christoph/flake-nixinator
1
Fork 0
Code Activity

Compare commits

base: christoph:5ea0d6e9e37dce5b61335369b2fb0f753d7e7486
Branches Tags
christoph:master
..
compare: christoph:3dcb7912e54a393f040e495d9925f081772ef76b
Branches Tags
christoph:master

2 Commits
5ea0d6e9e3 ... 3dcb7912e5

Author SHA1 Message Date
Christoph Urlacher
3dcb7912e5 Modules/Agenix: Add dockerhub credentials 2025-07-09 13:59:10 +02:00
Christoph Urlacher
04b437d2b9 Services: Add dockerhub credentials 2025-07-09 13:58:47 +02:00
20 changed files with 255 additions and 30 deletions
Expand all files Collapse all files

2
home/christoph/default.nix
View File

@ -312,7 +312,7 @@
# If this user defined any secrets... # If this user defined any secrets...
(builtins.hasAttr "${username}" nixosConfig.modules.agenix.secrets) (builtins.hasAttr "${username}" nixosConfig.modules.agenix.secrets)
# ...we will add them to the current secrets.nix, # ...we will add them to the current secrets.nix,
# s.t. agenix can be used to encrypt the secret. # s.t. agenix can be used to encrypt/access them.
(builtins.concatStringsSep "\n" (builtins.concatStringsSep "\n"
(builtins.map (builtins.map
(mkSecret publicKeys.${username}.ssh) (mkSecret publicKeys.${username}.ssh)

4
system/default.nix
View File

@ -25,6 +25,10 @@ with mylib.networking; {
]; ];
modules = { modules = {
agenix.secrets.${username} = [
"dockerhub-password"
];
bootloader = { bootloader = {
enable = true; enable = true;

5
system/modules/agenix/dockerhub-password.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 PW+5DQ z6Fm40D2nCJvvFsQdj9V4zcvVBpjFAvLZh17cEtLEx8
hIyc+AUuEiIv6TobnNawdyEswAAQ4kQeh5n0yaVT/mY
--- Yhxh9hnsPfHYcmmrpQm5Up0VzRh2ndoF3R3W+7ojW58
b<><1D><><14>?<02><><EFBFBD> ̙Wc<57><63><EFBFBD><EFBFBD><EFBFBD><EFBFBD>R<EFBFBD><52><<3C>@<40>y<EFBFBD><79><EFBFBD><EFBFBD>1z%<25>4EWu<57>7 <09><<3C><><EFBFBD>'<27><>Cg9!<21>`cv

2
system/modules/agenix/options.nix
View File

@ -5,7 +5,7 @@
}: { }: {
secrets = lib.mkOption { secrets = lib.mkOption {
type = lib.types.attrs; type = lib.types.attrs;
description = "The secret files managed by agenix (and their associated keys)"; description = "The secret files managed by agenix (encrypted by SSH key)";
example = '' example = ''
{ {
christoph = [ christoph = [

9
system/services/0_TEMPLATE.nix
View File

@ -8,6 +8,15 @@
image = "TEMPLATE"; image = "TEMPLATE";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = []; ports = [];

9
system/services/adguard.nix
View File

@ -8,6 +8,15 @@
image = "adguard/adguardhome"; image = "adguard/adguardhome";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = [ ports = [

9
system/services/authelia.nix
View File

@ -8,6 +8,15 @@
image = "authelia/authelia:latest"; image = "authelia/authelia:latest";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = [ dependsOn = [
# "pihole" # "pihole"
]; ];

9
system/services/formula10.nix
View File

@ -8,6 +8,15 @@
image = "gitea.vps.chriphost.de/christoph/formula10:latest"; image = "gitea.vps.chriphost.de/christoph/formula10:latest";
autoStart = true; autoStart = true;
# login = {
# # Uses DockerHub by default
# # registry = "";
#
# # DockerHub Credentials
# username = "christoph.urlacher@protonmail.com";
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
# };
dependsOn = []; dependsOn = [];
ports = [ ports = [

22
system/services/formula11.nix
View File

@ -8,6 +8,15 @@
image = "gitea.vps.chriphost.de/christoph/pocketbase:0.25.0"; image = "gitea.vps.chriphost.de/christoph/pocketbase:0.25.0";
autoStart = true; autoStart = true;
# login = {
# # Uses DockerHub by default
# # registry = "";
#
# # DockerHub Credentials
# username = "christoph.urlacher@protonmail.com";
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
# };
dependsOn = [ dependsOn = [
# "pihole" # "pihole"
]; ];
@ -32,6 +41,15 @@
image = "gitea.vps.chriphost.de/christoph/formula11:latest"; image = "gitea.vps.chriphost.de/christoph/formula11:latest";
autoStart = true; autoStart = true;
# login = {
# # Uses DockerHub by default
# # registry = "";
#
# # DockerHub Credentials
# username = "christoph.urlacher@protonmail.com";
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
# };
dependsOn = [ dependsOn = [
"formula11_pocketbase" "formula11_pocketbase"
]; ];
@ -51,10 +69,10 @@
# PB_PROTOCOL="https"; # PB_PROTOCOL="https";
# PB_URL="f11pb.vps.chriphost.de"; # PB_URL="f11pb.vps.chriphost.de";
PUBLIC_PBURL="https://f11pb.vps.chriphost.de"; PUBLIC_PBURL = "https://f11pb.vps.chriphost.de";
# Required by SvelteKit to prevent cross-site POST errors # Required by SvelteKit to prevent cross-site POST errors
ORIGIN="https://f11.vps.chriphost.de"; ORIGIN = "https://f11.vps.chriphost.de";
}; };
extraOptions = [ extraOptions = [

9
system/services/gitea-runner.nix
View File

@ -8,6 +8,15 @@
image = "gitea/act_runner:latest"; # NOTE: vegardit has other runner images image = "gitea/act_runner:latest"; # NOTE: vegardit has other runner images
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = []; ports = [];

18
system/services/gitea.nix
View File

@ -23,6 +23,15 @@
image = "postgres:14"; image = "postgres:14";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = []; ports = [];
@ -46,6 +55,15 @@
image = "gitea/gitea:latest"; image = "gitea/gitea:latest";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = [ dependsOn = [
"gitea-db" "gitea-db"
]; ];

9
system/services/heidi.nix
View File

@ -8,6 +8,15 @@
image = "gitea.vps.chriphost.de/christoph/discord-heidi:latest"; image = "gitea.vps.chriphost.de/christoph/discord-heidi:latest";
autoStart = true; autoStart = true;
# login = {
# # Uses DockerHub by default
# # registry = "";
#
# # DockerHub Credentials
# username = "christoph.urlacher@protonmail.com";
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
# };
dependsOn = []; dependsOn = [];
ports = []; ports = [];

27
system/services/immich.nix
View File

@ -8,6 +8,15 @@
image = "ghcr.io/immich-app/postgres:15-vectorchord0.3.0-pgvectors0.2.0"; image = "ghcr.io/immich-app/postgres:15-vectorchord0.3.0-pgvectors0.2.0";
autoStart = true; autoStart = true;
# login = {
# # Uses DockerHub by default
# # registry = "";
#
# # DockerHub Credentials
# username = "christoph.urlacher@protonmail.com";
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
# };
dependsOn = []; dependsOn = [];
ports = [ ports = [
@ -33,6 +42,15 @@
image = "redis"; image = "redis";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = [ ports = [
@ -52,6 +70,15 @@
image = "ghcr.io/imagegenius/immich:latest"; image = "ghcr.io/imagegenius/immich:latest";
autoStart = true; autoStart = true;
# login = {
# # Uses DockerHub by default
# # registry = "";
#
# # DockerHub Credentials
# username = "christoph.urlacher@protonmail.com";
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
# };
dependsOn = [ dependsOn = [
"immich-database" "immich-database"
"immich-redis" "immich-redis"

9
system/services/jellyfin.nix
View File

@ -8,6 +8,15 @@
image = "linuxserver/jellyfin:latest"; image = "linuxserver/jellyfin:latest";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = [ dependsOn = [
# "pihole" # "pihole"
]; ];

9
system/services/kopia.nix
View File

@ -8,6 +8,15 @@
image = "kopia/kopia:latest"; image = "kopia/kopia:latest";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = [ ports = [

71
system/services/nextcloud.nix
View File

@ -4,10 +4,41 @@
pkgs, pkgs,
... ...
}: { }: {
systemd.services.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
serviceConfig = {
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data nextcloud /usr/local/bin/php -f /var/www/html/cron.php";
};
};
systemd.timers.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Unit = "nextcloud-cron.service";
};
wantedBy = ["timers.target"];
};
virtualisation.oci-containers.containers.nextcloud-db = { virtualisation.oci-containers.containers.nextcloud-db = {
image = "postgres:alpine"; image = "postgres:alpine";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = [ ports = [
@ -33,6 +64,15 @@
image = "redis:alpine"; image = "redis:alpine";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = [ ports = [
@ -54,6 +94,15 @@
image = "nextcloud:apache"; image = "nextcloud:apache";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = [ dependsOn = [
"nextcloud-db" "nextcloud-db"
"nextcloud-memcache" "nextcloud-memcache"
@ -101,26 +150,4 @@
"--net=behind-nginx" "--net=behind-nginx"
]; ];
}; };
systemd.services.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
serviceConfig = {
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data nextcloud /usr/local/bin/php -f /var/www/html/cron.php";
};
};
systemd.timers.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Unit = "nextcloud-cron.service";
};
wantedBy = ["timers.target"];
};
} }

9
system/services/nginx-proxy-manager.nix
View File

@ -8,6 +8,15 @@
image = "jc21/nginx-proxy-manager:latest"; image = "jc21/nginx-proxy-manager:latest";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = [ dependsOn = [
# "pihole" # "pihole"
]; ];

31
system/services/paperless.nix
View File

@ -5,9 +5,18 @@
... ...
}: { }: {
virtualisation.oci-containers.containers.paperless-redis = { virtualisation.oci-containers.containers.paperless-redis = {
image = "docker.io/library/redis:7"; image = "redis:7";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = []; ports = [];
@ -24,9 +33,18 @@
}; };
virtualisation.oci-containers.containers.paperless-postgres = { virtualisation.oci-containers.containers.paperless-postgres = {
image = "docker.io/library/postgres:15"; image = "postgres:15";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = []; ports = [];
@ -50,6 +68,15 @@
image = "ghcr.io/paperless-ngx/paperless-ngx:latest"; image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
autoStart = true; autoStart = true;
# login = {
# # Uses DockerHub by default
# # registry = "";
#
# # DockerHub Credentials
# username = "christoph.urlacher@protonmail.com";
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
# };
dependsOn = [ dependsOn = [
"paperless-redis" "paperless-redis"
"paperless-postgres" "paperless-postgres"

9
system/services/portainer.nix
View File

@ -32,6 +32,15 @@
image = "portainer/agent:latest"; image = "portainer/agent:latest";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = []; dependsOn = [];
ports = [ ports = [

9
system/services/whats-up-docker.nix
View File

@ -8,6 +8,15 @@
image = "getwud/wud:latest"; image = "getwud/wud:latest";
autoStart = true; autoStart = true;
login = {
# Uses DockerHub by default
# registry = "";
# DockerHub Credentials
username = "christoph.urlacher@protonmail.com";
passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
};
dependsOn = [ dependsOn = [
# "pihole" # "pihole"
]; ];