nix-dotfiles/systems/jeeves/docker/web.nix

{ config, ... }:
{
  virtualisation.oci-containers.containers = {
    grafana = {
      image = "grafana/grafana-enterprise";
      volumes = [ "/zfs/media/docker/configs/grafana:/var/lib/grafana" ];
      user = "998:998";
      extraOptions = [ "--network=web" ];
      autoStart = true;
    };
    dnd_file_server = {
      image = "ubuntu/apache2:latest";
      volumes = [
        "/zfs/media/docker/templates/file_server/sites/:/etc/apache2/sites-enabled/"
        "/zfs/storage/main/Table_Top/:/data"
      ];
      extraOptions = [ "--network=web" ];
      autoStart = true;
    };
    arch_mirror = {
      image = "ubuntu/apache2:latest";
      volumes = [
        "/zfs/media/docker/templates/file_server/sites/:/etc/apache2/sites-enabled/"
        "/zfs/media/mirror/:/data"
      ];
      ports = [ "800:80" ];
      extraOptions = [ "--network=web" ];
      autoStart = true;
    };
    haproxy = {
      image = "haproxy:latest";
      user = "998:998";
      environment = {
        TZ = "Etc/EST";
      };
      volumes = [
        "/zfs/media/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem"
        "/root/nix-dotfiles/systems/jeeves/docker/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg"
      ];
      dependsOn = [
        "grafana"
        "arch_mirror"
        "dnd_file_server"
      ];
      extraOptions = [ "--network=web" ];
      autoStart = true;
    };
    cloud_flare_tunnel = {
      image = "cloudflare/cloudflared:latest";
      user = "docker-service:docker-service";
      cmd = [
        "tunnel"
        "run"
      ];
      environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ];
      dependsOn = [ "haproxy" ];
      extraOptions = [ "--network=web" ];
      autoStart = true;
    };
  };

  sops = {
    defaultSopsFile = ../secrets.yaml;
    secrets."docker/cloud_flare_tunnel".owner = "docker-service";
    secrets."docker/haproxy_cert" = {
      owner = "docker-service";
      path = "/zfs/media/docker/test_cloudflare.pem";
    };
  };
}
moving docker secrets to sops 2024-06-21 21:27:22 -04:00			`{ config, ... }:`
added web.nix 2024-05-27 16:08:29 -04:00			`{`
			`virtualisation.oci-containers.containers = {`
			`grafana = {`
			`image = "grafana/grafana-enterprise";`
removed Docker/Docker/Storage and Docker/Docker 2024-06-20 22:20:08 -04:00			`volumes = [ "/zfs/media/docker/configs/grafana:/var/lib/grafana" ];`
added web.nix 2024-05-27 16:08:29 -04:00			`user = "998:998";`
testing docker network 2024-05-27 16:30:26 -04:00			`extraOptions = [ "--network=web" ];`
added web.nix 2024-05-27 16:08:29 -04:00			`autoStart = true;`
			`};`
			`dnd_file_server = {`
			`image = "ubuntu/apache2:latest";`
			`volumes = [`
removed Docker/Docker/Storage and Docker/Docker 2024-06-20 22:20:08 -04:00			`"/zfs/media/docker/templates/file_server/sites/:/etc/apache2/sites-enabled/"`
moved storage to zfs 2024-06-21 10:31:06 -04:00			`"/zfs/storage/main/Table_Top/:/data"`
added web.nix 2024-05-27 16:08:29 -04:00			`];`
testing docker network 2024-05-27 16:30:26 -04:00			`extraOptions = [ "--network=web" ];`
added web.nix 2024-05-27 16:08:29 -04:00			`autoStart = true;`
			`};`
			`arch_mirror = {`
			`image = "ubuntu/apache2:latest";`
			`volumes = [`
removed Docker/Docker/Storage and Docker/Docker 2024-06-20 22:20:08 -04:00			`"/zfs/media/docker/templates/file_server/sites/:/etc/apache2/sites-enabled/"`
moved storage/main and media/mirror 2024-06-20 23:29:47 -04:00			`"/zfs/media/mirror/:/data"`
added web.nix 2024-05-27 16:08:29 -04:00			`];`
			`ports = [ "800:80" ];`
testing docker network 2024-05-27 16:30:26 -04:00			`extraOptions = [ "--network=web" ];`
added web.nix 2024-05-27 16:08:29 -04:00			`autoStart = true;`
			`};`
			`haproxy = {`
			`image = "haproxy:latest";`
			`user = "998:998";`
			`environment = {`
			`TZ = "Etc/EST";`
			`};`
			`volumes = [`
removed Docker/Docker/Storage and Docker/Docker 2024-06-20 22:20:08 -04:00			`"/zfs/media/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem"`
moving docker secrets to sops 2024-06-21 21:27:22 -04:00			`"/root/nix-dotfiles/systems/jeeves/docker/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg"`
added web.nix 2024-05-27 16:08:29 -04:00			`];`
			`dependsOn = [`
			`"grafana"`
			`"arch_mirror"`
			`"dnd_file_server"`
			`];`
testing docker network 2024-05-27 16:30:26 -04:00			`extraOptions = [ "--network=web" ];`
added web.nix 2024-05-27 16:08:29 -04:00			`autoStart = true;`
			`};`
			`cloud_flare_tunnel = {`
			`image = "cloudflare/cloudflared:latest";`
testing 2024-06-21 21:44:45 -04:00			`user = "docker-service:docker-service";`
RTFM 2024-05-27 16:11:08 -04:00			`cmd = [`
			`"tunnel"`
			`"run"`
			`];`
fixed typos 2024-06-21 21:33:35 -04:00			`environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ];`
added web.nix 2024-05-27 16:08:29 -04:00			`dependsOn = [ "haproxy" ];`
testing docker network 2024-05-27 16:30:26 -04:00			`extraOptions = [ "--network=web" ];`
added web.nix 2024-05-27 16:08:29 -04:00			`autoStart = true;`
			`};`
			`};`
moving docker secrets to sops 2024-06-21 21:27:22 -04:00
			`sops = {`
			`defaultSopsFile = ../secrets.yaml;`
fixed typos 2024-06-21 21:33:35 -04:00			`secrets."docker/cloud_flare_tunnel".owner = "docker-service";`
			`secrets."docker/haproxy_cert" = {`
moving docker secrets to sops 2024-06-21 21:27:22 -04:00			`owner = "docker-service";`
			`path = "/zfs/media/docker/test_cloudflare.pem";`
			`};`
			`};`
added web.nix 2024-05-27 16:08:29 -04:00			`}`