From 29ea49e1bbf4edef48b7992538ff40136e4887e6 Mon Sep 17 00:00:00 2001 From: Faris Date: Fri, 7 Nov 2025 19:12:50 +0000 Subject: [PATCH] bluh --- home/podman.nix | 286 ++++++++++++++++++++++++++++++++++++-- hosts/server/settings.nix | 2 +- 2 files changed, 278 insertions(+), 10 deletions(-) diff --git a/home/podman.nix b/home/podman.nix index 23410f3..33127d2 100644 --- a/home/podman.nix +++ b/home/podman.nix @@ -54,6 +54,32 @@ }; }; + caddy = { + image = "docker.io/caddy"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/caddy/conf:/etc/caddy" + "/pool/services/podman/caddy/site:/srv" + "/pool/services/podman/caddy/data:/data" + "/pool/services/podman/caddy/config:/config" + ]; + ports = [ + "80:80" + "443:443" + "443:443/udp" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + bazarr = { image = "lscr.io/linuxserver/bazarr:latest"; autoStart = true; @@ -108,7 +134,7 @@ ]; ports = [ "1883:1883" - "9001:9001" + "9001:8080" ]; extraConfig = { Service = { @@ -245,6 +271,27 @@ }; }; + homer = { + image = "docker.io/b4bz/homer"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/homer:/www/assets" + ]; + ports = [ + "1000:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + immich-db = { image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52"; autoStart = true; @@ -273,6 +320,7 @@ autoStart = true; autoUpdate = "registry"; network = "bridge"; + devices = [ "nvidia.com/gpu=all" ]; environmentFile = [ "/pool/services/secrets/default" "/pool/services/secrets/immich" @@ -331,6 +379,7 @@ }; }; }; + jellyfin = { image = "docker.io/jellyfin/jellyfin:latest"; autoStart = true; @@ -465,6 +514,93 @@ }; }; + mastodon = { + image = "ghcr.io/linuxserver/mastodon:amd64-latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/mastodon" + ]; + volumes = [ + "/pool/services/podman/mastodon/config:/config" + ]; + ports = [ + "808:80" + "8449:443" + "3009:3000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + mastodon-db = { + image = "docker.io/postgres:16-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/mastodon-db" + ]; + volumes = [ + "/pool/services/podman/mastodon/db:/var/lib/postgresql/data" + ]; + ports = [ + "5435:5432" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + mastodon-redis = { + image = "registry.hub.docker.com/library/redis:6.2-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + ports = [ + "6382:6379" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + matrix = { + image = "ghcr.io/element-hq/synapse"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/synapse" + ]; + volumes = [ + "/pool/services/podman/synapse:/data" + ]; + ports = [ + "8008:8008" + "8448:8448" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + metube = { image = "ghcr.io/alexta69/metube:latest"; autoStart = true; @@ -544,22 +680,45 @@ }; }; - nginx-proxy-manager = { - image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; + #nginx-proxy-manager = { + # image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; + # autoStart = true; + # autoUpdate = "registry"; + # network = "bridge"; + # environmentFile = [ + # "/pool/services/secrets/default" + # ]; + # volumes = [ + # "/pool/services/podman/nginx-proxy-manager:/data" + # "/pool/services/podman/letsencrypt:/etc/letsencrypt" + # ]; + # ports = [ + # "80:80" + # "443:443" + # "81:81" + # ]; + # extraConfig = { + # Service = { + # TimeoutStartSec = 900; + # }; + # }; + #}; + + ntfy = { + image = "docker.io/binwiederhier/ntfy"; autoStart = true; autoUpdate = "registry"; network = "bridge"; + exec = "serve"; environmentFile = [ "/pool/services/secrets/default" + "/pool/services/secrets/ntfy" ]; volumes = [ - "/pool/services/podman/nginx-proxy-manager:/data" - "/pool/services/podman/letsencrypt:/etc/letsencrypt" + "/pool/services/podman/ntfy:/var/lib/ntfy" ]; ports = [ - "80:80" - "443:443" - "81:81" + "81:80" ]; extraConfig = { Service = { @@ -674,6 +833,27 @@ }; }; + privatebin = { + image = "docker.io/privatebin/nginx-fpm-alpine:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/media/privatebin:/srv/data" + ]; + ports = [ + "8082:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + prowlarr = { image = "lscr.io/linuxserver/prowlarr:latest"; autoStart = true; @@ -832,6 +1012,7 @@ }; }; + tandoor = { image = "docker.io/vabene1111/recipes"; autoStart = true; @@ -846,7 +1027,7 @@ "/pool/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles" ]; ports = [ - "9092:8080" + "9092:80" ]; extraConfig = { Service = { @@ -898,6 +1079,93 @@ }; }; + tubearchivist = { + image = "docker.io/bbilly1/tubearchivist"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/tubearchivist" + ]; + volumes = [ + "/pool/media/video/youtube:/youtube" + "/pool/services/podman/tubearchivist/cache:/cache" + ]; + ports = [ + "8005:8000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tubearchivist-redis = { + image = "docker.io/redis"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/tubearchivist/redis:/data" + ]; + ports = [ + "6381:6379" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tubearchivist-es = { + image = "docker.io/bbilly1/tubearchivist-es"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/tubearchivist-es" + ]; + volumes = [ + "/pool/services/podman/tubearchivist/es:/usr/share/elasticsearch/data" + ]; + ports = [ + "9200:9200" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + uptime-kuma = { + image = "docker.io/louislam/uptime-kuma"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + ]; + volumes = [ + "/pool/services/podman/uptime-kuma:/app/data" + ]; + ports = [ + "3005:3001" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + vaultwarden = { image = "docker.io/vaultwarden/server:latest"; autoStart = true; diff --git a/hosts/server/settings.nix b/hosts/server/settings.nix index 0461e9c..2affe2e 100644 --- a/hosts/server/settings.nix +++ b/hosts/server/settings.nix @@ -47,7 +47,7 @@ }; boot.kernel.sysctl = { - "net.ipv4.ip_unprivileged_port_start" = 80; + "net.ipv4.ip_unprivileged_port_start" = 0; "net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.conf.all.forwarding" = 1; "net.ipv4.ip_forward" = 1;