nix: move settings.containers to top-level custom
Signed-off-by: Myned <dev@bjork.tech>
This commit is contained in:
parent
3e787c2cba
commit
0fe3308ef6
19 changed files with 90 additions and 87 deletions
|
@ -4,9 +4,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.actualbudget;
|
cfg = config.custom.containers.actualbudget;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.actualbudget.enable = mkOption {default = false;};
|
options.custom.containers.actualbudget.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
#?? arion-actualbudget pull
|
#?? arion-actualbudget pull
|
||||||
|
@ -21,7 +21,7 @@ in {
|
||||||
image = "actualbudget/actual-server:24.9.0";
|
image = "actualbudget/actual-server:24.9.0";
|
||||||
ports = ["5006:5006"];
|
ports = ["5006:5006"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/actualbudget/data:/data"];
|
volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
|
||||||
# TODO: Set up trusted proxies
|
# TODO: Set up trusted proxies
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -5,9 +5,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.coturn;
|
cfg = config.custom.containers.coturn;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.coturn.enable = mkOption {default = false;};
|
options.custom.containers.coturn.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = let
|
age.secrets = let
|
||||||
|
@ -33,7 +33,7 @@ in {
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"${config.custom.settings.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf"
|
"${config.custom.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -43,7 +43,7 @@ in {
|
||||||
# HACK: Copy with global read-only permissions in container directory which is assumed to be locked down
|
# HACK: Copy with global read-only permissions in container directory which is assumed to be locked down
|
||||||
# https://github.com/moby/moby/issues/2259
|
# https://github.com/moby/moby/issues/2259
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"C ${config.custom.settings.containers.directory}/coturn/coturn.conf 0444 - - - ${
|
"C ${config.custom.containers.directory}/coturn/coturn.conf 0444 - - - ${
|
||||||
config.age.secrets."${config.custom.profile}/coturn/coturn.conf".path
|
config.age.secrets."${config.custom.profile}/coturn/coturn.conf".path
|
||||||
}"
|
}"
|
||||||
];
|
];
|
|
@ -6,10 +6,10 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers;
|
cfg = config.custom.containers;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers = {
|
options.custom.containers = {
|
||||||
enable = mkOption {default = false;};
|
enable = mkOption {default = config.custom.full;};
|
||||||
boot = mkOption {default = false;};
|
boot = mkOption {default = false;};
|
||||||
directory = mkOption {default = "/containers";};
|
directory = mkOption {default = "/containers";};
|
||||||
docker = mkOption {default = true;};
|
docker = mkOption {default = true;};
|
|
@ -5,9 +5,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.forgejo;
|
cfg = config.custom.containers.forgejo;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.forgejo.enable = mkOption {default = false;};
|
options.custom.containers.forgejo.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = let
|
age.secrets = let
|
||||||
|
@ -38,7 +38,7 @@ in {
|
||||||
env_file = [config.age.secrets."${config.custom.profile}/forgejo/.env".path];
|
env_file = [config.age.secrets."${config.custom.profile}/forgejo/.env".path];
|
||||||
image = "codeberg.org/forgejo/forgejo:8";
|
image = "codeberg.org/forgejo/forgejo:8";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/forgejo/data:/data"];
|
volumes = ["${config.custom.containers.directory}/forgejo/data:/data"];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
"127.0.0.1:3333:3000"
|
"127.0.0.1:3333:3000"
|
||||||
|
@ -51,7 +51,7 @@ in {
|
||||||
env_file = [config.age.secrets."${config.custom.profile}/forgejo/db.env".path];
|
env_file = [config.age.secrets."${config.custom.profile}/forgejo/db.env".path];
|
||||||
image = "postgres:15";
|
image = "postgres:15";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/forgejo/db:/var/lib/postgresql/data"];
|
volumes = ["${config.custom.containers.directory}/forgejo/db:/var/lib/postgresql/data"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -5,9 +5,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.foundryvtt;
|
cfg = config.custom.containers.foundryvtt;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.foundryvtt.enable = mkOption {default = false;};
|
options.custom.containers.foundryvtt.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = let
|
age.secrets = let
|
||||||
|
@ -31,7 +31,7 @@ in {
|
||||||
image = "felddy/foundryvtt:12";
|
image = "felddy/foundryvtt:12";
|
||||||
ports = ["127.0.0.1:30000:30000"];
|
ports = ["127.0.0.1:30000:30000"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/foundryvtt/data:/data"];
|
volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -6,9 +6,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.headscale;
|
cfg = config.custom.containers.headscale;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.headscale.enable = mkOption {default = false;};
|
options.custom.containers.headscale.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = let
|
age.secrets = let
|
||||||
|
@ -43,8 +43,8 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"${config.custom.settings.containers.directory}/headscale/config:/etc/headscale"
|
"${config.custom.containers.directory}/headscale/config:/etc/headscale"
|
||||||
"${config.custom.settings.containers.directory}/headscale/data:/var/lib/headscale"
|
"${config.custom.containers.directory}/headscale/data:/var/lib/headscale"
|
||||||
|
|
||||||
# Minimum config.yaml
|
# Minimum config.yaml
|
||||||
# https://github.com/juanfont/headscale/blob/main/config-example.yaml
|
# https://github.com/juanfont/headscale/blob/main/config-example.yaml
|
|
@ -4,9 +4,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.homeassistant;
|
cfg = config.custom.containers.homeassistant;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.homeassistant.enable = mkOption {default = false;};
|
options.custom.containers.homeassistant.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
#?? arion-homeassistant pull
|
#?? arion-homeassistant pull
|
||||||
|
@ -21,7 +21,7 @@ in {
|
||||||
image = "homeassistant/home-assistant:2024.9.1";
|
image = "homeassistant/home-assistant:2024.9.1";
|
||||||
ports = ["8123:8123"];
|
ports = ["8123:8123"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/homeassistant/config:/config"];
|
volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -5,9 +5,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.mastodon;
|
cfg = config.custom.containers.mastodon;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.mastodon.enable = mkOption {default = false;};
|
options.custom.containers.mastodon.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = let
|
age.secrets = let
|
||||||
|
@ -34,7 +34,7 @@ in {
|
||||||
image = "lscr.io/linuxserver/mastodon:4.2.12";
|
image = "lscr.io/linuxserver/mastodon:4.2.12";
|
||||||
ports = ["3000:443"];
|
ports = ["3000:443"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/mastodon/config:/config"];
|
volumes = ["${config.custom.containers.directory}/mastodon/config:/config"];
|
||||||
|
|
||||||
depends_on = [
|
depends_on = [
|
||||||
"cache"
|
"cache"
|
||||||
|
@ -46,7 +46,7 @@ in {
|
||||||
container_name = "mastodon-cache";
|
container_name = "mastodon-cache";
|
||||||
image = "redis:latest";
|
image = "redis:latest";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/mastodon/cache:/data"];
|
volumes = ["${config.custom.containers.directory}/mastodon/cache:/data"];
|
||||||
};
|
};
|
||||||
|
|
||||||
db.service = {
|
db.service = {
|
||||||
|
@ -54,7 +54,7 @@ in {
|
||||||
env_file = [config.age.secrets."${config.custom.profile}/mastodon/db.env".path];
|
env_file = [config.age.secrets."${config.custom.profile}/mastodon/db.env".path];
|
||||||
image = "postgres:15";
|
image = "postgres:15";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/mastodon/db:/var/lib/postgresql/data"];
|
volumes = ["${config.custom.containers.directory}/mastodon/db:/var/lib/postgresql/data"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -5,9 +5,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.nextcloud;
|
cfg = config.custom.containers.nextcloud;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.nextcloud.enable = mkOption {default = false;};
|
options.custom.containers.nextcloud.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = let
|
age.secrets = let
|
||||||
|
@ -35,8 +35,8 @@ in {
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"${config.custom.settings.containers.directory}/nextcloud/app:/var/www/html"
|
"${config.custom.containers.directory}/nextcloud/app:/var/www/html"
|
||||||
"${config.custom.settings.containers.directory}/nextcloud/data:/var/www/html/data"
|
"${config.custom.containers.directory}/nextcloud/data:/var/www/html/data"
|
||||||
];
|
];
|
||||||
|
|
||||||
depends_on = [
|
depends_on = [
|
||||||
|
@ -63,7 +63,7 @@ in {
|
||||||
container_name = "nextcloud-cache";
|
container_name = "nextcloud-cache";
|
||||||
image = "redis:latest";
|
image = "redis:latest";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.settings.containers.directory}/nextcloud/cache:/data"];
|
volumes = ["${config.custom.containers.directory}/nextcloud/cache:/data"];
|
||||||
};
|
};
|
||||||
|
|
||||||
db.service = {
|
db.service = {
|
||||||
|
@ -73,7 +73,7 @@ in {
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"${config.custom.settings.containers.directory}/nextcloud/db:/var/lib/postgresql/data"
|
"${config.custom.containers.directory}/nextcloud/db:/var/lib/postgresql/data"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -4,9 +4,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.redlib;
|
cfg = config.custom.containers.redlib;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.redlib.enable = mkOption {default = false;};
|
options.custom.containers.redlib.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
#?? arion-redlib pull
|
#?? arion-redlib pull
|
|
@ -5,9 +5,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.custom.settings.containers.searxng;
|
cfg = config.custom.containers.searxng;
|
||||||
in {
|
in {
|
||||||
options.custom.settings.containers.searxng.enable = mkOption {default = false;};
|
options.custom.containers.searxng.enable = mkOption {default = false;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = let
|
age.secrets = let
|
|
@ -191,7 +191,7 @@ in {
|
||||||
(key "Up" "Super" "movewindow" "u")
|
(key "Up" "Super" "movewindow" "u")
|
||||||
(key "Up" "Super+Shift" "movewindoworgroup" "u")
|
(key "Up" "Super+Shift" "movewindoworgroup" "u")
|
||||||
|
|
||||||
(key "0" "Super" "exec" "${audio} --bypass")
|
(key "0" "Super" "exec" "${audio}")
|
||||||
(key "0" "Super+Shift" "exec" "${zoom}")
|
(key "0" "Super+Shift" "exec" "${zoom}")
|
||||||
(key "1" "Ctrl+Alt" "exec" "lifx state --brightness 0.01")
|
(key "1" "Ctrl+Alt" "exec" "lifx state --brightness 0.01")
|
||||||
(key "1" "Super" "workspace" "1")
|
(key "1" "Super" "workspace" "1")
|
||||||
|
|
|
@ -62,7 +62,6 @@ in {
|
||||||
ms-python.black-formatter
|
ms-python.black-formatter
|
||||||
ms-python.debugpy
|
ms-python.debugpy
|
||||||
ms-python.isort
|
ms-python.isort
|
||||||
ms-python.python
|
|
||||||
natizyskunk.sftp
|
natizyskunk.sftp
|
||||||
pkief.material-icon-theme
|
pkief.material-icon-theme
|
||||||
pkief.material-product-icons
|
pkief.material-product-icons
|
||||||
|
@ -72,10 +71,11 @@ in {
|
||||||
vincaslt.highlight-matching-tag
|
vincaslt.highlight-matching-tag
|
||||||
]
|
]
|
||||||
++ (with (repo "vscode-marketplace"); [
|
++ (with (repo "vscode-marketplace"); [
|
||||||
# Some extensions go missing from open-vsx, so use official marketplace as fallback
|
#!! Some extensions go missing from open-vsx, so use official marketplace as fallback
|
||||||
# https://github.com/nix-community/nix-vscode-extensions?tab=readme-ov-file#note
|
# https://github.com/nix-community/nix-vscode-extensions?tab=readme-ov-file#note
|
||||||
bodil.blueprint-gtk
|
bodil.blueprint-gtk
|
||||||
cormoran.disable-default-keybinding
|
cormoran.disable-default-keybinding
|
||||||
|
ms-python.python
|
||||||
sirmspencer.vscode-autohide
|
sirmspencer.vscode-autohide
|
||||||
]);
|
]);
|
||||||
};
|
};
|
||||||
|
|
|
@ -13,11 +13,13 @@ in {
|
||||||
# https://gitlab.com/samba-team/samba
|
# https://gitlab.com/samba-team/samba
|
||||||
#!! User configuration is imperative
|
#!! User configuration is imperative
|
||||||
#?? sudo smbpasswd -a $USER
|
#?? sudo smbpasswd -a $USER
|
||||||
services.samba = {
|
services.samba =
|
||||||
|
if (versionAtLeast version "24.11")
|
||||||
|
then {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
|
||||||
nmbd.enable = false;
|
nmbd.enable = false;
|
||||||
nsswins = false;
|
nsswins = false;
|
||||||
|
openFirewall = true;
|
||||||
|
|
||||||
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
|
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -39,6 +41,7 @@ in {
|
||||||
"writeable" = "yes";
|
"writeable" = "yes";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
|
else {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,7 +25,6 @@ with lib; {
|
||||||
|
|
||||||
(mkIf config.custom.full {
|
(mkIf config.custom.full {
|
||||||
accounts.enable = true;
|
accounts.enable = true;
|
||||||
containers.enable = true;
|
|
||||||
vm.enable = true;
|
vm.enable = true;
|
||||||
waydroid.enable = true;
|
waydroid.enable = true;
|
||||||
})
|
})
|
||||||
|
|
|
@ -3,6 +3,12 @@
|
||||||
profile = "sbc";
|
profile = "sbc";
|
||||||
programs.fastfetch.greet = true;
|
programs.fastfetch.greet = true;
|
||||||
|
|
||||||
|
containers = {
|
||||||
|
enable = true;
|
||||||
|
boot = true;
|
||||||
|
homeassistant.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
tailscale.cert = true;
|
tailscale.cert = true;
|
||||||
|
|
||||||
|
@ -27,12 +33,6 @@
|
||||||
settings = {
|
settings = {
|
||||||
boot.u-boot = true;
|
boot.u-boot = true;
|
||||||
networking.wifi = true;
|
networking.wifi = true;
|
||||||
|
|
||||||
containers = {
|
|
||||||
enable = true;
|
|
||||||
boot = true;
|
|
||||||
homeassistant.enable = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,21 @@
|
||||||
profile = "server";
|
profile = "server";
|
||||||
programs.fastfetch.greet = true;
|
programs.fastfetch.greet = true;
|
||||||
|
|
||||||
|
containers = {
|
||||||
|
enable = true;
|
||||||
|
boot = true;
|
||||||
|
actualbudget.enable = true;
|
||||||
|
coturn.enable = true;
|
||||||
|
forgejo.enable = true;
|
||||||
|
foundryvtt.enable = true;
|
||||||
|
#// headscale.enable = true;
|
||||||
|
mastodon.enable = true;
|
||||||
|
netbox.enable = true;
|
||||||
|
nextcloud.enable = true;
|
||||||
|
redlib.enable = true;
|
||||||
|
searxng.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
caddy.enable = true;
|
caddy.enable = true;
|
||||||
matrix-conduit.enable = true;
|
matrix-conduit.enable = true;
|
||||||
|
@ -47,20 +62,6 @@
|
||||||
boot.systemd-boot = true;
|
boot.systemd-boot = true;
|
||||||
mounts.enable = true;
|
mounts.enable = true;
|
||||||
users.myned.linger = true;
|
users.myned.linger = true;
|
||||||
|
|
||||||
containers = {
|
|
||||||
enable = true;
|
|
||||||
boot = true;
|
|
||||||
actualbudget.enable = true;
|
|
||||||
coturn.enable = true;
|
|
||||||
forgejo.enable = true;
|
|
||||||
foundryvtt.enable = true;
|
|
||||||
#// headscale.enable = true;
|
|
||||||
mastodon.enable = true;
|
|
||||||
nextcloud.enable = true;
|
|
||||||
redlib.enable = true;
|
|
||||||
searxng.enable = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue