Adapt franz to real installation
This commit is contained in:
parent
d0ae7b1f22
commit
d271bd977e
16 changed files with 105 additions and 82 deletions
|
@ -18,8 +18,8 @@
|
|||
"traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/dashboard/homarr_data:/app/data/configs"
|
||||
"/home/ghoscht/.docker/dashboard/homarr_icons:/app/public/imgs"
|
||||
"/drives/hdd/docker/dashboard/homarr_data:/app/data/configs"
|
||||
"/drives/hdd/docker/dashboard/homarr_icons:/app/public/imgs"
|
||||
];
|
||||
restart = "always";
|
||||
networks = [
|
||||
|
|
|
@ -16,6 +16,8 @@
|
|||
./media
|
||||
./dashboard
|
||||
./smarthome
|
||||
./signal
|
||||
./feed
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [arion];
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
pihole.service = {
|
||||
image = "pihole/pihole:latest";
|
||||
container_name = "pihole";
|
||||
hostname = "pihole";
|
||||
environment = {
|
||||
IPv6 = "True";
|
||||
TZ = "Europe/Berlin";
|
||||
|
@ -29,8 +30,8 @@
|
|||
VIRTUAL_HOST = "pihole.ghoscht.com";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/dns/pihole_data:/etc/pihole"
|
||||
"/home/ghoscht/.docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
|
||||
"/drives/hdd/docker/dns/pihole_data:/etc/pihole"
|
||||
"/drives/hdd/docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
|
@ -65,7 +66,7 @@
|
|||
container_name = "unbound";
|
||||
useHostStore = true;
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"
|
||||
"/drives/hdd/docker/dns/unbound_data:/opt/unbound/etc/unbound"
|
||||
];
|
||||
restart = "always";
|
||||
networks = {
|
||||
|
|
|
@ -18,27 +18,29 @@
|
|||
environment = {
|
||||
PUID = 1000;
|
||||
PGID = 1000;
|
||||
DB_HOST = "db";
|
||||
DB_HOST = "feed-db";
|
||||
};
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/feed/ttrss.env"
|
||||
];
|
||||
restart = "always";
|
||||
dns = ["1.1.1.1"];
|
||||
networks = [
|
||||
"dmz"
|
||||
"transport"
|
||||
];
|
||||
};
|
||||
db.service = {
|
||||
feed-db.service = {
|
||||
image = "postgres:13-alpine";
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/feed/ttrss_db:/var/lib/postgresql/data"
|
||||
"/drives/hdd/docker/feed/ttrss_db:/var/lib/postgresql/data"
|
||||
];
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/feed/ttrss.env"
|
||||
];
|
||||
restart = "always";
|
||||
networks = [
|
||||
"dmz"
|
||||
"transport"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -7,7 +7,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
sops.secrets."ttrs/db_password" = {
|
||||
sops.secrets."ttrss/db_password" = {
|
||||
owner = vars.user;
|
||||
};
|
||||
|
||||
|
|
|
@ -23,17 +23,18 @@
|
|||
"traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/git/forgejo_data:/data"
|
||||
"/drives/hdd/docker/git/forgejo_data:/data"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
ports = [
|
||||
"2222:22"
|
||||
];
|
||||
dns = ["1.1.1.1"];
|
||||
environment = {
|
||||
USER_UID = 1000;
|
||||
USER_GID = 1000;
|
||||
GITEA__database__DB_TYPE = "postgres";
|
||||
GITEA__database__HOST = "db:5432";
|
||||
GITEA__database__HOST = "git-db:5432";
|
||||
};
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/git/forgejo.env"
|
||||
|
@ -44,12 +45,12 @@
|
|||
"transport"
|
||||
];
|
||||
};
|
||||
db.service = {
|
||||
git-db.service = {
|
||||
image = "postgres:15.3-bullseye";
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/git/forgejo-db.env"
|
||||
];
|
||||
volumes = ["/home/ghoscht/.docker/git/forgejo_db:/var/lib/postgresql/data"];
|
||||
volumes = ["/drives/hdd/docker/git/forgejo_db:/var/lib/postgresql/data"];
|
||||
restart = "unless-stopped";
|
||||
networks = [
|
||||
"transport"
|
||||
|
|
|
@ -43,18 +43,18 @@
|
|||
"dmz"
|
||||
];
|
||||
};
|
||||
# cloudflared.service = {
|
||||
# image = "cloudflare/cloudflared:latest";
|
||||
# container_name = "cloudflared";
|
||||
# env_file = [
|
||||
# "/home/ghoscht/.docker/infrastructure/cloudflared.env"
|
||||
# ];
|
||||
# restart = "always";
|
||||
# command = "tunnel --no-autoupdate --protocol http2 run";
|
||||
# networks = [
|
||||
# "dmz"
|
||||
# ];
|
||||
# };
|
||||
cloudflared.service = {
|
||||
image = "cloudflare/cloudflared:latest";
|
||||
container_name = "cloudflared";
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/infrastructure/cloudflared.env"
|
||||
];
|
||||
restart = "always";
|
||||
command = "tunnel --no-autoupdate --protocol http2 run";
|
||||
networks = [
|
||||
"dmz"
|
||||
];
|
||||
};
|
||||
scrutiny.service = {
|
||||
image = "ghcr.io/analogj/scrutiny:master-omnibus";
|
||||
container_name = "scrutiny";
|
||||
|
@ -75,7 +75,10 @@
|
|||
"scrutiny_data:/opt/scrutiny/config"
|
||||
"scrutiny_db:/opt/scrutiny/influxdb"
|
||||
];
|
||||
devices = [];
|
||||
devices = [
|
||||
"/dev/sda"
|
||||
"/dev/nvme0n1"
|
||||
];
|
||||
networks = [
|
||||
"dmz"
|
||||
];
|
||||
|
|
|
@ -28,16 +28,17 @@
|
|||
};
|
||||
volumes = [
|
||||
"jellyfin_cache:/cache"
|
||||
"/home/ghoscht/.docker/media/jellyfin_data:/config"
|
||||
"/home/ghoscht/.docker/media/data/tv:/tv"
|
||||
"/home/ghoscht/.docker/media/data/anime:/anime"
|
||||
"/home/ghoscht/.docker/media/data/movies:/movies"
|
||||
"/drives/hdd/docker/media/jellyfin_data:/config"
|
||||
"/drives/hdd/data/media/tv:/tv"
|
||||
"/drives/hdd/data/media/anime:/anime"
|
||||
"/drives/hdd/data/media/movies:/movies"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
PGID = 1000;
|
||||
TZ = "Europe/Berlin";
|
||||
};
|
||||
dns = ["1.1.1.1"];
|
||||
restart = "always";
|
||||
networks = [
|
||||
"dmz"
|
||||
|
@ -55,8 +56,8 @@
|
|||
"traefik.http.routers.navidrome.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/navidrome_data:/data"
|
||||
"/home/ghoscht/.docker/media/data/music:/music"
|
||||
"/drives/hdd/docker/media/navidrome_data:/data"
|
||||
"/drives/hdd/data/media/music:/music"
|
||||
];
|
||||
environment = {
|
||||
ND_SESSIONTIMEOUT = "336h";
|
||||
|
@ -64,6 +65,7 @@
|
|||
env_file = [
|
||||
"/home/ghoscht/.docker/media/navidrome.env"
|
||||
];
|
||||
dns = ["1.1.1.1"];
|
||||
restart = "always";
|
||||
networks = [
|
||||
"dmz"
|
||||
|
@ -82,8 +84,8 @@
|
|||
"traefik.http.routers.transmission.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/transmission_data:/config"
|
||||
"/home/ghoscht/.docker/media/data:/data"
|
||||
"/drives/hdd/docker/media/transmission_data:/config"
|
||||
"/drives/hdd/data/:/data"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
|
@ -104,6 +106,7 @@
|
|||
capabilities = {
|
||||
NET_ADMIN = true;
|
||||
};
|
||||
dns = ["1.1.1.1"];
|
||||
restart = "always";
|
||||
networks = [
|
||||
"dmz"
|
||||
|
@ -122,7 +125,7 @@
|
|||
"traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/prowlarr_data:/config"
|
||||
"/drives/hdd/docker/media/prowlarr_data:/config"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
|
@ -148,8 +151,8 @@
|
|||
"traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/sonarr_data:/config"
|
||||
"/home/ghoscht/.docker/media/data:/data"
|
||||
"/drives/hdd/docker/media/sonarr_data:/config"
|
||||
"/drives/hdd/data/:/data"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
|
@ -176,8 +179,8 @@
|
|||
"traefik.http.routers.radarr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/radarr_data:/config"
|
||||
"/home/ghoscht/.docker/media/data:/data"
|
||||
"/drives/hdd/docker/media/radarr_data:/config"
|
||||
"/drives/hdd/data/:/data"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
|
@ -205,10 +208,10 @@
|
|||
"traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/lidarr_data:/config"
|
||||
"/home/ghoscht/.docker/media/data:/data"
|
||||
"/home/ghoscht/.docker/media/lidarr_addons/custom-services.d:/custom-services.d"
|
||||
"/home/ghoscht/.docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d"
|
||||
"/drives/hdd/docker/media/lidarr_data:/config"
|
||||
"/drives/hdd/data/:/data"
|
||||
"/drives/hdd/docker/media/lidarr_addons/custom-services.d:/custom-services.d"
|
||||
"/drives/hdd/docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
|
@ -235,9 +238,10 @@
|
|||
"traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/bazarr_data:/config"
|
||||
"/home/ghoscht/.docker/media/data:/data"
|
||||
"/drives/hdd/docker/media/bazarr_data:/config"
|
||||
"/drives/hdd/data/:/data"
|
||||
];
|
||||
dns = ["1.1.1.1"];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
PGID = 1000;
|
||||
|
@ -259,13 +263,14 @@
|
|||
"traefik.http.routers.jellyseerr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config"
|
||||
"/drives/hdd/docker/media/jellyseerr_data:/app/config"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
PGID = 1000;
|
||||
TZ = "Europe/Berlin";
|
||||
};
|
||||
dns = ["1.1.1.1"];
|
||||
networks = ["dmz"];
|
||||
restart = "always";
|
||||
};
|
||||
|
@ -282,7 +287,7 @@
|
|||
"traefik.http.routers.autobrr.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config"
|
||||
"/drives/hdd/docker/media/autobrr_data:/config"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
|
@ -311,7 +316,7 @@
|
|||
"traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config"
|
||||
"/drives/hdd/data/deemix:/downloads"
|
||||
];
|
||||
environment = {
|
||||
PUID = 1000;
|
||||
|
@ -329,7 +334,7 @@
|
|||
image = "golift/unpackerr";
|
||||
container_name = "unpackerr";
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/media/data:/data"
|
||||
"/drives/hdd/data/:/data"
|
||||
];
|
||||
user = "1000:1000";
|
||||
env_file = [
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
};
|
||||
command = "-s 'public;/mount;yes;no;yes' -p";
|
||||
volumes = [
|
||||
"/home/ghoscht:/mount"
|
||||
"/drives/hdd/nas:/mount"
|
||||
];
|
||||
restart = "always";
|
||||
networks = [
|
||||
|
|
|
@ -22,24 +22,22 @@
|
|||
"traefik.http.routers.nextcloud.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
|
||||
];
|
||||
environment = {MYSQL_HOST = "nextcloud-db";};
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/nextcloud/nextcloud.env"
|
||||
"/drives/hdd/docker/nextcloud/nextcloud_data:/var/www/html"
|
||||
];
|
||||
hostname = "nextcloud.ghoscht.com";
|
||||
dns = ["1.1.1.1"];
|
||||
restart = "unless-stopped";
|
||||
networks = [
|
||||
"dmz"
|
||||
"transport"
|
||||
];
|
||||
};
|
||||
db.service = {
|
||||
image = "mariadb:10.5";
|
||||
nextcloud-db.service = {
|
||||
image = "mariadb:11.4.1-rc-jammy";
|
||||
env_file = [
|
||||
"/home/ghoscht/.docker/nextcloud/nextcloud.env"
|
||||
];
|
||||
volumes = ["/home/ghoscht/.docker/nextcloud/nextcloud_db:/var/lib/mysql"];
|
||||
volumes = ["/drives/hdd/docker/nextcloud/nextcloud_db:/var/lib/mysql"];
|
||||
restart = "unless-stopped";
|
||||
command = "--transaction-isolation=READ-COMMITTED --binlog-format=ROW";
|
||||
networks = [
|
||||
|
|
|
@ -17,8 +17,9 @@
|
|||
"traefik.http.routers.vaultwarden.tls" = "true";
|
||||
"traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
dns = ["1.1.1.1"];
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/infrastructure/vaultwarden_data/:/data"
|
||||
"/drives/hdd/docker/passwords/vaultwarden_data/:/data"
|
||||
];
|
||||
environment = {
|
||||
DOMAIN = "http://vaultwarden.ghoscht.com";
|
||||
|
|
|
@ -24,13 +24,10 @@
|
|||
"traefik.http.routers.mollysocket.tls" = "true";
|
||||
"traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/signal/mollysocket_data:/data"
|
||||
];
|
||||
environment = {
|
||||
MOLLY_DB = "/data/mollysocket.db";
|
||||
MOLLY_ALLOWED_ENDPOINTS = "['https://push.ghoscht.com','*]";
|
||||
MOLLY_ALLOWED_UUIDS = "['*']";
|
||||
MOLLY_ALLOWED_ENDPOINTS = "[\"https://push.ghoscht.com\",\"*\"]";
|
||||
MOLLY_ALLOWED_UUIDS = "[\"*\"]";
|
||||
MOLLY_HOST = "0.0.0.0";
|
||||
MOLLY_PORT = 8020;
|
||||
RUST_LOG = "info";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{config, ...}: {
|
||||
virtualisation.arion = {
|
||||
projects.infrastructure.settings = {
|
||||
projects.signal.settings = {
|
||||
imports = [./arion-compose.nix];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
"traefik.http.services.homeassistant.loadbalancer.server.port" = "8123";
|
||||
};
|
||||
volumes = [
|
||||
"/home/ghoscht/.docker/smarthome/homeassistant_data:/config"
|
||||
"/drives/hdd/docker/smarthome/homeassistant_data:/config"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"/run/dbus:/run/dbus:ro"
|
||||
];
|
||||
|
|
|
@ -26,11 +26,21 @@ in {
|
|||
];
|
||||
|
||||
users.mutableUsers = true;
|
||||
users.users.${vars.user}.password = "changeme";
|
||||
users.users.${vars.user} = {
|
||||
password = "changeme";
|
||||
openssh.authorizedKeys.keys = [
|
||||
#Desktop
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"
|
||||
|
||||
nix.extraOptions = ''
|
||||
download-speed = 4000
|
||||
'';
|
||||
#Convertible
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
|
||||
];
|
||||
};
|
||||
security.pam.enableSSHAgentAuth = true;
|
||||
|
||||
fileSystems."/drives/hdd" = {
|
||||
device = "/dev/disk/by-uuid/7d5eaff7-c17d-4fac-b7d7-7aa3c35b9a29";
|
||||
};
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
|
|
|
@ -1,25 +1,28 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
|
||||
boot.initrd.kernelModules = ["dm-snapshot"];
|
||||
boot.kernelModules = ["kvm-amd"];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue