From 21c4cf2e1f3794149cba6e426419599997da6d63 Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Wed, 2 Nov 2022 21:51:21 +0100 Subject: [PATCH 1/6] Remove the docker imports from modules --- modules/heimdall/default.nix | 3 --- modules/plex/default.nix | 3 --- modules/rss-bridge/default.nix | 3 --- systems/plex/default.nix | 1 + 4 files changed, 1 insertion(+), 9 deletions(-) diff --git a/modules/heimdall/default.nix b/modules/heimdall/default.nix index 2dc3bfb..c48a256 100644 --- a/modules/heimdall/default.nix +++ b/modules/heimdall/default.nix @@ -1,8 +1,5 @@ { inputs, ... }: { - imports = [ - "${inputs.self}/modules/docker" - ]; virtualisation.oci-containers = { backend = "docker"; containers."heimdall" = { diff --git a/modules/plex/default.nix b/modules/plex/default.nix index e3b77a6..4d446d1 100644 --- a/modules/plex/default.nix +++ b/modules/plex/default.nix @@ -1,8 +1,5 @@ { inputs, config, ... }: { - imports = [ - "${inputs.self}/modules/docker" - ]; age.secrets.plexClaim.file = "${inputs.self}/scrts/plex_claim.age"; networking = { firewall.allowedTCPPorts = [ diff --git a/modules/rss-bridge/default.nix b/modules/rss-bridge/default.nix index 845ecf4..ece7f56 100644 --- a/modules/rss-bridge/default.nix +++ b/modules/rss-bridge/default.nix @@ -3,9 +3,6 @@ let whitelist = builtins.toFile "whitelist.txt" ''*''; in { - imports = [ - "${inputs.self}/modules/docker" - ]; virtualisation.oci-containers = { backend = "docker"; containers."rss-brige" = { diff --git a/systems/plex/default.nix b/systems/plex/default.nix index 341f969..1e1b08a 100644 --- a/systems/plex/default.nix +++ b/systems/plex/default.nix @@ -8,6 +8,7 @@ (import "${inputs.self}/modules/restic-server-client" { time = "03:30"; inherit custom hostname inputs pkgs; }) + "${inputs.self}/modules/docker" "${inputs.self}/modules/media-share" "${inputs.self}/modules/plex" ]; From 58c9fcd3c0fd048049701fdfab73022fef18d20f Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Wed, 2 Nov 2022 21:59:07 +0100 Subject: [PATCH 2/6] Add the container config to the pihole module --- modules/pihole/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/modules/pihole/default.nix b/modules/pihole/default.nix index 63e5b51..e3a9122 100644 --- a/modules/pihole/default.nix +++ b/modules/pihole/default.nix @@ -11,4 +11,26 @@ 67 # DHCP ]; }; + age.secrets.piholeEnv.file = "${inputs.self}/scrts/pihole_env.age"; + virtualisation.oci-containers = { + containers."pihole" = { + image = "pihole/pihole"; + autoStart = true; + environment = { + TZ = "Europe/Zurich"; + ServerIP = "10.7.89.2"; + DNS1 = "127.0.0.1#5335"; # we're using the local unboud server here + RATE_LIMIT = "10000/60"; + }; + environmentFiles = [ config.age.secrets.piholeEnv.path ]; + volumes = [ + "/home/andreas/docker_systems/pihole/etc-pihole:/etc/pihole/" + "/home/andreas/docker_systems/pihole/etc-dnsmasq.d:/etc/dnsmasq.d/" + ]; + extraOptions = [ + "--network=host" + "--cap-add=NET_ADMIN" + ]; + }; + }; } From 04710291463af520aaae269014c0f12c5931d24c Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Wed, 2 Nov 2022 22:01:53 +0100 Subject: [PATCH 3/6] Add a secret for pihole --- scrts/pihole_env.age | Bin 0 -> 1674 bytes scrts/secrets.nix | 1 + 2 files changed, 1 insertion(+) create mode 100644 scrts/pihole_env.age diff --git a/scrts/pihole_env.age b/scrts/pihole_env.age new file mode 100644 index 0000000000000000000000000000000000000000..d7a4e07c4415eaee7f62818d6dc0adfdc59725e7 GIT binary patch literal 1674 zcmZXSxz6)y6@{rN+@2#S35d@6@DPs;lAU;n<01B&coL20d5C8l3L2oK;RYxu&K+$@pA7bzW&JX;W>UnVgi~mp?y+&HB4rl+_&iVf2)ezHmeu4zB`4)N75raCN>r zm>ha8pzE})7R0=Dl7qvq{gMTQh3SZPp!TaBa#bnwYl(-93j$LG=R16;B$&n4wg$<122oZHUk9PJkwqfL_nP5 zv{@|boVI2u?{J&7s}dXo&d%C{s*DxIJem|yS#U-K`foLy5mtN-DshvqLn{`=F;*;B zi&b4CwhR=cO`CBiVumRq_cSyH40Z?`Ifgm4W`Pp9VnMUmfmY@2F&iB)`48Bt zrSL(@*8%PI$2LD?&$W7DB$7{W9)1?>QUx7+)<{z=U4(K@(NNu}woXZu>a~N+WIYiL z(~QZzjWQ!~UlOGjE|+Fqp_6G`ds+zj8QazdYFXlCiHXB81X9L5iN`lP*=1A%^QTaR z=4TK1<}#OSCwfNq2AdfBEPT`zgbnC?6H!#75>etwAUr3YVT=@Cff>%l7D!{dU5Nm& zsky_}L}qu*n{+p4?xcB%+W)AL#5hS}>}jl;7qXtH=$z~^BO6ni@QA%HI8`m|{1DP} z6QBivpR-g-hLXw=RK4v7NQKSGuDgH>(!pvq?l*6A5V~ikh2dGc-*{BMKF5EH_-~rl zi)+W7$nkI*Ljf5$hennbA+C~l8ub1-@0+4-^p{ay1DL6t3i24VD-2I3k;Ie5h1Vua zZd-m?O=fw%XbT?Fy+Cr5=l_p(ci$Ylo`~9J-mcNRc02J_uSaQMD2gOTGkk82)!@f) zohl0pRt|a=dP3o01*`K;vk%Y=(<`RzMD>_F8pi@rm-#Hlyy3t8H(N?APQsl+kE{)S z;h9&@YDutp&KoJwM*}~e!M!$}DZBgWm~;0}O`1*D@I4L8JfuoX2!uM|D81!^{k%9* z$;`DbB`xQ|Nc1n-x5{sRWJ3~+$;mzSx6==X6Q9dWS$-SJIOyZ!nZ5#& zbA-154&E|+hZ)D%9z!K}CQHzHp5CB8eEHMM&%X9W`=`JC^@l(C^;iG?tA89{!aw@$ nkAMI9?>;;2=x2ZV{vVO={qpO>Oa8@Irf(ph|M}-%{096JtSl(= literal 0 HcmV?d00001 diff --git a/scrts/secrets.nix b/scrts/secrets.nix index a4c6296..a5d6b87 100644 --- a/scrts/secrets.nix +++ b/scrts/secrets.nix @@ -34,5 +34,6 @@ in { "plex_claim.age".publicKeys = defaultKeys ++ [ plex ]; "ttrss_env.age".publicKeys = defaultKeys ++ [ ttrss ]; + "pihole_env.age".publicKeys = defaultKeys ++ [ pihole ]; } From b7226de8560088de86548fd9a9a2b10b4521771c Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Wed, 2 Nov 2022 22:40:42 +0100 Subject: [PATCH 4/6] Add missing variables --- modules/pihole/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/pihole/default.nix b/modules/pihole/default.nix index e3a9122..243d842 100644 --- a/modules/pihole/default.nix +++ b/modules/pihole/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, inputs, ... }: { networking = { firewall.allowedTCPPorts = [ From 703ecbccc18876170e57a666c39fd789fc393394 Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Wed, 2 Nov 2022 22:40:48 +0100 Subject: [PATCH 5/6] Update the volume paths --- modules/pihole/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/pihole/default.nix b/modules/pihole/default.nix index 243d842..b97e7fb 100644 --- a/modules/pihole/default.nix +++ b/modules/pihole/default.nix @@ -24,8 +24,8 @@ }; environmentFiles = [ config.age.secrets.piholeEnv.path ]; volumes = [ - "/home/andreas/docker_systems/pihole/etc-pihole:/etc/pihole/" - "/home/andreas/docker_systems/pihole/etc-dnsmasq.d:/etc/dnsmasq.d/" + "/var/lib/pihole/etc-pihole:/etc/pihole/" + "/var/lib/pihole/etc-dnsmasq.d:/etc/dnsmasq.d/" ]; extraOptions = [ "--network=host" From b686589199da3f00f2d21214b1f310106980dede Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Wed, 2 Nov 2022 23:17:37 +0100 Subject: [PATCH 6/6] Add a path and tag parameter to the restic client --- modules/restic-server-client/default.nix | 12 ++++++++++-- systems/pihole/default.nix | 2 ++ systems/plex/default.nix | 2 ++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/restic-server-client/default.nix b/modules/restic-server-client/default.nix index 531a92a..61d1ca0 100644 --- a/modules/restic-server-client/default.nix +++ b/modules/restic-server-client/default.nix @@ -1,4 +1,12 @@ -{ hostname, inputs, custom, pkgs, time, ... }: +{ hostname +, inputs +, custom +, path ? "/home/${custom.username}" +, pkgs +, tag ? "home-dir" +, time +, ... +}: { imports = [ "${inputs.self}/modules/telegram-notifications" @@ -24,7 +32,7 @@ script = '' ${pkgs.restic}/bin/restic backup \ --exclude-file=${inputs.self}/modules/restic/excludes.txt \ - --tag home-dir /home/${custom.username} + --tag ${tag} ${path} ${pkgs.restic}/bin/restic forget \ --tag home-dir \ diff --git a/systems/pihole/default.nix b/systems/pihole/default.nix index b14b958..320e0b4 100644 --- a/systems/pihole/default.nix +++ b/systems/pihole/default.nix @@ -6,6 +6,8 @@ inherit hostname inputs; }) (import "${inputs.self}/modules/restic-server-client" { + path = "/var/lib/pihole"; + tag = "pihole"; time = "05:00"; inherit custom hostname inputs pkgs; }) "${inputs.self}/modules/docker" diff --git a/systems/plex/default.nix b/systems/plex/default.nix index 1e1b08a..82268f9 100644 --- a/systems/plex/default.nix +++ b/systems/plex/default.nix @@ -6,6 +6,8 @@ inherit hostname inputs; }) (import "${inputs.self}/modules/restic-server-client" { + path = "/var/lib/plex"; + tag = "plex"; time = "03:30"; inherit custom hostname inputs pkgs; }) "${inputs.self}/modules/docker"