fix(docker): add required changes to make every container work
All checks were successful
Discord / discord commits (push) Has been skipped
All checks were successful
Discord / discord commits (push) Has been skipped
This commit is contained in:
parent
827bf6ba8c
commit
59d2205e7a
21 changed files with 692 additions and 555 deletions
|
@ -1,5 +1,5 @@
|
||||||
{...}: let
|
{...}: let
|
||||||
configPath = "/var/lib/docker";
|
configPath = "/var/lib/docker-data";
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./forgejo/compose.nix
|
./forgejo/compose.nix
|
||||||
|
|
|
@ -8,68 +8,75 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/forgejo";
|
rwPath = rwDataDir + "/forgejo";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."forgejo".services = {
|
khepri.compositions."forgejo" = {
|
||||||
"forgejo" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/forgejo.nix pkgs;
|
|
||||||
|
|
||||||
ports = [
|
services = {
|
||||||
# Redirect WAN port 22 to this port
|
"forgejo" = {
|
||||||
"2222:22"
|
image = import ./images/forgejo.nix pkgs;
|
||||||
"3000:3000"
|
|
||||||
];
|
|
||||||
|
|
||||||
restart = "always";
|
ports = [
|
||||||
dependsOn = ["forgejo-db"];
|
# Redirect WAN port 22 to this port
|
||||||
|
"2222:22"
|
||||||
|
"3000:3000"
|
||||||
|
];
|
||||||
|
|
||||||
environmentFiles = [secrets.forgejo.path];
|
networks = ["proxy_net"];
|
||||||
environment = {
|
|
||||||
APP_NAME = "Gitea";
|
|
||||||
|
|
||||||
# TODO: change ids
|
restart = "always";
|
||||||
USER_UID = "1000";
|
dependsOn = ["forgejo-db"];
|
||||||
USER_GID = "1000";
|
|
||||||
|
|
||||||
ROOT_URL = "https://git.nelim.org";
|
environmentFiles = [secrets.forgejo.path];
|
||||||
SSH_DOMAIN = "git.nelim.org";
|
environment = {
|
||||||
SSH_PORT = "22";
|
APP_NAME = "Gitea";
|
||||||
HTTP_PORT = "3000";
|
|
||||||
|
# TODO: change ids
|
||||||
|
USER_UID = "1000";
|
||||||
|
USER_GID = "1000";
|
||||||
|
|
||||||
|
ROOT_URL = "https://git.nelim.org";
|
||||||
|
SSH_DOMAIN = "git.nelim.org";
|
||||||
|
SSH_PORT = "22";
|
||||||
|
HTTP_PORT = "3000";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/data:/data"
|
||||||
|
"/etc/timezone:/etc/timezone:ro"
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = [
|
"forgejo-db" = {
|
||||||
"${rwPath}/data:/data"
|
image = import ./images/postgres.nix pkgs;
|
||||||
"/etc/timezone:/etc/timezone:ro"
|
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"forgejo-db" = {
|
restart = "always";
|
||||||
image = import ./images/postgres.nix pkgs;
|
|
||||||
|
|
||||||
restart = "always";
|
environmentFiles = [secrets.forgejo-db.path];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
environmentFiles = [secrets.forgejo-db.path];
|
volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
|
||||||
|
|
||||||
volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
|
|
||||||
};
|
|
||||||
|
|
||||||
"act_runner" = {
|
|
||||||
image = import ./images/act_runner.nix pkgs;
|
|
||||||
|
|
||||||
privileged = true;
|
|
||||||
|
|
||||||
restart = "always";
|
|
||||||
dependsOn = ["forgejo"];
|
|
||||||
|
|
||||||
environmentFiles = [secrets.forgejo-runner.path];
|
|
||||||
environment = {
|
|
||||||
GITEA_INSTANCE_URL = "https://git.nelim.org";
|
|
||||||
GITEA_RUNNER_NAME = "DinD";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = ["${rwPath}/act:/data"];
|
"act_runner" = {
|
||||||
extraHosts = [
|
image = import ./images/act_runner.nix pkgs;
|
||||||
"git.nelim.org=10.0.0.130"
|
|
||||||
];
|
privileged = true;
|
||||||
|
user = "root:root";
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
|
restart = "always";
|
||||||
|
dependsOn = ["forgejo"];
|
||||||
|
|
||||||
|
environmentFiles = [secrets.forgejo-runner.path];
|
||||||
|
environment = {
|
||||||
|
GITEA_INSTANCE_URL = "https://git.nelim.org";
|
||||||
|
GITEA_RUNNER_NAME = "DinD";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = ["${rwPath}/act:/data"];
|
||||||
|
extraHosts = ["git.nelim.org:10.0.0.130"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,76 +8,87 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/freshrss";
|
rwPath = rwDataDir + "/freshrss";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."freshrss".services = {
|
khepri.compositions."freshrss" = {
|
||||||
"freshrss" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/freshrss.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
ports = ["2800:80"];
|
services = {
|
||||||
extraHosts = [
|
"freshrss" = {
|
||||||
"drss.nelim.org=10.0.0.130"
|
image = import ./images/freshrss.nix pkgs;
|
||||||
"bridge.nelim.org=10.0.0.130"
|
restart = "always";
|
||||||
];
|
|
||||||
|
|
||||||
volumes = let
|
ports = ["2800:80"];
|
||||||
rss-bridge = pkgs.stdenv.mkDerivation {
|
extraHosts = [
|
||||||
name = "rss-bridge-ext";
|
"drss.nelim.org:10.0.0.130"
|
||||||
version = "unstable";
|
"bridge.nelim.org:10.0.0.130"
|
||||||
src = pkgs.fetchFromGitHub {
|
];
|
||||||
owner = "DevonHess";
|
networks = ["proxy_net"];
|
||||||
repo = "FreshRSS-Extensions";
|
|
||||||
rev = "299c1febc279be77fa217ff5c2965a620903b974";
|
volumes = let
|
||||||
hash = "sha256-++kgbrGJohKeOeLjcy7YV3QdCf9GyZDtbntlFmmIC5k=";
|
rss-bridge = pkgs.stdenv.mkDerivation {
|
||||||
|
name = "rss-bridge-ext";
|
||||||
|
version = "unstable";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "DevonHess";
|
||||||
|
repo = "FreshRSS-Extensions";
|
||||||
|
rev = "299c1febc279be77fa217ff5c2965a620903b974";
|
||||||
|
hash = "sha256-++kgbrGJohKeOeLjcy7YV3QdCf9GyZDtbntlFmmIC5k=";
|
||||||
|
};
|
||||||
|
installPhase = ''
|
||||||
|
mkdir $out
|
||||||
|
cp -ar ./xExtension-RssBridge $out/
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
installPhase = ''
|
in [
|
||||||
mkdir $out
|
"${rwPath}/data:/var/www/FreshRSS/data"
|
||||||
cp -ar ./xExtension-RssBridge $out/
|
"${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro"
|
||||||
'';
|
];
|
||||||
|
|
||||||
|
environmentFiles = [secrets.freshrss.path];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
TZ = "America/New_York";
|
||||||
|
CRON_MIN = "3,33";
|
||||||
};
|
};
|
||||||
in [
|
|
||||||
"${rwPath}/data:/var/www/FreshRSS/data"
|
|
||||||
"${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro"
|
|
||||||
];
|
|
||||||
|
|
||||||
environmentFiles = [secrets.freshrss.path];
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
TZ = "America/New_York";
|
|
||||||
CRON_MIN = "3,33";
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
"freshrss-db" = {
|
"freshrss-db" = {
|
||||||
image = import ./images/postgres.nix pkgs;
|
image = import ./images/postgres.nix pkgs;
|
||||||
restart = "always";
|
restart = "always";
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"${rwPath}/db:/var/lib/postgresql/data"
|
"${rwPath}/db:/var/lib/postgresql/data"
|
||||||
];
|
];
|
||||||
|
|
||||||
environmentFiles = [secrets.freshrss.path];
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
environment = {
|
environmentFiles = [secrets.freshrss.path];
|
||||||
POSTGRES_DB = "\${DB_BASE:-freshrss}";
|
|
||||||
POSTGRES_USER = "\${DB_USER:-freshrss}";
|
environment = {
|
||||||
POSTGRES_PASSWORD = "\${DB_PASSWORD:-freshrss}";
|
POSTGRES_DB = "\${DB_BASE:-freshrss}";
|
||||||
|
POSTGRES_USER = "\${DB_USER:-freshrss}";
|
||||||
|
POSTGRES_PASSWORD = "\${DB_PASSWORD:-freshrss}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
"docker-hub-rss" = {
|
"docker-hub-rss" = {
|
||||||
image = import ./images/docker-hub-rss.nix pkgs;
|
image = import ./images/docker-hub-rss.nix pkgs;
|
||||||
restart = "always";
|
restart = "always";
|
||||||
ports = ["3007:3000"];
|
ports = ["3007:3000"];
|
||||||
};
|
|
||||||
|
|
||||||
"rss-bridge" = {
|
networks = ["proxy_net"];
|
||||||
image = import ./images/rss-bridge.nix pkgs;
|
};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
volumes = [
|
"rss-bridge" = {
|
||||||
"${rwPath}/bridge:/config"
|
image = import ./images/rss-bridge.nix pkgs;
|
||||||
];
|
restart = "always";
|
||||||
ports = ["3006:80"];
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/bridge:/config"
|
||||||
|
];
|
||||||
|
ports = ["3006:80"];
|
||||||
|
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,19 +5,24 @@
|
||||||
}: let
|
}: let
|
||||||
inherit (config.sops) secrets;
|
inherit (config.sops) secrets;
|
||||||
in {
|
in {
|
||||||
khepri.compositions."gameyfin".services."gameyfin" = {
|
khepri.compositions."gameyfin" = {
|
||||||
image = import ./images/gameyfin.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
user = "1000:1000";
|
|
||||||
|
|
||||||
environmentFiles = [secrets.gameyfin.path];
|
services."gameyfin" = {
|
||||||
environment.GAMEYFIN_USER = "mathis";
|
image = import ./images/gameyfin.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
user = "1000:1000";
|
||||||
|
|
||||||
volumes = [
|
environmentFiles = [secrets.gameyfin.path];
|
||||||
"/data/games:/opt/gameyfin-library"
|
environment.GAMEYFIN_USER = "mathis";
|
||||||
];
|
|
||||||
|
|
||||||
expose = ["8080"];
|
volumes = [
|
||||||
ports = ["8074:8080"];
|
"/data/games:/opt/gameyfin-library"
|
||||||
|
];
|
||||||
|
|
||||||
|
expose = ["8080"];
|
||||||
|
ports = ["8074:8080"];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,14 @@
|
||||||
{pkgs, ...}: {
|
{pkgs, ...}: {
|
||||||
khepri.compositions."hauk".services."hauk" = {
|
khepri.compositions."hauk" = {
|
||||||
image = import ./images/hauk.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
ports = ["3003:80"];
|
|
||||||
|
|
||||||
volumes = ["${./config.php}:/etc/hauk/config.php:ro"];
|
services."hauk" = {
|
||||||
|
image = import ./images/hauk.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
ports = ["3003:80"];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
|
volumes = ["${./config.php}:/etc/hauk/config.php:ro"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,57 +6,63 @@
|
||||||
inherit (config.sops) secrets;
|
inherit (config.sops) secrets;
|
||||||
inherit (pkgs.writers) writeYAML;
|
inherit (pkgs.writers) writeYAML;
|
||||||
in {
|
in {
|
||||||
khepri.compositions."homepage".services."homepage" = {
|
khepri.compositions."homepage" = {
|
||||||
image = import ./images/homepage.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
ports = [
|
services."homepage" = {
|
||||||
"3020:3000"
|
image = import ./images/homepage.nix pkgs;
|
||||||
];
|
restart = "always";
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
ports = [
|
||||||
|
"3020:3000"
|
||||||
environmentFiles = [secrets.homepage.path];
|
|
||||||
|
|
||||||
volumes = let
|
|
||||||
services = writeYAML "services.yaml" (import ./services.nix);
|
|
||||||
|
|
||||||
bookmarks = writeYAML "bookmarks.yaml" {};
|
|
||||||
|
|
||||||
settings = writeYAML "settings.yaml" {
|
|
||||||
# FIXME: title not working
|
|
||||||
title = "bruh";
|
|
||||||
theme = "dark";
|
|
||||||
color = "gray";
|
|
||||||
target = "_self";
|
|
||||||
|
|
||||||
layout.video = {
|
|
||||||
style = "columns";
|
|
||||||
row = 4;
|
|
||||||
# columns = 2;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
widgets = writeYAML "widgets.yaml" [
|
|
||||||
{
|
|
||||||
resources = {
|
|
||||||
cpu = true;
|
|
||||||
memory = true;
|
|
||||||
disk = "/";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
search = {
|
|
||||||
provider = "duckduckgo";
|
|
||||||
target = "_blank";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
in [
|
|
||||||
"${bookmarks}:/app/config/bookmarks.yaml:ro"
|
networks = ["proxy_net"];
|
||||||
"${services}:/app/config/services.yaml:ro"
|
|
||||||
"${settings}:/app/config/settings.yaml:ro"
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
"${widgets}:/app/config/widgets.yaml:ro"
|
|
||||||
];
|
environmentFiles = [secrets.homepage.path];
|
||||||
|
|
||||||
|
volumes = let
|
||||||
|
services = writeYAML "services.yaml" (import ./services.nix);
|
||||||
|
|
||||||
|
bookmarks = writeYAML "bookmarks.yaml" {};
|
||||||
|
|
||||||
|
settings = writeYAML "settings.yaml" {
|
||||||
|
# FIXME: title not working
|
||||||
|
title = "bruh";
|
||||||
|
theme = "dark";
|
||||||
|
color = "gray";
|
||||||
|
target = "_self";
|
||||||
|
|
||||||
|
layout.video = {
|
||||||
|
style = "columns";
|
||||||
|
row = 4;
|
||||||
|
# columns = 2;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
widgets = writeYAML "widgets.yaml" [
|
||||||
|
{
|
||||||
|
resources = {
|
||||||
|
cpu = true;
|
||||||
|
memory = true;
|
||||||
|
disk = "/";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
search = {
|
||||||
|
provider = "duckduckgo";
|
||||||
|
target = "_blank";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
in [
|
||||||
|
"${bookmarks}:/app/config/bookmarks.yaml:ro"
|
||||||
|
"${services}:/app/config/services.yaml:ro"
|
||||||
|
"${settings}:/app/config/settings.yaml:ro"
|
||||||
|
"${widgets}:/app/config/widgets.yaml:ro"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,66 +10,74 @@
|
||||||
|
|
||||||
UPLOAD_LOCATION = "${rwPath}/data";
|
UPLOAD_LOCATION = "${rwPath}/data";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."immich".services = {
|
khepri.compositions."immich" = {
|
||||||
"immich_server" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/server.nix pkgs;
|
|
||||||
environmentFiles = [
|
|
||||||
"${./env}"
|
|
||||||
secrets.immich.path
|
|
||||||
];
|
|
||||||
|
|
||||||
volumes = [
|
services = {
|
||||||
"${UPLOAD_LOCATION}:/usr/src/app/upload:rw"
|
"immich_server" = {
|
||||||
];
|
image = import ./images/server.nix pkgs;
|
||||||
ports = [
|
environmentFiles = [
|
||||||
"2283:3001"
|
"${./env}"
|
||||||
];
|
secrets.immich.path
|
||||||
|
];
|
||||||
|
|
||||||
dependsOn = ["immich_redis" "immich_postgres"];
|
volumes = [
|
||||||
restart = "always";
|
"${UPLOAD_LOCATION}:/usr/src/app/upload:rw"
|
||||||
|
];
|
||||||
|
ports = [
|
||||||
|
"2283:3001"
|
||||||
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
environment.NODE_ENV = "production";
|
dependsOn = ["immich_redis" "immich_postgres"];
|
||||||
};
|
restart = "always";
|
||||||
|
|
||||||
"immich_machine_learning" = {
|
environment.NODE_ENV = "production";
|
||||||
image = import ./images/machine-learning.nix pkgs;
|
};
|
||||||
restart = "always";
|
|
||||||
environmentFiles = [
|
|
||||||
"${./env}"
|
|
||||||
secrets.immich.path
|
|
||||||
];
|
|
||||||
|
|
||||||
volumes = [
|
"immich_machine_learning" = {
|
||||||
"${rwPath}/cache:/cache"
|
image = import ./images/machine-learning.nix pkgs;
|
||||||
];
|
restart = "always";
|
||||||
};
|
environmentFiles = [
|
||||||
|
"${./env}"
|
||||||
|
secrets.immich.path
|
||||||
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
"immich_redis" = {
|
volumes = [
|
||||||
image = import ./images/redis.nix pkgs;
|
"${rwPath}/cache:/cache"
|
||||||
restart = "always";
|
];
|
||||||
tmpfs = ["/data"];
|
};
|
||||||
environmentFiles = [
|
|
||||||
"${./env}"
|
|
||||||
secrets.immich.path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"immich_postgres" = {
|
"immich_redis" = {
|
||||||
image = import ./images/postgres.nix pkgs;
|
image = import ./images/redis.nix pkgs;
|
||||||
restart = "always";
|
restart = "always";
|
||||||
environmentFiles = [
|
tmpfs = ["/data"];
|
||||||
"${./env}"
|
environmentFiles = [
|
||||||
secrets.immich.path
|
"${./env}"
|
||||||
];
|
secrets.immich.path
|
||||||
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
|
|
||||||
volumes = [
|
"immich_postgres" = {
|
||||||
"${rwPath}/db:/var/lib/postgresql/data"
|
image = import ./images/postgres.nix pkgs;
|
||||||
];
|
restart = "always";
|
||||||
|
environmentFiles = [
|
||||||
|
"${./env}"
|
||||||
|
secrets.immich.path
|
||||||
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
environment = {
|
volumes = [
|
||||||
POSTGRES_PASSWORD = "\${DB_PASSWORD}";
|
"${rwPath}/db:/var/lib/postgresql/data"
|
||||||
POSTGRES_USER = "\${DB_USERNAME}";
|
];
|
||||||
POSTGRES_DB = "\${DB_DATABASE_NAME}";
|
|
||||||
|
environment = {
|
||||||
|
POSTGRES_PASSWORD = "\${DB_PASSWORD}";
|
||||||
|
POSTGRES_USER = "\${DB_USERNAME}";
|
||||||
|
POSTGRES_DB = "\${DB_DATABASE_NAME}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -7,26 +7,31 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/bazarr";
|
rwPath = rwDataDir + "/media/bazarr";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."bazarr".services."bazarr" = {
|
khepri.compositions."bazarr" = {
|
||||||
image = import ./images/bazarr.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
environment = {
|
services."bazarr" = {
|
||||||
PUID = "1000";
|
image = import ./images/bazarr.nix pkgs;
|
||||||
PGID = "1000";
|
restart = "always";
|
||||||
TZ = "America/New_York";
|
|
||||||
|
environment = {
|
||||||
|
PUID = "1000";
|
||||||
|
PGID = "1000";
|
||||||
|
TZ = "America/New_York";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
|
ports = [
|
||||||
|
"6767:6767"
|
||||||
|
];
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/data:/config"
|
||||||
|
"/data:/data"
|
||||||
|
];
|
||||||
|
|
||||||
|
cpus = 2;
|
||||||
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
|
||||||
ports = [
|
|
||||||
"6767:6767"
|
|
||||||
];
|
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/data:/config"
|
|
||||||
"/data:/data"
|
|
||||||
];
|
|
||||||
|
|
||||||
cpus = 2;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,50 +7,56 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/calibre";
|
rwPath = rwDataDir + "/media/calibre";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."calibre".services = {
|
khepri.compositions."calibre" = {
|
||||||
"calibre" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/calibre.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
environment = {
|
services = {
|
||||||
PUID = "1000";
|
"calibre" = {
|
||||||
PGID = "1000";
|
image = import ./images/calibre.nix pkgs;
|
||||||
TZ = "America/New_York";
|
restart = "always";
|
||||||
|
|
||||||
# WebUI vars
|
environment = {
|
||||||
SUBFOLDER = "/calibre/";
|
PUID = "1000";
|
||||||
TITLE = "CalibreDB";
|
PGID = "1000";
|
||||||
NO_DECOR = "true";
|
TZ = "America/New_York";
|
||||||
|
|
||||||
|
# WebUI vars
|
||||||
|
SUBFOLDER = "/calibre/";
|
||||||
|
TITLE = "CalibreDB";
|
||||||
|
NO_DECOR = "true";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = ["${rwPath}/data-db:/config"];
|
||||||
|
|
||||||
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
|
ports = [
|
||||||
|
"8580:8080"
|
||||||
|
#"8081:8081"
|
||||||
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
#network_mode = "host";
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = ["${rwPath}/data-db:/config"];
|
"calibre-web" = {
|
||||||
|
image = import ./images/calibre-web.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
environment = {
|
||||||
ports = [
|
PUID = "1000";
|
||||||
"8580:8080"
|
PGID = "1000";
|
||||||
#"8081:8081"
|
TZ = "America/New_York";
|
||||||
];
|
DOCKER_MODS = "linuxserver/mods:universal-calibre";
|
||||||
#network_mode = "host";
|
};
|
||||||
};
|
|
||||||
|
|
||||||
"calibre-web" = {
|
volumes = [
|
||||||
image = import ./images/calibre-web.nix pkgs;
|
"${rwPath}/data-web:/config"
|
||||||
restart = "always";
|
"${rwPath}/data-db/Calibre Library:/books"
|
||||||
|
];
|
||||||
|
|
||||||
environment = {
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
PUID = "1000";
|
ports = ["8083:8083"];
|
||||||
PGID = "1000";
|
networks = ["proxy_net"];
|
||||||
TZ = "America/New_York";
|
|
||||||
DOCKER_MODS = "linuxserver/mods:universal-calibre";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/data-web:/config"
|
|
||||||
"${rwPath}/data-db/Calibre Library:/books"
|
|
||||||
];
|
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
|
||||||
ports = ["8083:8083"];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,20 +7,25 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/joal";
|
rwPath = rwDataDir + "/media/joal";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."joal".services."joal" = {
|
khepri.compositions."joal" = {
|
||||||
image = import ./images/joal.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
volumes = ["${rwPath}/data:/data"];
|
services."joal" = {
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
image = import ./images/joal.nix pkgs;
|
||||||
ports = ["5656:5656"];
|
restart = "always";
|
||||||
|
|
||||||
cmd = [
|
volumes = ["${rwPath}/data:/data"];
|
||||||
"--joal-conf=/data"
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
"--spring.main.web-environment=true"
|
ports = ["5656:5656"];
|
||||||
"--server.port=5656"
|
|
||||||
"--joal.ui.path.prefix=joal"
|
cmd = [
|
||||||
"--joal.ui.secret-token=12345"
|
"--joal-conf=/data"
|
||||||
];
|
"--spring.main.web-environment=true"
|
||||||
|
"--server.port=5656"
|
||||||
|
"--joal.ui.path.prefix=joal"
|
||||||
|
"--joal.ui.secret-token=12345"
|
||||||
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,37 +7,43 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/prowlarr";
|
rwPath = rwDataDir + "/media/prowlarr";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."prowlarr".services = {
|
khepri.compositions."prowlarr" = {
|
||||||
"prowlarr" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/prowlarr.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
environment = {
|
services = {
|
||||||
PUID = "1000";
|
"prowlarr" = {
|
||||||
PGID = "1000";
|
image = import ./images/prowlarr.nix pkgs;
|
||||||
TZ = "America/New_York";
|
restart = "always";
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
PUID = "1000";
|
||||||
|
PGID = "1000";
|
||||||
|
TZ = "America/New_York";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = ["${rwPath}/data:/config"];
|
||||||
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
|
ports = ["9696:9696"];
|
||||||
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = ["${rwPath}/data:/config"];
|
"flaresolverr" = {
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
image = import ./images/flaresolverr.nix pkgs;
|
||||||
ports = ["9696:9696"];
|
restart = "always";
|
||||||
};
|
|
||||||
|
|
||||||
"flaresolverr" = {
|
environment = {
|
||||||
image = import ./images/flaresolverr.nix pkgs;
|
LOG_LEVEL = "info";
|
||||||
restart = "always";
|
LOG_HTML = "false";
|
||||||
|
CAPTCHA_SOLVER = "none";
|
||||||
|
TZ = "America/New_York";
|
||||||
|
};
|
||||||
|
|
||||||
environment = {
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
LOG_LEVEL = "info";
|
ports = ["8191:8191"];
|
||||||
LOG_HTML = "false";
|
|
||||||
CAPTCHA_SOLVER = "none";
|
dependsOn = ["prowlarr"];
|
||||||
TZ = "America/New_York";
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
|
||||||
ports = ["8191:8191"];
|
|
||||||
|
|
||||||
dependsOn = ["prowlarr"];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,24 +7,29 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/radarr";
|
rwPath = rwDataDir + "/media/radarr";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."radarr".services."radarr" = {
|
khepri.compositions."radarr" = {
|
||||||
image = import ./images/radarr.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
services."radarr" = {
|
||||||
ports = ["7878:7878"];
|
image = import ./images/radarr.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
|
||||||
environment = {
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
PUID = "1000";
|
ports = ["7878:7878"];
|
||||||
PGID = "1000";
|
|
||||||
TZ = "America/New_York";
|
environment = {
|
||||||
|
PUID = "1000";
|
||||||
|
PGID = "1000";
|
||||||
|
TZ = "America/New_York";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/data:/config"
|
||||||
|
"/data:/data"
|
||||||
|
];
|
||||||
|
|
||||||
|
cpus = 0.5;
|
||||||
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/data:/config"
|
|
||||||
"/data:/data"
|
|
||||||
];
|
|
||||||
|
|
||||||
cpus = 0.5;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,24 +7,29 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/sabnzbd";
|
rwPath = rwDataDir + "/media/sabnzbd";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."sabnzbd".services."sabnzbd" = {
|
khepri.compositions."sabnzbd" = {
|
||||||
image = import ./images/sabnzbd.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
services."sabnzbd" = {
|
||||||
ports = ["8382:8082"];
|
image = import ./images/sabnzbd.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
|
||||||
environment = {
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
PUID = "1000";
|
ports = ["8382:8082"];
|
||||||
PGID = "1000";
|
|
||||||
TZ = "America/New_York";
|
environment = {
|
||||||
|
PUID = "1000";
|
||||||
|
PGID = "1000";
|
||||||
|
TZ = "America/New_York";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/data:/config"
|
||||||
|
"/data:/data"
|
||||||
|
];
|
||||||
|
|
||||||
|
cpus = 2;
|
||||||
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/data:/config"
|
|
||||||
"/data:/data"
|
|
||||||
];
|
|
||||||
|
|
||||||
cpus = 2;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,20 +7,25 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/seerr";
|
rwPath = rwDataDir + "/media/seerr";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."seerr".services."seerr" = {
|
khepri.compositions."seerr" = {
|
||||||
image = import ./images/jellyseerr.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
environment = {
|
services."seerr" = {
|
||||||
LOG_LEVEL = "debug";
|
image = import ./images/jellyseerr.nix pkgs;
|
||||||
TZ = "America/New_York";
|
restart = "always";
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
LOG_LEVEL = "debug";
|
||||||
|
TZ = "America/New_York";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/data:/app/config"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
ports = ["5055:5055"];
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/data:/app/config"
|
|
||||||
];
|
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
|
||||||
ports = ["5055:5055"];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,24 +7,29 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/media/sonarr";
|
rwPath = rwDataDir + "/media/sonarr";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."sonarr".services."sonarr" = {
|
khepri.compositions."sonarr" = {
|
||||||
image = import ./images/sonarr.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
extraHosts = ["lan.nelim.org=10.0.0.130"];
|
services."sonarr" = {
|
||||||
ports = ["8989:8989"];
|
image = import ./images/sonarr.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
|
||||||
environment = {
|
extraHosts = ["lan.nelim.org:10.0.0.130"];
|
||||||
PUID = "1000";
|
ports = ["8989:8989"];
|
||||||
PGID = "1000";
|
|
||||||
TZ = "America/New_York";
|
environment = {
|
||||||
|
PUID = "1000";
|
||||||
|
PGID = "1000";
|
||||||
|
TZ = "America/New_York";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/data:/config"
|
||||||
|
"/data:/data"
|
||||||
|
];
|
||||||
|
|
||||||
|
cpus = 0.5;
|
||||||
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/data:/config"
|
|
||||||
"/data:/data"
|
|
||||||
];
|
|
||||||
|
|
||||||
cpus = 0.5;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,27 +7,33 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/music/jbots";
|
rwPath = rwDataDir + "/music/jbots";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."jbots".services = {
|
khepri.compositions."jbots" = {
|
||||||
"musicbot_be" = {
|
networks.proxy_net = {external = true;};
|
||||||
containerName = "be";
|
|
||||||
image = import ./images/jmusicbot.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
volumes = [
|
services = {
|
||||||
"${rwPath}/be/config.txt:/jmb/config/config.txt:ro"
|
"musicbot_be" = {
|
||||||
"${rwPath}/be/playlists:/jmb/config/playlists:rw"
|
containerName = "be";
|
||||||
];
|
image = import ./images/jmusicbot.nix pkgs;
|
||||||
};
|
restart = "always";
|
||||||
|
|
||||||
"musicbot_br" = {
|
volumes = [
|
||||||
containerName = "br";
|
"${rwPath}/be/config.txt:/jmb/config/config.txt:ro"
|
||||||
image = import ./images/jmusicbot.nix pkgs;
|
"${rwPath}/be/playlists:/jmb/config/playlists:rw"
|
||||||
restart = "always";
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
|
|
||||||
volumes = [
|
"musicbot_br" = {
|
||||||
"${rwPath}/br/config.txt:/jmb/config/config.txt:ro"
|
containerName = "br";
|
||||||
"${rwPath}/br/playlists:/jmb/config/playlists:rw"
|
image = import ./images/jmusicbot.nix pkgs;
|
||||||
];
|
restart = "always";
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/br/config.txt:/jmb/config/config.txt:ro"
|
||||||
|
"${rwPath}/br/playlists:/jmb/config/playlists:rw"
|
||||||
|
];
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,112 +1,140 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
lib,
|
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
inherit (lib) concatStrings;
|
|
||||||
|
|
||||||
inherit (config.sops) secrets;
|
inherit (config.sops) secrets;
|
||||||
inherit (config.khepri) rwDataDir;
|
inherit (config.khepri) rwDataDir;
|
||||||
|
|
||||||
mainContainerName = "app-server";
|
mainContainerName = "app-server";
|
||||||
rwPath = rwDataDir + "/nextcloud";
|
rwPath = rwDataDir + "/nextcloud";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."nextcloud".services = {
|
khepri.compositions."nextcloud" = {
|
||||||
"${mainContainerName}" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/nextcloud.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
expose = [
|
services = {
|
||||||
"80"
|
"${mainContainerName}" = {
|
||||||
"9000"
|
image = import ./images/nextcloud.nix pkgs;
|
||||||
];
|
restart = "always";
|
||||||
|
|
||||||
volumes = [
|
expose = [
|
||||||
"${rwPath}/data:/var/www/html"
|
"80"
|
||||||
"/data/docs:/var/www/drive"
|
"9000"
|
||||||
];
|
];
|
||||||
|
|
||||||
environmentFiles = [secrets.nextcloud.path];
|
networks = ["proxy_net"];
|
||||||
|
|
||||||
environment = {
|
volumes = [
|
||||||
POSTGRES_DB = "nextcloud";
|
"${rwPath}/data:/var/www/html"
|
||||||
POSTGRES_HOST = "nextcloud-db";
|
"/data/docs:/var/www/drive"
|
||||||
REDIS_HOST = "nextcloud-cache";
|
];
|
||||||
REDIS_HOST_PASSWORD = "password";
|
|
||||||
NEXTCLOUD_INIT_HTACCESS = "true";
|
environmentFiles = [secrets.nextcloud.path];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
POSTGRES_DB = "nextcloud";
|
||||||
|
POSTGRES_HOST = "nextcloud-db";
|
||||||
|
REDIS_HOST = "nextcloud-cache";
|
||||||
|
NEXTCLOUD_INIT_HTACCESS = "true";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
"onlyoffice-document-server" = {
|
"onlyoffice-document-server" = let
|
||||||
image = import ./images/onlyoffice.nix pkgs;
|
filePath = "/var/www/onlyoffice/documentserver/web-apps/apps/*/mobile/dist/js/app.js";
|
||||||
restart = "always";
|
func = "isSupportEditFeature=function()";
|
||||||
|
|
||||||
environment.JWT_ENABLED = "false";
|
entrypoint =
|
||||||
|
pkgs.writeScript "entrypoint"
|
||||||
ports = ["8055:80"];
|
# bash
|
||||||
expose = [
|
''
|
||||||
"80"
|
#!/bin/sh
|
||||||
"443"
|
|
||||||
];
|
|
||||||
|
|
||||||
volumes = ["${rwPath}/data-onlyoffice:/var/log/onlyoffice"];
|
|
||||||
tmpfs = [
|
|
||||||
"/var/www/onlyoffice/Data"
|
|
||||||
"/var/lib/postgresql"
|
|
||||||
"/usr/share/fonts/truetype/custom"
|
|
||||||
"/var/lib/rabbitmq"
|
|
||||||
"/var/lib/redis"
|
|
||||||
"/var/lib/onlyoffice"
|
|
||||||
];
|
|
||||||
|
|
||||||
entrypoint = ''bash -c "${let
|
|
||||||
filePath = "/var/www/onlyoffice/documentserver/web-apps/apps/*/mobile/dist/js/app.js";
|
|
||||||
func = "isSupportEditFeature=function()";
|
|
||||||
in
|
|
||||||
concatStrings [
|
|
||||||
# Fix proxies
|
# Fix proxies
|
||||||
''sed -i 's/"allowPrivateIPAddress": false,/"allowPrivateIPAddress": true,/' /etc/onlyoffice/documentserver/default.json''
|
sed -i 's/"allowPrivateIPAddress": false,/"allowPrivateIPAddress": true,/' /etc/onlyoffice/documentserver/default.json
|
||||||
''sed -i 's/"allowMetaIPAddress": false/"allowMetaIPAddress": true/' /etc/onlyoffice/documentserver/default.json''
|
sed -i 's/"allowMetaIPAddress": false/"allowMetaIPAddress": true/' /etc/onlyoffice/documentserver/default.json
|
||||||
|
|
||||||
# Fix mobile editing
|
# Fix mobile editing
|
||||||
"sed -i 's/${func}{return!1}/${func}{return 1}/g' ${filePath};"
|
sed -i 's/${func}{return!1}/${func}{return 1}/g' ${filePath}
|
||||||
"/app/ds/run-document-server.sh;"
|
apt update
|
||||||
"apt update;"
|
apt install imagemagick -y
|
||||||
"apt install imagemagick -y;"
|
|
||||||
]}"'';
|
|
||||||
};
|
|
||||||
|
|
||||||
"nginx-server" = {
|
exec /app/ds/run-document-server.sh
|
||||||
image = import ./images/nginx.nix pkgs;
|
'';
|
||||||
restart = "always";
|
in {
|
||||||
ports = ["8042:80"];
|
image = import ./images/onlyoffice.nix pkgs;
|
||||||
volumes = [
|
restart = "always";
|
||||||
"${./nginx.conf}:/etc/nginx/nginx.conf"
|
|
||||||
"${rwPath}/data:/var/www/html"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"nextcloud-db" = {
|
environment.JWT_ENABLED = "false";
|
||||||
image = import ./images/postgres.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
environmentFiles = [secrets.nextcloud.path];
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/database:/var/lib/postgresql/data"
|
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"nextcloud-cache" = {
|
ports = ["8055:80"];
|
||||||
image = import ./images/redis.nix pkgs;
|
expose = [
|
||||||
restart = "always";
|
"80"
|
||||||
#mem_limit = "2048m";
|
"443"
|
||||||
#mem_reservation = "512m";
|
];
|
||||||
environmentFiles = [secrets.nextcloud.path];
|
|
||||||
cmd = [''/bin/sh -c "redis-server --requirepass $$REDIS_HOST_PASSWORD"''];
|
networks = ["proxy_net"];
|
||||||
tmpfs = [
|
|
||||||
"/data"
|
entrypoint = "/entrypoint.sh";
|
||||||
];
|
|
||||||
|
volumes = [
|
||||||
|
"${entrypoint}:/entrypoint.sh"
|
||||||
|
"${rwPath}/data-onlyoffice:/var/log/onlyoffice"
|
||||||
|
];
|
||||||
|
tmpfs = [
|
||||||
|
"/var/www/onlyoffice/Data"
|
||||||
|
"/var/lib/postgresql"
|
||||||
|
"/usr/share/fonts/truetype/custom"
|
||||||
|
"/var/lib/rabbitmq"
|
||||||
|
"/var/lib/redis"
|
||||||
|
"/var/lib/onlyoffice"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"nginx-server" = {
|
||||||
|
image = import ./images/nginx.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
ports = ["8042:80"];
|
||||||
|
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
volumes = [
|
||||||
|
"${./nginx.conf}:/etc/nginx/nginx.conf"
|
||||||
|
"${rwPath}/data:/var/www/html"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"nextcloud-db" = {
|
||||||
|
image = import ./images/postgres.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
environmentFiles = [secrets.nextcloud.path];
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/database:/var/lib/postgresql/data"
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
];
|
||||||
|
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
|
|
||||||
|
"nextcloud-cache" = let
|
||||||
|
entrypoint =
|
||||||
|
pkgs.writeScript "entrypoint"
|
||||||
|
# bash
|
||||||
|
''
|
||||||
|
#!/bin/sh
|
||||||
|
exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
image = import ./images/redis.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
#mem_limit = "2048m";
|
||||||
|
#mem_reservation = "512m";
|
||||||
|
environmentFiles = [secrets.nextcloud.path];
|
||||||
|
|
||||||
|
entrypoint = "/entrypoint.sh";
|
||||||
|
|
||||||
|
volumes = ["${entrypoint}:/entrypoint.sh"];
|
||||||
|
tmpfs = ["/data"];
|
||||||
|
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -8,47 +8,54 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/resume";
|
rwPath = rwDataDir + "/resume";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."resume".services = {
|
khepri.compositions."resume" = {
|
||||||
"postgres" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/postgres.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
ports = ["5432:5432"];
|
services = {
|
||||||
|
"postgres" = {
|
||||||
|
image = import ./images/postgres.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
|
||||||
volumes = [
|
ports = ["5432:5432"];
|
||||||
"${rwPath}/db:/var/lib/postgresql/data"
|
|
||||||
];
|
|
||||||
|
|
||||||
environmentFiles = [secrets.resume.path];
|
volumes = [
|
||||||
};
|
"${rwPath}/db:/var/lib/postgresql/data"
|
||||||
|
];
|
||||||
|
|
||||||
"server" = {
|
environmentFiles = [secrets.resume.path];
|
||||||
image = import ./images/resume-server.nix pkgs;
|
networks = ["proxy_net"];
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
ports = ["3100:3100"];
|
|
||||||
|
|
||||||
dependsOn = ["postgres"];
|
|
||||||
|
|
||||||
environmentFiles = [secrets.resume.path];
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
PUBLIC_URL = "https://resume.nelim.org";
|
|
||||||
PUBLIC_SERVER_URL = "https://resauth.nelim.org";
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
"client" = {
|
"server" = {
|
||||||
image = import ./images/resume-client.nix pkgs;
|
image = import ./images/resume-server.nix pkgs;
|
||||||
restart = "always";
|
restart = "always";
|
||||||
|
|
||||||
ports = ["3060:3000"];
|
ports = ["3100:3100"];
|
||||||
|
|
||||||
dependsOn = ["server"];
|
dependsOn = ["postgres"];
|
||||||
|
|
||||||
environment = {
|
environmentFiles = [secrets.resume.path];
|
||||||
PUBLIC_URL = "https://resume.nelim.org";
|
|
||||||
PUBLIC_SERVER_URL = "https://resauth.nelim.org";
|
environment = {
|
||||||
|
PUBLIC_URL = "https://resume.nelim.org";
|
||||||
|
PUBLIC_SERVER_URL = "https://resauth.nelim.org";
|
||||||
|
};
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
|
|
||||||
|
"client" = {
|
||||||
|
image = import ./images/resume-client.nix pkgs;
|
||||||
|
restart = "always";
|
||||||
|
|
||||||
|
ports = ["3060:3000"];
|
||||||
|
|
||||||
|
dependsOn = ["server"];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
PUBLIC_URL = "https://resume.nelim.org";
|
||||||
|
PUBLIC_SERVER_URL = "https://resauth.nelim.org";
|
||||||
|
};
|
||||||
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -7,23 +7,29 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/vaultwarden";
|
rwPath = rwDataDir + "/vaultwarden";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."vaultwarden".services = {
|
khepri.compositions."vaultwarden" = {
|
||||||
"public-vault" = {
|
networks.proxy_net = {external = true;};
|
||||||
image = import ./images/vaultwarden.nix pkgs;
|
|
||||||
restart = "always";
|
|
||||||
|
|
||||||
ports = ["8781:80"];
|
services = {
|
||||||
volumes = ["${rwPath}/public-data:/data"];
|
"public-vault" = {
|
||||||
environment.WEBSOCKET_ENABLED = "true";
|
image = import ./images/vaultwarden.nix pkgs;
|
||||||
};
|
restart = "always";
|
||||||
|
|
||||||
"private-vault" = {
|
ports = ["8781:80"];
|
||||||
image = import ./images/vaultwarden.nix pkgs;
|
volumes = ["${rwPath}/public-data:/data"];
|
||||||
restart = "always";
|
environment.WEBSOCKET_ENABLED = "true";
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
|
|
||||||
ports = ["8780:80"];
|
"private-vault" = {
|
||||||
volumes = ["${rwPath}/private-data:/data"];
|
image = import ./images/vaultwarden.nix pkgs;
|
||||||
environment.WEBSOCKET_ENABLED = "true";
|
restart = "always";
|
||||||
|
|
||||||
|
ports = ["8780:80"];
|
||||||
|
volumes = ["${rwPath}/private-data:/data"];
|
||||||
|
environment.WEBSOCKET_ENABLED = "true";
|
||||||
|
networks = ["proxy_net"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,38 +7,44 @@
|
||||||
|
|
||||||
rwPath = rwDataDir + "/wg-easy";
|
rwPath = rwDataDir + "/wg-easy";
|
||||||
in {
|
in {
|
||||||
khepri.compositions."wg-easy".services."wg-easy" = {
|
khepri.compositions."wg-easy" = {
|
||||||
image = import ./images/wg-easy.nix pkgs;
|
networks.proxy_net = {external = true;};
|
||||||
restart = "always";
|
|
||||||
privileged = true;
|
|
||||||
|
|
||||||
capAdd = [
|
services."wg-easy" = {
|
||||||
"NET_ADMIN"
|
image = import ./images/wg-easy.nix pkgs;
|
||||||
"SYS_MODULE"
|
restart = "always";
|
||||||
];
|
privileged = true;
|
||||||
|
|
||||||
sysctls = [
|
capAdd = [
|
||||||
"net.ipv4.ip_forward=1"
|
"NET_ADMIN"
|
||||||
"net.ipv4.conf.all.src_valid_mark=1"
|
"SYS_MODULE"
|
||||||
];
|
];
|
||||||
|
|
||||||
dns = ["1.0.0.1"];
|
sysctls = [
|
||||||
|
"net.ipv4.ip_forward=1"
|
||||||
|
"net.ipv4.conf.all.src_valid_mark=1"
|
||||||
|
];
|
||||||
|
|
||||||
environment = {
|
dns = ["1.0.0.1"];
|
||||||
WG_HOST = "166.62.179.208";
|
|
||||||
WG_PORT = "51820";
|
environment = {
|
||||||
WG_DEFAULT_ADDRESS = "10.6.0.x";
|
WG_HOST = "166.62.179.208";
|
||||||
WG_DEFAULT_DNS = "1.0.0.1";
|
WG_PORT = "51820";
|
||||||
|
WG_DEFAULT_ADDRESS = "10.6.0.x";
|
||||||
|
WG_DEFAULT_DNS = "1.0.0.1";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${rwPath}/data:/etc/wireguard"
|
||||||
|
];
|
||||||
|
|
||||||
|
ports = [
|
||||||
|
"53:51820/udp"
|
||||||
|
"51822:51820/udp"
|
||||||
|
"51821:51821/tcp"
|
||||||
|
];
|
||||||
|
|
||||||
|
networks = ["proxy_net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${rwPath}/data:/etc/wireguard"
|
|
||||||
];
|
|
||||||
|
|
||||||
ports = [
|
|
||||||
"53:51820/udp"
|
|
||||||
"51822:51820/udp"
|
|
||||||
"51821:51821/tcp"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
Loading…
Reference in a new issue