Compare commits

...

5 commits

14 changed files with 368 additions and 2 deletions

View file

@ -45,6 +45,7 @@
valhalla = { valhalla = {
DerGeret = import ./profiles/machines/manuel/DerGeret/Arch/config.nix; DerGeret = import ./profiles/machines/manuel/DerGeret/Arch/config.nix;
ManuSurface = import ./profiles/machines/manuel/ManuSurface/Arch/config.nix; ManuSurface = import ./profiles/machines/manuel/ManuSurface/Arch/config.nix;
server = import ./profiles/machines/manuel/server.nix;
}; };
}; };
} }

View file

@ -30,7 +30,6 @@ let
["aliae" "aliae"] ["aliae" "aliae"]
["brave" "Brave Browser"] ["brave" "Brave Browser"]
["discord" "Discord"] ["discord" "Discord"]
["docker" "docker"]
["firefox" "Firefox Web Browser"] ["firefox" "Firefox Web Browser"]
["openssh" "OpenSSH"] ["openssh" "OpenSSH"]
["osu!lazer" "osu!lazer"] ["osu!lazer" "osu!lazer"]
@ -51,6 +50,7 @@ let
["logo-ls" "logo-ls"] ["logo-ls" "logo-ls"]
["lutris" "Lutris"] ["lutris" "Lutris"]
["minegrub-theme" "Minegrub Theme"] ["minegrub-theme" "Minegrub Theme"]
["nginx" "nginx"]
["nodejs-n" "n"] ["nodejs-n" "n"]
["nuke-usb" "nuke-usb"] ["nuke-usb" "nuke-usb"]
["nvidia-dkms" "Nvidia Drivers"] ["nvidia-dkms" "Nvidia Drivers"]
@ -83,6 +83,7 @@ let
]; ];
in { in {
imports = [ imports = [
./programs/docker.nix
./programs/git.nix ./programs/git.nix
./programs/nextcloud.nix ./programs/nextcloud.nix
./programs/oh-my-posh.nix ./programs/oh-my-posh.nix

View file

@ -0,0 +1,41 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption mkOption types;
commonOptions = {
enable = mkEnableOption "docker";
};
in {
options = {
valhalla = {
programs.docker = commonOptions;
users = mkOption {
type = types.attrsOf (types.submodule (
{ ... }: {
options = {
programs.docker = commonOptions;
};
}));
};
linux = {
programs = {
docker = {
services = {
anki-sync.enable = mkEnableOption "Anki Sync server";
drone.enable = mkEnableOption "drone server";
forgejo.enable = mkEnableOption "Forgejo server";
minecraft.enable = mkEnableOption "Minecraft server";
nextcloud.enable = mkEnableOption "Nextcloud server";
teamspeak.enable = mkEnableOption "TeamSpeak server";
trackmania.enable = mkEnableOption "TrackMania server";
vaultwarden.enable = mkEnableOption "Vaultwarden server";
woodpecker.enable = mkEnableOption "Woodpecker CI server";
};
};
};
};
};
};
}

View file

@ -0,0 +1,72 @@
{ lib, config, ... }:
let fs = import ../../../lib/modules/partition/fs.nix;
in {
imports = [ ./defaults.nix ];
config = {
valhalla = {
partition = {
os = {
partitions = {
Boot = {
index = 1;
type = "uefi";
size = "+1G";
format = fs.fat32;
mountPoint = config.valhalla.boot.efiMountPoint;
};
Swap = {
index = 2;
type = "swap";
};
OS = {
index = 3;
label = lib.mkDefault config.valhalla.boot.label;
type = "linux";
format = fs.ext4;
mountPoint = "/";
};
};
};
};
hostname = "nuth.ch";
timeZone = "Europe/Zurich";
keyMap = "de_CH-latin1";
keyboardLayout = "ch";
i18n = {
localeSettings = let defaultLocale = "en_US.UTF-8";
in {
LANG = "de_CH.UTF-8";
LANGUAGE = defaultLocale;
LC_MESSAGE = defaultLocale;
};
};
software = {
essential = true;
server = true;
};
programs.docker.enable = true;
linux.programs = {
docker = {
services = {
drone.enable = true;
forgejo.enable = true;
minecraft.enable = true;
nextcloud.enable = true;
teamspeak.enable = true;
trackmania.enable = true;
vaultwarden.enable = true;
woodpecker.enable = true;
};
};
};
};
};
}

View file

@ -10,6 +10,8 @@ begin
docker-compose \ docker-compose \
docker-buildx \ docker-buildx \
docker-scan docker-scan
installSWBase $argv
end end
runInstaller $argv runInstaller $argv

View file

@ -12,5 +12,20 @@ begin
sudo usermod -aG docker "$_flag_user" sudo usermod -aG docker "$_flag_user"
end end
function installSWDependencies -V dir -V args
source "$dir/../../../lib/settings.fish"
set -la argv $args
echo "args: $argv"
argparse -i "name=" "user=" -- $argv
set -l services (getProgramConfig --name "$_flag_name" --user "$_flag_user" --json | jq '.services')
for service in (echo "$services" | jq '. | keys[]' --raw-output0 | string split0)
if echo "$services" | SERVICE=$service jq --exit-status ".[env.SERVICE].enable" >/dev/null
fish "$dir/services/$service/main.fish" $argv
end
end
end
runInstaller $argv runInstaller $argv
end end

View file

@ -173,6 +173,6 @@ begin
end end
function getBackupArgs function getBackupArgs
printf "%s\n" --hidden --no-ignore . --exclude "docker-compose"{,.base}".yml" (getServiceRoot $argv) printf "%s\n" --hidden --no-ignore "^(docker-compose\.secrets\.yml|data/)\$"
end end
end end

View file

@ -0,0 +1,29 @@
services:
wekan:
image: wekanteam/wekan
restart: unless-stopped
depends_on:
- db
user: 1337:1337
environment:
WRITABLE_PATH: /data
ROOT_URL: https://example.com
MONGO_URL: mongodb://db:27017/wekan
MONGO_OPLOG_URL:
WITH_API: "true"
RICHER_CARD_COMMENT_EDITOR: "true"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./data/wekan:/data
db:
image: mongo
restart: unless-stopped
command: mongod --logpath /dev/null --oplogSize 128 --quiet
volumes:
- /etc/localtime:/etc/localtime:ro
- ./data/database:/data/db
bridge:
image: shenxn/protonmail-bridge
restart: unless-stopped
volumes:
- ./data/bridge:/root

View file

@ -0,0 +1,4 @@
services:
wekan:
ports:
- 127.0.0.1:1337:8080

View file

@ -0,0 +1,51 @@
#!/bin/env fish
begin
set -l dir (status dirname)
set -l service wekan
set -l domain due ""
source "$dir/../service.fish"
function installSW -V dir -V service -V domain
set -l domain (getServiceDomain $domain)
set -l file "$dir/docker-compose.base.yml"
initializeServiceInstallation $argv
URL="https://$domain" yq "$(getServiceKey "$service").environment.DOMAIN = env(URL)" "$file" | \
sudo tee "$(getServiceRoot $argv)/$(basename "$file")" >/dev/null
sudo cp "$dir/docker-compose.secrets.yml" (getServiceRoot $argv)
installDockerService $argv
end
function configureSW -V dir -V service
set -l uid
set -l gid
set -l user "$service"
set -l root (getServiceRoot $argv)
set -l data "data/wekan"
configureDockerService $argv
and sudo useradd \
--system \
--shell /bin/false \
--comment 'Wekan server' \
--create-home \
"$user"
set uid (id -u "$user")
set gid (id -g "$user")
USER="$uid:$gid" yq -i "$(getServiceKey "$service").user = env(USER)" "$root/docker-compose.base.yml"
mkdir -p "$root/$data"
chown -R "$uid:$gid" "$root/$data"
end
function getServiceServers -V domain
printf "%s\0" $domain
end
function getServiceLocations -V service
printf "%s\0" "$service" /
end
runInstaller --force $argv
end

View file

@ -0,0 +1 @@
data/

View file

@ -0,0 +1,7 @@
FROM tetafro/golang-gcc AS builder
RUN apk add -U --no-cache git
RUN git clone -b "v2.20.0" --depth=1 https://github.com/drone/drone.git
RUN cd drone && go build -trimpath -ldflags='-w -s' -tags nolimit -o /usr/local/bin/drone-server ./cmd/drone-server
FROM drone/drone
COPY --from=builder /usr/local/bin/drone-server /bin/

View file

@ -0,0 +1,26 @@
services:
ci-template:
image: woodpeckerci/woodpecker-server
restart: unless-stopped
depends_on: []
env_file:
- ci.common.env
environment:
WOODPECKER_DATABASE_DRIVER: mysql
volumes: []
agent-template:
image: woodpeckerci/woodpecker-agent
restart: unless-stopped
depends_on: []
command: agent
env_file:
- agent.common.env
environment: {}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
db-template:
image: mariadb
restart: unless-stopped
environment:
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
volumes: []

View file

@ -0,0 +1,116 @@
#!/bin/env fish
begin
set -l dir (status dirname)
set -l source "$dir/docker-compose.templates.yml"
source "$dir/../service.fish"
set -l environments \
my ci "" \
codeberg bergwache "" \
github gh.ci ""
function installSW -V dir -V environments -V source
set -l root (getServiceRoot $argv)
set -l config "$root/docker-compose.base.yml"
set -l secrets (getServiceSecretsConfig $argv)
set -l ciTemplate (yq -oj (getServiceKey ci-template) "$source")
set -l agentTemplate (yq -oj (getServiceKey agent-template) "$source")
set -l dbTemplate (yq -oj (getServiceKey db-template) "$source")
initializeServiceInstallation $argv
echo "{}" | sudo tee "$config" >/dev/null
echo "{}" | sudo tee "$secrets" >/dev/null
cp "$dir/.dockerignore" "$root"
sudo touch "$root"/{agent,ci}.common.env
for i in (seq 1 3 (count $environments))
set -l name $environments[$i]
set -l domain $environments[(math $i + 2)]
set -l subdomain $environments[(math $i + 1)]
set -l secret (openssl rand -hex 32)
set -l services ci db agent
set -l tmpConfig (mktemp)
set -l tmpSecrets (mktemp)
set -l ciName "$name-ci"
set -l dbName "$name-db"
set -l agentName "$name-agent"
set -l ciEnv
set -l dbEnv
set -l agentEnv
set -l ciKey
set -l dbKey
set -l agentKey
set -l db Woodpecker
set -l dbUser woodpecker
set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
set -l domain (getServiceDomain "$subdomain" "$domain")
cp "$config" "$tmpConfig"
cp "$secrets" "$tmpSecrets"
for serviceName in $services
set -l file (mktemp)
set -l nameVar "$serviceName""Name"
set -l serviceKey (getServiceKey "$$nameVar")
set "$serviceName""Key" "$serviceKey"
set "$serviceName""Env" "$serviceKey.environment"
end
CI_NAME=$ciName \
SECRET_ENV="$name.secret.env" begin
begin
echo "WOODPECKER_AGENT_SECRET=$secret"
end | sudo tee "$root/$SECRET_ENV" >/dev/null
yq "$ciKey = $ciTemplate" "$tmpConfig" | \
DB="$dbName" yq "$ciKey.depends_on |= . + [ env(DB) ]" | \
ENTRY="./data/$name/ci:/data" yq "$ciKey.volumes = [ env(ENTRY) ]" | \
yq "$ciKey.env_file |= . + [ env(SECRET_ENV) ]" | \
yq "$agentKey = $agentTemplate" | \
yq "$agentKey.depends_on |= . + [ env(CI_NAME) ]" | \
yq "$agentKey.env_file |= . + [ env(SECRET_ENV) ]" | \
SERVER="$ciName:9000" yq "$agentEnv.WOODPECKER_SERVER = env(SERVER)" | \
yq "$dbKey = $dbTemplate" | \
ENTRY="./data/$name/database:/var/lib/mysql" yq "$dbKey.volumes |= . + [ env(ENTRY) ]" | \
sudo tee "$config" >/dev/null
PORT="127.0.0.1:1337:8000" yq "$ciKey.ports = [ env(PORT) ]" "$tmpSecrets" | \
HOST="https://$domain" yq "$ciEnv.WOODPECKER_HOST = env(HOST)" | \
DB="$dbUser:$pw@tcp($dbName:3306)/$db?parseTime=true" yq "$ciEnv.WOODPECKER_DATABASE_DATASOURCE = env(DB)" | \
USER="$dbUser" yq "$dbEnv.MARIADB_USER = env(USER)" | \
PW="$pw" yq "$dbEnv.MARIADB_PASSWORD = env(PW)" | \
DB="$db" yq "$dbEnv.MARIADB_DATABASE = env(DB)" | \
sudo tee "$secrets" >/dev/null
end
end
installDockerService $argv
end
function configureSW -V dir
configureDockerService $argv
end
function getServiceServers -V environments
argparse -i "name=" -- $argv
set -l name "$_flag_name"
for i in (seq 1 3 (count $environments))
set -l domain $environments[(math $i + 2)]
set -l subdomain $environments[(math $i + 1)]
printf "%s\0" "$subdomain" "$domain"
end
end
function getServiceLocations -a index -V environments
set -l i (math (math (math $index - 1) / 2 "*" 3) + 1)
set -l name $environments[$i]
printf "%s\0" "$name-ci" /
end
function getBackupArgs
printf "%s\n" --hidden --no-ignore "data|\.secrets?\." (getServiceRoot $argv)
end
runInstaller --force $argv
end