From b18438924b25728d1d6c7ddc36ce6a689b367e93 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 17 Aug 2024 21:49:31 -0400 Subject: [PATCH] add ffdl, foundry, haproxy, glances, and zfs vars Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/archiveteam.nix | 5 +- systems/palatine-hill/docker/books.nix | 32 +++ systems/palatine-hill/docker/default.nix | 13 +- systems/palatine-hill/docker/firefly.nix | 11 +- systems/palatine-hill/docker/foundry.nix | 28 +++ systems/palatine-hill/docker/glances.nix | 25 +++ systems/palatine-hill/docker/haproxy.cfg | 193 +++++++++++++++++++ systems/palatine-hill/docker/haproxy.nix | 33 ++++ systems/palatine-hill/docker/minecraft.nix | 8 +- systems/palatine-hill/docker/nextcloud.nix | 18 +- systems/palatine-hill/docker/postgres.nix | 20 +- systems/palatine-hill/docker/restic.nix | 10 +- systems/palatine-hill/docker/torr.nix | 14 +- systems/palatine-hill/docker/unifi.nix | 18 +- systems/palatine-hill/secrets.yaml | 5 +- systems/palatine-hill/vars.nix | 18 ++ 16 files changed, 395 insertions(+), 56 deletions(-) create mode 100644 systems/palatine-hill/docker/books.nix create mode 100644 systems/palatine-hill/docker/foundry.nix create mode 100644 systems/palatine-hill/docker/glances.nix create mode 100755 systems/palatine-hill/docker/haproxy.cfg create mode 100644 systems/palatine-hill/docker/haproxy.nix create mode 100644 systems/palatine-hill/vars.nix diff --git a/systems/palatine-hill/docker/archiveteam.nix b/systems/palatine-hill/docker/archiveteam.nix index b06f0be..fd2b9f5 100644 --- a/systems/palatine-hill/docker/archiveteam.nix +++ b/systems/palatine-hill/docker/archiveteam.nix @@ -106,12 +106,15 @@ let "com.centurylinklabs.watchtower.enable" = "true"; "com.centurylinklabs.watchtower.scope" = "archiveteam"; }; - volumes = [ "/ZFS/ZFS-primary/archiveteam/${container-name}:/grab/data" ]; + volumes = [ "${at_path}/${container-name}:/grab/data" ]; log-driver = "local"; cmd = lib.splitString " " "--concurrent 6 AmAnd0"; }; inherit (lib.rad-dev.container-utils) createTemplatedContainers; + + vars = import ../vars.nix; + at_path = vars.primary_archiveteam; in { virtualisation.oci-containers.containers = diff --git a/systems/palatine-hill/docker/books.nix b/systems/palatine-hill/docker/books.nix new file mode 100644 index 0000000..1b2b6c7 --- /dev/null +++ b/systems/palatine-hill/docker/books.nix @@ -0,0 +1,32 @@ +{ ... }: + +let + vars = import ../vars.nix; + docker_path = vars.primary_docker; + calibre_path = vars.primary_calibre; +in +{ + virtualisation.oci-containers.containers = { + automated-ffdl-alice = { + image = "mrtyton/automated-ffdl:latest"; + user = "600:100"; + extraOptions = [ "--restart=unless-stopped" ]; + environment = { + PUID = "600"; + PGID = "100"; + }; + volumes = [ + "${docker_path}/auto-fic/config:/config" + "${calibre_path}/ffdl-alice:/var/lib/calibre-server" + ]; + }; + }; + + services.autopull = { + enable = true; + repo.FanFicFare-alice = { + enable = true; + path = /ZFS/ZFS-primary/calibre/ffdl-alice/config/FanFicFare; + }; + }; +} diff --git a/systems/palatine-hill/docker/default.nix b/systems/palatine-hill/docker/default.nix index 22abd45..2ff11c7 100644 --- a/systems/palatine-hill/docker/default.nix +++ b/systems/palatine-hill/docker/default.nix @@ -8,7 +8,10 @@ { imports = [ ./archiveteam.nix + ./books.nix ./firefly.nix + ./foundry.nix + ./glances.nix ./minecraft.nix ./nextcloud.nix ./postgres.nix @@ -19,14 +22,4 @@ virtualisation.oci-containers.backend = "docker"; virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2"; - - # "haproxy-haproxy-1 haproxy:latest" - # "calibre-web lscr.io/linuxserver/calibre-web:latest" - # "glances-glances-1 nicolargo/glances:latest-full" - # "foundry felddy/foundryvtt:11" - - # automatedFFDL - - # "Qbit ghcr.io/linuxserver/qbittorrent:latest" - # "Qbitvpn binhex/arch-qbittorrentvpn:latest" } diff --git a/systems/palatine-hill/docker/firefly.nix b/systems/palatine-hill/docker/firefly.nix index 4175999..4c6ca1e 100644 --- a/systems/palatine-hill/docker/firefly.nix +++ b/systems/palatine-hill/docker/firefly.nix @@ -1,5 +1,8 @@ { ... }: - +let + vars = import ../vars.nix; + ffiii_path = "${vars.primary_docker}/firefly-iii"; +in { virtualisation.oci-containers.containers = { firefly = { @@ -9,14 +12,14 @@ "--network=firefly-iii_default" "--network=postgres-net" ]; - environmentFiles = [ "/ZFS/ZFS-primary/docker/firefly-iii/.env" ]; + environmentFiles = [ "${ffiii_path}/.env" ]; ports = [ "4188:8080" ]; - volumes = [ "/ZFS/ZFS-primary/docker/firefly-iii/app/upload:/var/www/html/storage/upload" ]; + volumes = [ "${ffiii_path}/app/upload:/var/www/html/storage/upload" ]; }; fidi = { image = "fireflyiii/data-importer:latest"; extraOptions = [ "--restart=always" ]; - environmentFiles = [ "/ZFS/ZFS-primary/docker/firefly-iii/.fidi.env" ]; + environmentFiles = [ "${ffiii_path}.fidi.env" ]; ports = [ "4187:8080" ]; dependsOn = [ "firefly" ]; }; diff --git a/systems/palatine-hill/docker/foundry.nix b/systems/palatine-hill/docker/foundry.nix new file mode 100644 index 0000000..688c004 --- /dev/null +++ b/systems/palatine-hill/docker/foundry.nix @@ -0,0 +1,28 @@ +{ config, ... }: +let + vars = import ../vars.nix; + fvtt_path = "${vars.primary_games}/foundryvtt"; +in +{ + virtualisation.oci-containers.containers = { + foundryvtt = { + image = "felddy/foundryvtt:11"; + hostname = "foundryvtt"; + environment = { + #CONTAINER_PRESERVE_CONFIG= "true"; + TIMEZONE = "America/New_York"; + FOUNDRY_MINIFY_STATIC_FILES = "true"; + }; + environmentFiles = [ config.sops.secrets."docker/foundry".path ]; + volumes = [ "${fvtt_path}:/data" ]; + extraOptions = [ + "--restart=unless-stopped" + "--network=haproxy-net" + ]; + }; + }; + + sops.secrets."docker/foundry" = { + owner = "docker-service"; + }; +} diff --git a/systems/palatine-hill/docker/glances.nix b/systems/palatine-hill/docker/glances.nix new file mode 100644 index 0000000..8fb5944 --- /dev/null +++ b/systems/palatine-hill/docker/glances.nix @@ -0,0 +1,25 @@ +{ ... }: + +let + vars = import ../vars.nix; + glances_path = "${vars.primary_docker}/glances"; +in +{ + virtualisation.oci-containers.containers = { + glances = { + image = "nicolargo/glances:latest-full"; + extraOptions = [ + "--restart=always" + "--pid=host" + "--network=haproxy-net" + ]; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + "${glances_path}/glances.conf:/glances/conf/glances.conf" + ]; + environment = { + GLANCES_OPT = "-C /glances/conf/glances.conf -w"; + }; + }; + }; +} diff --git a/systems/palatine-hill/docker/haproxy.cfg b/systems/palatine-hill/docker/haproxy.cfg new file mode 100755 index 0000000..6323434 --- /dev/null +++ b/systems/palatine-hill/docker/haproxy.cfg @@ -0,0 +1,193 @@ +global +# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners + # log stdout format raw local0 info + log stdout format raw local0 + crt-base /etc/ssl/certs/ + maxconn 120000 + +defaults + log global + mode http + timeout client 2000m + timeout connect 200s + timeout server 2000m + timeout http-request 2000m + +frontend stats # you can call this whatever you want + mode http + bind *:9000 # default port, but you can pick any port + stats enable # turns on stats module + stats refresh 10s # set auto-refresh rate + +#Application Setup +frontend ContentSwitching + bind *:80 + # bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem + bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem + mode http + option httplog + + # max-age is mandatory + # 16000000 seconds is a bit more than 6 months + http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" + + # Front-end acess control list + acl host_www hdr(host) -i www.alicehuston.xyz + acl host_www hdr(host) -i alicehuston.xyz +# acl host_ldapui hdr(host) -i authui.alicehuston.xyz + acl host_glances hdr(host) -i monit.alicehuston.xyz + acl host_glances hdr(host) -i glances.alicehuston.xyz + acl host_foundry hdr(host) -i dnd.alicehuston.xyz +# acl host_netdata hdr(host) -i netdata.alicehuston.xyz + #acl host_terraria hdr(host) -i terraria.alicehuston.xyz + acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz + acl host_nextcloud hdr(host) -i nayeonie.com + acl host_hydra hdr(host) -i hydra.alicehuston.xyz + acl host_nix_serve hdr(host) -i cache.alicehuston.xyz + acl host_attic hdr(host) -i attic.alicehuston.xyz + acl host_nix_serve hdr(host) -i nixsrv.alicehuston.xyz + acl host_minio hdr(host) -i minio.alicehuston.xyz + acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz + #acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz +# acl host_collabora hdr(host) -i collabora.alicehuston.xyz + acl host_prometheus hdr(host) -i prom.alicehuston.xyz + # Backend-forwarding + use_backend www_nodes if host_www +# use_backend ldapui_nodes if host_ldapui + use_backend glances_nodes if host_glances + use_backend foundry_nodes if host_foundry +# use_backend netdata_nodes if host_netdata + # use_backend terraria_nodes if host_terraria + use_backend nextcloud_nodes if host_nextcloud + use_backend hydra_nodes if host_hydra + use_backend nix_serve_nodes if host_nix_serve + use_backend attic_nodes if host_attic + #use_backend nextcloud_vol_nodes if host_nextcloud_vol +# use_backend collabora_nodes if host_collabora + use_backend prometheus_nodes if host_prometheus + use_backend minio_nodes if host_minio + use_backend minio_console_nodes if host_minio_console + +#frontend ldap +# bind *:389 +# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem +# mode tcp +# option tcplog +# acl host_ldap hdr(host) -i auth.alicehuston.xyz +# use_backend ldap_nodes if host_ldap + +backend nextcloud_nodes + mode http + server server nextcloud:80 + acl url_discovery path /.well-known/caldav /.well-known/carddav + http-request redirect location /remote.php/dav/ code 301 if url_discovery + acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found + http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists + acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found + http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists + acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found + http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists + http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists + +#backend nextcloud_nodes +# mode http +# server nxserver nextcloud:80 +# acl url_discovery path /.well-known/caldav /.well-known/carddav +# http-request redirect location /remote.php/dav/ code 301 if url_discovery +# http-request set-header X-Forwarded-Host %[req.hdr(Host)] + +#backend nextcloud_vol_nodes +# mode http +# server server nextcloud-vol:80 +# acl url_discovery path /.well-known/caldav /.well-known/carddav +# http-request redirect location /remote.php/dav/ code 301 if url_discovery +# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found +# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists +# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found +# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists +# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found +# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists +# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists + +#backend terraria_nodes +# mode http +# server server terraria:6526 + +#backend collabora_nodes +# mode http +# server server collabora:9980 + +backend www_nodes + mode http + server server grafana:3000 + +backend minio_nodes + mode http + server server 192.168.76.2:8500 +# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found +# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists +# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found +# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists +# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found +# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists +# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists + +backend minio_console_nodes + mode http + server server 192.168.76.2:8501 + +backend foundry_nodes + timeout tunnel 50s + mode http + server server foundryvtt:30000 + +#backend ldap_nodes +# mode tcp +# balance roundrobin +# option ldap-check +# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem +# +#backend ldapui_nodes +# mode http +# server server 192.168.76.2:18081 + +backend glances_nodes + mode http + server server glances:61208 + +backend hydra_nodes + mode http + server server 192.168.76.2:3000 + +backend nix_serve_nodes + mode http + server server 192.168.76.2:5000 + +backend attic_nodes + mode http + server server 192.168.76.2:8183 + +backend prometheus_nodes + mode http + server server 192.168.76.2:9001 + +#backend netdata_nodes +# mode http +# server server 192.168.76.2:19999 + +# backend dnd_nodes +# mode http +# server server foundry:30000 +# acl host_www hdr(host) -i www.tmmworkshop.com + + +frontend minecraft + mode tcp + bind :25565 + default_backend router_nodes + + +backend router_nodes + mode tcp + server s1 mc-router:25565 + diff --git a/systems/palatine-hill/docker/haproxy.nix b/systems/palatine-hill/docker/haproxy.nix new file mode 100644 index 0000000..035167f --- /dev/null +++ b/systems/palatine-hill/docker/haproxy.nix @@ -0,0 +1,33 @@ +{ ... }: + +{ + virtualisation.oci-containers.containers = { + haproxy = { + image = "haproxy:latest"; + extraOptions = [ + "--restart=always" + "--network=haproxy-net" + ]; + volumes = [ + "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg:ro" + "/ZFS/ZFS-primary/docker/haproxy/certs:/etc/ssl/certs:ro" + ]; + ports = [ + "80:80" + "443:443" + "25565:25565" + ]; + environment = { + PUID = "600"; + PGID = "600"; + }; + dependsOn = [ + "nextcloud" + "grafana" + "foundryvtt" + "glances" + "mc-router" + ]; + }; + }; +} diff --git a/systems/palatine-hill/docker/minecraft.nix b/systems/palatine-hill/docker/minecraft.nix index 26088b5..6a6f120 100644 --- a/systems/palatine-hill/docker/minecraft.nix +++ b/systems/palatine-hill/docker/minecraft.nix @@ -10,6 +10,7 @@ let rlcraft = "rlcraft.alicehuston.xyz"; arcanum-institute = "arcanum.alicehuston.xyz"; }; + defaultServer = "rlcraft"; defaultEnv = { @@ -30,6 +31,9 @@ let "--restart=unless-stopped" "--network=minecraft-net" ]; + + vars = import ../vars.nix; + minecraft_path = "${vars.primary_games}/minecraft"; in { virtualisation.oci-containers.containers = { @@ -50,8 +54,8 @@ in rlcraft = { image = "itzg/minecraft-server:java8"; volumes = [ - "/ZFS/ZFS-primary/games/minecraft/rlcraft/modpacks:/modpacks:ro" - "/ZFS/ZFS-primary/games/minecraft/rlcraft/data:/data" + "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" + "${minecraft_path}/rlcraft/data:/data" ]; hostname = "rlcraft"; environment = defaultEnv // { diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 19fe4bf..63b1788 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -1,19 +1,17 @@ -{ - config, - lib, - pkgs, - ... -}: +{ config, ... }: let + vars = import ../vars.nix; + nextcloud_path = vars.primary_nextcloud; + # nextcloud-image = import ./nextcloud-image { inherit pkgs; }; nextcloud-base = { image = "nextcloud:stable-apache"; hostname = "nextcloud"; volumes = [ - "/ZFS/ZFS-primary/nextcloud/nc_data:/var/www/html:z" - "/ZFS/ZFS-primary/nextcloud/nc_php:/usr/local/etc/php" - "/ZFS/ZFS-primary/nextcloud/nc_prehooks:/docker-entrypoint-hooks.d/before-starting" + "${nextcloud_path}/nc_data:/var/www/html:z" + "${nextcloud_path}/nc_php:/usr/local/etc/php" + "${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting" ]; extraOptions = [ "--restart=unless-stopped" @@ -52,7 +50,7 @@ in environment = { NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz"; }; - volumes = [ "/ZFS/ZFS-primary/nextcloud/nc_data:/var/www/html:ro" ]; + volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ]; extraOptions = [ "--restart=always" "--device=/dev/dri:/dev/dri" diff --git a/systems/palatine-hill/docker/postgres.nix b/systems/palatine-hill/docker/postgres.nix index fc6b018..8177a4d 100644 --- a/systems/palatine-hill/docker/postgres.nix +++ b/systems/palatine-hill/docker/postgres.nix @@ -1,17 +1,17 @@ -{ - config, - lib, - pkgs, - ... -}: +{ config, ... }: + +let + vars = import ../vars.nix; + psql_path = "${vars.primary_db}/postgresql"; +in { virtualisation.oci-containers.containers = { postgres = { image = "postgres:16"; user = "600:600"; volumes = [ - "/ZFS/ZFS-primary/db/postgresql/primary_new:/var/lib/postgresql/data" - "/ZFS/ZFS-primary/db/postgresql/pg_archives:/opt/pg_archives" + "${psql_path}/primary_new:/var/lib/postgresql/data" + "${psql_path}/pg_archives:/opt/pg_archives" ]; log-driver = "local"; extraOptions = [ @@ -30,8 +30,8 @@ image = "postgres:16"; user = "600:600"; volumes = [ - "/ZFS/ZFS-primary/db/postgresql/primary_new:/var/lib/postgresql/data" - "/ZFS/ZFS-primary/db/postgresql/pg_archives:/opt/pg_archives" + "${psql_path}/secondary_new:/var/lib/postgresql/data" + "${psql_path}/pg_archives:/opt/pg_archives" ]; log-driver = "local"; extraOptions = [ diff --git a/systems/palatine-hill/docker/restic.nix b/systems/palatine-hill/docker/restic.nix index 3c1aefe..1038997 100644 --- a/systems/palatine-hill/docker/restic.nix +++ b/systems/palatine-hill/docker/restic.nix @@ -1,10 +1,14 @@ { ... }: +let + vars = import ../vars.nix; + restic_path = "${vars.primary_backups}/restic"; +in { virtualisation.oci-containers.containers = { restic = { image = "restic/rest-server:latest"; - volumes = [ "/ZFS/ZFS-primary/backups/restic:/data" ]; + volumes = [ "${restic_path}:/data" ]; environment = { OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd"; }; @@ -23,8 +27,8 @@ ]; volumes = [ "grafanadata:/var/lib/grafana" - "/ZFS/ZFS-primary/docker/restic/dashboards:/dashboards" - "/ZFS/ZFS-primary/docker/restic/grafana.ini:/etc/grafana/grafana.ini" + "${restic_path}/dashboards:/dashboards" + "${restic_path}/grafana.ini:/etc/grafana/grafana.ini" ]; environment = { GF_USERS_DEFAULT_THEME = "dark"; diff --git a/systems/palatine-hill/docker/torr.nix b/systems/palatine-hill/docker/torr.nix index a9c0544..d09caf9 100644 --- a/systems/palatine-hill/docker/torr.nix +++ b/systems/palatine-hill/docker/torr.nix @@ -15,13 +15,17 @@ let }; extraOptions = [ "--restart=unless-stopped" ]; }; + + vars = import ../vars.nix; + docker_path = vars.primary_docker; + torr_path = vars.primary_torr; in { virtualisation.oci-containers.containers = { deluge = delugeBase // { volumes = [ - "/ZFS/ZFS-primary/docker/Qbit:/config" - "/ZFS/ZFS-primary/torr/Qbit/:/data" + "${docker_path}/Qbit:/config" + "${torr_path}/Qbit/:/data" "/etc/localtime:/etc/localtime:ro" ]; ports = [ @@ -47,8 +51,8 @@ in }; volumes = [ - "/ZFS/ZFS-primary/docker/QbitVPN:/config" - "/ZFS/ZFS-primary/torr/QbitVPN/:/data" + "${docker_path}/QbitVPN:/config" + "${torr_path}/QbitVPN/:/data" "/etc/localtime:/etc/localtime:ro" ]; ports = [ @@ -63,7 +67,7 @@ in sops.secrets = { "docker/deluge" = { owner = "docker-service"; - path = "/ZFS/ZFS-primary/docker/QbitVPN/wireguard/wg0.conf"; + path = "${docker_path}/QbitVPN/wireguard/wg0.conf"; }; }; } diff --git a/systems/palatine-hill/docker/unifi.nix b/systems/palatine-hill/docker/unifi.nix index a9ccada..42f3d2e 100644 --- a/systems/palatine-hill/docker/unifi.nix +++ b/systems/palatine-hill/docker/unifi.nix @@ -1,14 +1,14 @@ -{ - config, - lib, - pkgs, - ... -}: +{ config, ... }: +let + vars = import ../vars.nix; + unifi_path = "${vars.primary_docker}/unifi-2.0"; + mongo_path = "${vars.primary_db}/mongo"; +in { virtualisation.oci-containers.containers = { unifi-controller = { image = "lscr.io/linuxserver/unifi-network-application:latest"; - volumes = [ "/ZFS/ZFS-primary/docker/unifi-2.0/config:/config" ]; + volumes = [ "${unifi_path}/config:/config" ]; log-driver = "local"; dependsOn = [ "mongodb" ]; extraOptions = [ "--restart=unless-stopped" ]; @@ -46,8 +46,8 @@ }; extraOptions = [ "--restart=unless-stopped" ]; volumes = [ - "/ZFS/ZFS-primary/db/mongo/unifi:/data/db" - "/ZFS/ZFS-primary/docker/unifi-2.0/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro" + "${mongo_path}/unifi:/data/db" + "${unifi_path}/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro" ]; }; }; diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index f7d10a5..0732b55 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -21,6 +21,7 @@ docker: unifi: ENC[AES256_GCM,data:9JW2rYk0+YCBvnxz7gzDkrT+zE723ZqqCY4qLRzc3t2sm2I=,iv:QSABLUDqmfBKUShJSJS3dJXNEdRnl60XHlS6JGNAO5c=,tag:8YpAALkldb74tuby2+Aw+g==,type:str] minecraft: ENC[AES256_GCM,data:74bxM/hHEwcMqqHSHR332mhIVV36HTBS7eCpkncclTq/oWf9bZQvmroz5tOpOwaq+Mj+2rNs0tXN/iB47ksji1lgqsiXDaM/R+9kAA==,iv:dUYAT9y8tU3jsqIgod4I1K8rHGOzSUuedkq8uDnNN+A=,tag:DDmhBHm/YO3/lH/qNxB8gw==,type:str] deluge: ENC[AES256_GCM,data:gGaVth/2HsWo39ph/EeX98aIur0fi+GxYzLlJC5Y7oxT5Fzxd15AMCd6ET6ubjNPaoE24ihDMC6KxbHohnwTCzCkYpQNcSiIIuBpk5GZ5NRiGRlSsSZ9jFmG+86J7Zc7OdL7UG/j3CvARQT8ZJSPnAET4Qy18VXB6CkD3YI8G0Fc2Y9S88MILUTAS8QFguDm5Q69ckbJm3ZABcH9lS2Tq8ORNe1vGZqqNRGOppP/5aXF5jC0GUhke/1IEM61B1HPj/kphyOskTHwnxMsDP6YG9V4EzvCNui4oaNshe4Azxu/w5oTWLXbreFBS3WV3Dr0LSQ2+O+cSK+tTPhP13cVdvdKod1z+qk/I9QLlgHGhGKZrj8RafH0CH5x9A1km0a3bS0K66circm2xAmbUSoKZI7cTgvUzXEDhVkDoVET9JRfi3MxDxBT5Qxmqn8c5UbtNFHjNtq1kQ0WeEkKeFtz7QYPqJIvpF42muDYSvobLuqL3x6NolK0cbJkLg5v1Ef7Q4JjaK3X7wSU66aowLxGi9iAPaljWpOsgBN7IJXrJSd3jAtgtOt3ADPmfG2kyEITra19POQyXl7/4ulFWD+CIMT047erC65fhbgu3c7MHs7orTp6tnwWE55+hRv/RwSuKk7S4u8G/+IRRKomYCemLq9G3yvWtwUou0XXYDbkGoG+9d7aRCnf/E9aew0MniZthLpXsauxUxpAwlfrKf0PfPQ33jrBr50vG9RVn+DD939gkLv4e0uK3WlchCLbz6h6fclnabXlrzB2/vmBT42Q1d3+l3BkDcHNmpGTs5IsAhuUqqeNk/OVhFe81xMc6jfBzfEuulZ6yuTR8WkKgApXx6xZ2uIZSm8l33y3+Cohk28pjwUBrlKWvQecCzi4MEExDO7XAETjA6RpMy/USBQU/mRBf5C9sV/M0N0qYtILlLrYOvcINUsWU/8YHbk38RYTyOZZxcvgXle+bKgElmbKqwYOztYa5Mg=,iv:PrSGlvAPZGbPrw6I72qr3sWzZrX55N9oVzy6GOnHVaM=,tag:2B4mXQd1P3oWE29lXVz/Xw==,type:str] + foundry: ENC[AES256_GCM,data:aDWDR3P1NS8ZcOw2Tt87qNKSTYAWzwrkzHRRMbkF2kCVZ7oiI3zmSs1JV6TU5+PPbvya1eGBj3bphwIVjD3fZ2r5iOhVuFBfxSZfRAY5YFhXBta0fSXAuTCXb8AZrBV0,iv:nf1+C6qnrCBoBPP5IYCIpfkX2ljWdo2d+3pia2evBMg=,tag:BJA/xUFswbX4c5LQTcA9iQ==,type:str] sops: kms: [] gcp_kms: [] @@ -36,8 +37,8 @@ sops: NEtBOUhoL1Jwa0JCT2F6eHU2ZXRPNlkKrmHwy+midzVRSLv835osyupkgtq5hqWC bDjJw9Yo1mXmppDT+0d8tDmsfk51ViRS5X7LIhZdQ+fzNHpWtISdIw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-16T16:13:46Z" - mac: ENC[AES256_GCM,data:sGmhrktBTWU9jjb3qU1UiY28WJMJ3xSsfYe9yjxYdv7HSrq3sBcZmXXi8n2oyt5WkIvTQh2Yhtalccu/PTiQGASAIgWg42wRlsnLcJtsD1iZGNgnXgPkjMj1cFC9mviJoRc+njzfzbseth7LYe44nDpFGw9/Olm/aLVV8lNXYuw=,iv:VBQLZaCNKNQeddVscYw1stvjOLVZOgH8wgPMyy+59EQ=,tag:j42keTgrQlP2i0laY4zndQ==,type:str] + lastmodified: "2024-08-18T00:53:19Z" + mac: ENC[AES256_GCM,data:IxvUHA5Rx/icbar+7H4ii0M2llOaMD7c3Nx57hR74FhDVgXj8/eCX/yJW3K8+w9ZGYasFmuJZrvd9Zan7kcPeiSMVJJUJNNyoURkBZeF2xPcVq56GYGrzzFsUIfzhrjz4PI5nEX/X1ODs+8KeIDb8pNPILoJXHhHWHSXavWvx/c=,iv:v4U+AeUDsBxKyrbu8sEmTy+RAAJvITK1IMY7mziRwtU=,tag:BWedhwz4hNXsou5FO53XMA==,type:str] pgp: - created_at: "2024-08-16T03:39:41Z" enc: |- diff --git a/systems/palatine-hill/vars.nix b/systems/palatine-hill/vars.nix new file mode 100644 index 0000000..caba808 --- /dev/null +++ b/systems/palatine-hill/vars.nix @@ -0,0 +1,18 @@ +{ ... }: + +rec { + zfs_primary = "/ZFS/ZFS-primary"; + + # primary + primary_archiveteam = "${zfs_primary}/archiveteam"; + primary_attic = "${zfs_primary}/attic"; + primary_backups = "${zfs_primary}/backups"; + primary_calibre = "${zfs_primary}/calibre"; + primary_db = "${zfs_primary}/db"; + primary_docker = "${zfs_primary}/docker"; + primary_games = "${zfs_primary}/games"; + primary_hydra = "${zfs_primary}/hydra"; + primary_libvirt = "${zfs_primary}/libvirt"; + primary_minio = "${zfs_primary}/minio"; + primary_torr = "${zfs_primary}/torr"; +}