From 2cc71a7a349d9ed4353c6785f849c709cab4ae2a Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Sun, 9 Jun 2024 15:31:53 +0300 Subject: [PATCH] wip --- container/Change.nix | 28 ++++++++++++++-------------- container/Paste.nix | 22 ++++++++++------------ container/Postgres.nix | 21 +++++++++------------ container/Proxy.nix | 24 ++++++++++-------------- container/proxy/host/Default.nix | 2 -- host/desktop/Container.nix | 9 +++++++-- 6 files changed, 50 insertions(+), 56 deletions(-) delete mode 100644 container/proxy/host/Default.nix diff --git a/container/Change.nix b/container/Change.nix index 47bcc7c..2471ef3 100644 --- a/container/Change.nix +++ b/container/Change.nix @@ -1,19 +1,17 @@ -{ pkgs -, storage +{ storage +, domain , mkContainer , mkContainerConfig +, mkContainerDir , ... } @args: let - path = "${storage}/change"; + address = "10.1.0.41"; + path = "${storage}/change"; in { - systemd.tmpfiles.rules = map ( - dirName: "d '${path}/${dirName}' 1777 root root - -" - ) [ "data" ]; - - containers.change = mkContainer { - autoStart = true; - localAddress = "10.1.0.41"; - privateNetwork = true; + systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [ + "data" + ]; + containers.change = mkContainer address { bindMounts = { "/var/lib/changedetection-io" = { hostPath = "${path}/data"; @@ -21,10 +19,12 @@ in { }; }; - config = { config, lib, pkgs, ... }: mkContainerConfig { + config = { ... }: mkContainerConfig { services.changedetection-io = { - enable = true; - behindProxy = true; + enable = true; + baseURL = "https://change.${domain}"; + behindProxy = true; + listenAddress = address; }; }; }; diff --git a/container/Paste.nix b/container/Paste.nix index 2e68566..c05c2b2 100644 --- a/container/Paste.nix +++ b/container/Paste.nix @@ -2,26 +2,24 @@ , storage , const , domain -, host , util , mkContainer , mkContainerConfig +, mkContainerDir , mkServer , ... } @args: let - path = "${storage}/paste"; - package = (pkgs.callPackage ./pastebin args); + address = "10.1.0.14"; fqdn = "paste.${domain}"; + package = (pkgs.callPackage ./pastebin args); + path = "${storage}/paste"; in { - systemd.tmpfiles.rules = map ( - dirName: "d '${path}/${dirName}' 1777 root root - -" - ) [ "data" "tmp" "nginxtmp" "config" ]; - - containers.paste = mkContainer { - autoStart = true; - hostAddress = host; - localAddress = "10.1.0.14"; - privateNetwork = true; + systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [ + "data" + "tmp" + "nginxtmp" + ]; + containers.paste = mkContainer address { bindMounts = { "/srv/data" = { hostPath = "${path}/data"; diff --git a/container/Postgres.nix b/container/Postgres.nix index c459dc3..9c664cc 100644 --- a/container/Postgres.nix +++ b/container/Postgres.nix @@ -1,21 +1,18 @@ -{ pkgs -, storage +{ storage , const , host , mkContainer , mkContainerConfig +, mkContainerDir , ... } @args: let - path = "${storage}/postgres"; + address = "10.1.0.3"; + path = "${storage}/postgres"; in { - systemd.tmpfiles.rules = map ( - dirName: "d '${path}/${dirName}' 1777 root root - -" - ) [ "data" ]; - - containers.postgres = mkContainer { - autoStart = true; - localAddress = "10.1.0.3"; - privateNetwork = true; + systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [ + "data" + ]; + containers.postgres = mkContainer address { bindMounts = { "/var/lib/postgresql/data" = { hostPath = "${path}/data"; @@ -23,7 +20,7 @@ in { }; }; - config = { config, lib, pkgs, ... }: mkContainerConfig { + config = { lib, pkgs, ... }: mkContainerConfig { system.stateVersion = const.stateVersion; users.users.root.password = ""; diff --git a/container/Proxy.nix b/container/Proxy.nix index 3d5d3ad..5aa39ce 100644 --- a/container/Proxy.nix +++ b/container/Proxy.nix @@ -1,25 +1,21 @@ -{ pkgs -, storage +{ storage , const -, host , util , domain , mkContainer , mkContainerConfig +, mkContainerDir , ... } @args: let - path = "${storage}/proxy"; + address = "10.1.0.2"; + path = "${storage}/proxy"; virtualHosts = util.catSet (util.ls ./proxy/host) args; in { - systemd.tmpfiles.rules = map ( - dirName: "d '${path}/${dirName}' 1777 root root - -" - ) [ "challenge" "letsencrypt" ]; - - containers.proxy = mkContainer { - autoStart = true; - hostAddress = host; - localAddress = "10.1.0.2"; - privateNetwork = true; + systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [ + "challenge" + "letsencrypt" + ]; + containers.proxy = mkContainer address { bindMounts = { "/etc/letsencrypt" = { hostPath = "${path}/letsencrypt"; @@ -31,7 +27,7 @@ in { }; }; - config = { config, lib, pkgs, ... }: mkContainerConfig { + config = { lib, pkgs, ... }: mkContainerConfig { system.stateVersion = const.stateVersion; users.users.root.password = ""; diff --git a/container/proxy/host/Default.nix b/container/proxy/host/Default.nix deleted file mode 100644 index f365d8e..0000000 --- a/container/proxy/host/Default.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ domain, util, mkServer, ... }: { -} diff --git a/host/desktop/Container.nix b/host/desktop/Container.nix index 8dd6a1b..591d288 100644 --- a/host/desktop/Container.nix +++ b/host/desktop/Container.nix @@ -6,8 +6,11 @@ in { inherit storage domain host pkgs const lib config util; - mkContainer = cfg: lib.recursiveUpdate cfg { - hostAddress = host; + mkContainer = address: cfg: lib.recursiveUpdate cfg { + autoStart = true; + hostAddress = host; + localAddress = address; + privateNetwork = true; }; mkContainerConfig = cfg: lib.recursiveUpdate cfg { @@ -22,6 +25,8 @@ }; }; + mkContainerDir = path: "d '${path}' 1777 root root - -"; + mkServer = cfg: lib.recursiveUpdate cfg { forceSSL = false; };