diff --git a/options/podman.nix b/options/podman.nix index c0a8b46..80964d5 100644 --- a/options/podman.nix +++ b/options/podman.nix @@ -12,6 +12,7 @@ in redmage.enable = lib.mkEnableOption "redmage podman"; redmage-demo.enable = lib.mkEnableOption "redmage-demo podman"; qbittorrent.enable = lib.mkEnableOption "qbittorrent podman"; + openobserve.enable = lib.mkEnableOption "openobserve podman"; servarr = { enable = mkEnableOption "servarr group"; diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix index 3babf62..7948e50 100644 --- a/profiles/homeserver.nix +++ b/profiles/homeserver.nix @@ -36,6 +36,7 @@ servarr.recyclarr.enable = true; servarr.real-debrid-manager.enable = false; servarr.rdtclient.enable = true; + openobserve.enable = true; }; docker = { diff --git a/secrets/openobserve.yaml b/secrets/openobserve.yaml new file mode 100644 index 0000000..e328db3 --- /dev/null +++ b/secrets/openobserve.yaml @@ -0,0 +1,22 @@ +openobserve: + env: ENC[AES256_GCM,data:c7XB9h82qCaV8MWTibJ2DUAjCDEgtjNvXi8B4tLfiJcws7Wfhhh5HQHiy/2Yc4q0h9QcQ9U/WNB05RVdX76H5UTsM7d9SbpG3/NW8d3yyiJlIZ7b/e4l3LD0HEM=,iv:pUcZ2S6mmFncs14HcRwEGSNh+/dz3Ut9M0kWVJwVkck=,tag:279V8olra+A1reKtZHnelQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRmg5YURIdVNMVUFGbTNM + eXdWR0R1N09RMm4vSjRvUmw1VkV0SEFtN2s4CkhCcXgyNHFTU0hwMnNYdG5Sam9j + R21jcDY2MEhtVnZBckpsc010OEVqZmsKLS0tIDZtRmgzRWJZc1NLVVM0dkpwbUpL + Mk1OU0htcGIrWkUzdzFPZUxYb1JyeDAKQjXadi43Wr4yA89HDLsWACrHeUn265zG + qIU/QU6aO7bgoyflQfoppwD6bSqVrJMcTnTujIRA4xDtmCfNnP2cFQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-15T07:57:57Z" + mac: ENC[AES256_GCM,data:uY2pxpgCxOBlj2gGS+/CQ9u0pe6gYlMXlaLKfHjZwJyzAeLjKAE2DLxQVDxx1z2jxx9FoaBnmVEwIgZ399Nk0Ale8ZlN63nduzycTb0kY1Vq8+tNC5Z+LEBe6p54ORmAHQUpUpK8zG72tg3djqH4D3Lm/cyiDegp14PcmK3xRuM=,iv:EJY4zl+vuWR6GJOulF7XLhSBlwSZgq9u2BMLRPR74m0=,tag:1JU2MToCFisIqp1BC/2oNw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/system/podman/default.nix b/system/podman/default.nix index 70eea0b..c4063fe 100644 --- a/system/podman/default.nix +++ b/system/podman/default.nix @@ -41,12 +41,13 @@ in # 10.88.0.6 -> Suwayomi Flaresolverr # 10.88.1.1 -> Pihole imports = [ + ./openobserve.nix ./pihole.nix ./qbittorrent.nix ./redmage-demo.nix ./redmage.nix + ./servarr ./suwayomi.nix ./ytptube.nix - ./servarr ]; } diff --git a/system/podman/openobserve.nix b/system/podman/openobserve.nix new file mode 100644 index 0000000..fd6debf --- /dev/null +++ b/system/podman/openobserve.nix @@ -0,0 +1,53 @@ +{ config, lib, ... }: +let + name = "openobserve"; + podman = config.profile.podman; + inherit (lib) mkIf; + ip = "10.88.99.1"; + image = "public.ecr.aws/zinclabs/openobserve:latest"; + rootVolume = "/nas/podman/openobserve"; + domain = "${name}.tigor.web.id"; + user = config.profile.user; + uid = toString user.uid; + gid = toString user.gid; +in +{ + config = mkIf (podman.enable && podman.${name}.enable) { + services.caddy.virtualHosts.${domain}.extraConfig = '' + reverse_proxy ${ip}:5080 + ''; + + system.activationScripts."podman-${name}" = '' + mkdir -p ${rootVolume}/data + chown ${uid}:${gid} ${rootVolume} ${rootVolume}/data + ''; + + sops.secrets."openobserve/env".sopsFile = ../../secrets/openobserve.yaml; + + virtualisation.oci-containers.containers.${name} = { + inherit image; + hostname = name; + autoStart = true; + user = "${uid}:${gid}"; + environment = { + TZ = "Asia/Jakarta"; + ZO_DATA_DIR = "/data"; + ZO_WEB_URL = "https://${domain}"; + }; + volumes = [ + "${rootVolume}/data:/data" + ]; + extraOptions = [ + "--network=podman" + "--ip=${ip}" + ]; + environmentFiles = [ + config.sops.secrets."openobserve/env".path + ]; + labels = { + "io.containers.autoupdate" = "registry"; + }; + }; + }; + +}