{pkgs, ...}: { project.name = "infrastructure"; networks.dmz = { name = "dmz"; external = true; }; docker-compose.volumes = { traefik_letsencrypt = null; scrutiny_data = null; scrutiny_db = null; }; services = { traefik.service = { image = "traefik:v3.0"; container_name = "traefik"; useHostStore = true; ports = [ "80:80" "81:81" "443:443" "444:444" "8421:8080" ]; labels = { "traefik.enable" = "true"; "traefik.http.routers.dashboard.rule" = "Host(`traefik.ghoscht.com`)"; "traefik.http.routers.dashboard.entrypoints" = "websecure"; "traefik.http.services.dashboard.loadbalancer.server.port" = "8080"; "traefik.http.routers.dashboard.tls" = "true"; "traefik.http.routers.dashboard.tls.certresolver" = "letsencrypt"; }; volumes = [ "traefik_letsencrypt:/letsencrypt" "/home/ghoscht/.docker/infrastructure/traefik_data:/etc/traefik" "/var/run/docker.sock:/var/run/docker.sock:ro" ]; env_file = [ "/home/ghoscht/.docker/infrastructure/traefik.env" ]; restart = "always"; networks = [ "dmz" ]; }; # cloudflared.service = { # image = "cloudflare/cloudflared:2024.2.1"; # container_name = "cloudflared"; # env_file = [ # "/home/ghoscht/.docker/infrastructure/cloudflared.env" # ]; # restart = "always"; # command = "tunnel --no-autoupdate --protocol http2 run"; # networks = [ # "dmz" # ]; # }; scrutiny.service = { image = "ghcr.io/analogj/scrutiny:v0.8.0-omnibus"; container_name = "scrutiny"; restart = "always"; labels = { "traefik.enable" = "true"; "traefik.http.routers.scrutiny.entrypoints" = "websecure"; "traefik.http.routers.scrutiny.rule" = "Host(`scrutiny.ghoscht.com`)"; "traefik.http.services.scrutiny.loadbalancer.server.port" = "8080"; "traefik.http.routers.scrutiny.tls" = "true"; "traefik.http.routers.scrutiny.tls.certresolver" = "letsencrypt"; }; capabilities = { SYS_RAWIO = true; SYS_ADMIN = true; #enables nvme support }; volumes = [ "/run/udev:/run/udev:ro" "scrutiny_data:/opt/scrutiny/config" "scrutiny_db:/opt/scrutiny/influxdb" ]; devices = [ "/dev/nvme0" "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" ]; networks = [ "dmz" ]; }; dyndns.service = { image = "ghcr.io/cromefire/fritzbox-cloudflare-dyndns:1.2.1"; container_name = "dyndns"; restart = "always"; ports = ["8888:8080"]; environment = { CLOUDFLARE_ZONES_IPV4 = "ghoscht.com"; }; env_file = [ "/home/ghoscht/.docker/infrastructure/dyndns.env" ]; }; diun.service = { image = "crazymax/diun:4.28"; container_name = "diun"; restart = "always"; command = "serve"; volumes = [ "/storage/dataset/docker/infrastructure/diun_data:/data" "/var/run/docker.sock:/var/run/docker.sock" ]; labels = { "diun.enable" = "true"; }; environment = { TZ = "Europe/Berlin"; LOG_LEVEL = "info"; DIUN_WATCH_WORKERS = "20"; DIUN_WATCH_SCHEDULE = "0 */6 * * *"; DIUN_WATCH_JITTER = "30s"; DIUN_WATCH_RUNONSTARTUP = "true"; DIUN_PROVIDERS_DOCKER = "true"; DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT = "true"; DIUN_NOTIF_NTFY_ENDPOINT = "http://ntfy"; DIUN_NOTIF_NTFY_TOPIC = "docker-updates"; }; env_file = [ "/home/ghoscht/.docker/infrastructure/diun.env" ]; networks = [ "dmz" ]; }; }; }