Compare commits
No commits in common. "214cf36daf9dfed3d6545ef8be1f482e9a16ff8a" and "b46757974818b06eadca6e6fbe4973256333dd05" have entirely different histories.
214cf36daf
...
b467579748
|
@ -8,7 +8,6 @@
|
||||||
./git.nix
|
./git.nix
|
||||||
./github.nix
|
./github.nix
|
||||||
./go.nix
|
./go.nix
|
||||||
./jellyfin.nix
|
|
||||||
./microsoft-edge.nix
|
./microsoft-edge.nix
|
||||||
./mpv.nix
|
./mpv.nix
|
||||||
./neovide.nix
|
./neovide.nix
|
||||||
|
|
|
@ -4,7 +4,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
home.packages = [
|
home.packages = lib.mkIf cfg.client.enable [
|
||||||
unstable.jellyfin-media-player
|
unstable.jellyfin-media-player
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,8 +6,5 @@
|
||||||
pihole.enable = lib.mkEnableOption "pihole podman";
|
pihole.enable = lib.mkEnableOption "pihole podman";
|
||||||
suwayomi.enable = lib.mkEnableOption "suwayomi podman";
|
suwayomi.enable = lib.mkEnableOption "suwayomi podman";
|
||||||
ytptube.enable = lib.mkEnableOption "metube podman";
|
ytptube.enable = lib.mkEnableOption "metube podman";
|
||||||
redmage.enable = lib.mkEnableOption "redmage podman";
|
|
||||||
redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
|
|
||||||
qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,9 +28,6 @@
|
||||||
pihole.enable = true;
|
pihole.enable = true;
|
||||||
suwayomi.enable = true;
|
suwayomi.enable = true;
|
||||||
ytptube.enable = true;
|
ytptube.enable = true;
|
||||||
redmage.enable = true;
|
|
||||||
redmage-demo.enable = true;
|
|
||||||
qbittorrent.enable = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
docker = {
|
docker = {
|
||||||
|
|
37
system/podman/caddy.nix
Normal file
37
system/podman/caddy.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
user = config.profile.user;
|
||||||
|
podman = config.profile.podman;
|
||||||
|
cache = "/home/${user.name}/.cache/podman/caddy";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf (podman.enable && podman.caddy.enable) {
|
||||||
|
system.activationScripts.podman-caddy = ''
|
||||||
|
mkdir -p ${cache}
|
||||||
|
chown -R ${config.profile.user.name} ${cache}
|
||||||
|
'';
|
||||||
|
# https://fictionbecomesfact.com/caddy-container
|
||||||
|
systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
wantedBy = [ "${backend}-caddy.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists caddy || ${pkgs.podman}/bin/podman network create caddy'';
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
caddy = {
|
||||||
|
image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
};
|
||||||
|
ports = [ "80:80" "443:443" ];
|
||||||
|
autoStart = true;
|
||||||
|
volumes = [
|
||||||
|
"/run/user/${toString(user.uid)}/podman/podman.sock:/var/run/docker.sock:z"
|
||||||
|
"${cache}:/data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=caddy"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -34,17 +34,13 @@ in
|
||||||
|
|
||||||
# Taken IP-Range Subnets
|
# Taken IP-Range Subnets
|
||||||
#
|
#
|
||||||
# 10.88.0.2 -> Redmage
|
# 10.1.1.0-4 -> Pihole
|
||||||
# 10.88.0.3 -> Redmage Demo
|
# 10.1.1.4-8 -> ytptube
|
||||||
# 10.88.0.4 -> ytptube
|
# 10.1.1.8-12 -> Suwayomi
|
||||||
# 10.88.0.5 -> Suwayomi
|
# 10.1.1.12-16 -> Suwayomi
|
||||||
# 10.88.0.6 -> Suwayomi Flaresolverr
|
|
||||||
# 10.88.1.1 -> Pihole
|
|
||||||
imports = [
|
imports = [
|
||||||
|
./caddy.nix
|
||||||
./pihole.nix
|
./pihole.nix
|
||||||
./qbittorrent.nix
|
|
||||||
./redmage-demo.nix
|
|
||||||
./redmage.nix
|
|
||||||
./suwayomi.nix
|
./suwayomi.nix
|
||||||
./ytptube.nix
|
./ytptube.nix
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
name = "pihole";
|
name = "pihole";
|
||||||
podman = config.profile.podman;
|
podman = config.profile.podman;
|
||||||
pihole = podman.pihole;
|
pihole = podman.pihole;
|
||||||
inherit (lib) mkIf attrsets;
|
inherit (lib) mkIf strings attrsets;
|
||||||
ip = "10.88.1.1";
|
gateway = "10.1.1.1";
|
||||||
|
subnet = "10.1.1.0/30";
|
||||||
|
ip = "10.1.1.2";
|
||||||
|
ip-range = "10.1.1.2/30";
|
||||||
image = "pihole/pihole:latest";
|
image = "pihole/pihole:latest";
|
||||||
piholeDNSIPBind = "192.168.100.3";
|
piholeDNSIPBind = "192.168.100.3";
|
||||||
in
|
in
|
||||||
|
@ -22,6 +25,16 @@ in
|
||||||
|
|
||||||
networking.nameservers = [ piholeDNSIPBind ];
|
networking.nameservers = [ piholeDNSIPBind ];
|
||||||
|
|
||||||
|
|
||||||
|
systemd.services."create-${name}-network" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
wantedBy = [ "podman-${name}.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||||
|
};
|
||||||
|
|
||||||
# We have refresh the custom.list dns list when caddy virtual hosts changes,
|
# We have refresh the custom.list dns list when caddy virtual hosts changes,
|
||||||
# the easiest way to do so is to restart the pihole container.
|
# the easiest way to do so is to restart the pihole container.
|
||||||
#
|
#
|
||||||
|
@ -50,7 +63,6 @@ in
|
||||||
};
|
};
|
||||||
virtualisation.oci-containers.containers.${name} = {
|
virtualisation.oci-containers.containers.${name} = {
|
||||||
inherit image;
|
inherit image;
|
||||||
hostname = name;
|
|
||||||
environment = {
|
environment = {
|
||||||
TZ = "Asia/Jakarta";
|
TZ = "Asia/Jakarta";
|
||||||
PIHOLE_DNS_ = "192.168.100.5";
|
PIHOLE_DNS_ = "192.168.100.5";
|
||||||
|
@ -75,7 +87,7 @@ in
|
||||||
];
|
];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--ip=${ip}"
|
"--ip=${ip}"
|
||||||
"--network=podman"
|
"--network=${name}"
|
||||||
"--cap-add=NET_ADMIN"
|
"--cap-add=NET_ADMIN"
|
||||||
"--cap-add=NET_BIND_SERVICE"
|
"--cap-add=NET_BIND_SERVICE"
|
||||||
"--cap-add=NET_RAW"
|
"--cap-add=NET_RAW"
|
||||||
|
|
|
@ -1,54 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
name = "qbittorrent";
|
|
||||||
domain = "${name}.tigor.web.id";
|
|
||||||
podman = config.profile.podman;
|
|
||||||
qbittorrent = podman.qbittorrent;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
ip = "10.88.0.7";
|
|
||||||
image = "lscr.io/linuxserver/qbittorrent:latest";
|
|
||||||
volume = "/nas/torrents";
|
|
||||||
user = config.profile.user;
|
|
||||||
uid = toString user.uid;
|
|
||||||
gid = toString user.gid;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf (podman.enable && qbittorrent.enable) {
|
|
||||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
|
||||||
reverse_proxy ${ip}:8080
|
|
||||||
'';
|
|
||||||
|
|
||||||
system.activationScripts."podman-${name}" = ''
|
|
||||||
mkdir -p ${volume}/{config,downloads,progress,watch}
|
|
||||||
chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch}
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${name} = {
|
|
||||||
inherit image;
|
|
||||||
hostname = name;
|
|
||||||
autoStart = true;
|
|
||||||
environment = {
|
|
||||||
PUID = uid;
|
|
||||||
PGID = gid;
|
|
||||||
TZ = "Asia/Jakarta";
|
|
||||||
WEBUI_PORT = "8080";
|
|
||||||
TORRENTING_PORT = "6881";
|
|
||||||
};
|
|
||||||
volumes = [
|
|
||||||
"${volume}/config:/config"
|
|
||||||
"${volume}/downloads:/downloads"
|
|
||||||
"${volume}/progress:/progress"
|
|
||||||
"${volume}/watch:/watch"
|
|
||||||
];
|
|
||||||
ports = [
|
|
||||||
"6881:6881"
|
|
||||||
"6881:6881/udp"
|
|
||||||
];
|
|
||||||
extraOptions = [
|
|
||||||
"--ip=${ip}"
|
|
||||||
"--network=podman"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
name = "redmage-demo";
|
|
||||||
podman = config.profile.podman;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
ip = "10.88.0.3";
|
|
||||||
image = "git.tigor.web.id/tigor/redmage:latest";
|
|
||||||
rootVolume = "/nas/redmage-demo";
|
|
||||||
domain = "${name}.tigor.web.id";
|
|
||||||
user = config.profile.user;
|
|
||||||
uid = toString user.uid;
|
|
||||||
gid = toString user.gid;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
|
||||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
|
||||||
reverse_proxy ${ip}:8080
|
|
||||||
'';
|
|
||||||
|
|
||||||
system.activationScripts."podman-${name}" = ''
|
|
||||||
mkdir -p ${rootVolume}/db
|
|
||||||
mkdir -p ${rootVolume}/images
|
|
||||||
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/db ${rootVolume}/images
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${name} = {
|
|
||||||
inherit image;
|
|
||||||
hostname = name;
|
|
||||||
autoStart = true;
|
|
||||||
user = "${uid}:${gid}";
|
|
||||||
environment = {
|
|
||||||
TZ = "Asia/Jakarta";
|
|
||||||
};
|
|
||||||
volumes = [
|
|
||||||
"${rootVolume}/db:/app/db"
|
|
||||||
"${rootVolume}/images:/app/downloads"
|
|
||||||
];
|
|
||||||
extraOptions = [
|
|
||||||
"--network=podman"
|
|
||||||
"--ip=${ip}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,45 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
name = "redmage";
|
|
||||||
podman = config.profile.podman;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
ip = "10.88.0.2";
|
|
||||||
image = "git.tigor.web.id/tigor/redmage:latest";
|
|
||||||
rootVolume = "/nas/redmage";
|
|
||||||
domain = "${name}.tigor.web.id";
|
|
||||||
user = config.profile.user;
|
|
||||||
uid = toString user.uid;
|
|
||||||
gid = toString user.gid;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
|
||||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
|
||||||
reverse_proxy ${ip}:8080
|
|
||||||
'';
|
|
||||||
|
|
||||||
system.activationScripts."podman-${name}" = ''
|
|
||||||
mkdir -p ${rootVolume}/db
|
|
||||||
mkdir -p ${rootVolume}/images
|
|
||||||
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/db ${rootVolume}/images
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${name} = {
|
|
||||||
inherit image;
|
|
||||||
hostname = name;
|
|
||||||
autoStart = true;
|
|
||||||
user = "${uid}:${gid}";
|
|
||||||
environment = {
|
|
||||||
TZ = "Asia/Jakarta";
|
|
||||||
};
|
|
||||||
volumes = [
|
|
||||||
"${rootVolume}/db:/app/db"
|
|
||||||
"${rootVolume}/images:/app/downloads"
|
|
||||||
];
|
|
||||||
extraOptions = [
|
|
||||||
"--network=podman"
|
|
||||||
"--ip=${ip}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
name = "suwayomi";
|
name = "suwayomi";
|
||||||
name-flaresolverr = "${name}-flaresolverr";
|
name-flaresolverr = "${name}-flaresolverr";
|
||||||
|
@ -6,8 +6,11 @@ let
|
||||||
podman = config.profile.podman;
|
podman = config.profile.podman;
|
||||||
suwayomi = podman.suwayomi;
|
suwayomi = podman.suwayomi;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf;
|
||||||
ip = "10.88.0.5";
|
subnet = "10.1.1.8/29";
|
||||||
ip-flaresolverr = "10.88.0.6";
|
gateway = "10.1.1.9";
|
||||||
|
ip = "10.1.1.10";
|
||||||
|
ip-flaresolverr = "10.1.1.11";
|
||||||
|
ip-range = "10.1.1.10/29";
|
||||||
image = "ghcr.io/suwayomi/tachidesk:latest";
|
image = "ghcr.io/suwayomi/tachidesk:latest";
|
||||||
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
|
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
|
||||||
volume = "/nas/podman/suwayomi";
|
volume = "/nas/podman/suwayomi";
|
||||||
|
@ -21,14 +24,22 @@ in
|
||||||
reverse_proxy ${ip}:4567
|
reverse_proxy ${ip}:4567
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
systemd.services."create-${name}-network" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
wantedBy = [ "podman-${name}.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||||
|
};
|
||||||
|
|
||||||
system.activationScripts."podman-${name}" = ''
|
system.activationScripts."podman-${name}" = ''
|
||||||
mkdir -p ${volume}
|
mkdir -p ${volume}
|
||||||
chown ${uid}:${gid} ${volume}
|
chown -R ${uid}:${gid} ${volume}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${name} = {
|
virtualisation.oci-containers.containers.${name} = {
|
||||||
inherit image;
|
inherit image;
|
||||||
hostname = name;
|
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
user = "${uid}:${gid}";
|
user = "${uid}:${gid}";
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -50,21 +61,20 @@ in
|
||||||
];
|
];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--ip=${ip}"
|
"--ip=${ip}"
|
||||||
"--network=podman"
|
"--network=${name}"
|
||||||
];
|
];
|
||||||
dependsOn = [ "${name}-flaresolverr" ];
|
dependsOn = [ "${name}-flaresolverr" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${name-flaresolverr} = {
|
virtualisation.oci-containers.containers.${name-flaresolverr} = {
|
||||||
image = image-flaresolverr;
|
image = image-flaresolverr;
|
||||||
hostname = name-flaresolverr;
|
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
environment = {
|
environment = {
|
||||||
TZ = "Asia/Jakarta";
|
TZ = "Asia/Jakarta";
|
||||||
};
|
};
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--ip=${ip-flaresolverr}"
|
"--ip=${ip-flaresolverr}"
|
||||||
"--network=podman"
|
"--network=${name}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,7 +3,10 @@ let
|
||||||
name = "ytptube";
|
name = "ytptube";
|
||||||
podman = config.profile.podman;
|
podman = config.profile.podman;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf;
|
||||||
ip = "10.88.0.4";
|
gateway = "10.1.1.5";
|
||||||
|
subnet = "10.1.1.4/30";
|
||||||
|
ip = "10.1.1.6";
|
||||||
|
ip-range = "10.1.1.6/30";
|
||||||
image = "ghcr.io/arabcoders/${name}:latest";
|
image = "ghcr.io/arabcoders/${name}:latest";
|
||||||
volume = "/nas/mediaserver/${name}";
|
volume = "/nas/mediaserver/${name}";
|
||||||
domain = "${name}.tigor.web.id";
|
domain = "${name}.tigor.web.id";
|
||||||
|
@ -16,6 +19,17 @@ in
|
||||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
reverse_proxy ${ip}:8081
|
reverse_proxy ${ip}:8081
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
systemd.services."create-${name}-network" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
wantedBy = [ "podman-${name}.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
system.activationScripts."podman-${name}" = ''
|
system.activationScripts."podman-${name}" = ''
|
||||||
mkdir -p ${volume}
|
mkdir -p ${volume}
|
||||||
chown -R ${uid}:${gid} ${volume}
|
chown -R ${uid}:${gid} ${volume}
|
||||||
|
@ -62,7 +76,6 @@ in
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${name} = {
|
virtualisation.oci-containers.containers.${name} = {
|
||||||
inherit image;
|
inherit image;
|
||||||
hostname = name;
|
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
user = "${uid}:${gid}";
|
user = "${uid}:${gid}";
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -74,7 +87,7 @@ in
|
||||||
];
|
];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--ip=${ip}"
|
"--ip=${ip}"
|
||||||
"--network=podman"
|
"--network=${name}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -16,10 +16,7 @@ in
|
||||||
upstream_recursive_servers = [
|
upstream_recursive_servers = [
|
||||||
{
|
{
|
||||||
address_data = "1.1.1.1";
|
address_data = "1.1.1.1";
|
||||||
tls_auth_name = "cloudflare-dns.com";
|
tls_port = 853;
|
||||||
}
|
|
||||||
{
|
|
||||||
address_data = "1.0.0.1";
|
|
||||||
tls_auth_name = "cloudflare-dns.com";
|
tls_auth_name = "cloudflare-dns.com";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue