commit 7cbcd7a5324c80e75229822970973c251e781f85
parent 836801c44cb79689236ee1370a391af9de117b9d
Author: breadcat <breadcat@users.noreply.github.com>
Date: Tue, 5 Aug 2025 16:14:18 +0100
Initial swathe of containers
docker-compose.yml stands at 205/278
Diffstat:
2 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/common/docker.nix b/common/docker.nix
@@ -0,0 +1,66 @@
+{ pkgs, username, domain, timezone, todosecret, vpnusername, vpnpassword, ... }: {
+
+ # Runtime
+ virtualisation.docker.enable = true;
+ virtualisation.docker.autoPrune.enable = true;
+ users.extraUsers.${username}.extraGroups = ["docker"];
+
+ # Create Network
+ systemd.services.docker-create-proxy-network = {
+ description = "Create proxy Docker network if not exists";
+ after = [ "docker.service" ];
+ requires = [ "docker.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker network inspect proxy >/dev/null 2>&1 || ${pkgs.docker}/bin/docker network create proxy'";
+ RemainAfterExit = true;
+ };
+ };
+
+ # Firewall
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ # Containers
+ virtualisation.oci-containers = {
+ backend = "docker";
+ containers = {
+
+ caddy = {
+ autoStart = true;
+ environment = { CADDY_INGRESS_NETWORKS = "proxy"; };
+ image = "lucaslorentz/caddy-docker-proxy";
+ networks = [ "proxy" ];
+ ports = [ "80:80" "443:443" ];
+ volumes = [ "/var/run/docker.sock:/var/run/docker.sock:rw" "/home/${username}/docker/caddy:/data" ];
+ };
+
+ echoip = {
+ autoStart = true;
+ cmd = [ "-H" "X-Forwarded-For" ];
+ image = "mpolden/echoip";
+ labels = { "caddy" = "ip.artemis.${domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; };
+ networks = [ "proxy" ];
+ };
+
+ stagit = {
+ autoStart = true;
+ environment = { PGID = "100"; PUID = "1000";};
+ image = "lscr.io/linuxserver/nginx";
+ labels = { "caddy" = "git.artemis.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; };
+ networks = [ "proxy" ];
+ volumes = [ "/home/${username}/docker/stagit:/config/www:ro" ];
+ };
+
+ vikunja = {
+ autoStart = true;
+ environment = { PGID = "100"; PUID = "1000"; VIKUNJA_SERVICE_ENABLEREGISTRATION = "false"; VIKUNJA_SERVICE_ENABLETASKCOMMENTS = "false"; VIKUNJA_SERVICE_JWTSECRET = "${todosecret}"; VIKUNJA_SERVICE_PUBLICURL = "https://todo.artemis.${domain}/"; VIKUNJA_SERVICE_TIMEZONE = "${timezone}";};
+ image = "vikunja/vikunja";
+ labels = { "caddy" = "todo.artemis.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3456}}"; };
+ networks = [ "proxy" ];
+ volumes = [ "/home/${username}/docker/vikunja:/db:rw" ];
+ };
+
+ };
+ };
+}
diff --git a/machines/artemis.nix b/machines/artemis.nix
@@ -10,6 +10,9 @@
sshkey,
sshport,
timezone,
+ todosecret,
+ vpnusername,
+ vpnpassword,
...
}: let
home-manager = builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz; # Stable
@@ -20,7 +23,7 @@ in {
[
./${machine}-hardware.nix # Include the results of the hardware scan.
(import "${home-manager}/nixos") # Home-Manager
- (import ../common/docker.nix {inherit config pkgs username domain;})
+ (import ../common/docker.nix {inherit config pkgs username domain timezone todosecret vpnusername vpnpassword;})
../common/flakes.nix
../common/garbage.nix
(import ../common/locale.nix {inherit pkgs timezone;})
