aboutsummaryrefslogtreecommitdiff
path: root/modules/containers
diff options
context:
space:
mode:
authortdback <tyler@tdback.net>2024-12-21 15:32:13 -0500
committertdback <tyler@tdback.net>2024-12-21 15:32:13 -0500
commit0a5754541bb01e96021ca7ee74f1256a8ee68bc4 (patch)
tree2d0b8089e98239963a1e240cff676b1515fc8431 /modules/containers
initial commit to self-hosted git
Diffstat (limited to 'modules/containers')
-rw-r--r--modules/containers/freshrss/default.nix30
-rw-r--r--modules/containers/jellyfin/default.nix27
-rw-r--r--modules/containers/pinchflat/default.nix23
-rw-r--r--modules/containers/vaultwarden/default.nix34
-rw-r--r--modules/containers/watchtower/default.nix15
5 files changed, 129 insertions, 0 deletions
diff --git a/modules/containers/freshrss/default.nix b/modules/containers/freshrss/default.nix
new file mode 100644
index 0000000..3854a8e
--- /dev/null
+++ b/modules/containers/freshrss/default.nix
@@ -0,0 +1,30 @@
+{ lib, ... }:
+let
+ directory = "/opt/freshrss";
+ port = "8888";
+in
+{
+ systemd.tmpfiles.rules =
+ map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory);
+
+ virtualisation.oci-containers.containers.freshrss = {
+ image = "freshrss/freshrss:latest";
+ autoStart = true;
+ ports = [
+ "${port}:80"
+ ];
+ volumes = [
+ "${directory}/data:/var/www/FreshRSS/data"
+ "${directory}/extensions:/var/www/FreshRSS/extensions"
+ ];
+ environment = {
+ TZ = "America/Detroit";
+ CRON_MIN = "*/20";
+ };
+ };
+
+ services.caddy.virtualHosts."fresh.brownbread.net".extraConfig = ''
+ encode zstd gzip
+ reverse_proxy http://localhost:${port}
+ '';
+}
diff --git a/modules/containers/jellyfin/default.nix b/modules/containers/jellyfin/default.nix
new file mode 100644
index 0000000..96b6deb
--- /dev/null
+++ b/modules/containers/jellyfin/default.nix
@@ -0,0 +1,27 @@
+{ lib, ... }:
+let
+ directory = "/opt/jellyfin";
+in
+{
+ systemd.tmpfiles.rules =
+ map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory);
+
+ virtualisation.oci-containers.containers.jellyfin = {
+ image = "jellyfin/jellyfin:latest";
+ autoStart = true;
+ user = "994:994";
+ ports = [
+ "8096:8096/tcp"
+ ];
+ volumes = [
+ "${directory}/config:/config"
+ "${directory}/cache:/cache"
+ "/lagoon/media:/media"
+ ];
+ };
+
+ services.caddy.virtualHosts."buttered.brownbread.net".extraConfig = ''
+ encode zstd gzip
+ reverse_proxy http://localhost:8096
+ '';
+}
diff --git a/modules/containers/pinchflat/default.nix b/modules/containers/pinchflat/default.nix
new file mode 100644
index 0000000..9428c32
--- /dev/null
+++ b/modules/containers/pinchflat/default.nix
@@ -0,0 +1,23 @@
+{ ... }:
+let
+ directories = [
+ "/opt/pinchflat"
+ ];
+in
+{
+ systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories;
+ virtualisation.oci-containers.containers.pinchflat = {
+ image = "keglin/pinchflat:latest";
+ autoStart = true;
+ ports = [
+ "8945:8945"
+ ];
+ volumes = [
+ "/opt/pinchflat:/config"
+ "/lagoon/media/yt:/downloads"
+ ];
+ environment = {
+ TZ = "America/Detroit";
+ };
+ };
+}
diff --git a/modules/containers/vaultwarden/default.nix b/modules/containers/vaultwarden/default.nix
new file mode 100644
index 0000000..cc6b86f
--- /dev/null
+++ b/modules/containers/vaultwarden/default.nix
@@ -0,0 +1,34 @@
+{ lib, ... }:
+let
+ directory = "/opt/vaultwarden";
+ domain = "steel-mountain.brownbread.net";
+ port = "11001";
+in
+{
+ systemd.tmpfiles.rules =
+ map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory);
+
+ virtualisation.oci-containers.containers.vaultwarden = {
+ image = "vaultwarden/server:latest";
+ autoStart = true;
+ ports = [
+ "${port}:80"
+ ];
+ volumes = [
+ "${directory}/data:/data"
+ ];
+ environment = {
+ DOMAIN = domain;
+ WEBSOCKET_ENABLED = "true";
+ SIGNUPS_ALLOWED = "false";
+ SHOW_PASSWORD_HINT = "false";
+ };
+ };
+
+ services.caddy.virtualHosts.${domain}.extraConfig = ''
+ encode zstd gzip
+ reverse_proxy http://localhost:${port} {
+ header_up X-Real-IP {remote_host}
+ }
+ '';
+}
diff --git a/modules/containers/watchtower/default.nix b/modules/containers/watchtower/default.nix
new file mode 100644
index 0000000..bc819cd
--- /dev/null
+++ b/modules/containers/watchtower/default.nix
@@ -0,0 +1,15 @@
+{ ... }:
+{
+ virtualisation.oci-containers.containers.watchtower = {
+ image = "containrrr/watchtower:latest";
+ autoStart = true;
+ volumes = [
+ "/var/run/podman/podman.sock:/var/run/docker.sock:ro"
+ "/etc/localtime:/etc/localtime:ro"
+ ];
+ environment = {
+ WATCHTOWER_CLEANUP = "true";
+ WATCHTOWER_SCHEDULE = "0 0 5 * * *";
+ };
+ };
+}