Add dockhand module

2026-02-08 12:25:30 +01:00 · 2026-02-08 12:25:30 +01:00 · e890501a0a
commit e890501a0a
parent 074a553351
2 changed files with 48 additions and 6 deletions
--- a/hosts/srv01.hf/secrets.nix
+++ b/hosts/srv01.hf/secrets.nix
@ -5,11 +5,7 @@
    teleport-join_token.file = "${inputs.secrets}/secrets/srv01-hf/teleport_auth_token";
    portainer-join_token.file = "${inputs.secrets}/secrets/srv01-hf/portainer_join_token";
    netcup-dns.file = "${inputs.secrets}/secrets/dns-management/netcup";
-    traefik-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/traefik-oidc-auth";
-    immich-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/immich-oidc-auth";
-    arcane-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/arcane-oidc-auth";
-    arcane-secrets.file = "${inputs.secrets}/secrets/srv01-hf/arcane-secrets";
-    firefly-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/firefly-oidc-auth";
-    step-ca-crt.file = "${inputs.secrets}/secrets/step-ca/step-ca-crt";
+    pangolin.file = "${inputs.secrets}/secrets/srv01-hf/pangolin";
+    newt.file = "${inputs.secrets}/secrets/srv01-hf/newt";
  };
 }
--- a/modules/dockhand.nix
+++ b/modules/dockhand.nix
@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.services.dockhand;
+in {
+  options.services.dockhand = {
+    enable = lib.mkEnableOption "dockhand, a powerful, intuitive Docker platform";
+    appUrl = lib.mkOption {
+      description = "External URL dockhand will be reachable from, without protocol";
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.oci-containers.containers = {
+      dockhand = {
+        image = "fnsys/dockhand:v1.0.12";
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ];
+        environment = {
+          PUID = "1000";
+          PGID = "1000";
+        };
+        networks = [
+          "pangolin"
+        ];
+        labels = {
+          "pangolin.public-resources.dockhand.name" = "dockhand";
+          "pangolin.public-resources.dockhand.full-domain" = cfg.appUrl;
+          "pangolin.public-resources.dockhand.protocol" = "http";
+          "pangolin.public-resources.dockhand.auth.sso-enabled" = "true";
+          "pangolin.public-resources.dockhand.auth.auto-login-idp" = "1";
+          "pangolin.public-resources.dockhand.targets[0].method" = "http";
+        };
+        extraOptions = [
+          ''--mount=type=volume,source=dockhand-data,target=/app/data,volume-driver=local''
+          ''--group-add=131'' # docker group
+        ];
+      };
+    };
+  };
+}