From 549c1a780dca32eafab69f2be534e7e5e711c2df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= Date: Sun, 4 Jan 2026 12:16:33 +0100 Subject: [PATCH] Try to fix disk mount failure. Edited podman configuration. --- templates/nix-config/configuration.nix | 6 +++- templates/nix-config/disks/content.nix | 3 +- templates/nix-config/disks/parity.nix | 3 +- templates/nix-config/flake.nix | 2 +- templates/nix-config/podman/frigate.nix | 15 +++++----- templates/nix-config/podman/gitea.nix | 18 ++++++------ .../nix-config/podman/home-assistant.nix | 16 +++++----- templates/nix-config/podman/immich.nix | 21 +++++++------- templates/nix-config/podman/it-tools.nix | 15 +++++----- templates/nix-config/podman/nextcloud.nix | 15 +++++----- templates/nix-config/podman/passbolt.nix | 15 +++++----- templates/nix-config/podman/pi-hole.nix | 16 +++++----- templates/nix-config/podman/traefik.nix | 29 ++++++++++--------- 13 files changed, 91 insertions(+), 83 deletions(-) diff --git a/templates/nix-config/configuration.nix b/templates/nix-config/configuration.nix index fe28a54..0ac8333 100644 --- a/templates/nix-config/configuration.nix +++ b/templates/nix-config/configuration.nix @@ -38,9 +38,9 @@ # Bootloader options boot.initrd.systemd.enable = true; - boot.initrd.systemd.tpm2.enable = true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; +# boot.initrd.systemd.tpm2.enable = true; # TPM2 PCR check # systemIdentity.enable = true; @@ -130,6 +130,10 @@ extraGroups = [ "wheel" ]; uid = 1000; initialPassword = "changeMe!"; + # required for auto start before user login + linger = true; + # required for rootless container with multiple users + autoSubUidGidRange = true; }; # Login message diff --git a/templates/nix-config/disks/content.nix b/templates/nix-config/disks/content.nix index 2223f2a..a92b3cc 100644 --- a/templates/nix-config/disks/content.nix +++ b/templates/nix-config/disks/content.nix @@ -9,11 +9,10 @@ content = { type = "luks"; name = "crypted-content-${j}"; - initrdUnlock = false; settings = { keyFile = "/etc/secrets/disks/content-${j}"; allowDiscards = ${ALLOW_DISCARDS:-false}; - crypttabExtraOpts = "nofail"; + crypttabExtraOpts = [ "nofail" ]; }; content = { type = "filesystem"; diff --git a/templates/nix-config/disks/parity.nix b/templates/nix-config/disks/parity.nix index d9b0974..cdcf082 100644 --- a/templates/nix-config/disks/parity.nix +++ b/templates/nix-config/disks/parity.nix @@ -9,11 +9,10 @@ content = { type = "luks"; name = "crypted-parity-${j}"; - initrdUnlock = false; settings = { keyFile = "/etc/secrets/disks/parity-${j}"; allowDiscards = ${ALLOW_DISCARDS:-false}; - crypttabExtraOpts = "nofail"; + crypttabExtraOpts = [ "nofail" ]; }; content = { type = "filesystem"; diff --git a/templates/nix-config/flake.nix b/templates/nix-config/flake.nix index c51e151..0b7a10d 100644 --- a/templates/nix-config/flake.nix +++ b/templates/nix-config/flake.nix @@ -13,7 +13,7 @@ autoaspm.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, disko, sops-nix, ... }@inputs: let + outputs = { self, nixpkgs, disko, sops-nix, autoaspm, home-manager, quadlet-nix, ... }@inputs: let # System definition system = "x86_64-linux"; pkgs = import nixpkgs { diff --git a/templates/nix-config/podman/frigate.nix b/templates/nix-config/podman/frigate.nix index 579314d..53cb228 100644 --- a/templates/nix-config/podman/frigate.nix +++ b/templates/nix-config/podman/frigate.nix @@ -17,7 +17,7 @@ in services: frigate: image: ghcr.io/blakeblackshear/frigate:stable - container_name: ${container_name} + container_name: frigate shm_size: "512MB" networks: hass_frontend: @@ -41,7 +41,7 @@ in - traefik.http.services.frigate.loadbalancer.server.port=8971 - traefik.http.services.frigate.loadbalancer.server.scheme=http - traefik.http.routers.frigate-https.entrypoints=websecure - - traefik.http.routers.frigate-https.rule=Host(`${container_name}.$DOMAIN_NAME`) + - traefik.http.routers.frigate-https.rule=Host(`frigate.$DOMAIN_NAME`) - traefik.http.routers.frigate-https.tls=true - traefik.http.routers.frigate-https.tls.certresolver=cloudflare restart: unless-stopped @@ -53,14 +53,15 @@ in external: true ''; - systemd.services.frigate = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" "traefik.service" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/gitea.nix b/templates/nix-config/podman/gitea.nix index 28bb456..859a185 100644 --- a/templates/nix-config/podman/gitea.nix +++ b/templates/nix-config/podman/gitea.nix @@ -4,7 +4,6 @@ let container_name = "gitea"; compose_file = "podman/gitea/compose.yaml"; config_dir = "/mnt/config/gitea"; - data_dir = "/mnt/data/gitea"; in { @@ -17,12 +16,12 @@ in services: gitea: image: gitea/gitea:latest - container_name: ${container_name} + container_name: gitea networks: gitea_frontend: gitea_backend: volumes: - - ${data_dir}:/data + - ${config_dir}:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: @@ -40,7 +39,7 @@ in - traefik.http.services.gitea.loadbalancer.server.port=3000 - traefik.http.services.gitea.loadbalancer.server.scheme=http - traefik.http.routers.gitea-https.entrypoints=websecure - - traefik.http.routers.gitea-https.rule=Host(`${container_name}.$DOMAIN_NAME`) + - traefik.http.routers.gitea-https.rule=Host(`gitea.$DOMAIN_NAME`) - traefik.http.routers.gitea-https.tls=true - traefik.http.routers.gitea-https.tls.certresolver=cloudflare depends_on: @@ -67,14 +66,15 @@ in external: true ''; - systemd.services.gitea = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" "traefik.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/home-assistant.nix b/templates/nix-config/podman/home-assistant.nix index 2acd256..a74ef9f 100644 --- a/templates/nix-config/podman/home-assistant.nix +++ b/templates/nix-config/podman/home-assistant.nix @@ -17,7 +17,7 @@ in services: home-assistant: image: ghcr.io/home-assistant/home-assistant:latest - container_name: ${container_name} + container_name: home-assistant networks: hass_frontend: hass_backend: @@ -31,7 +31,7 @@ in - traefik.http.services.home-assistant.loadbalancer.server.port=8123 - traefik.http.services.home-assistant.loadbalancer.server.scheme=http - traefik.http.routers.home-assistant-https.entrypoints=websecure - - traefik.http.routers.home-assistant-https.rule=Host(`${container_name}.$DOMAIN_NAME`) + - traefik.http.routers.home-assistant-https.rule=Host(`home-assistant.$DOMAIN_NAME`) - traefik.http.routers.home-assistant-https.tls=true - traefik.http.routers.home-assistant-https.tls.certresolver=cloudflare restart: unless-stopped @@ -52,15 +52,15 @@ in hass_frontend: external: true ''; - - systemd.services.hass = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" "traefik.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/immich.nix b/templates/nix-config/podman/immich.nix index 50ddf35..1f703b7 100644 --- a/templates/nix-config/podman/immich.nix +++ b/templates/nix-config/podman/immich.nix @@ -17,7 +17,7 @@ in services: immich-server: image: ghcr.io/immich-app/immich-server:$IMMICH_VERSION - container_name: ${container_name}-server + container_name: immich-server networks: immich_frontend: immich_backend: @@ -30,7 +30,7 @@ in - traefik.http.services.immich.loadbalancer.server.port=2283 - traefik.http.services.immich.loadbalancer.server.scheme=http - traefik.http.routers.immich-https.entrypoints=websecure - - traefik.http.routers.immich-https.rule=Host(`${container_name}.$DOMAIN_NAME`) + - traefik.http.routers.immich-https.rule=Host(`immich.$DOMAIN_NAME`) - traefik.http.routers.immich-https.tls=true - traefik.http.routers.immich-https.tls.certresolver=cloudflare env_file: @@ -43,7 +43,7 @@ in disable: false immich-machine-learning: - container_name: ${container_name}-machine-learning + container_name: immich-machine-learning image: ghcr.io/immich-app/immich-machine-learning:$IMMICH_VERSION networks: immich_backend: @@ -56,7 +56,7 @@ in disable: false immich-redis: - container_name: ${container_name}-redis + container_name: immich-redis image: docker.io/valkey/valkey:8-bookworm@sha256:a137a2b60aca1a75130022d6bb96af423fefae4eb55faf395732db3544803280 networks: immich_backend: @@ -65,7 +65,7 @@ in restart: always immich-database: - container_name: ${container_name}-database + container_name: immich-database image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a networks: immich_backend: @@ -89,14 +89,15 @@ in external: true ''; - systemd.services.immich = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" "traefik.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/it-tools.nix b/templates/nix-config/podman/it-tools.nix index 9147124..18a6b92 100644 --- a/templates/nix-config/podman/it-tools.nix +++ b/templates/nix-config/podman/it-tools.nix @@ -14,7 +14,7 @@ in '' services: it-tools: - container_name: ${container_name} + container_name: it-tools image: corentinth/it-tools networks: it-tools: @@ -23,7 +23,7 @@ in - traefik.http.services.it-tools.loadbalancer.server.port=80 - traefik.http.services.it-tools.loadbalancer.server.scheme=http - traefik.http.routers.it-tools-https.entrypoints=websecure - - traefik.http.routers.it-tools-https.rule=Host(`${container_name}.$DOMAIN_NAME`) + - traefik.http.routers.it-tools-https.rule=Host(`it-tools.$DOMAIN_NAME`) - traefik.http.routers.it-tools-https.tls=true - traefik.http.routers.it-tools-https.tls.certresolver=cloudflare restart: unless-stopped @@ -32,14 +32,15 @@ in external: true ''; - systemd.services.it-tools = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" "traefik.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/nextcloud.nix b/templates/nix-config/podman/nextcloud.nix index dbbae55..cb11a8d 100644 --- a/templates/nix-config/podman/nextcloud.nix +++ b/templates/nix-config/podman/nextcloud.nix @@ -16,7 +16,7 @@ in services: nextcloud-aio-mastercontainer: image: nextcloud/all-in-one:latest - container_name: ${container_name}-aio-mastercontainer + container_name: nextcloud-aio-mastercontainer networks: nextcloud-aio: volumes: @@ -40,7 +40,7 @@ in - traefik.http.services.nextcloud-aio.loadbalancer.server.port=8080 - traefik.http.services.nextcloud-aio.loadbalancer.server.scheme=https - traefik.http.routers.nextcloud-aio-https.entrypoints=websecure - - traefik.http.routers.nextcloud-aio-https.rule=Host(`${container_name}-aio.$DOMAIN_NAME`) + - traefik.http.routers.nextcloud-aio-https.rule=Host(`nextcloud-aio.$DOMAIN_NAME`) - traefik.http.routers.nextcloud-aio-https.tls=true - traefik.http.routers.nextcloud-aio-https.tls.certresolver=cloudflare init: true @@ -55,14 +55,15 @@ in name: nextcloud_aio_mastercontainer ''; - systemd.services.nextcloud = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" "traefik.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/passbolt.nix b/templates/nix-config/podman/passbolt.nix index 6382d76..4d96c66 100644 --- a/templates/nix-config/podman/passbolt.nix +++ b/templates/nix-config/podman/passbolt.nix @@ -15,7 +15,7 @@ in services: passbolt: image: passbolt/passbolt:latest-ce-non-root - container_name: ${container_name} + container_name: passbolt networks: passbolt_frontend: passbolt_backend: @@ -60,7 +60,7 @@ in passbolt-database: image: mariadb:11.3 - container_name: ${container_name}-database + container_name: passbolt-database networks: passbolt_backend: volumes: @@ -84,14 +84,15 @@ in passbolt-jwt: ''; - systemd.services.passbolt = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" "traefik.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/pi-hole.nix b/templates/nix-config/podman/pi-hole.nix index 75ed228..f0c0d67 100644 --- a/templates/nix-config/podman/pi-hole.nix +++ b/templates/nix-config/podman/pi-hole.nix @@ -16,7 +16,7 @@ in services: pihole: image: pihole/pihole:latest - container_name: ${container_name} + container_name: pi-hole networks: pihole: ports: @@ -51,7 +51,7 @@ in - traefik.http.services.pihole.loadbalancer.server.port=443 - traefik.http.services.pihole.loadbalancer.server.scheme=https - traefik.http.routers.pihole-https.entrypoints=websecure - - traefik.http.routers.pihole-https.rule=Host(`${container_name}.$DOMAIN_NAME`) + - traefik.http.routers.pihole-https.rule=Host(`pi-hole.$DOMAIN_NAME`) - traefik.http.routers.pihole-https.tls=true - traefik.http.routers.pihole-https.tls.certresolver=cloudflare restart: unless-stopped @@ -60,15 +60,15 @@ in pihole: external: true ''; - - systemd.services.pihole = { + systemd.services.${container_name} = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "traefik.service" "podman.socket" ]; - wantedBy = ["multi-user.target"]; - path = [ pkgs.podman-compose ]; + after = [ "network.target" "traefik.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; diff --git a/templates/nix-config/podman/traefik.nix b/templates/nix-config/podman/traefik.nix index d1ca820..a145e4e 100644 --- a/templates/nix-config/podman/traefik.nix +++ b/templates/nix-config/podman/traefik.nix @@ -16,14 +16,14 @@ in services: traefik: image: docker.io/library/traefik:latest - container_name: ${container_name} + container_name: pi-hole networks: nextcloud-aio: - ipv4_address: 172.16.1.253 + ipv4_address: 172.16.10.253 passbolt_frontend: ipv4_address: 172.16.20.253 pihole: - ipv4_address: 172.16.3.253 + ipv4_address: 172.16.30.253 hass_frontend: ipv4_address: 172.16.40.253 immich_frontend: @@ -31,7 +31,7 @@ in gitea_frontend: ipv4_address: 172.16.60.253 it-tools: - ipv4_address: 172.16.7.253 + ipv4_address: 172.16.70.253 ports: - 80:80 - 443:443 @@ -47,7 +47,7 @@ in - traefik.http.services.traefik.loadbalancer.server.port=8080 - traefik.http.services.traefik.loadbalancer.server.scheme=http - traefik.http.routers.traefik-https.entrypoints=websecure - - traefik.http.routers.traefik-https.rule=Host(`${container_name}.$DOMAIN_NAME`) + - traefik.http.routers.traefik-https.rule=Host(`pi-hole.$DOMAIN_NAME`) - traefik.http.routers.traefik-https.tls=true - traefik.http.routers.traefik-https.tls.certresolver=cloudflare restart: always @@ -57,8 +57,8 @@ in driver: bridge ipam: config: - - subnet: "172.16.1.0/24" - gateway: "172.16.1.254" + - subnet: "172.16.10.0/24" + gateway: "172.16.10.254" passbolt_backend: name: passbolt_backend driver: bridge @@ -78,8 +78,8 @@ in driver: bridge ipam: config: - - subnet: "172.16.3.0/24" - gateway: "172.16.3.254" + - subnet: "172.16.30.0/24" + gateway: "172.16.30.254" hass_backend: name: hass_backend driver: bridge @@ -127,18 +127,19 @@ in driver: bridge ipam: config: - - subnet: "172.16.7.0/24" - gateway: "172.16.7.254" + - subnet: "172.16.70.0/24" + gateway: "172.16.70.254" ''; systemd.services.traefik = { description = "Podman container : ${container_name}"; - requires = [ "podman.socket" ]; - after = [ "network.target" "podman.socket" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.podman-compose ]; + path = [ pkgs.podman-compose pkgs.podman ]; serviceConfig = { + User = "numbus-admin"; + Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ]; Type = "exec"; # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";