romm?

2024-10-24 22:04:56 -04:00 · 2024-10-24 22:04:56 -04:00 · 33d5213962
commit 33d5213962
parent a4b35d95ff
4 changed files with 119 additions and 0 deletions
--- a/configs/unbound-local.conf
+++ b/configs/unbound-local.conf
@ -18,3 +18,4 @@ local-data: "readarr.icanttype.org. IN A 10.42.69.100"
 local-data: "qbittorrent.icanttype.org. IN A 10.42.69.100"
 local-data: "calibre.icanttype.org. IN A 10.42.69.100"
 local-data: "calibre-web.icanttype.org. IN A 10.42.69.100"
+local-data: "romm.icanttype.org. IN A 10.42.69.100"
--- a/nixos-configurations/zeus.nix
+++ b/nixos-configurations/zeus.nix
@ -35,6 +35,7 @@ in
    ezModules.docker-qbittorrent
    ezModules.docker-radarr
    ezModules.docker-readarr
+    ezModules.docker-romm
    ezModules.docker-runner
    ezModules.docker-sonarr
    ezModules.docker-static-web
--- a/nixos-modules/docker-romm.nix
+++ b/nixos-modules/docker-romm.nix
@ -0,0 +1,81 @@
+{ config, ... }:
+{
+  sops = {
+    secrets = {
+      authKey = {
+        sopsFile = ./secrets/zeus/romm.yaml;
+      };
+      "db/root" = {
+        sopsFile = ./secrets/zeus/romm.yaml;
+      };
+      "db/user" = {
+        sopsFile = ./secrets/zeus/romm.yaml;
+      };
+      "igdb/client" = {
+        sopsFile = ./secrets/zeus/romm.yaml;
+      };
+      "igdb/secret" = {
+        sopsFile = ./secrets/zeus/romm.yaml;
+      };
+    };
+    templates = {
+      "romm.env".content = ''
+        DB_PASSWD=${config.sops.placeholder."db/user"}
+        IGDB_CLIENT_ID=${config.sops.placeholder."igdb/client"}
+        IGDB_CLIENT_SECRET=${config.sops.placeholder."igdb/secret"}
+        ROMM_AUTH_SECRET_KEY=${config.sops.placeholder.authKey}
+      '';
+      "romm-db.env".content = ''
+        MYSQL_ROOT_PASSWORD=${config.sops.placeholder."db/root"}
+        MYSQL_PASSWORD=${config.sops.placeholder."db/user"}
+      '';
+    };
+  };
+  virtualisation = {
+    containers.enable = true;
+    podman.enable = true;
+    oci-containers.containers = {
+      romm = {
+        image = "rommapp/romm:latest";
+        volumes = [
+          "romm_resources:/romm/resources"
+          "romm_redis_data:/redis-data"
+          "romm_library:/romm/library"
+          "romm_assets:/romm/assets"
+          "romm_config:/romm/config"
+        ];
+        environment = {
+          TZ = "America/New_York";
+          DB_HOST = "romm-db";
+          DB_NAME = "romm";
+          DB_USER = "romm-user";
+        };
+        environmentFiles = [ config.sops.templates."romm.env".path ];
+        labels = {
+          swag = "enable";
+          swag_url = "romm.icanttype.org";
+          swag_port = "8080";
+        };
+        extraOptions = [
+          "--pull=newer"
+          "--network=www,romm"
+        ];
+        dependsOn = [ "romm-db" ];
+      };
+      romm-db = {
+        image = "mariadb:latest";
+        volumes = [ "romm_maria_db:/var/lib/mysql" ];
+        environment = {
+          TZ = "America/New_York";
+          MYSQL_DATABASE = "romm";
+          MYSQL_USER = "romm-user";
+        };
+        environmentFiles = [ config.sops.templates."romm-db.env".path ];
+        extraOptions = [
+          "--pull=newer"
+          "--network=romm"
+        ];
+      };
+    };
+  };
+}
--- a/secrets/zeus/romm.yaml
+++ b/secrets/zeus/romm.yaml
@ -0,0 +1,36 @@
+authKey: ENC[AES256_GCM,data:o2R+msPLlnpkXWU/i0QnTDsvE44z64TT0DsXA0x/zaBZSx1qi0PpEeAAjSQmLYrvbRgocDRid8077108OjQ8Kg==,iv:MYYY7iH5cr/2mVnbk/jW8u4ZjkBn9vouJIiO35lcmbs=,tag:vVSkQOnVgypv7AdR1ASTkQ==,type:str]
+db:
+    root: ENC[AES256_GCM,data:u+1EJVLRmXsVpwzZY6Zd2Cwfjm8u1nbRRhyMZvN4U1E=,iv:B0xaunsSVUnz5wsm4dC4KqD+oBeJrEmmzPW3THZSD9g=,tag:uyIrI5HMg19q9YQjhs6Gyw==,type:str]
+    user: ENC[AES256_GCM,data:aGyV6nSbBr4Ob6R7JHL60JBUnUrIJYNYeKBIuEhrM5c=,iv:ZcbHzTxkqHbgTUDVm/ZVw85Vf8JvcgKEQwh/uQS2KfA=,tag:IwBYPqJMieNss/sMrUXnfw==,type:str]
+igdb:
+    client: ENC[AES256_GCM,data:kyjgRyHyPwOPN3cURV8r9mTQvgRAi3lSd9ikFPO+,iv:JZnWLNSYr1WKwCcs31jlYuUATrI/qNjCocnhCHxyg8w=,tag:JvIY6Dq7H82bM/aVKw/93A==,type:str]
+    secret: ENC[AES256_GCM,data:56AIYjgou3lLDdOQS+a5FZQLuW245WT9elf04hJu,iv:nrUytWeeD/bW3D3SAH2jddQta2kZEui0KC09wT/eskQ=,tag:ZTzLz48Sa4iTZCHWqrvA0A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOFFYU2FUZUZKdXQ1bkwv
+            NWRpeE43K1VGUm5QR1lmTHpGNll5UXBrcVdRCnUzOVdTd3FKUjVYaE9qYVpVbVZt
+            WXRhdnZOMHJqNTl1Rlh2UTR3QnBuL0kKLS0tIHg0SWtFaFA4Q3daU1Z0UmZ5aGJR
+            M1BvK3JrQTlYUktVbTFrRjlDZE14TGcKwmZlC74I5BPi5kjZcfKDnycqIHNlXS95
+            kJ5c3+Aq/wdW+3D+q3QGPZznzYksMxqaukjF+Cfbd/IL4dKMbsLNkw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1y06hfa8ctp3tr7g2rukmst4cl064hxaqfsx8w0yq4tgmcrv7qvksct7mnl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqck5jSlJwdldiR3RVblhC
+            UmI3aWIrSGw5cWR1VnAwb0ZnWDZDanMyTkVvCm1nQzJTTjhwQ1pxNU9rL3NZQ0xH
+            QlZoRER3MFIydGhzU3E1cExJYVRMVXMKLS0tIGs3djNBT1kwTHhLdkx0UHVpZENs
+            OUNESEtTanEzZk1Naml0S2pRMG5Ldk0KBCelEV1mRWe3D3/AktblJqsjcs3cBpSc
+            0G54hNgqPGUMmhl3JDtOwaSTJUeStNVK/W6TP6ijoagfOpyb4qfKSQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-25T01:53:59Z"
+    mac: ENC[AES256_GCM,data:sTcMgCBo58qW7c+ZXeA2/DbaDNBMEDlayb1jzS/4VBqM+anBZMTpgzmwf3I3hnilW6FKHftSkqxRS6VaTVmBp5Ps81EO39lSWKwjKQI1IZ1ZM4V2/mEfIIqzxLaEuXzXWvVSL2FSUy+d4q4LuUa/MrdD9OVy70vL9YnaC2P0U9U=,iv:d8Cu6r4mmqNTlWRhGGucMZZ9/iD0uIiJZ4g6uNCnvfg=,tag:3qY46WZPWzmrw3KuMWDEyQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1