From 1ef5a922ec08c78c5051fb4073025cbd2f01355a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= Date: Sun, 1 Feb 2026 17:26:24 +0100 Subject: [PATCH] Update systemd services. --- deploy.sh | 4 - templates/nix-config/configuration.nix | 3 +- templates/nix-config/misc/activation.nix | 76 ++++++++++++++++++- templates/nix-config/podman/frigate.nix | 3 +- templates/nix-config/podman/gitea.nix | 31 ++++++-- .../nix-config/podman/home-assistant.nix | 9 ++- templates/nix-config/podman/immich.nix | 31 ++++++-- templates/nix-config/podman/it-tools.nix | 33 ++++++-- templates/nix-config/podman/nextcloud.nix | 33 ++++++-- templates/nix-config/podman/passbolt.nix | 33 ++++++-- templates/nix-config/podman/pi-hole.nix | 38 +++++++--- templates/nix-config/podman/traefik.nix | 6 +- templates/nix-config/sops-nix/secrets.yaml | 1 + .../home-assistant/configuration.yaml | 17 ----- 14 files changed, 241 insertions(+), 77 deletions(-) delete mode 100644 templates/podman-config/home-assistant/configuration.yaml diff --git a/deploy.sh b/deploy.sh index d748ad6..dafa8e7 100644 --- a/deploy.sh +++ b/deploy.sh @@ -420,11 +420,7 @@ services_generation() { export HOME_ASSISTANT_MQTT_USER="$(xkcdpass -d "-" -n 2)" export HOME_ASSISTANT_MQTT_PASSWORD="$(xkcdpass -d "-")" mkdir -p final-nix-config/mnt/config/mqtt/ - mkdir -p final-nix-config/mnt/config/home-assistant/ - mkdir -p final-nix-config/mnt/config/frigate/ envsubst < templates/podman-config/home-assistant/mosquitto.conf > final-nix-config/mnt/config/mqtt/mosquitto.conf - envsubst < templates/podman-config/home-assistant/configuration.yaml > final-nix-config/mnt/config/home-assistant/configuration.yaml - envsubst < templates/podman-config/frigate/config.yaml > final-nix-config/mnt/config/frigate/config.yaml touch final-nix-config/mnt/config/mqtt/password.txt chmod 0700 final-nix-config/mnt/config/mqtt/password.txt mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD" diff --git a/templates/nix-config/configuration.nix b/templates/nix-config/configuration.nix index 8ed6242..f4cf75f 100644 --- a/templates/nix-config/configuration.nix +++ b/templates/nix-config/configuration.nix @@ -6,7 +6,6 @@ (modulesPath + "/profiles/qemu-guest.nix") inputs.sops-nix.nixosModules.sops ./disks/disko.nix - ./misc/activation.nix ./misc/mail.nix ./misc/networking.nix ./misc/smart.nix @@ -27,9 +26,9 @@ sops.defaultSopsFile = ./secrets/secrets.yaml; sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ]; sops.age.keyFile = "/var/lib/sops-nix/key.txt"; - sops.age.generateKey = true; sops.secrets."ssh_public_keys" = { owner = "numbus-admin"; path = "/etc/ssh/authorized_keys.d/numbus-admin"; }; sops.secrets."sender_email_address_password" = {}; + sops.secrets."domain_name" = {}; sops.secrets."podman/frigate" = { owner = "numbus-admin"; path = "/etc/podman/frigate/.env"; }; sops.secrets."podman/gitea" = { owner = "numbus-admin"; path = "/etc/podman/gitea/.env"; }; sops.secrets."podman/home_assistant" = { owner = "numbus-admin"; path = "/etc/podman/home-assistant/.env"; }; diff --git a/templates/nix-config/misc/activation.nix b/templates/nix-config/misc/activation.nix index 07623f4..7607af5 100644 --- a/templates/nix-config/misc/activation.nix +++ b/templates/nix-config/misc/activation.nix @@ -23,8 +23,6 @@ chown -R numbus-admin:users /mnt/data/ chown -R 100032:users /mnt/data/nextcloud/ chown -R numbus-admin:users /home/numbus-admin/.numbus-server/ - chown -R numbus-admin:users /mnt/config/frigate/config.yaml - chmod 644 /mnt/config/frigate/config.yaml touch /home/numbus-admin/.numbus-server/chowned.true ''; @@ -52,4 +50,78 @@ PODMAN_NETWORKS touch /home/numbus-admin/.numbus-server/networked.true ''; }; + + systemd.services.numbus-quirks = { + description = "Numbus-Server services : Apply quirks"; + wantedBy = [ "multi-user.target" ]; + after = [ + "network.target" + "local-fs.target" + "numbus-activation-chowned.service" + "numbus-activation-networked.service" + "pi-hole.service" + "home-assistant.service" + ]; + path = [ pkgs.curl pkgs.coreutils pkgs.systemd ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + #!/usr/bin/env bash + + if [[ -e /home/numbus-admin/.numbus-server/quirked.true ]]; then + exit 0 + fi + + DOMAIN_NAME="$(cat /run/secrets/domain_name)" + + if [[ ! -e /etc/nixos/podman/pi-hole.nix ]]; then + until curl -s "https://pi-hole.$DOMAIN_NAME/admin/login" | grep -q "Pi-hole"; do + echo "Waiting for Pi-hole to be ready..." + sleep 15 + done + systemctl restart pi-hole.service + echo "Pi-Hole quirk applied and service ready !" + fi + + if [[ ! -e /etc/nixos/podman/home-assistant.nix ]]; then + until [[ -e /mnt/config/home-assistant/configuration.yaml ]]; do + echo "Waiting for Home Assistant to be ready..." + sleep 15 + done + sleep 180 + systemctl stop frigate.service + cat << 'EOF' >> /mnt/config/home-assistant/configuration.yaml + +http: + use_x_forwarded_for: true + trusted_proxies: 172.16.20.253 + +zha: +EOF + systemctl start home-assistant.service + echo "Home Assistant quirk applied and service ready !" + fi + + if [[ ! -e /etc/nixos/podman/frigate.nix ]]; then + until [[ -e /mnt/config/frigate/config.yaml ]]; do + echo "Waiting for Frigate to be ready..." + sleep 15 + done + sleep 180 + systemctl stop frigate.service + cat << 'EOF' >> /mnt/config/frigate/config.yaml + +tls: + enabled: false +EOF + systemctl start frigate.service + echo "Frigate quirk applied and service ready !" + fi + + mkdir -p /home/numbus-admin/.numbus-server/ + touch /home/numbus-admin/.numbus-server/quirked.true + ''; + }; } \ No newline at end of file diff --git a/templates/nix-config/podman/frigate.nix b/templates/nix-config/podman/frigate.nix index 0d8d535..af1faec 100644 --- a/templates/nix-config/podman/frigate.nix +++ b/templates/nix-config/podman/frigate.nix @@ -64,8 +64,9 @@ in User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; + TimeoutStartSec = "600"; ExecStartPre = [ - "${pkgs.coreutils}/bin/sleep 180" + "${pkgs.bash}/bin/bash -c 'sleep $((RANDOM % 180))'" "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" ]; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; diff --git a/templates/nix-config/podman/gitea.nix b/templates/nix-config/podman/gitea.nix index e9d434e..5e3014f 100644 --- a/templates/nix-config/podman/gitea.nix +++ b/templates/nix-config/podman/gitea.nix @@ -35,6 +35,7 @@ in - GITEA__server__ROOT_URL=gitea.$DOMAIN_NAME labels: - traefik.enable=true + - traefik.docker.network=gitea_frontend - traefik.http.services.gitea.loadbalancer.server.port=3000 - traefik.http.services.gitea.loadbalancer.server.scheme=http - traefik.http.routers.gitea-https.entrypoints=websecure @@ -65,27 +66,45 @@ in external: true ''; - systemd.services.${container_name} = { + systemd.services."${container_name}" = { description = "Podman container : ${container_name}"; after = [ "network.target" ]; requires = [ "traefik.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; - # Pull the latest image before running - ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; - # Bring the service up + TimeoutStartSec = "900"; + ExecStartPre = [ + "${pkgs.bash}/bin/bash -c 'sleep $((RANDOM % 400))'" + "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" + ]; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; - # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; StartLimitBurst = "3"; }; }; + + systemd.services."update-${container_name}" = { + description = "Update ${container_name} container"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service"; + }; + }; + + systemd.timers."update-${container_name}" = { + timerConfig = { + OnCalendar = "02:00"; + RandomizedDelaySec = "60m"; + Unit = "update-${container_name}.service"; + }; + wantedBy = [ "timers.target" ]; + }; }; } \ No newline at end of file diff --git a/templates/nix-config/podman/home-assistant.nix b/templates/nix-config/podman/home-assistant.nix index 487b11b..70f9977 100644 --- a/templates/nix-config/podman/home-assistant.nix +++ b/templates/nix-config/podman/home-assistant.nix @@ -28,6 +28,7 @@ in # --- home-assistant devices --- # labels: - traefik.enable=true + - traefik.docker.network=home-assistant_frontend - traefik.http.services.home-assistant.loadbalancer.server.port=8123 - traefik.http.services.home-assistant.loadbalancer.server.scheme=http - traefik.http.routers.home-assistant-https.entrypoints=websecure @@ -57,14 +58,18 @@ in after = [ "network.target" ]; requires = [ "traefik.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; + TimeoutStartSec = "600"; # Pull the latest image before running - ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; + ExecStartPre = [ + "${pkgs.coreutils}/bin/sleep 180" + "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" + ]; # Bring the service up ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; # Take it down gracefully diff --git a/templates/nix-config/podman/immich.nix b/templates/nix-config/podman/immich.nix index 55f01b6..44827e7 100644 --- a/templates/nix-config/podman/immich.nix +++ b/templates/nix-config/podman/immich.nix @@ -27,6 +27,7 @@ in # --- immich devices --- # labels: - traefik.enable=true + - traefik.docker.network=immich_frontend - traefik.http.services.immich.loadbalancer.server.port=2283 - traefik.http.services.immich.loadbalancer.server.scheme=http - traefik.http.routers.immich-https.entrypoints=websecure @@ -89,27 +90,45 @@ in external: true ''; - systemd.services.${container_name} = { + systemd.services."${container_name}" = { description = "Podman container : ${container_name}"; after = [ "network.target" ]; requires = [ "traefik.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; - # Pull the latest image before running - ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; - # Bring the service up + TimeoutStartSec = "900"; + ExecStartPre = [ + "${pkgs.bash}/bin/bash -c 'sleep $((RANDOM % 400))'" + "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" + ]; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; - # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; StartLimitBurst = "3"; }; }; + + systemd.services."update-${container_name}" = { + description = "Update ${container_name} container"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service"; + }; + }; + + systemd.timers."update-${container_name}" = { + timerConfig = { + OnCalendar = "02:00"; + RandomizedDelaySec = "60m"; + Unit = "update-${container_name}.service"; + }; + wantedBy = [ "timers.target" ]; + }; }; } \ No newline at end of file diff --git a/templates/nix-config/podman/it-tools.nix b/templates/nix-config/podman/it-tools.nix index bf87666..de6ed25 100644 --- a/templates/nix-config/podman/it-tools.nix +++ b/templates/nix-config/podman/it-tools.nix @@ -20,6 +20,7 @@ in it-tools_frontend: labels: - traefik.enable=true + - traefik.docker.network=it-tools_frontend - traefik.http.services.it-tools.loadbalancer.server.port=80 - traefik.http.services.it-tools.loadbalancer.server.scheme=http - traefik.http.routers.it-tools-https.entrypoints=websecure @@ -32,27 +33,45 @@ in external: true ''; - systemd.services.${container_name} = { + systemd.services."${container_name}" = { description = "Podman container : ${container_name}"; after = [ "network.target" ]; requires = [ "traefik.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; - # Pull the latest image before running - ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; - # Bring the service up - ExecStart = "sleep 90 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; - # Take it down gracefully + TimeoutStartSec = "600"; + ExecStartPre = [ + "${pkgs.bash}/bin/bash -c 'sleep $((RANDOM % 180))'" + "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" + ]; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; StartLimitBurst = "3"; }; }; + + systemd.services."update-${container_name}" = { + description = "Update ${container_name} container"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service"; + }; + }; + + systemd.timers."update-${container_name}" = { + timerConfig = { + OnCalendar = "02:00"; + RandomizedDelaySec = "60m"; + Unit = "update-${container_name}.service"; + }; + wantedBy = [ "timers.target" ]; + }; }; } \ No newline at end of file diff --git a/templates/nix-config/podman/nextcloud.nix b/templates/nix-config/podman/nextcloud.nix index c1495bf..4953e29 100644 --- a/templates/nix-config/podman/nextcloud.nix +++ b/templates/nix-config/podman/nextcloud.nix @@ -37,6 +37,7 @@ in WATCHTOWER_DOCKER_SOCKET_PATH: /run/user/1000/podman/podman.sock labels: - traefik.enable=true + - traefik.docker.network=nextcloud-aio - traefik.http.services.nextcloud-aio.loadbalancer.server.port=8080 - traefik.http.services.nextcloud-aio.loadbalancer.server.scheme=https - traefik.http.routers.nextcloud-aio-https.entrypoints=websecure @@ -55,27 +56,45 @@ in name: nextcloud_aio_mastercontainer ''; - systemd.services.${container_name} = { + systemd.services."${container_name}" = { description = "Podman container : ${container_name}"; after = [ "network.target" ]; requires = [ "traefik.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; - # Pull the latest image before running - ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; - # Bring the service up - ExecStart = "sleep 100 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; - # Take it down gracefully + TimeoutStartSec = "600"; + ExecStartPre = [ + "${pkgs.bash}/bin/bash -c 'sleep $((RANDOM % 180))'" + "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" + ]; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; StartLimitBurst = "3"; }; }; + + systemd.services."update-${container_name}" = { + description = "Update ${container_name} container"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service"; + }; + }; + + systemd.timers."update-${container_name}" = { + timerConfig = { + OnCalendar = "02:00"; + RandomizedDelaySec = "60m"; + Unit = "update-${container_name}.service"; + }; + wantedBy = [ "timers.target" ]; + }; }; } \ No newline at end of file diff --git a/templates/nix-config/podman/passbolt.nix b/templates/nix-config/podman/passbolt.nix index 0821f3f..654fe8a 100644 --- a/templates/nix-config/podman/passbolt.nix +++ b/templates/nix-config/podman/passbolt.nix @@ -39,6 +39,7 @@ in PASSBOLT_SSL_FORCE: true labels: - traefik.enable=true + - traefik.docker.network=passbolt_frontend - traefik.http.services.passbolt.loadbalancer.server.port=4433 - traefik.http.services.passbolt.loadbalancer.server.scheme=https - traefik.http.routers.passbolt-https.entrypoints=websecure @@ -84,27 +85,45 @@ in passbolt-jwt: ''; - systemd.services.${container_name} = { + systemd.services."${container_name}" = { description = "Podman container : ${container_name}"; after = [ "network.target" ]; requires = [ "traefik.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; - # Pull the latest image before running - ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; - # Bring the service up - ExecStart = "sleep 110 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; - # Take it down gracefully + TimeoutStartSec = "600"; + ExecStartPre = [ + "${pkgs.bash}/bin/bash -c 'sleep $((RANDOM % 180))'" + "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" + ]; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; StartLimitBurst = "3"; }; }; + + systemd.services."update-${container_name}" = { + description = "Update ${container_name} container"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service"; + }; + }; + + systemd.timers."update-${container_name}" = { + timerConfig = { + OnCalendar = "02:00"; + RandomizedDelaySec = "60m"; + Unit = "update-${container_name}.service"; + }; + wantedBy = [ "timers.target" ]; + }; }; } \ No newline at end of file diff --git a/templates/nix-config/podman/pi-hole.nix b/templates/nix-config/podman/pi-hole.nix index f4cea47..4c36f4f 100644 --- a/templates/nix-config/podman/pi-hole.nix +++ b/templates/nix-config/podman/pi-hole.nix @@ -26,10 +26,6 @@ in environment: TZ: $TZ FTLCONF_webserver_api_password: $FTLCONF_webserver_api_password - FTLCONF_dns_listeningMode: "all" - FTLCONF_dns_revServers: true,$HOME_ROUTER_SUBNET,$HOME_ROUTER_IP,home - FTLCONF_dns_domain_name: "home" - FTLCONF_dns_domain_local: "true" FTLCONF_dns_hosts: | $HOME_SERVER_IP frigate.$DOMAIN_NAME $HOME_SERVER_IP gitea.$DOMAIN_NAME @@ -52,6 +48,7 @@ in - SYS_NICE labels: - traefik.enable=true + - traefik.docker.network=pi-hole_frontend - traefik.http.services.pihole.loadbalancer.server.port=80 - traefik.http.services.pihole.loadbalancer.server.scheme=http - traefik.http.routers.pihole-https.entrypoints=websecure @@ -64,29 +61,46 @@ in pi-hole_frontend: external: true ''; - systemd.services.${container_name} = { + + systemd.services."${container_name}" = { description = "Podman container : ${container_name}"; after = [ "network.target" ]; requires = [ "traefik.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; - AmbientCapabilities = "CAP_SYS_NICE"; - LimitNICE = -20; Type = "exec"; - # Pull the latest image before running - ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; - # Bring the service up + TimeoutStartSec = "600"; + ExecStartPre = [ + "${pkgs.bash}/bin/bash -c 'sleep 20'" + "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull" + ]; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; - # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; StartLimitBurst = "3"; }; }; + + systemd.services."update-${container_name}" = { + description = "Update ${container_name} container"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service"; + }; + }; + + systemd.timers."update-${container_name}" = { + timerConfig = { + OnCalendar = "02:00"; + RandomizedDelaySec = "60m"; + Unit = "update-${container_name}.service"; + }; + wantedBy = [ "timers.target" ]; + }; }; } diff --git a/templates/nix-config/podman/traefik.nix b/templates/nix-config/podman/traefik.nix index 63a3cca..82056b9 100644 --- a/templates/nix-config/podman/traefik.nix +++ b/templates/nix-config/podman/traefik.nix @@ -31,6 +31,7 @@ TRAEFIK_NETWORKS - CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN labels: - traefik.enable=true + - traefik.docker.network=home-assistant_frontend - traefik.http.services.traefik.loadbalancer.server.port=8080 - traefik.http.services.traefik.loadbalancer.server.scheme=http - traefik.http.routers.traefik-https.entrypoints=websecure @@ -46,17 +47,14 @@ TRAEFIK_REF_NETWORKS description = "Podman container : ${container_name}"; after = [ "numbus-activation-networked.service" "numbus-activation-chowned.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman ]; + path = [ pkgs.podman pkgs.coreutils ]; serviceConfig = { User = "numbus-admin"; Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; - # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; - # Bring the service up ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; - # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; RestartSec = "5m"; diff --git a/templates/nix-config/sops-nix/secrets.yaml b/templates/nix-config/sops-nix/secrets.yaml index 60a40e5..a9f08d7 100644 --- a/templates/nix-config/sops-nix/secrets.yaml +++ b/templates/nix-config/sops-nix/secrets.yaml @@ -1,5 +1,6 @@ ssh_public_keys: "$SSH_PUBLIC_KEY" sender_email_address_password: "$SENDER_EMAIL_ADDRESS_PASSWORD" +domain_name: "$DOMAIN_NAME" podman: frigate: | diff --git a/templates/podman-config/home-assistant/configuration.yaml b/templates/podman-config/home-assistant/configuration.yaml deleted file mode 100644 index 24f8912..0000000 --- a/templates/podman-config/home-assistant/configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ - -# Loads default set of integrations. Do not remove. -default_config: - -# Load frontend themes from the themes folder -frontend: - themes: !include_dir_merge_named themes - -automation: !include automations.yaml -script: !include scripts.yaml -scene: !include scenes.yaml - -http: - use_x_forwarded_for: true - trusted_proxies: 172.16.20.253 - -zha: \ No newline at end of file