~

2025-03-13 07:53:25 +00:00 · 2025-03-07 22:59:33 -05:00 · 2025-03-07 22:59:33 -05:00 · 6f8022a2d0
commit 6f8022a2d0
parent b62b4be3d0
5 changed files with 61 additions and 71 deletions
--- a/nixos/docker/pihole/default.nix
+++ b/nixos/docker/pihole/default.nix
@ -30,8 +30,8 @@ in with lib; {
 					FTLCONF_webserver_api_password = mkIf (cfg.api-password != "") cfg.api-password;
 				};
 				ports = [
-					(builtins.toString cfg.listenPortHTTP + ":80")
-					(builtins.toString cfg.listenPortHTTPS + ":443")
+					(builtins.toString cfg.listenPortHTTP + ":80/tcp")
+					(builtins.toString cfg.listenPortHTTPS + ":443/tcp")
 				];
 			};

--- a/nixos/docker/raspap/default.nix
+++ b/nixos/docker/raspap/default.nix
@ -15,6 +15,14 @@ in with lib; {
 			type = types.str;
 			default = "US";
 		};
+		listenPort = mkOption {
+			type = types.int;
+			default = 8081;
+		};
+		openFirewall = mkOption {
+			type = types.bool;
+			default = false;
+		};
 		webgui = {
 			username = mkOption {
 				type = types.str;
@ -28,10 +36,6 @@ in with lib; {
 				type = types.int;
 				default = 80;
 			};
-			openFirewall = mkOption {
-				type = types.bool;
-				default = false;
-			};
 		};
 	};

@ -39,6 +43,9 @@ in with lib; {
 		(import ./docker-compose.nix { inherit pkgs lib; })
 		{
 			virtualisation.oci-containers.containers.raspap = {
+				ports = [
+					(builtins.toString cfg.listenPort + ":8081/tcp")
+				];
 				environment = {
 					RASPAP_SSID = cfg.ssid;
 					RASPAP_SSID_PASS = cfg.password;
@ -49,8 +56,8 @@ in with lib; {
 				};
 			};

-			networking.firewall = mkIf cfg.webgui.openFirewall {
-				allowedTCPPorts = [ cfg.webgui.listenPort ];
+			networking.firewall = mkIf cfg.openFirewall {
+				allowedTCPPorts = [ cfg.listenPort cfg.webgui.listenPort ];
 			};
 		}
 	]);
--- a/nixos/docker/raspap/docker-compose.nix
+++ b/nixos/docker/raspap/docker-compose.nix
@ -2,59 +2,48 @@
 { pkgs, lib, ... }:

 {
-  # Runtime
-  virtualisation.docker = {
-    enable = true;
-    autoPrune.enable = true;
-  };
-  virtualisation.oci-containers.backend = "docker";
+	# Runtime
+	virtualisation.docker = {
+		enable = true;
+		autoPrune.enable = true;
+	};
+	virtualisation.oci-containers.backend = "docker";

-  # Containers
-  virtualisation.oci-containers.containers."raspap" = {
-    image = "ghcr.io/raspap/raspap-docker:latest";
-    environment = {
-      "RASPAP_COUNTRY" = "GB";
-      "RASPAP_SSID" = "raspap-webgui";
-      "RASPAP_SSID_PASS" = "ChangeMe";
-      "RASPAP_WEBGUI_PASS" = "secret";
-      "RASPAP_WEBGUI_PORT" = "80";
-      "RASPAP_WEBGUI_USER" = "admin";
-    };
-    volumes = [
-      "/sys/fs/cgroup:/sys/fs/cgroup:rw"
-    ];
-    ports = [
-      "8081:8081/tcp"
-    ];
-    log-driver = "journald";
-    extraOptions = [
-      "--cap-add=SYS_ADMIN"
-      "--network=host"
-      "--privileged"
-    ];
-  };
-  systemd.services."docker-raspap" = {
-    serviceConfig = {
-      Restart = lib.mkOverride 90 "always";
-      RestartMaxDelaySec = lib.mkOverride 90 "1m";
-      RestartSec = lib.mkOverride 90 "100ms";
-      RestartSteps = lib.mkOverride 90 9;
-    };
-    partOf = [
-      "docker-compose-raspap-root.target"
-    ];
-    wantedBy = [
-      "docker-compose-raspap-root.target"
-    ];
-  };
+	# Containers
+	virtualisation.oci-containers.containers."raspap" = {
+		image = "ghcr.io/raspap/raspap-docker:latest";
+		volumes = [
+			"/sys/fs/cgroup:/sys/fs/cgroup:rw"
+		];
+		log-driver = "journald";
+		extraOptions = [
+			"--cap-add=SYS_ADMIN"
+			"--network=host"
+			"--privileged"
+		];
+	};
+	systemd.services."docker-raspap" = {
+		serviceConfig = {
+			Restart = lib.mkOverride 90 "always";
+			RestartMaxDelaySec = lib.mkOverride 90 "1m";
+			RestartSec = lib.mkOverride 90 "100ms";
+			RestartSteps = lib.mkOverride 90 9;
+		};
+		partOf = [
+			"docker-compose-raspap-root.target"
+		];
+		wantedBy = [
+			"docker-compose-raspap-root.target"
+		];
+	};

-  # Root service
-  # When started, this will automatically create all resources and start
-  # the containers. When stopped, this will teardown all resources.
-  systemd.targets."docker-compose-raspap-root" = {
-    unitConfig = {
-      Description = "Root target generated by compose2nix.";
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
+	# Root service
+	# When started, this will automatically create all resources and start
+	# the containers. When stopped, this will teardown all resources.
+	systemd.targets."docker-compose-raspap-root" = {
+		unitConfig = {
+			Description = "Root target generated by compose2nix.";
+		};
+		wantedBy = [ "multi-user.target" ];
+	};
 }
--- a/nixos/docker/raspap/docker-compose.yml
+++ b/nixos/docker/raspap/docker-compose.yml
@ -5,18 +5,9 @@ services:
    container_name: raspap
    image: ghcr.io/raspap/raspap-docker:latest
    #build: .
-    ports:
-      - "8081:8081"
    privileged: true
    network_mode: host
    cgroup: host # uncomment when using an ARM device
-    environment:
-      - RASPAP_SSID=raspap-webgui
-      - RASPAP_SSID_PASS=ChangeMe
-      - RASPAP_COUNTRY=GB
-      - RASPAP_WEBGUI_USER=admin
-      - RASPAP_WEBGUI_PASS=secret
-      - RASPAP_WEBGUI_PORT=80
    cap_add:
      - SYS_ADMIN
    volumes:
--- a/nixos/hosts/near/configuration.nix
+++ b/nixos/hosts/near/configuration.nix
@ -24,11 +24,14 @@
 			enable = true;
 			ssid = "near";
 			password = "RjkVTYUZE08HN"; #! world readable
+			country = "US";
+
+			listenPort = 8082;
+			openFirewall = true;
 			webgui = {
 				username = "rae";
 				password = "EBjrJutn06C"; #! world readable
 				listenPort = 8080;
-				openFirewall = true;
 			};
 		};
 	};