JuliusFreudenberger/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add dockhand module

Browse source
This commit is contained in:
JuliusFreudenberger 2026-02-08 12:25:30 +01:00
parent 074a553351
commit e890501a0a
2 changed files with 48 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/srv01.hf/secrets.nix
View file

@ -5,11 +5,7 @@
teleport-join_token.file = "${inputs.secrets}/secrets/srv01-hf/teleport_auth_token"; teleport-join_token.file = "${inputs.secrets}/secrets/srv01-hf/teleport_auth_token";
portainer-join_token.file = "${inputs.secrets}/secrets/srv01-hf/portainer_join_token"; portainer-join_token.file = "${inputs.secrets}/secrets/srv01-hf/portainer_join_token";
netcup-dns.file = "${inputs.secrets}/secrets/dns-management/netcup"; netcup-dns.file = "${inputs.secrets}/secrets/dns-management/netcup";
traefik-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/traefik-oidc-auth"; pangolin.file = "${inputs.secrets}/secrets/srv01-hf/pangolin";
immich-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/immich-oidc-auth"; newt.file = "${inputs.secrets}/secrets/srv01-hf/newt";
arcane-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/arcane-oidc-auth";
arcane-secrets.file = "${inputs.secrets}/secrets/srv01-hf/arcane-secrets";
firefly-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/firefly-oidc-auth";
step-ca-crt.file = "${inputs.secrets}/secrets/step-ca/step-ca-crt";
}; };
} }

46
modules/dockhand.nix Normal file
View file

@ -0,0 +1,46 @@
{
config,
lib,
...
}:
let
cfg = config.services.dockhand;
in {
options.services.dockhand = {
enable = lib.mkEnableOption "dockhand, a powerful, intuitive Docker platform";
appUrl = lib.mkOption {
description = "External URL dockhand will be reachable from, without protocol";
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
virtualisation.oci-containers.containers = {
dockhand = {
image = "fnsys/dockhand:v1.0.12";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
PUID = "1000";
PGID = "1000";
};
networks = [
"pangolin"
];
labels = {
"pangolin.public-resources.dockhand.name" = "dockhand";
"pangolin.public-resources.dockhand.full-domain" = cfg.appUrl;
"pangolin.public-resources.dockhand.protocol" = "http";
"pangolin.public-resources.dockhand.auth.sso-enabled" = "true";
"pangolin.public-resources.dockhand.auth.auto-login-idp" = "1";
"pangolin.public-resources.dockhand.targets[0].method" = "http";
};
extraOptions = [
''--mount=type=volume,source=dockhand-data,target=/app/data,volume-driver=local''
''--group-add=131'' # docker group
];
};
};
};
}