docker.nix - nix-configs - Personal NixOS and home-manager configuration files

docker.nix (7647B)
      1 { pkgs, username, domain, timezone, todosecret, htpasswd, vpnusername, vpnpassword, ... }: {
      2 
      3   # Runtime
      4   virtualisation.docker.enable = true;
      5   virtualisation.docker.autoPrune.enable = true;
      6   users.extraUsers.${username}.extraGroups = ["docker"];
      7 
      8   # Create Network
      9   systemd.services.docker-create-proxy-network = {
     10     description = "Create proxy Docker network if not exists";
     11     after = [ "docker.service" ];
     12     requires = [ "docker.service" ];
     13     wantedBy = [ "multi-user.target" ];
     14     serviceConfig = {
     15       Type = "oneshot";
     16       ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker network inspect proxy >/dev/null 2>&1 || ${pkgs.docker}/bin/docker network create proxy'";
     17       RemainAfterExit = true;
     18     };
     19   };
     20 
     21   # Firewall
     22   networking.firewall.allowedTCPPorts = [ 80 443 ];
     23 
     24   # Containers
     25   virtualisation.oci-containers = {
     26     backend = "docker";
     27     containers = {
     28 
     29       baikal = {
     30         autoStart = true;
     31         dependsOn = [ "caddy" ];
     32         image = "ckulka/baikal:nginx";
     33         labels = { "caddy" = "dav.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; };
     34         networks = [ "proxy" ];
     35         volumes = [ "/home/${username}/docker/baikal:/var/www/baikal/Specific" "/home/${username}/docker/baikal:/var/www/baikal/config" ];
     36         };
     37 
     38       caddy = {
     39         autoStart = true;
     40         environment = { CADDY_INGRESS_NETWORKS = "proxy"; };
     41         image = "lucaslorentz/caddy-docker-proxy";
     42         networks = [ "proxy" ];
     43         ports = [ "80:80" "443:443" ];
     44         volumes = [ "/var/run/docker.sock:/var/run/docker.sock" "/home/${username}/docker/caddy:/data" ];
     45         };
     46 
     47       changedetection = {
     48         autoStart = true;
     49         dependsOn = [ "caddy" ];
     50         environment = { PGID = "100"; PUID = "1000"; LC_ALL = "en_US.UTF-8";};
     51         image = "lscr.io/linuxserver/changedetection.io";
     52         labels = { "caddy" = "diff.${domain}"; "caddy.reverse_proxy" = "{{upstreams 5000}}"; };
     53         networks = [ "proxy" ];
     54         volumes = [ "/home/${username}/docker/changedetection:/config" ];
     55         };
     56 
     57       docker-rss = {
     58         autoStart = true;
     59         dependsOn = [ "caddy" ];
     60         image = "theconnman/docker-hub-rss";
     61         labels = { "caddy" = "dock.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3000}}"; };
     62         networks = [ "proxy" ];
     63         };
     64 
     65       echoip = {
     66         autoStart = true;
     67         dependsOn = [ "caddy" ];
     68         cmd = [ "-H" "X-Forwarded-For" ];
     69         image = "mpolden/echoip";
     70         labels = { "caddy" = "ip.${domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; };
     71         networks = [ "proxy" ];
     72         };
     73 
     74       freshrss = {
     75         autoStart = true;
     76         dependsOn = [ "caddy" ];
     77         environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";};
     78         image = "lscr.io/linuxserver/freshrss";
     79         labels = { "caddy" = "rss.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; };
     80         networks = [ "proxy" ];
     81         volumes = [ "/home/${username}/docker/freshrss:/config" ];
     82         };
     83 
     84       h5ai = {
     85         autoStart = true;
     86         dependsOn = [ "caddy" ];
     87         environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";};
     88         image = "awesometic/h5ai";
     89         labels = { "caddy" = "pub.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; "caddy.basic_auth" = "/.tank/*"; "caddy.basic_auth.${username}" = "${htpasswd}";};
     90         networks = [ "proxy" ];
     91         volumes = [ "/home/${username}/vault/pub:/h5ai" "/tank/complete:/h5ai/.tank" "/home/${username}/docker/h5ai:/config/h5ai/" ];
     92         };
     93 
     94       hugo = {
     95         autoStart = true;
     96         dependsOn = [ "caddy" ];
     97         cmd = [ "server" "--watch=true" "--disableLiveReload" "--minify" "--source=/src" "--baseURL=https://${domain}" "--bind=0.0.0.0" "--appendPort=false" "--buildFuture" ];
     98         image = "klakegg/hugo";
     99         labels = { "caddy" = "${domain}, blog.${domain}, www.${domain}"; "caddy.reverse_proxy" = "{{upstreams 1313}}"; };
    100         networks = [ "proxy" ];
    101         volumes = [ "/home/${username}/vault/src/blog.${domain}:/src" ];
    102         };
    103 
    104       jackett = {
    105         autoStart = true;
    106         dependsOn = [ "caddy" ];
    107         environment = { PGID = "100"; PUID = "1000"; TZ = "${timezone}";};
    108         image = "lscr.io/linuxserver/jackett";
    109         labels = { "caddy" = "jack.${domain}"; "caddy.reverse_proxy" = "{{upstreams 9117}}"; };
    110         networks = [ "proxy" ];
    111         volumes = [ "/home/${username}/docker/jackett:/config" "/home/${username}/vault/watch:/downloads" ];
    112         };
    113 
    114       stagit = {
    115         autoStart = true;
    116         dependsOn = [ "caddy" ];
    117         environment = { PGID = "100"; PUID = "1000";};
    118         image = "lscr.io/linuxserver/nginx";
    119         labels = { "caddy" = "git.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; };
    120         networks = [ "proxy" ];
    121         volumes = [ "/home/${username}/docker/stagit:/config/www:ro" ];
    122         };
    123 
    124       transmission = {
    125         autoStart = true;
    126         capabilities = { NET_ADMIN = true; };
    127         dependsOn = [ "caddy" ];
    128         devices = [ "/dev/net/tun" ];
    129         environment = { PGID = "100"; PUID = "1000"; LOCAL_NETWORK = "10.0.0.0/24"; NORDVPN_CATEGORY = "p2p"; NORDVPN_COUNTRY = "GB"; OPENVPN_PASSWORD = "${vpnpassword}";  OPENVPN_PROVIDER = "NORDVPN"; OPENVPN_USERNAME = "${vpnusername}"; };
    130         extraOptions = [ "--dns=8.8.8.8" "--dns=9.9.9.9" ];
    131         image = "haugene/transmission-openvpn";
    132         networks = [ "proxy" ];
    133         ports = [ "9091:9091" "51413:51413" ];
    134         volumes = [ "/tank/complete:/data/completed" "/tank/incomplete:/data/incomplete" "/home/${username}/docker/transmission:/data/transmission-home" "/home/${username}/vault/watch:/data/watch" ];
    135         };
    136 
    137       transmission-proxy = {
    138         autoStart = true;
    139         dependsOn = [ "caddy" "transmission" ];
    140         extraOptions = [ "--link=transmission" ];
    141         image = "haugene/transmission-openvpn-proxy";
    142         labels = { "caddy" = "tor.${domain}"; "caddy.reverse_proxy" = "{{upstreams 8080}}"; "caddy.basic_auth" = "*"; "caddy.basic_auth.${username}" = "${htpasswd}";};
    143         networks = [ "proxy" ];
    144         };
    145 
    146       transmission-rss = {
    147         autoStart = true;
    148         dependsOn = [ "transmission" ];
    149         environment = { GID = "100"; UID = "1000"; };
    150         extraOptions = [ "--link=transmission" ];
    151         image = "haugene/transmission-rss";
    152         networks = [ "proxy" ];
    153         volumes = [ "/home/${username}/docker/transmission-rss/config:/etc/transmission-rss.conf" "/home/${username}/docker/transmission-rss/seen:/etc/transmission-rss.seen" ];
    154         };
    155 
    156       vaultwarden = {
    157         autoStart = true;
    158         dependsOn = [ "caddy" ];
    159         environment = { WEBSOCKET_ENABLED = "false"; SIGNUPS_ALLOWED = "false"; };
    160         image = "vaultwarden/server:alpine";
    161         labels = { "caddy" = "pass.${domain}"; "caddy.reverse_proxy" = "{{upstreams 80}}"; };
    162         networks = [ "proxy" ];
    163         volumes = [ "/home/${username}/docker/vaultwarden:/data" ];
    164         };
    165 
    166       vikunja = {
    167         autoStart = true;
    168         dependsOn = [ "caddy" ];
    169         environment = { PGID = "100"; PUID = "1000"; VIKUNJA_SERVICE_ENABLEREGISTRATION = "false"; VIKUNJA_SERVICE_ENABLETASKCOMMENTS = "false"; VIKUNJA_SERVICE_JWTSECRET = "${todosecret}"; VIKUNJA_SERVICE_PUBLICURL = "https://todo.${domain}/"; VIKUNJA_SERVICE_TIMEZONE = "${timezone}";};
    170         image = "vikunja/vikunja";
    171         labels = { "caddy" = "todo.${domain}"; "caddy.reverse_proxy" = "{{upstreams 3456}}"; };
    172         networks = [ "proxy" ];
    173         volumes = [ "/home/${username}/docker/vikunja:/db" ];
    174         };
    175 
    176     };
    177   };
    178 }
	nix-configs Personal NixOS and home-manager configuration files
	Log \| Files \| Refs