From 8c97b095a202fc39d5e469f289561ce48af32b3e Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 1 Feb 2024 11:46:02 -0500 Subject: [PATCH] hosts: use digest for oci-containers --- hosts/kariru/services/default.nix | 4 ++-- hosts/kariru/services/torrent.nix | 4 ++-- hosts/sakura/services/justlog.nix | 2 +- hosts/yuki/services/paperless.nix | 2 +- hosts/yuki/services/stash.nix | 2 +- hosts/yuki/services/wallos.nix | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hosts/kariru/services/default.nix b/hosts/kariru/services/default.nix index a15b186..516c0ef 100644 --- a/hosts/kariru/services/default.nix +++ b/hosts/kariru/services/default.nix @@ -39,7 +39,7 @@ virtualisation.oci-containers.containers = { whisparr = { - image = "ghcr.io/hotio/whisparr:v3-b7c95ec"; + image = "ghcr.io/hotio/whisparr@sha256:88b91920b77339e2deda418960be28868df538413abea6cdddaf4013e43c4c0f"; # v3-3.0.0.425 ports = ["6969:6969"]; volumes = [ "/var/lib/whisparr:/config" @@ -49,7 +49,7 @@ extraOptions = ["--network=host"]; }; flaresolverr = { - image = "ghcr.io/flaresolverr/flaresolverr:v3.3.13"; + image = "ghcr.io/flaresolverr/flaresolverr@sha256:213bb58aa341a0188e64ce2c21e1c5748b167c719828bc61dd904eb0fb1aec63"; # v3.3.13 ports = ["8191:8191"]; extraOptions = ["--network=host"]; }; diff --git a/hosts/kariru/services/torrent.nix b/hosts/kariru/services/torrent.nix index edbd17e..27478cf 100644 --- a/hosts/kariru/services/torrent.nix +++ b/hosts/kariru/services/torrent.nix @@ -2,7 +2,7 @@ sops.secrets.gluetun = {}; virtualisation.oci-containers.containers = { gluetun = { - image = "qmcgaw/gluetun:v3.37.0"; + image = "qmcgaw/gluetun@sha256:e15ede3ce007e3f6e3f6532c7d8d6051f4bb0dca4bb3c5edd7aa3316916e9990"; #v3.37.0 hostname = "gluetun"; ports = [ "8000:8000/tcp" # HTTP control server @@ -17,7 +17,7 @@ extraOptions = ["--cap-add=NET_ADMIN"]; }; qbittorrent = { - image = "linuxserver/qbittorrent:4.6.2"; + image = "linuxserver/qbittorrent@sha256:c388ef02586a7d37c708c63eef069025663f4ac99cd29c9480bc34018d8b4194"; # v4.6.3 dependsOn = ["gluetun"]; environment = { PUID = "1001"; diff --git a/hosts/sakura/services/justlog.nix b/hosts/sakura/services/justlog.nix index fed0910..a2c785e 100644 --- a/hosts/sakura/services/justlog.nix +++ b/hosts/sakura/services/justlog.nix @@ -1,7 +1,7 @@ _: { networking.firewall.allowedTCPPorts = [8025]; virtualisation.oci-containers.containers.justlog = { - image = "ghcr.io/gempir/justlog"; + image = "ghcr.io/gempir/justlog@sha256:44b2426c0057b44019b78b1daece13dac2356ff68f9f506f067c8c4c92f54f22"; ports = ["8025:8025"]; volumes = [ "/home/notoh/justlog/config.json:/etc/justlog.json" diff --git a/hosts/yuki/services/paperless.nix b/hosts/yuki/services/paperless.nix index 4950a45..b101769 100644 --- a/hosts/yuki/services/paperless.nix +++ b/hosts/yuki/services/paperless.nix @@ -12,7 +12,7 @@ in { package = pkgs.paperless-ngx; enable = true; - address = "100.108.113.89"; + address = "0.0.0.0"; port = 28981; passwordFile = config.sops.secrets.paperless-pwd.path; dataDir = "${dataDir}"; diff --git a/hosts/yuki/services/stash.nix b/hosts/yuki/services/stash.nix index b38b95f..fe7f347 100644 --- a/hosts/yuki/services/stash.nix +++ b/hosts/yuki/services/stash.nix @@ -1,6 +1,6 @@ _: { virtualisation.oci-containers.containers.stash = { - image = "stashapp/stash:v0.24.3"; + image = "stashapp/stash@sha256:b3b59809d5be1d82467253ec9e2ee98628a0db7527d27a6c7daa75e1fcda7deb"; environment = { STASH_STASH = "/data/"; STASH_GENERATED = "/generated/"; diff --git a/hosts/yuki/services/wallos.nix b/hosts/yuki/services/wallos.nix index 7a9a5b5..3cba45f 100644 --- a/hosts/yuki/services/wallos.nix +++ b/hosts/yuki/services/wallos.nix @@ -1,6 +1,6 @@ _: { virtualisation.oci-containers.containers.wallos = { - image = "bellamy/wallos:latest"; + image = "bellamy/wallos@sha256:d3846ab980095be55a3c07633cca905bf29505bc63e5d92ad49938f56fd7b9f7"; ports = [ "8282:80" ];