mat
/
homelab-apps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: mat:60d59ba031eef2b5bce62f8bda695b21fb89859e
Branches Tags
mat:main
...
compare: mat:ae2160851cf887160121d297dfb0cdcbc435d06b
Branches Tags
mat:main

3 Commits
60d59ba031 ... ae2160851c

Author SHA1 Message Date
mat ess ae2160851c Add gluetun 2023-07-23 21:13:23 -04:00
mat ess 7124e2c0a5 Update flake 2023-07-23 21:12:11 -04:00
mat ess 1178986367 Update configs 2023-07-23 21:11:55 -04:00
6 changed files with 69 additions and 34 deletions
Show Stats Expand all files Collapse all files

2
.envrc
View File

@ -1,2 +1,2 @@
use flake
dotenv .env
dotenv_if_exists .env

2
.gitignore vendored
View File

@ -1,2 +1,4 @@
.env
.direnv
.secrets.jsonnet

13
compose.libsonnet
View File

@ -22,9 +22,14 @@ local traefikLabels(name, host, port, extras) = toLabels({
'traefik.docker.network': 'traefik',
} + extras);
local mkNetwork(svc) = if std.get(svc, 'gluetun', false) then {
network_mode: 'service:gluetun',
} else {
networks: ['traefik'],
};
local mkService(name, svc) = svc {
container_name: name,
networks: ['traefik'],
volumes: toVolumes(optional(svc, 'volumes'))
+ toVolumes(optional(svc, 'mounts'))
+ if std.get(svc, 'docker', false)
@ -32,7 +37,7 @@ local mkService(name, svc) = svc {
else [],
labels: traefikLabels(name, std.get(svc, 'host', name), svc.webPort, optional(svc, 'traefik')),
restart: 'always',
};
} + mkNetwork(svc);
local extractVolumes(cfg) = {
[name]: {
@ -65,12 +70,12 @@ local mediaMounts(mounts) = {
MediaMounts:: mediaMounts,
MediaService(name, tag='latest', env={}, mounts={}, webPort, ports=[]):: {
MediaService(name, tag='latest', env={}, mounts={}, webPort, ports=[], extras={}):: {
image: 'lscr.io/linuxserver/%s:%s' % [name, tag],
environment: mediaEnv + env,
volumes: { ['media_%s_config' % name]: '/config' },
mounts:: mediaMounts(mounts),
webPort:: webPort,
ports: ports,
},
} + extras,
}

18
flake.lock
View File

@ -5,11 +5,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1666885127,
"narHash": "sha256-uXA/3lhLhwOTBMn9a5zJODKqaRT+SuL5cpEmOz2ULoo=",
"lastModified": 1688466019,
"narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "0e101dbae756d35a376a5e1faea532608e4a4b9a",
"rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
"type": "github"
},
"original": {
@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1667629849,
"narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
"lastModified": 1690031011,
"narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
"rev": "12303c652b881435065a98729eb7278313041e49",
"type": "github"
},
"original": {
@ -37,11 +37,11 @@
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1665349835,
"narHash": "sha256-UK4urM3iN80UXQ7EaOappDzcisYIuEURFRoGQ/yPkug=",
"lastModified": 1688049487,
"narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "34c5293a71ffdb2fe054eb5288adc1882c1eb0b1",
"rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
"type": "github"
},
"original": {

17
flake.nix
View File

@ -6,24 +6,17 @@
flake-parts.url = "github:hercules-ci/flake-parts";
};
outputs = { self, flake-parts, ... }:
flake-parts.lib.mkFlake { inherit self; } {
outputs = inputs@{ self, flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" "aarch64-darwin" ];
perSystem = { config, self', inputs', pkgs, system, ... }:
let
to-docker-compose = pkgs.writeShellApplication {
name = "to-docker-compose";
runtimeInputs = [ pkgs.jsonnet ];
runtimeInputs = [ pkgs.go-jsonnet ];
text =
let
vars = [ "PLEX_CLAIM" "PLEX_ADVERTISE_IP" "FIREFLY_APP_KEY" ];
varRow = var: "${var}: '\$${var}',";
in
''
jsonnet services.jsonnet \
--tla-code secrets="{
${pkgs.lib.concatMapStrings varRow vars}
}"
jsonnet services.jsonnet --tla-code-file secrets=.secrets.jsonnet
'';
};
remote-docker-compose = pkgs.writeShellApplication {
@ -41,7 +34,7 @@
{
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
jsonnet
go-jsonnet
to-docker-compose
remote-docker-compose
];

51
services.jsonnet
View File

@ -7,6 +7,30 @@ local MediaMounts = compose.MediaMounts;
function(secrets={})
Compose({
gluetun: {
image: 'qmcgaw/gluetun',
cap_add: ['NET_ADMIN'],
devices: ['/dev/net/tun:/dev/net/tun'],
environment: {
TZ: 'America/New_York',
VPN_SERVICE_PROVIDER: 'custom',
VPN_TYPE: 'wireguard',
// VPN_PORT_FORWARDING: 'on',
// VPN_PORT_FORWARDING_PROVIDER: 'protonvpn',
VPN_ENDPOINT_IP: std.get(secrets, 'VPN_ENDPOINT_IP'),
VPN_ENDPOINT_PORT: std.get(secrets, 'VPN_ENDPOINT_PORT'),
WIREGUARD_PUBLIC_KEY: std.get(secrets, 'WIREGUARD_PUBLIC_KEY'),
WIREGUARD_PRIVATE_KEY: std.get(secrets, 'WIREGUARD_PRIVATE_KEY'),
WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'),
},
ports: [
Port(8888),
Port(8388),
Port(8388, kind='udp'),
],
webPort:: 8000,
volumes: { gluetun_data: '/gluetun' },
},
traefik: {
image: 'traefik:latest',
command: Command({
@ -19,7 +43,10 @@ function(secrets={})
}),
docker:: true,
webPort:: 8080,
ports: [Port(80) /* Port(443) */],
ports: [
Port(80),
// Port(443),
],
traefik:: {
// 'traefik.http.routers.http-catchall.rule': 'hostregexp(`{host:.+}`)'
// 'traefik.http.routers.http-catchall.entrypoints': 'web'
@ -39,7 +66,11 @@ function(secrets={})
env={ DELUGE_LOGLEVEL: 'error' },
mounts={ torrents: '/downloads' },
webPort=8112,
ports=[Port(54979), Port(54979, kind='udp')],
// ports=[
// Port(54979),
// Port(54979, kind='udp'),
// ],
extras={ gluetun:: true },
),
prowlarr: MediaService(
name='prowlarr',
@ -50,6 +81,7 @@ function(secrets={})
'passport-5tb': '/passport-5tb',
'passport-1tb': '/passport-1tb',
},
extras={ gluetun:: true },
),
bazarr: MediaService(
name='bazarr',
@ -58,6 +90,7 @@ function(secrets={})
'passport-5tb': '/passport-5tb',
'passport-1tb': '/passport-1tb',
},
extras={ gluetun:: true },
),
radarr: MediaService(
name='radarr',
@ -67,6 +100,7 @@ function(secrets={})
'passport-1tb/movies': '/passport-1tb',
torrents: '/downloads',
},
extras={ gluetun:: true },
),
sonarr: MediaService(
name='sonarr',
@ -75,14 +109,15 @@ function(secrets={})
'passport-5tb/tv': '/passport-5tb',
'passport-1tb/tv': '/passport-1tb',
torrents: '/downloads',
}
},
extras={ gluetun:: true },
),
plex: {
image: 'plexinc/pms-docker',
environment: {
TZ: 'America/New_York',
PLEX_CLAIM: std.get(secrets, 'PLEX_CLAIM'),
ADVERTISE_IP: std.get(secrets, 'PLEX_ADVERTISE_IP'),
// ADVERTISE_IP: std.get(secrets, 'PLEX_ADVERTISE_IP'),
},
volumes: { media_plex_config: '/config' },
mounts:: MediaMounts({
@ -93,7 +128,7 @@ function(secrets={})
devices: ['/dev/dri:/dev/dri'],
webPort:: 32400,
ports: [
Port(56463, src=32400),
Port(32400),
Port(3005),
Port(8324),
Port(32469),
@ -106,10 +141,10 @@ function(secrets={})
},
archivebox: {
image: 'archivebox/archivebox:dev',
// command: 'server --quick-init 0.0.0.0:8000',
command: 'server --quick-init 0.0.0.0:8000',
// TODO: hack to workaround https://github.com/ArchiveBox/ArchiveBox/issues/1002
entrypoint: '/bin/bash',
command: '-c "chown -R archivebox:archivebox /app/archivebox/core/migrations && /app/bin/docker_entrypoint.sh server --quick-init 0.0.0.0:8000"',
// entrypoint: '/bin/bash',
// command: '-c "chown -R archivebox:archivebox /app/archivebox/core/migrations && /app/bin/docker_entrypoint.sh server --quick-init 0.0.0.0:8000"',
environment: {
ALLOWED_HOSTS: '*',
MEDIA_MAX_SIZE: '750m',