Compare commits
5 commits
e07626c4dc
...
e0f96952bb
Author | SHA1 | Date | |
---|---|---|---|
e0f96952bb | |||
a4b29b24b6 | |||
00cbecf839 | |||
c8b1a8eee1 | |||
007126c3d9 |
14 changed files with 368 additions and 2 deletions
|
@ -45,6 +45,7 @@
|
||||||
valhalla = {
|
valhalla = {
|
||||||
DerGeret = import ./profiles/machines/manuel/DerGeret/Arch/config.nix;
|
DerGeret = import ./profiles/machines/manuel/DerGeret/Arch/config.nix;
|
||||||
ManuSurface = import ./profiles/machines/manuel/ManuSurface/Arch/config.nix;
|
ManuSurface = import ./profiles/machines/manuel/ManuSurface/Arch/config.nix;
|
||||||
|
server = import ./profiles/machines/manuel/server.nix;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,6 @@ let
|
||||||
["aliae" "aliae"]
|
["aliae" "aliae"]
|
||||||
["brave" "Brave Browser"]
|
["brave" "Brave Browser"]
|
||||||
["discord" "Discord"]
|
["discord" "Discord"]
|
||||||
["docker" "docker"]
|
|
||||||
["firefox" "Firefox Web Browser"]
|
["firefox" "Firefox Web Browser"]
|
||||||
["openssh" "OpenSSH"]
|
["openssh" "OpenSSH"]
|
||||||
["osu!lazer" "osu!lazer"]
|
["osu!lazer" "osu!lazer"]
|
||||||
|
@ -51,6 +50,7 @@ let
|
||||||
["logo-ls" "logo-ls"]
|
["logo-ls" "logo-ls"]
|
||||||
["lutris" "Lutris"]
|
["lutris" "Lutris"]
|
||||||
["minegrub-theme" "Minegrub Theme"]
|
["minegrub-theme" "Minegrub Theme"]
|
||||||
|
["nginx" "nginx"]
|
||||||
["nodejs-n" "n"]
|
["nodejs-n" "n"]
|
||||||
["nuke-usb" "nuke-usb"]
|
["nuke-usb" "nuke-usb"]
|
||||||
["nvidia-dkms" "Nvidia Drivers"]
|
["nvidia-dkms" "Nvidia Drivers"]
|
||||||
|
@ -83,6 +83,7 @@ let
|
||||||
];
|
];
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
|
./programs/docker.nix
|
||||||
./programs/git.nix
|
./programs/git.nix
|
||||||
./programs/nextcloud.nix
|
./programs/nextcloud.nix
|
||||||
./programs/oh-my-posh.nix
|
./programs/oh-my-posh.nix
|
||||||
|
|
41
lib/modules/programs/docker.nix
Normal file
41
lib/modules/programs/docker.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption mkOption types;
|
||||||
|
|
||||||
|
commonOptions = {
|
||||||
|
enable = mkEnableOption "docker";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
valhalla = {
|
||||||
|
programs.docker = commonOptions;
|
||||||
|
|
||||||
|
users = mkOption {
|
||||||
|
type = types.attrsOf (types.submodule (
|
||||||
|
{ ... }: {
|
||||||
|
options = {
|
||||||
|
programs.docker = commonOptions;
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
|
||||||
|
linux = {
|
||||||
|
programs = {
|
||||||
|
docker = {
|
||||||
|
services = {
|
||||||
|
anki-sync.enable = mkEnableOption "Anki Sync server";
|
||||||
|
drone.enable = mkEnableOption "drone server";
|
||||||
|
forgejo.enable = mkEnableOption "Forgejo server";
|
||||||
|
minecraft.enable = mkEnableOption "Minecraft server";
|
||||||
|
nextcloud.enable = mkEnableOption "Nextcloud server";
|
||||||
|
teamspeak.enable = mkEnableOption "TeamSpeak server";
|
||||||
|
trackmania.enable = mkEnableOption "TrackMania server";
|
||||||
|
vaultwarden.enable = mkEnableOption "Vaultwarden server";
|
||||||
|
woodpecker.enable = mkEnableOption "Woodpecker CI server";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
72
profiles/machines/manuel/server.nix
Normal file
72
profiles/machines/manuel/server.nix
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
let fs = import ../../../lib/modules/partition/fs.nix;
|
||||||
|
in {
|
||||||
|
imports = [ ./defaults.nix ];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
valhalla = {
|
||||||
|
partition = {
|
||||||
|
os = {
|
||||||
|
partitions = {
|
||||||
|
Boot = {
|
||||||
|
index = 1;
|
||||||
|
type = "uefi";
|
||||||
|
size = "+1G";
|
||||||
|
format = fs.fat32;
|
||||||
|
mountPoint = config.valhalla.boot.efiMountPoint;
|
||||||
|
};
|
||||||
|
|
||||||
|
Swap = {
|
||||||
|
index = 2;
|
||||||
|
type = "swap";
|
||||||
|
};
|
||||||
|
|
||||||
|
OS = {
|
||||||
|
index = 3;
|
||||||
|
label = lib.mkDefault config.valhalla.boot.label;
|
||||||
|
type = "linux";
|
||||||
|
format = fs.ext4;
|
||||||
|
mountPoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hostname = "nuth.ch";
|
||||||
|
timeZone = "Europe/Zurich";
|
||||||
|
keyMap = "de_CH-latin1";
|
||||||
|
keyboardLayout = "ch";
|
||||||
|
|
||||||
|
i18n = {
|
||||||
|
localeSettings = let defaultLocale = "en_US.UTF-8";
|
||||||
|
in {
|
||||||
|
LANG = "de_CH.UTF-8";
|
||||||
|
LANGUAGE = defaultLocale;
|
||||||
|
LC_MESSAGE = defaultLocale;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
software = {
|
||||||
|
essential = true;
|
||||||
|
server = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.docker.enable = true;
|
||||||
|
|
||||||
|
linux.programs = {
|
||||||
|
docker = {
|
||||||
|
services = {
|
||||||
|
drone.enable = true;
|
||||||
|
forgejo.enable = true;
|
||||||
|
minecraft.enable = true;
|
||||||
|
nextcloud.enable = true;
|
||||||
|
teamspeak.enable = true;
|
||||||
|
trackmania.enable = true;
|
||||||
|
vaultwarden.enable = true;
|
||||||
|
woodpecker.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -10,6 +10,8 @@ begin
|
||||||
docker-compose \
|
docker-compose \
|
||||||
docker-buildx \
|
docker-buildx \
|
||||||
docker-scan
|
docker-scan
|
||||||
|
|
||||||
|
installSWBase $argv
|
||||||
end
|
end
|
||||||
|
|
||||||
runInstaller $argv
|
runInstaller $argv
|
||||||
|
|
|
@ -12,5 +12,20 @@ begin
|
||||||
sudo usermod -aG docker "$_flag_user"
|
sudo usermod -aG docker "$_flag_user"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function installSWDependencies -V dir -V args
|
||||||
|
source "$dir/../../../lib/settings.fish"
|
||||||
|
set -la argv $args
|
||||||
|
echo "args: $argv"
|
||||||
|
argparse -i "name=" "user=" -- $argv
|
||||||
|
set -l services (getProgramConfig --name "$_flag_name" --user "$_flag_user" --json | jq '.services')
|
||||||
|
|
||||||
|
for service in (echo "$services" | jq '. | keys[]' --raw-output0 | string split0)
|
||||||
|
|
||||||
|
if echo "$services" | SERVICE=$service jq --exit-status ".[env.SERVICE].enable" >/dev/null
|
||||||
|
fish "$dir/services/$service/main.fish" $argv
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
runInstaller $argv
|
runInstaller $argv
|
||||||
end
|
end
|
||||||
|
|
|
@ -173,6 +173,6 @@ begin
|
||||||
end
|
end
|
||||||
|
|
||||||
function getBackupArgs
|
function getBackupArgs
|
||||||
printf "%s\n" --hidden --no-ignore . --exclude "docker-compose"{,.base}".yml" (getServiceRoot $argv)
|
printf "%s\n" --hidden --no-ignore "^(docker-compose\.secrets\.yml|data/)\$"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
services:
|
||||||
|
wekan:
|
||||||
|
image: wekanteam/wekan
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
user: 1337:1337
|
||||||
|
environment:
|
||||||
|
WRITABLE_PATH: /data
|
||||||
|
ROOT_URL: https://example.com
|
||||||
|
MONGO_URL: mongodb://db:27017/wekan
|
||||||
|
MONGO_OPLOG_URL:
|
||||||
|
WITH_API: "true"
|
||||||
|
RICHER_CARD_COMMENT_EDITOR: "true"
|
||||||
|
volumes:
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- ./data/wekan:/data
|
||||||
|
db:
|
||||||
|
image: mongo
|
||||||
|
restart: unless-stopped
|
||||||
|
command: mongod --logpath /dev/null --oplogSize 128 --quiet
|
||||||
|
volumes:
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- ./data/database:/data/db
|
||||||
|
bridge:
|
||||||
|
image: shenxn/protonmail-bridge
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- ./data/bridge:/root
|
|
@ -0,0 +1,4 @@
|
||||||
|
services:
|
||||||
|
wekan:
|
||||||
|
ports:
|
||||||
|
- 127.0.0.1:1337:8080
|
51
scripts/Common/Software/docker/services/wekan/main.fish
Executable file
51
scripts/Common/Software/docker/services/wekan/main.fish
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/env fish
|
||||||
|
begin
|
||||||
|
set -l dir (status dirname)
|
||||||
|
set -l service wekan
|
||||||
|
set -l domain due ""
|
||||||
|
source "$dir/../service.fish"
|
||||||
|
|
||||||
|
function installSW -V dir -V service -V domain
|
||||||
|
set -l domain (getServiceDomain $domain)
|
||||||
|
set -l file "$dir/docker-compose.base.yml"
|
||||||
|
initializeServiceInstallation $argv
|
||||||
|
|
||||||
|
URL="https://$domain" yq "$(getServiceKey "$service").environment.DOMAIN = env(URL)" "$file" | \
|
||||||
|
sudo tee "$(getServiceRoot $argv)/$(basename "$file")" >/dev/null
|
||||||
|
|
||||||
|
sudo cp "$dir/docker-compose.secrets.yml" (getServiceRoot $argv)
|
||||||
|
installDockerService $argv
|
||||||
|
end
|
||||||
|
|
||||||
|
function configureSW -V dir -V service
|
||||||
|
set -l uid
|
||||||
|
set -l gid
|
||||||
|
set -l user "$service"
|
||||||
|
set -l root (getServiceRoot $argv)
|
||||||
|
set -l data "data/wekan"
|
||||||
|
configureDockerService $argv
|
||||||
|
|
||||||
|
and sudo useradd \
|
||||||
|
--system \
|
||||||
|
--shell /bin/false \
|
||||||
|
--comment 'Wekan server' \
|
||||||
|
--create-home \
|
||||||
|
"$user"
|
||||||
|
|
||||||
|
set uid (id -u "$user")
|
||||||
|
set gid (id -g "$user")
|
||||||
|
USER="$uid:$gid" yq -i "$(getServiceKey "$service").user = env(USER)" "$root/docker-compose.base.yml"
|
||||||
|
mkdir -p "$root/$data"
|
||||||
|
chown -R "$uid:$gid" "$root/$data"
|
||||||
|
end
|
||||||
|
|
||||||
|
function getServiceServers -V domain
|
||||||
|
printf "%s\0" $domain
|
||||||
|
end
|
||||||
|
|
||||||
|
function getServiceLocations -V service
|
||||||
|
printf "%s\0" "$service" /
|
||||||
|
end
|
||||||
|
|
||||||
|
runInstaller --force $argv
|
||||||
|
end
|
|
@ -0,0 +1 @@
|
||||||
|
data/
|
|
@ -0,0 +1,7 @@
|
||||||
|
FROM tetafro/golang-gcc AS builder
|
||||||
|
RUN apk add -U --no-cache git
|
||||||
|
RUN git clone -b "v2.20.0" --depth=1 https://github.com/drone/drone.git
|
||||||
|
RUN cd drone && go build -trimpath -ldflags='-w -s' -tags nolimit -o /usr/local/bin/drone-server ./cmd/drone-server
|
||||||
|
|
||||||
|
FROM drone/drone
|
||||||
|
COPY --from=builder /usr/local/bin/drone-server /bin/
|
|
@ -0,0 +1,26 @@
|
||||||
|
services:
|
||||||
|
ci-template:
|
||||||
|
image: woodpeckerci/woodpecker-server
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on: []
|
||||||
|
env_file:
|
||||||
|
- ci.common.env
|
||||||
|
environment:
|
||||||
|
WOODPECKER_DATABASE_DRIVER: mysql
|
||||||
|
volumes: []
|
||||||
|
agent-template:
|
||||||
|
image: woodpeckerci/woodpecker-agent
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on: []
|
||||||
|
command: agent
|
||||||
|
env_file:
|
||||||
|
- agent.common.env
|
||||||
|
environment: {}
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
db-template:
|
||||||
|
image: mariadb
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||||
|
volumes: []
|
116
scripts/Common/Software/docker/services/woodpecker/main.fish
Executable file
116
scripts/Common/Software/docker/services/woodpecker/main.fish
Executable file
|
@ -0,0 +1,116 @@
|
||||||
|
#!/bin/env fish
|
||||||
|
begin
|
||||||
|
set -l dir (status dirname)
|
||||||
|
set -l source "$dir/docker-compose.templates.yml"
|
||||||
|
source "$dir/../service.fish"
|
||||||
|
|
||||||
|
set -l environments \
|
||||||
|
my ci "" \
|
||||||
|
codeberg bergwache "" \
|
||||||
|
github gh.ci ""
|
||||||
|
|
||||||
|
function installSW -V dir -V environments -V source
|
||||||
|
set -l root (getServiceRoot $argv)
|
||||||
|
set -l config "$root/docker-compose.base.yml"
|
||||||
|
set -l secrets (getServiceSecretsConfig $argv)
|
||||||
|
set -l ciTemplate (yq -oj (getServiceKey ci-template) "$source")
|
||||||
|
set -l agentTemplate (yq -oj (getServiceKey agent-template) "$source")
|
||||||
|
set -l dbTemplate (yq -oj (getServiceKey db-template) "$source")
|
||||||
|
initializeServiceInstallation $argv
|
||||||
|
echo "{}" | sudo tee "$config" >/dev/null
|
||||||
|
echo "{}" | sudo tee "$secrets" >/dev/null
|
||||||
|
|
||||||
|
cp "$dir/.dockerignore" "$root"
|
||||||
|
sudo touch "$root"/{agent,ci}.common.env
|
||||||
|
|
||||||
|
for i in (seq 1 3 (count $environments))
|
||||||
|
set -l name $environments[$i]
|
||||||
|
set -l domain $environments[(math $i + 2)]
|
||||||
|
set -l subdomain $environments[(math $i + 1)]
|
||||||
|
set -l secret (openssl rand -hex 32)
|
||||||
|
set -l services ci db agent
|
||||||
|
set -l tmpConfig (mktemp)
|
||||||
|
set -l tmpSecrets (mktemp)
|
||||||
|
set -l ciName "$name-ci"
|
||||||
|
set -l dbName "$name-db"
|
||||||
|
set -l agentName "$name-agent"
|
||||||
|
set -l ciEnv
|
||||||
|
set -l dbEnv
|
||||||
|
set -l agentEnv
|
||||||
|
set -l ciKey
|
||||||
|
set -l dbKey
|
||||||
|
set -l agentKey
|
||||||
|
set -l db Woodpecker
|
||||||
|
set -l dbUser woodpecker
|
||||||
|
set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32")
|
||||||
|
set -l domain (getServiceDomain "$subdomain" "$domain")
|
||||||
|
|
||||||
|
cp "$config" "$tmpConfig"
|
||||||
|
cp "$secrets" "$tmpSecrets"
|
||||||
|
|
||||||
|
for serviceName in $services
|
||||||
|
set -l file (mktemp)
|
||||||
|
set -l nameVar "$serviceName""Name"
|
||||||
|
set -l serviceKey (getServiceKey "$$nameVar")
|
||||||
|
set "$serviceName""Key" "$serviceKey"
|
||||||
|
set "$serviceName""Env" "$serviceKey.environment"
|
||||||
|
end
|
||||||
|
|
||||||
|
CI_NAME=$ciName \
|
||||||
|
SECRET_ENV="$name.secret.env" begin
|
||||||
|
begin
|
||||||
|
echo "WOODPECKER_AGENT_SECRET=$secret"
|
||||||
|
end | sudo tee "$root/$SECRET_ENV" >/dev/null
|
||||||
|
|
||||||
|
yq "$ciKey = $ciTemplate" "$tmpConfig" | \
|
||||||
|
DB="$dbName" yq "$ciKey.depends_on |= . + [ env(DB) ]" | \
|
||||||
|
ENTRY="./data/$name/ci:/data" yq "$ciKey.volumes = [ env(ENTRY) ]" | \
|
||||||
|
yq "$ciKey.env_file |= . + [ env(SECRET_ENV) ]" | \
|
||||||
|
yq "$agentKey = $agentTemplate" | \
|
||||||
|
yq "$agentKey.depends_on |= . + [ env(CI_NAME) ]" | \
|
||||||
|
yq "$agentKey.env_file |= . + [ env(SECRET_ENV) ]" | \
|
||||||
|
SERVER="$ciName:9000" yq "$agentEnv.WOODPECKER_SERVER = env(SERVER)" | \
|
||||||
|
yq "$dbKey = $dbTemplate" | \
|
||||||
|
ENTRY="./data/$name/database:/var/lib/mysql" yq "$dbKey.volumes |= . + [ env(ENTRY) ]" | \
|
||||||
|
sudo tee "$config" >/dev/null
|
||||||
|
|
||||||
|
PORT="127.0.0.1:1337:8000" yq "$ciKey.ports = [ env(PORT) ]" "$tmpSecrets" | \
|
||||||
|
HOST="https://$domain" yq "$ciEnv.WOODPECKER_HOST = env(HOST)" | \
|
||||||
|
DB="$dbUser:$pw@tcp($dbName:3306)/$db?parseTime=true" yq "$ciEnv.WOODPECKER_DATABASE_DATASOURCE = env(DB)" | \
|
||||||
|
USER="$dbUser" yq "$dbEnv.MARIADB_USER = env(USER)" | \
|
||||||
|
PW="$pw" yq "$dbEnv.MARIADB_PASSWORD = env(PW)" | \
|
||||||
|
DB="$db" yq "$dbEnv.MARIADB_DATABASE = env(DB)" | \
|
||||||
|
sudo tee "$secrets" >/dev/null
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
installDockerService $argv
|
||||||
|
end
|
||||||
|
|
||||||
|
function configureSW -V dir
|
||||||
|
configureDockerService $argv
|
||||||
|
end
|
||||||
|
|
||||||
|
function getServiceServers -V environments
|
||||||
|
argparse -i "name=" -- $argv
|
||||||
|
set -l name "$_flag_name"
|
||||||
|
|
||||||
|
for i in (seq 1 3 (count $environments))
|
||||||
|
set -l domain $environments[(math $i + 2)]
|
||||||
|
set -l subdomain $environments[(math $i + 1)]
|
||||||
|
printf "%s\0" "$subdomain" "$domain"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
function getServiceLocations -a index -V environments
|
||||||
|
set -l i (math (math (math $index - 1) / 2 "*" 3) + 1)
|
||||||
|
set -l name $environments[$i]
|
||||||
|
printf "%s\0" "$name-ci" /
|
||||||
|
end
|
||||||
|
|
||||||
|
function getBackupArgs
|
||||||
|
printf "%s\n" --hidden --no-ignore "data|\.secrets?\." (getServiceRoot $argv)
|
||||||
|
end
|
||||||
|
|
||||||
|
runInstaller --force $argv
|
||||||
|
end
|
Loading…
Reference in a new issue