voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

WIP: Migrate from Docker to NixOS Containers. #67

Closed
voronind wants to merge 5 commits from migrate into main
pull from: migrate
merge into: voronind:main
Conversation 0 Commits 5 Files changed 18 +50 -56
6 changed files with 50 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 2cc71a7a34 - Show all commits

28
container/Change.nix
View file

@ -1,19 +1,17 @@
{ pkgs { storage
, storage , domain
, mkContainer , mkContainer
, mkContainerConfig , mkContainerConfig
, mkContainerDir
, ... } @args: let , ... } @args: let
path = "${storage}/change"; address = "10.1.0.41";
path = "${storage}/change";
in { in {
systemd.tmpfiles.rules = map ( systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [
dirName: "d '${path}/${dirName}' 1777 root root - -" "data"
) [ "data" ]; ];
containers.change = mkContainer {
autoStart = true;
localAddress = "10.1.0.41";
privateNetwork = true;
containers.change = mkContainer address {
bindMounts = { bindMounts = {
"/var/lib/changedetection-io" = { "/var/lib/changedetection-io" = {
hostPath = "${path}/data"; hostPath = "${path}/data";
@ -21,10 +19,12 @@ in {
}; };
}; };
config = { config, lib, pkgs, ... }: mkContainerConfig { config = { ... }: mkContainerConfig {
services.changedetection-io = { services.changedetection-io = {
enable = true; enable = true;
behindProxy = true; baseURL = "https://change.${domain}";
behindProxy = true;
listenAddress = address;
}; };
}; };
}; };

22
container/Paste.nix
View file

@ -2,26 +2,24 @@
, storage , storage
, const , const
, domain , domain
, host
, util , util
, mkContainer , mkContainer
, mkContainerConfig , mkContainerConfig
, mkContainerDir
, mkServer , mkServer
, ... } @args: let , ... } @args: let
path = "${storage}/paste"; address = "10.1.0.14";
package = (pkgs.callPackage ./pastebin args);
fqdn = "paste.${domain}"; fqdn = "paste.${domain}";
package = (pkgs.callPackage ./pastebin args);
path = "${storage}/paste";
in { in {
systemd.tmpfiles.rules = map ( systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [
dirName: "d '${path}/${dirName}' 1777 root root - -" "data"
) [ "data" "tmp" "nginxtmp" "config" ]; "tmp"
"nginxtmp"
containers.paste = mkContainer { ];
autoStart = true;
hostAddress = host;
localAddress = "10.1.0.14";
privateNetwork = true;
containers.paste = mkContainer address {
bindMounts = { bindMounts = {
"/srv/data" = { "/srv/data" = {
hostPath = "${path}/data"; hostPath = "${path}/data";

21
container/Postgres.nix
View file

@ -1,21 +1,18 @@
{ pkgs { storage
, storage
, const , const
, host , host
, mkContainer , mkContainer
, mkContainerConfig , mkContainerConfig
, mkContainerDir
, ... } @args: let , ... } @args: let
path = "${storage}/postgres"; address = "10.1.0.3";
path = "${storage}/postgres";
in { in {
systemd.tmpfiles.rules = map ( systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [
dirName: "d '${path}/${dirName}' 1777 root root - -" "data"
) [ "data" ]; ];
containers.postgres = mkContainer {
autoStart = true;
localAddress = "10.1.0.3";
privateNetwork = true;
containers.postgres = mkContainer address {
bindMounts = { bindMounts = {
"/var/lib/postgresql/data" = { "/var/lib/postgresql/data" = {
hostPath = "${path}/data"; hostPath = "${path}/data";
@ -23,7 +20,7 @@ in {
}; };
}; };
config = { config, lib, pkgs, ... }: mkContainerConfig { config = { lib, pkgs, ... }: mkContainerConfig {
system.stateVersion = const.stateVersion; system.stateVersion = const.stateVersion;
users.users.root.password = ""; users.users.root.password = "";

24
container/Proxy.nix
View file

@ -1,25 +1,21 @@
{ pkgs { storage
, storage
, const , const
, host
, util , util
, domain , domain
, mkContainer , mkContainer
, mkContainerConfig , mkContainerConfig
, mkContainerDir
, ... } @args: let , ... } @args: let
path = "${storage}/proxy"; address = "10.1.0.2";
path = "${storage}/proxy";
virtualHosts = util.catSet (util.ls ./proxy/host) args; virtualHosts = util.catSet (util.ls ./proxy/host) args;
in { in {
systemd.tmpfiles.rules = map ( systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [
dirName: "d '${path}/${dirName}' 1777 root root - -" "challenge"
) [ "challenge" "letsencrypt" ]; "letsencrypt"
];
containers.proxy = mkContainer {
autoStart = true;
hostAddress = host;
localAddress = "10.1.0.2";
privateNetwork = true;
containers.proxy = mkContainer address {
bindMounts = { bindMounts = {
"/etc/letsencrypt" = { "/etc/letsencrypt" = {
hostPath = "${path}/letsencrypt"; hostPath = "${path}/letsencrypt";
@ -31,7 +27,7 @@ in {
}; };
}; };
config = { config, lib, pkgs, ... }: mkContainerConfig { config = { lib, pkgs, ... }: mkContainerConfig {
system.stateVersion = const.stateVersion; system.stateVersion = const.stateVersion;
users.users.root.password = ""; users.users.root.password = "";

2
container/proxy/host/Default.nix
View file

@ -1,2 +0,0 @@
{ domain, util, mkServer, ... }: {
}

9
host/desktop/Container.nix
View file

@ -6,8 +6,11 @@
in { in {
inherit storage domain host pkgs const lib config util; inherit storage domain host pkgs const lib config util;
mkContainer = cfg: lib.recursiveUpdate cfg { mkContainer = address: cfg: lib.recursiveUpdate cfg {
hostAddress = host; autoStart = true;
hostAddress = host;
localAddress = address;
privateNetwork = true;
}; };
mkContainerConfig = cfg: lib.recursiveUpdate cfg { mkContainerConfig = cfg: lib.recursiveUpdate cfg {
@ -22,6 +25,8 @@
}; };
}; };
mkContainerDir = path: "d '${path}' 1777 root root - -";
mkServer = cfg: lib.recursiveUpdate cfg { mkServer = cfg: lib.recursiveUpdate cfg {
forceSSL = false; forceSSL = false;
}; };