diff --git a/modules/arcane.nix b/modules/arcane.nix deleted file mode 100644 index 160088f..0000000 --- a/modules/arcane.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.services.arcane; -in { - options.services.arcane = { - enable = lib.mkEnableOption "arcane, a modern Docker management UI"; - appUrl = lib.mkOption { - description = "External URL arcane will be reachable from, without protocol"; - type = lib.types.str; - }; - secretFile = lib.mkOption { - description = '' - Agenix secret containing the following needed environment variables in dotenv notation: - - ENCRYPTION_KEY - - JWT_SECRET - - OIDC_CLIENT_ID - - OIDC_CLIENT_SECRET - - OIDC_ISSUER_URL - - OIDC_ADMIN_CLAIM - - OIDC_ADMIN_VALUE - ''; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - arcane = { - image = "ghcr.io/getarcaneapp/arcane:v1.11.2"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - ]; - environment = { - APP_URL = "https://${cfg.appUrl}"; - PUID = "1000"; - PGID = "1000"; - LOG_LEVEL = "info"; - LOG_JSON = "false"; - OIDC_ENABLED = "true"; - OIDC_SCOPES = "openid email profile groups"; - DATABASE_URL = "file:data/arcane.db?_pragma=journal_mode(WAL)&_pragma=busy_timeout(2500)&_txlock=immediate"; - }; - environmentFiles = [ - cfg.secretFile.path - ]; - networks = [ - "traefik" - ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.arcane.middlewares" = "arcane-oidc-auth@file"; - "traefik.http.routers.arcane.rule" = "Host(`${cfg.appUrl}`)"; - "traefik.http.services.arcane.loadbalancer.server.port" = "3552"; - }; - extraOptions = [ - ''--mount=type=volume,source=arcane-data,target=/app/data,volume-driver=local'' - ]; - }; - }; - }; -} diff --git a/modules/newt.nix b/modules/newt.nix deleted file mode 100644 index 5f7a8f4..0000000 --- a/modules/newt.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - - cfg = config.services.newt-docker; - -in { - - options.services.newt-docker = { - enable = lib.mkEnableOption "Newt, user space tunnel client for Pangolin"; - pangolinEndpoint = lib.mkOption { - description = "External URL of the Pangolin instance"; - type = lib.types.str; - }; - connectionSecret = lib.mkOption { - description = "Secrets for Pangolin authentication."; - type = lib.types.anything; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - newt = { - image = "fosrl/newt:1.9.0"; - autoStart = true; - networks = [ - "pangolin" - ]; - environment = { - PANGOLIN_ENDPOINT = cfg.pangolinEndpoint; - DOCKER_SOCKET = "/var/run/docker.sock"; - }; - environmentFiles = [ cfg.connectionSecret.path ]; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock:ro" - ]; - extraOptions = [ - "--add-host=host.docker.internal:host-gateway" - ]; - }; - }; - - systemd.services."docker-newt" = { - after = [ - "docker-network-newt.service" - ]; - requires = [ - "docker-network-newt.service" - ]; - }; - - systemd.services."docker-network-newt" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - }; - script = '' - docker network inspect pangolin || docker network create pangolin --ipv4 --ipv6 --subnet=172.18.0.0/16 --gateway=172.18.0.1 - ''; - }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -p icmp --source 100.89.128.0/24 -j ACCEPT - iptables -A INPUT -p tcp --source 172.18.0.0/12 --dport 22 -j ACCEPT - ''; - - }; -} diff --git a/modules/pangolin.nix b/modules/pangolin.nix deleted file mode 100644 index 55e5fed..0000000 --- a/modules/pangolin.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - pkgs-unstable, - utils, - config, - lib, - ... -}: { - - services = { - pangolin = { - enable = true; - package = pkgs-unstable.fosrl-pangolin; - openFirewall = true; - settings = { - app = { - save_logs = true; - log_failed_attempts = true; - }; - domains = { - domain1 = { - prefer_wildcard_cert = true; - }; - }; - flags = { - disable_signup_without_invite = true; - disable_user_create_org = true; - }; - }; - }; - }; - - systemd.services.gerbil.serviceConfig.ExecStart = lib.mkForce (utils.escapeSystemdExecArgs [ - (lib.getExe pkgs-unstable.fosrl-gerbil) - "--reachableAt=http://localhost:${toString config.services.gerbil.port}" - "--generateAndSaveKeyTo=${toString config.services.pangolin.dataDir}/config/key" - "--remoteConfig=http://localhost:3001/api/v1/gerbil/get-config" - ]); - -} - -# Settings needed on the host -# -# services = { -# pangolin = { -# dnsProvider = ""; -# baseDomain = ""; -# letsEncryptEmail = ""; -# environmentFile = config.age.secrets."".path; -# }; -# traefik = { -# environmentFiles = [ config.age.secrets."".path ]; -# }; -# }; diff --git a/modules/portainer_agent.nix b/modules/portainer_agent.nix deleted file mode 100644 index 408834b..0000000 --- a/modules/portainer_agent.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - ... -}: { - virtualisation.oci-containers.containers = { - portainer_agent = { - image = "portainer/agent:2.33.2"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/docker/volumes:/var/lib/docker/volumes" - "/:/host" - ]; - environment = { - EDGE = "1"; - CAP_HOST_MANAGEMENT = "1"; - }; - extraOptions = [ - ''--mount=type=volume,source=portainer_agent,target=/data,volume-driver=local'' - ]; - }; - }; -}