Working docker VM

2025-05-14 12:37:19 +02:00 · 2025-05-14 12:37:19 +02:00 · d8ccf817fe
commit d8ccf817fe
parent 44ee220627
1 changed files with 164 additions and 183 deletions
--- a/services/docker/default.nix
+++ b/services/docker/default.nix
@ -14,18 +14,20 @@ in {
    };
  };
  config = lib.mkIf cfg.enable {
-    age.secrets.docker-lapi-key = {
+    age.secrets = {
+      docker-lapi-key = {
        file = ../../secrets/docker-lapi-key.age;
        owner = "crowdsec";
      };
-    age.secrets.docker-gluetun-env = {
+      docker-gluetun-env = {
        file = ./secrets/docker-gluetun-env.age;
        owner = "tbarnouin";
      };
-    age.secrets.docker-qbittorrent-env = {
+      docker-qbittorrent-env = {
        file = ./secrets/docker-qbittorrent-env.age;
        owner = "tbarnouin";
      };
+    };
    users.users.tbarnouin.extraGroups = ["docker"];
    fileSystems = {
      "/mnt/docker-data" = {
@ -41,6 +43,20 @@ in {
        ];
      };
    };
+    services.crowdsec = {
+      settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}";
+      localConfig = {
+        acquisitions = [
+          {
+            source = "journalctl";
+            journalctl_filter = ["_SYSTEMD_UNIT=docker.service"];
+            labels = {
+              type = "syslog";
+            };
+          }
+        ];
+      };
+    };
    virtualisation = {
      docker = {
        enable = true;
@ -51,10 +67,9 @@ in {
          data-root = "/mnt/docker-data";
        };
      };
-      oci-containers.backend = "docker";
-    };
-  
-    virtualisation.oci-containers.containers = {
+      oci-containers = {
+        backend = "docker";
+        containers = {
          "gluetun" = {
            autoStart = true;
            image = "ghcr.io/qdm12/gluetun:latest";
@ -126,10 +141,6 @@ in {
              "6767:6767/tcp"
            ];
            log-driver = "journald";
-        extraOptions = [
-          "--network-alias=bazarr"
-          "--network=arr-box_default"
-        ];
          };
          "jellyseerr" = {
            image = "fallenbagel/jellyseerr:latest";
@ -144,10 +155,6 @@ in {
              "5055:5055/tcp"
            ];
            log-driver = "journald";
-        extraOptions = [
-          "--network-alias=jellyseerr"
-          "--network=arr-box_default"
-        ];
          };
          "prowlarr" = {
            image = "lscr.io/linuxserver/prowlarr:latest";
@ -164,10 +171,6 @@ in {
              "9696:9696/tcp"
            ];
            log-driver = "journald";
-        extraOptions = [
-          "--network-alias=prowlarr"
-          "--network=arr-box_default"
-        ];
          };
          "radarr" = {
            image = "lscr.io/linuxserver/radarr:latest";
@ -184,10 +187,6 @@ in {
              "7878:7878/tcp"
            ];
            log-driver = "journald";
-        extraOptions = [
-          "--network-alias=radarr"
-          "--network=arr-box_default"
-        ];
          };
          "sonarr" = {
            image = "lscr.io/linuxserver/sonarr:latest";
@ -204,26 +203,8 @@ in {
              "8989:8989/tcp"
            ];
            log-driver = "journald";
-        extraOptions = [
-          "--network-alias=sonarr"
-          "--network=arr-box_default"
-        ];
          };
        };
-    services = {
-      crowdsec = {
-        settings.lapi.credentialsFile = "${config.age.secrets.docker-lapi-key.path}";
-        localConfig = {
-          acquisitions = [
-            {
-              source = "journalctl";
-              journalctl_filter = ["_SYSTEMD_UNIT=docker.service"];
-              labels = {
-                type = "syslog";
-              };
-            }
-          ];
-        };
      };
    };
  };