fix(docker): force global dns and update jfa

devices/nos/modules/docker/wg-easy/compose.nix

@@ -25,8 +25,6 @@ in {
         "net.ipv4.conf.all.src_valid_mark=1"
       ];
 
-      dns = ["1.0.0.1"];
-
       environment = {
         WG_HOST = "166.62.179.208";
         WG_PORT = "51820";

devices/nos/modules/jellyfin/images/jfa-go.nix

@@ -1,8 +1,8 @@
 pkgs:
 pkgs.dockerTools.pullImage {
   imageName = "hrfee/jfa-go";
-  imageDigest = "sha256:e50d74379d91f9389afcd7db6bc4542ad2b1869f4af69c7f9fb5f9c02e7957da";
+  imageDigest = "sha256:96b4744c1bbb25561e40121fc2132f96c08c569fdd9235d5de79e658a2682d88";
-  sha256 = "02v0p4yrp4gjm88mqvdasaslfl51r194m6fj08bmq16bm6zz1n9l";
+  sha256 = "0payy2warh81rkry49n7kh07088jxkb8lgans8rlpq8vf69xmqlp";
   finalImageName = "hrfee/jfa-go";
   finalImageTag = "unstable";
 }

devices/nos/modules/jellyfin/jfa-go.nix

@@ -10,15 +10,20 @@ in {
     partOf = ["jellyfin.service"];
   };
 
-  khepri.compositions."jfa-go".services."jfa-go" = {
+  khepri.compositions."jfa-go" = {
-    image = import ./images/jfa-go.nix pkgs;
+    networks.proxy_net = {external = true;};
-    restart = "always";
 
-    ports = ["8056:8056"];
+    services."jfa-go" = {
+      image = import ./images/jfa-go.nix pkgs;
+      restart = "always";
 
-    volumes = [
+      ports = ["8056:8056"];
-      "${jellyService.WorkingDirectory}/jfa-go:/data"
+      networks = ["proxy_net"];
-      "/etc/localtime:/etc/localtime:ro"
+
-    ];
+      volumes = [
+        "${jellyService.WorkingDirectory}/jfa-go:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
   };
 }

flake.lock

@@ -1401,16 +1401,16 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1715458492,
+        "lastModified": 1721524707,
-        "narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
+        "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8e47858badee5594292921c2668c11004c3b0142",
+        "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -1756,11 +1756,11 @@
         "sops-nix": "sops-nix"
       },
       "locked": {
-        "lastModified": 1716069733,
+        "lastModified": 1722141443,
-        "narHash": "sha256-80esrChLmwUiWa/j7oJ8JwSW+6k2IMTjiRLTA0cNfJg=",
+        "narHash": "sha256-ScLpph0VYrkt93/XQTJ8CN7raz1fvAgDEnAilgH3k9k=",
         "ref": "refs/heads/main",
-        "rev": "1750659f6783859f22ee02b0fa1987fe4809229c",
+        "rev": "52753f90a1af68b0fee462b59edfcb9dbd81df36",
-        "revCount": 66,
+        "revCount": 68,
         "type": "git",
         "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
       },
@@ -1794,11 +1794,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1715482972,
+        "lastModified": 1721688883,
-        "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
+        "narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
+        "rev": "aff2f88277dabe695de4773682842c34a0b7fd54",
         "type": "github"
       },
       "original": {

modules/docker/default.nix

@@ -28,7 +28,12 @@ in {
       docker = {
         enable = true;
         storageDriver = "btrfs";
+
+        package = pkgs.docker_27;
+
+        daemon.settings.dns = ["8.8.8.8" "1.1.1.1"];
       };
+
       # khepri uses oci-containers under the hood and it must be set to docker to work
       oci-containers.backend = "docker";
     };