tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

homserver: enabled docker and disabled podman

Browse source
This commit is contained in:
Tigor Hutasuhut 2024-06-15 16:45:38 +07:00
parent 22399a23b3
commit 2a3c822b56
4 changed files with 26 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
options/docker.nix
View file

@ -1,11 +1,11 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption;
in
{
options.profile.docker = {
enable = lib.mkEnableOption "docker";
caddy.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
caddy.enable = mkEnableOption "caddy docker";
kavita.enable = lib.mkEnableOption "kavita docker";
};
}

4
profiles/homeserver.nix
View file

@ -23,6 +23,10 @@
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
podman = {
enable = false;
};
docker = {
enable = true;
};

12
secrets/forgejo.yaml
View file

@ -1,4 +1,10 @@
runner_token: ENC[AES256_GCM,data:OA1qGIY46bNcjHDms3XZhpa40J9WRexNXsnK0Lm1WWIUbvKOCp6GG2v2599ysQ==,iv:ftNbVJYJR+2UozxMLcYZh5HH+O1KRMvUAKQc9/UAunI=,tag:F++kseVO3yD3jt6+vVTJ5Q==,type:str]
forgejo:
runners:
global: ENC[AES256_GCM,data:LuYqYDMgaq+L94JL5tGTlOhm7x98jpb7n6o5jYVKdN/9Z/5LA10lmwdDDsBYuA==,iv:UkLz8qW/C2M2XomRz+Oc+d4LIioxyh2pPgBaiY6x4N8=,tag:k0xRH8+gMoM4DbITXn1SfA==,type:str]
user_tokens:
tigor:
#ENC[AES256_GCM,data:5IEV/X4fpfydhdSw7LYOLMFZYqD/Kp96Zyp/YXnvFzVh8GluX4+9qGgsdWAsFgLlPXDRAi1ViA==,iv:v1OmczINHtT+AtdXMBjstmGejV62nhQ/T9aIoJG8DR8=,tag:b4Xg3ybhrxy70n/UB5D7nQ==,type:comment]
push_docker_image_token: ENC[AES256_GCM,data:jMTz+c3IEcpqRkYLZyrUWLWLIw0AOdDk7LsIDvjCW3rKxTiOOmb1wg==,iv:OjZArNhCCKZkngGjYbCQVYJkQww9K5b4ehUXxsdOqdU=,tag:EViefKbS+II+MXWqLE7rKw==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +20,8 @@ sops:
NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T12:44:00Z"
mac: ENC[AES256_GCM,data:x8MHb/bcXqQHOUfLIOjnk1ivCs+ubLKm6L0gzrI3ZbLaQRieKvY2THSDjmyF2OAe5x9stjCY5ZOb7t3Y7EXG5sgiwvSwqcZKUY3k4SEkJtO6MJmLE39UGphHPZXQD4Jez+PWfrbZXf4lk9hsnW20wHZgePq+w6mW003uN88ZPzw=,iv:gOZJIXcT2GGTcxonKPtjxZewjFDHU0FW0xT8Sfzz10o=,tag:keHB371hNXD90rqgZjfeaw==,type:str]
lastmodified: "2024-06-15T09:16:06Z"
mac: ENC[AES256_GCM,data:583xIAMkXyVNEkGeM2LM7CLRsypeeJ6Fpt3HxNw7jVmB3PFB/KKwcyhw4UDjNM2xsIjgGMjuAGc3SBI7zubfy9YotrP6m+NOw+8lC9JZbBQIaHIOPTgpeUJLHGveNe2SEBYfbhCjQid+EAWW92oRddZoGyrh2OWq33FgRvTM00A=,iv:/6mZEm2jyJ1cxOQ1mUoGHu6oZjWGknllKYF9/uV80Ao=,tag:oCYlwgXZuin7uBUeRjnOlw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

11
system/services/forgejo.nix
View file

@ -31,7 +31,7 @@ in
};
};
sops.secrets."runner_token" = {
sops.secrets."forgejo/runners/global" = {
sopsFile = ../../secrets/forgejo.yaml;
};
@ -42,8 +42,15 @@ in
enable = true;
name = config.networking.hostName;
url = config.services.forgejo.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."runner_token".path;
tokenFile = config.sops.secrets."forgejo/runners/global".path;
settings = {
runner = {
capacity = 2;
timeout = "1h";
};
cache = {
enabled = true;
};
container = {
privileged = true;
# docker_host = "unix:///var/run/docker.sock";