numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Try to fix disk mount failure. Edited podman configuration.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-01-04 12:16:33 +01:00
parent 81ec01b571
commit 549c1a780d
13 changed files with 91 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/nix-config/configuration.nix
+5 -1
View File
@@ -38,9 +38,9 @@
# Bootloader options
boot.initrd.systemd.enable = true;
boot.initrd.systemd.tpm2.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# boot.initrd.systemd.tpm2.enable = true;
# TPM2 PCR check
# systemIdentity.enable = true;
@@ -130,6 +130,10 @@
extraGroups = [ "wheel" ];
uid = 1000;
initialPassword = "changeMe!";
# required for auto start before user login
linger = true;
# required for rootless container with multiple users
autoSubUidGidRange = true;
};
# Login message
templates/nix-config/disks/content.nix
+1 -2
View File
@@ -9,11 +9,10 @@
content = {
type = "luks";
name = "crypted-content-${j}";
initrdUnlock = false;
settings = {
keyFile = "/etc/secrets/disks/content-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false};
crypttabExtraOpts = "nofail";
crypttabExtraOpts = [ "nofail" ];
};
content = {
type = "filesystem";
templates/nix-config/disks/parity.nix
+1 -2
View File
@@ -9,11 +9,10 @@
content = {
type = "luks";
name = "crypted-parity-${j}";
initrdUnlock = false;
settings = {
keyFile = "/etc/secrets/disks/parity-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false};
crypttabExtraOpts = "nofail";
crypttabExtraOpts = [ "nofail" ];
};
content = {
type = "filesystem";
templates/nix-config/flake.nix
+1 -1
View File
@@ -13,7 +13,7 @@
autoaspm.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, disko, sops-nix, ... }@inputs: let
outputs = { self, nixpkgs, disko, sops-nix, autoaspm, home-manager, quadlet-nix, ... }@inputs: let
# System definition
system = "x86_64-linux";
pkgs = import nixpkgs {
templates/nix-config/podman/frigate.nix
+8 -7
View File
@@ -17,7 +17,7 @@ in
services:
frigate:
image: ghcr.io/blakeblackshear/frigate:stable
container_name: ${container_name}
container_name: frigate
shm_size: "512MB"
networks:
hass_frontend:
@@ -41,7 +41,7 @@ in
- traefik.http.services.frigate.loadbalancer.server.port=8971
- traefik.http.services.frigate.loadbalancer.server.scheme=http
- traefik.http.routers.frigate-https.entrypoints=websecure
- traefik.http.routers.frigate-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
- traefik.http.routers.frigate-https.rule=Host(`frigate.$DOMAIN_NAME`)
- traefik.http.routers.frigate-https.tls=true
- traefik.http.routers.frigate-https.tls.certresolver=cloudflare
restart: unless-stopped
@@ -53,14 +53,15 @@ in
external: true
'';
systemd.services.frigate = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" "traefik.service" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/gitea.nix
+9 -9
View File
@@ -4,7 +4,6 @@ let
container_name = "gitea";
compose_file = "podman/gitea/compose.yaml";
config_dir = "/mnt/config/gitea";
data_dir = "/mnt/data/gitea";
in
{
@@ -17,12 +16,12 @@ in
services:
gitea:
image: gitea/gitea:latest
container_name: ${container_name}
container_name: gitea
networks:
gitea_frontend:
gitea_backend:
volumes:
- ${data_dir}:/data
- ${config_dir}:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
@@ -40,7 +39,7 @@ in
- traefik.http.services.gitea.loadbalancer.server.port=3000
- traefik.http.services.gitea.loadbalancer.server.scheme=http
- traefik.http.routers.gitea-https.entrypoints=websecure
- traefik.http.routers.gitea-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
- traefik.http.routers.gitea-https.rule=Host(`gitea.$DOMAIN_NAME`)
- traefik.http.routers.gitea-https.tls=true
- traefik.http.routers.gitea-https.tls.certresolver=cloudflare
depends_on:
@@ -67,14 +66,15 @@ in
external: true
'';
systemd.services.gitea = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/home-assistant.nix
+8 -8
View File
@@ -17,7 +17,7 @@ in
services:
home-assistant:
image: ghcr.io/home-assistant/home-assistant:latest
container_name: ${container_name}
container_name: home-assistant
networks:
hass_frontend:
hass_backend:
@@ -31,7 +31,7 @@ in
- traefik.http.services.home-assistant.loadbalancer.server.port=8123
- traefik.http.services.home-assistant.loadbalancer.server.scheme=http
- traefik.http.routers.home-assistant-https.entrypoints=websecure
- traefik.http.routers.home-assistant-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
- traefik.http.routers.home-assistant-https.rule=Host(`home-assistant.$DOMAIN_NAME`)
- traefik.http.routers.home-assistant-https.tls=true
- traefik.http.routers.home-assistant-https.tls.certresolver=cloudflare
restart: unless-stopped
@@ -52,15 +52,15 @@ in
hass_frontend:
external: true
'';
systemd.services.hass = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/immich.nix
+11 -10
View File
@@ -17,7 +17,7 @@ in
services:
immich-server:
image: ghcr.io/immich-app/immich-server:$IMMICH_VERSION
container_name: ${container_name}-server
container_name: immich-server
networks:
immich_frontend:
immich_backend:
@@ -30,7 +30,7 @@ in
- traefik.http.services.immich.loadbalancer.server.port=2283
- traefik.http.services.immich.loadbalancer.server.scheme=http
- traefik.http.routers.immich-https.entrypoints=websecure
- traefik.http.routers.immich-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
- traefik.http.routers.immich-https.rule=Host(`immich.$DOMAIN_NAME`)
- traefik.http.routers.immich-https.tls=true
- traefik.http.routers.immich-https.tls.certresolver=cloudflare
env_file:
@@ -43,7 +43,7 @@ in
disable: false
immich-machine-learning:
container_name: ${container_name}-machine-learning
container_name: immich-machine-learning
image: ghcr.io/immich-app/immich-machine-learning:$IMMICH_VERSION
networks:
immich_backend:
@@ -56,7 +56,7 @@ in
disable: false
immich-redis:
container_name: ${container_name}-redis
container_name: immich-redis
image: docker.io/valkey/valkey:8-bookworm@sha256:a137a2b60aca1a75130022d6bb96af423fefae4eb55faf395732db3544803280
networks:
immich_backend:
@@ -65,7 +65,7 @@ in
restart: always
immich-database:
container_name: ${container_name}-database
container_name: immich-database
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
networks:
immich_backend:
@@ -89,14 +89,15 @@ in
external: true
'';
systemd.services.immich = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/it-tools.nix
+8 -7
View File
@@ -14,7 +14,7 @@ in
''
services:
it-tools:
container_name: ${container_name}
container_name: it-tools
image: corentinth/it-tools
networks:
it-tools:
@@ -23,7 +23,7 @@ in
- traefik.http.services.it-tools.loadbalancer.server.port=80
- traefik.http.services.it-tools.loadbalancer.server.scheme=http
- traefik.http.routers.it-tools-https.entrypoints=websecure
- traefik.http.routers.it-tools-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
- traefik.http.routers.it-tools-https.rule=Host(`it-tools.$DOMAIN_NAME`)
- traefik.http.routers.it-tools-https.tls=true
- traefik.http.routers.it-tools-https.tls.certresolver=cloudflare
restart: unless-stopped
@@ -32,14 +32,15 @@ in
external: true
'';
systemd.services.it-tools = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/nextcloud.nix
+8 -7
View File
@@ -16,7 +16,7 @@ in
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
container_name: ${container_name}-aio-mastercontainer
container_name: nextcloud-aio-mastercontainer
networks:
nextcloud-aio:
volumes:
@@ -40,7 +40,7 @@ in
- traefik.http.services.nextcloud-aio.loadbalancer.server.port=8080
- traefik.http.services.nextcloud-aio.loadbalancer.server.scheme=https
- traefik.http.routers.nextcloud-aio-https.entrypoints=websecure
- traefik.http.routers.nextcloud-aio-https.rule=Host(`${container_name}-aio.$DOMAIN_NAME`)
- traefik.http.routers.nextcloud-aio-https.rule=Host(`nextcloud-aio.$DOMAIN_NAME`)
- traefik.http.routers.nextcloud-aio-https.tls=true
- traefik.http.routers.nextcloud-aio-https.tls.certresolver=cloudflare
init: true
@@ -55,14 +55,15 @@ in
name: nextcloud_aio_mastercontainer
'';
systemd.services.nextcloud = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/passbolt.nix
+8 -7
View File
@@ -15,7 +15,7 @@ in
services:
passbolt:
image: passbolt/passbolt:latest-ce-non-root
container_name: ${container_name}
container_name: passbolt
networks:
passbolt_frontend:
passbolt_backend:
@@ -60,7 +60,7 @@ in
passbolt-database:
image: mariadb:11.3
container_name: ${container_name}-database
container_name: passbolt-database
networks:
passbolt_backend:
volumes:
@@ -84,14 +84,15 @@ in
passbolt-jwt:
'';
systemd.services.passbolt = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/pi-hole.nix
+8 -8
View File
@@ -16,7 +16,7 @@ in
services:
pihole:
image: pihole/pihole:latest
container_name: ${container_name}
container_name: pi-hole
networks:
pihole:
ports:
@@ -51,7 +51,7 @@ in
- traefik.http.services.pihole.loadbalancer.server.port=443
- traefik.http.services.pihole.loadbalancer.server.scheme=https
- traefik.http.routers.pihole-https.entrypoints=websecure
- traefik.http.routers.pihole-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
- traefik.http.routers.pihole-https.rule=Host(`pi-hole.$DOMAIN_NAME`)
- traefik.http.routers.pihole-https.tls=true
- traefik.http.routers.pihole-https.tls.certresolver=cloudflare
restart: unless-stopped
@@ -60,15 +60,15 @@ in
pihole:
external: true
'';
systemd.services.pihole = {
systemd.services.${container_name} = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ];
after = [ "network.target" "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/traefik.nix
+15 -14
View File
@@ -16,14 +16,14 @@ in
services:
traefik:
image: docker.io/library/traefik:latest
container_name: ${container_name}
container_name: pi-hole
networks:
nextcloud-aio:
ipv4_address: 172.16.1.253
ipv4_address: 172.16.10.253
passbolt_frontend:
ipv4_address: 172.16.20.253
pihole:
ipv4_address: 172.16.3.253
ipv4_address: 172.16.30.253
hass_frontend:
ipv4_address: 172.16.40.253
immich_frontend:
@@ -31,7 +31,7 @@ in
gitea_frontend:
ipv4_address: 172.16.60.253
it-tools:
ipv4_address: 172.16.7.253
ipv4_address: 172.16.70.253
ports:
- 80:80
- 443:443
@@ -47,7 +47,7 @@ in
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.http.services.traefik.loadbalancer.server.scheme=http
- traefik.http.routers.traefik-https.entrypoints=websecure
- traefik.http.routers.traefik-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
- traefik.http.routers.traefik-https.rule=Host(`pi-hole.$DOMAIN_NAME`)
- traefik.http.routers.traefik-https.tls=true
- traefik.http.routers.traefik-https.tls.certresolver=cloudflare
restart: always
@@ -57,8 +57,8 @@ in
driver: bridge
ipam:
config:
- subnet: "172.16.1.0/24"
gateway: "172.16.1.254"
- subnet: "172.16.10.0/24"
gateway: "172.16.10.254"
passbolt_backend:
name: passbolt_backend
driver: bridge
@@ -78,8 +78,8 @@ in
driver: bridge
ipam:
config:
- subnet: "172.16.3.0/24"
gateway: "172.16.3.254"
- subnet: "172.16.30.0/24"
gateway: "172.16.30.254"
hass_backend:
name: hass_backend
driver: bridge
@@ -127,18 +127,19 @@ in
driver: bridge
ipam:
config:
- subnet: "172.16.7.0/24"
gateway: "172.16.7.254"
- subnet: "172.16.70.0/24"
gateway: "172.16.70.254"
'';
systemd.services.traefik = {
description = "Podman container : ${container_name}";
requires = [ "podman.socket" ];
after = [ "network.target" "podman.socket" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose ];
path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
# Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";