From ad155e63cea5248802a6b19f5699c2e10524c759 Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 9 May 2025 13:06:33 +0200 Subject: [PATCH] Added more services --- hosts/v-th-ctr-01/home.nix | 2 + modules/home/containers/caddy.nix | 10 +++ modules/home/containers/homepage.nix | 108 +++++++++++++++++++-------- modules/home/containers/karakeep.nix | 82 ++++++++++++++++++++ modules/home/containers/vikunja.nix | 29 +++++++ modules/home/default.nix | 2 + secrets/deploy.yaml | 7 +- 7 files changed, 207 insertions(+), 33 deletions(-) create mode 100644 modules/home/containers/karakeep.nix create mode 100644 modules/home/containers/vikunja.nix diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix index 1331e54..3106533 100644 --- a/hosts/v-th-ctr-01/home.nix +++ b/hosts/v-th-ctr-01/home.nix @@ -53,6 +53,8 @@ beszel.enable = true; storage.enable = true; homeassistant.enable = true; + karakeep.enable = true; + vikunja.enable = true; }; }; diff --git a/modules/home/containers/caddy.nix b/modules/home/containers/caddy.nix index 2b70a0b..262a760 100644 --- a/modules/home/containers/caddy.nix +++ b/modules/home/containers/caddy.nix @@ -108,6 +108,16 @@ in { handle @homeassistant { reverse_proxy homeassistant:8123 } + + @karakeep host karakeep.local.tbmrs.nl + handle @karakeep { + reverse_proxy karakeep:3000 + } + + @vikunja host vikunja.local.tbmrs.nl + handle @vikunja { + reverse_proxy vikunja:3456 + } } ''; }; diff --git a/modules/home/containers/homepage.nix b/modules/home/containers/homepage.nix index f80fe5a..199e86e 100644 --- a/modules/home/containers/homepage.nix +++ b/modules/home/containers/homepage.nix @@ -37,40 +37,19 @@ in { description = "server from Timo"; theme = "dark"; color = "slate"; + layout = { + Services = { + style = "row"; + columns = "4"; + }; + Infra = { + style = "row"; + columns = "4"; + }; + }; }; home.file."containers/homepage/config/services.yaml".source = (pkgs.formats.yaml { }).generate "services" [ - { - "Infra" = [ - { - "Kanidm" = { - href = "https://auth.tbmrs.nl"; - description = "Oauth2 and ldap provider"; - icon = "kanidm"; - server = "podman"; - container = "kanidm"; - }; - } - { - "Uptime Kuma" = { - href = "https://uptime.tbmrs.nl"; - description = "Uptime and status"; - icon = "uptime-kuma"; - server = "podman"; - container = "uptime-kuma"; - }; - } - { - "Beszel" = { - href = "https://monitor.local.tbmrs.nl"; - description = "Server monitoring"; - icon = "beszel"; - server = "podman"; - container = "beszel"; - }; - } - ]; - } { "Services" = [ { @@ -118,6 +97,73 @@ in { container = "paperless-ngx"; }; } + { + "Home Assistant" = { + href = "https://home-assistant.local.tbmrs.nl"; + description = "Home automation"; + icon = "home-assistant"; + server = "podman"; + container = "homeassistant"; + }; + } + { + "Syncthing" = { + href = "https://syncthing.local.tbmrs.nl"; + description = "File syncronisation"; + icon = "syncthing"; + server = "podman"; + container = "syncthing"; + }; + } + { + "Dufs" = { + href = "https://files.tbmrs.nl"; + description = "File management"; + icon = "dufs"; + server = "podman"; + container = "dufs"; + }; + } + { + "Karakeep" = { + href = "https://karakeep.local.tbmrs.nl"; + description = "Data hoarder"; + icon = "karakeep"; + server = "podman"; + container = "karakeep"; + }; + } + ]; + } + { + "Infra" = [ + { + "Kanidm" = { + href = "https://auth.tbmrs.nl"; + description = "Oauth2 and ldap provider"; + icon = "kanidm"; + server = "podman"; + container = "kanidm"; + }; + } + { + "Uptime Kuma" = { + href = "https://uptime.tbmrs.nl"; + description = "Uptime and status"; + icon = "uptime-kuma"; + server = "podman"; + container = "uptime-kuma"; + }; + } + { + "Beszel" = { + href = "https://monitor.local.tbmrs.nl"; + description = "Server monitoring"; + icon = "beszel"; + server = "podman"; + container = "beszel"; + }; + } ]; } ]; diff --git a/modules/home/containers/karakeep.nix b/modules/home/containers/karakeep.nix new file mode 100644 index 0000000..9d66881 --- /dev/null +++ b/modules/home/containers/karakeep.nix @@ -0,0 +1,82 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.settings.containers.karakeep; +in { + options = { + settings.containers.karakeep.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable karakeep container + ''; + }; + }; + + config = mkIf cfg.enable { + services.podman.containers.karakeep = { + image = "ghcr.io/karakeep-app/karakeep:release"; + network = "proxy"; + volumes = [ + "%h/containers/karakeep/data:/data" + ]; + environment = { + MEILI_ADDR = "http://karakeep-meilisearch:7700"; + BROWSER_WEB_URL = "http://karakeep-chrome:9222"; + DATA_DIR = "/data"; + }; + environmentFile = [ + "${config.sops.templates."container-karakeep.env".path}" + ]; + extraConfig = { + Unit = { + After = [ + "podman-karakeep-chrome.service" + "podman-karakeep-meilisearch.service" + ]; + Requires = [ + "podman-karakeep-chrome.service" + "podman-karakeep-meilisearch.service" + ]; + }; + }; + }; + + services.podman.containers.karakeep-chrome = { + image = "gcr.io/zenika-hub/alpine-chrome:123"; + network = "proxy"; + exec = "--no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222 --hide-scrollbars"; + }; + + services.podman.containers.karakeep-meilisearch = { + image = "getmeili/meilisearch:v1.13.3"; + network = "proxy"; + environment = { + MEILI_NO_ANALYTICS = "true"; + }; + volumes = [ + "%h/containers/karakeep/meilisearch:/meili_data" + ]; + }; + + settings.services.sops.enable = true; + + sops.secrets = { + "containers/karakeep/nextauth-secret" = { }; + "containers/karakeep/meili-key" = { }; + }; + + sops.templates = { + "container-karakeep.env" = { + content = '' + KARAKEEP_VERSION=release + NEXTAUTH_SECRET=${config.sops.placeholder."containers/karakeep/nextauth-secret"} + MEILI_MASTER_KEY=${config.sops.placeholder."containers/karakeep/meili-key"} + NEXTAUTH_URL=https://karakeep.local.tbmrs.nl + ''; + }; + }; + }; +} diff --git a/modules/home/containers/vikunja.nix b/modules/home/containers/vikunja.nix new file mode 100644 index 0000000..ac17cbc --- /dev/null +++ b/modules/home/containers/vikunja.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.settings.containers.vikunja; +in { + options = { + settings.containers.vikunja.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable vikunja container + ''; + }; + }; + + config = mkIf cfg.enable { + services.podman.containers.vikunja = { + image = "vikunja/vikunja"; + network = "proxy"; + userNS = "keep-id"; + volumes = [ + "%h/containers/vikunja/files:/app/vikunja/files" + "%h/containers/vikunja/db:/db" + ]; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index 3d14754..b7a03b2 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -40,5 +40,7 @@ ./containers/beszel.nix ./containers/storage.nix ./containers/homeassistant.nix + ./containers/karakeep.nix + ./containers/vikunja.nix ]; } diff --git a/secrets/deploy.yaml b/secrets/deploy.yaml index fc70749..657c330 100644 --- a/secrets/deploy.yaml +++ b/secrets/deploy.yaml @@ -4,6 +4,9 @@ containers: oidc-secret: ENC[AES256_GCM,data:jO5fvIK/1XnFweqKvedPMED0xvsqErjDP+eT7wAwXFuREbS6KakwY7pUzi20wdI0,iv:SnnmXiZoawpZV83483esQ1TIaFTACiIUcA6hcoXsw0I=,tag:cC/ftyj8jlK1re/rX4IiEw==,type:str] beszel: key: ENC[AES256_GCM,data:rRtx8Jx/aHOqeRa9dlyc42/62UwwqhkiLDLnZCM65rpW5nL5cQG2dS81YOMVPrE7Sa/cHlE3bvxqETaxMmsJGYukjmZph8skpF0qukCDe4Q=,iv:OS/+jF4MtwPdijXPpG2pgpJQTYyer9bms97B+kO8XhI=,tag:va7jCSGrXp2YKBlYzLI39g==,type:str] + karakeep: + nextauth-secret: ENC[AES256_GCM,data:ck8O7bZOcpxOB6dQRDchPBaFinVtzBphOvT2oQcdTcnRj0PFCMF7mKcEbRFvk6hi,iv:98su3bR8jMLr1jF5XBiNePMZ7qz4pMDQ6B4i8rMxIQQ=,tag:cfqzRVf9NDhsb1cvG8Tq+w==,type:str] + meili-key: ENC[AES256_GCM,data:YrIlR+f94wcTlWqfYdqUWOZGp8QaPtLQeXi+ok54bXnuKvv1qjkuAbKuClyi4MS9,iv:OjAmWJWmGtIsSeIFWNlqT8hv8H8LLz+WQtvlvyu9Lx0=,tag:8jI5LBhMG3hhji7+dE6shg==,type:str] paperless-ngx: db-password: ENC[AES256_GCM,data:H21HVshmFuWJ5qNIrjm0VMGHEsT7cCvScgamU+CAaNZ6j5ux/r4xiF9zP7Qh40sKTOvyoWGTcHGPHE5ClpGuQA==,iv:tDIRfThBOfHr+gGRqywlHAk/x4MkhHRFsJEp5nnlGPA=,tag:XbYKD90l3u93Ur4VOqOn6w==,type:str] secret: ENC[AES256_GCM,data:+1hriBiSbt+zUjEkBTEM90PFNlxfNwRAmz8wHyeyOnq6ThI+PtlDu83sunBFL2FUYJX0N4h3R4FvJBUkrPr0NQ==,iv:zzhFaoLnskspp1S291KABLZITgcof63cjShnsZrlAmw=,tag:+aafTLgZVBWeclQLQvVlQg==,type:str] @@ -23,8 +26,8 @@ sops: bGpsMnpoQWlxbmlobVdVSjU2ZWp1dGMKql+6ZqtuixZ9TJgJMaTOFsB0gsLLvuqE ZQikUHunrP8d5n/TvzL4VyIF2Oqy+cjTnjX/9fcqsjB6w3oY4qDXkg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-30T13:11:24Z" - mac: ENC[AES256_GCM,data:JA1T9q0otjshJWyb8fingvD0CmYyTKdhvNMI3RVoZaMEAwBV4AwMCftG9zWMOgof4NcG4EhdOI7KG7qhctpo25K9j5IhaY8GA/p7BStBopuowTTUZecWHxXy4OFEtuW1PXBGrkgfkupV+RZfeisoa1gGFhQ2tW+fOqtoTFFCLHA=,iv:CM5zgvA2krzLHGiVeiSTVzcswwk9+QJmNCr+3hqw+To=,tag:H0x1UasoXNb38+Cq0CP0YA==,type:str] + lastmodified: "2025-05-06T15:45:07Z" + mac: ENC[AES256_GCM,data:1B0X0XIdI+fVeuusfyrcXR8HPhcWM5pjkJG7UoAgIBfGxROHzZm8KTvW/LGxZ9JKHBUjnt4YVr7ZECGTNFEyH/xo0N8aJ66BqT0TxfKHydWVA5odS0dCPXs/8yDNItGaVjJyNpdn0NpRHCCDCGHjo16XILSVoOxbs6BIQ5wVvEE=,iv:h5x99Svyod4iSBdmRDcy9VelYzEV9ArKQVeNuMmEMGQ=,tag:PTLqyRFa45NyR5mDKxBgmg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4