From 700476d9a0ed54de11c84ab2c28ece0a2a4e5d0d Mon Sep 17 00:00:00 2001 From: soraefir Date: Thu, 7 Dec 2023 01:07:31 +0100 Subject: [PATCH] [m] Added more docker services --- modules/home/cli/starship/default.nix | 8 +- .../docker/{default.nix => authentik.nix} | 21 ++- systems/avalon/server/docker/cloud.nix | 146 ++++++++++++++++++ systems/avalon/server/docker/sample.nix | 33 ++++ 4 files changed, 193 insertions(+), 15 deletions(-) rename systems/avalon/server/docker/{default.nix => authentik.nix} (82%) create mode 100644 systems/avalon/server/docker/cloud.nix create mode 100644 systems/avalon/server/docker/sample.nix diff --git a/modules/home/cli/starship/default.nix b/modules/home/cli/starship/default.nix index d5d86f8..5d2e5ed 100755 --- a/modules/home/cli/starship/default.nix +++ b/modules/home/cli/starship/default.nix @@ -45,10 +45,10 @@ truncation_symbol = "…/"; }; directory.substitutions = { - "documents" = " "; - "downloads" = " "; - "music" = " "; - "pictures" = " "; + "documents" = "󰮜 "; + "downloads" = "󱃩 "; + "files" = "󱧷 "; + "media" = "󱍚 "; }; env_var = { variable = "SHELLENVTYPE"; diff --git a/systems/avalon/server/docker/default.nix b/systems/avalon/server/docker/authentik.nix similarity index 82% rename from systems/avalon/server/docker/default.nix rename to systems/avalon/server/docker/authentik.nix index 68b6aa6..82ec055 100644 --- a/systems/avalon/server/docker/default.nix +++ b/systems/avalon/server/docker/authentik.nix @@ -3,6 +3,7 @@ let HOST_DOMAIN = "helcel.net"; MAIL_HOST_DOMAIN = "norereply.${HOST_DOMAIN}"; MAIL_SERVER_DOMAIN = "mail.infomaniak.com"; + DATA_PATH = "/media/data/"; in { project.name = "Authentik"; @@ -45,21 +46,20 @@ in { restart = "unless-stopped"; networks = [ "internal" "external" ]; volumes = [ - "/media/data/authentik/media:/media" - "/media/data/authentik/templates:/templates" + "${DATA_PATH}/authentik/media:/media" + "${DATA_PATH}/authentik/templates:/templates" ]; environment = { "AUTHENTIK_REDIS__HOST" = "auth_redis"; "AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql"; "AUTHENTIK_POSTGRESQL__USER" = "authentik"; "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; - "AUTHENTIK_POSTGRESQL__PASSWORD" = - "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD"; - "AUTHENTIK_SECRET_KEY" = "/run/secrets/AUTHENTIK_SECRET_KEY"; + "AUTHENTIK_POSTGRESQL__PASSWORD" ="AUTHENTIK_DB_PASSWORD"; + "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY"; "AUTHENTIK_EMAIL__HOST" = "${MAIL_SERVER_DOMAIN}"; "AUTHENTIK_EMAIL__PORT" = "587"; "AUTHENTIK_EMAIL__USERNAME" = "noreply@${MAIL_HOST_DOMAIN}"; - "AUTHENTIK_EMAIL__PASSWORD" = "/run/secrets/AUTHENTIK_EMAIL__PASSWORD"; + "AUTHENTIK_EMAIL__PASSWORD" = "AUTHENTIK_EMAIL_PASSWORD"; "AUTHENTIK_EMAIL__USE_TLS" = "true"; "AUTHENTIK_EMAIL__USE_SSL" = "false"; "AUTHENTIK_EMAIL__TIMEOUT" = "10"; @@ -85,8 +85,8 @@ in { restart = "unless-stopped"; networks = [ "internal" ]; volumes = [ - "/media/data/authentik/media:/media" - "/media/data/authentik/templates:/templates" + "${DATA_PATH}/authentik/media:/media" + "${DATA_PATH}/authentik/templates:/templates" "/var/run/docker.sock:/var/run/docker.sock" ]; environment = { @@ -94,9 +94,8 @@ in { "AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql"; "AUTHENTIK_POSTGRESQL__USER" = "authentik"; "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; - "AUTHENTIK_POSTGRESQL__PASSWORD" = - "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD"; - "AUTHENTIK_SECRET_KEY" = "/run/secrets/AUTHENTIK_SECRET_KEY"; + "AUTHENTIK_POSTGRESQL__PASSWORD" ="AUTHENTIK_DB_PASSWORD"; + "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY"; }; labels = { "traefik.enable" = "false"; }; command = "worker"; diff --git a/systems/avalon/server/docker/cloud.nix b/systems/avalon/server/docker/cloud.nix new file mode 100644 index 0000000..bebc7dc --- /dev/null +++ b/systems/avalon/server/docker/cloud.nix @@ -0,0 +1,146 @@ +{ pkgs, ... }: +let + HOST_DOMAIN = "helcel.net"; + DB_HOST = "10.10.1.2"; + DB_PORT = "3306"; + MAIL_HOST_DOMAIN = "norereply.${HOST_DOMAIN}"; + MAIL_SERVER_DOMAIN = "mail.infomaniak.com"; + DATA_PATH = "/media/data/"; +in { + project.name = "Cloud"; + + networks = { + internal = { + internal = true; + external = false; + }; + external = { external = true; }; + }; + + services = { + + cloud_nextcloud.service = { + image = "nextcloud:27"; + container_name = "cloud"; + restart = "unless-stopped"; + networks = [ "external" ]; + volumes = [ + "${DATA_PATH}/data/nextcloud:/var/www/html" + "${DATA_PATH}/data/music:/media/music" + "${DATA_PATH}/data/video:/media/video" + "${DATA_PATH}/data/photo:/media/photo" + ]; + tmpfs = [ "/tmp" ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.nextcloud.entrypoints" = "web-secure"; + "traefik.http.routers.nextcloud.rule" = "Host(`cloud.${HOST_DOMAIN}`)"; + "traefik.http.routers.nextcloud.tls" = "true"; + "traefik.http.routers.nextcloud.middlewares" = "sts_headers,nextcloud-caldav"; + + "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent" = "true"; + "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex" = "^https://(.*)/.well-known/(card|cal)dav"; + "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement" = "https://$\${1}/remote.php/dav/"; + "traefik.http.middlewares.sts_headers.headers.stsSeconds" = "15552000"; + "traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains" = "true"; + }; + }; + + cloud_office.service = { + image = "collabora/code:latest"; + container_name = "cloud_office"; + restart = "unless-stopped"; + networks = [ "external" ]; + volumes = [ ]; + environment = { + username = "COLLABORA_USER"; + password = "COLLABORA_PASSWORD"; + aliasgroup1 = "https://cloud.${HOST_DOMAIN}"; + server_name = "office.${HOST_DOMAIN}"; + VIRTUAL_HOST = "office.${HOST_DOMAIN}"; + VIRTUAL_PORT = "9980"; + VIRTUAL_PROTO = "http"; + DONT_GEN_SSL_CERT = "true"; + RESOLVE_TO_PROXY_IP = "true"; + NETWORK_ACCESS = "internal"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + dictionaries = "en fr de jp no"; + }; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.collabora.entrypoints" = "web-secure"; + "traefik.http.routers.collabora.rule" = "Host(`office.${HOST_DOMAIN}`)"; + "traefik.http.routers.collabora.tls" = "true"; + }; + }; + + cloud_etherpad.service = { + image = "etherpad/etherpad:latest"; + container_name = "etherpad"; + restart = "unless-stopped"; + networks = [ "external" ]; + volumes = [ + "${DATA_PATH}/ether/etherpad/data:/opt/etherpad-lite/var" + "/${DATA_PATH}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt" + ]; + environment = { + NODE_ENV = "production"; + TITLE = "Helcel-Pad"; + DB_TYPE = "mysql"; + DB_HOST = DB_HOST; + DB_PORT = DB_PORT; + DB_NAME = "etherpad"; + DB_USER = "ETHERPAD_DB_USER"; + DB_PASS = "ETHERPAD_DB_PASSWORD"; + DB_CHARSET = "utf8mb4"; + DEFAULT_PAD_TEXT = "P A D"; + PAD_OPTIONS_SHOW_LINE_NUMBERS = "true"; + PAD_OPTIONS_USE_MONOSPACE_FONT = "true"; + ADMIN_PASSWORD = "ETHERPAD_ADMIN_PASSWORD"; + SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background"; + }; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.etherpad.entrypoints" = "web-secure"; + "traefik.http.routers.etherpad.rule" = "Host(`pad.${HOST_DOMAIN}`)"; + "traefik.http.routers.etherpad.tls" = "true"; + }; + }; + + cloud_ethercalc.service = { + image = "audreyt/ethercalc:latest"; + container_name = "ethercalc"; + restart = "unless-stopped"; + networks = [ "external" "internal" ]; + volumes = [ + "${DATA_PATH}/ether/etherpad/data:/opt/etherpad-lite/var" + "/${DATA_PATH}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt" + ]; + environment = { + NODE_ENV = "production"; + TITLE = "Helcel-Calc"; + REDIS_PORT_6379_TCP_ADDR = "redis"; + REDIS_PORT_6379_TCP_PORT = "6379"; + ADMIN_PASSWORD = "ETHERPAD_ADMIN_PASSWORD"; + SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background"; + }; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.ethercalc.entrypoints" = "web-secure"; + "traefik.http.routers.ethercalc.rule" = "Host(`calc.${HOST_DOMAIN}`)"; + "traefik.http.routers.ethercalc.tls" = "true"; + }; + }; + + cloud_redis.service = { + image = "redis:latest"; + container_name = "ethercalc-redis"; + restart = "unless-stopped"; + networks = [ "internal" ]; + volumes = [ "${DATA_PATH}/ether/ethercalc/redis:/data" ]; + environment = { }; + labels = { "traefik.enable" = "false"; }; + }; + + }; +} diff --git a/systems/avalon/server/docker/sample.nix b/systems/avalon/server/docker/sample.nix new file mode 100644 index 0000000..680054b --- /dev/null +++ b/systems/avalon/server/docker/sample.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: +let + HOST_DOMAIN = "helcel.net"; + DB_HOST = "10.10.1.2"; + DB_PORT = "3306"; + MAIL_HOST_DOMAIN = "norereply.${HOST_DOMAIN}"; + MAIL_SERVER_DOMAIN = "mail.infomaniak.com"; + DATA_PATH = "/media/data/"; +in { + project.name = "NEW"; + + networks = { + internal = { + internal = true; + external = false; + }; + external = { external = true; }; + }; + + services = { + + NAME.service = { + image = "NAME:latest"; + container_name = "NAME"; + restart = "unless-stopped"; + networks = [ "internal" ]; + volumes = [ ]; + environment = { }; + labels = { "traefik.enable" = "false"; }; + }; + + }; +}