From 7a3a2a9f69c5e12cba99b23e113fee443d6dca00 Mon Sep 17 00:00:00 2001 From: soraefir Date: Fri, 1 Dec 2023 12:54:30 +0100 Subject: [PATCH] [m] Server: adding docker --- modules/home/wayland/apps/dunst/default.nix | 14 +-- systems/asguard/default.nix | 4 +- systems/avalon/home.nix | 2 - systems/avalon/server/default.nix | 4 + systems/avalon/server/docker/default.nix | 106 ++++++++++++++++++++ 5 files changed, 118 insertions(+), 12 deletions(-) create mode 100644 systems/avalon/server/default.nix create mode 100644 systems/avalon/server/docker/default.nix diff --git a/modules/home/wayland/apps/dunst/default.nix b/modules/home/wayland/apps/dunst/default.nix index 386c8e2..e56a8da 100755 --- a/modules/home/wayland/apps/dunst/default.nix +++ b/modules/home/wayland/apps/dunst/default.nix @@ -26,8 +26,8 @@ padding = "12"; horizontal_padding = "15"; text_icon_padding = "0"; - frame_width = "2"; - frame_color = "#${config.colorScheme.colors.base03}"; + frame_width = "${config.colorScheme.colors.border-width}"; + frame_color = "#${config.colorScheme.colors.base04}"; separator_color = "auto"; sort = "yes"; font = "IBM Plex Mono 14"; @@ -69,23 +69,23 @@ }; urgency_low = { - background = "#${config.colorScheme.colors.base00}"; + background = "#${config.colorScheme.colors.base01}"; foreground = "#${config.colorScheme.colors.base07}"; frame_color = "#${config.colorScheme.colors.base03}"; timeout = "3"; highlight = "#${config.colorScheme.colors.base0B}"; }; urgency_normal = { - background = "#${config.colorScheme.colors.base00}"; + background = "#${config.colorScheme.colors.base01}"; foreground = "#${config.colorScheme.colors.base07}"; - frame_color = "#${config.colorScheme.colors.base03}"; + frame_color = "#${config.colorScheme.colors.base04}"; timeout = "5"; highlight = "#${config.colorScheme.colors.base0C}"; }; urgency_critical = { - background = "#${config.colorScheme.colors.base00}"; + background = "#${config.colorScheme.colors.base01}"; foreground = "#${config.colorScheme.colors.base0F}"; - frame_color = "#${config.colorScheme.colors.base03}"; + frame_color = "#${config.colorScheme.colors.base0F}"; timeout = "10"; highlight = "#${config.colorScheme.colors.base0E}"; }; diff --git a/systems/asguard/default.nix b/systems/asguard/default.nix index dc1b570..eb7983e 100755 --- a/systems/asguard/default.nix +++ b/systems/asguard/default.nix @@ -1,6 +1,4 @@ -{ config, pkgs, ... }: - -{ +{ config, pkgs, ... }: { imports = [ ]; users.users.sora = { diff --git a/systems/avalon/home.nix b/systems/avalon/home.nix index 778bf2e..39a06bc 100644 --- a/systems/avalon/home.nix +++ b/systems/avalon/home.nix @@ -1,6 +1,4 @@ { ... }: { - imports = [ ./display.nix ]; - config.homecfg = { username = "sora"; make = { diff --git a/systems/avalon/server/default.nix b/systems/avalon/server/default.nix new file mode 100644 index 0000000..facb35d --- /dev/null +++ b/systems/avalon/server/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + +} diff --git a/systems/avalon/server/docker/default.nix b/systems/avalon/server/docker/default.nix new file mode 100644 index 0000000..68b6aa6 --- /dev/null +++ b/systems/avalon/server/docker/default.nix @@ -0,0 +1,106 @@ +{ pkgs, ... }: +let + HOST_DOMAIN = "helcel.net"; + MAIL_HOST_DOMAIN = "norereply.${HOST_DOMAIN}"; + MAIL_SERVER_DOMAIN = "mail.infomaniak.com"; +in { + project.name = "Authentik"; + + networks = { + internal = { + internal = true; + external = false; + }; + external = { external = true; }; + }; + + services = { + + auth_postgresql.service = { + image = "postgres:14-alpine"; + container_name = "auth_postgresql"; + restart = "unless-stopped"; + networks = [ "internal" ]; + volumes = [ ]; + environment = { + POSTGRES_PASSWORD = "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD"; + POSTGRES_USER = "authentik"; + POSTGRES_DB = "authentik"; + }; + }; + + auth_redis.service = { + image = "redis:alpine"; + container_name = "auth_redis"; + restart = "unless-stopped"; + networks = [ "internal" ]; + volumes = [ ]; + environment = { }; + labels = { "traefik.enable" = "false"; }; + }; + + auth_server.service = { + image = "ghcr.io/goauthentik/server:latest"; + container_name = "auth_server"; + restart = "unless-stopped"; + networks = [ "internal" "external" ]; + volumes = [ + "/media/data/authentik/media:/media" + "/media/data/authentik/templates:/templates" + ]; + environment = { + "AUTHENTIK_REDIS__HOST" = "auth_redis"; + "AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql"; + "AUTHENTIK_POSTGRESQL__USER" = "authentik"; + "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; + "AUTHENTIK_POSTGRESQL__PASSWORD" = + "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD"; + "AUTHENTIK_SECRET_KEY" = "/run/secrets/AUTHENTIK_SECRET_KEY"; + "AUTHENTIK_EMAIL__HOST" = "${MAIL_SERVER_DOMAIN}"; + "AUTHENTIK_EMAIL__PORT" = "587"; + "AUTHENTIK_EMAIL__USERNAME" = "noreply@${MAIL_HOST_DOMAIN}"; + "AUTHENTIK_EMAIL__PASSWORD" = "/run/secrets/AUTHENTIK_EMAIL__PASSWORD"; + "AUTHENTIK_EMAIL__USE_TLS" = "true"; + "AUTHENTIK_EMAIL__USE_SSL" = "false"; + "AUTHENTIK_EMAIL__TIMEOUT" = "10"; + "AUTHENTIK_EMAIL__FROM" = "sso@noreply.${MAIL_HOST_DOMAIN}"; + }; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.sso.entrypoints" = "web-secure"; + "traefik.http.routers.sso.rule" = "Host(`sso.${HOST_DOMAIN}`)"; + "traefik.http.routers.sso.tls" = "true"; + "traefik.http.services.sso.loadbalancer.server.port" = "9000"; + "traefik.docker.network" = "external"; + }; + command = "server"; + service.ports = [ + "9999:9000" # host:container + ]; + }; + + auth_worker.service = { + image = "ghcr.io/goauthentik/server:latest"; + container_name = "auth_worker"; + restart = "unless-stopped"; + networks = [ "internal" ]; + volumes = [ + "/media/data/authentik/media:/media" + "/media/data/authentik/templates:/templates" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + "AUTHENTIK_REDIS__HOST" = "auth_redis"; + "AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql"; + "AUTHENTIK_POSTGRESQL__USER" = "authentik"; + "AUTHENTIK_POSTGRESQL__NAME" = "authentik"; + "AUTHENTIK_POSTGRESQL__PASSWORD" = + "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD"; + "AUTHENTIK_SECRET_KEY" = "/run/secrets/AUTHENTIK_SECRET_KEY"; + }; + labels = { "traefik.enable" = "false"; }; + command = "worker"; + user = "root"; + }; + }; +}