tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Working docker VM

Browse source
This commit is contained in:
Théo Barnouin 2025-05-14 12:37:19 +02:00
parent 44ee220627
commit d8ccf817fe
1 changed files with 164 additions and 183 deletions
Download patch file Download diff file Expand all files Collapse all files

347
services/docker/default.nix
View file

@ -14,17 +14,19 @@ in {
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets.docker-lapi-key = { age.secrets = {
file = ../../secrets/docker-lapi-key.age; docker-lapi-key = {
owner = "crowdsec"; file = ../../secrets/docker-lapi-key.age;
}; owner = "crowdsec";
age.secrets.docker-gluetun-env = { };
file = ./secrets/docker-gluetun-env.age; docker-gluetun-env = {
owner = "tbarnouin"; file = ./secrets/docker-gluetun-env.age;
}; owner = "tbarnouin";
age.secrets.docker-qbittorrent-env = { };
file = ./secrets/docker-qbittorrent-env.age; docker-qbittorrent-env = {
owner = "tbarnouin"; file = ./secrets/docker-qbittorrent-env.age;
owner = "tbarnouin";
};
}; };
users.users.tbarnouin.extraGroups = ["docker"]; users.users.tbarnouin.extraGroups = ["docker"];
fileSystems = { fileSystems = {
@ -41,6 +43,20 @@ in {
]; ];
}; };
}; };
services.crowdsec = {
settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}";
localConfig = {
acquisitions = [
{
source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=docker.service"];
labels = {
type = "syslog";
};
}
];
};
};
virtualisation = { virtualisation = {
docker = { docker = {
enable = true; enable = true;
@ -51,178 +67,143 @@ in {
data-root = "/mnt/docker-data"; data-root = "/mnt/docker-data";
}; };
}; };
oci-containers.backend = "docker"; oci-containers = {
}; backend = "docker";
containers = {
virtualisation.oci-containers.containers = { "gluetun" = {
"gluetun" = { autoStart = true;
autoStart = true; image = "ghcr.io/qdm12/gluetun:latest";
image = "ghcr.io/qdm12/gluetun:latest"; environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"];
environmentFiles = ["${config.age.secrets.docker-gluetun-env.path}"]; environment = {
environment = { "QBT_WEBUI_ENABLED" = "true";
"QBT_WEBUI_ENABLED" = "true"; "TZ" = "Europe/Paris";
"TZ" = "Europe/Paris"; "VPN_PORT_FORWARDING" = "on";
"VPN_PORT_FORWARDING" = "on"; "VPN_SERVICE_PROVIDER" = "protonvpn";
"VPN_SERVICE_PROVIDER" = "protonvpn"; "VPN_TYPE" = "wireguard";
"VPN_TYPE" = "wireguard"; };
}; volumes = [
volumes = [ "gluetun_gluetun-config:/gluetun:rw"
"gluetun_gluetun-config:/gluetun:rw" ];
]; ports = [
ports = [ "8080:8080/tcp"
"8080:8080/tcp" ];
]; log-driver = "journald";
log-driver = "journald"; extraOptions = [
extraOptions = [ "--cap-add=NET_ADMIN"
"--cap-add=NET_ADMIN" "--device=/dev/net/tun:/dev/net/tun:rwm"
"--device=/dev/net/tun:/dev/net/tun:rwm" "--health-cmd=[\"wget\", \"--spider\", \"-q\", \"http://google.com\"]"
"--health-cmd=[\"wget\", \"--spider\", \"-q\", \"http://google.com\"]" "--health-interval=30s"
"--health-interval=30s" "--health-retries=3"
"--health-retries=3" "--health-timeout=10s"
"--health-timeout=10s" "--network-alias=gluetun"
"--network-alias=gluetun" "--network=gluetun_default"
"--network=gluetun_default" "--sysctl=net.ipv6.conf.all.disable_ipv6=1"
"--sysctl=net.ipv6.conf.all.disable_ipv6=1" ];
]; };
}; "qbittorrent" = {
"qbittorrent" = { autoStart = true;
autoStart = true; image = "lscr.io/linuxserver/qbittorrent:latest";
image = "lscr.io/linuxserver/qbittorrent:latest"; environmentFiles = ["${config.age.secrets.docker-qbittorrent-env.path}"];
environmentFiles = ["${config.age.secrets.docker-qbittorrent-env.path}"]; environment = {
environment = { "DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main";
"DOCKER_MODS" = "ghcr.io/t-anc/gsp-qbittorent-gluetun-sync-port-mod:main"; "GSP_MINIMAL_LOGS" = "false";
"GSP_MINIMAL_LOGS" = "false"; "PGID" = "1000";
"PGID" = "1000"; "PUID" = "1000";
"PUID" = "1000"; "QBITTORRENT_INTERFACE" = "tun0";
"QBITTORRENT_INTERFACE" = "tun0"; "TZ" = "Europe/Paris";
"TZ" = "Europe/Paris"; "WEBUI_PORT" = "8080";
"WEBUI_PORT" = "8080"; };
}; volumes = [
volumes = [ "/mnt/media/:/downloads:rw"
"/mnt/media/:/downloads:rw" "/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw"
"/home/tbarnouin/gluetun/qbittorrent/webui:/webui:rw" "gluetun_qbittorrent-config:/config:rw"
"gluetun_qbittorrent-config:/config:rw" ];
]; dependsOn = [
dependsOn = [ "gluetun"
"gluetun" ];
]; log-driver = "journald";
log-driver = "journald"; extraOptions = [
extraOptions = [ "--network=container:gluetun"
"--network=container:gluetun" ];
]; };
}; "bazarr" = {
"bazarr" = { image = "linuxserver/bazarr";
image = "linuxserver/bazarr"; environment = {
environment = { "PGID" = "1000";
"PGID" = "1000"; "PUID" = "1000";
"PUID" = "1000"; "TZ" = "\"Europe/Paris\"";
"TZ" = "\"Europe/Paris\""; };
}; volumes = [
volumes = [ "/home/tbarnouin/bazarr:/config:rw"
"/home/tbarnouin/bazarr:/config:rw" "/mnt/media:/downloads:rw"
"/mnt/media:/downloads:rw" ];
]; ports = [
ports = [ "6767:6767/tcp"
"6767:6767/tcp" ];
]; log-driver = "journald";
log-driver = "journald"; };
extraOptions = [ "jellyseerr" = {
"--network-alias=bazarr" image = "fallenbagel/jellyseerr:latest";
"--network=arr-box_default" environment = {
]; "LOG_LEVEL" = "debug";
}; "TZ" = "\"Europe/Paris\"";
"jellyseerr" = { };
image = "fallenbagel/jellyseerr:latest"; volumes = [
environment = { "/home/tbarnouin/jellyseerr:/app/config:rw"
"LOG_LEVEL" = "debug"; ];
"TZ" = "\"Europe/Paris\""; ports = [
}; "5055:5055/tcp"
volumes = [ ];
"/home/tbarnouin/jellyseerr:/app/config:rw" log-driver = "journald";
]; };
ports = [ "prowlarr" = {
"5055:5055/tcp" image = "lscr.io/linuxserver/prowlarr:latest";
]; environment = {
log-driver = "journald"; "PGID" = "1000";
extraOptions = [ "PUID" = "1000";
"--network-alias=jellyseerr" "TZ" = "\"Europe/Paris\"";
"--network=arr-box_default" };
]; volumes = [
}; "/home/tbarnouin/prowlarr:/config:rw"
"prowlarr" = { "/mnt/media:/downloads:rw"
image = "lscr.io/linuxserver/prowlarr:latest"; ];
environment = { ports = [
"PGID" = "1000"; "9696:9696/tcp"
"PUID" = "1000"; ];
"TZ" = "\"Europe/Paris\""; log-driver = "journald";
}; };
volumes = [ "radarr" = {
"/home/tbarnouin/prowlarr:/config:rw" image = "lscr.io/linuxserver/radarr:latest";
"/mnt/media:/downloads:rw" environment = {
]; "PGID" = "1000";
ports = [ "PUID" = "1000";
"9696:9696/tcp" "TZ" = "\"Europe/Paris\"";
]; };
log-driver = "journald"; volumes = [
extraOptions = [ "/home/tbarnouin/radarr:/config:rw"
"--network-alias=prowlarr" "/mnt/media:/downloads:rw"
"--network=arr-box_default" ];
]; ports = [
}; "7878:7878/tcp"
"radarr" = { ];
image = "lscr.io/linuxserver/radarr:latest"; log-driver = "journald";
environment = { };
"PGID" = "1000"; "sonarr" = {
"PUID" = "1000"; image = "lscr.io/linuxserver/sonarr:latest";
"TZ" = "\"Europe/Paris\""; environment = {
}; "PGID" = "1000";
volumes = [ "PUID" = "1000";
"/home/tbarnouin/radarr:/config:rw" "TZ" = "\"Europe/Paris\"";
"/mnt/media:/downloads:rw" };
]; volumes = [
ports = [ "/home/tbarnouin/sonarr:/config:rw"
"7878:7878/tcp" "/mnt/media:/downloads:rw"
]; ];
log-driver = "journald"; ports = [
extraOptions = [ "8989:8989/tcp"
"--network-alias=radarr" ];
"--network=arr-box_default" log-driver = "journald";
]; };
};
"sonarr" = {
image = "lscr.io/linuxserver/sonarr:latest";
environment = {
"PGID" = "1000";
"PUID" = "1000";
"TZ" = "\"Europe/Paris\"";
};
volumes = [
"/home/tbarnouin/sonarr:/config:rw"
"/mnt/media:/downloads:rw"
];
ports = [
"8989:8989/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=sonarr"
"--network=arr-box_default"
];
};
};
services = {
crowdsec = {
settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}";
localConfig = {
acquisitions = [
{
source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=docker.service"];
labels = {
type = "syslog";
};
}
];
}; };
}; };
}; };