Skip to content

Commit 8d8c2e0

Browse files
inverted-treeinverted-tree
committed
Update annotations
1 parent bc83224 commit 8d8c2e0

File tree

11 files changed

+507
-185
lines changed

11 files changed

+507
-185
lines changed

flake.lock

Lines changed: 9 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

hosts/itxserver/configuration.nix

Lines changed: 40 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,35 @@
1-
{
2-
config,
3-
lib,
4-
pkgs,
5-
...
6-
}@args:
7-
let
8-
inherit (args) inputs;
9-
in
10-
{
1+
# ███████╗██╗ ██╗███████╗ ██████╗ ██████╗ ███╗ ██╗███████╗██╗ ██████╗
2+
# ██╔════╝╚██╗ ██╔╝██╔════╝ ██╔════╝██╔═══██╗████╗ ██║██╔════╝██║██╔════╝
3+
# ███████╗ ╚████╔╝ ███████╗ ██║ ██║ ██║██╔██╗ ██║█████╗ ██║██║ ███╗
4+
# ╚════██║ ╚██╔╝ ╚════██║ ██║ ██║ ██║██║╚██╗██║██╔══╝ ██║██║ ██║
5+
# ███████║ ██║ ███████║ ╚██████╗╚██████╔╝██║ ╚████║██║ ██║╚██████╔╝
6+
# ╚══════╝ ╚═╝ ╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═════╝
7+
# ════════════════════════════════════════════════════════════════════════════
8+
# This configuration is for the itx server that hosts all the docker containers
9+
# and backup services in the lab.
10+
11+
{ config, lib, pkgs, ... }@args:
12+
let inherit (args) inputs;
13+
in {
1114
imports = [
12-
# The hardware-dependent options
15+
# The hardware-dependent options:
1316
./hardware-configuration.nix
14-
# All (shared/non-specific) users
17+
# The users for this system:
1518
../../users/lukas.nix
1619
../../users/docker.nix
17-
# All custom modules
20+
# The custom modules:
21+
../../modules/containers/atuin.nix
1822
../../modules/containers/stump.nix
1923
../../modules/containers/homeassistant.nix
2024
../../modules/containers/plex.nix
2125
../../modules/containers/freshrss.nix
22-
# Any other modules
26+
../../modules/containers/paperless-ngx.nix
27+
# Any other modules:
2328
inputs.sops-nix.nixosModules.sops
2429
];
2530

31+
nix.settings.experimental-features = [ "nix-command" "flakes" ];
32+
2633
sops = {
2734
defaultSopsFormat = "dotenv";
2835
age.keyFile = "/home/lukas/.config/sops/age/keys.txt";
@@ -36,11 +43,6 @@ in
3643
};
3744
};
3845

39-
nix.settings.experimental-features = [
40-
"nix-command"
41-
"flakes"
42-
];
43-
4446
time.timeZone = "Europe/Berlin";
4547

4648
boot = {
@@ -49,12 +51,10 @@ in
4951
zfsSupport = true;
5052
efiSupport = true;
5153
efiInstallAsRemovable = true;
52-
mirroredBoots = [
53-
{
54-
devices = [ "nodev" ];
55-
path = "/boot";
56-
}
57-
];
54+
mirroredBoots = [{
55+
devices = [ "nodev" ];
56+
path = "/boot";
57+
}];
5858
};
5959
zfs.extraPools = [ "zpool" ];
6060
};
@@ -68,27 +68,22 @@ in
6868
};
6969
useDHCP = false;
7070
interfaces = {
71-
eno1.ipv4.addresses = [
72-
{
73-
address = "10.0.0.10";
74-
prefixLength = 24;
75-
}
76-
];
71+
eno1.ipv4.addresses = [{
72+
address = "10.0.0.10";
73+
prefixLength = 24;
74+
}];
7775
};
7876
defaultGateway = {
7977
address = "10.0.0.1";
8078
interface = "eno1";
8179
};
82-
nameservers = [
83-
"1.1.1.1"
84-
"1.0.0.1"
85-
"100.100.100.100"
86-
];
80+
nameservers = [ "1.1.1.1" "1.0.0.1" "100.100.100.100" ];
8781
firewall = {
8882
allowedTCPPorts = [
89-
8123
83+
8123 # Home assistant web GUI
84+
8000
9085
8888
91-
32400
86+
32400 # Plex web GUI
9287
8384 # Syncthing web GUI
9388
22000 # Syncthing traffic
9489
];
@@ -136,9 +131,7 @@ in
136131
AllowUsers = [ "lukas" ];
137132
};
138133
};
139-
fail2ban = {
140-
enable = true;
141-
};
134+
fail2ban = { enable = true; };
142135
envfs.enable = true;
143136
tailscale.enable = true;
144137
syncthing = {
@@ -157,7 +150,8 @@ in
157150
};
158151
devices = {
159152
"MacBook-Pro" = {
160-
id = "GZAKPGB-BBVIY5T-2D3EY22-YYMGT5L-R3MNHGX-GYWNRWR-TG4BUMW-BQMBBAU";
153+
id =
154+
"GZAKPGB-BBVIY5T-2D3EY22-YYMGT5L-R3MNHGX-GYWNRWR-TG4BUMW-BQMBBAU";
161155
};
162156
};
163157
folders = {
@@ -169,6 +163,10 @@ in
169163
path = "/data/backups/lukas/documents";
170164
devices = [ "MacBook-Pro" ];
171165
};
166+
"Picture Archive" = {
167+
path = "/data/pictures/lukas/archive";
168+
devices = [ "MacBook-Pro" ];
169+
};
172170
};
173171
};
174172
};

modules/containers/atuin.nix

Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
# _█████╗ ████████╗██╗ ██╗██╗███╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
2+
# ██╔══██╗╚══██╔══╝██║ ██║██║████╗ ██║ ██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
3+
# ███████║ ██║ ██║ ██║██║██╔██╗ ██║ ███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
4+
# ██╔══██║ ██║ ██║ ██║██║██║╚██╗██║ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
5+
# ██║ ██║ ██║ ╚██████╔╝██║██║ ╚████║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
6+
# ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝╚═╝ ╚═══╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
7+
# ════════════════════════════════════════════════════════════════════════════════════════════
8+
# This module was auto-generated using compose2nix v0.3.2-pre and then edited
9+
# by hand. Atuin is a shell history database with advanced search features.
10+
# More information under https://docs.atuin.sh/self-hosting/docker.
11+
12+
{ pkgs, lib, config, ... }@args:
13+
let inherit (args) inputs;
14+
in {
15+
imports = [
16+
# The docker user:
17+
../../users/docker.nix
18+
# Any other modules:
19+
inputs.sops-nix.nixosModules.sops
20+
];
21+
22+
# Secrets are managed via sops
23+
sops = {
24+
# defaultSopsFile = ../../secrets/atuin.env.enc;
25+
# defaultSopsFormat = "dotenv";
26+
# age.keyFile = "/home/lukas/.config/sops/age/keys.txt";
27+
secrets.atuin-env = {
28+
sopsFile = ../../secrets/atuin.env.enc;
29+
format = "dotenv";
30+
};
31+
};
32+
33+
# Create persistent directory for postgres data
34+
systemd.tmpfiles.rules = [
35+
"d /srv/atuin/database 0750 docker docker -"
36+
"d /srv/atuin/config 0750 docker docker -"
37+
];
38+
39+
# # Runtime
40+
# virtualisation.docker = {
41+
# enable = true;
42+
# autoPrune.enable = true;
43+
# };
44+
# virtualisation.oci-containers.backend = "docker";
45+
46+
# Define the containers
47+
virtualisation.oci-containers.containers."atuin-server" = {
48+
image = "ghcr.io/atuinsh/atuin:latest";
49+
environment = {
50+
"ATUIN_HOST" = "0.0.0.0";
51+
"ATUIN_OPEN_REGISTRATION" = "true";
52+
"RUST_LOG" = "info,atuin_server=debug";
53+
};
54+
environmentFiles = [ config.sops.secrets.atuin-env.path ];
55+
volumes = [ "/srv/atuin/config:/config:rw" ];
56+
ports = [ "8888:8888/tcp" ];
57+
cmd = [ "server" "start" ];
58+
dependsOn = [ "atuin-server-postgresql" ];
59+
log-driver = "journald";
60+
extraOptions = [ "--network-alias=atuin" "--network=atuin-server_default" ];
61+
user = "990:131";
62+
};
63+
systemd.services."docker-atuin-server" = {
64+
serviceConfig = {
65+
Restart = lib.mkOverride 90 "always";
66+
RestartMaxDelaySec = lib.mkOverride 90 "1m";
67+
RestartSec = lib.mkOverride 90 "100ms";
68+
RestartSteps = lib.mkOverride 90 9;
69+
};
70+
after = [ "docker-network-atuin-server_default.service" ];
71+
requires = [ "docker-network-atuin-server_default.service" ];
72+
partOf = [ "docker-compose-atuin-server-root.target" ];
73+
wantedBy = [ "docker-compose-atuin-server-root.target" ];
74+
};
75+
76+
virtualisation.oci-containers.containers."atuin-server-postgresql" = {
77+
image = "postgres:14";
78+
environment = { };
79+
volumes = [ "/srv/atuin/database:/var/lib/postgresql/data:rw" ];
80+
log-driver = "journald";
81+
extraOptions =
82+
[ "--network-alias=postgresql" "--network=atuin-server_default" ];
83+
environmentFiles = [ config.sops.secrets.atuin-env.path ];
84+
user = "990:131";
85+
};
86+
systemd.services."docker-atuin-server-postgresql" = {
87+
serviceConfig = {
88+
Restart = lib.mkOverride 90 "always";
89+
RestartMaxDelaySec = lib.mkOverride 90 "1m";
90+
RestartSec = lib.mkOverride 90 "100ms";
91+
RestartSteps = lib.mkOverride 90 9;
92+
};
93+
after = [ "docker-network-atuin-server_default.service" ];
94+
requires = [ "docker-network-atuin-server_default.service" ];
95+
partOf = [ "docker-compose-atuin-server-root.target" ];
96+
wantedBy = [ "docker-compose-atuin-server-root.target" ];
97+
};
98+
99+
# Networks
100+
systemd.services."docker-network-atuin-server_default" = {
101+
path = [ pkgs.docker ];
102+
serviceConfig = {
103+
Type = "oneshot";
104+
RemainAfterExit = true;
105+
ExecStop = "docker network rm -f atuin-server_default";
106+
};
107+
script = ''
108+
docker network inspect atuin-server_default || docker network create atuin-server_default
109+
'';
110+
partOf = [ "docker-compose-atuin-server-root.target" ];
111+
wantedBy = [ "docker-compose-atuin-server-root.target" ];
112+
};
113+
114+
# Root service
115+
# When started, this will automatically create all resources and start
116+
# the containers. When stopped, this will teardown all resources.
117+
systemd.targets."docker-compose-atuin-server-root" = {
118+
unitConfig = { Description = "Root target generated by compose2nix."; };
119+
wantedBy = [ "multi-user.target" ];
120+
};
121+
}

modules/containers/freshrss.nix

Lines changed: 25 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,30 @@
1-
# Auto-generated using compose2nix v0.3.1. Edited.
2-
{
3-
pkgs,
4-
lib,
5-
config,
6-
...
7-
}@args:
8-
let
9-
inherit (args) inputs;
10-
in
11-
{
12-
imports = [ inputs.sops-nix.nixosModules.sops ];
1+
# ███████╗██████╗ ███████╗███████╗██╗ ██╗ ██████╗ ███████╗███████╗
2+
# ██╔════╝██╔══██╗██╔════╝██╔════╝██║ ██║ ██╔══██╗██╔════╝██╔════╝
3+
# █████╗ ██████╔╝█████╗ ███████╗███████║ ██████╔╝███████╗███████╗
4+
# ██╔══╝ ██╔══██╗██╔══╝ ╚════██║██╔══██║ ██╔══██╗╚════██║╚════██║
5+
# ██║ ██║ ██║███████╗███████║██║ ██║ ██║ ██║███████║███████║
6+
# ╚═╝ ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚══════╝╚══════╝
7+
# ════════════════════════════════════════════════════════════════════
8+
# This module was auto-generated using compose2nix v0.3.1 and then
9+
# edited by hand. FreshRSS is a RSS feed aggregator. More information
10+
# under https://github.com/linuxserver/docker-freshrss.
11+
12+
{ pkgs, lib, config, ... }@args:
13+
let inherit (args) inputs;
14+
in {
15+
imports = [
16+
# The docker user:
17+
../../users/docker.nix
18+
# Any other modules:
19+
inputs.sops-nix.nixosModules.sops
20+
];
1321

1422
# Secrets are managed via sops
1523
sops = {
16-
defaultSopsFile = ../../secrets/freshrss.env.enc;
17-
defaultSopsFormat = "dotenv";
18-
age.keyFile = "/home/lukas/.config/sops/age/keys.txt";
19-
secrets.freshrss-env = { };
24+
secrets.freshrss-env = {
25+
sopsFile = ../../secrets/freshrss.env.enc;
26+
format = "dotenv";
27+
};
2028
};
2129

2230
# Create persistent directory for container data
@@ -25,13 +33,6 @@ in
2533
"d /srv/freshrss/config 0750 docker docker -"
2634
];
2735

28-
# Runtime
29-
virtualisation.docker = {
30-
enable = true;
31-
autoPrune.enable = true;
32-
};
33-
virtualisation.oci-containers.backend = "docker";
34-
3536
# Containers
3637
virtualisation.oci-containers.containers."freshrss" = {
3738
image = "freshrss/freshrss:latest";
@@ -86,9 +87,7 @@ in
8687
# When started, this will automatically create all resources and start
8788
# the containers. When stopped, this will teardown all resources.
8889
systemd.targets."docker-compose-freshrss-root" = {
89-
unitConfig = {
90-
Description = "Root target generated by compose2nix.";
91-
};
90+
unitConfig = { Description = "Root target generated by compose2nix."; };
9291
wantedBy = [ "multi-user.target" ];
9392
};
9493
}

0 commit comments

Comments
 (0)