diff --git a/home/common/files/bash/bash_motd b/home/common/files/bash/bash_motd index 49a666e..abef266 100644 --- a/home/common/files/bash/bash_motd +++ b/home/common/files/bash/bash_motd @@ -447,7 +447,7 @@ print_docker() { printf "\\n" printf " \\033[1;37mDocker:\\033[0m\\n" - docker_info=$(sudo curl -sf --unix-socket /var/run/docker.sock http:/v1.40/info) + docker_info=$(doas curl -sf --unix-socket /var/run/docker.sock http:/v1.40/info) docker_version=$(echo "$docker_info" | jq -r '.ServerVersion') @@ -457,7 +457,7 @@ print_docker() { printf " %s Version %s%s%s %s Images\\n\\n" "$DOCKER_VERSION_ICON" "$docker_version" "$docker_space" "$DOCKER_IMAGES_ICON" "$docker_images" - docker_list=$(sudo curl -sf --unix-socket /var/run/docker.sock "http://v1.40/containers/json?all=true" | jq -c ' .[]') + docker_list=$(doas curl -sf --unix-socket /var/run/docker.sock "http://v1.40/containers/json?all=true" | jq -c ' .[]') echo "$docker_list" | while read -r line; do container_name="$(echo "$line" | jq -r '.Names[]' | sed 's/\///')" @@ -533,10 +533,10 @@ print_letsencrypt() { printf "\\n" printf " \\033[1;37mSSL / let’s encrypt:\\033[0m\\n" - cert_list=$(sudo find $LETSENCRYPT_CERTPATH -name cert.pem) + cert_list=$(doas find $LETSENCRYPT_CERTPATH -name cert.pem) for cert_file in $cert_list; do - sudo openssl x509 -checkend $((25 * 86400)) -noout -in "$cert_file" >> /dev/null + doas openssl x509 -checkend $((25 * 86400)) -noout -in "$cert_file" >> /dev/null result=$? cert_name=$(echo "$cert_file" | rev | cut -d '/' -f 2 | rev) @@ -544,7 +544,7 @@ print_letsencrypt() { if [ "$result" -eq 0 ]; then printf " \\033[%sm%s\\033[0m %s\\n" "$LETSENCRYPT_VALID_COLOR" "$LETSENCRYPT_VALID_ICON" "$cert_name" else - sudo openssl x509 -checkend $((0 * 86400)) -noout -in "$cert_file" >> /dev/null + doas openssl x509 -checkend $((0 * 86400)) -noout -in "$cert_file" >> /dev/null result=$? if [ "$result" -eq 0 ]; then diff --git a/hosts/fred/default.nix b/hosts/fred/default.nix index 8d222db..6d3aa57 100644 --- a/hosts/fred/default.nix +++ b/hosts/fred/default.nix @@ -4,6 +4,6 @@ imports = [ ./hardware-configuration.nix - #./disko.nix + ./podman.nix ]; } diff --git a/hosts/fred/podman.nix b/hosts/fred/podman.nix new file mode 100644 index 0000000..30975a1 --- /dev/null +++ b/hosts/fred/podman.nix @@ -0,0 +1,161 @@ +# Auto-generated using compose2nix v0.1.6. +{ pkgs, lib, ... }: + +{ + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + # Containers + virtualisation.oci-containers.containers."bandwidth" = { + image = "ghcr.io/alexjustesen/speedtest-tracker:latest"; + environment = { + DB_CONNECTION = "mysql"; + DB_DATABASE = "speedtest_tracker"; + DB_HOST = "bandwidth-db"; + DB_PASSWORD = "password"; + DB_PORT = "3306"; + DB_USERNAME = "speedy"; + PGID = "1000"; + PUID = "1000"; + TZ = "America/Chicago"; + }; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/home/don/docker/speedtest/config:/config:rw" + "/home/don/docker/speedtest/web:/etc/ssl/web:rw" + ]; + dependsOn = [ + "bandwidth-db" + "bandwidth-ts" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:bandwidth-ts" + ]; + }; + systemd.services."podman-bandwidth" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-tstest-root.target" + ]; + unitConfig.UpheldBy = [ + "podman-bandwidth-db.service" + "podman-bandwidth-ts.service" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + virtualisation.oci-containers.containers."bandwidth-db" = { + image = "mariadb:10"; + environment = { + MARIADB_DATABASE = "speedtest_tracker"; + MARIADB_PASSWORD = "password"; + MARIADB_RANDOM_ROOT_PASSWORD = "true"; + MARIADB_USER = "speedy"; + PGID = "1000"; + PUID = "1000"; + }; + volumes = [ + "/home/don/docker/speedtest-db:/var/lib/mysql:rw" + ]; + dependsOn = [ + "bandwidth-ts" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:bandwidth-ts" + ]; + }; + systemd.services."podman-bandwidth-db" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-tstest-root.target" + ]; + unitConfig.UpheldBy = [ + "podman-bandwidth-ts.service" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + virtualisation.oci-containers.containers."bandwidth-ts" = { + image = "tailscale/tailscale"; + environment = { + PGID = "1000"; + PUID = "1000"; + TS_ACCEPT_DNS = "true"; + TS_AUTHKEY = "tskey-auth-kt22J52CNTRL-iT7CCqfci73sWvVy6Dyi83DWzwLnNyknF"; + TS_HOSTNAME = "fred-bw"; + TS_STATE_DIR = "/var/lib/tailscale"; + }; + volumes = [ + "/dev/net/tun:/dev/net/tun:rw" + "/home/don/docker/tailscale/var_lib:/var/lib:rw" + ]; + cmd = [ "tailscaled" ]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=net_admin" + "--cap-add=sys_module" + "--network-alias=bandwidth-ts" + "--network=tstest-default" + "--privileged" + ]; + }; + systemd.services."podman-bandwidth-ts" = { + serviceConfig = { + Restart = lib.mkOverride 500 "no"; + }; + after = [ + "podman-network-tstest-default.service" + ]; + requires = [ + "podman-network-tstest-default.service" + ]; + partOf = [ + "podman-compose-tstest-root.target" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + + # Networks + systemd.services."podman-network-tstest-default" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "${pkgs.podman}/bin/podman network rm -f tstest-default"; + }; + script = '' + podman network inspect tstest-default || podman network create tstest-default --opt isolate=true + ''; + partOf = [ "podman-compose-tstest-root.target" ]; + wantedBy = [ "podman-compose-tstest-root.target" ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."podman-compose-tstest-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; +}