feat(docker): arion -> khepri
All checks were successful
Discord / discord commits (push) Has been skipped

This commit is contained in:
matt1432 2024-07-24 15:49:31 -04:00
parent acd4ebc1e2
commit 827bf6ba8c
75 changed files with 355 additions and 399 deletions

View file

@ -22,7 +22,7 @@ in
npmDepsHash = "sha256-qpnQSJNl68LrsU8foJYxdBXpoFj7VKQahC9DFmleWTs="; npmDepsHash = "sha256-qpnQSJNl68LrsU8foJYxdBXpoFj7VKQahC9DFmleWTs=";
runtimeInputs = [ runtimeInputs = [
(callPackage ../../modules/arion/updateImage.nix {}) (callPackage ../../modules/docker/updateImage.nix {})
mozilla-addons-to-nix.packages.${system}.default mozilla-addons-to-nix.packages.${system}.default
]; ];
nativeBuildInputs = [makeWrapper]; nativeBuildInputs = [makeWrapper];

View file

@ -30,7 +30,7 @@ export const updateFlakeInputs = () => {
export const updateDocker = () => { export const updateDocker = () => {
let updates = ''; let updates = '';
const FILE = `${FLAKE}/devices/nos/modules/arion`; const FILE = `${FLAKE}/devices/nos/modules/docker`;
readdirSync(FILE, { withFileTypes: true, recursive: true }).forEach((path) => { readdirSync(FILE, { withFileTypes: true, recursive: true }).forEach((path) => {
if (path.name === 'compose.nix') { if (path.name === 'compose.nix') {

View file

@ -16,7 +16,6 @@
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
../modules/arion
../modules/borgbackup ../modules/borgbackup
]; ];

View file

@ -1,4 +1,8 @@
{config, ...}: let {
config,
self,
...
}: let
inherit (config.vars) mainUser hostName; inherit (config.vars) mainUser hostName;
in { in {
# ------------------------------------------------ # ------------------------------------------------
@ -11,12 +15,14 @@ in {
../../modules/sshd.nix ../../modules/sshd.nix
../../modules/tailscale.nix ../../modules/tailscale.nix
./modules/arion ./modules/docker
./modules/jellyfin ./modules/jellyfin
./modules/mergerfs.nix ./modules/mergerfs.nix
./modules/qbittorrent ./modules/qbittorrent
./modules/snapraid.nix ./modules/snapraid.nix
./modules/subtitles ./modules/subtitles
self.nixosModules.docker
]; ];
# State Version: DO NOT CHANGE # State Version: DO NOT CHANGE

View file

@ -1,5 +1,5 @@
{...}: let {...}: let
configPath = "/var/lib/arion"; configPath = "/var/lib/docker";
in { in {
imports = [ imports = [
./forgejo/compose.nix ./forgejo/compose.nix
@ -24,13 +24,11 @@ in {
./media/sonarr/compose.nix ./media/sonarr/compose.nix
]; ];
arion = { khepri = {
enable = true;
rwDataDir = configPath; rwDataDir = configPath;
}; };
services.borgbackup.configs.arion = { services.borgbackup.configs.docker = {
paths = [configPath]; paths = [configPath];
exclude = ["**/lineageos*"];
}; };
} }

View file

@ -1,12 +1,16 @@
{config, ...}: let {
config,
pkgs,
...
}: let
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (config.arion) rwDataDir; inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/forgejo"; rwPath = rwDataDir + "/forgejo";
in { in {
arion.projects."forgejo" = { khepri.compositions."forgejo".services = {
"forgejo" = { "forgejo" = {
image = ./images/forgejo.nix; image = import ./images/forgejo.nix pkgs;
ports = [ ports = [
# Redirect WAN port 22 to this port # Redirect WAN port 22 to this port
@ -15,9 +19,9 @@ in {
]; ];
restart = "always"; restart = "always";
depends_on = ["forgejo-db"]; dependsOn = ["forgejo-db"];
env_file = [secrets.forgejo.path]; environmentFiles = [secrets.forgejo.path];
environment = { environment = {
APP_NAME = "Gitea"; APP_NAME = "Gitea";
@ -27,8 +31,8 @@ in {
ROOT_URL = "https://git.nelim.org"; ROOT_URL = "https://git.nelim.org";
SSH_DOMAIN = "git.nelim.org"; SSH_DOMAIN = "git.nelim.org";
SSH_PORT = 22; SSH_PORT = "22";
HTTP_PORT = 3000; HTTP_PORT = "3000";
}; };
volumes = [ volumes = [
@ -39,32 +43,31 @@ in {
}; };
"forgejo-db" = { "forgejo-db" = {
image = ./images/postgres.nix; image = import ./images/postgres.nix pkgs;
restart = "always"; restart = "always";
env_file = [secrets.forgejo-db.path]; environmentFiles = [secrets.forgejo-db.path];
volumes = ["${rwPath}/db:/var/lib/postgresql/data"]; volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
}; };
"act_runner" = { "act_runner" = {
image = ./images/act_runner.nix; image = import ./images/act_runner.nix pkgs;
privileged = true; privileged = true;
restart = "always"; restart = "always";
depends_on = ["forgejo"]; dependsOn = ["forgejo"];
env_file = [secrets.forgejo-runner.path]; environmentFiles = [secrets.forgejo-runner.path];
environment = { environment = {
GITEA_INSTANCE_URL = "https://git.nelim.org"; GITEA_INSTANCE_URL = "https://git.nelim.org";
GITEA_RUNNER_NAME = "DinD"; GITEA_RUNNER_NAME = "DinD";
}; };
volumes = ["${rwPath}/act:/data"]; volumes = ["${rwPath}/act:/data"];
extraHosts = [
dns = ["1.0.0.1"];
extra_hosts = [
"git.nelim.org=10.0.0.130" "git.nelim.org=10.0.0.130"
]; ];
}; };

View file

@ -4,17 +4,17 @@
... ...
}: let }: let
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (config.arion) rwDataDir; inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/freshrss"; rwPath = rwDataDir + "/freshrss";
in { in {
arion.projects."freshrss" = { khepri.compositions."freshrss".services = {
"freshrss" = { "freshrss" = {
image = ./images/freshrss.nix; image = import ./images/freshrss.nix pkgs;
restart = "always"; restart = "always";
ports = ["2800:80"]; ports = ["2800:80"];
extra_hosts = [ extraHosts = [
"drss.nelim.org=10.0.0.130" "drss.nelim.org=10.0.0.130"
"bridge.nelim.org=10.0.0.130" "bridge.nelim.org=10.0.0.130"
]; ];
@ -39,7 +39,7 @@ in {
"${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro" "${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro"
]; ];
env_file = [secrets.freshrss.path]; environmentFiles = [secrets.freshrss.path];
environment = { environment = {
TZ = "America/New_York"; TZ = "America/New_York";
@ -48,14 +48,14 @@ in {
}; };
"freshrss-db" = { "freshrss-db" = {
image = ./images/postgres.nix; image = import ./images/postgres.nix pkgs;
restart = "always"; restart = "always";
volumes = [ volumes = [
"${rwPath}/db:/var/lib/postgresql/data" "${rwPath}/db:/var/lib/postgresql/data"
]; ];
env_file = [secrets.freshrss.path]; environmentFiles = [secrets.freshrss.path];
environment = { environment = {
POSTGRES_DB = "\${DB_BASE:-freshrss}"; POSTGRES_DB = "\${DB_BASE:-freshrss}";
@ -65,13 +65,13 @@ in {
}; };
"docker-hub-rss" = { "docker-hub-rss" = {
image = ./images/docker-hub-rss.nix; image = import ./images/docker-hub-rss.nix pkgs;
restart = "always"; restart = "always";
ports = ["3007:3000"]; ports = ["3007:3000"];
}; };
"rss-bridge" = { "rss-bridge" = {
image = ./images/rss-bridge.nix; image = import ./images/rss-bridge.nix pkgs;
restart = "always"; restart = "always";
volumes = [ volumes = [

View file

@ -1,12 +1,16 @@
{config, ...}: let {
config,
pkgs,
...
}: let
inherit (config.sops) secrets; inherit (config.sops) secrets;
in { in {
arion.projects."gameyfin"."gameyfin" = { khepri.compositions."gameyfin".services."gameyfin" = {
image = ./images/gameyfin.nix; image = import ./images/gameyfin.nix pkgs;
restart = "always"; restart = "always";
user = "1000:1000"; user = "1000:1000";
env_file = [secrets.gameyfin.path]; environmentFiles = [secrets.gameyfin.path];
environment.GAMEYFIN_USER = "mathis"; environment.GAMEYFIN_USER = "mathis";
volumes = [ volumes = [

View file

@ -1,6 +1,6 @@
{...}: { {pkgs, ...}: {
arion.projects."hauk"."hauk" = { khepri.compositions."hauk".services."hauk" = {
image = ./images/hauk.nix; image = import ./images/hauk.nix pkgs;
restart = "always"; restart = "always";
ports = ["3003:80"]; ports = ["3003:80"];

View file

@ -6,17 +6,17 @@
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (pkgs.writers) writeYAML; inherit (pkgs.writers) writeYAML;
in { in {
arion.projects."homepage"."homepage" = { khepri.compositions."homepage".services."homepage" = {
image = ./images/homepage.nix; image = import ./images/homepage.nix pkgs;
restart = "always"; restart = "always";
ports = [ ports = [
"3020:3000" "3020:3000"
]; ];
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
env_file = [secrets.homepage.path]; environmentFiles = [secrets.homepage.path];
volumes = let volumes = let
services = writeYAML "services.yaml" (import ./services.nix); services = writeYAML "services.yaml" (import ./services.nix);

View file

@ -1,15 +1,19 @@
{config, ...}: let {
config,
pkgs,
...
}: let
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (config.arion) rwDataDir; inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/immich"; rwPath = rwDataDir + "/immich";
UPLOAD_LOCATION = "${rwPath}/data"; UPLOAD_LOCATION = "${rwPath}/data";
in { in {
arion.projects."immich" = { khepri.compositions."immich".services = {
"immich_server" = { "immich_server" = {
image = ./images/server.nix; image = import ./images/server.nix pkgs;
env_file = [ environmentFiles = [
"${./env}" "${./env}"
secrets.immich.path secrets.immich.path
]; ];
@ -21,16 +25,16 @@ in {
"2283:3001" "2283:3001"
]; ];
depends_on = ["immich_redis" "immich_postgres"]; dependsOn = ["immich_redis" "immich_postgres"];
restart = "always"; restart = "always";
environment.NODE_ENV = "production"; environment.NODE_ENV = "production";
}; };
"immich_machine_learning" = { "immich_machine_learning" = {
image = ./images/machine-learning.nix; image = import ./images/machine-learning.nix pkgs;
restart = "always"; restart = "always";
env_file = [ environmentFiles = [
"${./env}" "${./env}"
secrets.immich.path secrets.immich.path
]; ];
@ -41,19 +45,19 @@ in {
}; };
"immich_redis" = { "immich_redis" = {
image = ./images/redis.nix; image = import ./images/redis.nix pkgs;
restart = "always"; restart = "always";
tmpfs = ["/data"]; tmpfs = ["/data"];
env_file = [ environmentFiles = [
"${./env}" "${./env}"
secrets.immich.path secrets.immich.path
]; ];
}; };
"immich_postgres" = { "immich_postgres" = {
image = ./images/postgres.nix; image = import ./images/postgres.nix pkgs;
restart = "always"; restart = "always";
env_file = [ environmentFiles = [
"${./env}" "${./env}"
secrets.immich.path secrets.immich.path
]; ];

View file

@ -1,10 +1,14 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/bazarr"; rwPath = rwDataDir + "/media/bazarr";
in { in {
arion.projects."bazarr"."bazarr" = { khepri.compositions."bazarr".services."bazarr" = {
image = ./images/bazarr.nix; image = import ./images/bazarr.nix pkgs;
restart = "always"; restart = "always";
environment = { environment = {
@ -13,7 +17,7 @@ in {
TZ = "America/New_York"; TZ = "America/New_York";
}; };
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = [ ports = [
"6767:6767" "6767:6767"
]; ];
@ -23,8 +27,6 @@ in {
"/data:/data" "/data:/data"
]; ];
extraOptions = { cpus = 2;
deploy.resources.limits.cpus = "2";
};
}; };
} }

View file

@ -1,11 +1,15 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/calibre"; rwPath = rwDataDir + "/media/calibre";
in { in {
arion.projects."calibre" = { khepri.compositions."calibre".services = {
"calibre" = { "calibre" = {
image = ./images/calibre.nix; image = import ./images/calibre.nix pkgs;
restart = "always"; restart = "always";
environment = { environment = {
@ -21,7 +25,7 @@ in {
volumes = ["${rwPath}/data-db:/config"]; volumes = ["${rwPath}/data-db:/config"];
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = [ ports = [
"8580:8080" "8580:8080"
#"8081:8081" #"8081:8081"
@ -30,7 +34,7 @@ in {
}; };
"calibre-web" = { "calibre-web" = {
image = ./images/calibre-web.nix; image = import ./images/calibre-web.nix pkgs;
restart = "always"; restart = "always";
environment = { environment = {
@ -45,7 +49,7 @@ in {
"${rwPath}/data-db/Calibre Library:/books" "${rwPath}/data-db/Calibre Library:/books"
]; ];
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["8083:8083"]; ports = ["8083:8083"];
}; };
}; };

View file

@ -1,17 +1,21 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/joal"; rwPath = rwDataDir + "/media/joal";
in { in {
arion.projects."joal"."joal" = { khepri.compositions."joal".services."joal" = {
image = ./images/joal.nix; image = import ./images/joal.nix pkgs;
restart = "always"; restart = "always";
volumes = ["${rwPath}/data:/data"]; volumes = ["${rwPath}/data:/data"];
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["5656:5656"]; ports = ["5656:5656"];
command = [ cmd = [
"--joal-conf=/data" "--joal-conf=/data"
"--spring.main.web-environment=true" "--spring.main.web-environment=true"
"--server.port=5656" "--server.port=5656"

View file

@ -1,11 +1,15 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/prowlarr"; rwPath = rwDataDir + "/media/prowlarr";
in { in {
arion.projects."prowlarr" = { khepri.compositions."prowlarr".services = {
"prowlarr" = { "prowlarr" = {
image = ./images/prowlarr.nix; image = import ./images/prowlarr.nix pkgs;
restart = "always"; restart = "always";
environment = { environment = {
@ -15,12 +19,12 @@ in {
}; };
volumes = ["${rwPath}/data:/config"]; volumes = ["${rwPath}/data:/config"];
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["9696:9696"]; ports = ["9696:9696"];
}; };
"flaresolverr" = { "flaresolverr" = {
image = ./images/flaresolverr.nix; image = import ./images/flaresolverr.nix pkgs;
restart = "always"; restart = "always";
environment = { environment = {
@ -30,10 +34,10 @@ in {
TZ = "America/New_York"; TZ = "America/New_York";
}; };
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["8191:8191"]; ports = ["8191:8191"];
depends_on = ["prowlarr"]; dependsOn = ["prowlarr"];
}; };
}; };
} }

View file

@ -1,13 +1,17 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/radarr"; rwPath = rwDataDir + "/media/radarr";
in { in {
arion.projects."radarr"."radarr" = { khepri.compositions."radarr".services."radarr" = {
image = ./images/radarr.nix; image = import ./images/radarr.nix pkgs;
restart = "always"; restart = "always";
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["7878:7878"]; ports = ["7878:7878"];
environment = { environment = {
@ -21,8 +25,6 @@ in {
"/data:/data" "/data:/data"
]; ];
extraOptions = { cpus = 0.5;
deploy.resources.limits.cpus = "0.5";
};
}; };
} }

View file

@ -1,13 +1,17 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/sabnzbd"; rwPath = rwDataDir + "/media/sabnzbd";
in { in {
arion.projects."sabnzbd"."sabnzbd" = { khepri.compositions."sabnzbd".services."sabnzbd" = {
image = ./images/sabnzbd.nix; image = import ./images/sabnzbd.nix pkgs;
restart = "always"; restart = "always";
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["8382:8082"]; ports = ["8382:8082"];
environment = { environment = {
@ -21,8 +25,6 @@ in {
"/data:/data" "/data:/data"
]; ];
extraOptions = { cpus = 2;
deploy.resources.limits.cpus = "2";
};
}; };
} }

View file

@ -1,10 +1,14 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/seerr"; rwPath = rwDataDir + "/media/seerr";
in { in {
arion.projects."seerr"."seerr" = { khepri.compositions."seerr".services."seerr" = {
image = ./images/jellyseerr.nix; image = import ./images/jellyseerr.nix pkgs;
restart = "always"; restart = "always";
environment = { environment = {
@ -16,7 +20,7 @@ in {
"${rwPath}/data:/app/config" "${rwPath}/data:/app/config"
]; ];
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["5055:5055"]; ports = ["5055:5055"];
}; };
} }

View file

@ -1,13 +1,17 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/media/sonarr"; rwPath = rwDataDir + "/media/sonarr";
in { in {
arion.projects."sonarr"."sonarr" = { khepri.compositions."sonarr".services."sonarr" = {
image = ./images/sonarr.nix; image = import ./images/sonarr.nix pkgs;
restart = "always"; restart = "always";
extra_hosts = ["lan.nelim.org=10.0.0.130"]; extraHosts = ["lan.nelim.org=10.0.0.130"];
ports = ["8989:8989"]; ports = ["8989:8989"];
environment = { environment = {
@ -21,8 +25,6 @@ in {
"/data:/data" "/data:/data"
]; ];
extraOptions = { cpus = 0.5;
deploy.resources.limits.cpus = "0.5";
};
}; };
} }

View file

@ -1,12 +1,16 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/music/jbots"; rwPath = rwDataDir + "/music/jbots";
in { in {
arion.projects."jbots" = { khepri.compositions."jbots".services = {
"musicbot_be" = { "musicbot_be" = {
container_name = "benis"; containerName = "be";
image = ./images/jmusicbot.nix; image = import ./images/jmusicbot.nix pkgs;
restart = "always"; restart = "always";
volumes = [ volumes = [
@ -16,8 +20,8 @@ in {
}; };
"musicbot_br" = { "musicbot_br" = {
container_name = "bruh"; containerName = "br";
image = ./images/jmusicbot.nix; image = import ./images/jmusicbot.nix pkgs;
restart = "always"; restart = "always";
volumes = [ volumes = [

View file

@ -4,16 +4,17 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (config.sops) secrets;
inherit (config.arion) rwDataDir;
inherit (lib) concatStrings; inherit (lib) concatStrings;
inherit (config.sops) secrets;
inherit (config.khepri) rwDataDir;
mainContainerName = "app-server"; mainContainerName = "app-server";
rwPath = rwDataDir + "/nextcloud"; rwPath = rwDataDir + "/nextcloud";
in { in {
arion.projects."nextcloud" = { khepri.compositions."nextcloud".services = {
"${mainContainerName}" = { "${mainContainerName}" = {
image = ./images/nextcloud.nix; image = import ./images/nextcloud.nix pkgs;
restart = "always"; restart = "always";
expose = [ expose = [
@ -26,7 +27,7 @@ in {
"/data/docs:/var/www/drive" "/data/docs:/var/www/drive"
]; ];
env_file = [secrets.nextcloud.path]; environmentFiles = [secrets.nextcloud.path];
environment = { environment = {
POSTGRES_DB = "nextcloud"; POSTGRES_DB = "nextcloud";
@ -38,7 +39,7 @@ in {
}; };
"onlyoffice-document-server" = { "onlyoffice-document-server" = {
image = ./images/onlyoffice.nix; image = import ./images/onlyoffice.nix pkgs;
restart = "always"; restart = "always";
environment.JWT_ENABLED = "false"; environment.JWT_ENABLED = "false";
@ -77,7 +78,7 @@ in {
}; };
"nginx-server" = { "nginx-server" = {
image = ./images/nginx.nix; image = import ./images/nginx.nix pkgs;
restart = "always"; restart = "always";
ports = ["8042:80"]; ports = ["8042:80"];
volumes = [ volumes = [
@ -87,9 +88,9 @@ in {
}; };
"nextcloud-db" = { "nextcloud-db" = {
image = ./images/postgres.nix; image = import ./images/postgres.nix pkgs;
restart = "always"; restart = "always";
env_file = [secrets.nextcloud.path]; environmentFiles = [secrets.nextcloud.path];
volumes = [ volumes = [
"${rwPath}/database:/var/lib/postgresql/data" "${rwPath}/database:/var/lib/postgresql/data"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
@ -97,12 +98,12 @@ in {
}; };
"nextcloud-cache" = { "nextcloud-cache" = {
image = ./images/redis.nix; image = import ./images/redis.nix pkgs;
restart = "always"; restart = "always";
#mem_limit = "2048m"; #mem_limit = "2048m";
#mem_reservation = "512m"; #mem_reservation = "512m";
env_file = [secrets.nextcloud.path]; environmentFiles = [secrets.nextcloud.path];
command = ''/bin/sh -c "redis-server --requirepass $$REDIS_HOST_PASSWORD"''; cmd = [''/bin/sh -c "redis-server --requirepass $$REDIS_HOST_PASSWORD"''];
tmpfs = [ tmpfs = [
"/data" "/data"
]; ];
@ -119,8 +120,8 @@ in {
}; };
systemd.services.nextcloud-cron = { systemd.services.nextcloud-cron = {
description = "Nextcloud Cron"; description = "Nextcloud Cron";
requires = ["arion-nextcloud.service"]; requires = ["docker-nextcloud_app-server.service"];
after = ["arion-nextcloud.service"]; after = ["docker-nextcloud_app-server.service"];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";

View file

@ -1,12 +1,16 @@
{config, ...}: let {
config,
pkgs,
...
}: let
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (config.arion) rwDataDir; inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/resume"; rwPath = rwDataDir + "/resume";
in { in {
arion.projects."resume" = { khepri.compositions."resume".services = {
"postgres" = { "postgres" = {
image = ./images/postgres.nix; image = import ./images/postgres.nix pkgs;
restart = "always"; restart = "always";
ports = ["5432:5432"]; ports = ["5432:5432"];
@ -15,18 +19,18 @@ in {
"${rwPath}/db:/var/lib/postgresql/data" "${rwPath}/db:/var/lib/postgresql/data"
]; ];
env_file = [secrets.resume.path]; environmentFiles = [secrets.resume.path];
}; };
"server" = { "server" = {
image = ./images/resume-server.nix; image = import ./images/resume-server.nix pkgs;
restart = "always"; restart = "always";
ports = ["3100:3100"]; ports = ["3100:3100"];
depends_on = ["postgres"]; dependsOn = ["postgres"];
env_file = [secrets.resume.path]; environmentFiles = [secrets.resume.path];
environment = { environment = {
PUBLIC_URL = "https://resume.nelim.org"; PUBLIC_URL = "https://resume.nelim.org";
@ -35,12 +39,12 @@ in {
}; };
"client" = { "client" = {
image = ./images/resume-client.nix; image = import ./images/resume-client.nix pkgs;
restart = "always"; restart = "always";
ports = ["3060:3000"]; ports = ["3060:3000"];
depends_on = ["server"]; dependsOn = ["server"];
environment = { environment = {
PUBLIC_URL = "https://resume.nelim.org"; PUBLIC_URL = "https://resume.nelim.org";

View file

@ -1,11 +1,15 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/vaultwarden"; rwPath = rwDataDir + "/vaultwarden";
in { in {
arion.projects."vaultwarden" = { khepri.compositions."vaultwarden".services = {
"public-vault" = { "public-vault" = {
image = ./images/vaultwarden.nix; image = import ./images/vaultwarden.nix pkgs;
restart = "always"; restart = "always";
ports = ["8781:80"]; ports = ["8781:80"];
@ -14,7 +18,7 @@ in {
}; };
"private-vault" = { "private-vault" = {
image = ./images/vaultwarden.nix; image = import ./images/vaultwarden.nix pkgs;
restart = "always"; restart = "always";
ports = ["8780:80"]; ports = ["8780:80"];

View file

@ -1,22 +1,26 @@
{config, ...}: let {
inherit (config.arion) rwDataDir; config,
pkgs,
...
}: let
inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/wg-easy"; rwPath = rwDataDir + "/wg-easy";
in { in {
arion.projects."wg-easy"."wg-easy" = { khepri.compositions."wg-easy".services."wg-easy" = {
image = ./images/wg-easy.nix; image = import ./images/wg-easy.nix pkgs;
restart = "always"; restart = "always";
privileged = true; privileged = true;
capabilities = { capAdd = [
NET_ADMIN = true; "NET_ADMIN"
SYS_MODULE = true; "SYS_MODULE"
}; ];
sysctls = { sysctls = [
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward=1"
"net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.conf.all.src_valid_mark=1"
}; ];
dns = ["1.0.0.1"]; dns = ["1.0.0.1"];

View file

@ -1,13 +1,17 @@
{config, ...}: let {
config,
pkgs,
...
}: let
jellyService = config.systemd.services.jellyfin.serviceConfig; jellyService = config.systemd.services.jellyfin.serviceConfig;
in { in {
systemd.services."arion-jfa-go" = { systemd.services."docker-jfa-go_jfa-go" = {
after = ["jellyfin.service"]; after = ["jellyfin.service"];
partOf = ["jellyfin.service"]; partOf = ["jellyfin.service"];
}; };
arion.projects."jfa-go"."jfa-go" = { khepri.compositions."jfa-go".services."jfa-go" = {
image = ./images/jfa-go.nix; image = import ./images/jfa-go.nix pkgs;
restart = "always"; restart = "always";
ports = ["8056:8056"]; ports = ["8056:8056"];

View file

@ -1,4 +1,8 @@
{config, ...}: let {
config,
self,
...
}: let
inherit (config.vars) mainUser hostName; inherit (config.vars) mainUser hostName;
in { in {
# ------------------------------------------------ # ------------------------------------------------
@ -15,6 +19,8 @@ in {
./modules/binary-cache.nix ./modules/binary-cache.nix
./modules/minecraft.nix ./modules/minecraft.nix
./modules/nfs.nix ./modules/nfs.nix
self.nixosModules.docker
]; ];
# State Version: DO NOT CHANGE # State Version: DO NOT CHANGE
@ -63,5 +69,5 @@ in {
# ------------------------------------------------ # ------------------------------------------------
# `Self` Modules configuration # `Self` Modules configuration
# ------------------------------------------------ # ------------------------------------------------
arion.enable = true; # ...
} }

View file

@ -58,6 +58,7 @@
nixosModules = { nixosModules = {
adb = import ./modules/adb.nix; adb = import ./modules/adb.nix;
desktop = import ./modules/desktop; desktop = import ./modules/desktop;
docker = import ./modules/docker;
nvidia = import ./modules/nvidia.nix; nvidia = import ./modules/nvidia.nix;
plymouth = import ./modules/plymouth.nix; plymouth = import ./modules/plymouth.nix;
}; };

View file

@ -90,29 +90,6 @@
"type": "github" "type": "github"
} }
}, },
"arion": {
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1720147808,
"narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "arion",
"type": "github"
}
},
"astal": { "astal": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -327,48 +304,6 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"arion",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
@ -386,7 +321,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
@ -404,7 +339,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_5": { "flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_3" "nixpkgs-lib": "nixpkgs-lib_3"
}, },
@ -422,7 +357,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_6": { "flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixpkgs-wayland", "nixpkgs-wayland",
@ -531,6 +466,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_5": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakegen": { "flakegen": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@ -675,22 +628,6 @@
"type": "github" "type": "github"
} }
}, },
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "0.1.0",
"repo": "haskell-flake",
"type": "github"
}
},
"headscale": { "headscale": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@ -712,28 +649,6 @@
"type": "github" "type": "github"
} }
}, },
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1030,9 +945,30 @@
"type": "github" "type": "github"
} }
}, },
"khepri": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1721850043,
"narHash": "sha256-k81yKgWcQL5DCEGaDdqEhOF6guRRC/0pO+Ct5DvNmw0=",
"owner": "matt1432",
"repo": "khepri",
"rev": "94c47e89d4acb52d75cf57a2e4bf75ebecc2c3d4",
"type": "github"
},
"original": {
"owner": "matt1432",
"repo": "khepri",
"type": "github"
}
},
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_5",
"nixpkgs-lib": "nixpkgs-lib_4" "nixpkgs-lib": "nixpkgs-lib_4"
}, },
"locked": { "locked": {
@ -1081,7 +1017,7 @@
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": [ "nixpkgs": [
@ -1141,7 +1077,7 @@
}, },
"mozilla-addons-to-nix": { "mozilla-addons-to-nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -1231,7 +1167,7 @@
}, },
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_6", "flake-parts": "flake-parts_4",
"nix-github-actions": "nix-github-actions_2", "nix-github-actions": "nix-github-actions_2",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
@ -1252,7 +1188,7 @@
}, },
"nix-fast-build": { "nix-fast-build": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -1300,7 +1236,7 @@
}, },
"nix-gaming": { "nix-gaming": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -1431,7 +1367,7 @@
}, },
"nixd": { "nixd": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_3",
"flake-root": "flake-root", "flake-root": "flake-root",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -1834,7 +1770,6 @@
"inputs": { "inputs": {
"Hyprspace": "Hyprspace", "Hyprspace": "Hyprspace",
"ags": "ags", "ags": "ags",
"arion": "arion",
"astal": "astal", "astal": "astal",
"astal-tray": "astal-tray", "astal-tray": "astal-tray",
"bat-theme-src": "bat-theme-src", "bat-theme-src": "bat-theme-src",
@ -1857,6 +1792,7 @@
"hyprland-plugins": "hyprland-plugins", "hyprland-plugins": "hyprland-plugins",
"jellyfin-flake": "jellyfin-flake", "jellyfin-flake": "jellyfin-flake",
"jovian": "jovian", "jovian": "jovian",
"khepri": "khepri",
"libratbag-src": "libratbag-src", "libratbag-src": "libratbag-src",
"lix-module": "lix-module", "lix-module": "lix-module",
"minix": "minix", "minix": "minix",
@ -2146,6 +2082,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"trash-d-src": { "trash-d-src": {
"flake": false, "flake": false,
"locked": { "locked": {

View file

@ -13,12 +13,6 @@
repo = "ags"; repo = "ags";
type = "github"; type = "github";
}; };
arion = {
inputs.nixpkgs.follows = "nixpkgs";
owner = "hercules-ci";
repo = "arion";
type = "github";
};
astal = { astal = {
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
owner = "Aylur"; owner = "Aylur";
@ -146,6 +140,12 @@
repo = "Jovian-NixOS"; repo = "Jovian-NixOS";
type = "github"; type = "github";
}; };
khepri = {
inputs.nixpkgs.follows = "nixpkgs";
owner = "matt1432";
repo = "khepri";
type = "github";
};
libratbag-src = { libratbag-src = {
flake = false; flake = false;
owner = "libratbag"; owner = "libratbag";

View file

@ -91,9 +91,9 @@ let
}; };
nosInputs = { nosInputs = {
arion = mkDep { khepri = mkDep {
owner = "hercules-ci"; owner = "matt1432";
repo = "arion"; repo = "khepri";
}; };
jellyfin-flake = mkDep { jellyfin-flake = mkDep {

View file

@ -1,103 +0,0 @@
{
arion,
config,
lib,
pkgs,
...
}: let
inherit
(lib)
filterAttrs
hasAttr
mapAttrs
mkEnableOption
mkForce
mkIf
mkOption
optionalAttrs
types
;
inherit (config.vars) mainUser;
cfg = config.arion;
in {
imports = [arion.nixosModules.arion];
options.arion = {
enable = mkEnableOption "My custom arion config layer module";
rwDataDir = mkOption {
default = "/var/lib/arion";
type = types.str;
description = ''
Directory to place persistent data in
'';
};
projects = mkOption {
default = {};
description = ''
Declarative specification of docker-compose in nix.
'';
type = types.attrs;
};
};
config = mkIf cfg.enable {
users.extraUsers.${mainUser}.extraGroups = ["docker"];
virtualisation = {
docker = {
enable = true;
storageDriver = "btrfs";
};
arion = {
backend = "docker";
projects =
mapAttrs (n: v: {
# https://docs.hercules-ci.com/arion/options
settings = {
enableDefaultNetwork = v.enableDefaultNetwork or true;
networks =
optionalAttrs (hasAttr "networks" v)
v.networks;
services =
mapAttrs (n': v': {
# https://github.com/hercules-ci/arion/issues/169#issuecomment-1301370634
build.image = let
importImage = file: pkgs.callPackage file pkgs;
in
mkForce (importImage v'.image);
service =
(filterAttrs (attrName: _:
attrName != "image" && attrName != "extraOptions")
v')
# By default set the container_name to the attrset's name
// (optionalAttrs (! hasAttr "container_name" v') {
container_name = n';
});
out.service =
optionalAttrs
(hasAttr "extraOptions" v')
v'.extraOptions;
})
v;
};
})
cfg.projects;
};
};
# Script for updating the images of all images of a compose.nix file
environment.systemPackages = with pkgs; [
(callPackage ./updateImage.nix {})
];
};
}

View file

@ -4,7 +4,7 @@
services.borgbackup = { services.borgbackup = {
existingRepos = [ existingRepos = [
{ {
name = "arion"; name = "docker";
authorizedKeys = [ authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPijoxuSwH9IrS4poewzHHwe64UoX4QY7Qix5VhEdqKR root@servivi" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPijoxuSwH9IrS4poewzHHwe64UoX4QY7Qix5VhEdqKR root@servivi"
]; ];

View file

@ -1,9 +1,10 @@
{config, ...}: let {config, ...}: let
inherit (config.sops) secrets; inherit (config.sops) secrets;
inherit (config.arion) rwDataDir; inherit (config.khepri) rwDataDir;
rwPath = rwDataDir + "/projectName"; rwPath = rwDataDir + "/projectName";
in { in {
arion.projects."projectName" = { khepri.compositions."projectName" = {
services = {};
}; };
} }

View file

@ -0,0 +1,41 @@
{
config,
khepri,
lib,
pkgs,
...
}: let
inherit (lib) mkOption types;
inherit (config.vars) mainUser;
in {
imports = [khepri.nixosModules.default];
options.khepri = {
rwDataDir = mkOption {
default = "/var/lib/docker";
type = types.str;
description = ''
Directory to place persistent data in.
'';
};
};
config = {
users.extraUsers.${mainUser}.extraGroups = ["docker"];
virtualisation = {
docker = {
enable = true;
storageDriver = "btrfs";
};
# khepri uses oci-containers under the hood and it must be set to docker to work
oci-containers.backend = "docker";
};
# Script for updating the images of all images of a compose.nix file
environment.systemPackages = with pkgs; [
(callPackage ./updateImage.nix {})
];
};
}