Added cooldown to containers. Updated config. Disabled PCR-CHECK
This commit is contained in:
Raphaël Numbus
@@ -10,7 +10,7 @@
|
||||
./misc/mail.nix
|
||||
./misc/networking.nix
|
||||
./misc/smart.nix
|
||||
# ./disks/pcr-check.nix
|
||||
## ./disks/pcr-check.nix
|
||||
# ./disks/snapraid.nix
|
||||
# ./pcie-coral/coral.nix
|
||||
];
|
||||
@@ -47,9 +47,9 @@
|
||||
boot.swraid.mdadmConf = "MAILADDR ${config.email.userAddress},${config.email.adminAddress}";
|
||||
# boot.initrd.systemd.tpm2.enable = true;
|
||||
|
||||
# TPM2 PCR check
|
||||
# systemIdentity.enable = true;
|
||||
# systemIdentity.pcr15 = "PCR_HASH";
|
||||
# # TPM2 PCR check
|
||||
## systemIdentity.enable = true;
|
||||
## systemIdentity.pcr15 = "PCR_HASH";
|
||||
|
||||
# Timezone
|
||||
time.timeZone = "Europe/Paris";
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
# Bridge configuration for VMs
|
||||
networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
|
||||
networking.interfaces.br0.useDHCP = false;
|
||||
networking.nameservers = [ "127.0.0.1" "9.9.9.9" ];
|
||||
networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
|
||||
networking.interfaces.br0.ipv4.addresses = [{
|
||||
address = "HOME_SERVER_IP";
|
||||
prefixLength = 24;
|
||||
|
||||
@@ -56,7 +56,7 @@ in
|
||||
systemd.services.${container_name} = {
|
||||
description = "Podman container : ${container_name}";
|
||||
after = [ "network.target" ];
|
||||
requires = [ "traefik.service" ];
|
||||
requires = [ "traefik.service" "home-assistant.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.podman ];
|
||||
|
||||
@@ -67,7 +67,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
@@ -79,7 +79,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
@@ -66,7 +66,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 70 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
@@ -103,7 +103,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 80 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
@@ -46,7 +46,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 90 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
@@ -69,7 +69,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 100 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
@@ -98,7 +98,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 110 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
@@ -80,7 +80,7 @@ in
|
||||
# Pull the latest image before running
|
||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||
# Bring the service up
|
||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||
# Take it down gracefully
|
||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||
Restart = "on-failure";
|
||||
|
||||
Reference in New Issue
Block a user