Compare commits

..

No commits in common. "214cf36daf9dfed3d6545ef8be1f482e9a16ff8a" and "b46757974818b06eadca6e6fbe4973256333dd05" have entirely different histories.

13 changed files with 95 additions and 181 deletions

View file

@ -8,7 +8,6 @@
./git.nix ./git.nix
./github.nix ./github.nix
./go.nix ./go.nix
./jellyfin.nix
./microsoft-edge.nix ./microsoft-edge.nix
./mpv.nix ./mpv.nix
./neovide.nix ./neovide.nix

View file

@ -4,7 +4,7 @@ let
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = [ home.packages = lib.mkIf cfg.client.enable [
unstable.jellyfin-media-player unstable.jellyfin-media-player
]; ];
}; };

View file

@ -6,8 +6,5 @@
pihole.enable = lib.mkEnableOption "pihole podman"; pihole.enable = lib.mkEnableOption "pihole podman";
suwayomi.enable = lib.mkEnableOption "suwayomi podman"; suwayomi.enable = lib.mkEnableOption "suwayomi podman";
ytptube.enable = lib.mkEnableOption "metube podman"; ytptube.enable = lib.mkEnableOption "metube podman";
redmage.enable = lib.mkEnableOption "redmage podman";
redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
}; };
} }

View file

@ -28,9 +28,6 @@
pihole.enable = true; pihole.enable = true;
suwayomi.enable = true; suwayomi.enable = true;
ytptube.enable = true; ytptube.enable = true;
redmage.enable = true;
redmage-demo.enable = true;
qbittorrent.enable = true;
}; };
docker = { docker = {

37
system/podman/caddy.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
let
user = config.profile.user;
podman = config.profile.podman;
cache = "/home/${user.name}/.cache/podman/caddy";
in
{
config = lib.mkIf (podman.enable && podman.caddy.enable) {
system.activationScripts.podman-caddy = ''
mkdir -p ${cache}
chown -R ${config.profile.user.name} ${cache}
'';
# https://fictionbecomesfact.com/caddy-container
systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
serviceConfig.Type = "oneshot";
wantedBy = [ "${backend}-caddy.service" ];
script = ''${pkgs.podman}/bin/podman network exists caddy || ${pkgs.podman}/bin/podman network create caddy'';
};
virtualisation.oci-containers.containers = {
caddy = {
image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
environment = {
TZ = "Asia/Jakarta";
};
ports = [ "80:80" "443:443" ];
autoStart = true;
volumes = [
"/run/user/${toString(user.uid)}/podman/podman.sock:/var/run/docker.sock:z"
"${cache}:/data"
];
extraOptions = [
"--network=caddy"
];
};
};
};
}

View file

@ -34,17 +34,13 @@ in
# Taken IP-Range Subnets # Taken IP-Range Subnets
# #
# 10.88.0.2 -> Redmage # 10.1.1.0-4 -> Pihole
# 10.88.0.3 -> Redmage Demo # 10.1.1.4-8 -> ytptube
# 10.88.0.4 -> ytptube # 10.1.1.8-12 -> Suwayomi
# 10.88.0.5 -> Suwayomi # 10.1.1.12-16 -> Suwayomi
# 10.88.0.6 -> Suwayomi Flaresolverr
# 10.88.1.1 -> Pihole
imports = [ imports = [
./caddy.nix
./pihole.nix ./pihole.nix
./qbittorrent.nix
./redmage-demo.nix
./redmage.nix
./suwayomi.nix ./suwayomi.nix
./ytptube.nix ./ytptube.nix
]; ];

View file

@ -1,10 +1,13 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
name = "pihole"; name = "pihole";
podman = config.profile.podman; podman = config.profile.podman;
pihole = podman.pihole; pihole = podman.pihole;
inherit (lib) mkIf attrsets; inherit (lib) mkIf strings attrsets;
ip = "10.88.1.1"; gateway = "10.1.1.1";
subnet = "10.1.1.0/30";
ip = "10.1.1.2";
ip-range = "10.1.1.2/30";
image = "pihole/pihole:latest"; image = "pihole/pihole:latest";
piholeDNSIPBind = "192.168.100.3"; piholeDNSIPBind = "192.168.100.3";
in in
@ -22,6 +25,16 @@ in
networking.nameservers = [ piholeDNSIPBind ]; networking.nameservers = [ piholeDNSIPBind ];
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
# We have refresh the custom.list dns list when caddy virtual hosts changes, # We have refresh the custom.list dns list when caddy virtual hosts changes,
# the easiest way to do so is to restart the pihole container. # the easiest way to do so is to restart the pihole container.
# #
@ -50,7 +63,6 @@ in
}; };
virtualisation.oci-containers.containers.${name} = { virtualisation.oci-containers.containers.${name} = {
inherit image; inherit image;
hostname = name;
environment = { environment = {
TZ = "Asia/Jakarta"; TZ = "Asia/Jakarta";
PIHOLE_DNS_ = "192.168.100.5"; PIHOLE_DNS_ = "192.168.100.5";
@ -75,7 +87,7 @@ in
]; ];
extraOptions = [ extraOptions = [
"--ip=${ip}" "--ip=${ip}"
"--network=podman" "--network=${name}"
"--cap-add=NET_ADMIN" "--cap-add=NET_ADMIN"
"--cap-add=NET_BIND_SERVICE" "--cap-add=NET_BIND_SERVICE"
"--cap-add=NET_RAW" "--cap-add=NET_RAW"

View file

@ -1,54 +0,0 @@
{ config, lib, ... }:
let
name = "qbittorrent";
domain = "${name}.tigor.web.id";
podman = config.profile.podman;
qbittorrent = podman.qbittorrent;
inherit (lib) mkIf;
ip = "10.88.0.7";
image = "lscr.io/linuxserver/qbittorrent:latest";
volume = "/nas/torrents";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && qbittorrent.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${volume}/{config,downloads,progress,watch}
chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
WEBUI_PORT = "8080";
TORRENTING_PORT = "6881";
};
volumes = [
"${volume}/config:/config"
"${volume}/downloads:/downloads"
"${volume}/progress:/progress"
"${volume}/watch:/watch"
];
ports = [
"6881:6881"
"6881:6881/udp"
];
extraOptions = [
"--ip=${ip}"
"--network=podman"
];
};
};
}

View file

@ -1,45 +0,0 @@
{ config, lib, ... }:
let
name = "redmage-demo";
podman = config.profile.podman;
inherit (lib) mkIf;
ip = "10.88.0.3";
image = "git.tigor.web.id/tigor/redmage:latest";
rootVolume = "/nas/redmage-demo";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/db
mkdir -p ${rootVolume}/images
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/db ${rootVolume}/images
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
};
volumes = [
"${rootVolume}/db:/app/db"
"${rootVolume}/images:/app/downloads"
];
extraOptions = [
"--network=podman"
"--ip=${ip}"
];
};
};
}

View file

@ -1,45 +0,0 @@
{ config, lib, ... }:
let
name = "redmage";
podman = config.profile.podman;
inherit (lib) mkIf;
ip = "10.88.0.2";
image = "git.tigor.web.id/tigor/redmage:latest";
rootVolume = "/nas/redmage";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/db
mkdir -p ${rootVolume}/images
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/db ${rootVolume}/images
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
};
volumes = [
"${rootVolume}/db:/app/db"
"${rootVolume}/images:/app/downloads"
];
extraOptions = [
"--network=podman"
"--ip=${ip}"
];
};
};
}

View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
name = "suwayomi"; name = "suwayomi";
name-flaresolverr = "${name}-flaresolverr"; name-flaresolverr = "${name}-flaresolverr";
@ -6,8 +6,11 @@ let
podman = config.profile.podman; podman = config.profile.podman;
suwayomi = podman.suwayomi; suwayomi = podman.suwayomi;
inherit (lib) mkIf; inherit (lib) mkIf;
ip = "10.88.0.5"; subnet = "10.1.1.8/29";
ip-flaresolverr = "10.88.0.6"; gateway = "10.1.1.9";
ip = "10.1.1.10";
ip-flaresolverr = "10.1.1.11";
ip-range = "10.1.1.10/29";
image = "ghcr.io/suwayomi/tachidesk:latest"; image = "ghcr.io/suwayomi/tachidesk:latest";
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest"; image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
volume = "/nas/podman/suwayomi"; volume = "/nas/podman/suwayomi";
@ -21,14 +24,22 @@ in
reverse_proxy ${ip}:4567 reverse_proxy ${ip}:4567
''; '';
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
system.activationScripts."podman-${name}" = '' system.activationScripts."podman-${name}" = ''
mkdir -p ${volume} mkdir -p ${volume}
chown ${uid}:${gid} ${volume} chown -R ${uid}:${gid} ${volume}
''; '';
virtualisation.oci-containers.containers.${name} = { virtualisation.oci-containers.containers.${name} = {
inherit image; inherit image;
hostname = name;
autoStart = true; autoStart = true;
user = "${uid}:${gid}"; user = "${uid}:${gid}";
environment = { environment = {
@ -50,21 +61,20 @@ in
]; ];
extraOptions = [ extraOptions = [
"--ip=${ip}" "--ip=${ip}"
"--network=podman" "--network=${name}"
]; ];
dependsOn = [ "${name}-flaresolverr" ]; dependsOn = [ "${name}-flaresolverr" ];
}; };
virtualisation.oci-containers.containers.${name-flaresolverr} = { virtualisation.oci-containers.containers.${name-flaresolverr} = {
image = image-flaresolverr; image = image-flaresolverr;
hostname = name-flaresolverr;
autoStart = true; autoStart = true;
environment = { environment = {
TZ = "Asia/Jakarta"; TZ = "Asia/Jakarta";
}; };
extraOptions = [ extraOptions = [
"--ip=${ip-flaresolverr}" "--ip=${ip-flaresolverr}"
"--network=podman" "--network=${name}"
]; ];
}; };
}; };

View file

@ -3,7 +3,10 @@ let
name = "ytptube"; name = "ytptube";
podman = config.profile.podman; podman = config.profile.podman;
inherit (lib) mkIf; inherit (lib) mkIf;
ip = "10.88.0.4"; gateway = "10.1.1.5";
subnet = "10.1.1.4/30";
ip = "10.1.1.6";
ip-range = "10.1.1.6/30";
image = "ghcr.io/arabcoders/${name}:latest"; image = "ghcr.io/arabcoders/${name}:latest";
volume = "/nas/mediaserver/${name}"; volume = "/nas/mediaserver/${name}";
domain = "${name}.tigor.web.id"; domain = "${name}.tigor.web.id";
@ -16,6 +19,17 @@ in
services.caddy.virtualHosts.${domain}.extraConfig = '' services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8081 reverse_proxy ${ip}:8081
''; '';
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
system.activationScripts."podman-${name}" = '' system.activationScripts."podman-${name}" = ''
mkdir -p ${volume} mkdir -p ${volume}
chown -R ${uid}:${gid} ${volume} chown -R ${uid}:${gid} ${volume}
@ -62,7 +76,6 @@ in
virtualisation.oci-containers.containers.${name} = { virtualisation.oci-containers.containers.${name} = {
inherit image; inherit image;
hostname = name;
autoStart = true; autoStart = true;
user = "${uid}:${gid}"; user = "${uid}:${gid}";
environment = { environment = {
@ -74,7 +87,7 @@ in
]; ];
extraOptions = [ extraOptions = [
"--ip=${ip}" "--ip=${ip}"
"--network=podman" "--network=${name}"
]; ];
}; };
}; };

View file

@ -16,10 +16,7 @@ in
upstream_recursive_servers = [ upstream_recursive_servers = [
{ {
address_data = "1.1.1.1"; address_data = "1.1.1.1";
tls_auth_name = "cloudflare-dns.com"; tls_port = 853;
}
{
address_data = "1.0.0.1";
tls_auth_name = "cloudflare-dns.com"; tls_auth_name = "cloudflare-dns.com";
} }
]; ];