nix-config/hosts/franz/arion/infrastructure/arion-compose.nix
2024-05-01 17:49:03 +02:00

110 lines
3 KiB
Nix

{pkgs, ...}: {
project.name = "infrastructure";
networks.dmz = {
name = "dmz";
external = true;
};
docker-compose.volumes = {
traefik_letsencrypt = null;
scrutiny_data = null;
scrutiny_db = null;
};
services = {
traefik.service = {
image = "traefik:v3.0";
container_name = "traefik";
useHostStore = true;
ports = [
"80:80"
"81:81"
"443:443"
"444:444"
"8421:8080"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.dashboard.rule" = "Host(`traefik.ghoscht.com`)";
"traefik.http.routers.dashboard.entrypoints" = "websecure";
"traefik.http.services.dashboard.loadbalancer.server.port" = "8080";
"traefik.http.routers.dashboard.tls" = "true";
"traefik.http.routers.dashboard.tls.certresolver" = "letsencrypt";
};
volumes = [
"traefik_letsencrypt:/letsencrypt"
"/home/ghoscht/.docker/infrastructure/traefik_data:/etc/traefik"
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
env_file = [
"/home/ghoscht/.docker/infrastructure/traefik.env"
];
dns = ["1.1.1.1"];
restart = "always";
networks = [
"dmz"
];
};
cloudflared.service = {
image = "cloudflare/cloudflared:2024.2.1";
container_name = "cloudflared";
env_file = [
"/home/ghoscht/.docker/infrastructure/cloudflared.env"
];
restart = "always";
dns = ["1.1.1.1"];
command = "tunnel --no-autoupdate --protocol http2 run";
networks = [
"dmz"
];
};
scrutiny.service = {
image = "ghcr.io/analogj/scrutiny:v0.8.0-omnibus";
container_name = "scrutiny";
restart = "always";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.scrutiny.entrypoints" = "websecure";
"traefik.http.routers.scrutiny.rule" = "Host(`scrutiny.ghoscht.com`)";
"traefik.http.services.scrutiny.loadbalancer.server.port" = "8080";
"traefik.http.routers.scrutiny.tls" = "true";
"traefik.http.routers.scrutiny.tls.certresolver" = "letsencrypt";
};
capabilities = {
SYS_RAWIO = true;
SYS_ADMIN = true; #enables nvme support
};
volumes = [
"/run/udev:/run/udev:ro"
"scrutiny_data:/opt/scrutiny/config"
"scrutiny_db:/opt/scrutiny/influxdb"
];
devices = [
"/dev/nvme0n1"
"/dev/sda"
"/dev/sdb"
"/dev/sdc"
"/dev/sdd"
"/dev/sde"
"/dev/sdf"
];
networks = [
"dmz"
];
};
dyndns.service = {
image = "ghcr.io/cromefire/fritzbox-cloudflare-dyndns:1.2.1";
container_name = "dyndns";
restart = "always";
ports = ["8888:8080"];
dns = ["1.1.1.1"];
environment = {
CLOUDFLARE_ZONES_IPV4 = "ghoscht.com";
};
env_file = [
"/home/ghoscht/.docker/infrastructure/dyndns.env"
];
};
};
}