{ config, lib, pkgs, ... }: { virtualisation.oci-containers = { containers = { gitlab = { image = "gitlab/gitlab-ce:latest"; ports = [ "26616:80" "26617:22" ]; volumes = [ "/home/sezycei/srv/containerdata/gitlab/config:/etc/gitlab" "/home/sezycei/srv/containerdata/gitlab/log:/var/log/gitlab" "/home/sezycei/srv/containerdata/gitlab/data:/var/opt/gitlab" ]; environment = { GITLAB_OMNIBUS_CONFIG = '' external_url 'https://git.eversole.co' nginx['listen_port'] = 80 nginx['listen_https'] = false gitlab_rails['gitlab_shell_ssh_port'] = 26617 ''; }; }; # gitlab-runner = a service definition at the bottom of this file. jellyfin = { image = "linuxserver/jellyfin"; ports = [ "8096:8096" "8920:8920" ]; volumes = [ "/home/sezycei/srv/containerdata/jellyfin/config:/config" "/home/torrent/data/completed:/data/unsorted" "/home/torrent/data/TV:/data/tvshows" "/home/torrent/data/Movies:/data/movies" "/home/torrent/data/transcode:/data/transcode" "/home/torrent/data/Music:/data/music" ]; environment = { PGID = "1000"; PUID = "1000"; TZ = "America/Chicago"; UMASK_SET = "022"; }; }; mealie = { image = "hkotel/mealie:omni-nightly"; ports = [ "52230:3000" ]; volumes = [ "/home/sezycei/srv/containerdata/mealie/data:/app/data" "/home/sezycei/srv/containerdata/mealie/hosts:/etc/hosts" ]; environment = { ALLOW_SIGNUP = "false"; PGID = "1000"; PUID = "1000"; TZ = "America/Chicago"; BASE_URL = "https://food.eversole.co"; }; extraOptions = [ "--network=slirp4netns:enable_ipv6=false" ]; }; murmur = { image = "goofball222/murmur"; ports = [ "64738:64738" "64738:64738/udp" ]; volumes = [ "/home/sezycei/srv/containerdata/murmur/murmur/config:/opt/murmur/config" "/home/sezycei/srv/containerdata/murmur/murmur/data:/opt/murmur/data" "/home/sezycei/srv/containerdata/murmur/murmur/log:/opt/murmur/log" ]; environment = { }; }; purr = { image = "docker.matri.cx/purr"; ports = [ "5195:3000" ]; volumes = [ "/home/sezycei/dev/purr/data/Purr.sqlite:/app/data/Purr.sqlite" "/home/sezycei/dev/purr/config.dhall:/app/config.dhall" ]; environment = { }; }; registry = { image = "registry:2"; ports = [ "3001:5000" ]; volumes = [ "/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry" "/home/sezycei/srv/containerdata/registry/registry/certs:/certs" "/home/sezycei/srv/containerdata/registry/registry/auth:/auth" ]; environment = { }; }; transmission = { image = "haugene/transmission-openvpn"; ports = [ "9091:9091" ]; volumes = [ "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json" "/etc/localtime:/etc/localtime:ro" "/home/torrent/data:/data" ]; environmentFiles = [ config.age.secrets.transmission-env.path ]; extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ]; }; }; }; services.gitlab-runner = { enable = true; services = { nix = with lib; { registrationConfigFile = toString /run/agenix/gitlab-runner; dockerImage = "alpine"; dockerVolumes = [ "/nix/store:/nix/store:ro" "/nix/var/nix/db:/nix/var/nix/db:ro" "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" ]; preBuildScript = pkgs.writeScript "setup-container" '' mkdir -p -m 0755 /nix/var/log/nix/drvs mkdir -p -m 0755 /nix/var/nix/gcroots mkdir -p -m 0755 /nix/var/nix/profiles mkdir -p -m 0755 /nix/var/nix/temproots mkdir -p -m 0755 /nix/var/nix/userpool mkdir -p -m 1777 /nix/var/nix/gcroots/per-user mkdir -p -m 1777 /nix/var/nix/profiles/per-user mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root mkdir -p -m 0700 "$HOME/.nix-defexpr" . ${pkgs.nix}/etc/profile.d/nix-daemon.sh ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-23.05 nixpkgs ${pkgs.nix}/bin/nix-channel --update nixpkgs ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} # Config mkdir -p "$HOME/.config/nix" echo "experimental-features = nix-command flakes" >> "$HOME/.config/nix/nix.conf" echo "max-jobs = 8" >> "$HOME/.config/nix/nix.conf" echo "build-cores = 8" >> "$HOME/.config/nix/nix.conf" ''; environmentVariables = { ENV = "/etc/profile"; USER = "root"; NIX_REMOTE = "daemon"; PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; }; }; }; }; }