From d8ccf817fe28a66c9c7508a91d48d74555b581bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 14 May 2025 12:37:19 +0200 Subject: [PATCH] Working docker VM --- services/docker/default.nix | 347 +++++++++++++++++------------------- 1 file changed, 164 insertions(+), 183 deletions(-) diff --git a/services/docker/default.nix b/services/docker/default.nix index ab27375..dfd1064 100644 --- a/services/docker/default.nix +++ b/services/docker/default.nix @@ -14,17 +14,19 @@ in { }; }; config = lib.mkIf cfg.enable { - age.secrets.docker-lapi-key = { - file = ../../secrets/docker-lapi-key.age; - owner = "crowdsec"; - }; - age.secrets.docker-gluetun-env = { - file = ./secrets/docker-gluetun-env.age; - owner = "tbarnouin"; - }; - age.secrets.docker-qbittorrent-env = { - file = ./secrets/docker-qbittorrent-env.age; - owner = "tbarnouin"; + age.secrets = { + docker-lapi-key = { + file = ../../secrets/docker-lapi-key.age; + owner = "crowdsec"; + }; + docker-gluetun-env = { + file = ./secrets/docker-gluetun-env.age; + owner = "tbarnouin"; + }; + docker-qbittorrent-env = { + file = ./secrets/docker-qbittorrent-env.age; + owner = "tbarnouin"; + }; }; users.users.tbarnouin.extraGroups = ["docker"]; fileSystems = { @@ -41,6 +43,20 @@ in { ]; }; }; + services.crowdsec = { + settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}"; + localConfig = { + acquisitions = [ + { + source = "journalctl"; + journalctl_filter = ["_SYSTEMD_UNIT=docker.service"]; + labels = { + type = "syslog"; + }; + } + ]; + }; + }; virtualisation = { docker = { enable = true; @@ -51,178 +67,143 @@ in { data-root = "/mnt/docker-data"; }; }; - oci-containers.backend = "docker"; - }; - - virtualisation.oci-containers.containers = { - "gluetun" = { - autoStart = true; - image = "ghcr.io/qdm12/gluetun:latest"; - environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"]; - environment = { - "QBT_WEBUI_ENABLED" = "true"; - "TZ" = "Europe/Paris"; - "VPN_PORT_FORWARDING" = "on"; - "VPN_SERVICE_PROVIDER" = "protonvpn"; - "VPN_TYPE" = "wireguard"; - }; - volumes = [ - "gluetun_gluetun-config:/gluetun:rw" - ]; - ports = [ - "8080:8080/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--cap-add=NET_ADMIN" - "--device=/dev/net/tun:/dev/net/tun:rwm" - "--health-cmd=[\"wget\", \"--spider\", \"-q\", \"http://google.com\"]" - "--health-interval=30s" - "--health-retries=3" - "--health-timeout=10s" - "--network-alias=gluetun" - "--network=gluetun_default" - "--sysctl=net.ipv6.conf.all.disable_ipv6=1" - ]; - }; - "qbittorrent" = { - autoStart = true; - image = "lscr.io/linuxserver/qbittorrent:latest"; - environmentFiles = ["${config.age.secrets.docker-qbittorrent-env.path}"]; - environment = { - "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; - "GSP_MINIMAL_LOGS" = "false"; - "PGID" = "1000"; - "PUID" = "1000"; - "QBITTORRENT_INTERFACE" = "tun0"; - "TZ" = "Europe/Paris"; - "WEBUI_PORT" = "8080"; - }; - volumes = [ - "/mnt/media/:/downloads:rw" - "/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw" - "gluetun_qbittorrent-config:/config:rw" - ]; - dependsOn = [ - "gluetun" - ]; - log-driver = "journald"; - extraOptions = [ - "--network=container:gluetun" - ]; - }; - "bazarr" = { - image = "linuxserver/bazarr"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/bazarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "6767:6767/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=bazarr" - "--network=arr-box_default" - ]; - }; - "jellyseerr" = { - image = "fallenbagel/jellyseerr:latest"; - environment = { - "LOG_LEVEL" = "debug"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/jellyseerr:/app/config:rw" - ]; - ports = [ - "5055:5055/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=jellyseerr" - "--network=arr-box_default" - ]; - }; - "prowlarr" = { - image = "lscr.io/linuxserver/prowlarr:latest"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/prowlarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "9696:9696/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=prowlarr" - "--network=arr-box_default" - ]; - }; - "radarr" = { - image = "lscr.io/linuxserver/radarr:latest"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/radarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "7878:7878/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=radarr" - "--network=arr-box_default" - ]; - }; - "sonarr" = { - image = "lscr.io/linuxserver/sonarr:latest"; - environment = { - "PGID" = "1000"; - "PUID" = "1000"; - "TZ" = "\"Europe/Paris\""; - }; - volumes = [ - "/home/tbarnouin/sonarr:/config:rw" - "/mnt/media:/downloads:rw" - ]; - ports = [ - "8989:8989/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=sonarr" - "--network=arr-box_default" - ]; - }; - }; - services = { - crowdsec = { - settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}"; - localConfig = { - acquisitions = [ - { - source = "journalctl"; - journalctl_filter = ["_SYSTEMD_UNIT=docker.service"]; - labels = { - type = "syslog"; - }; - } - ]; + oci-containers = { + backend = "docker"; + containers = { + "gluetun" = { + autoStart = true; + image = "ghcr.io/qdm12/gluetun:latest"; + environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"]; + environment = { + "QBT_WEBUI_ENABLED" = "true"; + "TZ" = "Europe/Paris"; + "VPN_PORT_FORWARDING" = "on"; + "VPN_SERVICE_PROVIDER" = "protonvpn"; + "VPN_TYPE" = "wireguard"; + }; + volumes = [ + "gluetun_gluetun-config:/gluetun:rw" + ]; + ports = [ + "8080:8080/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--device=/dev/net/tun:/dev/net/tun:rwm" + "--health-cmd=[\"wget\", \"--spider\", \"-q\", \"http://google.com\"]" + "--health-interval=30s" + "--health-retries=3" + "--health-timeout=10s" + "--network-alias=gluetun" + "--network=gluetun_default" + "--sysctl=net.ipv6.conf.all.disable_ipv6=1" + ]; + }; + "qbittorrent" = { + autoStart = true; + image = "lscr.io/linuxserver/qbittorrent:latest"; + environmentFiles = ["${config.age.secrets.docker-qbittorrent-env.path}"]; + environment = { + "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; + "GSP_MINIMAL_LOGS" = "false"; + "PGID" = "1000"; + "PUID" = "1000"; + "QBITTORRENT_INTERFACE" = "tun0"; + "TZ" = "Europe/Paris"; + "WEBUI_PORT" = "8080"; + }; + volumes = [ + "/mnt/media/:/downloads:rw" + "/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw" + "gluetun_qbittorrent-config:/config:rw" + ]; + dependsOn = [ + "gluetun" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:gluetun" + ]; + }; + "bazarr" = { + image = "linuxserver/bazarr"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/bazarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "6767:6767/tcp" + ]; + log-driver = "journald"; + }; + "jellyseerr" = { + image = "fallenbagel/jellyseerr:latest"; + environment = { + "LOG_LEVEL" = "debug"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/jellyseerr:/app/config:rw" + ]; + ports = [ + "5055:5055/tcp" + ]; + log-driver = "journald"; + }; + "prowlarr" = { + image = "lscr.io/linuxserver/prowlarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/prowlarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "9696:9696/tcp" + ]; + log-driver = "journald"; + }; + "radarr" = { + image = "lscr.io/linuxserver/radarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/radarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "7878:7878/tcp" + ]; + log-driver = "journald"; + }; + "sonarr" = { + image = "lscr.io/linuxserver/sonarr:latest"; + environment = { + "PGID" = "1000"; + "PUID" = "1000"; + "TZ" = "\"Europe/Paris\""; + }; + volumes = [ + "/home/tbarnouin/sonarr:/config:rw" + "/mnt/media:/downloads:rw" + ]; + ports = [ + "8989:8989/tcp" + ]; + log-driver = "journald"; + }; }; }; };