From 516c6ab49353de45171724d011fa008cd08c808a Mon Sep 17 00:00:00 2001 From: Jacob Hinkle Date: Thu, 28 Mar 2024 13:14:58 -0400 Subject: [PATCH] Switch unifi and vaultwarden to docker images --- flake.lock | 39 +++++++++++----------- machines/cj/configuration.nix | 18 ++++++---- machines/cj/hardware-configuration-zfs.nix | 5 +++ machines/cj/nginx.nix | 6 ++-- machines/cj/unifi.nix | 19 +++++++++++ machines/cj/vaultwarden.nix | 18 ++++++++++ 6 files changed, 76 insertions(+), 29 deletions(-) create mode 100644 machines/cj/unifi.nix create mode 100644 machines/cj/vaultwarden.nix diff --git a/flake.lock b/flake.lock index ce4e9b2..ffac991 100644 --- a/flake.lock +++ b/flake.lock @@ -7,26 +7,27 @@ ] }, "locked": { - "lastModified": 1707607386, - "narHash": "sha256-hj/RgQMTvCWQVInkZwiMMieumkfOjHXhtWhfuXHop/8=", + "lastModified": 1699368917, + "narHash": "sha256-nUtGIWf86BOkUbtksWtfglvCZ/otP0FTZlQH8Rzc7PA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bfd0ae29a86eff4603098683b516c67e22184511", + "rev": "6a8444467c83c961e2f5ff64fb4f422e303c98d3", "type": "github" }, "original": { "owner": "nix-community", "repo": "home-manager", + "rev": "6a8444467c83c961e2f5ff64fb4f422e303c98d3", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1707211557, - "narHash": "sha256-LTKTzZ6fM5j8XWXf51IMBzDaOaJg9kYWLUZxoIhzRN8=", + "lastModified": 1711352745, + "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "6e5cc385fc8cf5ca6495d70243074ccdea9f64c7", + "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0", "type": "github" }, "original": { @@ -37,26 +38,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1707650133, - "narHash": "sha256-ESHjN3syUAZvuV9z6lToesNeMYiXCPKgsx4+jhxOuVA=", - "owner": "nixos", + "lastModified": 1701282334, + "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "9002908215ae609210c2168494b387ff5728220a", + "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", "type": "github" }, "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "ref": "23.11", + "type": "indirect" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1707603439, - "narHash": "sha256-LodBVZ3+ehJP2azM5oj+JrhfNAAzmTJ/OwAIOn0RfZ0=", + "lastModified": 1711233294, + "narHash": "sha256-eEu5y4J145BYDw9o/YEmeJyqh8blgnZwuz9k234zuWc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d8cd80616c8800feec0cab64331d7c3d5a1a6d98", + "rev": "ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68", "type": "github" }, "original": { @@ -82,11 +83,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1707620614, - "narHash": "sha256-gfAoB9dGzBu62NoAoM945aok7+6M+LFu+nvnGwAsTp4=", + "lastModified": 1711249319, + "narHash": "sha256-N+Pp3/8H+rd7cO71VNV/ovV/Kwt+XNeUHNhsmyTabdM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2eb7c4ba3aa75e2660fd217eb1ab64d5b793608e", + "rev": "405987a66cce9a4a82f321f11b205982a7127c88", "type": "github" }, "original": { diff --git a/machines/cj/configuration.nix b/machines/cj/configuration.nix index 29c42dd..f413970 100644 --- a/machines/cj/configuration.nix +++ b/machines/cj/configuration.nix @@ -123,12 +123,12 @@ security.rtkit.enable = true; # recommended for pipewire # enable acme for certbot - security.acme = { - acceptTerms = true; - defaults = { - email = "jacob.hinkle@gmail.com"; - }; - }; + #security.acme = { + #acceptTerms = true; + #defaults = { + #email = "jacob.hinkle@gmail.com"; + #}; + #}; virtualisation.oci-containers.containers = let ips = { @@ -144,6 +144,8 @@ in { home-assistant = import ./home-assistant.nix ips; pihole = import ./pihole.nix ips; + unifi = import ./unifi.nix ips; + vaultwarden = import ./vaultwarden.nix ips; }; # List services that you want to enable: @@ -186,7 +188,9 @@ timesyncd.enable = true; unifi = { - enable = true; + # This was causing a full build of mongodb on every nixos-rebuild. + # Instead, let's migrate to using the docker image + enable = false; openFirewall = true; unifiPackage = pkgs.unifiStable; }; diff --git a/machines/cj/hardware-configuration-zfs.nix b/machines/cj/hardware-configuration-zfs.nix index f2b9584..b592308 100644 --- a/machines/cj/hardware-configuration-zfs.nix +++ b/machines/cj/hardware-configuration-zfs.nix @@ -90,6 +90,11 @@ fsType = "zfs"; neededForBoot = true; }; + fileSystems."/serverdata/unifi" = + { device = "rpool/serverdata/unifi"; + fsType = "zfs"; + neededForBoot = true; + }; fileSystems."/serverdata/vaultwarden" = { device = "rpool/serverdata/vaultwarden"; fsType = "zfs"; diff --git a/machines/cj/nginx.nix b/machines/cj/nginx.nix index 203e31d..8d5298f 100644 --- a/machines/cj/nginx.nix +++ b/machines/cj/nginx.nix @@ -1,10 +1,10 @@ { - enable = true; + enable = false; recommendedProxySettings = true; virtualHosts = let simpleProxy = ip: { - forceSSL = true; - enableACME = true; + forceSSL = false; + enableACME = false; extraConfig = '' proxy_buffering off; ''; diff --git a/machines/cj/unifi.nix b/machines/cj/unifi.nix new file mode 100644 index 0000000..747ec90 --- /dev/null +++ b/machines/cj/unifi.nix @@ -0,0 +1,19 @@ +{ serverIP, serverIP6 } : { + image = "jacobalberty/unifi:v8.1"; + ports = [ + "8080:8080" + "8443:8443" + "3478:3478/udp" + ]; + environment = { + TZ = "America/New_York"; + }; + volumes = [ + "/serverdata/unifi:/unifi" + ]; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--network=host" + #"--no-hosts" # do not populate internal /etc/hosts with container host's + ]; +} diff --git a/machines/cj/vaultwarden.nix b/machines/cj/vaultwarden.nix new file mode 100644 index 0000000..01d299a --- /dev/null +++ b/machines/cj/vaultwarden.nix @@ -0,0 +1,18 @@ +{ serverIP, serverIP6 } : { + image = "vaultwarden/server:1.30.5"; + ports = [ + "8022:80" + ]; + environment = { + TZ = "America/New_York"; + }; + volumes = [ + "/serverdata/vaultwarden:/data" + ]; + extraOptions = [ + #"--cap-add=NET_ADMIN" + #"--network=host" + #"--no-hosts" # do not populate internal /etc/hosts with container host's + ]; +} +