feat: container migaration (#12)
This commit is contained in:
commit
fc9294bd3e
14 changed files with 197 additions and 5 deletions
|
@ -0,0 +1,7 @@
|
|||
keys:
|
||||
- ¬oh age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *notoh
|
|
@ -22,7 +22,6 @@
|
|||
xkbVariant = "";
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
users = {
|
||||
defaultUserShell = pkgs.nushell;
|
||||
users.oh = {
|
||||
|
@ -33,7 +32,6 @@
|
|||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
docker-compose
|
||||
hugo
|
||||
wget
|
||||
python3Full
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules
|
||||
../../modules/services
|
||||
];
|
||||
|
||||
boot.loader = {
|
||||
|
@ -16,7 +17,6 @@
|
|||
useOSProber = false;
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "sakura";
|
||||
};
|
||||
|
@ -26,7 +26,6 @@
|
|||
xkbVariant = "";
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
users = {
|
||||
defaultUserShell = pkgs.nushell;
|
||||
users.notoh = {
|
||||
|
|
|
@ -26,7 +26,6 @@
|
|||
xkbVariant = "";
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
users = {
|
||||
defaultUserShell = pkgs.nushell;
|
||||
users.oh = {
|
||||
|
|
|
@ -5,5 +5,6 @@
|
|||
./nix.nix
|
||||
./system.nix
|
||||
./openssh.nix
|
||||
./virtualisation.nix
|
||||
];
|
||||
}
|
||||
|
|
10
modules/services/default.nix
Normal file
10
modules/services/default.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
./traefik.nix
|
||||
./homepage.nix
|
||||
./searxng.nix
|
||||
./hugo.nix
|
||||
./stash.nix
|
||||
./foundryvtt.nix
|
||||
];
|
||||
}
|
13
modules/services/foundryvtt.nix
Normal file
13
modules/services/foundryvtt.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{inputs, ...}: {
|
||||
virtualisation.oci-containers.containers.foundryvtt = {
|
||||
image = "felddy/foundryvtt:release";
|
||||
ports = ["30000:30000"];
|
||||
volumes = [
|
||||
"/home/notoh/docker/foundryvtt:/data"
|
||||
];
|
||||
environment = {
|
||||
FOUNDRY_USERNAME = inputs.sops.secrets.foundry-username;
|
||||
FOUNDRY_PASSWORD = inputs.sops.secrets.foundry-password;
|
||||
};
|
||||
};
|
||||
}
|
10
modules/services/homepage.nix
Normal file
10
modules/services/homepage.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{pkgs, ...}: {
|
||||
virtualisation.oci-containers.containers.homepage = {
|
||||
ports = ["3000:3000"];
|
||||
image = "ghcr.io/benphelps/homepage";
|
||||
volumes = [
|
||||
"/home/notoh/docker/homepage:/app/config"
|
||||
"/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
];
|
||||
};
|
||||
}
|
10
modules/services/hugo.nix
Normal file
10
modules/services/hugo.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [hugo];
|
||||
virtualisation.oci-containers.containers.hugo = {
|
||||
image = "klakegg/hugo:0.101.0";
|
||||
cmd = ["server" "sh"];
|
||||
volumes = [
|
||||
"/home/notoh/docker/hugo:/src"
|
||||
];
|
||||
};
|
||||
}
|
12
modules/services/searxng.nix
Normal file
12
modules/services/searxng.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{...}: {
|
||||
virtualisation.oci-containers.containers.searxng = {
|
||||
image = "searxng/searxng";
|
||||
ports = ["8085:8080"];
|
||||
volumes = [
|
||||
"/home/notoh/docker/searxng:/etc/searxng:rw"
|
||||
];
|
||||
environment = {
|
||||
INSTANCE_NAME = "test_instance";
|
||||
};
|
||||
};
|
||||
}
|
23
modules/services/stash.nix
Normal file
23
modules/services/stash.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{...}: {
|
||||
virtualisation.oci-containers.containers.stash = {
|
||||
image = "stashapp/stash";
|
||||
ports = [
|
||||
"9999:9999"
|
||||
];
|
||||
environment = {
|
||||
STASH_STASH = "/data/";
|
||||
STASH_GENERATED = "/generated/";
|
||||
STASH_METADATA = "/metadata/";
|
||||
STASH_CACHE = "/cache/";
|
||||
STASH_PORT = "9999";
|
||||
};
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"/home/notoh/docker/stash/.config:/root/.stash"
|
||||
"/home/notoh/docker/stash/data:/data"
|
||||
"/home/notoh/docker/stash/.metadata:/metadata"
|
||||
"/home/notoh/docker/stash/cache:/cache"
|
||||
"/home/notoh/docker/stash/generated:/generated"
|
||||
];
|
||||
};
|
||||
}
|
72
modules/services/traefik.nix
Normal file
72
modules/services/traefik.nix
Normal file
|
@ -0,0 +1,72 @@
|
|||
{...}: {
|
||||
networking.firewall.allowedTCPPorts = [80 443 8080];
|
||||
|
||||
services.traefik = {
|
||||
enable = true;
|
||||
group = "docker";
|
||||
dynamicConfigOptions = {
|
||||
http = {
|
||||
routers = {
|
||||
api = {
|
||||
rule = "PathPrefix(`/api/`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "api@internal";
|
||||
};
|
||||
homepage = {
|
||||
rule = "Host(`homepage.lab`)";
|
||||
entrypoints = ["web"];
|
||||
service = "homepage@docker";
|
||||
};
|
||||
searxng = {
|
||||
rule = "Host(`test`)";
|
||||
entrypoints = ["web"];
|
||||
service = "searxng@docker";
|
||||
};
|
||||
hugo = {
|
||||
rule = "Host(`hugo.lab`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "hugo@docker";
|
||||
};
|
||||
stash = {
|
||||
rule = "Host(`stash.lab`)";
|
||||
entrypoints = ["web"];
|
||||
service = "stash@docker";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
staticConfigOptions = {
|
||||
api.dashboard = true;
|
||||
api.insecure = true;
|
||||
providers.docker = true;
|
||||
global = {
|
||||
checkNewVersion = false;
|
||||
sendAnonymousUsage = false;
|
||||
};
|
||||
entryPoints = {
|
||||
websecure.address = ":443";
|
||||
web.address = ":80";
|
||||
};
|
||||
certificatesResolvers = {
|
||||
staging.acme = {
|
||||
email = "x3xr6n66@notohh.dev";
|
||||
storage = "/var/lib/traefik/acme.json";
|
||||
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
dnsChallenge = {
|
||||
provider = "cloudflare";
|
||||
delayBeforeCheck = 0;
|
||||
};
|
||||
};
|
||||
production.acme = {
|
||||
email = "x3xr6n66@notohh.dev";
|
||||
storage = "/var/lib/traefik/acme.json";
|
||||
caServer = "https://acme-v02.api.letsencrypt.org/directory";
|
||||
dnsChallenge = {
|
||||
provider = "cloudflare";
|
||||
delayBeforeCheck = 0;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
16
modules/virtualisation.nix
Normal file
16
modules/virtualisation.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [docker-compose];
|
||||
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
enableOnBoot = true;
|
||||
autoPrune = {
|
||||
enable = true;
|
||||
dates = "weekly";
|
||||
};
|
||||
listenOptions = [
|
||||
"/run/docker.sock"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
foundry-username: ENC[AES256_GCM,data:WgcWG577,iv:62k3mxXNAwvfugCE8uWfMIkG0TEmnW8YYMPF5Q5Q00g=,tag:hv2rqcwha12eZX2WmnKmMQ==,type:str]
|
||||
foundry-password: ENC[AES256_GCM,data:xb2UNAhXvj0ayVsf3sTYTqH0n2FnEPQSqoli1zHVEIQ=,iv:B8Kh228CDIyggNweljqqU/CXfTpjQpxcz4J4MnKcgb4=,tag:KnsvAjvL4WGKEQKqlhYiZA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRyt5K0FUSDBjVnY3NTZz
|
||||
T0NmeE9HREUrSTR5WWtLTzA5TWtndlpBd0FrClBZbzB5bGFxTFYrcEljd1NIZm9K
|
||||
V3pOZldWTmx6WG4vQU44ZXJDQ29oNTAKLS0tIFhqa1RmeVcwbnhlaWdpOEFJeFBX
|
||||
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
|
||||
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-05-14T05:40:38Z"
|
||||
mac: ENC[AES256_GCM,data:Yz8y7vgXcU3SWyQANTM835Od+za7QraqdEjkqVCVuySmACdt93HlT1YdRRnXFennvXnNIsr/J7td+X3tmIwJnOXxbLhSdtluLl0KC8rYjaLN9ijThbA0p6umY+0WMUqRNfugzFzM/3J2L6GbMhczS8+cZ94JsOGu+RNZlydAuVw=,iv:Aw3n05FbB9pV6SztHI6H7vGjbpUQrr4WG6HqjNDMCr8=,tag:mrr6QzeR9yHM9S2Ut7gzbg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in a new issue