great docker migration

2026-01-30 11:19:24 -06:00
parent 0603de3f11
commit 06edfb2795
17 changed files with 136 additions and 57 deletions
--- a/profiles/homebox/default.nix
+++ b/profiles/homebox/default.nix
@@ -76,38 +76,25 @@
                enable = true;
                portainer.enable = true;
                traefik.enable = true;
                pihole.enable = true;
                authentik.enable = true;
                ollama.enable = true;
                searxng.enable = true;
                home-assistant.enable = true;
                n8n.enable = true;
                authentik.enable = true;
            };
            containers = {
                traefik.enable = true;
                jellyfin.enable = true;
                "esotericbytes.com".enable = true;
                nextcloud.enable = true;
                ntfy.enable = false;
                gitea.enable = true;
                netbird.enable = true;
                openwebui.enable = true;
                wyoming = {
                    enable = false;
                    piper = false;
                    openwakeword = true;
                    faster-whisper = true;
                };
                rustdesk.enable = false; #broken
                code-server.enable = true;
                novnc.enable = false;
                minecraft.enable = true;
                sandbox.enable = false;
--- a/system/virtualization/docker/gitea/default.nix
+++ b/system/virtualization/docker/gitea/default.nix
@@ -0,0 +1 @@
 {}
--- a/system/virtualization/docker/home-assistant/default.nix
+++ b/system/virtualization/docker/home-assistant/default.nix
@@ -44,10 +44,6 @@ in {
                "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
            };
            extraOptions = [
                "--ip=192.168.101.6"
            ];
            environment = {
                TZ = "America/Chicago";
            };
--- a/system/virtualization/docker/jellyfin/default.nix
+++ b/system/virtualization/docker/jellyfin/default.nix
@@ -0,0 +1 @@
 {}
--- a/system/virtualization/docker/minecraft/default.nix
+++ b/system/virtualization/docker/minecraft/default.nix
@@ -0,0 +1 @@
 {}
--- a/system/virtualization/docker/n8n/default.nix
+++ b/system/virtualization/docker/n8n/default.nix
@@ -43,10 +43,6 @@ in {
                "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
            };
            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
                "--ip=192.168.101.7"
            ];
            ports = [
                "${builtins.toString hostPort}:5678"
            ];
--- a/system/virtualization/docker/nextcloud/default.nix
+++ b/system/virtualization/docker/nextcloud/default.nix
@@ -0,0 +1 @@
 {}
--- a/system/virtualization/docker/ollama/default.nix
+++ b/system/virtualization/docker/ollama/default.nix
@@ -60,7 +60,6 @@ in {
            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
                "--device=nvidia.com/gpu=all"
                "--ip=192.168.101.4"
            ];
            environment = {
--- a/system/virtualization/docker/openwebui/default.nix
+++ b/system/virtualization/docker/openwebui/default.nix
@@ -0,0 +1 @@
 {}
--- a/system/virtualization/docker/pihole/default.nix
+++ b/system/virtualization/docker/pihole/default.nix
@@ -55,10 +55,6 @@ in {
                "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
            };
            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
                "--ip=192.168.101.3"
            ];
            ports = [
                "${builtins.toString hostPort}:80"
                "127.0.0.1:53:53/tcp"
--- a/system/virtualization/docker/portainer/default.nix
+++ b/system/virtualization/docker/portainer/default.nix
@@ -42,10 +42,6 @@ in {
                "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
            };
            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
                "--ip=192.168.101.2"
            ];
            ports = [
                "127.0.0.1:8000:8000"
                "${builtins.toString hostPort}:9000"
--- a/system/virtualization/docker/rustdesk/default.nix
+++ b/system/virtualization/docker/rustdesk/default.nix
@@ -0,0 +1 @@
 {}
--- a/system/virtualization/docker/searxng/default.nix
+++ b/system/virtualization/docker/searxng/default.nix
@@ -44,10 +44,6 @@ in {
                "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
            };
            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
                "--ip=192.168.101.5"
            ];
            ports = [
                "${builtins.toString hostPort}:8080"
            ];
--- a/system/virtualization/docker/traefik/config/dynamic/routing.yml
+++ b/system/virtualization/docker/traefik/config/dynamic/routing.yml
@@ -0,0 +1,38 @@
 http: 
  routers: 
    homepageSecure: 
      entryPoints: 
        - "websecure" 
        - "localsecure"
      rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
      service: "homepage"
      tls:
        certResolver: "cloudflare"
    traefik: 
      entryPoints: 
        - "localsecure"
      rule: "Host(`traefik.esotericbytes.com`)"
      service: "api@internal"
      tls:
        certResolver: "cloudflare"
    code-server: 
      entryPoints: 
        - "localsecure"
      rule: "Host(`code.esotericbytes.com`)"
      service: "code-server"
      tls:
        certResolver: "cloudflare"
  services: 
    homepage:
      loadBalancer:
        servers: 
          - url: "http://192.168.100.13:80"
    code-server:
      loadBalancer:
        servers: 
          - url: "http://192.168.100.31:4444"
--- a/system/virtualization/docker/traefik/config/traefik.yml
+++ b/system/virtualization/docker/traefik/config/traefik.yml
@@ -0,0 +1,71 @@
 providers:
  docker:
    exposedByDefault: false
  file:
    directory: "/etc/traefik/dynamic"
 serversTransport:
  insecureSkipVerify: true
 api: 
  dashboard: true
 global: 
  checknewversion: true
  sendanonymoususage: false
 entryPoints: 
  web: 
    address: ":81"
    http:
      redirections:
        entryPoint: 
          to: "websecure"
          scheme: "https"
  websecure: 
    address: ":444"
    asDefault: true
    http:
      tls: 
        certResolver: "cloudflare"
        domains: 
          main: "esotericbytes.com"
          sans:
            - "*.esotericbytes.com" 
  local: 
    address: ":80"
    http:
      redirections:
        entryPoint: 
          to: "localsecure"
          scheme: "https"
  localsecure: 
    address: ":443"
    asDefault: true
    http:
      tls: 
        certResolver: "cloudflare"
      domains: 
        main: "esotericbytes.com"
        sans:
         - "*.esotericbytes.com" 
 log: 
  level: "INFO"
  filePath: "/etc/traefik/logs/traefik.log"
  format: "json"
 certificatesResolvers: 
  cloudflare: 
    acme: 
      storage: "/etc/traefik/acme.json"
      keyType: "EC256"
      dnsChallenge: 
        provider: "cloudflare"
        resolvers:
          - "1.1.1.1:53" 
          - "1.0.0.1:53"
--- a/system/virtualization/docker/traefik/default.nix
+++ b/system/virtualization/docker/traefik/default.nix
@@ -19,17 +19,25 @@
            '';
        };
        environment.etc = builtins.listToAttrs builtins.map (x: { 
            name = "traefik/${x}"; 
            value = {
                source = ./config/${x};
            };
        }) builtins.attrNames builtins.readDir ./config;
        virtualisation.oci-containers.containers.traefik = {
-            image = "traefik:3.6";
+            image = "traefik:v3.6";
            environment = {
                TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
            };
            environmentFiles = [ config.sops.templates."traefik.env".path ];
            volumes = [
-                "vol_traefik:/etc/traefik/data"
+                "/etc/traefik/:/etc/traefik/"
                "/run/docker.sock:/var/run/docker.sock" 
            ];
@@ -37,6 +45,11 @@
                "docker-main"
            ];
            ports = [
                "80"
                "443"
            ];
            log-driver = "journald";
        };
        systemd.services."docker-traefik" = {
@@ -47,12 +60,10 @@
                RestartSteps = lib.mkOverride 90 9;
            };
            after = [
-                "docker-network-authentik_default.service"
+                "docker-network-setup.service"
                "docker-volume-vol_traefik.service" 
            ];
            requires = [
-                "docker-network-authentik_default.service"
+                "docker-network-setup.service"
                "docker-volume-vol_traefik.service" 
            ];
            partOf = [
                "docker-compose-traefik-root.target"
@@ -62,20 +73,6 @@
            ];
        };
 # Volumes
        systemd.services."docker-volume-vol_traefik" = {
            path = [ pkgs.docker ];
            serviceConfig = {
                Type = "oneshot";
                RemainAfterExit = true;
            };
            script = ''
                docker volume inspect vol_traefik || docker volume create vol_traefik --driver=btrfs
                '';
            partOf = [ "docker-compose-traefik-root.target" ];
            wantedBy = [ "docker-compose-traefik-root.target" ];
        };
 # Root service
 # When started, this will automatically create all resources and start
 # the containers. When stopped, this will teardown all resources.
--- a/system/virtualization/docker/wyoming/default.nix
+++ b/system/virtualization/docker/wyoming/default.nix
@@ -0,0 +1 @@
 {}