update docker configs, upgrade postgres

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-11-02 23:59:38 -04:00
parent 8de5a168ba
commit 9d8164f28d
12 changed files with 116 additions and 74 deletions
--- a/systems/palatine-hill/docker/archiveteam.nix
+++ b/systems/palatine-hill/docker/archiveteam.nix
@ -73,7 +73,7 @@ let
    };
    archiveteam-blogger = {
      image = "blogger-grab";
-      scale = 0;
+      scale = 1;
    };
    archiveteam-vbox7 = {
      image = "vbox7-grab";
@ -97,9 +97,8 @@ let
    };
  };
  container-spec = container-name: container: {
-    image = "atdr.meo.ws/archiveteam/${container}";
+    image = "atdr.meo.ws/archiveteam/${container}:latest";
    extraOptions = [
-      "--restart=unless-stopped"
      "--stop-signal=SIGINT"
    ];
    labels = {
--- a/systems/palatine-hill/docker/default.nix
+++ b/systems/palatine-hill/docker/default.nix
@ -8,17 +8,17 @@
 {
  imports = [
    ./archiveteam.nix
-    ./books.nix
-    ./firefly.nix
-    ./foundry.nix
+    # ./books.nix
+    #./firefly.nix
+    #./foundry.nix
    ./glances.nix
-    ./haproxy.nix
-    ./minecraft.nix
+    # ./haproxy.nix
+    # ./minecraft.nix
    ./nextcloud.nix
-    ./postgres.nix
-    ./restic.nix
-    ./torr.nix
-    ./unifi.nix
+    # ./postgres.nix
+    # ./restic.nix
+    # ./torr.nix
+    # ./unifi.nix
  ];

  virtualisation.oci-containers.backend = "docker";
--- a/systems/palatine-hill/docker/firefly.nix
+++ b/systems/palatine-hill/docker/firefly.nix
@ -8,7 +8,6 @@ in
    firefly = {
      image = "fireflyiii/core:latest";
      extraOptions = [
-        "--restart=always"
        "--network=firefly-iii_default"
        "--network=postgres-net"
      ];
@ -18,8 +17,7 @@ in
    };
    fidi = {
      image = "fireflyiii/data-importer:latest";
-      extraOptions = [ "--restart=always" ];
-      environmentFiles = [ "${ffiii_path}.fidi.env" ];
+      environmentFiles = [ "${ffiii_path}/.fidi.env" ];
      ports = [ "4187:8080" ];
      dependsOn = [ "firefly" ];
    };
--- a/systems/palatine-hill/docker/foundry.nix
+++ b/systems/palatine-hill/docker/foundry.nix
@ -16,7 +16,6 @@ in
      environmentFiles = [ config.sops.secrets."docker/foundry".path ];
      volumes = [ "${fvtt_path}:/data" ];
      extraOptions = [
-        "--restart=unless-stopped"
        "--network=haproxy-net"
      ];
    };
@ -24,5 +23,6 @@ in

  sops.secrets."docker/foundry" = {
    owner = "docker-service";
+    restartUnits = [ "docker-foundryvtt.service" ];
  };
 }
--- a/systems/palatine-hill/docker/glances.nix
+++ b/systems/palatine-hill/docker/glances.nix
@ -9,7 +9,6 @@ in
    glances = {
      image = "nicolargo/glances:latest-full";
      extraOptions = [
-        "--restart=always"
        "--pid=host"
        "--network=haproxy-net"
      ];
--- a/systems/palatine-hill/docker/nextcloud.nix
+++ b/systems/palatine-hill/docker/nextcloud.nix
@ -3,18 +3,20 @@
 let
  vars = import ../vars.nix;
  nextcloud_path = vars.primary_nextcloud;
+  redis_path = vars.primary_redis;

  # nextcloud-image = import ./nextcloud-image { inherit pkgs; };
  nextcloud-base = {
-    image = "nextcloud:stable-apache";
+    # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
+    image = "nextcloud-nextcloud";
    hostname = "nextcloud";
    volumes = [
      "${nextcloud_path}/nc_data:/var/www/html:z"
      "${nextcloud_path}/nc_php:/usr/local/etc/php"
      "${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
+      #"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
    ];
    extraOptions = [
-      "--restart=unless-stopped"
      "--network=haproxy-net"
      "--network=postgres-net"
      "--network=nextcloud_default"
@ -28,20 +30,19 @@ in
    nextcloud = nextcloud-base // {
      ports = [ "9999:80" ];
    };
-    nextcloud-cron = nextcloud-base // {
-      entrypoint = "/cron.sh";
-      dependsOn = [
-        "redis"
-        "nextcloud"
-      ];
-    };
    redis = {
      image = "redis:latest";
-      extraOptions = [ "--restart=unless-stopped" ];
-      volumes = [ "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf" ];
+      user = "600:600";
+      volumes = [
+        "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
+        "${redis_path}:/data"
+      ];
+      extraOptions = [
+        "--network=nextcloud_default"
+      ];
      cmd = [
        "redis-server"
-        config.sops.secrets."docker/redis".path
+        "/usr/local/etc/redis/redis.conf"
      ];
    };
    go-vod = {
@ -52,17 +53,33 @@ in
      };
      volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
      extraOptions = [
-        "--restart=always"
        "--device=/dev/dri:/dev/dri"
      ];
    };
  };

+  users.users.www-data = {
+    uid = 33;
+    isSystemUser = true;
+    group = "www-data";
+  };
+
+  users.groups.www-data = {
+    gid = 33;
+    members = [ "www-data" ];
+  };
+
  sops = {
    defaultSopsFile = ../secrets.yaml;
    secrets = {
-      "docker/redis".owner = "docker-service";
-      "docker/nextcloud".owner = "docker-service";
+      "docker/redis" = {
+        owner = "docker-service";
+        restartUnits = [ "docker-redis.service" ];
+      };
+      "docker/nextcloud" = {
+        owner = "www-data";
+        restartUnits = [ "docker-nextcloud.service" ];
+      };
    };
  };
 }