feat: container migaration (#12)

This commit is contained in:
notohh 2023-05-14 01:49:21 -04:00 committed by GitHub
commit fc9294bd3e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 197 additions and 5 deletions

View file

@ -0,0 +1,7 @@
keys:
- &notoh age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *notoh

View file

@ -22,7 +22,6 @@
xkbVariant = "";
};
virtualisation.docker.enable = true;
users = {
defaultUserShell = pkgs.nushell;
users.oh = {
@ -33,7 +32,6 @@
};
environment.systemPackages = with pkgs; [
docker-compose
hugo
wget
python3Full

View file

@ -6,6 +6,7 @@
imports = [
./hardware-configuration.nix
../../modules
../../modules/services
];
boot.loader = {
@ -16,7 +17,6 @@
useOSProber = false;
};
};
networking = {
hostName = "sakura";
};
@ -26,7 +26,6 @@
xkbVariant = "";
};
virtualisation.docker.enable = true;
users = {
defaultUserShell = pkgs.nushell;
users.notoh = {

View file

@ -26,7 +26,6 @@
xkbVariant = "";
};
virtualisation.docker.enable = true;
users = {
defaultUserShell = pkgs.nushell;
users.oh = {

View file

@ -5,5 +5,6 @@
./nix.nix
./system.nix
./openssh.nix
./virtualisation.nix
];
}

View file

@ -0,0 +1,10 @@
{...}: {
imports = [
./traefik.nix
./homepage.nix
./searxng.nix
./hugo.nix
./stash.nix
./foundryvtt.nix
];
}

View file

@ -0,0 +1,13 @@
{inputs, ...}: {
virtualisation.oci-containers.containers.foundryvtt = {
image = "felddy/foundryvtt:release";
ports = ["30000:30000"];
volumes = [
"/home/notoh/docker/foundryvtt:/data"
];
environment = {
FOUNDRY_USERNAME = inputs.sops.secrets.foundry-username;
FOUNDRY_PASSWORD = inputs.sops.secrets.foundry-password;
};
};
}

View file

@ -0,0 +1,10 @@
{pkgs, ...}: {
virtualisation.oci-containers.containers.homepage = {
ports = ["3000:3000"];
image = "ghcr.io/benphelps/homepage";
volumes = [
"/home/notoh/docker/homepage:/app/config"
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
};
}

10
modules/services/hugo.nix Normal file
View file

@ -0,0 +1,10 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [hugo];
virtualisation.oci-containers.containers.hugo = {
image = "klakegg/hugo:0.101.0";
cmd = ["server" "sh"];
volumes = [
"/home/notoh/docker/hugo:/src"
];
};
}

View file

@ -0,0 +1,12 @@
{...}: {
virtualisation.oci-containers.containers.searxng = {
image = "searxng/searxng";
ports = ["8085:8080"];
volumes = [
"/home/notoh/docker/searxng:/etc/searxng:rw"
];
environment = {
INSTANCE_NAME = "test_instance";
};
};
}

View file

@ -0,0 +1,23 @@
{...}: {
virtualisation.oci-containers.containers.stash = {
image = "stashapp/stash";
ports = [
"9999:9999"
];
environment = {
STASH_STASH = "/data/";
STASH_GENERATED = "/generated/";
STASH_METADATA = "/metadata/";
STASH_CACHE = "/cache/";
STASH_PORT = "9999";
};
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/home/notoh/docker/stash/.config:/root/.stash"
"/home/notoh/docker/stash/data:/data"
"/home/notoh/docker/stash/.metadata:/metadata"
"/home/notoh/docker/stash/cache:/cache"
"/home/notoh/docker/stash/generated:/generated"
];
};
}

View file

@ -0,0 +1,72 @@
{...}: {
networking.firewall.allowedTCPPorts = [80 443 8080];
services.traefik = {
enable = true;
group = "docker";
dynamicConfigOptions = {
http = {
routers = {
api = {
rule = "PathPrefix(`/api/`)";
entryPoints = ["websecure"];
service = "api@internal";
};
homepage = {
rule = "Host(`homepage.lab`)";
entrypoints = ["web"];
service = "homepage@docker";
};
searxng = {
rule = "Host(`test`)";
entrypoints = ["web"];
service = "searxng@docker";
};
hugo = {
rule = "Host(`hugo.lab`)";
entryPoints = ["websecure"];
service = "hugo@docker";
};
stash = {
rule = "Host(`stash.lab`)";
entrypoints = ["web"];
service = "stash@docker";
};
};
};
};
staticConfigOptions = {
api.dashboard = true;
api.insecure = true;
providers.docker = true;
global = {
checkNewVersion = false;
sendAnonymousUsage = false;
};
entryPoints = {
websecure.address = ":443";
web.address = ":80";
};
certificatesResolvers = {
staging.acme = {
email = "x3xr6n66@notohh.dev";
storage = "/var/lib/traefik/acme.json";
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
delayBeforeCheck = 0;
};
};
production.acme = {
email = "x3xr6n66@notohh.dev";
storage = "/var/lib/traefik/acme.json";
caServer = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
delayBeforeCheck = 0;
};
};
};
};
};
}

View file

@ -0,0 +1,16 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [docker-compose];
virtualisation.oci-containers.backend = "docker";
virtualisation.docker = {
enable = true;
enableOnBoot = true;
autoPrune = {
enable = true;
dates = "weekly";
};
listenOptions = [
"/run/docker.sock"
];
};
}

View file

@ -0,0 +1,22 @@
foundry-username: ENC[AES256_GCM,data:WgcWG577,iv:62k3mxXNAwvfugCE8uWfMIkG0TEmnW8YYMPF5Q5Q00g=,tag:hv2rqcwha12eZX2WmnKmMQ==,type:str]
foundry-password: ENC[AES256_GCM,data:xb2UNAhXvj0ayVsf3sTYTqH0n2FnEPQSqoli1zHVEIQ=,iv:B8Kh228CDIyggNweljqqU/CXfTpjQpxcz4J4MnKcgb4=,tag:KnsvAjvL4WGKEQKqlhYiZA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRyt5K0FUSDBjVnY3NTZz
T0NmeE9HREUrSTR5WWtLTzA5TWtndlpBd0FrClBZbzB5bGFxTFYrcEljd1NIZm9K
V3pOZldWTmx6WG4vQU44ZXJDQ29oNTAKLS0tIFhqa1RmeVcwbnhlaWdpOEFJeFBX
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-14T05:40:38Z"
mac: ENC[AES256_GCM,data:Yz8y7vgXcU3SWyQANTM835Od+za7QraqdEjkqVCVuySmACdt93HlT1YdRRnXFennvXnNIsr/J7td+X3tmIwJnOXxbLhSdtluLl0KC8rYjaLN9ijThbA0p6umY+0WMUqRNfugzFzM/3J2L6GbMhczS8+cZ94JsOGu+RNZlydAuVw=,iv:Aw3n05FbB9pV6SztHI6H7vGjbpUQrr4WG6HqjNDMCr8=,tag:mrr6QzeR9yHM9S2Ut7gzbg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3