Compare commits
12 commits
0c7e2bd304
...
b54924fec6
Author | SHA1 | Date | |
---|---|---|---|
b54924fec6 | |||
6ed0c4561c | |||
fa6763821c | |||
857a925476 | |||
d8df732fdd | |||
14cbb1507e | |||
69e86ebfd3 | |||
e2b65ceead | |||
7e46da362b | |||
047fa9425c | |||
c8d290c36f | |||
3d887fc5c5 |
22 changed files with 134 additions and 263 deletions
38
flake.lock
38
flake.lock
|
@ -231,11 +231,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "pkgs/firefox-addons",
|
"dir": "pkgs/firefox-addons",
|
||||||
"lastModified": 1734648163,
|
"lastModified": 1734785267,
|
||||||
"narHash": "sha256-AK7nqONfzyxUzqVVeRoniO6NRv4SaxPrXwuyY8jtCXs=",
|
"narHash": "sha256-YYegplAxphR6h/RC51QuR/h+8blQfwA7PizOJnn1tKY=",
|
||||||
"owner": "rycee",
|
"owner": "rycee",
|
||||||
"repo": "nur-expressions",
|
"repo": "nur-expressions",
|
||||||
"rev": "2b5a7eb2719b146f6308dfa51c9a1c4b03d965a3",
|
"rev": "c2d31edc915e357be279717b1c7c8554f751546d",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -547,11 +547,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1733665616,
|
"lastModified": 1734425854,
|
||||||
"narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=",
|
"narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a",
|
"rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -747,11 +747,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1733951536,
|
"lastModified": 1734366194,
|
||||||
"narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=",
|
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f",
|
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1277,11 +1277,11 @@
|
||||||
"treefmt-nix": "treefmt-nix_2"
|
"treefmt-nix": "treefmt-nix_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734447589,
|
"lastModified": 1734784342,
|
||||||
"narHash": "sha256-APyzO3pn6iiGJxkWczifnxm3pKZrNYgpJUPpnVfUwsk=",
|
"narHash": "sha256-uap4LcvjpTz5WTgDfQYtL3QCpGmtee7DuD5mB8AIiLw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "4f0d5e0d2947dbf111f2ce00c99ca4c6c659dc79",
|
"rev": "334947672f1eb05488e69657b9c412230bd658b4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1324,11 +1324,11 @@
|
||||||
"treefmt-nix": "treefmt-nix_3"
|
"treefmt-nix": "treefmt-nix_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734729657,
|
"lastModified": 1734788715,
|
||||||
"narHash": "sha256-6X+/mqwW1X++QMAUX/p5N0VbAfvqKuQSqZNbEoHfFVo=",
|
"narHash": "sha256-T8FY85Y5wMcK6KP09DFhY8k7czMp3JPDyDRmrdz1yzc=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "d2a7e36f5e58300af341a728b9c4e1bfe2776d4d",
|
"rev": "6d210f6fbd1256e9430da4247e45c925a2f7c587",
|
||||||
"revCount": 30,
|
"revCount": 38,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.ghoscht.com/ghoscht/picoKontroller"
|
"url": "https://git.ghoscht.com/ghoscht/picoKontroller"
|
||||||
},
|
},
|
||||||
|
@ -1636,11 +1636,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1733761991,
|
"lastModified": 1734704479,
|
||||||
"narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=",
|
"narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085",
|
"rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
let
|
let
|
||||||
authentikImage = "ghcr.io/goauthentik/server:2024.10.2";
|
authentikImage = "ghcr.io/goauthentik/server:2024.12.0";
|
||||||
in {
|
in {
|
||||||
project.name = "auth";
|
project.name = "auth";
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "dashboard";
|
project.name = "dashboard";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
homarr.service = {
|
homarr.service = {
|
||||||
image = "ghcr.io/ajnart/homarr:0.15.3";
|
image = "ghcr.io/ajnart/homarr:0.15.10";
|
||||||
container_name = "homarr";
|
container_name = "homarr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "dns";
|
project.name = "dns";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
pihole.service = {
|
pihole.service = {
|
||||||
image = "pihole/pihole:2024.03.1";
|
image = "pihole/pihole:2024.07.0";
|
||||||
container_name = "pihole";
|
container_name = "pihole";
|
||||||
hostname = "pihole";
|
hostname = "pihole";
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -59,7 +59,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
unbound.service = {
|
unbound.service = {
|
||||||
image = "mvance/unbound:1.19.3";
|
image = "mvance/unbound:1.21.1";
|
||||||
container_name = "unbound";
|
container_name = "unbound";
|
||||||
volumes = [
|
volumes = [
|
||||||
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"
|
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "git";
|
project.name = "git";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
forgejo.service = {
|
forgejo.service = {
|
||||||
image = "codeberg.org/forgejo/forgejo:9.0.2";
|
image = "codeberg.org/forgejo/forgejo:9.0.3";
|
||||||
container_name = "forgejo";
|
container_name = "forgejo";
|
||||||
useHostStore = true;
|
useHostStore = true;
|
||||||
labels = {
|
labels = {
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
{config, ...}: let
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
vars = import ../../../../vars.nix;
|
vars = import ../../../../vars.nix;
|
||||||
in {
|
in {
|
||||||
virtualisation.arion = {
|
virtualisation.arion = {
|
||||||
|
@ -16,6 +20,9 @@ in {
|
||||||
sops.secrets."forgejo/db_database" = {
|
sops.secrets."forgejo/db_database" = {
|
||||||
owner = vars.user;
|
owner = vars.user;
|
||||||
};
|
};
|
||||||
|
sops.secrets."forgejo/runner_token" = {
|
||||||
|
owner = vars.user;
|
||||||
|
};
|
||||||
|
|
||||||
sops.templates."forgejo.env" = {
|
sops.templates."forgejo.env" = {
|
||||||
path = "/home/${vars.user}/.docker/git/forgejo.env";
|
path = "/home/${vars.user}/.docker/git/forgejo.env";
|
||||||
|
@ -38,4 +45,21 @@ in {
|
||||||
POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}"
|
POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-runner;
|
||||||
|
instances.default = {
|
||||||
|
enable = true;
|
||||||
|
name = config.networking.hostName;
|
||||||
|
url = "https://git.ghoscht.com";
|
||||||
|
# tokenFile = "/home/${vars.user}/.docker/git/forgejo-runner.env";
|
||||||
|
tokenFile = config.sops.secrets."forgejo/runner_token".path;
|
||||||
|
labels = [
|
||||||
|
"ubuntu-latest:docker://node:22-bookworm"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# enable cache actions https://forgejo.org/docs/latest/admin/runner-installation/
|
||||||
|
networking.firewall.trustedInterfaces = ["br-+"];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "infrastructure";
|
project.name = "infrastructure";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
traefik.service = {
|
traefik.service = {
|
||||||
image = "traefik:3.1.4";
|
image = "traefik:3.2.3";
|
||||||
container_name = "traefik";
|
container_name = "traefik";
|
||||||
useHostStore = true;
|
useHostStore = true;
|
||||||
ports = [
|
ports = [
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
crowdsec.service = {
|
crowdsec.service = {
|
||||||
image = "crowdsecurity/crowdsec:v1.6.3";
|
image = "crowdsecurity/crowdsec:v1.6.4";
|
||||||
container_name = "crowdsec";
|
container_name = "crowdsec";
|
||||||
environment = {
|
environment = {
|
||||||
GID = "1000";
|
GID = "1000";
|
||||||
|
|
|
@ -1,113 +0,0 @@
|
||||||
{pkgs, ...}: {
|
|
||||||
project.name = "matrix";
|
|
||||||
|
|
||||||
networks.dmz = {
|
|
||||||
name = "dmz";
|
|
||||||
external = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networks.transport = {};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
synapse.service = {
|
|
||||||
image = "matrixdotorg/synapse:v1.118.0";
|
|
||||||
container_name = "synapse";
|
|
||||||
labels = {
|
|
||||||
"traefik.enable" = "true";
|
|
||||||
|
|
||||||
"traefik.http.services.synapse.loadbalancer.server.port" = "8008";
|
|
||||||
"traefik.http.routers.synapse.service" = "synapse";
|
|
||||||
"traefik.http.routers.synapse.entrypoints" = "websecure";
|
|
||||||
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
|
|
||||||
"traefik.docker.network" = "dmz";
|
|
||||||
"traefik.http.routers.synapse.tls" = "true";
|
|
||||||
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
|
|
||||||
|
|
||||||
"traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
|
|
||||||
"traefik.http.routers.synapse-external.service" = "synapse-external";
|
|
||||||
"traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
|
|
||||||
"traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
|
|
||||||
"traefik.http.routers.synapse-external.tls" = "true";
|
|
||||||
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
|
|
||||||
};
|
|
||||||
volumes = [
|
|
||||||
"/storage/dataset/docker/matrix/synapse_data:/data"
|
|
||||||
];
|
|
||||||
env_file = [
|
|
||||||
"/home/ghoscht/.docker/matrix/synapse.env"
|
|
||||||
];
|
|
||||||
environment = {
|
|
||||||
UID = "1000";
|
|
||||||
GID = "1000";
|
|
||||||
TZ = "Europe/Berlin";
|
|
||||||
};
|
|
||||||
restart = "unless-stopped";
|
|
||||||
networks = [
|
|
||||||
"dmz"
|
|
||||||
"transport"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
postgres.service = {
|
|
||||||
image = "postgres:14";
|
|
||||||
env_file = [
|
|
||||||
"/home/ghoscht/.docker/matrix/synapse.env"
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
|
|
||||||
];
|
|
||||||
restart = "unless-stopped";
|
|
||||||
networks = [
|
|
||||||
"transport"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
matrix-nginx.service = {
|
|
||||||
container_name = "matrix-nginx";
|
|
||||||
image = "nginx:1.25.4";
|
|
||||||
volumes = [
|
|
||||||
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
|
|
||||||
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
|
|
||||||
];
|
|
||||||
labels = {
|
|
||||||
"traefik.enable" = "true";
|
|
||||||
|
|
||||||
"traefik.http.services.matrix.loadbalancer.server.port" = "80";
|
|
||||||
"traefik.http.routers.matrix.service" = "matrix";
|
|
||||||
"traefik.http.routers.matrix.entrypoints" = "websecure";
|
|
||||||
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
|
|
||||||
"traefik.docker.network" = "dmz";
|
|
||||||
"traefik.http.routers.matrix.tls" = "true";
|
|
||||||
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
|
|
||||||
|
|
||||||
"traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
|
|
||||||
"traefik.http.routers.matrix-external.service" = "matrix-external";
|
|
||||||
"traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
|
|
||||||
"traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
|
|
||||||
"traefik.http.routers.matrix-external.tls" = "true";
|
|
||||||
"traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
|
|
||||||
};
|
|
||||||
restart = "unless-stopped";
|
|
||||||
networks = [
|
|
||||||
"transport"
|
|
||||||
"dmz"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
element.service = {
|
|
||||||
image = "vectorim/element-web:v1.11.64";
|
|
||||||
volumes = [
|
|
||||||
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
|
|
||||||
];
|
|
||||||
labels = {
|
|
||||||
"traefik.enable" = "true";
|
|
||||||
"traefik.http.routers.element.entrypoints" = "websecure";
|
|
||||||
"traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)";
|
|
||||||
"traefik.docker.network" = "dmz";
|
|
||||||
"traefik.http.routers.element.tls" = "true";
|
|
||||||
"traefik.http.routers.element.tls.certresolver" = "letsencrypt";
|
|
||||||
};
|
|
||||||
restart = "unless-stopped";
|
|
||||||
networks = [
|
|
||||||
"dmz"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
|
|
||||||
import <nixpkgs> {
|
|
||||||
# We specify the architecture explicitly. Use a Linux remote builder when
|
|
||||||
# calling arion from other platforms.
|
|
||||||
system = "x86_64-linux";
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
{config, ...}: let
|
|
||||||
vars = import ../../../../vars.nix;
|
|
||||||
in {
|
|
||||||
# virtualisation.arion = {
|
|
||||||
# projects.matrix.settings = {
|
|
||||||
# imports = [./arion-compose.nix];
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
sops.secrets."matrix/postgres_password" = {
|
|
||||||
owner = vars.user;
|
|
||||||
};
|
|
||||||
sops.secrets."matrix/postgres_database" = {
|
|
||||||
owner = vars.user;
|
|
||||||
};
|
|
||||||
sops.secrets."matrix/postgres_user" = {
|
|
||||||
owner = vars.user;
|
|
||||||
};
|
|
||||||
|
|
||||||
sops.templates."synapse.env" = {
|
|
||||||
path = "/home/${vars.user}/.docker/matrix/synapse.env";
|
|
||||||
owner = vars.user;
|
|
||||||
mode = "0775";
|
|
||||||
content = ''
|
|
||||||
POSTGRES_DB="${config.sops.placeholder."matrix/postgres_database"}"
|
|
||||||
POSTGRES_USER="${config.sops.placeholder."matrix/postgres_user"}"
|
|
||||||
POSTGRES_PASSWORD="${config.sops.placeholder."matrix/postgres_password"}"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "media";
|
project.name = "media";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
jellyfin.service = {
|
jellyfin.service = {
|
||||||
image = "linuxserver/jellyfin:10.9.10";
|
image = "linuxserver/jellyfin:10.10.3";
|
||||||
container_name = "jellyfin";
|
container_name = "jellyfin";
|
||||||
ports = [
|
ports = [
|
||||||
"8096:8096"
|
"8096:8096"
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
navidrome.service = {
|
navidrome.service = {
|
||||||
image = "deluan/navidrome:0.53.1";
|
image = "deluan/navidrome:0.54.1";
|
||||||
container_name = "navidrome";
|
container_name = "navidrome";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -146,7 +146,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
prowlarr.service = {
|
prowlarr.service = {
|
||||||
image = "linuxserver/prowlarr:1.23.1";
|
image = "linuxserver/prowlarr:1.28.2";
|
||||||
container_name = "prowlarr";
|
container_name = "prowlarr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -175,7 +175,7 @@
|
||||||
restart = "always";
|
restart = "always";
|
||||||
};
|
};
|
||||||
sonarr.service = {
|
sonarr.service = {
|
||||||
image = "linuxserver/sonarr:4.0.9";
|
image = "linuxserver/sonarr:4.0.11";
|
||||||
container_name = "sonarr";
|
container_name = "sonarr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -206,7 +206,7 @@
|
||||||
restart = "always";
|
restart = "always";
|
||||||
};
|
};
|
||||||
radarr.service = {
|
radarr.service = {
|
||||||
image = "linuxserver/radarr:5.9.1";
|
image = "linuxserver/radarr:5.16.3";
|
||||||
container_name = "radarr";
|
container_name = "radarr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -237,7 +237,7 @@
|
||||||
restart = "always";
|
restart = "always";
|
||||||
};
|
};
|
||||||
lidarr.service = {
|
lidarr.service = {
|
||||||
image = "linuxserver/lidarr:2.5.3";
|
image = "linuxserver/lidarr:2.8.2";
|
||||||
container_name = "lidarr";
|
container_name = "lidarr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -273,7 +273,7 @@
|
||||||
restart = "always";
|
restart = "always";
|
||||||
};
|
};
|
||||||
bazarr.service = {
|
bazarr.service = {
|
||||||
image = "hotio/bazarr:release-1.4.3";
|
image = "hotio/bazarr:release-1.4.5";
|
||||||
container_name = "bazarr";
|
container_name = "bazarr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -298,7 +298,7 @@
|
||||||
restart = "always";
|
restart = "always";
|
||||||
};
|
};
|
||||||
jellyseerr.service = {
|
jellyseerr.service = {
|
||||||
image = "fallenbagel/jellyseerr:1.7.0";
|
image = "fallenbagel/jellyseerr:2.1.0";
|
||||||
container_name = "jellyseerr";
|
container_name = "jellyseerr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -321,7 +321,7 @@
|
||||||
restart = "always";
|
restart = "always";
|
||||||
};
|
};
|
||||||
autobrr.service = {
|
autobrr.service = {
|
||||||
image = "ghcr.io/autobrr/autobrr:v1.46.0";
|
image = "ghcr.io/autobrr/autobrr:v1.53.0";
|
||||||
container_name = "autobrr";
|
container_name = "autobrr";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
@ -353,35 +353,8 @@
|
||||||
};
|
};
|
||||||
restart = "always";
|
restart = "always";
|
||||||
};
|
};
|
||||||
# deemix.service = {
|
|
||||||
# image = "finniedj/deemix:latest";
|
|
||||||
# container_name = "deemix";
|
|
||||||
# labels = {
|
|
||||||
# "traefik.enable" = "true";
|
|
||||||
# "traefik.http.routers.deemix.entrypoints" = "websecure";
|
|
||||||
# "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)";
|
|
||||||
# "traefik.http.services.deemix.loadbalancer.server.port" = "6595";
|
|
||||||
# "traefik.docker.network" = "dmz";
|
|
||||||
# "traefik.http.routers.deemix.tls" = "true";
|
|
||||||
# "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
|
|
||||||
# };
|
|
||||||
# volumes = [
|
|
||||||
# "/home/ghoscht/.data/deemix:/downloads"
|
|
||||||
# ];
|
|
||||||
# environment = {
|
|
||||||
# PUID = 1000;
|
|
||||||
# PGID = 1000;
|
|
||||||
# UMASK_SET = 022;
|
|
||||||
# TZ = "Europe/Berlin";
|
|
||||||
# };
|
|
||||||
# network_mode = "service:vpn";
|
|
||||||
# depends_on = {
|
|
||||||
# vpn = {condition = "service_healthy";};
|
|
||||||
# };
|
|
||||||
# restart = "always";
|
|
||||||
# };
|
|
||||||
unpackerr.service = {
|
unpackerr.service = {
|
||||||
image = "golift/unpackerr:0.13";
|
image = "golift/unpackerr:0.14.5";
|
||||||
container_name = "unpackerr";
|
container_name = "unpackerr";
|
||||||
volumes = [
|
volumes = [
|
||||||
"/storage/dataset/data/:/data"
|
"/storage/dataset/data/:/data"
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
minio.service = {
|
minio.service = {
|
||||||
image = "bitnami/minio:2024.5.10";
|
image = "bitnami/minio:2024.12.18";
|
||||||
container_name = "minio";
|
container_name = "minio";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "nextcloud";
|
project.name = "nextcloud";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
nextcloud.service = {
|
nextcloud.service = {
|
||||||
image = "nextcloud:28.0.4";
|
image = "nextcloud:30.0.4";
|
||||||
container_name = "nextcloud";
|
container_name = "nextcloud";
|
||||||
useHostStore = true;
|
useHostStore = true;
|
||||||
labels = {
|
labels = {
|
||||||
|
@ -25,10 +25,12 @@
|
||||||
"/storage/dataset/docker/nextcloud/nextcloud_data/data:/var/www/html/data"
|
"/storage/dataset/docker/nextcloud/nextcloud_data/data:/var/www/html/data"
|
||||||
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
|
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
|
||||||
];
|
];
|
||||||
|
entrypoint = "/bin/bash -c 'apt update && apt install ffmpeg -y && /entrypoint.sh apache2-foreground'";
|
||||||
hostname = "nextcloud.ghoscht.com";
|
hostname = "nextcloud.ghoscht.com";
|
||||||
environment = {
|
environment = {
|
||||||
REDIS_HOST = "nextcloud-redis";
|
REDIS_HOST = "nextcloud-redis";
|
||||||
REDIS_PORT = 6379;
|
REDIS_PORT = 6379;
|
||||||
|
TRUSTED_PROXIES = "172.27.0.9/24";
|
||||||
};
|
};
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
networks = [
|
networks = [
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
vaultwarden.service = {
|
vaultwarden.service = {
|
||||||
image = "vaultwarden/server:1.32.5";
|
image = "vaultwarden/server:1.32.7";
|
||||||
container_name = "vaultwarden";
|
container_name = "vaultwarden";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "push";
|
project.name = "push";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
ntfy.service = {
|
ntfy.service = {
|
||||||
image = "binwiederhier/ntfy:v2.10.0";
|
image = "binwiederhier/ntfy:v2.11.0";
|
||||||
container_name = "ntfy";
|
container_name = "ntfy";
|
||||||
user = "1000:1000";
|
user = "1000:1000";
|
||||||
command = "serve";
|
command = "serve";
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
mollysocket.service = {
|
mollysocket.service = {
|
||||||
image = "ghcr.io/mollyim/mollysocket:1.3.0";
|
image = "ghcr.io/mollyim/mollysocket:1.5.4";
|
||||||
container_name = "mollysocket";
|
container_name = "mollysocket";
|
||||||
useHostStore = true;
|
useHostStore = true;
|
||||||
ports = [
|
ports = [
|
||||||
|
@ -41,6 +41,9 @@
|
||||||
MOLLY_PORT = 8020;
|
MOLLY_PORT = 8020;
|
||||||
RUST_LOG = "info";
|
RUST_LOG = "info";
|
||||||
};
|
};
|
||||||
|
env_file = [
|
||||||
|
"/home/ghoscht/.docker/signal/mollysocket.env"
|
||||||
|
];
|
||||||
restart = "always";
|
restart = "always";
|
||||||
networks = [
|
networks = [
|
||||||
"dmz"
|
"dmz"
|
||||||
|
|
|
@ -1,7 +1,22 @@
|
||||||
{config, ...}: {
|
{config, ...}: let
|
||||||
|
vars = import ../../../../vars.nix;
|
||||||
|
in {
|
||||||
virtualisation.arion = {
|
virtualisation.arion = {
|
||||||
projects.signal.settings = {
|
projects.signal.settings = {
|
||||||
imports = [./arion-compose.nix];
|
imports = [./arion-compose.nix];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."signal/vapid_privkey" = {
|
||||||
|
owner = vars.user;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.templates."mollysocket.env" = {
|
||||||
|
path = "/home/${vars.user}/.docker/signal/mollysocket.env";
|
||||||
|
owner = vars.user;
|
||||||
|
mode = "0775";
|
||||||
|
content = ''
|
||||||
|
MOLLY_VAPID_PRIVKEY="${config.sops.placeholder."signal/vapid_privkey"}"
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
project.name = "smarthome";
|
project.name = "smarthome";
|
||||||
|
|
||||||
networks.dmz = {
|
networks.dmz = {
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
homeassistant.service = {
|
homeassistant.service = {
|
||||||
image = "ghcr.io/home-assistant/home-assistant:2024.4.1";
|
image = "ghcr.io/home-assistant/home-assistant:2024.12.5";
|
||||||
container_name = "homeassistant";
|
container_name = "homeassistant";
|
||||||
privileged = true;
|
privileged = true;
|
||||||
labels = {
|
labels = {
|
||||||
|
|
|
@ -59,7 +59,8 @@ in {
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
security.pam.enableSSHAgentAuth = true;
|
|
||||||
|
security.pam.sshAgentAuth.enable = true;
|
||||||
|
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
overlays = [
|
overlays = [
|
||||||
|
|
|
@ -302,6 +302,14 @@ in {
|
||||||
cron: '55 3 * * *' # Every Day at 3:55
|
cron: '55 3 * * *' # Every Day at 3:55
|
||||||
hooks:
|
hooks:
|
||||||
<<: *default_hooks
|
<<: *default_hooks
|
||||||
|
videos:
|
||||||
|
from: /home/ghoscht/Videos
|
||||||
|
to:
|
||||||
|
- zfs
|
||||||
|
- eustachius
|
||||||
|
cron: '55 3 * * *' # Every Day at 3:55
|
||||||
|
hooks:
|
||||||
|
<<: *default_hooks
|
||||||
backends:
|
backends:
|
||||||
zfs:
|
zfs:
|
||||||
type: local
|
type: local
|
||||||
|
@ -309,7 +317,7 @@ in {
|
||||||
key: '${config.sops.placeholder."autorestic/zfs_key"}'
|
key: '${config.sops.placeholder."autorestic/zfs_key"}'
|
||||||
eustachius:
|
eustachius:
|
||||||
type: rest
|
type: rest
|
||||||
path: http://100.64.0.3:8000/franz
|
path: http://fd7a:115c:a1e0::8:8000/franz
|
||||||
key: '${config.sops.placeholder."autorestic/eustachius_key"}'
|
key: '${config.sops.placeholder."autorestic/eustachius_key"}'
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,29 +1,31 @@
|
||||||
{
|
{
|
||||||
services.samba = {
|
services.samba = {
|
||||||
enable = true;
|
enable = true;
|
||||||
securityType = "user";
|
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
extraConfig = ''
|
settings = {
|
||||||
workgroup = WORKGROUP
|
global = {
|
||||||
server string = franz
|
"invalid users" = [
|
||||||
netbios name = franz
|
"root"
|
||||||
security = user
|
];
|
||||||
#use sendfile = yes
|
"passwd program" = "/run/wrappers/bin/passwd %u";
|
||||||
#max protocol = smb2
|
"security" = "user";
|
||||||
|
|
||||||
|
"workgroup" = "WORKGROUP";
|
||||||
|
"server string" = "franz";
|
||||||
|
"netbios name" = "franz";
|
||||||
# note: localhost is the ipv6 localhost ::1
|
# note: localhost is the ipv6 localhost ::1
|
||||||
hosts allow = 192.168.178. 127.0.0.1 localhost
|
"hosts allow" = "192.168.178. 127.0.0.1 localhost";
|
||||||
hosts deny = 0.0.0.0/0
|
"hosts deny" = "0.0.0.0/0";
|
||||||
guest account = nobody
|
"guest account" = "nobody";
|
||||||
map to guest = bad user
|
"map to guest" = "bad user";
|
||||||
|
|
||||||
# debugging
|
# debugging
|
||||||
# log file = /var/log/samba/log.%m
|
# log file = /var/log/samba/log.%m
|
||||||
# max log size = 1000
|
# max log size = 1000
|
||||||
# logging = file
|
# logging = file
|
||||||
'';
|
};
|
||||||
|
|
||||||
# Run sudo smbpasswd -a <username> to set the smb password for an EXISTING linux user
|
# Run sudo smbpasswd -a <username> to set the smb password for an EXISTING linux user
|
||||||
shares = {
|
|
||||||
software = {
|
software = {
|
||||||
path = "/storage/dataset/data/torrents/misc";
|
path = "/storage/dataset/data/torrents/misc";
|
||||||
browseable = "yes";
|
browseable = "yes";
|
||||||
|
@ -34,17 +36,6 @@
|
||||||
"force user" = "ghoscht";
|
"force user" = "ghoscht";
|
||||||
"force group" = "users";
|
"force group" = "users";
|
||||||
};
|
};
|
||||||
max = {
|
|
||||||
path = "/storage/dataset/nas/max";
|
|
||||||
browseable = "yes";
|
|
||||||
"read only" = "no";
|
|
||||||
"guest ok" = "no";
|
|
||||||
"valid users" = "max";
|
|
||||||
"create mask" = "0644";
|
|
||||||
"directory mask" = "0755";
|
|
||||||
"force user" = "ghoscht";
|
|
||||||
"force group" = "users";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ forgejo:
|
||||||
db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str]
|
db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str]
|
||||||
db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str]
|
db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str]
|
||||||
db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str]
|
db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str]
|
||||||
|
runner_token: ENC[AES256_GCM,data:rjgbrqLAA16dlNDn/Mh3TQ8+2mYD3Sn2502aY0PuNmINIfu9lnUCtw==,iv:FAzNa0fxlN61xrrWrbfRl6F4GHkR3bhmZEPrejTpKyU=,tag:yoOAiVCBQFuFpT+cgXPuWA==,type:str]
|
||||||
navidrome:
|
navidrome:
|
||||||
spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str]
|
spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str]
|
||||||
spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str]
|
spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str]
|
||||||
|
@ -66,6 +67,8 @@ wiki:
|
||||||
db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str]
|
db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str]
|
||||||
db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str]
|
db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str]
|
||||||
db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str]
|
db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str]
|
||||||
|
signal:
|
||||||
|
vapid_privkey: ENC[AES256_GCM,data:OaB+1baDLCXd7kqfQWwX8yBoqARuHFYWmtsiQ/ku8Om6ZKZkuoGVJP1FuQ==,iv:iQkYrRl3+pVzN6bjz1MPo+7prFJRHGkxHr5BjjDlFuM=,tag:vCMo14LZvVjCtJ4vGH0DOA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -81,8 +84,8 @@ sops:
|
||||||
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
|
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
|
||||||
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
|
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-08-09T13:53:16Z"
|
lastmodified: "2024-12-18T20:43:51Z"
|
||||||
mac: ENC[AES256_GCM,data:5pANdrfnPuDf2mai0UgcFbwr4OzjLzLWraKOt38fX2MySYH2EryMzsk4prhehXPTkD3soMFwaVbuuqZUbkWCWM3CtjuyCisQH4uiZZw+slw6g8atr4h3tpHtD2SwgGVESMJouVQyfb9ko4O1ArBvml/0a6DAGmwoxlQwGboZR5M=,iv:oiZx4BsRBNAn+hjhzhV6oVZrYQJ32DAQlyNNsevaLpc=,tag:A0EsGeaP5vy9vA8WZjbxIQ==,type:str]
|
mac: ENC[AES256_GCM,data:RSaqAh5OpOK6WjJSLzi4uUSGdGphTuz8skfqY3YEb9woVNFUKgYMurISuvCTBz99qcXSZGBmbL7Ppu+cEJQGCRz6Vmtu+mql5FbP/iyEOJALMN6VuK6l84WFzzEnWnNrN49B/+aTwtwJ01DDwy6Ze9RqekEAyLjYoyc/C94TwN4=,iv:kGtHqjZNal2t6GxYAvIRVnjI2VFrMAC3K5W62Slqmnw=,tag:paPQz3LRVfizIX3YXH9uCQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue