Remove Docker and replace Swarm orchestration with Podman systemd units
This commit is contained in:
94
containers.nix
Normal file
94
containers.nix
Normal file
@ -0,0 +1,94 @@
|
||||
{
|
||||
containers = {
|
||||
bind = {
|
||||
image = "sameersbn/bind:latest";
|
||||
ports =
|
||||
[ "0.0.0.0:53:53/tcp" "0.0.0.0:53:53/udp" "0.0.0.0:5053:10000/tcp" ];
|
||||
volumes = [ "/home/sezycei/srv/containerdata/bind/bind:/data" ];
|
||||
environmentFiles = [ /home/sezycei/srv/containerdata/bind/.env ];
|
||||
};
|
||||
jellyfin = {
|
||||
image = "linuxserver/jellyfin";
|
||||
ports = [ "0.0.0.0:8096:8096" "0.0.0.0:8920:8920" ];
|
||||
volumes = [
|
||||
"/home/sezycei/srv/containerdata/jellyfin/config:/config"
|
||||
"/home/torrent/data/completed:/data/unsorted"
|
||||
"/home/torrent/data/TV:/data/tvshows"
|
||||
"/home/torrent/data/Movies:/data/movies"
|
||||
"/home/torrent/data/transcode:/data/transcode"
|
||||
"/home/torrent/data/Music:/data/music"
|
||||
];
|
||||
environment = {
|
||||
PGID = "1000";
|
||||
PUID = "1000";
|
||||
TZ = "America/Chicago";
|
||||
UMASK_SET = "022";
|
||||
};
|
||||
};
|
||||
legit = {
|
||||
image = "docker.matri.cx/legit";
|
||||
ports = [ "0.0.0.0:5121:8080" ];
|
||||
volumes = [
|
||||
"/home/sezycei/srv/swarmconfig/legit/static:/static"
|
||||
"/home/sezycei/srv/swarmconfig/legit/templates:/templates"
|
||||
"/home/sezycei/srv/containerdata/legit/legit.yml:/legit.yml"
|
||||
"/home/sezycei/srv/containerdata/legit/repos:/var/www/git"
|
||||
];
|
||||
environment = { };
|
||||
};
|
||||
murmur = {
|
||||
image = "goofball222/murmur";
|
||||
ports = [ "0.0.0.0:64738:64738" "0.0.0.0:64738:64738/udp" ];
|
||||
volumes = [
|
||||
"/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
|
||||
"/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
|
||||
"/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
|
||||
];
|
||||
environment = { };
|
||||
};
|
||||
nginx = {
|
||||
image = "nginx:alpine";
|
||||
ports = [ "0.0.0.0:80:80" "0.0.0.0:443:443" "0.0.0.0:20222:20222" ];
|
||||
volumes = [
|
||||
"/home/sezycei/srv/web/www:/var/www/"
|
||||
"/home/sezycei/srv/web/configuration/nginx.conf:/etc/nginx/nginx.conf"
|
||||
"/home/sezycei/srv/web/configuration/htpasswd:/etc/nginx/htpasswd"
|
||||
"/home/sezycei/srv/web/configuration/htpasswd-dock:/etc/nginx/htpasswd-dock"
|
||||
"/home/sezycei/srv/web/configuration/sites-available:/etc/nginx/sites-enabled"
|
||||
"/home/sezycei/srv/web/ssl/letsencrypt:/etc/letsencrypt"
|
||||
"/home/sezycei/srv/web/ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem"
|
||||
];
|
||||
environment = { };
|
||||
};
|
||||
purr = {
|
||||
image = "docker.matri.cx/purr";
|
||||
ports = [ "0.0.0.0:5195:3000" ];
|
||||
volumes = [
|
||||
"/home/sezycei/dev/purr/data/Purr.sqlite:/app/data/Purr.sqlite"
|
||||
"/home/sezycei/dev/purr/config.dhall:/app/config.dhall"
|
||||
];
|
||||
environment = { };
|
||||
};
|
||||
registry = {
|
||||
image = "registry:2";
|
||||
ports = [ "0.0.0.0:3001:5000" ];
|
||||
volumes = [
|
||||
"/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
|
||||
"/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
|
||||
"/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
|
||||
];
|
||||
environment = { };
|
||||
};
|
||||
transmission = {
|
||||
image = "haugene/transmission-openvpn";
|
||||
ports = [ "0.0.0.0:9091:9091" ];
|
||||
volumes = [
|
||||
"/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"/home/torrent/data:/data"
|
||||
];
|
||||
environmentFiles = [ /home/sezycei/srv/containerdata/transmission/.env ];
|
||||
extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
52
flake.nix
52
flake.nix
@ -9,26 +9,30 @@
|
||||
|
||||
outputs = { self, nixpkgs, sops, ... }@attrs:
|
||||
let
|
||||
containerDef = import ./containers.nix;
|
||||
serviceContainers = containerDef.containers;
|
||||
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
system = "x86_64-linux";
|
||||
in {
|
||||
devShell.x86_64-linux = pkgs.mkShell {
|
||||
buildInputs =
|
||||
[ (pkgs.nixos { }).nixos-rebuild pkgs.terraform pkgs.sops ];
|
||||
shellHook =
|
||||
" alias deploy=\"nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0\"\n";
|
||||
shellHook = ''
|
||||
alias deploy="nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0"
|
||||
'';
|
||||
};
|
||||
|
||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
|
||||
|
||||
nixosConfigurations = {
|
||||
eve-psr-nix0 = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = attrs;
|
||||
modules = [
|
||||
({ modulesPath, ... }: {
|
||||
|
||||
imports = [ sops.nixosModules.sops ./hardware-configuration.nix ];
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
nix = {
|
||||
buildMachines = [ ];
|
||||
@ -36,6 +40,12 @@
|
||||
settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
time.timeZone = "America/Chicago";
|
||||
networking = {
|
||||
hostName = "eve-psr-nix0";
|
||||
firewall = {
|
||||
@ -44,9 +54,13 @@
|
||||
};
|
||||
};
|
||||
|
||||
time.timeZone = "America/Chicago";
|
||||
environment.systemPackages = with pkgs; [ git pciutils vim wget ];
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://hydra.matri.cx";
|
||||
@ -61,26 +75,24 @@
|
||||
useSubstitutes = true;
|
||||
|
||||
notificationSender = "hydra@matri.cx";
|
||||
buildMachinesFiles = [];
|
||||
buildMachinesFiles = [ ];
|
||||
};
|
||||
openssh.enable = true;
|
||||
};
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
liveRestore = false;
|
||||
virtualisation = {
|
||||
oci-containers = {
|
||||
backend = "podman";
|
||||
containers = serviceContainers;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ git pciutils vim wget ];
|
||||
|
||||
programs.zsh.enable = true;
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
users = {
|
||||
defaultUserShell = pkgs.zsh;
|
||||
users = {
|
||||
sezycei = {
|
||||
isNormalUser = true;
|
||||
initialPassword = "bootMaster";
|
||||
extraGroups = [ "wheel" "docker" ];
|
||||
extraGroups = [ "wheel" ];
|
||||
packages = with pkgs; [ byobu tmux stack ];
|
||||
};
|
||||
torrent = {
|
||||
@ -91,12 +103,12 @@
|
||||
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
sops = {
|
||||
age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };
|
||||
defaultSopsFile = ./secrets/keys.yaml;
|
||||
secrets = { hostname = { }; };
|
||||
secrets = {
|
||||
hostname = { };
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
@ -23,8 +23,8 @@ sops:
|
||||
S0JzQ1B6WUZlL0hVeXVMcFUyVDNBaVEKtbF6NwzyO69Y7Az36Wm4SOUNnQL7oCTU
|
||||
dx99asfwJW2+6wiofPbL6sn1LFIVqGH2jbAfeZIxyODabFYa8m984g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-06-09T19:16:10Z"
|
||||
mac: ENC[AES256_GCM,data:ayliPO8bDg0yTC1u5K1ZARdBPCOpb3g2UfEorak/RNq1KeTK4zTaWwvwr8xNIuqTFLxqAHJvMFVmEbUGgkH7wCE+5hYsun59dChnSASayEhxMdyPUnOauzaGVMuRm0q2D4UKfmtkTBEtnTM9yvDeBqd9LD0vqUpeltXggesdKCA=,iv:oq8GQPNjFaj6x28qtwcUakmbt4urZxDOls2Lw3Z4Rns=,tag:WK89gCSh0HT3Az5cMSpuRg==,type:str]
|
||||
lastmodified: "2023-06-25T18:25:59Z"
|
||||
mac: ENC[AES256_GCM,data:MCvfrJ+xA5SyY+PJBFN1SxbAhKYxk18wMUIb1Kg48rUzIyAlN+/TF24msjgae64xvYiKEIIWGtv4kbocghHVM/2JkLa3ddhv73XpoQtn/iswS5a3Bw1eg4uwzDRwX8WQAQN0/JJHIJYbHI5tL+zDwg2R9gi+upadOPq6h540b90=,iv:WaHzOtRRaqBvWd8LyBinpiXQkHxEUES+BCtR75uYCy8=,tag:P8t5LDwMBvurBM3Ktt/M2A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
Reference in New Issue
Block a user