From 8ebc6de43eca3ea6b947fb49319742e1c33f127d Mon Sep 17 00:00:00 2001
From: matt1432 <matt@nelim.org>
Date: Sun, 28 Jul 2024 00:44:09 -0400
Subject: [PATCH] fix(docker): force global dns and update jfa

---
 .../nos/modules/docker/wg-easy/compose.nix    |  2 --
 .../nos/modules/jellyfin/images/jfa-go.nix    |  4 ++--
 devices/nos/modules/jellyfin/jfa-go.nix       | 21 +++++++++++-------
 flake.lock                                    | 22 +++++++++----------
 modules/docker/default.nix                    |  5 +++++
 5 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/devices/nos/modules/docker/wg-easy/compose.nix b/devices/nos/modules/docker/wg-easy/compose.nix
index 8a59e3bd..d5c78b14 100644
--- a/devices/nos/modules/docker/wg-easy/compose.nix
+++ b/devices/nos/modules/docker/wg-easy/compose.nix
@@ -25,8 +25,6 @@ in {
         "net.ipv4.conf.all.src_valid_mark=1"
       ];
 
-      dns = ["1.0.0.1"];
-
       environment = {
         WG_HOST = "166.62.179.208";
         WG_PORT = "51820";
diff --git a/devices/nos/modules/jellyfin/images/jfa-go.nix b/devices/nos/modules/jellyfin/images/jfa-go.nix
index 3854e0b4..b72c6ea9 100644
--- a/devices/nos/modules/jellyfin/images/jfa-go.nix
+++ b/devices/nos/modules/jellyfin/images/jfa-go.nix
@@ -1,8 +1,8 @@
 pkgs:
 pkgs.dockerTools.pullImage {
   imageName = "hrfee/jfa-go";
-  imageDigest = "sha256:e50d74379d91f9389afcd7db6bc4542ad2b1869f4af69c7f9fb5f9c02e7957da";
-  sha256 = "02v0p4yrp4gjm88mqvdasaslfl51r194m6fj08bmq16bm6zz1n9l";
+  imageDigest = "sha256:96b4744c1bbb25561e40121fc2132f96c08c569fdd9235d5de79e658a2682d88";
+  sha256 = "0payy2warh81rkry49n7kh07088jxkb8lgans8rlpq8vf69xmqlp";
   finalImageName = "hrfee/jfa-go";
   finalImageTag = "unstable";
 }
diff --git a/devices/nos/modules/jellyfin/jfa-go.nix b/devices/nos/modules/jellyfin/jfa-go.nix
index af2903b5..e9596bac 100644
--- a/devices/nos/modules/jellyfin/jfa-go.nix
+++ b/devices/nos/modules/jellyfin/jfa-go.nix
@@ -10,15 +10,20 @@ in {
     partOf = ["jellyfin.service"];
   };
 
-  khepri.compositions."jfa-go".services."jfa-go" = {
-    image = import ./images/jfa-go.nix pkgs;
-    restart = "always";
+  khepri.compositions."jfa-go" = {
+    networks.proxy_net = {external = true;};
 
-    ports = ["8056:8056"];
+    services."jfa-go" = {
+      image = import ./images/jfa-go.nix pkgs;
+      restart = "always";
 
-    volumes = [
-      "${jellyService.WorkingDirectory}/jfa-go:/data"
-      "/etc/localtime:/etc/localtime:ro"
-    ];
+      ports = ["8056:8056"];
+      networks = ["proxy_net"];
+
+      volumes = [
+        "${jellyService.WorkingDirectory}/jfa-go:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
   };
 }
diff --git a/flake.lock b/flake.lock
index 4abcaf0b..db41e956 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1401,16 +1401,16 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1715458492,
-        "narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
+        "lastModified": 1721524707,
+        "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8e47858badee5594292921c2668c11004c3b0142",
+        "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -1756,11 +1756,11 @@
         "sops-nix": "sops-nix"
       },
       "locked": {
-        "lastModified": 1716069733,
-        "narHash": "sha256-80esrChLmwUiWa/j7oJ8JwSW+6k2IMTjiRLTA0cNfJg=",
+        "lastModified": 1722141443,
+        "narHash": "sha256-ScLpph0VYrkt93/XQTJ8CN7raz1fvAgDEnAilgH3k9k=",
         "ref": "refs/heads/main",
-        "rev": "1750659f6783859f22ee02b0fa1987fe4809229c",
-        "revCount": 66,
+        "rev": "52753f90a1af68b0fee462b59edfcb9dbd81df36",
+        "revCount": 68,
         "type": "git",
         "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
       },
@@ -1794,11 +1794,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1715482972,
-        "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
+        "lastModified": 1721688883,
+        "narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
+        "rev": "aff2f88277dabe695de4773682842c34a0b7fd54",
         "type": "github"
       },
       "original": {
diff --git a/modules/docker/default.nix b/modules/docker/default.nix
index 0a878f81..e8a1c862 100644
--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@@ -28,7 +28,12 @@ in {
       docker = {
         enable = true;
         storageDriver = "btrfs";
+
+        package = pkgs.docker_27;
+
+        daemon.settings.dns = ["8.8.8.8" "1.1.1.1"];
       };
+
       # khepri uses oci-containers under the hood and it must be set to docker to work
       oci-containers.backend = "docker";
     };