Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

great docker migration

Browse Source
This commit is contained in:
Nathan
2026-01-30 11:19:24 -06:00
parent 0603de3f11
commit 06edfb2795
17 changed files with 136 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
profiles/homebox/default.nix
View File

@@ -76,38 +76,25 @@
enable = true;
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
authentik.enable = true;
};
containers = {
traefik.enable = true;
jellyfin.enable = true;
"esotericbytes.com".enable = true;
nextcloud.enable = true;
ntfy.enable = false;
gitea.enable = true;
netbird.enable = true;
openwebui.enable = true;
wyoming = {
enable = false;
piper = false;
openwakeword = true;
faster-whisper = true;
};
rustdesk.enable = false; #broken
code-server.enable = true;
novnc.enable = false;
minecraft.enable = true;
sandbox.enable = false;

1
system/virtualization/docker/gitea/default.nix
View File

@@ -0,0 +1 @@
{}

4
system/virtualization/docker/home-assistant/default.nix
View File

@@ -44,10 +44,6 @@ in {
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
};
extraOptions = [
"--ip=192.168.101.6"
];
environment = {
TZ = "America/Chicago";
};

1
system/virtualization/docker/jellyfin/default.nix
View File

@@ -0,0 +1 @@
{}

1
system/virtualization/docker/minecraft/default.nix
View File

@@ -0,0 +1 @@
{}

4
system/virtualization/docker/n8n/default.nix
View File

@@ -43,10 +43,6 @@ in {
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.7"
];
ports = [
"${builtins.toString hostPort}:5678"
];

1
system/virtualization/docker/nextcloud/default.nix
View File

@@ -0,0 +1 @@
{}

1
system/virtualization/docker/ollama/default.nix
View File

@@ -60,7 +60,6 @@ in {
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.4"
];
environment = {

1
system/virtualization/docker/openwebui/default.nix
View File

@@ -0,0 +1 @@
{}

4
system/virtualization/docker/pihole/default.nix
View File

@@ -55,10 +55,6 @@ in {
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.3"
];
ports = [
"${builtins.toString hostPort}:80"
"127.0.0.1:53:53/tcp"

4
system/virtualization/docker/portainer/default.nix
View File

@@ -42,10 +42,6 @@ in {
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.2"
];
ports = [
"127.0.0.1:8000:8000"
"${builtins.toString hostPort}:9000"

1
system/virtualization/docker/rustdesk/default.nix
View File

@@ -0,0 +1 @@
{}

4
system/virtualization/docker/searxng/default.nix
View File

@@ -44,10 +44,6 @@ in {
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.5"
];
ports = [
"${builtins.toString hostPort}:8080"
];

38
system/virtualization/docker/traefik/config/dynamic/routing.yml Normal file
View File

@@ -0,0 +1,38 @@
http:
routers:
homepageSecure:
entryPoints:
- "websecure"
- "localsecure"
rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
service: "homepage"
tls:
certResolver: "cloudflare"
traefik:
entryPoints:
- "localsecure"
rule: "Host(`traefik.esotericbytes.com`)"
service: "api@internal"
tls:
certResolver: "cloudflare"
code-server:
entryPoints:
- "localsecure"
rule: "Host(`code.esotericbytes.com`)"
service: "code-server"
tls:
certResolver: "cloudflare"
services:
homepage:
loadBalancer:
servers:
- url: "http://192.168.100.13:80"
code-server:
loadBalancer:
servers:
- url: "http://192.168.100.31:4444"

71
system/virtualization/docker/traefik/config/traefik.yml Normal file
View File

@@ -0,0 +1,71 @@
providers:
docker:
exposedByDefault: false
file:
directory: "/etc/traefik/dynamic"
serversTransport:
insecureSkipVerify: true
api:
dashboard: true
global:
checknewversion: true
sendanonymoususage: false
entryPoints:
web:
address: ":81"
http:
redirections:
entryPoint:
to: "websecure"
scheme: "https"
websecure:
address: ":444"
asDefault: true
http:
tls:
certResolver: "cloudflare"
domains:
main: "esotericbytes.com"
sans:
- "*.esotericbytes.com"
local:
address: ":80"
http:
redirections:
entryPoint:
to: "localsecure"
scheme: "https"
localsecure:
address: ":443"
asDefault: true
http:
tls:
certResolver: "cloudflare"
domains:
main: "esotericbytes.com"
sans:
- "*.esotericbytes.com"
log:
level: "INFO"
filePath: "/etc/traefik/logs/traefik.log"
format: "json"
certificatesResolvers:
cloudflare:
acme:
storage: "/etc/traefik/acme.json"
keyType: "EC256"
dnsChallenge:
provider: "cloudflare"
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"

37
system/virtualization/docker/traefik/default.nix
View File

@@ -19,17 +19,25 @@
'';
};
environment.etc = builtins.listToAttrs builtins.map (x: {
name = "traefik/${x}";
value = {
source = ./config/${x};
};
}) builtins.attrNames builtins.readDir ./config;
virtualisation.oci-containers.containers.traefik = {
image = "traefik:3.6";
image = "traefik:v3.6";
environment = {
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
};
environmentFiles = [ config.sops.templates."traefik.env".path ];
volumes = [
"vol_traefik:/etc/traefik/data"
"/etc/traefik/:/etc/traefik/"
"/run/docker.sock:/var/run/docker.sock"
];
@@ -37,6 +45,11 @@
"docker-main"
];
ports = [
"80"
"443"
];
log-driver = "journald";
};
systemd.services."docker-traefik" = {
@@ -47,12 +60,10 @@
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
"docker-volume-vol_traefik.service"
"docker-network-setup.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-volume-vol_traefik.service"
"docker-network-setup.service"
];
partOf = [
"docker-compose-traefik-root.target"
@@ -62,20 +73,6 @@
];
};
# Volumes
systemd.services."docker-volume-vol_traefik" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_traefik || docker volume create vol_traefik --driver=btrfs
'';
partOf = [ "docker-compose-traefik-root.target" ];
wantedBy = [ "docker-compose-traefik-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.

1
system/virtualization/docker/wyoming/default.nix
View File

@@ -0,0 +1 @@
{}