christoph/flake-homelab
1
Fork 0
Code Activity

Hide many services inside docker network without exposing ports

Browse Source
This commit is contained in:
Christoph Urlacher
2023-09-12 16:00:39 +02:00
parent f56055b400
commit e5040ba53d
15 changed files with 91 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ServeNix/services/TEMPLATE.nix
View File

@ -9,7 +9,7 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = []; ports = [];
@ -26,6 +26,7 @@
extraOptions = [ extraOptions = [
# "--gpus=all" # "--gpus=all"
"--network=behind-nginx"
]; ];
}; };
} }

9
ServeNix/services/fileflows.nix
View File

@ -9,20 +9,22 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
"5000:5000" # "5000:5000"
]; ];
volumes = [ volumes = [
"/media/Video:/media/Video" "/media/Video:/media/Video"
"/media/Movie:/media/Movie" "/media/Movie:/media/Movie"
"/media/Show:/media/Show" "/media/Show:/media/Show"
"fileflows_temp:/temp" "fileflows_temp:/temp"
"fileflows_config:/app/Data"
"fileflows_logs:/app/Logs" "fileflows_logs:/app/Logs"
"fileflows_config:/app/Data"
"/var/run/docker.sock:/var/run/docker.sock:ro" "/var/run/docker.sock:/var/run/docker.sock:ro"
]; ];
@ -34,6 +36,7 @@
extraOptions = [ extraOptions = [
"--gpus=all" "--gpus=all"
"--net=behind-nginx"
]; ];
}; };
} }

9
ServeNix/services/homepage.nix
View File

@ -9,20 +9,23 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
"3000:3000" # "3000:3000"
]; ];
volumes = [ volumes = [
"homepage_config:/app/config" "homepage_config:/app/config"
"/var/run/docker.sock:/var/run/docker.sock:ro" "/var/run/docker.sock:/var/run/docker.sock:ro"
]; ];
environment = {}; environment = {};
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

10
ServeNix/services/hydra.nix
View File

@ -9,12 +9,12 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
"sabnzbd" # "sabnzbd"
]; ];
ports = [ ports = [
"5076:5076" # "5076:5076"
]; ];
volumes = [ volumes = [
@ -27,6 +27,8 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

10
ServeNix/services/jellyfin.nix
View File

@ -9,7 +9,7 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
@ -20,6 +20,7 @@
"/media/Music:/data/music" "/media/Music:/data/music"
"/media/Show:/data/tvshows" "/media/Show:/data/tvshows"
"/media/Movie:/data/movies" "/media/Movie:/data/movies"
"jellyfin_config:/config" "jellyfin_config:/config"
]; ];
@ -27,12 +28,13 @@
PUID = "3000"; PUID = "3000";
PGID = "3000"; PGID = "3000";
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
# NVIDIA_VISIBLE_DEVICES = "all"; NVIDIA_VISIBLE_DEVICES = "all";
# NVIDIA_DRIVER_CAPABILITIES = "all"; NVIDIA_DRIVER_CAPABILITIES = "all";
}; };
extraOptions = [ extraOptions = [
# "--gpus=all" "--gpus=all"
"--net=behind-nginx"
]; ];
}; };
} }

12
ServeNix/services/jellyseerr.nix
View File

@ -9,10 +9,10 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
"sonarr" # "sonarr"
"radarr" # "radarr"
"jellyfin" # "jellyfin"
]; ];
ports = [ ports = [
@ -27,6 +27,8 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

8
ServeNix/services/nextcloud.nix
View File

@ -9,11 +9,11 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
"443:443" # "443:443"
]; ];
volumes = [ volumes = [
@ -27,6 +27,8 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

12
ServeNix/services/pihole.nix
View File

@ -11,11 +11,10 @@
dependsOn = []; dependsOn = [];
ports = [ ports = [
# Not required with --net=host "53:53/tcp"
# "53:53/tcp" "53:53/udp"
# "53:53/udp"
# "67:67/udp" # Only for DHCP server # "67:67/udp" # Only for DHCP server
# "80:80/tcp" # "3080:80/tcp" # Webinterface
]; ];
volumes = [ volumes = [
@ -30,8 +29,9 @@
}; };
extraOptions = [ extraOptions = [
"--cap-add=NET_ADMIN" # Only for DHCP server # "--cap-add=NET_ADMIN" # Only for DHCP server
"--net=host" # For DHCP broadcast # "--net=host" # For DHCP broadcast
"--net=behind-nginx"
]; ];
}; };
} }

11
ServeNix/services/portainer.nix
View File

@ -11,17 +11,20 @@
dependsOn = []; dependsOn = [];
ports = [ ports = [
"8000:8000" # "8000:8000"
"9443:9443" # "9443:9443"
]; ];
volumes = [ volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"portainer_config:/data" "portainer_config:/data"
"/var/run/docker.sock:/var/run/docker.sock"
]; ];
environment = {}; environment = {};
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

8
ServeNix/services/prowlarr.nix
View File

@ -9,11 +9,11 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
"9696:9696" # "9696:9696"
]; ];
volumes = [ volumes = [
@ -26,6 +26,8 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

13
ServeNix/services/radarr.nix
View File

@ -9,18 +9,19 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
"sabnzbd" # "sabnzbd"
"prowlarr" # "prowlarr"
]; ];
ports = [ ports = [
"7878:7878" # "7878:7878"
]; ];
volumes = [ volumes = [
"/media/Usenet:/downloads" "/media/Usenet:/downloads"
"/media/Movie:/movies" "/media/Movie:/movies"
"radarr_config:/config" "radarr_config:/config"
]; ];
@ -30,6 +31,8 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

9
ServeNix/services/sabnzbd.nix
View File

@ -9,15 +9,16 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
"8080:8080" # "8080:8080"
]; ];
volumes = [ volumes = [
"/media/Usenet:/downloads" "/media/Usenet:/downloads"
"sabnzbd_config:/config" "sabnzbd_config:/config"
]; ];
@ -27,6 +28,8 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

13
ServeNix/services/sonarr.nix
View File

@ -9,18 +9,19 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
"sabnzbd" # "sabnzbd"
"prowlarr" # "prowlarr"
]; ];
ports = [ ports = [
"8989:8989" # "8989:8989"
]; ];
volumes = [ volumes = [
"/media/Usenet:/downloads" "/media/Usenet:/downloads"
"/media/Show:/tv" "/media/Show:/tv"
"sonarr_config:/config" "sonarr_config:/config"
]; ];
@ -30,6 +31,8 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
extraOptions = []; extraOptions = [
"--net=behind-nginx"
];
}; };
} }

13
ServeNix/services/stash.nix
View File

@ -9,16 +9,17 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
"9999:9999" # "9999:9999"
]; ];
volumes = [ volumes = [
"/media/Picture:/data/picture" "/media/Picture:/data/picture"
"/media/Video:/data/video" "/media/Video:/data/video"
"stash_config:/root/.stash" "stash_config:/root/.stash"
"stash_metadata:/metadata" "stash_metadata:/metadata"
"stash_generated:/generated" "stash_generated:/generated"
@ -32,12 +33,14 @@
STASH_GENERATED = "/generated/"; STASH_GENERATED = "/generated/";
STASH_METADATA = "/metadata/"; STASH_METADATA = "/metadata/";
STASH_STASH = "/data/"; STASH_STASH = "/data/";
# NVIDIA_VISIBLE_DEVICES = "all";
# NVIDIA_DRIVER_CAPABILITIES = "all"; NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
}; };
extraOptions = [ extraOptions = [
# "--gpus=all" "--gpus=all"
"--net=behind-nginx"
]; ];
}; };
} }

8
ServeNix/services/whats-up-docker.nix
View File

@ -9,11 +9,11 @@
autoStart = true; autoStart = true;
dependsOn = [ dependsOn = [
"pihole" # "pihole"
]; ];
ports = [ ports = [
"3001:3000" # "3001:3000"
]; ];
volumes = [ volumes = [
@ -22,6 +22,8 @@
environment = {}; environment = {};
extraOptions = []; extraOptions = [
"--network=behind-nginx"
];
}; };
} }