From fe52c9c97cb96976cf257fe5d515a381f3d22260 Mon Sep 17 00:00:00 2001 From: roxwize Date: Fri, 7 Mar 2025 22:21:40 -0500 Subject: [PATCH] ~ --- nixos/docker/default.nix | 1 + nixos/docker/pihole/default.nix | 14 +++++- nixos/docker/raspap/default.nix | 57 ++++++++++++++++++++++++ nixos/docker/raspap/docker-compose.nix | 60 ++++++++++++++++++++++++++ nixos/docker/raspap/docker-compose.yml | 24 +++++++++++ nixos/hosts/near/configuration.nix | 16 ++++++- 6 files changed, 170 insertions(+), 2 deletions(-) create mode 100644 nixos/docker/raspap/default.nix create mode 100644 nixos/docker/raspap/docker-compose.nix create mode 100644 nixos/docker/raspap/docker-compose.yml diff --git a/nixos/docker/default.nix b/nixos/docker/default.nix index 9ef246a..69b8ce6 100644 --- a/nixos/docker/default.nix +++ b/nixos/docker/default.nix @@ -1,5 +1,6 @@ { ... }: { imports = [ ./pihole + ./raspap ]; } diff --git a/nixos/docker/pihole/default.nix b/nixos/docker/pihole/default.nix index f587c6d..0dbafb9 100644 --- a/nixos/docker/pihole/default.nix +++ b/nixos/docker/pihole/default.nix @@ -7,6 +7,14 @@ in with lib; { type = types.bool; default = false; }; + listenPortHTTP = mkOption { + type = types.int; + default = 80; + }; + listenPortHTTPS = mkOption { + type = types.int; + default = 443; + }; api-password = mkOption { type = types.str; default = ""; @@ -21,10 +29,14 @@ in with lib; { TZ = config.time.timeZone; FTLCONF_webserver_api_password = mkIf (cfg.api-password != "") cfg.api-password; }; + ports = [ + (builtins.toString cfg.listenPortHTTP + ":80") + (builtins.toString cfg.listenPortHTTPS + ":443") + ]; }; networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ 53 80 443 ]; + allowedTCPPorts = [ 53 cfg.listenPortHTTP cfg.listenPortHTTPS ]; }; } ]); diff --git a/nixos/docker/raspap/default.nix b/nixos/docker/raspap/default.nix new file mode 100644 index 0000000..586bfb8 --- /dev/null +++ b/nixos/docker/raspap/default.nix @@ -0,0 +1,57 @@ +{ pkgs, lib, config, ... }: let + cfg = config.r5e.containers.raspap; +in with lib; { + options.r5e.containers.pihole = { + enable = mkEnableOption "raspap"; + ssid = mkOption { + type = types.str; + default = "raspap-webgui"; + }; + password = mkOption { + type = types.str; + default = "ChangeMe"; + }; + country = mkOption { + type = types.str; + default = "US"; + }; + webgui = { + username = mkOption { + type = types.str; + default = "admin"; + }; + password = mkOption { + type = types.str; + default = "secret"; + }; + listenPort = mkOption { + type = types.int; + default = 80; + }; + openFirewall = mkOption { + type = types.bool; + default = false; + }; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + (import ./docker-compose.nix { inherit pkgs lib; }) + { + virtualisation.oci-containers.containers.pihole = { + environment = { + RASPAP_SSID = cfg.ssid; + RASPAP_SSID_PASS = cfg.password; + RASPAP_COUNTRY = cfg.country; + RASPAP_WEBGUI_USER = cfg.webgui.username; + RASPAP_WEBGUI_PASS = cfg.webgui.password; + RASPAP_WEBGUI_PORT = cfg.webgui.listenPort; + }; + }; + + networking.firewall = mkIf cfg.webgui.openFirewall { + allowedTCPPorts = [ cfg.webgui.listenPort ]; + }; + } + ]); +} diff --git a/nixos/docker/raspap/docker-compose.nix b/nixos/docker/raspap/docker-compose.nix new file mode 100644 index 0000000..b704525 --- /dev/null +++ b/nixos/docker/raspap/docker-compose.nix @@ -0,0 +1,60 @@ +# Auto-generated using compose2nix v0.3.1. +{ pkgs, lib, ... }: + +{ + # Runtime + virtualisation.docker = { + enable = true; + autoPrune.enable = true; + }; + virtualisation.oci-containers.backend = "docker"; + + # Containers + virtualisation.oci-containers.containers."raspap" = { + image = "ghcr.io/raspap/raspap-docker:latest"; + environment = { + "RASPAP_COUNTRY" = "GB"; + "RASPAP_SSID" = "raspap-webgui"; + "RASPAP_SSID_PASS" = "ChangeMe"; + "RASPAP_WEBGUI_PASS" = "secret"; + "RASPAP_WEBGUI_PORT" = "80"; + "RASPAP_WEBGUI_USER" = "admin"; + }; + volumes = [ + "/sys/fs/cgroup:/sys/fs/cgroup:rw" + ]; + ports = [ + "8081:8081/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=SYS_ADMIN" + "--network=host" + "--privileged" + ]; + }; + systemd.services."docker-raspap" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + partOf = [ + "docker-compose-raspap-root.target" + ]; + wantedBy = [ + "docker-compose-raspap-root.target" + ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."docker-compose-raspap-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/nixos/docker/raspap/docker-compose.yml b/nixos/docker/raspap/docker-compose.yml new file mode 100644 index 0000000..b91b035 --- /dev/null +++ b/nixos/docker/raspap/docker-compose.yml @@ -0,0 +1,24 @@ +name: raspap +version: "3.8" +services: + raspap: + container_name: raspap + image: ghcr.io/raspap/raspap-docker:latest + #build: . + ports: + - "8081:8081" + privileged: true + network_mode: host + cgroup: host # uncomment when using an ARM device + environment: + - RASPAP_SSID=raspap-webgui + - RASPAP_SSID_PASS=ChangeMe + - RASPAP_COUNTRY=GB + - RASPAP_WEBGUI_USER=admin + - RASPAP_WEBGUI_PASS=secret + - RASPAP_WEBGUI_PORT=80 + cap_add: + - SYS_ADMIN + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + restart: unless-stopped diff --git a/nixos/hosts/near/configuration.nix b/nixos/hosts/near/configuration.nix index 2e16a83..defb7a1 100644 --- a/nixos/hosts/near/configuration.nix +++ b/nixos/hosts/near/configuration.nix @@ -16,6 +16,20 @@ r5e.containers = { pihole = { enable = true; + openFirewall = true; + listenPortHTTP = 8081; + listenPortHTTPS = 8443; + }; + raspap = { + enable = true; + ssid = "near"; + password = "RjkVTYUZE08HN"; #! world readable + webgui = { + username = "rae"; + password = "EBjrJutn06C"; #! world readable + listenPort = 8080; + openFirewall = true; + }; }; }; @@ -24,7 +38,7 @@ firewall.allowedTCPPorts = [ 22 ]; }; - environment.systemPackages = with pkgs; [ git linux-wifi-hotspot ]; + environment.systemPackages = with pkgs; [ git ]; time.timeZone = "America/New_York";