This commit is contained in:
Chris Dombroski 2024-10-24 22:04:56 -04:00
parent a4b35d95ff
commit 33d5213962
4 changed files with 119 additions and 0 deletions

View file

@ -18,3 +18,4 @@ local-data: "readarr.icanttype.org. IN A 10.42.69.100"
local-data: "qbittorrent.icanttype.org. IN A 10.42.69.100" local-data: "qbittorrent.icanttype.org. IN A 10.42.69.100"
local-data: "calibre.icanttype.org. IN A 10.42.69.100" local-data: "calibre.icanttype.org. IN A 10.42.69.100"
local-data: "calibre-web.icanttype.org. IN A 10.42.69.100" local-data: "calibre-web.icanttype.org. IN A 10.42.69.100"
local-data: "romm.icanttype.org. IN A 10.42.69.100"

View file

@ -35,6 +35,7 @@ in
ezModules.docker-qbittorrent ezModules.docker-qbittorrent
ezModules.docker-radarr ezModules.docker-radarr
ezModules.docker-readarr ezModules.docker-readarr
ezModules.docker-romm
ezModules.docker-runner ezModules.docker-runner
ezModules.docker-sonarr ezModules.docker-sonarr
ezModules.docker-static-web ezModules.docker-static-web

View file

@ -0,0 +1,81 @@
{ config, ... }:
{
sops = {
secrets = {
authKey = {
sopsFile = ./secrets/zeus/romm.yaml;
};
"db/root" = {
sopsFile = ./secrets/zeus/romm.yaml;
};
"db/user" = {
sopsFile = ./secrets/zeus/romm.yaml;
};
"igdb/client" = {
sopsFile = ./secrets/zeus/romm.yaml;
};
"igdb/secret" = {
sopsFile = ./secrets/zeus/romm.yaml;
};
};
templates = {
"romm.env".content = ''
DB_PASSWD=${config.sops.placeholder."db/user"}
IGDB_CLIENT_ID=${config.sops.placeholder."igdb/client"}
IGDB_CLIENT_SECRET=${config.sops.placeholder."igdb/secret"}
ROMM_AUTH_SECRET_KEY=${config.sops.placeholder.authKey}
'';
"romm-db.env".content = ''
MYSQL_ROOT_PASSWORD=${config.sops.placeholder."db/root"}
MYSQL_PASSWORD=${config.sops.placeholder."db/user"}
'';
};
};
virtualisation = {
containers.enable = true;
podman.enable = true;
oci-containers.containers = {
romm = {
image = "rommapp/romm:latest";
volumes = [
"romm_resources:/romm/resources"
"romm_redis_data:/redis-data"
"romm_library:/romm/library"
"romm_assets:/romm/assets"
"romm_config:/romm/config"
];
environment = {
TZ = "America/New_York";
DB_HOST = "romm-db";
DB_NAME = "romm";
DB_USER = "romm-user";
};
environmentFiles = [ config.sops.templates."romm.env".path ];
labels = {
swag = "enable";
swag_url = "romm.icanttype.org";
swag_port = "8080";
};
extraOptions = [
"--pull=newer"
"--network=www,romm"
];
dependsOn = [ "romm-db" ];
};
romm-db = {
image = "mariadb:latest";
volumes = [ "romm_maria_db:/var/lib/mysql" ];
environment = {
TZ = "America/New_York";
MYSQL_DATABASE = "romm";
MYSQL_USER = "romm-user";
};
environmentFiles = [ config.sops.templates."romm-db.env".path ];
extraOptions = [
"--pull=newer"
"--network=romm"
];
};
};
};
}

36
secrets/zeus/romm.yaml Normal file
View file

@ -0,0 +1,36 @@
authKey: ENC[AES256_GCM,data:o2R+msPLlnpkXWU/i0QnTDsvE44z64TT0DsXA0x/zaBZSx1qi0PpEeAAjSQmLYrvbRgocDRid8077108OjQ8Kg==,iv:MYYY7iH5cr/2mVnbk/jW8u4ZjkBn9vouJIiO35lcmbs=,tag:vVSkQOnVgypv7AdR1ASTkQ==,type:str]
db:
root: ENC[AES256_GCM,data:u+1EJVLRmXsVpwzZY6Zd2Cwfjm8u1nbRRhyMZvN4U1E=,iv:B0xaunsSVUnz5wsm4dC4KqD+oBeJrEmmzPW3THZSD9g=,tag:uyIrI5HMg19q9YQjhs6Gyw==,type:str]
user: ENC[AES256_GCM,data:aGyV6nSbBr4Ob6R7JHL60JBUnUrIJYNYeKBIuEhrM5c=,iv:ZcbHzTxkqHbgTUDVm/ZVw85Vf8JvcgKEQwh/uQS2KfA=,tag:IwBYPqJMieNss/sMrUXnfw==,type:str]
igdb:
client: ENC[AES256_GCM,data:kyjgRyHyPwOPN3cURV8r9mTQvgRAi3lSd9ikFPO+,iv:JZnWLNSYr1WKwCcs31jlYuUATrI/qNjCocnhCHxyg8w=,tag:JvIY6Dq7H82bM/aVKw/93A==,type:str]
secret: ENC[AES256_GCM,data:56AIYjgou3lLDdOQS+a5FZQLuW245WT9elf04hJu,iv:nrUytWeeD/bW3D3SAH2jddQta2kZEui0KC09wT/eskQ=,tag:ZTzLz48Sa4iTZCHWqrvA0A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOFFYU2FUZUZKdXQ1bkwv
NWRpeE43K1VGUm5QR1lmTHpGNll5UXBrcVdRCnUzOVdTd3FKUjVYaE9qYVpVbVZt
WXRhdnZOMHJqNTl1Rlh2UTR3QnBuL0kKLS0tIHg0SWtFaFA4Q3daU1Z0UmZ5aGJR
M1BvK3JrQTlYUktVbTFrRjlDZE14TGcKwmZlC74I5BPi5kjZcfKDnycqIHNlXS95
kJ5c3+Aq/wdW+3D+q3QGPZznzYksMxqaukjF+Cfbd/IL4dKMbsLNkw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y06hfa8ctp3tr7g2rukmst4cl064hxaqfsx8w0yq4tgmcrv7qvksct7mnl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqck5jSlJwdldiR3RVblhC
UmI3aWIrSGw5cWR1VnAwb0ZnWDZDanMyTkVvCm1nQzJTTjhwQ1pxNU9rL3NZQ0xH
QlZoRER3MFIydGhzU3E1cExJYVRMVXMKLS0tIGs3djNBT1kwTHhLdkx0UHVpZENs
OUNESEtTanEzZk1Naml0S2pRMG5Ldk0KBCelEV1mRWe3D3/AktblJqsjcs3cBpSc
0G54hNgqPGUMmhl3JDtOwaSTJUeStNVK/W6TP6ijoagfOpyb4qfKSQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-25T01:53:59Z"
mac: ENC[AES256_GCM,data:sTcMgCBo58qW7c+ZXeA2/DbaDNBMEDlayb1jzS/4VBqM+anBZMTpgzmwf3I3hnilW6FKHftSkqxRS6VaTVmBp5Ps81EO39lSWKwjKQI1IZ1ZM4V2/mEfIIqzxLaEuXzXWvVSL2FSUy+d4q4LuUa/MrdD9OVy70vL9YnaC2P0U9U=,iv:d8Cu6r4mmqNTlWRhGGucMZZ9/iD0uIiJZ4g6uNCnvfg=,tag:3qY46WZPWzmrw3KuMWDEyQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1