some modules for containers

2024-09-30 20:37:45 -04:00 · 2024-09-30 20:37:45 -04:00 · 600a3e0eef
commit 600a3e0eef
parent c3d304adee
3 changed files with 61 additions and 15 deletions
--- a/nixos-configurations/zeus.nix
+++ b/nixos-configurations/zeus.nix
@ -23,6 +23,7 @@ in
    ezModules.networkd-base
    ezModules.smartd
    ezModules.plymouth
+    ezModules.docker-proxy
  ];

  boot = {
@ -176,26 +177,11 @@ in
  };

  virtualisation = {
-    containers.enable = true;
    podman = {
-      enable = true;
-      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
      autoPrune.enable = true;
    };
    oci-containers.containers = {
-      dockerproxy = {
-        image = "ghcr.io/tecnativa/docker-socket-proxy:latest";
-        volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ];
-        environment = {
-          CONTAINERS = "1";
-          POST = "0";
-        };
-        extraOptions = [
-          "--pull=newer"
-          "--network=www"
-        ];
-      };
      swag = {
        image = "lscr.io/linuxserver/swag:2.9.0-ls292";
        volumes = [ "swag-config:/config" ];
--- a/nixos-modules/docker-proxy.nix
+++ b/nixos-modules/docker-proxy.nix
@ -0,0 +1,23 @@
+{
+  virtualisation = {
+    containers.enable = true;
+    podman = {
+      enable = true;
+      dockerCompat = true;
+    };
+    oci-containers.containers = {
+      dockerproxy = {
+        image = "ghcr.io/tecnativa/docker-socket-proxy:latest";
+        volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ];
+        environment = {
+          CONTAINERS = "1";
+          POST = "0";
+        };
+        extraOptions = [
+          "--pull=newer"
+          "--network=www"
+        ];
+      };
+    };
+  };
+}
--- a/nixos-modules/docker-swag.nix
+++ b/nixos-modules/docker-swag.nix
@ -0,0 +1,37 @@
+{
+  virtualisation = {
+    oci-containers.containers = {
+      swag = {
+        image = "lscr.io/linuxserver/swag:latest";
+        volumes = [ "swag-config:/config" ];
+        environment = {
+          TZ = "America/New_York";
+          URL = "icanttype.org";
+          VALIDATION = "dns";
+          SUBDOMAINS = "wildcard";
+          DNSPLUGIN = "cloudflare";
+          DOCKER_HOST = "dockerproxy";
+          DOCKER_MODS = "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
+          CF_ZONE_ID = "4e68852334290a922718696a0986e75a";
+          CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";
+          CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
+          CF_TUNNEL_NAME = "icanttype.org";
+          CF_TUNNEL_PASSWORD = "iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p";
+          FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";
+          EMAIL = "cdombroski@gmail.com";
+        };
+        ports = [
+          "80:80"
+          "443:443"
+        ];
+        extraOptions = [
+          "--pull=newer"
+          "--network=www"
+          "--cap-add"
+          "NET_ADMIN"
+          "--network-alias=icanttype.org"
+        ];
+      };
+    };
+  };
+}