docker.nix (8269B)
1 { pkgs, username, domain, timezone, todosecret, htpasswd, vpnusername, vpnpassword, ... }: { 2 3 # Runtime 4 virtualisation.docker.enable = true; 5 virtualisation.docker.autoPrune.enable = true; 6 users.extraUsers.${username}.extraGroups = ["docker"]; 7 8 # Create Network 9 systemd.services.docker-create-proxy-network = { 10 description = "Create proxy Docker network if not exists"; 11 after = [ "docker.service" ]; 12 requires = [ "docker.service" ]; 13 wantedBy = [ "multi-user.target" ]; 14 serviceConfig = { 15 Type = "oneshot"; 16 ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker network inspect proxy >/dev/null 2>&1 || ${pkgs.docker}/bin/docker network create proxy'"; 17 RemainAfterExit = true; 18 }; 19 }; 20 21 # Firewall 22 networking.firewall.allowedTCPPorts = [ 80 443 ]; 23 24 # Containers 25 virtualisation.oci-containers = { 26 backend = "docker"; 27 containers = { 28 29 anchor = { 30 autoStart = true; 31 dependsOn = [ "caddy" ]; 32 image = "ghcr.io/zhfahim/anchor"; 33 labels = { "caddy" = "notes.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3000}}"; }; 34 networks = [ "proxy" ]; 35 volumes = [ "/home/${username}/docker/anchor:/data" ]; 36 }; 37 38 baikal = { 39 autoStart = true; 40 dependsOn = [ "caddy" ]; 41 image = "ckulka/baikal:nginx"; 42 labels = { "caddy" = "dav.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; 43 networks = [ "proxy" ]; 44 volumes = [ "/home/${username}/docker/baikal:/var/www/baikal/Specific" "/home/${username}/docker/baikal:/var/www/baikal/config" ]; 45 }; 46 47 caddy = { 48 autoStart = true; 49 environment = { CADDY_INGRESS_NETWORKS = "proxy"; }; 50 image = "lucaslorentz/caddy-docker-proxy"; 51 networks = [ "proxy" ]; 52 ports = [ "80:80" "443:443" ]; 53 volumes = [ "/var/run/docker.sock:/var/run/docker.sock" "/home/${username}/docker/caddy:/data" ]; 54 }; 55 56 changedetection = { 57 autoStart = true; 58 dependsOn = [ "caddy" ]; 59 environment = { PGID = "100"; PUID = "1000"; LC_ALL = "en_US.UTF-8";}; 60 image = "lscr.io/linuxserver/changedetection.io"; 61 labels = { "caddy" = "diff.${domain}"; "caddy.reverse_proxy" = "{{upstreams 5000}}"; }; 62 networks = [ "proxy" ]; 63 volumes = [ "/home/${username}/docker/changedetection:/config" ]; 64 }; 65 66 docker-rss = { 67 autoStart = true; 68 dependsOn = [ "caddy" ]; 69 image = "theconnman/docker-hub-rss"; 70 labels = { "caddy" = "dock.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3000}}"; }; 71 networks = [ "proxy" ]; 72 }; 73 74 echoip = { 75 autoStart = true; 76 dependsOn = [ "caddy" ]; 77 cmd = [ "-H" "X-Forwarded-For" ]; 78 image = "mpolden/echoip"; 79 labels = { "caddy" = "ip.${domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; }; 80 networks = [ "proxy" ]; 81 }; 82 83 freshrss = { 84 autoStart = true; 85 dependsOn = [ "caddy" ]; 86 environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";}; 87 image = "lscr.io/linuxserver/freshrss"; 88 labels = { "caddy" = "rss.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; 89 networks = [ "proxy" ]; 90 volumes = [ "/home/${username}/docker/freshrss:/config" ]; 91 }; 92 93 h5ai = { 94 autoStart = true; 95 dependsOn = [ "caddy" ]; 96 environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";}; 97 image = "awesometic/h5ai"; 98 labels = { "caddy" = "pub.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; "caddy.basic_auth" = "/.tank/*"; "caddy.basic_auth.${username}" = "${htpasswd}";}; 99 networks = [ "proxy" ]; 100 volumes = [ "/home/${username}/vault/pub:/h5ai" "/tank/complete:/h5ai/.tank" "/home/${username}/docker/h5ai:/config/h5ai/" ]; 101 }; 102 103 hugo = { 104 autoStart = true; 105 dependsOn = [ "caddy" ]; 106 cmd = [ "server" "--watch=true" "--disableLiveReload" "--minify" "--source=/src" "--baseURL=https://${domain}" "--bind=0.0.0.0" "--appendPort=false" "--buildFuture" ]; 107 image = "klakegg/hugo"; 108 labels = { "caddy" = "${domain}, blog.${domain}, www.${domain}"; "caddy.reverse_proxy" = "{{upstreams 1313}}"; }; 109 networks = [ "proxy" ]; 110 volumes = [ "/home/${username}/vault/src/blog.${domain}:/src" ]; 111 }; 112 113 jackett = { 114 autoStart = true; 115 dependsOn = [ "caddy" ]; 116 environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";}; 117 image = "lscr.io/linuxserver/jackett"; 118 labels = { "caddy" = "jack.${domain}"; "caddy.reverse_proxy" = "{{upstreams 9117}}"; }; 119 networks = [ "proxy" ]; 120 volumes = [ "/home/${username}/docker/jackett:/config" "/home/${username}/vault/watch:/downloads" ]; 121 }; 122 123 stagit = { 124 autoStart = true; 125 dependsOn = [ "caddy" ]; 126 environment = { PGID = "100"; PUID = "1000";}; 127 image = "lscr.io/linuxserver/nginx"; 128 labels = { "caddy" = "git.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; 129 networks = [ "proxy" ]; 130 volumes = [ "/home/${username}/docker/stagit:/config/www:ro" ]; 131 }; 132 133 transmission = { 134 autoStart = true; 135 capabilities = { NET_ADMIN = true; }; 136 dependsOn = [ "caddy" ]; 137 devices = [ "/dev/net/tun" ]; 138 environment = { PGID = "100"; PUID = "1000"; LOCAL_NETWORK = "10.0.0.0/24"; NORDVPN_CATEGORY = "p2p"; NORDVPN_COUNTRY = "GB"; OPENVPN_PASSWORD = "${vpnpassword}"; OPENVPN_PROVIDER = "NORDVPN"; OPENVPN_USERNAME = "${vpnusername}"; }; 139 extraOptions = [ "--dns=8.8.8.8" "--dns=9.9.9.9" ]; 140 image = "haugene/transmission-openvpn"; 141 networks = [ "proxy" ]; 142 ports = [ "9091:9091" "51413:51413" ]; 143 volumes = [ "/tank/complete:/data/completed" "/tank/incomplete:/data/incomplete" "/home/${username}/docker/transmission:/data/transmission-home" "/home/${username}/vault/watch:/data/watch" ]; 144 }; 145 146 transmission-proxy = { 147 autoStart = true; 148 dependsOn = [ "caddy" "transmission" ]; 149 extraOptions = [ "--link=transmission" ]; 150 image = "haugene/transmission-openvpn-proxy"; 151 labels = { "caddy" = "tor.${domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; "caddy.basic_auth" = "*"; "caddy.basic_auth.${username}" = "${htpasswd}";}; 152 networks = [ "proxy" ]; 153 }; 154 155 transmission-rss = { 156 autoStart = true; 157 dependsOn = [ "transmission" ]; 158 environment = { GID = "100"; UID = "1000"; }; 159 extraOptions = [ "--link=transmission" ]; 160 image = "haugene/transmission-rss"; 161 networks = [ "proxy" ]; 162 volumes = [ "/home/${username}/docker/transmission-rss/config:/etc/transmission-rss.conf" "/home/${username}/docker/transmission-rss/seen:/etc/transmission-rss.seen" ]; 163 }; 164 165 vaultwarden = { 166 autoStart = true; 167 dependsOn = [ "caddy" ]; 168 environment = { WEBSOCKET_ENABLED = "false"; SIGNUPS_ALLOWED = "false"; }; 169 image = "vaultwarden/server:alpine"; 170 labels = { "caddy" = "pass.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; }; 171 networks = [ "proxy" ]; 172 volumes = [ "/home/${username}/docker/vaultwarden:/data" ]; 173 }; 174 175 vikunja = { 176 autoStart = true; 177 dependsOn = [ "caddy" ]; 178 environment = { PGID = "100"; PUID = "1000"; VIKUNJA_SERVICE_ENABLEREGISTRATION = "false"; VIKUNJA_SERVICE_ENABLETASKCOMMENTS = "false"; VIKUNJA_SERVICE_JWTSECRET = "${todosecret}"; VIKUNJA_SERVICE_PUBLICURL = "https://todo.${domain}/"; VIKUNJA_SERVICE_TIMEZONE = "${timezone}";}; 179 image = "vikunja/vikunja"; 180 labels = { "caddy" = "todo.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3456}}"; }; 181 networks = [ "proxy" ]; 182 volumes = [ "/home/${username}/docker/vikunja:/db" ]; 183 }; 184 185 watchtower = { 186 autoStart = true; 187 image = "containrrr/watchtower"; 188 environment = { WATCHTOWER_CLEANUP = "true"; WATCHTOWER_INCLUDE_RESTARTING = "true"; WATCHTOWER_SCHEDULE = "0 0 4 * * *"; }; 189 volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; 190 }; 191 192 }; 193 }; 194 }