Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bluh

Browse Source
This commit is contained in:
Faris 2025-11-07 19:12:50 +00:00
parent c5ccdc60a3
commit 29ea49e1bb
2 changed files with 278 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
home/podman.nix
View File

@ -54,6 +54,32 @@
}; };
}; };
caddy = {
image = "docker.io/caddy";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/services/podman/caddy/conf:/etc/caddy"
"/pool/services/podman/caddy/site:/srv"
"/pool/services/podman/caddy/data:/data"
"/pool/services/podman/caddy/config:/config"
];
ports = [
"80:80"
"443:443"
"443:443/udp"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
bazarr = { bazarr = {
image = "lscr.io/linuxserver/bazarr:latest"; image = "lscr.io/linuxserver/bazarr:latest";
autoStart = true; autoStart = true;
@ -108,7 +134,7 @@
]; ];
ports = [ ports = [
"1883:1883" "1883:1883"
"9001:9001" "9001:8080"
]; ];
extraConfig = { extraConfig = {
Service = { Service = {
@ -245,6 +271,27 @@
}; };
}; };
homer = {
image = "docker.io/b4bz/homer";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/services/podman/homer:/www/assets"
];
ports = [
"1000:8080"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
immich-db = { immich-db = {
image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52"; image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52";
autoStart = true; autoStart = true;
@ -273,6 +320,7 @@
autoStart = true; autoStart = true;
autoUpdate = "registry"; autoUpdate = "registry";
network = "bridge"; network = "bridge";
devices = [ "nvidia.com/gpu=all" ];
environmentFile = [ environmentFile = [
"/pool/services/secrets/default" "/pool/services/secrets/default"
"/pool/services/secrets/immich" "/pool/services/secrets/immich"
@ -331,6 +379,7 @@
}; };
}; };
}; };
jellyfin = { jellyfin = {
image = "docker.io/jellyfin/jellyfin:latest"; image = "docker.io/jellyfin/jellyfin:latest";
autoStart = true; autoStart = true;
@ -465,6 +514,93 @@
}; };
}; };
mastodon = {
image = "ghcr.io/linuxserver/mastodon:amd64-latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/mastodon"
];
volumes = [
"/pool/services/podman/mastodon/config:/config"
];
ports = [
"808:80"
"8449:443"
"3009:3000"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
mastodon-db = {
image = "docker.io/postgres:16-alpine";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/mastodon-db"
];
volumes = [
"/pool/services/podman/mastodon/db:/var/lib/postgresql/data"
];
ports = [
"5435:5432"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
mastodon-redis = {
image = "registry.hub.docker.com/library/redis:6.2-alpine";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
];
ports = [
"6382:6379"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
matrix = {
image = "ghcr.io/element-hq/synapse";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/synapse"
];
volumes = [
"/pool/services/podman/synapse:/data"
];
ports = [
"8008:8008"
"8448:8448"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
metube = { metube = {
image = "ghcr.io/alexta69/metube:latest"; image = "ghcr.io/alexta69/metube:latest";
autoStart = true; autoStart = true;
@ -544,22 +680,45 @@
}; };
}; };
nginx-proxy-manager = { #nginx-proxy-manager = {
image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; # image = "docker.io/jc21/nginx-proxy-manager:2.9.22";
# autoStart = true;
# autoUpdate = "registry";
# network = "bridge";
# environmentFile = [
# "/pool/services/secrets/default"
# ];
# volumes = [
# "/pool/services/podman/nginx-proxy-manager:/data"
# "/pool/services/podman/letsencrypt:/etc/letsencrypt"
# ];
# ports = [
# "80:80"
# "443:443"
# "81:81"
# ];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
#};
ntfy = {
image = "docker.io/binwiederhier/ntfy";
autoStart = true; autoStart = true;
autoUpdate = "registry"; autoUpdate = "registry";
network = "bridge"; network = "bridge";
exec = "serve";
environmentFile = [ environmentFile = [
"/pool/services/secrets/default" "/pool/services/secrets/default"
"/pool/services/secrets/ntfy"
]; ];
volumes = [ volumes = [
"/pool/services/podman/nginx-proxy-manager:/data" "/pool/services/podman/ntfy:/var/lib/ntfy"
"/pool/services/podman/letsencrypt:/etc/letsencrypt"
]; ];
ports = [ ports = [
"80:80" "81:80"
"443:443"
"81:81"
]; ];
extraConfig = { extraConfig = {
Service = { Service = {
@ -674,6 +833,27 @@
}; };
}; };
privatebin = {
image = "docker.io/privatebin/nginx-fpm-alpine:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/media/privatebin:/srv/data"
];
ports = [
"8082:8080"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
prowlarr = { prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest"; image = "lscr.io/linuxserver/prowlarr:latest";
autoStart = true; autoStart = true;
@ -832,6 +1012,7 @@
}; };
}; };
tandoor = { tandoor = {
image = "docker.io/vabene1111/recipes"; image = "docker.io/vabene1111/recipes";
autoStart = true; autoStart = true;
@ -846,7 +1027,7 @@
"/pool/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles" "/pool/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles"
]; ];
ports = [ ports = [
"9092:8080" "9092:80"
]; ];
extraConfig = { extraConfig = {
Service = { Service = {
@ -898,6 +1079,93 @@
}; };
}; };
tubearchivist = {
image = "docker.io/bbilly1/tubearchivist";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/tubearchivist"
];
volumes = [
"/pool/media/video/youtube:/youtube"
"/pool/services/podman/tubearchivist/cache:/cache"
];
ports = [
"8005:8000"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
tubearchivist-redis = {
image = "docker.io/redis";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/services/podman/tubearchivist/redis:/data"
];
ports = [
"6381:6379"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
tubearchivist-es = {
image = "docker.io/bbilly1/tubearchivist-es";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/tubearchivist-es"
];
volumes = [
"/pool/services/podman/tubearchivist/es:/usr/share/elasticsearch/data"
];
ports = [
"9200:9200"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
uptime-kuma = {
image = "docker.io/louislam/uptime-kuma";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
];
volumes = [
"/pool/services/podman/uptime-kuma:/app/data"
];
ports = [
"3005:3001"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
vaultwarden = { vaultwarden = {
image = "docker.io/vaultwarden/server:latest"; image = "docker.io/vaultwarden/server:latest";
autoStart = true; autoStart = true;

2
hosts/server/settings.nix
View File

@ -47,7 +47,7 @@
}; };
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_unprivileged_port_start" = 80; "net.ipv4.ip_unprivileged_port_start" = 0;
"net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.conf.all.forwarding" = 1; "net.ipv4.conf.all.forwarding" = 1;
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;