diff --git a/system/profiles/homebox/default.nix b/system/profiles/homebox/default.nix index 1d383b6..978ac7e 100644 --- a/system/profiles/homebox/default.nix +++ b/system/profiles/homebox/default.nix @@ -78,6 +78,7 @@ portainer.enable = true; pihole.enable = true; ollama.enable = true; + searxng.enable = true; }; virtualization = { diff --git a/system/services/containers/traefik/default.nix b/system/services/containers/traefik/default.nix index 8adc06d..6d332c6 100644 --- a/system/services/containers/traefik/default.nix +++ b/system/services/containers/traefik/default.nix @@ -41,6 +41,11 @@ hostPath = "/ssd1/Traefik/data"; isReadOnly = false; }; + + "/var/run/docker.sock" = lib.mkIf config.sysconfig.docker.enable { + hostPath = "/run/docker.sock"; + isReadOnly = false; + }; }; config = { @@ -77,6 +82,9 @@ checknewversion = false; sendanonymoususage = false; }; + + providers.docker = lib.mkIf config.sysconfig.docker.enable {}; + entryPoints = { web = { @@ -213,7 +221,7 @@ tls.certResolver = "cloudflare"; };*/ - pihole = { + /*pihole = { entryPoints = [ "localsecure" ]; rule = "Host(`pihole.esotericbytes.com`)"; service = "pihole"; @@ -225,7 +233,7 @@ rule = "Host(`portainer.esotericbytes.com`)"; service = "portainer"; tls.certResolver = "cloudflare"; - }; + };*/ netbird = { entryPoints = [ "websecure" "localsecure" ]; @@ -241,12 +249,12 @@ tls.certResolver = "cloudflare"; }; - ollama = { + /*ollama = { entryPoints = [ "localsecure" ]; rule = "Host(`ollama.esotericbytes.com`)"; service = "ollama"; tls.certResolver = "cloudflare"; - }; + };*/ openwebui = { entryPoints = [ "localsecure" ]; @@ -261,7 +269,6 @@ service = "code-server"; tls.certResolver = "cloudflare"; }; - }; middlewares = { @@ -275,17 +282,18 @@ services = { #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ]; + gitea.loadBalancer.servers = [ { url = "http://192.168.100.20:3000"; } ]; homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ]; jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ]; - authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9002"; } ]; - - pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:9001"; } ]; + authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9003"; } ]; - portainer.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; + #pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:9001"; } ]; + + #portainer.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ]; @@ -300,7 +308,7 @@ servers = [ { url = "http://192.168.100.23:80"; } ]; }; - ollama.loadBalancer.servers = [ { url = "http://192.168.100.10:11434"; } ]; + #ollama.loadBalancer.servers = [ { url = "http://192.168.100.10:11434"; } ]; openwebui.loadBalancer.servers = [ { url = "http://192.168.100.33:8080"; } ]; diff --git a/system/services/docker/authentik/default.nix b/system/services/docker/authentik/default.nix new file mode 100644 index 0000000..e69de29 diff --git a/system/services/docker/ollama/default.nix b/system/services/docker/ollama/default.nix index 98ca590..41fe106 100644 --- a/system/services/docker/ollama/default.nix +++ b/system/services/docker/ollama/default.nix @@ -41,6 +41,15 @@ "vol_ollama:/root/.ollama" ]; + labels = { + "traefik.http.routers.ollama.entrypoints" = "localsecure"; + "traefik.http.routers.ollama.rule" = "Host(`ollama.esotericbytes.com`)"; + "traefik.http.routers.ollama.service" = "ollama"; + "traefik.http.routers.ollama.tls.certResolver" = "cloudflare"; + + "traefik.http.services.ollama.loadbalancer.server.port" = "11434"; + }; + extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ "--device=nvidia.com/gpu=all" "--ip=192.168.101.4" diff --git a/system/services/docker/pihole/default.nix b/system/services/docker/pihole/default.nix index 26044c4..063e7d1 100644 --- a/system/services/docker/pihole/default.nix +++ b/system/services/docker/pihole/default.nix @@ -38,6 +38,15 @@ "docker-main" ]; + labels = { + "traefik.http.routers.pihole.entrypoints" = "localsecure"; + "traefik.http.routers.pihole.rule" = "Host(`pihole.esotericbytes.com`)"; + "traefik.http.routers.pihole.service" = "pihole"; + "traefik.http.routers.pihole.tls.certResolver" = "cloudflare"; + + "traefik.http.services.pihole.loadbalancer.server.port" = "80"; + }; + extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ "--ip=192.168.101.3" ]; diff --git a/system/services/docker/portainer/default.nix b/system/services/docker/portainer/default.nix index ff4fb8a..0608918 100644 --- a/system/services/docker/portainer/default.nix +++ b/system/services/docker/portainer/default.nix @@ -25,6 +25,15 @@ "docker-main" ]; + labels = { + "traefik.http.routers.portainer.entrypoints" = "localsecure"; + "traefik.http.routers.portainer.rule" = "Host(`portainer.esotericbytes.com`)"; + "traefik.http.routers.portainer.service" = "portainer"; + "traefik.http.routers.portainer.tls.certResolver" = "cloudflare"; + + "traefik.http.services.portainer.loadbalancer.server.port" = "9000"; + }; + extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ "--ip=192.168.101.2" ]; diff --git a/system/services/docker/searxng/default.nix b/system/services/docker/searxng/default.nix new file mode 100644 index 0000000..e6b5f43 --- /dev/null +++ b/system/services/docker/searxng/default.nix @@ -0,0 +1,55 @@ +{ config, lib, ... }: { + + options.sysconfig.docker.searxng.enable = with lib; mkOption { + type = with types; bool; + default = false; + }; + + config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) { + + networking.firewall.interfaces = { + "ve-traefik" = { + allowedTCPPorts = [ 9002 ]; + }; + }; + + virtualisation.oci-containers.containers.searxng = { + image = "searxng/searxng:latest"; + + # unstable, waiting for 26.05 + #pull = "newer"; + + hostname = "searxng.esotericbytes.com"; + + networks = [ + "docker-main" + ]; + + labels = { + "traefik.http.routers.searxng.entrypoints" = "localsecure"; + "traefik.http.routers.searxng.rule" = "Host(`searxng.esotericbytes.com`)"; + "traefik.http.routers.searxng.service" = "searxng"; + "traefik.http.routers.searxng.tls.certResolver" = "cloudflare"; + + "traefik.http.services.searxng.loadbalancer.server.port" = "8080"; + }; + + extraOptions = lib.mkIf config.sysconfig.docker.nvidia [ + "--ip=192.168.101.5" + ]; + + ports = [ + "9002:8080" + ]; + + volumes = [ + "vol_searxng_settings:/etc/searxng/" + "vol_searxng_data:/var/cache/searxng/" + ]; + + environment = { + SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0"; + }; + }; + }; +}