fix(docker): add required changes to make every container work
All checks were successful
Discord / discord commits (push) Has been skipped

This commit is contained in:
matt1432 2024-07-24 20:52:32 -04:00
parent 827bf6ba8c
commit 59d2205e7a
21 changed files with 692 additions and 555 deletions

View file

@ -1,5 +1,5 @@
{...}: let {...}: let
configPath = "/var/lib/docker"; configPath = "/var/lib/docker-data";
in { in {
imports = [ imports = [
./forgejo/compose.nix ./forgejo/compose.nix

View file

@ -8,68 +8,75 @@
rwPath = rwDataDir + "/forgejo"; rwPath = rwDataDir + "/forgejo";
in { in {
khepri.compositions."forgejo".services = { khepri.compositions."forgejo" = {
"forgejo" = { networks.proxy_net = {external = true;};
image = import ./images/forgejo.nix pkgs;
ports = [ services = {
# Redirect WAN port 22 to this port "forgejo" = {
"2222:22" image = import ./images/forgejo.nix pkgs;
"3000:3000"
];
restart = "always"; ports = [
dependsOn = ["forgejo-db"]; # Redirect WAN port 22 to this port
"2222:22"
"3000:3000"
];
environmentFiles = [secrets.forgejo.path]; networks = ["proxy_net"];
environment = {
APP_NAME = "Gitea";
# TODO: change ids restart = "always";
USER_UID = "1000"; dependsOn = ["forgejo-db"];
USER_GID = "1000";
ROOT_URL = "https://git.nelim.org"; environmentFiles = [secrets.forgejo.path];
SSH_DOMAIN = "git.nelim.org"; environment = {
SSH_PORT = "22"; APP_NAME = "Gitea";
HTTP_PORT = "3000";
# TODO: change ids
USER_UID = "1000";
USER_GID = "1000";
ROOT_URL = "https://git.nelim.org";
SSH_DOMAIN = "git.nelim.org";
SSH_PORT = "22";
HTTP_PORT = "3000";
};
volumes = [
"${rwPath}/data:/data"
"/etc/timezone:/etc/timezone:ro"
"/etc/localtime:/etc/localtime:ro"
];
}; };
volumes = [ "forgejo-db" = {
"${rwPath}/data:/data" image = import ./images/postgres.nix pkgs;
"/etc/timezone:/etc/timezone:ro"
"/etc/localtime:/etc/localtime:ro"
];
};
"forgejo-db" = { restart = "always";
image = import ./images/postgres.nix pkgs;
restart = "always"; environmentFiles = [secrets.forgejo-db.path];
networks = ["proxy_net"];
environmentFiles = [secrets.forgejo-db.path]; volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
};
"act_runner" = {
image = import ./images/act_runner.nix pkgs;
privileged = true;
restart = "always";
dependsOn = ["forgejo"];
environmentFiles = [secrets.forgejo-runner.path];
environment = {
GITEA_INSTANCE_URL = "https://git.nelim.org";
GITEA_RUNNER_NAME = "DinD";
}; };
volumes = ["${rwPath}/act:/data"]; "act_runner" = {
extraHosts = [ image = import ./images/act_runner.nix pkgs;
"git.nelim.org=10.0.0.130"
]; privileged = true;
user = "root:root";
networks = ["proxy_net"];
restart = "always";
dependsOn = ["forgejo"];
environmentFiles = [secrets.forgejo-runner.path];
environment = {
GITEA_INSTANCE_URL = "https://git.nelim.org";
GITEA_RUNNER_NAME = "DinD";
};
volumes = ["${rwPath}/act:/data"];
extraHosts = ["git.nelim.org:10.0.0.130"];
};
}; };
}; };
} }

View file

@ -8,76 +8,87 @@
rwPath = rwDataDir + "/freshrss"; rwPath = rwDataDir + "/freshrss";
in { in {
khepri.compositions."freshrss".services = { khepri.compositions."freshrss" = {
"freshrss" = { networks.proxy_net = {external = true;};
image = import ./images/freshrss.nix pkgs;
restart = "always";
ports = ["2800:80"]; services = {
extraHosts = [ "freshrss" = {
"drss.nelim.org=10.0.0.130" image = import ./images/freshrss.nix pkgs;
"bridge.nelim.org=10.0.0.130" restart = "always";
];
volumes = let ports = ["2800:80"];
rss-bridge = pkgs.stdenv.mkDerivation { extraHosts = [
name = "rss-bridge-ext"; "drss.nelim.org:10.0.0.130"
version = "unstable"; "bridge.nelim.org:10.0.0.130"
src = pkgs.fetchFromGitHub { ];
owner = "DevonHess"; networks = ["proxy_net"];
repo = "FreshRSS-Extensions";
rev = "299c1febc279be77fa217ff5c2965a620903b974"; volumes = let
hash = "sha256-++kgbrGJohKeOeLjcy7YV3QdCf9GyZDtbntlFmmIC5k="; rss-bridge = pkgs.stdenv.mkDerivation {
name = "rss-bridge-ext";
version = "unstable";
src = pkgs.fetchFromGitHub {
owner = "DevonHess";
repo = "FreshRSS-Extensions";
rev = "299c1febc279be77fa217ff5c2965a620903b974";
hash = "sha256-++kgbrGJohKeOeLjcy7YV3QdCf9GyZDtbntlFmmIC5k=";
};
installPhase = ''
mkdir $out
cp -ar ./xExtension-RssBridge $out/
'';
}; };
installPhase = '' in [
mkdir $out "${rwPath}/data:/var/www/FreshRSS/data"
cp -ar ./xExtension-RssBridge $out/ "${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro"
''; ];
environmentFiles = [secrets.freshrss.path];
environment = {
TZ = "America/New_York";
CRON_MIN = "3,33";
}; };
in [
"${rwPath}/data:/var/www/FreshRSS/data"
"${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro"
];
environmentFiles = [secrets.freshrss.path];
environment = {
TZ = "America/New_York";
CRON_MIN = "3,33";
}; };
};
"freshrss-db" = { "freshrss-db" = {
image = import ./images/postgres.nix pkgs; image = import ./images/postgres.nix pkgs;
restart = "always"; restart = "always";
volumes = [ volumes = [
"${rwPath}/db:/var/lib/postgresql/data" "${rwPath}/db:/var/lib/postgresql/data"
]; ];
environmentFiles = [secrets.freshrss.path]; networks = ["proxy_net"];
environment = { environmentFiles = [secrets.freshrss.path];
POSTGRES_DB = "\${DB_BASE:-freshrss}";
POSTGRES_USER = "\${DB_USER:-freshrss}"; environment = {
POSTGRES_PASSWORD = "\${DB_PASSWORD:-freshrss}"; POSTGRES_DB = "\${DB_BASE:-freshrss}";
POSTGRES_USER = "\${DB_USER:-freshrss}";
POSTGRES_PASSWORD = "\${DB_PASSWORD:-freshrss}";
};
}; };
};
"docker-hub-rss" = { "docker-hub-rss" = {
image = import ./images/docker-hub-rss.nix pkgs; image = import ./images/docker-hub-rss.nix pkgs;
restart = "always"; restart = "always";
ports = ["3007:3000"]; ports = ["3007:3000"];
};
"rss-bridge" = { networks = ["proxy_net"];
image = import ./images/rss-bridge.nix pkgs; };
restart = "always";
volumes = [ "rss-bridge" = {
"${rwPath}/bridge:/config" image = import ./images/rss-bridge.nix pkgs;
]; restart = "always";
ports = ["3006:80"];
volumes = [
"${rwPath}/bridge:/config"
];
ports = ["3006:80"];
networks = ["proxy_net"];
};
}; };
}; };
} }

View file

@ -5,19 +5,24 @@
}: let }: let
inherit (config.sops) secrets; inherit (config.sops) secrets;
in { in {
khepri.compositions."gameyfin".services."gameyfin" = { khepri.compositions."gameyfin" = {
image = import ./images/gameyfin.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
user = "1000:1000";
environmentFiles = [secrets.gameyfin.path]; services."gameyfin" = {
environment.GAMEYFIN_USER = "mathis"; image = import ./images/gameyfin.nix pkgs;
restart = "always";
user = "1000:1000";
volumes = [ environmentFiles = [secrets.gameyfin.path];
"/data/games:/opt/gameyfin-library" environment.GAMEYFIN_USER = "mathis";
];
expose = ["8080"]; volumes = [
ports = ["8074:8080"]; "/data/games:/opt/gameyfin-library"
];
expose = ["8080"];
ports = ["8074:8080"];
networks = ["proxy_net"];
};
}; };
} }

View file

@ -1,9 +1,14 @@
{pkgs, ...}: { {pkgs, ...}: {
khepri.compositions."hauk".services."hauk" = { khepri.compositions."hauk" = {
image = import ./images/hauk.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
ports = ["3003:80"];
volumes = ["${./config.php}:/etc/hauk/config.php:ro"]; services."hauk" = {
image = import ./images/hauk.nix pkgs;
restart = "always";
ports = ["3003:80"];
networks = ["proxy_net"];
volumes = ["${./config.php}:/etc/hauk/config.php:ro"];
};
}; };
} }

View file

@ -6,57 +6,63 @@
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (pkgs.writers) writeYAML; inherit (pkgs.writers) writeYAML;
in { in {
khepri.compositions."homepage".services."homepage" = { khepri.compositions."homepage" = {
image = import ./images/homepage.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
ports = [ services."homepage" = {
"3020:3000" image = import ./images/homepage.nix pkgs;
]; restart = "always";
extraHosts = ["lan.nelim.org=10.0.0.130"]; ports = [
"3020:3000"
environmentFiles = [secrets.homepage.path];
volumes = let
services = writeYAML "services.yaml" (import ./services.nix);
bookmarks = writeYAML "bookmarks.yaml" {};
settings = writeYAML "settings.yaml" {
# FIXME: title not working
title = "bruh";
theme = "dark";
color = "gray";
target = "_self";
layout.video = {
style = "columns";
row = 4;
# columns = 2;
};
};
widgets = writeYAML "widgets.yaml" [
{
resources = {
cpu = true;
memory = true;
disk = "/";
};
}
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
]; ];
in [
"${bookmarks}:/app/config/bookmarks.yaml:ro" networks = ["proxy_net"];
"${services}:/app/config/services.yaml:ro"
"${settings}:/app/config/settings.yaml:ro" extraHosts = ["lan.nelim.org:10.0.0.130"];
"${widgets}:/app/config/widgets.yaml:ro"
]; environmentFiles = [secrets.homepage.path];
volumes = let
services = writeYAML "services.yaml" (import ./services.nix);
bookmarks = writeYAML "bookmarks.yaml" {};
settings = writeYAML "settings.yaml" {
# FIXME: title not working
title = "bruh";
theme = "dark";
color = "gray";
target = "_self";
layout.video = {
style = "columns";
row = 4;
# columns = 2;
};
};
widgets = writeYAML "widgets.yaml" [
{
resources = {
cpu = true;
memory = true;
disk = "/";
};
}
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
];
in [
"${bookmarks}:/app/config/bookmarks.yaml:ro"
"${services}:/app/config/services.yaml:ro"
"${settings}:/app/config/settings.yaml:ro"
"${widgets}:/app/config/widgets.yaml:ro"
];
};
}; };
} }

View file

@ -10,66 +10,74 @@
UPLOAD_LOCATION = "${rwPath}/data"; UPLOAD_LOCATION = "${rwPath}/data";
in { in {
khepri.compositions."immich".services = { khepri.compositions."immich" = {
"immich_server" = { networks.proxy_net = {external = true;};
image = import ./images/server.nix pkgs;
environmentFiles = [
"${./env}"
secrets.immich.path
];
volumes = [ services = {
"${UPLOAD_LOCATION}:/usr/src/app/upload:rw" "immich_server" = {
]; image = import ./images/server.nix pkgs;
ports = [ environmentFiles = [
"2283:3001" "${./env}"
]; secrets.immich.path
];
dependsOn = ["immich_redis" "immich_postgres"]; volumes = [
restart = "always"; "${UPLOAD_LOCATION}:/usr/src/app/upload:rw"
];
ports = [
"2283:3001"
];
networks = ["proxy_net"];
environment.NODE_ENV = "production"; dependsOn = ["immich_redis" "immich_postgres"];
}; restart = "always";
"immich_machine_learning" = { environment.NODE_ENV = "production";
image = import ./images/machine-learning.nix pkgs; };
restart = "always";
environmentFiles = [
"${./env}"
secrets.immich.path
];
volumes = [ "immich_machine_learning" = {
"${rwPath}/cache:/cache" image = import ./images/machine-learning.nix pkgs;
]; restart = "always";
}; environmentFiles = [
"${./env}"
secrets.immich.path
];
networks = ["proxy_net"];
"immich_redis" = { volumes = [
image = import ./images/redis.nix pkgs; "${rwPath}/cache:/cache"
restart = "always"; ];
tmpfs = ["/data"]; };
environmentFiles = [
"${./env}"
secrets.immich.path
];
};
"immich_postgres" = { "immich_redis" = {
image = import ./images/postgres.nix pkgs; image = import ./images/redis.nix pkgs;
restart = "always"; restart = "always";
environmentFiles = [ tmpfs = ["/data"];
"${./env}" environmentFiles = [
secrets.immich.path "${./env}"
]; secrets.immich.path
];
networks = ["proxy_net"];
};
volumes = [ "immich_postgres" = {
"${rwPath}/db:/var/lib/postgresql/data" image = import ./images/postgres.nix pkgs;
]; restart = "always";
environmentFiles = [
"${./env}"
secrets.immich.path
];
networks = ["proxy_net"];
environment = { volumes = [
POSTGRES_PASSWORD = "\${DB_PASSWORD}"; "${rwPath}/db:/var/lib/postgresql/data"
POSTGRES_USER = "\${DB_USERNAME}"; ];
POSTGRES_DB = "\${DB_DATABASE_NAME}";
environment = {
POSTGRES_PASSWORD = "\${DB_PASSWORD}";
POSTGRES_USER = "\${DB_USERNAME}";
POSTGRES_DB = "\${DB_DATABASE_NAME}";
};
}; };
}; };
}; };

View file

@ -7,26 +7,31 @@
rwPath = rwDataDir + "/media/bazarr"; rwPath = rwDataDir + "/media/bazarr";
in { in {
khepri.compositions."bazarr".services."bazarr" = { khepri.compositions."bazarr" = {
image = import ./images/bazarr.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
environment = { services."bazarr" = {
PUID = "1000"; image = import ./images/bazarr.nix pkgs;
PGID = "1000"; restart = "always";
TZ = "America/New_York";
environment = {
PUID = "1000";
PGID = "1000";
TZ = "America/New_York";
};
extraHosts = ["lan.nelim.org:10.0.0.130"];
ports = [
"6767:6767"
];
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 2;
networks = ["proxy_net"];
}; };
extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = [
"6767:6767"
];
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 2;
}; };
} }

View file

@ -7,50 +7,56 @@
rwPath = rwDataDir + "/media/calibre"; rwPath = rwDataDir + "/media/calibre";
in { in {
khepri.compositions."calibre".services = { khepri.compositions."calibre" = {
"calibre" = { networks.proxy_net = {external = true;};
image = import ./images/calibre.nix pkgs;
restart = "always";
environment = { services = {
PUID = "1000"; "calibre" = {
PGID = "1000"; image = import ./images/calibre.nix pkgs;
TZ = "America/New_York"; restart = "always";
# WebUI vars environment = {
SUBFOLDER = "/calibre/"; PUID = "1000";
TITLE = "CalibreDB"; PGID = "1000";
NO_DECOR = "true"; TZ = "America/New_York";
# WebUI vars
SUBFOLDER = "/calibre/";
TITLE = "CalibreDB";
NO_DECOR = "true";
};
volumes = ["${rwPath}/data-db:/config"];
extraHosts = ["lan.nelim.org:10.0.0.130"];
ports = [
"8580:8080"
#"8081:8081"
];
networks = ["proxy_net"];
#network_mode = "host";
}; };
volumes = ["${rwPath}/data-db:/config"]; "calibre-web" = {
image = import ./images/calibre-web.nix pkgs;
restart = "always";
extraHosts = ["lan.nelim.org=10.0.0.130"]; environment = {
ports = [ PUID = "1000";
"8580:8080" PGID = "1000";
#"8081:8081" TZ = "America/New_York";
]; DOCKER_MODS = "linuxserver/mods:universal-calibre";
#network_mode = "host"; };
};
"calibre-web" = { volumes = [
image = import ./images/calibre-web.nix pkgs; "${rwPath}/data-web:/config"
restart = "always"; "${rwPath}/data-db/Calibre Library:/books"
];
environment = { extraHosts = ["lan.nelim.org:10.0.0.130"];
PUID = "1000"; ports = ["8083:8083"];
PGID = "1000"; networks = ["proxy_net"];
TZ = "America/New_York";
DOCKER_MODS = "linuxserver/mods:universal-calibre";
}; };
volumes = [
"${rwPath}/data-web:/config"
"${rwPath}/data-db/Calibre Library:/books"
];
extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["8083:8083"];
}; };
}; };
} }

View file

@ -7,20 +7,25 @@
rwPath = rwDataDir + "/media/joal"; rwPath = rwDataDir + "/media/joal";
in { in {
khepri.compositions."joal".services."joal" = { khepri.compositions."joal" = {
image = import ./images/joal.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
volumes = ["${rwPath}/data:/data"]; services."joal" = {
extraHosts = ["lan.nelim.org=10.0.0.130"]; image = import ./images/joal.nix pkgs;
ports = ["5656:5656"]; restart = "always";
cmd = [ volumes = ["${rwPath}/data:/data"];
"--joal-conf=/data" extraHosts = ["lan.nelim.org:10.0.0.130"];
"--spring.main.web-environment=true" ports = ["5656:5656"];
"--server.port=5656"
"--joal.ui.path.prefix=joal" cmd = [
"--joal.ui.secret-token=12345" "--joal-conf=/data"
]; "--spring.main.web-environment=true"
"--server.port=5656"
"--joal.ui.path.prefix=joal"
"--joal.ui.secret-token=12345"
];
networks = ["proxy_net"];
};
}; };
} }

View file

@ -7,37 +7,43 @@
rwPath = rwDataDir + "/media/prowlarr"; rwPath = rwDataDir + "/media/prowlarr";
in { in {
khepri.compositions."prowlarr".services = { khepri.compositions."prowlarr" = {
"prowlarr" = { networks.proxy_net = {external = true;};
image = import ./images/prowlarr.nix pkgs;
restart = "always";
environment = { services = {
PUID = "1000"; "prowlarr" = {
PGID = "1000"; image = import ./images/prowlarr.nix pkgs;
TZ = "America/New_York"; restart = "always";
environment = {
PUID = "1000";
PGID = "1000";
TZ = "America/New_York";
};
volumes = ["${rwPath}/data:/config"];
extraHosts = ["lan.nelim.org:10.0.0.130"];
ports = ["9696:9696"];
networks = ["proxy_net"];
}; };
volumes = ["${rwPath}/data:/config"]; "flaresolverr" = {
extraHosts = ["lan.nelim.org=10.0.0.130"]; image = import ./images/flaresolverr.nix pkgs;
ports = ["9696:9696"]; restart = "always";
};
"flaresolverr" = { environment = {
image = import ./images/flaresolverr.nix pkgs; LOG_LEVEL = "info";
restart = "always"; LOG_HTML = "false";
CAPTCHA_SOLVER = "none";
TZ = "America/New_York";
};
environment = { extraHosts = ["lan.nelim.org:10.0.0.130"];
LOG_LEVEL = "info"; ports = ["8191:8191"];
LOG_HTML = "false";
CAPTCHA_SOLVER = "none"; dependsOn = ["prowlarr"];
TZ = "America/New_York"; networks = ["proxy_net"];
}; };
extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["8191:8191"];
dependsOn = ["prowlarr"];
}; };
}; };
} }

View file

@ -7,24 +7,29 @@
rwPath = rwDataDir + "/media/radarr"; rwPath = rwDataDir + "/media/radarr";
in { in {
khepri.compositions."radarr".services."radarr" = { khepri.compositions."radarr" = {
image = import ./images/radarr.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
extraHosts = ["lan.nelim.org=10.0.0.130"]; services."radarr" = {
ports = ["7878:7878"]; image = import ./images/radarr.nix pkgs;
restart = "always";
environment = { extraHosts = ["lan.nelim.org:10.0.0.130"];
PUID = "1000"; ports = ["7878:7878"];
PGID = "1000";
TZ = "America/New_York"; environment = {
PUID = "1000";
PGID = "1000";
TZ = "America/New_York";
};
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 0.5;
networks = ["proxy_net"];
}; };
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 0.5;
}; };
} }

View file

@ -7,24 +7,29 @@
rwPath = rwDataDir + "/media/sabnzbd"; rwPath = rwDataDir + "/media/sabnzbd";
in { in {
khepri.compositions."sabnzbd".services."sabnzbd" = { khepri.compositions."sabnzbd" = {
image = import ./images/sabnzbd.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
extraHosts = ["lan.nelim.org=10.0.0.130"]; services."sabnzbd" = {
ports = ["8382:8082"]; image = import ./images/sabnzbd.nix pkgs;
restart = "always";
environment = { extraHosts = ["lan.nelim.org:10.0.0.130"];
PUID = "1000"; ports = ["8382:8082"];
PGID = "1000";
TZ = "America/New_York"; environment = {
PUID = "1000";
PGID = "1000";
TZ = "America/New_York";
};
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 2;
networks = ["proxy_net"];
}; };
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 2;
}; };
} }

View file

@ -7,20 +7,25 @@
rwPath = rwDataDir + "/media/seerr"; rwPath = rwDataDir + "/media/seerr";
in { in {
khepri.compositions."seerr".services."seerr" = { khepri.compositions."seerr" = {
image = import ./images/jellyseerr.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
environment = { services."seerr" = {
LOG_LEVEL = "debug"; image = import ./images/jellyseerr.nix pkgs;
TZ = "America/New_York"; restart = "always";
environment = {
LOG_LEVEL = "debug";
TZ = "America/New_York";
};
volumes = [
"${rwPath}/data:/app/config"
];
extraHosts = ["lan.nelim.org:10.0.0.130"];
networks = ["proxy_net"];
ports = ["5055:5055"];
}; };
volumes = [
"${rwPath}/data:/app/config"
];
extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["5055:5055"];
}; };
} }

View file

@ -7,24 +7,29 @@
rwPath = rwDataDir + "/media/sonarr"; rwPath = rwDataDir + "/media/sonarr";
in { in {
khepri.compositions."sonarr".services."sonarr" = { khepri.compositions."sonarr" = {
image = import ./images/sonarr.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
extraHosts = ["lan.nelim.org=10.0.0.130"]; services."sonarr" = {
ports = ["8989:8989"]; image = import ./images/sonarr.nix pkgs;
restart = "always";
environment = { extraHosts = ["lan.nelim.org:10.0.0.130"];
PUID = "1000"; ports = ["8989:8989"];
PGID = "1000";
TZ = "America/New_York"; environment = {
PUID = "1000";
PGID = "1000";
TZ = "America/New_York";
};
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 0.5;
networks = ["proxy_net"];
}; };
volumes = [
"${rwPath}/data:/config"
"/data:/data"
];
cpus = 0.5;
}; };
} }

View file

@ -7,27 +7,33 @@
rwPath = rwDataDir + "/music/jbots"; rwPath = rwDataDir + "/music/jbots";
in { in {
khepri.compositions."jbots".services = { khepri.compositions."jbots" = {
"musicbot_be" = { networks.proxy_net = {external = true;};
containerName = "be";
image = import ./images/jmusicbot.nix pkgs;
restart = "always";
volumes = [ services = {
"${rwPath}/be/config.txt:/jmb/config/config.txt:ro" "musicbot_be" = {
"${rwPath}/be/playlists:/jmb/config/playlists:rw" containerName = "be";
]; image = import ./images/jmusicbot.nix pkgs;
}; restart = "always";
"musicbot_br" = { volumes = [
containerName = "br"; "${rwPath}/be/config.txt:/jmb/config/config.txt:ro"
image = import ./images/jmusicbot.nix pkgs; "${rwPath}/be/playlists:/jmb/config/playlists:rw"
restart = "always"; ];
networks = ["proxy_net"];
};
volumes = [ "musicbot_br" = {
"${rwPath}/br/config.txt:/jmb/config/config.txt:ro" containerName = "br";
"${rwPath}/br/playlists:/jmb/config/playlists:rw" image = import ./images/jmusicbot.nix pkgs;
]; restart = "always";
volumes = [
"${rwPath}/br/config.txt:/jmb/config/config.txt:ro"
"${rwPath}/br/playlists:/jmb/config/playlists:rw"
];
networks = ["proxy_net"];
};
}; };
}; };
} }

View file

@ -1,112 +1,140 @@
{ {
config, config,
lib,
pkgs, pkgs,
... ...
}: let }: let
inherit (lib) concatStrings;
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (config.khepri) rwDataDir; inherit (config.khepri) rwDataDir;
mainContainerName = "app-server"; mainContainerName = "app-server";
rwPath = rwDataDir + "/nextcloud"; rwPath = rwDataDir + "/nextcloud";
in { in {
khepri.compositions."nextcloud".services = { khepri.compositions."nextcloud" = {
"${mainContainerName}" = { networks.proxy_net = {external = true;};
image = import ./images/nextcloud.nix pkgs;
restart = "always";
expose = [ services = {
"80" "${mainContainerName}" = {
"9000" image = import ./images/nextcloud.nix pkgs;
]; restart = "always";
volumes = [ expose = [
"${rwPath}/data:/var/www/html" "80"
"/data/docs:/var/www/drive" "9000"
]; ];
environmentFiles = [secrets.nextcloud.path]; networks = ["proxy_net"];
environment = { volumes = [
POSTGRES_DB = "nextcloud"; "${rwPath}/data:/var/www/html"
POSTGRES_HOST = "nextcloud-db"; "/data/docs:/var/www/drive"
REDIS_HOST = "nextcloud-cache"; ];
REDIS_HOST_PASSWORD = "password";
NEXTCLOUD_INIT_HTACCESS = "true"; environmentFiles = [secrets.nextcloud.path];
environment = {
POSTGRES_DB = "nextcloud";
POSTGRES_HOST = "nextcloud-db";
REDIS_HOST = "nextcloud-cache";
NEXTCLOUD_INIT_HTACCESS = "true";
};
}; };
};
"onlyoffice-document-server" = { "onlyoffice-document-server" = let
image = import ./images/onlyoffice.nix pkgs; filePath = "/var/www/onlyoffice/documentserver/web-apps/apps/*/mobile/dist/js/app.js";
restart = "always"; func = "isSupportEditFeature=function()";
environment.JWT_ENABLED = "false"; entrypoint =
pkgs.writeScript "entrypoint"
ports = ["8055:80"]; # bash
expose = [ ''
"80" #!/bin/sh
"443"
];
volumes = ["${rwPath}/data-onlyoffice:/var/log/onlyoffice"];
tmpfs = [
"/var/www/onlyoffice/Data"
"/var/lib/postgresql"
"/usr/share/fonts/truetype/custom"
"/var/lib/rabbitmq"
"/var/lib/redis"
"/var/lib/onlyoffice"
];
entrypoint = ''bash -c "${let
filePath = "/var/www/onlyoffice/documentserver/web-apps/apps/*/mobile/dist/js/app.js";
func = "isSupportEditFeature=function()";
in
concatStrings [
# Fix proxies # Fix proxies
''sed -i 's/"allowPrivateIPAddress": false,/"allowPrivateIPAddress": true,/' /etc/onlyoffice/documentserver/default.json'' sed -i 's/"allowPrivateIPAddress": false,/"allowPrivateIPAddress": true,/' /etc/onlyoffice/documentserver/default.json
''sed -i 's/"allowMetaIPAddress": false/"allowMetaIPAddress": true/' /etc/onlyoffice/documentserver/default.json'' sed -i 's/"allowMetaIPAddress": false/"allowMetaIPAddress": true/' /etc/onlyoffice/documentserver/default.json
# Fix mobile editing # Fix mobile editing
"sed -i 's/${func}{return!1}/${func}{return 1}/g' ${filePath};" sed -i 's/${func}{return!1}/${func}{return 1}/g' ${filePath}
"/app/ds/run-document-server.sh;" apt update
"apt update;" apt install imagemagick -y
"apt install imagemagick -y;"
]}"'';
};
"nginx-server" = { exec /app/ds/run-document-server.sh
image = import ./images/nginx.nix pkgs; '';
restart = "always"; in {
ports = ["8042:80"]; image = import ./images/onlyoffice.nix pkgs;
volumes = [ restart = "always";
"${./nginx.conf}:/etc/nginx/nginx.conf"
"${rwPath}/data:/var/www/html"
];
};
"nextcloud-db" = { environment.JWT_ENABLED = "false";
image = import ./images/postgres.nix pkgs;
restart = "always";
environmentFiles = [secrets.nextcloud.path];
volumes = [
"${rwPath}/database:/var/lib/postgresql/data"
"/etc/localtime:/etc/localtime:ro"
];
};
"nextcloud-cache" = { ports = ["8055:80"];
image = import ./images/redis.nix pkgs; expose = [
restart = "always"; "80"
#mem_limit = "2048m"; "443"
#mem_reservation = "512m"; ];
environmentFiles = [secrets.nextcloud.path];
cmd = [''/bin/sh -c "redis-server --requirepass $$REDIS_HOST_PASSWORD"'']; networks = ["proxy_net"];
tmpfs = [
"/data" entrypoint = "/entrypoint.sh";
];
volumes = [
"${entrypoint}:/entrypoint.sh"
"${rwPath}/data-onlyoffice:/var/log/onlyoffice"
];
tmpfs = [
"/var/www/onlyoffice/Data"
"/var/lib/postgresql"
"/usr/share/fonts/truetype/custom"
"/var/lib/rabbitmq"
"/var/lib/redis"
"/var/lib/onlyoffice"
];
};
"nginx-server" = {
image = import ./images/nginx.nix pkgs;
restart = "always";
ports = ["8042:80"];
networks = ["proxy_net"];
volumes = [
"${./nginx.conf}:/etc/nginx/nginx.conf"
"${rwPath}/data:/var/www/html"
];
};
"nextcloud-db" = {
image = import ./images/postgres.nix pkgs;
restart = "always";
environmentFiles = [secrets.nextcloud.path];
volumes = [
"${rwPath}/database:/var/lib/postgresql/data"
"/etc/localtime:/etc/localtime:ro"
];
networks = ["proxy_net"];
};
"nextcloud-cache" = let
entrypoint =
pkgs.writeScript "entrypoint"
# bash
''
#!/bin/sh
exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
'';
in {
image = import ./images/redis.nix pkgs;
restart = "always";
#mem_limit = "2048m";
#mem_reservation = "512m";
environmentFiles = [secrets.nextcloud.path];
entrypoint = "/entrypoint.sh";
volumes = ["${entrypoint}:/entrypoint.sh"];
tmpfs = ["/data"];
networks = ["proxy_net"];
};
}; };
}; };

View file

@ -8,47 +8,54 @@
rwPath = rwDataDir + "/resume"; rwPath = rwDataDir + "/resume";
in { in {
khepri.compositions."resume".services = { khepri.compositions."resume" = {
"postgres" = { networks.proxy_net = {external = true;};
image = import ./images/postgres.nix pkgs;
restart = "always";
ports = ["5432:5432"]; services = {
"postgres" = {
image = import ./images/postgres.nix pkgs;
restart = "always";
volumes = [ ports = ["5432:5432"];
"${rwPath}/db:/var/lib/postgresql/data"
];
environmentFiles = [secrets.resume.path]; volumes = [
}; "${rwPath}/db:/var/lib/postgresql/data"
];
"server" = { environmentFiles = [secrets.resume.path];
image = import ./images/resume-server.nix pkgs; networks = ["proxy_net"];
restart = "always";
ports = ["3100:3100"];
dependsOn = ["postgres"];
environmentFiles = [secrets.resume.path];
environment = {
PUBLIC_URL = "https://resume.nelim.org";
PUBLIC_SERVER_URL = "https://resauth.nelim.org";
}; };
};
"client" = { "server" = {
image = import ./images/resume-client.nix pkgs; image = import ./images/resume-server.nix pkgs;
restart = "always"; restart = "always";
ports = ["3060:3000"]; ports = ["3100:3100"];
dependsOn = ["server"]; dependsOn = ["postgres"];
environment = { environmentFiles = [secrets.resume.path];
PUBLIC_URL = "https://resume.nelim.org";
PUBLIC_SERVER_URL = "https://resauth.nelim.org"; environment = {
PUBLIC_URL = "https://resume.nelim.org";
PUBLIC_SERVER_URL = "https://resauth.nelim.org";
};
networks = ["proxy_net"];
};
"client" = {
image = import ./images/resume-client.nix pkgs;
restart = "always";
ports = ["3060:3000"];
dependsOn = ["server"];
environment = {
PUBLIC_URL = "https://resume.nelim.org";
PUBLIC_SERVER_URL = "https://resauth.nelim.org";
};
networks = ["proxy_net"];
}; };
}; };
}; };

View file

@ -7,23 +7,29 @@
rwPath = rwDataDir + "/vaultwarden"; rwPath = rwDataDir + "/vaultwarden";
in { in {
khepri.compositions."vaultwarden".services = { khepri.compositions."vaultwarden" = {
"public-vault" = { networks.proxy_net = {external = true;};
image = import ./images/vaultwarden.nix pkgs;
restart = "always";
ports = ["8781:80"]; services = {
volumes = ["${rwPath}/public-data:/data"]; "public-vault" = {
environment.WEBSOCKET_ENABLED = "true"; image = import ./images/vaultwarden.nix pkgs;
}; restart = "always";
"private-vault" = { ports = ["8781:80"];
image = import ./images/vaultwarden.nix pkgs; volumes = ["${rwPath}/public-data:/data"];
restart = "always"; environment.WEBSOCKET_ENABLED = "true";
networks = ["proxy_net"];
};
ports = ["8780:80"]; "private-vault" = {
volumes = ["${rwPath}/private-data:/data"]; image = import ./images/vaultwarden.nix pkgs;
environment.WEBSOCKET_ENABLED = "true"; restart = "always";
ports = ["8780:80"];
volumes = ["${rwPath}/private-data:/data"];
environment.WEBSOCKET_ENABLED = "true";
networks = ["proxy_net"];
};
}; };
}; };
} }

View file

@ -7,38 +7,44 @@
rwPath = rwDataDir + "/wg-easy"; rwPath = rwDataDir + "/wg-easy";
in { in {
khepri.compositions."wg-easy".services."wg-easy" = { khepri.compositions."wg-easy" = {
image = import ./images/wg-easy.nix pkgs; networks.proxy_net = {external = true;};
restart = "always";
privileged = true;
capAdd = [ services."wg-easy" = {
"NET_ADMIN" image = import ./images/wg-easy.nix pkgs;
"SYS_MODULE" restart = "always";
]; privileged = true;
sysctls = [ capAdd = [
"net.ipv4.ip_forward=1" "NET_ADMIN"
"net.ipv4.conf.all.src_valid_mark=1" "SYS_MODULE"
]; ];
dns = ["1.0.0.1"]; sysctls = [
"net.ipv4.ip_forward=1"
"net.ipv4.conf.all.src_valid_mark=1"
];
environment = { dns = ["1.0.0.1"];
WG_HOST = "166.62.179.208";
WG_PORT = "51820"; environment = {
WG_DEFAULT_ADDRESS = "10.6.0.x"; WG_HOST = "166.62.179.208";
WG_DEFAULT_DNS = "1.0.0.1"; WG_PORT = "51820";
WG_DEFAULT_ADDRESS = "10.6.0.x";
WG_DEFAULT_DNS = "1.0.0.1";
};
volumes = [
"${rwPath}/data:/etc/wireguard"
];
ports = [
"53:51820/udp"
"51822:51820/udp"
"51821:51821/tcp"
];
networks = ["proxy_net"];
}; };
volumes = [
"${rwPath}/data:/etc/wireguard"
];
ports = [
"53:51820/udp"
"51822:51820/udp"
"51821:51821/tcp"
];
}; };
} }

Binary file not shown.