From 0a5754541bb01e96021ca7ee74f1256a8ee68bc4 Mon Sep 17 00:00:00 2001 From: tdback Date: Sat, 21 Dec 2024 15:32:13 -0500 Subject: initial commit to self-hosted git --- modules/containers/freshrss/default.nix | 30 ++++++++++++++++++++++++++ modules/containers/jellyfin/default.nix | 27 ++++++++++++++++++++++++ modules/containers/pinchflat/default.nix | 23 ++++++++++++++++++++ modules/containers/vaultwarden/default.nix | 34 ++++++++++++++++++++++++++++++ modules/containers/watchtower/default.nix | 15 +++++++++++++ 5 files changed, 129 insertions(+) create mode 100644 modules/containers/freshrss/default.nix create mode 100644 modules/containers/jellyfin/default.nix create mode 100644 modules/containers/pinchflat/default.nix create mode 100644 modules/containers/vaultwarden/default.nix create mode 100644 modules/containers/watchtower/default.nix (limited to 'modules/containers') diff --git a/modules/containers/freshrss/default.nix b/modules/containers/freshrss/default.nix new file mode 100644 index 0000000..3854a8e --- /dev/null +++ b/modules/containers/freshrss/default.nix @@ -0,0 +1,30 @@ +{ lib, ... }: +let + directory = "/opt/freshrss"; + port = "8888"; +in +{ + systemd.tmpfiles.rules = + map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory); + + virtualisation.oci-containers.containers.freshrss = { + image = "freshrss/freshrss:latest"; + autoStart = true; + ports = [ + "${port}:80" + ]; + volumes = [ + "${directory}/data:/var/www/FreshRSS/data" + "${directory}/extensions:/var/www/FreshRSS/extensions" + ]; + environment = { + TZ = "America/Detroit"; + CRON_MIN = "*/20"; + }; + }; + + services.caddy.virtualHosts."fresh.brownbread.net".extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:${port} + ''; +} diff --git a/modules/containers/jellyfin/default.nix b/modules/containers/jellyfin/default.nix new file mode 100644 index 0000000..96b6deb --- /dev/null +++ b/modules/containers/jellyfin/default.nix @@ -0,0 +1,27 @@ +{ lib, ... }: +let + directory = "/opt/jellyfin"; +in +{ + systemd.tmpfiles.rules = + map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory); + + virtualisation.oci-containers.containers.jellyfin = { + image = "jellyfin/jellyfin:latest"; + autoStart = true; + user = "994:994"; + ports = [ + "8096:8096/tcp" + ]; + volumes = [ + "${directory}/config:/config" + "${directory}/cache:/cache" + "/lagoon/media:/media" + ]; + }; + + services.caddy.virtualHosts."buttered.brownbread.net".extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:8096 + ''; +} diff --git a/modules/containers/pinchflat/default.nix b/modules/containers/pinchflat/default.nix new file mode 100644 index 0000000..9428c32 --- /dev/null +++ b/modules/containers/pinchflat/default.nix @@ -0,0 +1,23 @@ +{ ... }: +let + directories = [ + "/opt/pinchflat" + ]; +in +{ + systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories; + virtualisation.oci-containers.containers.pinchflat = { + image = "keglin/pinchflat:latest"; + autoStart = true; + ports = [ + "8945:8945" + ]; + volumes = [ + "/opt/pinchflat:/config" + "/lagoon/media/yt:/downloads" + ]; + environment = { + TZ = "America/Detroit"; + }; + }; +} diff --git a/modules/containers/vaultwarden/default.nix b/modules/containers/vaultwarden/default.nix new file mode 100644 index 0000000..cc6b86f --- /dev/null +++ b/modules/containers/vaultwarden/default.nix @@ -0,0 +1,34 @@ +{ lib, ... }: +let + directory = "/opt/vaultwarden"; + domain = "steel-mountain.brownbread.net"; + port = "11001"; +in +{ + systemd.tmpfiles.rules = + map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory); + + virtualisation.oci-containers.containers.vaultwarden = { + image = "vaultwarden/server:latest"; + autoStart = true; + ports = [ + "${port}:80" + ]; + volumes = [ + "${directory}/data:/data" + ]; + environment = { + DOMAIN = domain; + WEBSOCKET_ENABLED = "true"; + SIGNUPS_ALLOWED = "false"; + SHOW_PASSWORD_HINT = "false"; + }; + }; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:${port} { + header_up X-Real-IP {remote_host} + } + ''; +} diff --git a/modules/containers/watchtower/default.nix b/modules/containers/watchtower/default.nix new file mode 100644 index 0000000..bc819cd --- /dev/null +++ b/modules/containers/watchtower/default.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + virtualisation.oci-containers.containers.watchtower = { + image = "containrrr/watchtower:latest"; + autoStart = true; + volumes = [ + "/var/run/podman/podman.sock:/var/run/docker.sock:ro" + "/etc/localtime:/etc/localtime:ro" + ]; + environment = { + WATCHTOWER_CLEANUP = "true"; + WATCHTOWER_SCHEDULE = "0 0 5 * * *"; + }; + }; +} -- cgit v1.2.3