numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Try to fix disk mount failure. Edited podman configuration.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-01-04 12:16:33 +01:00
parent 81ec01b571
commit 549c1a780d
13 changed files with 91 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/nix-config/configuration.nix
+5 -1
View File
@@ -38,9 +38,9 @@
# Bootloader options # Bootloader options
boot.initrd.systemd.enable = true; boot.initrd.systemd.enable = true;
boot.initrd.systemd.tpm2.enable = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
# boot.initrd.systemd.tpm2.enable = true;
# TPM2 PCR check # TPM2 PCR check
# systemIdentity.enable = true; # systemIdentity.enable = true;
@@ -130,6 +130,10 @@
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
uid = 1000; uid = 1000;
initialPassword = "changeMe!"; initialPassword = "changeMe!";
# required for auto start before user login
linger = true;
# required for rootless container with multiple users
autoSubUidGidRange = true;
}; };
# Login message # Login message
templates/nix-config/disks/content.nix
+1 -2
View File
@@ -9,11 +9,10 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted-content-${j}"; name = "crypted-content-${j}";
initrdUnlock = false;
settings = { settings = {
keyFile = "/etc/secrets/disks/content-${j}"; keyFile = "/etc/secrets/disks/content-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false}; allowDiscards = ${ALLOW_DISCARDS:-false};
crypttabExtraOpts = "nofail"; crypttabExtraOpts = [ "nofail" ];
}; };
content = { content = {
type = "filesystem"; type = "filesystem";
templates/nix-config/disks/parity.nix
+1 -2
View File
@@ -9,11 +9,10 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted-parity-${j}"; name = "crypted-parity-${j}";
initrdUnlock = false;
settings = { settings = {
keyFile = "/etc/secrets/disks/parity-${j}"; keyFile = "/etc/secrets/disks/parity-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false}; allowDiscards = ${ALLOW_DISCARDS:-false};
crypttabExtraOpts = "nofail"; crypttabExtraOpts = [ "nofail" ];
}; };
content = { content = {
type = "filesystem"; type = "filesystem";
templates/nix-config/flake.nix
+1 -1
View File
@@ -13,7 +13,7 @@
autoaspm.inputs.nixpkgs.follows = "nixpkgs"; autoaspm.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, disko, sops-nix, ... }@inputs: let outputs = { self, nixpkgs, disko, sops-nix, autoaspm, home-manager, quadlet-nix, ... }@inputs: let
# System definition # System definition
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
templates/nix-config/podman/frigate.nix
+8 -7
View File
@@ -17,7 +17,7 @@ in
services: services:
frigate: frigate:
image: ghcr.io/blakeblackshear/frigate:stable image: ghcr.io/blakeblackshear/frigate:stable
container_name: ${container_name} container_name: frigate
shm_size: "512MB" shm_size: "512MB"
networks: networks:
hass_frontend: hass_frontend:
@@ -41,7 +41,7 @@ in
- traefik.http.services.frigate.loadbalancer.server.port=8971 - traefik.http.services.frigate.loadbalancer.server.port=8971
- traefik.http.services.frigate.loadbalancer.server.scheme=http - traefik.http.services.frigate.loadbalancer.server.scheme=http
- traefik.http.routers.frigate-https.entrypoints=websecure - traefik.http.routers.frigate-https.entrypoints=websecure
- traefik.http.routers.frigate-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.frigate-https.rule=Host(`frigate.$DOMAIN_NAME`)
- traefik.http.routers.frigate-https.tls=true - traefik.http.routers.frigate-https.tls=true
- traefik.http.routers.frigate-https.tls.certresolver=cloudflare - traefik.http.routers.frigate-https.tls.certresolver=cloudflare
restart: unless-stopped restart: unless-stopped
@@ -53,14 +53,15 @@ in
external: true external: true
''; '';
systemd.services.frigate = { systemd.services.${container_name} = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" "traefik.service" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/gitea.nix
+9 -9
View File
@@ -4,7 +4,6 @@ let
container_name = "gitea"; container_name = "gitea";
compose_file = "podman/gitea/compose.yaml"; compose_file = "podman/gitea/compose.yaml";
config_dir = "/mnt/config/gitea"; config_dir = "/mnt/config/gitea";
data_dir = "/mnt/data/gitea";
in in
{ {
@@ -17,12 +16,12 @@ in
services: services:
gitea: gitea:
image: gitea/gitea:latest image: gitea/gitea:latest
container_name: ${container_name} container_name: gitea
networks: networks:
gitea_frontend: gitea_frontend:
gitea_backend: gitea_backend:
volumes: volumes:
- ${data_dir}:/data - ${config_dir}:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: environment:
@@ -40,7 +39,7 @@ in
- traefik.http.services.gitea.loadbalancer.server.port=3000 - traefik.http.services.gitea.loadbalancer.server.port=3000
- traefik.http.services.gitea.loadbalancer.server.scheme=http - traefik.http.services.gitea.loadbalancer.server.scheme=http
- traefik.http.routers.gitea-https.entrypoints=websecure - traefik.http.routers.gitea-https.entrypoints=websecure
- traefik.http.routers.gitea-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.gitea-https.rule=Host(`gitea.$DOMAIN_NAME`)
- traefik.http.routers.gitea-https.tls=true - traefik.http.routers.gitea-https.tls=true
- traefik.http.routers.gitea-https.tls.certresolver=cloudflare - traefik.http.routers.gitea-https.tls.certresolver=cloudflare
depends_on: depends_on:
@@ -67,14 +66,15 @@ in
external: true external: true
''; '';
systemd.services.gitea = { systemd.services.${container_name} = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" "traefik.service" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/home-assistant.nix
+8 -8
View File
@@ -17,7 +17,7 @@ in
services: services:
home-assistant: home-assistant:
image: ghcr.io/home-assistant/home-assistant:latest image: ghcr.io/home-assistant/home-assistant:latest
container_name: ${container_name} container_name: home-assistant
networks: networks:
hass_frontend: hass_frontend:
hass_backend: hass_backend:
@@ -31,7 +31,7 @@ in
- traefik.http.services.home-assistant.loadbalancer.server.port=8123 - traefik.http.services.home-assistant.loadbalancer.server.port=8123
- traefik.http.services.home-assistant.loadbalancer.server.scheme=http - traefik.http.services.home-assistant.loadbalancer.server.scheme=http
- traefik.http.routers.home-assistant-https.entrypoints=websecure - traefik.http.routers.home-assistant-https.entrypoints=websecure
- traefik.http.routers.home-assistant-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.home-assistant-https.rule=Host(`home-assistant.$DOMAIN_NAME`)
- traefik.http.routers.home-assistant-https.tls=true - traefik.http.routers.home-assistant-https.tls=true
- traefik.http.routers.home-assistant-https.tls.certresolver=cloudflare - traefik.http.routers.home-assistant-https.tls.certresolver=cloudflare
restart: unless-stopped restart: unless-stopped
@@ -52,15 +52,15 @@ in
hass_frontend: hass_frontend:
external: true external: true
''; '';
systemd.services.${container_name} = {
systemd.services.hass = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" "traefik.service" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/immich.nix
+11 -10
View File
@@ -17,7 +17,7 @@ in
services: services:
immich-server: immich-server:
image: ghcr.io/immich-app/immich-server:$IMMICH_VERSION image: ghcr.io/immich-app/immich-server:$IMMICH_VERSION
container_name: ${container_name}-server container_name: immich-server
networks: networks:
immich_frontend: immich_frontend:
immich_backend: immich_backend:
@@ -30,7 +30,7 @@ in
- traefik.http.services.immich.loadbalancer.server.port=2283 - traefik.http.services.immich.loadbalancer.server.port=2283
- traefik.http.services.immich.loadbalancer.server.scheme=http - traefik.http.services.immich.loadbalancer.server.scheme=http
- traefik.http.routers.immich-https.entrypoints=websecure - traefik.http.routers.immich-https.entrypoints=websecure
- traefik.http.routers.immich-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.immich-https.rule=Host(`immich.$DOMAIN_NAME`)
- traefik.http.routers.immich-https.tls=true - traefik.http.routers.immich-https.tls=true
- traefik.http.routers.immich-https.tls.certresolver=cloudflare - traefik.http.routers.immich-https.tls.certresolver=cloudflare
env_file: env_file:
@@ -43,7 +43,7 @@ in
disable: false disable: false
immich-machine-learning: immich-machine-learning:
container_name: ${container_name}-machine-learning container_name: immich-machine-learning
image: ghcr.io/immich-app/immich-machine-learning:$IMMICH_VERSION image: ghcr.io/immich-app/immich-machine-learning:$IMMICH_VERSION
networks: networks:
immich_backend: immich_backend:
@@ -56,7 +56,7 @@ in
disable: false disable: false
immich-redis: immich-redis:
container_name: ${container_name}-redis container_name: immich-redis
image: docker.io/valkey/valkey:8-bookworm@sha256:a137a2b60aca1a75130022d6bb96af423fefae4eb55faf395732db3544803280 image: docker.io/valkey/valkey:8-bookworm@sha256:a137a2b60aca1a75130022d6bb96af423fefae4eb55faf395732db3544803280
networks: networks:
immich_backend: immich_backend:
@@ -65,7 +65,7 @@ in
restart: always restart: always
immich-database: immich-database:
container_name: ${container_name}-database container_name: immich-database
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
networks: networks:
immich_backend: immich_backend:
@@ -89,14 +89,15 @@ in
external: true external: true
''; '';
systemd.services.immich = { systemd.services.${container_name} = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" "traefik.service" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/it-tools.nix
+8 -7
View File
@@ -14,7 +14,7 @@ in
'' ''
services: services:
it-tools: it-tools:
container_name: ${container_name} container_name: it-tools
image: corentinth/it-tools image: corentinth/it-tools
networks: networks:
it-tools: it-tools:
@@ -23,7 +23,7 @@ in
- traefik.http.services.it-tools.loadbalancer.server.port=80 - traefik.http.services.it-tools.loadbalancer.server.port=80
- traefik.http.services.it-tools.loadbalancer.server.scheme=http - traefik.http.services.it-tools.loadbalancer.server.scheme=http
- traefik.http.routers.it-tools-https.entrypoints=websecure - traefik.http.routers.it-tools-https.entrypoints=websecure
- traefik.http.routers.it-tools-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.it-tools-https.rule=Host(`it-tools.$DOMAIN_NAME`)
- traefik.http.routers.it-tools-https.tls=true - traefik.http.routers.it-tools-https.tls=true
- traefik.http.routers.it-tools-https.tls.certresolver=cloudflare - traefik.http.routers.it-tools-https.tls.certresolver=cloudflare
restart: unless-stopped restart: unless-stopped
@@ -32,14 +32,15 @@ in
external: true external: true
''; '';
systemd.services.it-tools = { systemd.services.${container_name} = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" "traefik.service" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/nextcloud.nix
+8 -7
View File
@@ -16,7 +16,7 @@ in
services: services:
nextcloud-aio-mastercontainer: nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest image: nextcloud/all-in-one:latest
container_name: ${container_name}-aio-mastercontainer container_name: nextcloud-aio-mastercontainer
networks: networks:
nextcloud-aio: nextcloud-aio:
volumes: volumes:
@@ -40,7 +40,7 @@ in
- traefik.http.services.nextcloud-aio.loadbalancer.server.port=8080 - traefik.http.services.nextcloud-aio.loadbalancer.server.port=8080
- traefik.http.services.nextcloud-aio.loadbalancer.server.scheme=https - traefik.http.services.nextcloud-aio.loadbalancer.server.scheme=https
- traefik.http.routers.nextcloud-aio-https.entrypoints=websecure - traefik.http.routers.nextcloud-aio-https.entrypoints=websecure
- traefik.http.routers.nextcloud-aio-https.rule=Host(`${container_name}-aio.$DOMAIN_NAME`) - traefik.http.routers.nextcloud-aio-https.rule=Host(`nextcloud-aio.$DOMAIN_NAME`)
- traefik.http.routers.nextcloud-aio-https.tls=true - traefik.http.routers.nextcloud-aio-https.tls=true
- traefik.http.routers.nextcloud-aio-https.tls.certresolver=cloudflare - traefik.http.routers.nextcloud-aio-https.tls.certresolver=cloudflare
init: true init: true
@@ -55,14 +55,15 @@ in
name: nextcloud_aio_mastercontainer name: nextcloud_aio_mastercontainer
''; '';
systemd.services.nextcloud = { systemd.services.${container_name} = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" "traefik.service" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/passbolt.nix
+8 -7
View File
@@ -15,7 +15,7 @@ in
services: services:
passbolt: passbolt:
image: passbolt/passbolt:latest-ce-non-root image: passbolt/passbolt:latest-ce-non-root
container_name: ${container_name} container_name: passbolt
networks: networks:
passbolt_frontend: passbolt_frontend:
passbolt_backend: passbolt_backend:
@@ -60,7 +60,7 @@ in
passbolt-database: passbolt-database:
image: mariadb:11.3 image: mariadb:11.3
container_name: ${container_name}-database container_name: passbolt-database
networks: networks:
passbolt_backend: passbolt_backend:
volumes: volumes:
@@ -84,14 +84,15 @@ in
passbolt-jwt: passbolt-jwt:
''; '';
systemd.services.passbolt = { systemd.services.${container_name} = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" "traefik.service" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/pi-hole.nix
+8 -8
View File
@@ -16,7 +16,7 @@ in
services: services:
pihole: pihole:
image: pihole/pihole:latest image: pihole/pihole:latest
container_name: ${container_name} container_name: pi-hole
networks: networks:
pihole: pihole:
ports: ports:
@@ -51,7 +51,7 @@ in
- traefik.http.services.pihole.loadbalancer.server.port=443 - traefik.http.services.pihole.loadbalancer.server.port=443
- traefik.http.services.pihole.loadbalancer.server.scheme=https - traefik.http.services.pihole.loadbalancer.server.scheme=https
- traefik.http.routers.pihole-https.entrypoints=websecure - traefik.http.routers.pihole-https.entrypoints=websecure
- traefik.http.routers.pihole-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.pihole-https.rule=Host(`pi-hole.$DOMAIN_NAME`)
- traefik.http.routers.pihole-https.tls=true - traefik.http.routers.pihole-https.tls=true
- traefik.http.routers.pihole-https.tls.certresolver=cloudflare - traefik.http.routers.pihole-https.tls.certresolver=cloudflare
restart: unless-stopped restart: unless-stopped
@@ -60,15 +60,15 @@ in
pihole: pihole:
external: true external: true
''; '';
systemd.services.${container_name} = {
systemd.services.pihole = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" "traefik.service" ];
after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose pkgs.podman ];
path = [ pkgs.podman-compose ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
templates/nix-config/podman/traefik.nix
+15 -14
View File
@@ -16,14 +16,14 @@ in
services: services:
traefik: traefik:
image: docker.io/library/traefik:latest image: docker.io/library/traefik:latest
container_name: ${container_name} container_name: pi-hole
networks: networks:
nextcloud-aio: nextcloud-aio:
ipv4_address: 172.16.1.253 ipv4_address: 172.16.10.253
passbolt_frontend: passbolt_frontend:
ipv4_address: 172.16.20.253 ipv4_address: 172.16.20.253
pihole: pihole:
ipv4_address: 172.16.3.253 ipv4_address: 172.16.30.253
hass_frontend: hass_frontend:
ipv4_address: 172.16.40.253 ipv4_address: 172.16.40.253
immich_frontend: immich_frontend:
@@ -31,7 +31,7 @@ in
gitea_frontend: gitea_frontend:
ipv4_address: 172.16.60.253 ipv4_address: 172.16.60.253
it-tools: it-tools:
ipv4_address: 172.16.7.253 ipv4_address: 172.16.70.253
ports: ports:
- 80:80 - 80:80
- 443:443 - 443:443
@@ -47,7 +47,7 @@ in
- traefik.http.services.traefik.loadbalancer.server.port=8080 - traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.http.services.traefik.loadbalancer.server.scheme=http - traefik.http.services.traefik.loadbalancer.server.scheme=http
- traefik.http.routers.traefik-https.entrypoints=websecure - traefik.http.routers.traefik-https.entrypoints=websecure
- traefik.http.routers.traefik-https.rule=Host(`${container_name}.$DOMAIN_NAME`) - traefik.http.routers.traefik-https.rule=Host(`pi-hole.$DOMAIN_NAME`)
- traefik.http.routers.traefik-https.tls=true - traefik.http.routers.traefik-https.tls=true
- traefik.http.routers.traefik-https.tls.certresolver=cloudflare - traefik.http.routers.traefik-https.tls.certresolver=cloudflare
restart: always restart: always
@@ -57,8 +57,8 @@ in
driver: bridge driver: bridge
ipam: ipam:
config: config:
- subnet: "172.16.1.0/24" - subnet: "172.16.10.0/24"
gateway: "172.16.1.254" gateway: "172.16.10.254"
passbolt_backend: passbolt_backend:
name: passbolt_backend name: passbolt_backend
driver: bridge driver: bridge
@@ -78,8 +78,8 @@ in
driver: bridge driver: bridge
ipam: ipam:
config: config:
- subnet: "172.16.3.0/24" - subnet: "172.16.30.0/24"
gateway: "172.16.3.254" gateway: "172.16.30.254"
hass_backend: hass_backend:
name: hass_backend name: hass_backend
driver: bridge driver: bridge
@@ -127,18 +127,19 @@ in
driver: bridge driver: bridge
ipam: ipam:
config: config:
- subnet: "172.16.7.0/24" - subnet: "172.16.70.0/24"
gateway: "172.16.7.254" gateway: "172.16.70.254"
''; '';
systemd.services.traefik = { systemd.services.traefik = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
requires = [ "podman.socket" ]; after = [ "network.target" ];
after = [ "network.target" "podman.socket" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose pkgs.podman ];
serviceConfig = { serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec"; Type = "exec";
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";