr/secret_encryption_key"}"
    '';
  };
 }
--- a/secrets/franz.yaml
+++ b/secrets/franz.yaml
@ -54,6 +54,7 @@ auth:
 homarr:
    oidc_client_secret: ENC[AES256_GCM,data:ykaMgcS1x/sMFPmi9vF8RdS7Dj8tTpNFybqwJ5MkK3OCIqYt5FtY8si7ZbKC4IMquOA4w3fWpHdygvFJwJOyNNvznWuasR1afhaAHIHb85J41GWCpMLWWZub+NUuU2pSudvUYk9LeDUBTKwtfHgr4DUzoQeBocG0httGFKBAXbo=,iv:vThB7ZCgEB5yQoiOYhDcHiGm0lYXy1LCJWunH5HwFq0=,tag:68jkMBnCc2e3bKWR/Hnnww==,type:str]
    oidc_client_id: ENC[AES256_GCM,data:2KxgJ7rFNru7rf8P9v/LOcA7TjH2ZFerc4PBmetrkB7hre9fHTa+TQ==,iv:9k0YuPNzEjTTBN0l/oyT5mtZKLCGWZ7ZJpE8g2SBu3E=,tag:C/hzffeOVgke1SQZHPjyrA==,type:str]
+    secret_encryption_key: ENC[AES256_GCM,data:ZykzSoC3zEIiOR8bvAyYAH+sZlRMZ0utACSDQk4YzJXjDyL/zngtSug5hXjG5RKjDfw2kqZxV9gIMANGEyGANg==,iv:bTsOeTeI178NLnwLwAAIvvQjYnJsSFOudHXUBTgF09o=,tag:jCdOCl3SY7VVlF0gOE/gmA==,type:str]
 minio:
    root_user: ENC[AES256_GCM,data:TDPfYVjLuwKdxx+8,iv:+nC7QxReua0R2vjraHWO4PpZFTZiktMI8yb73IblIMM=,tag:MAdHRU4pzptcvps+Sgd8Rw==,type:str]
    root_password: ENC[AES256_GCM,data:Rbhf9f3JCS2Eg8XxGXmora0/NWhFKkGfG0+xQYKLig==,iv:DitbfGdSSz+iKU9szEhbWIDu/Umy6w+Q9dIJJJM0zLc=,tag:yulptZij/hiteoN4Anre5g==,type:str]
@ -107,8 +108,8 @@ sops:
            VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
            EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-10T17:34:11Z"
-    mac: ENC[AES256_GCM,data:9KNHoGxYUpWkNrVlkIfuQUyMraBF6mWqwflLxGegC88hMwgJ0vcf70PFQ1Q3c6qAwzGskk5UnvpIRtT7LANulnu35P7a83wZzq51cnp1g1V+62XBac26l1MSz3m0PXAuY172XxljDkDbvfCaDASFhAWR+F/G/rtfbr16Lnv8GJM=,iv:1b1ccaGkUNLoQaj6UTg7FR1eOg0MO1dWkg/TYN3OeG8=,tag:JpgglIKlnTgmdgCHpPr9OA==,type:str]
+    lastmodified: "2025-03-15T15:57:44Z"
+    mac: ENC[AES256_GCM,data:oQgQ5Upr/E3Em/BDJq8D6L8H8nImlv4v+tNrvnry/u9T22yXbg/hxx4HcTR9YZpWbtIjx5u2ocAWNi6MP4eYkg3q7fh08re7EGrZE9Err4SE66rnB7Bg0oUBXWS39pnZNfPZi4vi8q4/XEw2As0bIbazPB3uSPvQXKFO1ylG/Gk=,iv:JiW8fsBBtcHCgJrt6bhaJWJUw0x2Vj3P5Lyr75InnKk=,tag:n1KCqs2HkIHjfChrx3l7GQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4