Arion: Relocate active container storage

try to minimize db access on hdd
Arion: Bump passwords
2024-11-11 17:21:51 +01:00 · 2024-11-11 17:20:57 +01:00
17 changed files with 146 additions and 144 deletions
--- a/hosts/franz/arion/auth/arion-compose.nix
+++ b/hosts/franz/arion/auth/arion-compose.nix
@ -49,8 +49,8 @@ in {
        postgres = {condition = "service_healthy";};
      };
      volumes = [
-        "/storage/dataset/docker/auth/authentik_media:/media"
-        "/storage/dataset/docker/auth/authentik_custom_templates:/templates"
+        "/home/ghoscht/.docker/auth/authentik_media:/media"
+        "/home/ghoscht/.docker/auth/authentik_custom_templates:/templates"
      ];
      networks = [
        "dmz"
@ -74,8 +74,8 @@ in {
      };
      volumes = [
        "/var/run/docker.sock:/var/run/docker.sock"
-        "/storage/dataset/docker/auth/authentik_media:/media"
-        "/storage/dataset/docker/auth/authentik_custom_templates:/templates"
+        "/home/ghoscht/.docker/auth/authentik_media:/media"
+        "/home/ghoscht/.docker/auth/authentik_custom_templates:/templates"
      ];
      restart = "always";
      user = "root";
@ -98,7 +98,7 @@ in {
      };
      restart = "always";
      volumes = [
-        "/storage/dataset/docker/auth/redis_data:/data"
+        "/home/ghoscht/.docker/auth/redis_data:/data"
      ];
      networks = [
        "internal"
@ -111,7 +111,7 @@ in {
        "/home/ghoscht/.docker/auth/postgres.env"
      ];
      volumes = [
-        "/storage/dataset/docker/auth/postgres_data:/var/lib/postgresql/data"
+        "/home/ghoscht/.docker/auth/postgres_data:/var/lib/postgresql/data"
      ];
      healthcheck = {
        test = [
--- a/hosts/franz/arion/dashboard/arion-compose.nix
+++ b/hosts/franz/arion/dashboard/arion-compose.nix
@ -29,9 +29,9 @@
        "/home/ghoscht/.docker/dashboard/homarr.env"
      ];
      volumes = [
-        "/storage/dataset/docker/dashboard/homarr_data:/data"
-        "/storage/dataset/docker/dashboard/homarr_config:/app/data/configs"
-        "/storage/dataset/docker/dashboard/homarr_icons:/app/public/imgs"
+        "/home/ghoscht/.docker/dashboard/homarr_data:/data"
+        "/home/ghoscht/.docker/dashboard/homarr_config:/app/data/configs"
+        "/home/ghoscht/.docker/dashboard/homarr_icons:/app/public/imgs"
      ];
      restart = "always";
      networks = [
--- a/hosts/franz/arion/default.nix
+++ b/hosts/franz/arion/default.nix
@ -17,11 +17,11 @@
    ./smarthome
    ./signal
    ./feed
-    ./matrix
+    # ./matrix
    ./headscale
    ./auth
    ./minio
-    ./stats
+    # ./stats
    ./wiki
  ];

--- a/hosts/franz/arion/dns/arion-compose.nix
+++ b/hosts/franz/arion/dns/arion-compose.nix
@ -11,9 +11,9 @@
    driver = "bridge";
    ipam.config = [
      {
-        subnet = "172.28.1.0/24";
-        ip_range = "172.28.1.5/30";
-        gateway = "172.28.1.1";
+        subnet = "172.29.1.0/24";
+        ip_range = "172.29.1.4/30";
+        gateway = "172.29.1.1";
      }
    ];
  };
@ -30,8 +30,8 @@
        VIRTUAL_HOST = "pihole.ghoscht.com";
      };
      volumes = [
-        "/storage/dataset/docker/dns/pihole_data:/etc/pihole"
-        "/storage/dataset/docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
+        "/home/ghoscht/.docker/dns/pihole_data:/etc/pihole"
+        "/home/ghoscht/.docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
      ];
      labels = {
        "traefik.enable" = "true";
@ -46,7 +46,7 @@
      networks = {
        dmz = {};
        dns = {
-          ipv4_address = "172.28.1.6";
+          ipv4_address = "172.29.1.6";
        };
      };
      capabilities = {
@ -61,14 +61,13 @@
    unbound.service = {
      image = "mvance/unbound:1.19.3";
      container_name = "unbound";
-      useHostStore = true;
      volumes = [
-        "/storage/dataset/docker/dns/unbound_data:/opt/unbound/etc/unbound"
+        "/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"
      ];
      restart = "always";
      networks = {
        dns = {
-          ipv4_address = "172.28.1.5";
+          ipv4_address = "172.29.1.5";
        };
      };
    };
--- a/hosts/franz/arion/feed/arion-compose.nix
+++ b/hosts/franz/arion/feed/arion-compose.nix
@ -32,7 +32,7 @@
    feed-db.service = {
      image = "postgres:13-alpine";
      volumes = [
-        "/storage/dataset/docker/feed/ttrss_db:/var/lib/postgresql/data"
+        "/home/ghoscht/.docker/feed/ttrss_db:/var/lib/postgresql/data"
      ];
      env_file = [
        "/home/ghoscht/.docker/feed/ttrss.env"
--- a/hosts/franz/arion/git/arion-compose.nix
+++ b/hosts/franz/arion/git/arion-compose.nix
@ -33,7 +33,7 @@
        "traefik.http.routers.forgejo-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/git/forgejo_data:/data"
+        "/home/ghoscht/.docker/git/forgejo_data:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
@ -60,7 +60,7 @@
        "/home/ghoscht/.docker/git/forgejo-db.env"
      ];
      volumes = [
-        "/storage/dataset/docker/git/forgejo_db:/var/lib/postgresql/data"
+        "/home/ghoscht/.docker/git/forgejo_db:/var/lib/postgresql/data"
      ];
      restart = "unless-stopped";
      networks = [
--- a/hosts/franz/arion/headscale/arion-compose.nix
+++ b/hosts/franz/arion/headscale/arion-compose.nix
@ -29,8 +29,8 @@
        "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/headscale/headscale_config:/etc/headscale"
-        "/storage/dataset/docker/headscale/headscale_data:/var/lib/headscale"
+        "/home/ghoscht/.docker/headscale/headscale_config:/etc/headscale"
+        "/home/ghoscht/.docker/headscale/headscale_data:/var/lib/headscale"
      ];
      networks = [
        "dmz"
--- a/hosts/franz/arion/infrastructure/arion-compose.nix
+++ b/hosts/franz/arion/infrastructure/arion-compose.nix
@ -41,7 +41,7 @@
      volumes = [
        "/home/ghoscht/.docker/infrastructure/traefik_config/traefik.yml:/traefik.yml:ro"
        "/home/ghoscht/.docker/infrastructure/traefik_config/conf:/conf:ro"
-        "/storage/dataset/docker/infrastructure/traefik_data/acme.json:/acme.json"
+        "/home/ghoscht/.docker/infrastructure/traefik_data/acme.json:/acme.json"
        "/var/run/docker.sock:/var/run/docker.sock:ro"
        "traefik-logs:/var/log/traefik"
      ];
@ -61,11 +61,11 @@
        COLLECTIONS = "crowdsecurity/linux crowdsecurity/traefik firix/authentik LePresidente/gitea Dominic-Wagner/vaultwarden";
      };
      volumes = [
-        "/storage/dataset/docker/infrastructure/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml"
-        "/storage/dataset/docker/infrastructure/crowdsec_config/profiles.yaml:/etc/crowdsec/profiles.yaml"
-        "/storage/dataset/docker/infrastructure/crowdsec_config/ntfy.yaml:/etc/crowdsec/notifications/ntfy.yaml"
-        "/storage/dataset/docker/infrastructure/crowdsec_db:/var/lib/crowdsec/data/"
-        "/storage/dataset/docker/infrastructure/crowdsec_data:/etc/crowdsec/"
+        "/home/ghoscht/.docker/infrastructure/crowdsec_config/acquis.yaml:/etc/crowdsec/acquis.yaml"
+        "/home/ghoscht/.docker/infrastructure/crowdsec_config/profiles.yaml:/etc/crowdsec/profiles.yaml"
+        "/home/ghoscht/.docker/infrastructure/crowdsec_config/ntfy.yaml:/etc/crowdsec/notifications/ntfy.yaml"
+        "/home/ghoscht/.docker/infrastructure/crowdsec_db:/var/lib/crowdsec/data/"
+        "/home/ghoscht/.docker/infrastructure/crowdsec_data:/etc/crowdsec/"
        "traefik-logs:/var/log/traefik/:ro"
        "/var/run/docker.sock:/var/run/docker.sock:ro"
      ];
@ -115,8 +115,8 @@
      };
      volumes = [
        "/run/udev:/run/udev:ro"
-        "/storage/dataset/docker/infrastructure/scrutiny_data:/opt/scrutiny/config"
-        "/storage/dataset/docker/infrastructure/scrutiny_influxdb_data:/opt/scrutiny/influxdb"
+        "/home/ghoscht/.docker/infrastructure/scrutiny_data:/opt/scrutiny/config"
+        "/home/ghoscht/.docker/infrastructure/scrutiny_influxdb_data:/opt/scrutiny/influxdb"
      ];
      devices = [
        "/dev/nvme0"
@ -136,7 +136,7 @@
      container_name = "diun";
      restart = "always";
      volumes = [
-        "/storage/dataset/docker/infrastructure/diun_data:/data"
+        "/home/ghoscht/.docker/infrastructure/diun_data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
      environment = {
--- a/hosts/franz/arion/matrix/arion-compose.nix
+++ b/hosts/franz/arion/matrix/arion-compose.nix
@ -31,7 +31,7 @@
        "traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/matrix/synapse_data:/data"
+        "/home/ghoscht/.docker/matrix/synapse_data:/data"
      ];
      env_file = [
        "/home/ghoscht/.docker/matrix/synapse.env"
@ -53,7 +53,7 @@
        "/home/ghoscht/.docker/matrix/synapse.env"
      ];
      volumes = [
-        "/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
+        "/home/ghoscht/.docker/matrix/synapse_db:/var/lib/postgresql/data"
      ];
      restart = "unless-stopped";
      networks = [
@ -64,8 +64,8 @@
      container_name = "matrix-nginx";
      image = "nginx:1.25.4";
      volumes = [
-        "/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
-        "/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
+        "/home/ghoscht/.docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
+        "/home/ghoscht/.docker/matrix/nginx_data/www:/var/www/"
      ];
      labels = {
        "traefik.enable" = "true";
@ -94,7 +94,7 @@
    element.service = {
      image = "vectorim/element-web:v1.11.64";
      volumes = [
-        "/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
+        "/home/ghoscht/.docker/matrix/element_data/element-config.json:/app/config.json"
      ];
      labels = {
        "traefik.enable" = "true";
--- a/hosts/franz/arion/media/arion-compose.nix
+++ b/hosts/franz/arion/media/arion-compose.nix
@ -28,7 +28,7 @@
        "diun.exclude_tags" = "\\d{4,}";
      };
      volumes = [
-        "/storage/dataset/docker/media/jellyfin_data:/config"
+        "/home/ghoscht/.docker/media/jellyfin_data:/config"
        "/storage/dataset/data/media/tv:/tv"
        "/storage/dataset/data/media/anime:/anime"
        "/storage/dataset/data/media/movies:/movies"
@ -66,7 +66,7 @@
        "traefik.http.routers.navidrome-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/media/navidrome_data:/data"
+        "/home/ghoscht/.docker/media/navidrome_data:/data"
        "/storage/dataset/data/media/music:/music"
      ];
      environment = {
@ -92,7 +92,7 @@
        "traefik.http.routers.kavita.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/media/kavita_data:/kavita/config"
+        "/home/ghoscht/.docker/media/kavita_data:/kavita/config"
        "/storage/dataset/data/media/manga:/manga"
        "/storage/dataset/data/media/comics:/comics"
      ];
@ -115,7 +115,7 @@
        "traefik.http.routers.transmission.middlewares" = "authentik@file";
      };
      volumes = [
-        "/storage/dataset/docker/media/transmission_data:/config"
+        "/home/ghoscht/.docker/media/transmission_data:/config"
        "/storage/dataset/data/:/data"
      ];
      environment = {
@ -161,7 +161,7 @@
        "traefik.http.routers.prowlarr.middlewares" = "authentik@file";
      };
      volumes = [
-        "/storage/dataset/docker/media/prowlarr_data:/config"
+        "/home/ghoscht/.docker/media/prowlarr_data:/config"
      ];
      environment = {
        PUID = 1000;
@ -190,7 +190,7 @@
        "traefik.http.routers.sonarr.middlewares" = "authentik@file";
      };
      volumes = [
-        "/storage/dataset/docker/media/sonarr_data:/config"
+        "/home/ghoscht/.docker/media/sonarr_data:/config"
        "/storage/dataset/data/:/data"
      ];
      environment = {
@ -221,7 +221,7 @@
        "traefik.http.routers.radarr.middlewares" = "authentik@file";
      };
      volumes = [
-        "/storage/dataset/docker/media/radarr_data:/config"
+        "/home/ghoscht/.docker/media/radarr_data:/config"
        "/storage/dataset/data/:/data"
      ];
      environment = {
@ -255,9 +255,9 @@
        "diun.exclude_tags" = "\\d{4,}";
      };
      volumes = [
-        "/storage/dataset/docker/media/lidarr_data:/config"
-        "/storage/dataset/docker/media/lidarr_addons/custom-services.d:/custom-services.d"
-        "/storage/dataset/docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d"
+        "/home/ghoscht/.docker/media/lidarr_data:/config"
+        "/home/ghoscht/.docker/media/lidarr_addons/custom-services.d:/custom-services.d"
+        "/home/ghoscht/.docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d"
        "/storage/dataset/data/:/data"
      ];
      environment = {
@ -286,7 +286,7 @@
        "traefik.http.routers.bazarr.middlewares" = "authentik@file";
      };
      volumes = [
-        "/storage/dataset/docker/media/bazarr_data:/config"
+        "/home/ghoscht/.docker/media/bazarr_data:/config"
        "/storage/dataset/data/:/data"
      ];
      environment = {
@ -310,7 +310,7 @@
        "traefik.http.routers.jellyseerr.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/media/jellyseerr_data:/app/config"
+        "/home/ghoscht/.docker/media/jellyseerr_data:/app/config"
      ];
      environment = {
        PUID = 1000;
@ -337,7 +337,7 @@
        "diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$";
      };
      volumes = [
-        "/storage/dataset/docker/media/autobrr_data:/config"
+        "/home/ghoscht/.docker/media/autobrr_data:/config"
      ];
      environment = {
        PUID = 1000;
@ -353,33 +353,33 @@
      };
      restart = "always";
    };
-    deemix.service = {
-      image = "finniedj/deemix:latest";
-      container_name = "deemix";
-      labels = {
-        "traefik.enable" = "true";
-        "traefik.http.routers.deemix.entrypoints" = "websecure";
-        "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)";
-        "traefik.http.services.deemix.loadbalancer.server.port" = "6595";
-        "traefik.docker.network" = "dmz";
-        "traefik.http.routers.deemix.tls" = "true";
-        "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
-      };
-      volumes = [
-        "/storage/dataset/data/deemix:/downloads"
-      ];
-      environment = {
-        PUID = 1000;
-        PGID = 1000;
-        UMASK_SET = 022;
-        TZ = "Europe/Berlin";
-      };
-      network_mode = "service:vpn";
-      depends_on = {
-        vpn = {condition = "service_healthy";};
-      };
-      restart = "always";
-    };
+    # deemix.service = {
+    #   image = "finniedj/deemix:latest";
+    #   container_name = "deemix";
+    #   labels = {
+    #     "traefik.enable" = "true";
+    #     "traefik.http.routers.deemix.entrypoints" = "websecure";
+    #     "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)";
+    #     "traefik.http.services.deemix.loadbalancer.server.port" = "6595";
+    #     "traefik.docker.network" = "dmz";
+    #     "traefik.http.routers.deemix.tls" = "true";
+    #     "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
+    #   };
+    #   volumes = [
+    #     "/home/ghoscht/.data/deemix:/downloads"
+    #   ];
+    #   environment = {
+    #     PUID = 1000;
+    #     PGID = 1000;
+    #     UMASK_SET = 022;
+    #     TZ = "Europe/Berlin";
+    #   };
+    #   network_mode = "service:vpn";
+    #   depends_on = {
+    #     vpn = {condition = "service_healthy";};
+    #   };
+    #   restart = "always";
+    # };
    unpackerr.service = {
      image = "golift/unpackerr:0.13";
      container_name = "unpackerr";
@ -433,10 +433,10 @@
      restart = "always";
    };
    port-refresh.service = {
-      image = "ghoscht/windscribe-ephemeral-port:latest";
+      image = "git.ghoscht.com/ghoscht/deluge-windscribe-ephemeral-port:v3-beta";
      container_name = "port-refresh";
      volumes = [
-        "/storage/dataset/docker/media/port-refresh_config/config.yml:/config/config.yaml"
+        "/home/ghoscht/.docker/media/port-refresh_config/config.yml:/config/config.yaml"
      ];
      networks = [
        "internal"
--- a/hosts/franz/arion/nextcloud/arion-compose.nix
+++ b/hosts/franz/arion/nextcloud/arion-compose.nix
@ -22,7 +22,8 @@
        "traefik.http.routers.nextcloud.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/nextcloud/nextcloud_data:/var/www/html"
+        "/storage/dataset/docker/nextcloud/nextcloud_data/data:/var/www/html/data"
+        "/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
      ];
      hostname = "nextcloud.ghoscht.com";
      environment = {
@ -41,7 +42,7 @@
        "/home/ghoscht/.docker/nextcloud/nextcloud.env"
      ];
      volumes = [
-        "/storage/dataset/docker/nextcloud/nextcloud_db:/var/lib/mysql"
+        "/home/ghoscht/.docker/nextcloud/nextcloud_db:/var/lib/mysql"
      ];
      restart = "unless-stopped";
      command = "--transaction-isolation=READ-COMMITTED --binlog-format=ROW";
--- a/hosts/franz/arion/passwords/arion-compose.nix
+++ b/hosts/franz/arion/passwords/arion-compose.nix
@ -8,7 +8,7 @@

  services = {
    vaultwarden.service = {
-      image = "vaultwarden/server:1.32.0";
+      image = "vaultwarden/server:1.32.4";
      container_name = "vaultwarden";
      labels = {
        "traefik.enable" = "true";
@ -30,7 +30,7 @@
        "traefik.http.routers.vaultwarden-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
-        "/storage/dataset/docker/passwords/vaultwarden_data/:/data"
+        "/home/ghoscht/.docker/passwords/vaultwarden_data/:/data"
      ];
      environment = {
        DOMAIN = "http://vaultwarden.ghoscht.com";
--- a/hosts/franz/arion/smarthome/arion-compose.nix
+++ b/hosts/franz/arion/smarthome/arion-compose.nix
@ -21,7 +21,7 @@
        # "traefik.http.routers.homeassistant.middlewares" = "authentik@file";
      };
      volumes = [
-        "/storage/dataset/docker/smarthome/homeassistant_data:/config"
+        "/home/ghoscht/.docker/smarthome/homeassistant_data:/config"
        "/etc/localtime:/etc/localtime:ro"
        "/run/dbus:/run/dbus:ro"
      ];
--- a/hosts/franz/arion/stats/arion-compose.nix
+++ b/hosts/franz/arion/stats/arion-compose.nix
@ -39,7 +39,7 @@
        "/home/ghoscht/.docker/stats/grafana.env"
      ];
      volumes = [
-        "/storage/dataset/docker/stats/grafana_data:/var/lib/grafana"
+        "/home/ghoscht/.docker/stats/grafana_data:/var/lib/grafana"
      ];
      networks = [
        "dmz"
@ -49,7 +49,7 @@
    loki.service = {
      image = "grafana/loki:3.0.0";
      volumes = [
-        "/storage/dataset/docker/stats/loki_data:/etc/loki"
+        "/home/ghoscht/.docker/stats/loki_data:/etc/loki"
      ];
      ports = [
        "3100:3100"
@ -63,7 +63,7 @@
      image = "grafana/promtail:3.0.0";
      volumes = [
        "/var/log:/var/log"
-        "/storage/dataset/docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
+        "/home/ghoscht/.docker/stats/promtail_data/promtail-config.yml:/etc/promtail/promtail-config.yml"
      ];
      command = "-config.file=/etc/promtail/promtail-config.yml";
      networks = [
@ -73,8 +73,8 @@
    prometheus.service = {
      image = "prom/prometheus:v2.53.0";
      volumes = [
-        "/storage/dataset/docker/stats/prometheus_config/prometheus.yml:/etc/prometheus/prometheus.yml"
-        "/storage/dataset/docker/stats/prometheus_data:/prometheus"
+        "/home/ghoscht/.docker/stats/prometheus_config/prometheus.yml:/etc/prometheus/prometheus.yml"
+        "/home/ghoscht/.docker/stats/prometheus_data:/prometheus"
      ];
      command = [
        "--config.file=/etc/prometheus/prometheus.yml"
--- a/hosts/franz/arion/stats/default.nix
+++ b/hosts/franz/arion/stats/default.nix
@ -24,36 +24,36 @@ in {
    '';
  };

-  systemd.services.add-loki-logging-driver = {
-    description = "Add grafana loki docker driver";
-    after = ["network.target"];
-    wantedBy = ["multi-user.target"];
+  # systemd.services.add-loki-logging-driver = {
+  #   description = "Add grafana loki docker driver";
+  #   after = ["network.target"];
+  #   wantedBy = ["multi-user.target"];
+  #
+  #   serviceConfig.Type = "oneshot";
+  #   script = let
+  #     dockercli = "${config.virtualisation.docker.package}/bin/docker";
+  #   in ''
+  #     # Put a true at the end to prevent getting non-zero return code, which will
+  #     # crash the whole service.
+  #     check=$(${dockercli} plugin ls | grep "loki" || true)
+  #     if [ -z "$check" ]; then
+  #       ${dockercli} plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
+  #     else
+  #       echo "loki docker driver already exists in docker"
+  #     fi
+  #   '';
+  # };

-    serviceConfig.Type = "oneshot";
-    script = let
-      dockercli = "${config.virtualisation.docker.package}/bin/docker";
-    in ''
-      # Put a true at the end to prevent getting non-zero return code, which will
-      # crash the whole service.
-      check=$(${dockercli} plugin ls | grep "loki" || true)
-      if [ -z "$check" ]; then
-        ${dockercli} plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
-      else
-        echo "loki docker driver already exists in docker"
-      fi
-    '';
-  };
-
-  virtualisation.docker.daemon.settings = {
-    debug = true;
-    log-driver = "loki";
-    log-opts = {
-      loki-url = "http://localhost:3100/loki/api/v1/push";
-      loki-batch-size = "400";
-      loki-max-backoff = "800ms";
-      loki-retries = "2";
-      loki-timeout = "1s";
-      keep-file = "true";
-    };
-  };
+  # virtualisation.docker.daemon.settings = {
+  #   debug = true;
+  #   log-driver = "loki";
+  #   log-opts = {
+  #     loki-url = "http://localhost:3100/loki/api/v1/push";
+  #     loki-batch-size = "400";
+  #     loki-max-backoff = "800ms";
+  #     loki-retries = "2";
+  #     loki-timeout = "1s";
+  #     keep-file = "true";
+  #   };
+  # };
 }
--- a/hosts/franz/arion/wiki/arion-compose.nix
+++ b/hosts/franz/arion/wiki/arion-compose.nix
@ -55,7 +55,7 @@
      command = "--save 60 1 --loglevel warning";
      restart = "always";
      volumes = [
-        "/storage/dataset/docker/wiki/redis_data:/data"
+        "/home/ghoscht/.docker/wiki/redis_data:/data"
      ];
      networks = [
        "internal"
@ -65,7 +65,7 @@
      image = "postgres:12.18";
      restart = "always";
      volumes = [
-        "/storage/dataset/docker/wiki/postgres_data:/var/lib/postgresql/data"
+        "/home/ghoscht/.docker/wiki/postgres_data:/var/lib/postgresql/data"
      ];
      networks = [
        "internal"
--- a/hosts/franz/restic.nix
+++ b/hosts/franz/restic.nix
@ -80,7 +80,7 @@ in {

      locations:
        dashboard:
-          from: /storage/dataset/docker/dashboard
+          from: /home/ghoscht/.docker/dashboard
          to:
            - zfs
            - eustachius
@ -93,7 +93,7 @@ in {
            after:
              -  arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix start
        dns:
-          from: /storage/dataset/docker/dns
+          from: /home/ghoscht/.docker/dns
          to:
            - zfs
            - eustachius
@ -106,7 +106,7 @@ in {
            after:
              -  arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix start
        feed:
-          from: /storage/dataset/docker/feed
+          from: /home/ghoscht/.docker/feed
          to:
            - zfs
            - eustachius
@ -119,7 +119,7 @@ in {
            after:
              -  arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix start
        git:
-          from: /storage/dataset/docker/git
+          from: /home/ghoscht/.docker/git
          to:
            - zfs
            - eustachius
@ -131,7 +131,7 @@ in {
            after:
              -  arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix start
        media:
-          from: /storage/dataset/docker/media
+          from: /home/ghoscht/.docker/media
          to:
            - zfs
            - eustachius
@ -143,7 +143,9 @@ in {
            after:
              -  arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
        nextcloud:
-          from: /storage/dataset/docker/nextcloud
+          from:
+            - /storage/dataset/docker/nextcloud/nextcloud_data/data
+            - /home/ghoscht/.docker/nextcloud/
          to:
            - zfs
            - eustachius
@ -155,7 +157,7 @@ in {
            after:
              -  arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix start
        smarthome:
-          from: /storage/dataset/docker/smarthome
+          from: /home/ghoscht/.docker/smarthome
          to:
            - zfs
            - eustachius
@ -168,10 +170,10 @@ in {
            after:
              -  arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix start
        passwords:
-          from: /storage/dataset/docker/passwords
+          from: /home/ghoscht/.docker/passwords
          to:
            - zfs
-            - ssd
+            # - ssd
            - eustachius
          cron: '0 4 * * *' # Every Day at 4:00
          hooks:
@ -181,7 +183,7 @@ in {
            after:
              -  arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
        matrix:
-          from: /storage/dataset/docker/matrix
+          from: /home/ghoscht/.docker/matrix
          to:
            - zfs
            - eustachius
@ -205,7 +207,7 @@ in {
            after:
              -  arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
        headscale:
-          from: /storage/dataset/docker/headscale
+          from: /home/ghoscht/.docker/headscale
          to:
            - zfs
          forget: prune
@ -217,7 +219,7 @@ in {
            after:
              -  arion -f ${arionPath}/headscale/arion-compose.nix -p ${arionPath}/headscale/arion-pkgs.nix start
        auth:
-          from: /storage/dataset/docker/auth
+          from: /home/ghoscht/.docker/auth
          to:
            - zfs
            - eustachius
@ -230,7 +232,7 @@ in {
            after:
              -  arion -f ${arionPath}/auth/arion-compose.nix -p ${arionPath}/auth/arion-pkgs.nix start
        infrastructure:
-          from: /storage/dataset/docker/infrastructure
+          from: /home/ghoscht/.docker/infrastructure
          to:
            - zfs
            - eustachius
@ -243,7 +245,7 @@ in {
            after:
              -  arion -f ${arionPath}/infrastructure/arion-compose.nix -p ${arionPath}/infrastructure/arion-pkgs.nix start
        wiki:
-          from: /storage/dataset/docker/wiki
+          from: /home/ghoscht/.docker/wiki
          to:
            - zfs
            - eustachius
@ -256,7 +258,7 @@ in {
            after:
              -  arion -f ${arionPath}/wiki/arion-compose.nix -p ${arionPath}/wiki/arion-pkgs.nix start
        stats:
-          from: /storage/dataset/docker/stats
+          from: /home/ghoscht/.docker/stats
          to:
            - zfs
            - eustachius
@ -269,7 +271,7 @@ in {
            after:
              -  arion -f ${arionPath}/stats/arion-compose.nix -p ${arionPath}/stats/arion-pkgs.nix start
        minio:
-          from: /storage/dataset/docker/stats
+          from: /storage/dataset/docker/minio
          to:
            - zfs
            - eustachius
@ -297,10 +299,10 @@ in {
          type: local
          path: /storage/dataset/backups
          key: '${config.sops.placeholder."autorestic/zfs_key"}'
-        ssd:
-          type: local
-          path: /home/ghoscht/Backups
-          key: '${config.sops.placeholder."autorestic/ssd_key"}'
+        # ssd:
+        #   type: local
+        #   path: /home/ghoscht/Backups
+        #   key: '${config.sops.placeholder."autorestic/ssd_key"}'
        eustachius:
          type: rest
          path: http://100.64.0.3:8000/franz
Author	SHA1	Message	Date
GHOSCHT	b6c1431526	Arion: Relocate active container storage try to minimize db access on hdd	2024-11-11 17:21:51 +01:00
GHOSCHT	c2be22d5c6	Arion: Bump passwords	2024-11-11 17:20:57 +01:00