ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

update docker configs, upgrade postgres

Browse Source 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
ahuston-0 2024-11-02 23:59:38 -04:00
parent 8de5a168ba
commit 9d8164f28d
No known key found for this signature in database
GPG Key ID: 47940175096C1330
12 changed files with 116 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
systems/palatine-hill/attic/default.nix
View File

@ -11,21 +11,6 @@
]; ];
services = { services = {
postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
upgrade = {
enable = true;
stopServices = [ "atticd" ];
};
};
atticd = { atticd = {
enable = true; enable = true;

26
systems/palatine-hill/configuration.nix
View File

@ -16,6 +16,7 @@
./minio.nix ./minio.nix
./networking.nix ./networking.nix
./nextcloud.nix ./nextcloud.nix
./postgresql.nix
./zfs.nix ./zfs.nix
]; ];
@ -68,31 +69,6 @@
smartd.enable = true; smartd.enable = true;
calibre-server.enable = true; calibre-server.enable = true;
postgresql = {
enable = true;
enableJIT = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
];
};
};
}; };
nix.gc.options = "--delete-older-than 150d"; nix.gc.options = "--delete-older-than 150d";

5
systems/palatine-hill/docker/archiveteam.nix
View File

@ -73,7 +73,7 @@ let
}; };
archiveteam-blogger = { archiveteam-blogger = {
image = "blogger-grab"; image = "blogger-grab";
scale = 0; scale = 1;
}; };
archiveteam-vbox7 = { archiveteam-vbox7 = {
image = "vbox7-grab"; image = "vbox7-grab";
@ -97,9 +97,8 @@ let
}; };
}; };
container-spec = container-name: container: { container-spec = container-name: container: {
image = "atdr.meo.ws/archiveteam/${container}"; image = "atdr.meo.ws/archiveteam/${container}:latest";
extraOptions = [ extraOptions = [
"--restart=unless-stopped"
"--stop-signal=SIGINT" "--stop-signal=SIGINT"
]; ];
labels = { labels = {

18
systems/palatine-hill/docker/default.nix
View File

@ -8,17 +8,17 @@
{ {
imports = [ imports = [
./archiveteam.nix ./archiveteam.nix
./books.nix # ./books.nix
./firefly.nix #./firefly.nix
./foundry.nix #./foundry.nix
./glances.nix ./glances.nix
./haproxy.nix # ./haproxy.nix
./minecraft.nix # ./minecraft.nix
./nextcloud.nix ./nextcloud.nix
./postgres.nix # ./postgres.nix
./restic.nix # ./restic.nix
./torr.nix # ./torr.nix
./unifi.nix # ./unifi.nix
]; ];
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";

4
systems/palatine-hill/docker/firefly.nix
View File

@ -8,7 +8,6 @@ in
firefly = { firefly = {
image = "fireflyiii/core:latest"; image = "fireflyiii/core:latest";
extraOptions = [ extraOptions = [
"--restart=always"
"--network=firefly-iii_default" "--network=firefly-iii_default"
"--network=postgres-net" "--network=postgres-net"
]; ];
@ -18,8 +17,7 @@ in
}; };
fidi = { fidi = {
image = "fireflyiii/data-importer:latest"; image = "fireflyiii/data-importer:latest";
extraOptions = [ "--restart=always" ]; environmentFiles = [ "${ffiii_path}/.fidi.env" ];
environmentFiles = [ "${ffiii_path}.fidi.env" ];
ports = [ "4187:8080" ]; ports = [ "4187:8080" ];
dependsOn = [ "firefly" ]; dependsOn = [ "firefly" ];
}; };

2
systems/palatine-hill/docker/foundry.nix
View File

@ -16,7 +16,6 @@ in
environmentFiles = [ config.sops.secrets."docker/foundry".path ]; environmentFiles = [ config.sops.secrets."docker/foundry".path ];
volumes = [ "${fvtt_path}:/data" ]; volumes = [ "${fvtt_path}:/data" ];
extraOptions = [ extraOptions = [
"--restart=unless-stopped"
"--network=haproxy-net" "--network=haproxy-net"
]; ];
}; };
@ -24,5 +23,6 @@ in
sops.secrets."docker/foundry" = { sops.secrets."docker/foundry" = {
owner = "docker-service"; owner = "docker-service";
restartUnits = [ "docker-foundryvtt.service" ];
}; };
} }

1
systems/palatine-hill/docker/glances.nix
View File

@ -9,7 +9,6 @@ in
glances = { glances = {
image = "nicolargo/glances:latest-full"; image = "nicolargo/glances:latest-full";
extraOptions = [ extraOptions = [
"--restart=always"
"--pid=host" "--pid=host"
"--network=haproxy-net" "--network=haproxy-net"
]; ];

47
systems/palatine-hill/docker/nextcloud.nix
View File

@ -3,18 +3,20 @@
let let
vars = import ../vars.nix; vars = import ../vars.nix;
nextcloud_path = vars.primary_nextcloud; nextcloud_path = vars.primary_nextcloud;
redis_path = vars.primary_redis;
# nextcloud-image = import ./nextcloud-image { inherit pkgs; }; # nextcloud-image = import ./nextcloud-image { inherit pkgs; };
nextcloud-base = { nextcloud-base = {
image = "nextcloud:stable-apache"; # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud";
hostname = "nextcloud"; hostname = "nextcloud";
volumes = [ volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z" "${nextcloud_path}/nc_data:/var/www/html:z"
"${nextcloud_path}/nc_php:/usr/local/etc/php" "${nextcloud_path}/nc_php:/usr/local/etc/php"
"${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting" "${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
#"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
]; ];
extraOptions = [ extraOptions = [
"--restart=unless-stopped"
"--network=haproxy-net" "--network=haproxy-net"
"--network=postgres-net" "--network=postgres-net"
"--network=nextcloud_default" "--network=nextcloud_default"
@ -28,20 +30,19 @@ in
nextcloud = nextcloud-base // { nextcloud = nextcloud-base // {
ports = [ "9999:80" ]; ports = [ "9999:80" ];
}; };
nextcloud-cron = nextcloud-base // {
entrypoint = "/cron.sh";
dependsOn = [
"redis"
"nextcloud"
];
};
redis = { redis = {
image = "redis:latest"; image = "redis:latest";
extraOptions = [ "--restart=unless-stopped" ]; user = "600:600";
volumes = [ "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf" ]; volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
"${redis_path}:/data"
];
extraOptions = [
"--network=nextcloud_default"
];
cmd = [ cmd = [
"redis-server" "redis-server"
config.sops.secrets."docker/redis".path "/usr/local/etc/redis/redis.conf"
]; ];
}; };
go-vod = { go-vod = {
@ -52,17 +53,33 @@ in
}; };
volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ]; volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
extraOptions = [ extraOptions = [
"--restart=always"
"--device=/dev/dri:/dev/dri" "--device=/dev/dri:/dev/dri"
]; ];
}; };
}; };
users.users.www-data = {
uid = 33;
isSystemUser = true;
group = "www-data";
};
users.groups.www-data = {
gid = 33;
members = [ "www-data" ];
};
sops = { sops = {
defaultSopsFile = ../secrets.yaml; defaultSopsFile = ../secrets.yaml;
secrets = { secrets = {
"docker/redis".owner = "docker-service"; "docker/redis" = {
"docker/nextcloud".owner = "docker-service"; owner = "docker-service";
restartUnits = [ "docker-redis.service" ];
};
"docker/nextcloud" = {
owner = "www-data";
restartUnits = [ "docker-nextcloud.service" ];
};
}; };
}; };
} }

1
systems/palatine-hill/firewall.nix
View File

@ -5,6 +5,7 @@
8081 8081
8082 8082
8443 8443
3000
]; ];
} }

62
systems/palatine-hill/postgresql.nix Normal file
View File

@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
...
}:
# sudo -u postgres vacuumdb --all --analyze-in-stages
# /var/lib/postgresql/16/delete_old_cluster.sh
let
vars = import ./vars.nix;
dataDir = "${vars.primary_db}/postgresql/nix/${config.services.postgresql.package.psqlSchema}";
backupLocation = "${vars.primary_db}/postgresql/nix_backups";
in
{
services = {
postgresql = {
inherit dataDir;
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
refreshCollation = true;
vacuumAnalyzeTimer.enable = true;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
"atticd"
];
};
};
postgresqlBackup = {
enable = true;
compression = "zstd";
compressionLevel = 19;
pgdumpOptions = "--create --clean";
location = backupLocation;
};
};
}

8
systems/palatine-hill/secrets.yaml
View File

@ -14,6 +14,10 @@ upsmon:
password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str] password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str]
minio: minio:
credentials: ENC[AES256_GCM,data:78ANAQ2756IISlkUFPxy9lQYRml8C9PvkkiXME4nMjtWwPgybvSM2nrO3yVhTgyOyUZjYYWzJlpwstfIAbuWEgGFhbMixSSNSgsWozojm0hWfPBWZ5x4iX++0ARFdfxIAjiGlM/HGa0YO/2tSA6oW6FqM4RbC1vPnqJc,iv:8Y+SilqKsUH/J6M+l4Wpm2J3nPXeoUhA1+GvhzlqMHE=,tag:5dYBlYPIUjd+U+r/dqJWIA==,type:str] credentials: ENC[AES256_GCM,data:78ANAQ2756IISlkUFPxy9lQYRml8C9PvkkiXME4nMjtWwPgybvSM2nrO3yVhTgyOyUZjYYWzJlpwstfIAbuWEgGFhbMixSSNSgsWozojm0hWfPBWZ5x4iX++0ARFdfxIAjiGlM/HGa0YO/2tSA6oW6FqM4RbC1vPnqJc,iv:8Y+SilqKsUH/J6M+l4Wpm2J3nPXeoUhA1+GvhzlqMHE=,tag:5dYBlYPIUjd+U+r/dqJWIA==,type:str]
docker:
foundry: ENC[AES256_GCM,data:K2dviECCTJTzDzMsnmJRmccA7AE7G9vy1yLvjYLFg4eLTsTLo0zatbtmqls5JIeDMTLdTBcELz+YpWYq1y9pY/nuzFfx1X77w3JwklAe7lYZ8vaTKS/ohvt3M/u3qC9Z1P2t/Uc=,iv:UdPMh+GVR1CkUSTb266DUC0E2bLmBn/cQK9V0962X8g=,tag:XC/a2B88QFeuAPuLriFN4A==,type:str]
nextcloud: ENC[AES256_GCM,data:Zg9TjF7H3gb73P1sYVuFTMzwuvPxQcS3l3Oy6uwI0k7yg643Pg8NKU/Vq+3znzwbZFUbUnmyZp20oS9JZeSoYDLle4FbEPvbZwE7T0xMQYXhGIFHUExKACBZvTIj+mI5ltcVgeMOS0nIt7OLr1tlQaT6/BdmVbBhU9ln2E7CRemjE1cqZE7GGCiMtRJ9eY1BM/z2PnfQGNn+gOlVs37yCz4Kt7CO3ZG1MweB/OxHqVPPxwhwoMneKWTYVou+eV6oeMyQA/PujLtW5fYdqq0rIGTl5Dt+PsbiqWjVIeL2I9mAFYpaXCJHVCLmKLRiD5RFjvnluvxl12fQg6SAnjGGsLC7f4e1Rn3fADWA/Wxn6xr51ZTtfTmIUFNhiXmrqp2D/uzZD3lrfriqVPajzsQipV8BVcvSWtzWrJEJkHUxXpiGspO3i6YPO5O0odu1zbM9EFx1NkxrT+OmPxfCSXQ/2C4h9KkABu/BDxMNQRzuks47h8VHlxGG3yt8PYBfygiedkUo4mx/tT704omTZALivtZ62X6Ey9Z/r3MtuoxeFpGDilG+U99hBIMoF47ICWZJhK+GoRpW4rrT2lkxAK1tV8bmKdAJAUsOT72qGLA3liVy,iv:3mOZtR1VH43DY5muW/jaTfoV93I+cl4ZbWFEZSe9gZM=,tag:nMZfN1718/fufrRHcHp3nA==,type:str]
redis: ENC[AES256_GCM,data:/3gCgqE5Jiplaw3SlbeA5dmOkCD5frZ9dhRYwhFGAbQ=,iv:8setdgbXwOfOOkEwqG70GjTYUty5clRmzdpPYfUcA9c=,tag:guSVDvr2ou9dLnVAfxfN7w==,type:str]
server-validation: server-validation:
webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str] webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str]
sops: sops:
@ -31,8 +35,8 @@ sops:
d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz
tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-21T03:48:29Z" lastmodified: "2024-11-02T22:44:22Z"
mac: ENC[AES256_GCM,data:4Pt9+NLI9fawOFo8eljafNF8UgIlkSWAuZKGi9GHlVTSqBnpVuVBb5WYhNxLJ/02a2kJ4M1v/YdFIOuLiUVjLopF0phpWZU96eCrblO+9qzss+LvwCTVoTWTzA3Mqh5nKOo2PC8pPi/LeNjdpbIkPZB56O3o8oq0IAQ92h+jCJo=,iv:SU1v+xDK2WW6ugf2Z9QkuwtghavBuKceOr0gQ38tF+0=,tag:U6l+qQZpEZF6TApBbBaqYg==,type:str] mac: ENC[AES256_GCM,data:8SO1wP5wWDTqut+GWtYv2rMjcLhOZmzeUViXxOHuKiqUr0mrNIonsRpZi/qVNmWkJ3svjrt6N1cyoGXcLzg+mcj7AA7jsARUhrG8awXjISW0n0LUz4TTIXvecVHmw6iKdMNt+5IvhQd3u+UM1WJxf8ELfy5D+z1NWjJ6YOcIEDw=,iv:xn4MGMS4k+BA50FuzCpmUfC3e790X1uLdbtSHUfO7r8=,tag:r0C/HNl3NGt6i89nRRAFoQ==,type:str]
pgp: pgp:
- created_at: "2024-09-05T06:10:49Z" - created_at: "2024-09-05T06:10:49Z"
enc: |- enc: |-

1
systems/palatine-hill/vars.nix
View File

@ -13,5 +13,6 @@ rec {
primary_libvirt = "${zfs_primary}/libvirt"; primary_libvirt = "${zfs_primary}/libvirt";
primary_minio = "${zfs_primary}/minio"; primary_minio = "${zfs_primary}/minio";
primary_nextcloud = "${zfs_primary}/nextcloud"; primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr"; primary_torr = "${zfs_primary}/torr";
} }