teidesu/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(koi): prefer --mount to -v

Browse source
This commit is contained in:
alina 🌸 2024-12-11 09:11:31 +03:00
parent 62e55d8acb
commit 23ff80e939
Signed by: teidesu
SSH key fingerprint: SHA256:uNeCpw6aTSU4aIObXLvHfLkDa82HWH9EiOj9AXOIRpI
16 changed files with 54 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/koi/containers/bots/channel-logger-bot.nix
View file

@ -14,14 +14,14 @@ in {
virtualisation.oci-containers.containers.channel-logger-bot = { virtualisation.oci-containers.containers.channel-logger-bot = {
image = "ghcr.io/teidesu/channel-logger-bot:latest"; image = "ghcr.io/teidesu/channel-logger-bot:latest";
volumes = [
"/srv/channel-logger-bot:/app/bot-data"
];
environmentFiles = [ environmentFiles = [
config.desu.secrets.channel-logger-bot-env.path config.desu.secrets.channel-logger-bot-env.path
]; ];
environment.MTCUTE_LOG_LEVEL = "5"; environment.MTCUTE_LOG_LEVEL = "5";
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/channel-logger-bot,target=/app/bot-data"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

6
hosts/koi/containers/bots/pcre-sub-bot.nix
View file

@ -14,13 +14,13 @@ in {
virtualisation.oci-containers.containers.pcre-sub-bot = { virtualisation.oci-containers.containers.pcre-sub-bot = {
image = "ghcr.io/teidesu/pcre-sub-bot:latest"; image = "ghcr.io/teidesu/pcre-sub-bot:latest";
volumes = [
"/srv/pcre-sub-bot:/app/bot-data"
];
environmentFiles = [ environmentFiles = [
config.desu.secrets.pcresub-bot-env.path config.desu.secrets.pcresub-bot-env.path
]; ];
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/pcre-sub-bot,target=/app/bot-data"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

4
hosts/koi/containers/conduwuit/bridges/telegram/default.nix
View file

@ -27,7 +27,6 @@ in {
"${bridgeConfig}:/config-template.yaml:ro" "${bridgeConfig}:/config-template.yaml:ro"
"${pkgs.pkgsStatic.jq}/bin/jq:/bin/jq" "${pkgs.pkgsStatic.jq}/bin/jq:/bin/jq"
"${entrypoint}:/entrypoint.sh" "${entrypoint}:/entrypoint.sh"
"/srv/mautrix-telegram:/data"
]; ];
environment = { environment = {
MAUTRIX_DIRECT_STARTUP = "1"; MAUTRIX_DIRECT_STARTUP = "1";
@ -37,6 +36,9 @@ in {
config.desu.secrets.mautrix-tg-env.path config.desu.secrets.mautrix-tg-env.path
]; ];
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/mautrix-telegram,target=/data"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

4
hosts/koi/containers/conduwuit/default.nix
View file

@ -19,7 +19,6 @@ in {
image = "ghcr.io/girlbossceo/conduwuit:main-032b199129f8648a77bde285f755a78e9ec349a7"; image = "ghcr.io/girlbossceo/conduwuit:main-032b199129f8648a77bde285f755a78e9ec349a7";
volumes = [ volumes = [
"${./config.toml}:/conduwuit.toml" "${./config.toml}:/conduwuit.toml"
"/srv/conduwuit:/data"
]; ];
environment = { environment = {
CONDUWUIT_CONFIG = "/conduwuit.toml"; CONDUWUIT_CONFIG = "/conduwuit.toml";
@ -28,6 +27,9 @@ in {
config.desu.secrets.conduwuit-env.path config.desu.secrets.conduwuit-env.path
]; ];
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/conduwuit,target=/data"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

10
hosts/koi/containers/kanidm/default.nix
View file

@ -18,15 +18,19 @@ in {
virtualisation.oci-containers.containers.kanidm = { virtualisation.oci-containers.containers.kanidm = {
image = "kanidm/server:1.4.2"; image = "kanidm/server:1.4.2";
volumes = [ volumes = [
"/srv/kanidm/data:/data/db" # "/srv/kanidm/data:/data/db"
"${./server.toml}:/data/server.toml" "${./server.toml}:/data/server.toml"
"${./style.css}:/hpkg/style.css" "${./style.css}:/hpkg/style.css"
"${./fish.png}:/hpkg/img/fish.png" "${./fish.png}:/hpkg/img/fish.png"
"${config.desu.secrets.kanidm-tls-key.path}:/data/key.pem"
"${config.desu.secrets.kanidm-tls-cert.path}:/data/chain.pem"
]; ];
user = "${builtins.toString UID}"; user = "${builtins.toString UID}";
extraOptions = [
"--mount=type=bind,source=/srv/kanidm/data,target=/data/db"
"--mount=type=bind,source=${config.desu.secrets.kanidm-tls-key.path},target=/data/key.pem,readonly"
"--mount=type=bind,source=${config.desu.secrets.kanidm-tls-cert.path},target=/data/chain.pem,readonly"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

7
hosts/koi/containers/memos/default.nix
View file

@ -17,9 +17,6 @@ in {
systemd.services.docker-memos.after = [ "postgresql.service" ]; systemd.services.docker-memos.after = [ "postgresql.service" ];
virtualisation.oci-containers.containers.memos = { virtualisation.oci-containers.containers.memos = {
image = "neosmemo/memos:0.22.5"; image = "neosmemo/memos:0.22.5";
volumes = [
"/srv/memos/data:/var/opt/memos"
];
environment = { environment = {
MEMOS_DRIVER = "postgres"; MEMOS_DRIVER = "postgres";
@ -27,6 +24,10 @@ in {
}; };
user = "${builtins.toString UID}"; user = "${builtins.toString UID}";
extraOptions = [
"--mount=type=bind,source=/srv/memos/data,target=/var/opt/memos"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

4
hosts/koi/containers/navidrome/default.nix
View file

@ -23,8 +23,6 @@ in {
image = "deluan/navidrome:0.53.3"; image = "deluan/navidrome:0.53.3";
volumes = [ volumes = [
"${./navidrome.toml}:/navidrome.toml" "${./navidrome.toml}:/navidrome.toml"
"/mnt/s3-desu-priv-encrypted/music:/music/s3:ro"
"/srv/navidrome:/data"
]; ];
environment = { environment = {
ND_CONFIGFILE = "/navidrome.toml"; ND_CONFIGFILE = "/navidrome.toml";
@ -35,6 +33,8 @@ in {
user = "${builtins.toString UID}:${builtins.toString UID}"; user = "${builtins.toString UID}:${builtins.toString UID}";
extraOptions = [ extraOptions = [
"--group-add=${builtins.toString config.users.groups.geesefs.gid}" "--group-add=${builtins.toString config.users.groups.geesefs.gid}"
"--mount=type=bind,source=/mnt/s3-desu-priv-encrypted/music,target=/music/s3,readonly"
"--mount=type=bind,source=/srv/navidrome,target=/data"
]; ];
}; };
systemd.services.docker-navidrome.requires = [ "gocryptfs.service" ]; systemd.services.docker-navidrome.requires = [ "gocryptfs.service" ];

4
hosts/koi/containers/pds/default.nix
View file

@ -17,7 +17,6 @@ in {
cmd = [ "node" "--enable-source-maps" "/app/entrypoint.js" ]; cmd = [ "node" "--enable-source-maps" "/app/entrypoint.js" ];
volumes = [ volumes = [
"${./entrypoint.js}:/app/entrypoint.js" "${./entrypoint.js}:/app/entrypoint.js"
"/srv/bluesky-pds/data:/pds"
]; ];
environment = { environment = {
PDS_HOSTNAME = "pds.stupid.fish"; PDS_HOSTNAME = "pds.stupid.fish";
@ -41,6 +40,9 @@ in {
config.desu.secrets.bluesky-pds-secrets.path config.desu.secrets.bluesky-pds-secrets.path
]; ];
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/bluesky-pds/data,target=/pds"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

10
hosts/koi/containers/sftpgo/default.nix
View file

@ -18,15 +18,13 @@ in {
virtualisation.oci-containers.containers.sftpgo = { virtualisation.oci-containers.containers.sftpgo = {
image = "drakkan/sftpgo:v2.6.2"; image = "drakkan/sftpgo:v2.6.2";
volumes = [
"/srv/sftpgo/data:/srv/sftpgo"
"/srv/sftpgo/config:/var/lib/sftpgo"
"/mnt/puffer:/mnt/puffer"
"/mnt/s3-desu-priv-encrypted:/mnt/s3-desu-priv-encrypted"
];
user = "${builtins.toString UID}:${builtins.toString UID}"; user = "${builtins.toString UID}:${builtins.toString UID}";
extraOptions = [ extraOptions = [
"--group-add=${builtins.toString config.users.groups.geesefs.gid}" "--group-add=${builtins.toString config.users.groups.geesefs.gid}"
"--mount=type=bind,source=/srv/sftpgo/data,target=/srv/sftpgo"
"--mount=type=bind,source=/srv/sftpgo/config,target=/var/lib/sftpgo"
"--mount=type=bind,source=/mnt/puffer,target=/mnt/puffer"
"--mount=type=bind,source=/mnt/s3-desu-priv-encrypted,target=/mnt/s3-desu-priv-encrypted"
]; ];
environment = { environment = {
SFTPGO_SFTPD__BINDINGS__0__PORT = "22"; SFTPGO_SFTPD__BINDINGS__0__PORT = "22";

6
hosts/koi/containers/siyuan/default.nix
View file

@ -16,15 +16,15 @@ in {
]; ];
virtualisation.oci-containers.containers.siyuan-teidesu = { virtualisation.oci-containers.containers.siyuan-teidesu = {
image = "local/siyuan"; image = "local/siyuan";
volumes = [
"/srv/siyuan-teidesu:/data"
];
cmd = [ "--workspace=/data" ]; cmd = [ "--workspace=/data" ];
environment = { environment = {
# we manage auth via openid-proxy # we manage auth via openid-proxy
SIYUAN_ACCESS_AUTH_CODE_BYPASS = "true"; SIYUAN_ACCESS_AUTH_CODE_BYPASS = "true";
}; };
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/siyuan-teidesu,target=/data"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

9
hosts/koi/containers/soulseek/default.nix
View file

@ -12,12 +12,6 @@ in {
systemd.services.docker-slskd.requires = [ "gocryptfs.service" ]; systemd.services.docker-slskd.requires = [ "gocryptfs.service" ];
virtualisation.oci-containers.containers.slskd = { virtualisation.oci-containers.containers.slskd = {
image = "slskd/slskd:0.21.4.65534-9a68c184"; image = "slskd/slskd:0.21.4.65534-9a68c184";
volumes = [
"/srv/slskd:/app"
"/mnt/s3-desu-priv-encrypted/music:/mnt/music"
"/mnt/puffer/Downloads:/mnt/downloads"
];
ports = [ ports = [
"50300:50300" "50300:50300"
]; ];
@ -34,6 +28,9 @@ in {
user = "${builtins.toString UID}:${builtins.toString UID}"; user = "${builtins.toString UID}:${builtins.toString UID}";
extraOptions = [ extraOptions = [
"--group-add=${builtins.toString config.users.groups.geesefs.gid}" "--group-add=${builtins.toString config.users.groups.geesefs.gid}"
"--mount=type=bind,source=/srv/slskd,target=/app"
"--mount=type=bind,source=/mnt/s3-desu-priv-encrypted/music,target=/mnt/music"
"--mount=type=bind,source=/mnt/puffer/Downloads,target=/mnt/downloads"
]; ];
}; };

6
hosts/koi/containers/teisu.nix
View file

@ -12,13 +12,13 @@ in {
virtualisation.oci-containers.containers.teisu = { virtualisation.oci-containers.containers.teisu = {
image = "ghcr.io/teidesu/tei.su:latest"; image = "ghcr.io/teidesu/tei.su:latest";
volumes = [
"/srv/teisu:/app/.runtime"
];
environmentFiles = [ environmentFiles = [
config.desu.secrets.teisu-env.path config.desu.secrets.teisu-env.path
]; ];
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/teisu,target=/app/.runtime"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

6
hosts/koi/containers/vaultwarden.nix
View file

@ -7,9 +7,6 @@ in {
virtualisation.oci-containers.containers.vaultwarden = { virtualisation.oci-containers.containers.vaultwarden = {
image = "vaultwarden/server:1.32.5-alpine"; image = "vaultwarden/server:1.32.5-alpine";
volumes = [
"/srv/vaultwarden:/data"
];
environment = { environment = {
SIGNUPS_ALLOWED = "false"; SIGNUPS_ALLOWED = "false";
DOMAIN = "https://bw.tei.su"; DOMAIN = "https://bw.tei.su";
@ -22,6 +19,9 @@ in {
config.desu.secrets.vaultwarden-env.path config.desu.secrets.vaultwarden-env.path
]; ];
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/vaultwarden,target=/data"
];
}; };
users.users.vaultwarden = { users.users.vaultwarden = {

7
hosts/koi/containers/verdaccio/default.nix
View file

@ -15,13 +15,16 @@ in {
volumes = [ volumes = [
"${./config.yaml}:/verdaccio/conf/config.yaml" "${./config.yaml}:/verdaccio/conf/config.yaml"
"${config.desu.secrets.verdaccio-htpasswd.path}:/verdaccio/htpasswd" "${config.desu.secrets.verdaccio-htpasswd.path}:/verdaccio/htpasswd"
"/srv/verdaccio/storage:/verdaccio/storage"
"/srv/verdaccio/plugins:/verdaccio/plugins"
]; ];
environment = { environment = {
VERDACCIO_PUBLIC_URL = "https://npm.tei.su"; VERDACCIO_PUBLIC_URL = "https://npm.tei.su";
}; };
user = builtins.toString UID; user = builtins.toString UID;
extraOptions = [
"--mount=type=bind,source=/srv/verdaccio/storage,target=/verdaccio/storage"
"--mount=type=bind,source=/srv/verdaccio/plugins,target=/verdaccio/plugins"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

7
hosts/koi/containers/wakapi/default.nix
View file

@ -19,9 +19,6 @@ in {
systemd.services.docker-wakapi.after = [ "postgresql.service" ]; systemd.services.docker-wakapi.after = [ "postgresql.service" ];
virtualisation.oci-containers.containers.wakapi = { virtualisation.oci-containers.containers.wakapi = {
image = "ghcr.io/muety/wakapi:2.12.2"; image = "ghcr.io/muety/wakapi:2.12.2";
volumes = [
"/srv/wakapi:/data"
];
environment = { environment = {
WAKAPI_DB_TYPE = "postgres"; WAKAPI_DB_TYPE = "postgres";
@ -50,6 +47,10 @@ in {
]; ];
user = "${builtins.toString UID}"; user = "${builtins.toString UID}";
extraOptions = [
"--mount=type=bind,source=/srv/wakapi,target=/data"
];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

2
services/geesefs.nix
View file

@ -48,7 +48,7 @@
Type = "forking"; Type = "forking";
GuessMainPID = true; GuessMainPID = true;
ExecStart = "${cfg.package}/bin/geesefs ${builtins.concatStringsSep " " (map lib.escapeShellArg allArgs)}"; ExecStart = "${cfg.package}/bin/geesefs ${builtins.concatStringsSep " " (map lib.escapeShellArg allArgs)}";
ExecStop = "fusermount -u ${lib.escapeShellArg cfg.mountPoint}"; ExecStop = "fusermount -uz ${lib.escapeShellArg cfg.mountPoint}";
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };