rae/.dotfiles
rae/.dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~roxwize/.dotfiles synced 2025-05-02 19:53:07 +00:00
Code Issues Activity

~

Browse source
This commit is contained in:
Rae 5e 2025-03-07 22:59:33 -05:00
parent b62b4be3d0
commit 6f8022a2d0
Signed by: rae
GPG key ID: 5B1A0FAB9BAB81EE
5 changed files with 61 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nixos/docker/pihole/default.nix
View file

@ -30,8 +30,8 @@ in with lib; {
FTLCONF_webserver_api_password = mkIf (cfg.api-password != "") cfg.api-password; FTLCONF_webserver_api_password = mkIf (cfg.api-password != "") cfg.api-password;
}; };
ports = [ ports = [
(builtins.toString cfg.listenPortHTTP + ":80") (builtins.toString cfg.listenPortHTTP + ":80/tcp")
(builtins.toString cfg.listenPortHTTPS + ":443") (builtins.toString cfg.listenPortHTTPS + ":443/tcp")
]; ];
}; };

19
nixos/docker/raspap/default.nix
View file

@ -15,6 +15,14 @@ in with lib; {
type = types.str; type = types.str;
default = "US"; default = "US";
}; };
listenPort = mkOption {
type = types.int;
default = 8081;
};
openFirewall = mkOption {
type = types.bool;
default = false;
};
webgui = { webgui = {
username = mkOption { username = mkOption {
type = types.str; type = types.str;
@ -28,10 +36,6 @@ in with lib; {
type = types.int; type = types.int;
default = 80; default = 80;
}; };
openFirewall = mkOption {
type = types.bool;
default = false;
};
}; };
}; };
@ -39,6 +43,9 @@ in with lib; {
(import ./docker-compose.nix { inherit pkgs lib; }) (import ./docker-compose.nix { inherit pkgs lib; })
{ {
virtualisation.oci-containers.containers.raspap = { virtualisation.oci-containers.containers.raspap = {
ports = [
(builtins.toString cfg.listenPort + ":8081/tcp")
];
environment = { environment = {
RASPAP_SSID = cfg.ssid; RASPAP_SSID = cfg.ssid;
RASPAP_SSID_PASS = cfg.password; RASPAP_SSID_PASS = cfg.password;
@ -49,8 +56,8 @@ in with lib; {
}; };
}; };
networking.firewall = mkIf cfg.webgui.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.webgui.listenPort ]; allowedTCPPorts = [ cfg.listenPort cfg.webgui.listenPort ];
}; };
} }
]); ]);

95
nixos/docker/raspap/docker-compose.nix
View file

@ -2,59 +2,48 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
{ {
# Runtime # Runtime
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
}; };
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
# Containers # Containers
virtualisation.oci-containers.containers."raspap" = { virtualisation.oci-containers.containers."raspap" = {
image = "ghcr.io/raspap/raspap-docker:latest"; image = "ghcr.io/raspap/raspap-docker:latest";
environment = { volumes = [
"RASPAP_COUNTRY" = "GB"; "/sys/fs/cgroup:/sys/fs/cgroup:rw"
"RASPAP_SSID" = "raspap-webgui"; ];
"RASPAP_SSID_PASS" = "ChangeMe"; log-driver = "journald";
"RASPAP_WEBGUI_PASS" = "secret"; extraOptions = [
"RASPAP_WEBGUI_PORT" = "80"; "--cap-add=SYS_ADMIN"
"RASPAP_WEBGUI_USER" = "admin"; "--network=host"
}; "--privileged"
volumes = [ ];
"/sys/fs/cgroup:/sys/fs/cgroup:rw" };
]; systemd.services."docker-raspap" = {
ports = [ serviceConfig = {
"8081:8081/tcp" Restart = lib.mkOverride 90 "always";
]; RestartMaxDelaySec = lib.mkOverride 90 "1m";
log-driver = "journald"; RestartSec = lib.mkOverride 90 "100ms";
extraOptions = [ RestartSteps = lib.mkOverride 90 9;
"--cap-add=SYS_ADMIN" };
"--network=host" partOf = [
"--privileged" "docker-compose-raspap-root.target"
]; ];
}; wantedBy = [
systemd.services."docker-raspap" = { "docker-compose-raspap-root.target"
serviceConfig = { ];
Restart = lib.mkOverride 90 "always"; };
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-raspap-root.target"
];
wantedBy = [
"docker-compose-raspap-root.target"
];
};
# Root service # Root service
# When started, this will automatically create all resources and start # When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources. # the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-raspap-root" = { systemd.targets."docker-compose-raspap-root" = {
unitConfig = { unitConfig = {
Description = "Root target generated by compose2nix."; Description = "Root target generated by compose2nix.";
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
} }

9
nixos/docker/raspap/docker-compose.yml
View file

@ -5,18 +5,9 @@ services:
container_name: raspap container_name: raspap
image: ghcr.io/raspap/raspap-docker:latest image: ghcr.io/raspap/raspap-docker:latest
#build: . #build: .
ports:
- "8081:8081"
privileged: true privileged: true
network_mode: host network_mode: host
cgroup: host # uncomment when using an ARM device cgroup: host # uncomment when using an ARM device
environment:
- RASPAP_SSID=raspap-webgui
- RASPAP_SSID_PASS=ChangeMe
- RASPAP_COUNTRY=GB
- RASPAP_WEBGUI_USER=admin
- RASPAP_WEBGUI_PASS=secret
- RASPAP_WEBGUI_PORT=80
cap_add: cap_add:
- SYS_ADMIN - SYS_ADMIN
volumes: volumes:

5
nixos/hosts/near/configuration.nix
View file

@ -24,11 +24,14 @@
enable = true; enable = true;
ssid = "near"; ssid = "near";
password = "RjkVTYUZE08HN"; #! world readable password = "RjkVTYUZE08HN"; #! world readable
country = "US";
listenPort = 8082;
openFirewall = true;
webgui = { webgui = {
username = "rae"; username = "rae";
password = "EBjrJutn06C"; #! world readable password = "EBjrJutn06C"; #! world readable
listenPort = 8080; listenPort = 8080;
openFirewall = true;
}; };
}; };
}; };