From 0822532a3abc01d571e0d52a0aa93420bc2c8411 Mon Sep 17 00:00:00 2001 From: Chris Dombroski Date: Thu, 24 Oct 2024 22:04:56 -0400 Subject: [PATCH] romm? --- configs/unbound-local.conf | 1 + nixos-configurations/zeus.nix | 1 + nixos-modules/docker-romm.nix | 81 +++++++++++++++++++++++++++++++++++ secrets/zeus/romm.yaml | 36 ++++++++++++++++ 4 files changed, 119 insertions(+) create mode 100644 nixos-modules/docker-romm.nix create mode 100644 secrets/zeus/romm.yaml diff --git a/configs/unbound-local.conf b/configs/unbound-local.conf index 1691f54..937775c 100644 --- a/configs/unbound-local.conf +++ b/configs/unbound-local.conf @@ -18,3 +18,4 @@ local-data: "readarr.icanttype.org. IN A 10.42.69.100" local-data: "qbittorrent.icanttype.org. IN A 10.42.69.100" local-data: "calibre.icanttype.org. IN A 10.42.69.100" local-data: "calibre-web.icanttype.org. IN A 10.42.69.100" +local-data: "romm.icanttype.org. IN A 10.42.69.100" \ No newline at end of file diff --git a/nixos-configurations/zeus.nix b/nixos-configurations/zeus.nix index 119362b..dad1cf5 100644 --- a/nixos-configurations/zeus.nix +++ b/nixos-configurations/zeus.nix @@ -35,6 +35,7 @@ in ezModules.docker-qbittorrent ezModules.docker-radarr ezModules.docker-readarr + ezModules.docker-romm ezModules.docker-runner ezModules.docker-sonarr ezModules.docker-static-web diff --git a/nixos-modules/docker-romm.nix b/nixos-modules/docker-romm.nix new file mode 100644 index 0000000..c4a8879 --- /dev/null +++ b/nixos-modules/docker-romm.nix @@ -0,0 +1,81 @@ +{ config, ... }: +{ + sops = { + secrets = { + authKey = { + sopsFile = ../secrets/zeus/romm.yaml; + }; + "db/root" = { + sopsFile = ../secrets/zeus/romm.yaml; + }; + "db/user" = { + sopsFile = ../secrets/zeus/romm.yaml; + }; + "igdb/client" = { + sopsFile = ../secrets/zeus/romm.yaml; + }; + "igdb/secret" = { + sopsFile = ../secrets/zeus/romm.yaml; + }; + }; + templates = { + "romm.env".content = '' + DB_PASSWD=${config.sops.placeholder."db/user"} + IGDB_CLIENT_ID=${config.sops.placeholder."igdb/client"} + IGDB_CLIENT_SECRET=${config.sops.placeholder."igdb/secret"} + ROMM_AUTH_SECRET_KEY=${config.sops.placeholder.authKey} + ''; + "romm-db.env".content = '' + MYSQL_ROOT_PASSWORD=${config.sops.placeholder."db/root"} + MYSQL_PASSWORD=${config.sops.placeholder."db/user"} + ''; + }; + }; + virtualisation = { + containers.enable = true; + podman.enable = true; + oci-containers.containers = { + romm = { + image = "rommapp/romm:latest"; + volumes = [ + "romm_resources:/romm/resources" + "romm_redis_data:/redis-data" + "romm_library:/romm/library" + "romm_assets:/romm/assets" + "romm_config:/romm/config" + ]; + environment = { + TZ = "America/New_York"; + DB_HOST = "romm-db"; + DB_NAME = "romm"; + DB_USER = "romm-user"; + }; + environmentFiles = [ config.sops.templates."romm.env".path ]; + labels = { + swag = "enable"; + swag_url = "romm.icanttype.org"; + swag_port = "8080"; + }; + extraOptions = [ + "--pull=newer" + "--network=www,romm" + ]; + dependsOn = [ "romm-db" ]; + }; + romm-db = { + image = "mariadb:latest"; + volumes = [ "romm_maria_db:/var/lib/mysql" ]; + environment = { + TZ = "America/New_York"; + MYSQL_DATABASE = "romm"; + MYSQL_USER = "romm-user"; + }; + environmentFiles = [ config.sops.templates."romm-db.env".path ]; + extraOptions = [ + "--pull=newer" + "--network=romm" + ]; + }; + }; + }; +} diff --git a/secrets/zeus/romm.yaml b/secrets/zeus/romm.yaml new file mode 100644 index 0000000..80ebf18 --- /dev/null +++ b/secrets/zeus/romm.yaml @@ -0,0 +1,36 @@ +authKey: ENC[AES256_GCM,data:o2R+msPLlnpkXWU/i0QnTDsvE44z64TT0DsXA0x/zaBZSx1qi0PpEeAAjSQmLYrvbRgocDRid8077108OjQ8Kg==,iv:MYYY7iH5cr/2mVnbk/jW8u4ZjkBn9vouJIiO35lcmbs=,tag:vVSkQOnVgypv7AdR1ASTkQ==,type:str] +db: + root: ENC[AES256_GCM,data:u+1EJVLRmXsVpwzZY6Zd2Cwfjm8u1nbRRhyMZvN4U1E=,iv:B0xaunsSVUnz5wsm4dC4KqD+oBeJrEmmzPW3THZSD9g=,tag:uyIrI5HMg19q9YQjhs6Gyw==,type:str] + user: ENC[AES256_GCM,data:aGyV6nSbBr4Ob6R7JHL60JBUnUrIJYNYeKBIuEhrM5c=,iv:ZcbHzTxkqHbgTUDVm/ZVw85Vf8JvcgKEQwh/uQS2KfA=,tag:IwBYPqJMieNss/sMrUXnfw==,type:str] +igdb: + client: ENC[AES256_GCM,data:kyjgRyHyPwOPN3cURV8r9mTQvgRAi3lSd9ikFPO+,iv:JZnWLNSYr1WKwCcs31jlYuUATrI/qNjCocnhCHxyg8w=,tag:JvIY6Dq7H82bM/aVKw/93A==,type:str] + secret: ENC[AES256_GCM,data:56AIYjgou3lLDdOQS+a5FZQLuW245WT9elf04hJu,iv:nrUytWeeD/bW3D3SAH2jddQta2kZEui0KC09wT/eskQ=,tag:ZTzLz48Sa4iTZCHWqrvA0A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOFFYU2FUZUZKdXQ1bkwv + NWRpeE43K1VGUm5QR1lmTHpGNll5UXBrcVdRCnUzOVdTd3FKUjVYaE9qYVpVbVZt + WXRhdnZOMHJqNTl1Rlh2UTR3QnBuL0kKLS0tIHg0SWtFaFA4Q3daU1Z0UmZ5aGJR + M1BvK3JrQTlYUktVbTFrRjlDZE14TGcKwmZlC74I5BPi5kjZcfKDnycqIHNlXS95 + kJ5c3+Aq/wdW+3D+q3QGPZznzYksMxqaukjF+Cfbd/IL4dKMbsLNkw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y06hfa8ctp3tr7g2rukmst4cl064hxaqfsx8w0yq4tgmcrv7qvksct7mnl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqck5jSlJwdldiR3RVblhC + UmI3aWIrSGw5cWR1VnAwb0ZnWDZDanMyTkVvCm1nQzJTTjhwQ1pxNU9rL3NZQ0xH + QlZoRER3MFIydGhzU3E1cExJYVRMVXMKLS0tIGs3djNBT1kwTHhLdkx0UHVpZENs + OUNESEtTanEzZk1Naml0S2pRMG5Ldk0KBCelEV1mRWe3D3/AktblJqsjcs3cBpSc + 0G54hNgqPGUMmhl3JDtOwaSTJUeStNVK/W6TP6ijoagfOpyb4qfKSQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-25T01:53:59Z" + mac: ENC[AES256_GCM,data:sTcMgCBo58qW7c+ZXeA2/DbaDNBMEDlayb1jzS/4VBqM+anBZMTpgzmwf3I3hnilW6FKHftSkqxRS6VaTVmBp5Ps81EO39lSWKwjKQI1IZ1ZM4V2/mEfIIqzxLaEuXzXWvVSL2FSUy+d4q4LuUa/MrdD9OVy70vL9YnaC2P0U9U=,iv:d8Cu6r4mmqNTlWRhGGucMZZ9/iD0uIiJZ4g6uNCnvfg=,tag:3qY46WZPWzmrw3KuMWDEyQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1