Added cooldown to containers. Updated config. Disabled PCR-CHECK
This commit is contained in:
Raphaël Numbus
@@ -10,7 +10,7 @@
|
|||||||
./misc/mail.nix
|
./misc/mail.nix
|
||||||
./misc/networking.nix
|
./misc/networking.nix
|
||||||
./misc/smart.nix
|
./misc/smart.nix
|
||||||
# ./disks/pcr-check.nix
|
## ./disks/pcr-check.nix
|
||||||
# ./disks/snapraid.nix
|
# ./disks/snapraid.nix
|
||||||
# ./pcie-coral/coral.nix
|
# ./pcie-coral/coral.nix
|
||||||
];
|
];
|
||||||
@@ -47,9 +47,9 @@
|
|||||||
boot.swraid.mdadmConf = "MAILADDR ${config.email.userAddress},${config.email.adminAddress}";
|
boot.swraid.mdadmConf = "MAILADDR ${config.email.userAddress},${config.email.adminAddress}";
|
||||||
# boot.initrd.systemd.tpm2.enable = true;
|
# boot.initrd.systemd.tpm2.enable = true;
|
||||||
|
|
||||||
# TPM2 PCR check
|
# # TPM2 PCR check
|
||||||
# systemIdentity.enable = true;
|
## systemIdentity.enable = true;
|
||||||
# systemIdentity.pcr15 = "PCR_HASH";
|
## systemIdentity.pcr15 = "PCR_HASH";
|
||||||
|
|
||||||
# Timezone
|
# Timezone
|
||||||
time.timeZone = "Europe/Paris";
|
time.timeZone = "Europe/Paris";
|
||||||
|
|||||||
@@ -16,7 +16,7 @@
|
|||||||
# Bridge configuration for VMs
|
# Bridge configuration for VMs
|
||||||
networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
|
networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
|
||||||
networking.interfaces.br0.useDHCP = false;
|
networking.interfaces.br0.useDHCP = false;
|
||||||
networking.nameservers = [ "127.0.0.1" "9.9.9.9" ];
|
networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
|
||||||
networking.interfaces.br0.ipv4.addresses = [{
|
networking.interfaces.br0.ipv4.addresses = [{
|
||||||
address = "HOME_SERVER_IP";
|
address = "HOME_SERVER_IP";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ in
|
|||||||
systemd.services.${container_name} = {
|
systemd.services.${container_name} = {
|
||||||
description = "Podman container : ${container_name}";
|
description = "Podman container : ${container_name}";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
requires = [ "traefik.service" ];
|
requires = [ "traefik.service" "home-assistant.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = [ pkgs.podman ];
|
path = [ pkgs.podman ];
|
||||||
|
|
||||||
@@ -67,7 +67,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
@@ -79,7 +79,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
@@ -66,7 +66,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 70 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
@@ -103,7 +103,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 80 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
@@ -46,7 +46,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 90 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 100 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
@@ -98,7 +98,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 110 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ in
|
|||||||
# Pull the latest image before running
|
# Pull the latest image before running
|
||||||
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
|
||||||
# Bring the service up
|
# Bring the service up
|
||||||
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
|
||||||
# Take it down gracefully
|
# Take it down gracefully
|
||||||
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|||||||
Reference in New Issue
Block a user