Arion: Fix matrix

Arion: Move ntfy to ssd
Arion: Enable promtail docker discovery
2024-11-18 20:44:50 +01:00 · 2024-11-18 20:44:33 +01:00 · 2024-11-18 20:43:29 +01:00 · 2024-11-18 20:40:19 +01:00 · 2024-11-18 20:40:10 +01:00 · 2024-11-18 20:39:49 +01:00
10 changed files with 32 additions and 27 deletions
--- a/hosts/franz/arion/auth/arion-compose.nix
+++ b/hosts/franz/arion/auth/arion-compose.nix
@ -1,5 +1,5 @@
 let
-  authentikImage = "ghcr.io/goauthentik/server:2024.8.2";
+  authentikImage = "ghcr.io/goauthentik/server:2024.10.2";
 in {
  project.name = "auth";
--- a/hosts/franz/arion/default.nix
+++ b/hosts/franz/arion/default.nix
@ -21,7 +21,7 @@
    ./headscale
    ./auth
    ./minio
-    # ./stats
+    ./stats
    ./wiki
  ];
--- a/hosts/franz/arion/git/arion-compose.nix
+++ b/hosts/franz/arion/git/arion-compose.nix
@ -10,7 +10,7 @@
  services = {
    forgejo.service = {
-      image = "codeberg.org/forgejo/forgejo:8.0.3";
+      image = "codeberg.org/forgejo/forgejo:9.0.2";
      container_name = "forgejo";
      useHostStore = true;
      labels = {
--- a/hosts/franz/arion/infrastructure/arion-compose.nix
+++ b/hosts/franz/arion/infrastructure/arion-compose.nix
@ -58,7 +58,7 @@
      container_name = "crowdsec";
      environment = {
        GID = "1000";
-        COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden";
+        COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching";
      };
      volumes = [
        "/home/ghoscht/.docker/infrastructure/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml"
--- a/hosts/franz/arion/matrix/arion-compose.nix
+++ b/hosts/franz/arion/matrix/arion-compose.nix
@ -10,7 +10,7 @@
  services = {
    synapse.service = {
-      image = "matrixdotorg/synapse:v1.113.0";
+      image = "matrixdotorg/synapse:v1.118.0";
      container_name = "synapse";
      labels = {
        "traefik.enable" = "true";
@ -31,7 +31,7 @@
        "traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/home/ghoscht/.docker/matrix/synapse_data:/data"
+        "/storage/dataset/docker/matrix/synapse_data:/data"
      ];
      env_file = [
        "/home/ghoscht/.docker/matrix/synapse.env"
@ -53,7 +53,7 @@
        "/home/ghoscht/.docker/matrix/synapse.env"
      ];
      volumes = [
-        "/home/ghoscht/.docker/matrix/synapse_db:/var/lib/postgresql/data"
+        "/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
      ];
      restart = "unless-stopped";
      networks = [
@ -64,8 +64,8 @@
      container_name = "matrix-nginx";
      image = "nginx:1.25.4";
      volumes = [
-        "/home/ghoscht/.docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
+        "/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
-        "/home/ghoscht/.docker/matrix/nginx_data/www:/var/www/"
+        "/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
      ];
      labels = {
        "traefik.enable" = "true";
@ -94,7 +94,7 @@
    element.service = {
      image = "vectorim/element-web:v1.11.64";
      volumes = [
-        "/home/ghoscht/.docker/matrix/element_data/element-config.json:/app/config.json"
+        "/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
      ];
      labels = {
        "traefik.enable" = "true";
--- a/hosts/franz/arion/passwords/arion-compose.nix
+++ b/hosts/franz/arion/passwords/arion-compose.nix
@ -8,7 +8,7 @@
  services = {
    vaultwarden.service = {
-      image = "vaultwarden/server:1.32.4";
+      image = "vaultwarden/server:1.32.5";
      container_name = "vaultwarden";
      labels = {
        "traefik.enable" = "true";
--- a/hosts/franz/arion/push/arion-compose.nix
+++ b/hosts/franz/arion/push/arion-compose.nix
@ -31,8 +31,8 @@
        "traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"
+        "/home/ghoscht/.docker/push/ntfy_config/server.yml:/etc/ntfy/server.yml"
-        "/storage/dataset/docker/push/ntfy_data:/etc/ntfy/data"
+        "/home/ghoscht/.docker/push/ntfy_data:/etc/ntfy/data"
      ];
      environment = {
        TZ = "Europe/Berlin";
--- a/hosts/franz/arion/stats/arion-compose.nix
+++ b/hosts/franz/arion/stats/arion-compose.nix
@ -63,6 +63,7 @@
      image = "grafana/promtail:3.0.0";
      volumes = [
        "/var/log:/var/log"
        "/var/run/docker.sock:/var/run/docker.sock:ro"
        "/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
      ];
      command = "-config.file=/etc/promtail/promtail-config.yml";
--- a/hosts/franz/restic.nix
+++ b/hosts/franz/restic.nix
@ -46,9 +46,6 @@ in {
  sops.secrets."autorestic/zfs_key" = {
    owner = vars.user;
  };
  sops.secrets."autorestic/ssd_key" = {
    owner = vars.user;
  };
  sops.secrets."autorestic/eustachius_key" = {
    owner = vars.user;
  };
@ -173,7 +170,6 @@ in {
          from: /home/ghoscht/.docker/passwords
          to:
            - zfs
            # - ssd
            - eustachius
          cron: '0 4 * * *' # Every Day at 4:00
          hooks:
@ -182,19 +178,31 @@ in {
              -  arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
-        matrix:
+        push:
-          from: /home/ghoscht/.docker/matrix
+          from: /storage/dataset/docker/push/
          to:
            - zfs
            - eustachius
-          forget: prune
+          cron: '0 4 * * *' # Every Day at 4:00
          cron: '0 4 * * 0' # Every Sunday at 4:00
          hooks:
            <<: *default_hooks
            before:
-              -  arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
+              -  arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix stop
            after:
-              -  arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
+              -  arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix start
        # matrix:
        #   from: /home/ghoscht/.docker/matrix
        #   to:
        #     - zfs
        #     - eustachius
        #   forget: prune
        #   cron: '0 4 * * 0' # Every Sunday at 4:00
        #   hooks:
        #     <<: *default_hooks
        #     before:
        #       -  arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
        #     after:
        #       -  arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
        music:
          from: /storage/dataset/data/media/music
          to:
@ -299,10 +307,6 @@ in {
          type: local
          path: /storage/dataset/backups
          key: '${config.sops.placeholder."autorestic/zfs_key"}'
        # ssd:
        #   type: local
        #   path: /home/ghoscht/Backups
        #   key: '${config.sops.placeholder."autorestic/ssd_key"}'
        eustachius:
          type: rest
          path: http://100.64.0.3:8000/franz
--- a/rsc/docker/franz/push/ntfy_config/server.yml
+++ b/rsc/docker/franz/push/ntfy_config/server.yml
Author	SHA1	Message	Date
GHOSCHT	528246061a	Arion: Fix matrix	2024-11-18 20:44:50 +01:00
GHOSCHT	29bc56b8a5	Arion: Move ntfy to ssd	2024-11-18 20:44:33 +01:00
GHOSCHT	55eedcea01	Arion: Enable promtail docker discovery	2024-11-18 20:43:29 +01:00
GHOSCHT	69e8ca76f9	Arion: Bump passwords	2024-11-18 20:40:19 +01:00
GHOSCHT	c6ad76c196	Arion: Add new crowdsec collections	2024-11-18 20:40:10 +01:00
GHOSCHT	515eb067d3	Arion: Bump git	2024-11-18 20:39:49 +01:00
GHOSCHT	69aba935c0	Arion: Bump auth	2024-11-18 20:39:25 +01:00