Compare commits

..

No commits in common. "528246061aa0eba2bcb35bb7ff146f89ba55c854" and "5b3d999a863872fb34d8ecebee00a156c47e0e25" have entirely different histories.

10 changed files with 27 additions and 32 deletions

View file

@ -1,5 +1,5 @@
let
authentikImage = "ghcr.io/goauthentik/server:2024.10.2";
authentikImage = "ghcr.io/goauthentik/server:2024.8.2";
in {
project.name = "auth";

View file

@ -21,7 +21,7 @@
./headscale
./auth
./minio
./stats
# ./stats
./wiki
];

View file

@ -10,7 +10,7 @@
services = {
forgejo.service = {
image = "codeberg.org/forgejo/forgejo:9.0.2";
image = "codeberg.org/forgejo/forgejo:8.0.3";
container_name = "forgejo";
useHostStore = true;
labels = {

View file

@ -58,7 +58,7 @@
container_name = "crowdsec";
environment = {
GID = "1000";
COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching";
COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden";
};
volumes = [
"/home/ghoscht/.docker/infrastructure/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml"

View file

@ -10,7 +10,7 @@
services = {
synapse.service = {
image = "matrixdotorg/synapse:v1.118.0";
image = "matrixdotorg/synapse:v1.113.0";
container_name = "synapse";
labels = {
"traefik.enable" = "true";
@ -31,7 +31,7 @@
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
};
volumes = [
"/storage/dataset/docker/matrix/synapse_data:/data"
"/home/ghoscht/.docker/matrix/synapse_data:/data"
];
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
@ -53,7 +53,7 @@
"/home/ghoscht/.docker/matrix/synapse.env"
];
volumes = [
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
"/home/ghoscht/.docker/matrix/synapse_db:/var/lib/postgresql/data"
];
restart = "unless-stopped";
networks = [
@ -64,8 +64,8 @@
container_name = "matrix-nginx";
image = "nginx:1.25.4";
volumes = [
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
"/home/ghoscht/.docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/home/ghoscht/.docker/matrix/nginx_data/www:/var/www/"
];
labels = {
"traefik.enable" = "true";
@ -94,7 +94,7 @@
element.service = {
image = "vectorim/element-web:v1.11.64";
volumes = [
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
"/home/ghoscht/.docker/matrix/element_data/element-config.json:/app/config.json"
];
labels = {
"traefik.enable" = "true";

View file

@ -8,7 +8,7 @@
services = {
vaultwarden.service = {
image = "vaultwarden/server:1.32.5";
image = "vaultwarden/server:1.32.4";
container_name = "vaultwarden";
labels = {
"traefik.enable" = "true";

View file

@ -31,8 +31,8 @@
"traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/push/ntfy_config/server.yml:/etc/ntfy/server.yml"
"/home/ghoscht/.docker/push/ntfy_data:/etc/ntfy/data"
"/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"
"/storage/dataset/docker/push/ntfy_data:/etc/ntfy/data"
];
environment = {
TZ = "Europe/Berlin";

View file

@ -63,7 +63,6 @@
image = "grafana/promtail:3.0.0";
volumes = [
"/var/log:/var/log"
"/var/run/docker.sock:/var/run/docker.sock:ro"
"/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
];
command = "-config.file=/etc/promtail/promtail-config.yml";

View file

@ -46,6 +46,9 @@ in {
sops.secrets."autorestic/zfs_key" = {
owner = vars.user;
};
sops.secrets."autorestic/ssd_key" = {
owner = vars.user;
};
sops.secrets."autorestic/eustachius_key" = {
owner = vars.user;
};
@ -170,6 +173,7 @@ in {
from: /home/ghoscht/.docker/passwords
to:
- zfs
# - ssd
- eustachius
cron: '0 4 * * *' # Every Day at 4:00
hooks:
@ -178,31 +182,19 @@ in {
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
after:
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
push:
from: /storage/dataset/docker/push/
matrix:
from: /home/ghoscht/.docker/matrix
to:
- zfs
- eustachius
cron: '0 4 * * *' # Every Day at 4:00
forget: prune
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
<<: *default_hooks
before:
- arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix stop
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
after:
- arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix start
# matrix:
# from: /home/ghoscht/.docker/matrix
# to:
# - zfs
# - eustachius
# forget: prune
# cron: '0 4 * * 0' # Every Sunday at 4:00
# hooks:
# <<: *default_hooks
# before:
# - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
# after:
# - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
music:
from: /storage/dataset/data/media/music
to:
@ -307,6 +299,10 @@ in {
type: local
path: /storage/dataset/backups
key: '${config.sops.placeholder."autorestic/zfs_key"}'
# ssd:
# type: local
# path: /home/ghoscht/Backups
# key: '${config.sops.placeholder."autorestic/ssd_key"}'
eustachius:
type: rest
path: http://100.64.0.3:8000/franz