Compare commits

...

7 commits

Author SHA1 Message Date
528246061a
Arion: Fix matrix 2024-11-18 20:44:50 +01:00
29bc56b8a5
Arion: Move ntfy to ssd 2024-11-18 20:44:33 +01:00
55eedcea01
Arion: Enable promtail docker discovery 2024-11-18 20:43:29 +01:00
69e8ca76f9
Arion: Bump passwords 2024-11-18 20:40:19 +01:00
c6ad76c196
Arion: Add new crowdsec collections 2024-11-18 20:40:10 +01:00
515eb067d3
Arion: Bump git 2024-11-18 20:39:49 +01:00
69aba935c0
Arion: Bump auth 2024-11-18 20:39:25 +01:00
10 changed files with 32 additions and 27 deletions

View file

@ -1,5 +1,5 @@
let
authentikImage = "ghcr.io/goauthentik/server:2024.8.2";
authentikImage = "ghcr.io/goauthentik/server:2024.10.2";
in {
project.name = "auth";

View file

@ -21,7 +21,7 @@
./headscale
./auth
./minio
# ./stats
./stats
./wiki
];

View file

@ -10,7 +10,7 @@
services = {
forgejo.service = {
image = "codeberg.org/forgejo/forgejo:8.0.3";
image = "codeberg.org/forgejo/forgejo:9.0.2";
container_name = "forgejo";
useHostStore = true;
labels = {

View file

@ -58,7 +58,7 @@
container_name = "crowdsec";
environment = {
GID = "1000";
COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden";
COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching";
};
volumes = [
"/home/ghoscht/.docker/infrastructure/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml"

View file

@ -10,7 +10,7 @@
services = {
synapse.service = {
image = "matrixdotorg/synapse:v1.113.0";
image = "matrixdotorg/synapse:v1.118.0";
container_name = "synapse";
labels = {
"traefik.enable" = "true";
@ -31,7 +31,7 @@
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/matrix/synapse_data:/data"
"/storage/dataset/docker/matrix/synapse_data:/data"
];
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
@ -53,7 +53,7 @@
"/home/ghoscht/.docker/matrix/synapse.env"
];
volumes = [
"/home/ghoscht/.docker/matrix/synapse_db:/var/lib/postgresql/data"
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
];
restart = "unless-stopped";
networks = [
@ -64,8 +64,8 @@
container_name = "matrix-nginx";
image = "nginx:1.25.4";
volumes = [
"/home/ghoscht/.docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/home/ghoscht/.docker/matrix/nginx_data/www:/var/www/"
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
];
labels = {
"traefik.enable" = "true";
@ -94,7 +94,7 @@
element.service = {
image = "vectorim/element-web:v1.11.64";
volumes = [
"/home/ghoscht/.docker/matrix/element_data/element-config.json:/app/config.json"
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
];
labels = {
"traefik.enable" = "true";

View file

@ -8,7 +8,7 @@
services = {
vaultwarden.service = {
image = "vaultwarden/server:1.32.4";
image = "vaultwarden/server:1.32.5";
container_name = "vaultwarden";
labels = {
"traefik.enable" = "true";

View file

@ -31,8 +31,8 @@
"traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"
"/storage/dataset/docker/push/ntfy_data:/etc/ntfy/data"
"/home/ghoscht/.docker/push/ntfy_config/server.yml:/etc/ntfy/server.yml"
"/home/ghoscht/.docker/push/ntfy_data:/etc/ntfy/data"
];
environment = {
TZ = "Europe/Berlin";

View file

@ -63,6 +63,7 @@
image = "grafana/promtail:3.0.0";
volumes = [
"/var/log:/var/log"
"/var/run/docker.sock:/var/run/docker.sock:ro"
"/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
];
command = "-config.file=/etc/promtail/promtail-config.yml";

View file

@ -46,9 +46,6 @@ in {
sops.secrets."autorestic/zfs_key" = {
owner = vars.user;
};
sops.secrets."autorestic/ssd_key" = {
owner = vars.user;
};
sops.secrets."autorestic/eustachius_key" = {
owner = vars.user;
};
@ -173,7 +170,6 @@ in {
from: /home/ghoscht/.docker/passwords
to:
- zfs
# - ssd
- eustachius
cron: '0 4 * * *' # Every Day at 4:00
hooks:
@ -182,19 +178,31 @@ in {
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
after:
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
matrix:
from: /home/ghoscht/.docker/matrix
push:
from: /storage/dataset/docker/push/
to:
- zfs
- eustachius
forget: prune
cron: '0 4 * * 0' # Every Sunday at 4:00
cron: '0 4 * * *' # Every Day at 4:00
hooks:
<<: *default_hooks
before:
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
- arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix stop
after:
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
- arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix start
# matrix:
# from: /home/ghoscht/.docker/matrix
# to:
# - zfs
# - eustachius
# forget: prune
# cron: '0 4 * * 0' # Every Sunday at 4:00
# hooks:
# <<: *default_hooks
# before:
# - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
# after:
# - arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
music:
from: /storage/dataset/data/media/music
to:
@ -299,10 +307,6 @@ in {
type: local
path: /storage/dataset/backups
key: '${config.sops.placeholder."autorestic/zfs_key"}'
# ssd:
# type: local
# path: /home/ghoscht/Backups
# key: '${config.sops.placeholder."autorestic/ssd_key"}'
eustachius:
type: rest
path: http://100.64.0.3:8000/franz