homserver: enabled docker and disabled podman
This commit is contained in:
parent
22399a23b3
commit
2a3c822b56
|
@ -1,11 +1,11 @@
|
||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
options.profile.docker = {
|
options.profile.docker = {
|
||||||
enable = lib.mkEnableOption "docker";
|
enable = lib.mkEnableOption "docker";
|
||||||
caddy.enable = lib.mkOption {
|
caddy.enable = mkEnableOption "caddy docker";
|
||||||
type = lib.types.bool;
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
kavita.enable = lib.mkEnableOption "kavita docker";
|
kavita.enable = lib.mkEnableOption "kavita docker";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,10 @@
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
podman = {
|
podman = {
|
||||||
|
enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
runner_token: ENC[AES256_GCM,data:OA1qGIY46bNcjHDms3XZhpa40J9WRexNXsnK0Lm1WWIUbvKOCp6GG2v2599ysQ==,iv:ftNbVJYJR+2UozxMLcYZh5HH+O1KRMvUAKQc9/UAunI=,tag:F++kseVO3yD3jt6+vVTJ5Q==,type:str]
|
forgejo:
|
||||||
|
runners:
|
||||||
|
global: ENC[AES256_GCM,data:LuYqYDMgaq+L94JL5tGTlOhm7x98jpb7n6o5jYVKdN/9Z/5LA10lmwdDDsBYuA==,iv:UkLz8qW/C2M2XomRz+Oc+d4LIioxyh2pPgBaiY6x4N8=,tag:k0xRH8+gMoM4DbITXn1SfA==,type:str]
|
||||||
|
user_tokens:
|
||||||
|
tigor:
|
||||||
|
#ENC[AES256_GCM,data:5IEV/X4fpfydhdSw7LYOLMFZYqD/Kp96Zyp/YXnvFzVh8GluX4+9qGgsdWAsFgLlPXDRAi1ViA==,iv:v1OmczINHtT+AtdXMBjstmGejV62nhQ/T9aIoJG8DR8=,tag:b4Xg3ybhrxy70n/UB5D7nQ==,type:comment]
|
||||||
|
push_docker_image_token: ENC[AES256_GCM,data:jMTz+c3IEcpqRkYLZyrUWLWLIw0AOdDk7LsIDvjCW3rKxTiOOmb1wg==,iv:OjZArNhCCKZkngGjYbCQVYJkQww9K5b4ehUXxsdOqdU=,tag:EViefKbS+II+MXWqLE7rKw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -14,8 +20,8 @@ sops:
|
||||||
NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
|
NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
|
||||||
IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
|
IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-13T12:44:00Z"
|
lastmodified: "2024-06-15T09:16:06Z"
|
||||||
mac: ENC[AES256_GCM,data:x8MHb/bcXqQHOUfLIOjnk1ivCs+ubLKm6L0gzrI3ZbLaQRieKvY2THSDjmyF2OAe5x9stjCY5ZOb7t3Y7EXG5sgiwvSwqcZKUY3k4SEkJtO6MJmLE39UGphHPZXQD4Jez+PWfrbZXf4lk9hsnW20wHZgePq+w6mW003uN88ZPzw=,iv:gOZJIXcT2GGTcxonKPtjxZewjFDHU0FW0xT8Sfzz10o=,tag:keHB371hNXD90rqgZjfeaw==,type:str]
|
mac: ENC[AES256_GCM,data:583xIAMkXyVNEkGeM2LM7CLRsypeeJ6Fpt3HxNw7jVmB3PFB/KKwcyhw4UDjNM2xsIjgGMjuAGc3SBI7zubfy9YotrP6m+NOw+8lC9JZbBQIaHIOPTgpeUJLHGveNe2SEBYfbhCjQid+EAWW92oRddZoGyrh2OWq33FgRvTM00A=,iv:/6mZEm2jyJ1cxOQ1mUoGHu6oZjWGknllKYF9/uV80Ao=,tag:oCYlwgXZuin7uBUeRjnOlw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -31,7 +31,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."runner_token" = {
|
sops.secrets."forgejo/runners/global" = {
|
||||||
sopsFile = ../../secrets/forgejo.yaml;
|
sopsFile = ../../secrets/forgejo.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -42,8 +42,15 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
name = config.networking.hostName;
|
name = config.networking.hostName;
|
||||||
url = config.services.forgejo.settings.server.ROOT_URL;
|
url = config.services.forgejo.settings.server.ROOT_URL;
|
||||||
tokenFile = config.sops.secrets."runner_token".path;
|
tokenFile = config.sops.secrets."forgejo/runners/global".path;
|
||||||
settings = {
|
settings = {
|
||||||
|
runner = {
|
||||||
|
capacity = 2;
|
||||||
|
timeout = "1h";
|
||||||
|
};
|
||||||
|
cache = {
|
||||||
|
enabled = true;
|
||||||
|
};
|
||||||
container = {
|
container = {
|
||||||
privileged = true;
|
privileged = true;
|
||||||
# docker_host = "unix:///var/run/docker.sock";
|
# docker_host = "unix:///var/run/docker.sock";
|
||||||
|
|
Loading…
Reference in a new issue