numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secrets now working. Try to get disks to mount correctly.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-01-04 09:42:18 +01:00
parent fb551a15cf
commit a4d1681c38
12 changed files with 74 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/nix-config/disks/content.nix
+1
View File
@@ -13,6 +13,7 @@
settings = { settings = {
keyFile = "/etc/secrets/disks/content-${j}"; keyFile = "/etc/secrets/disks/content-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false}; allowDiscards = ${ALLOW_DISCARDS:-false};
options = [ "noauto" ];
}; };
content = { content = {
type = "filesystem"; type = "filesystem";
templates/nix-config/disks/parity.nix
+1
View File
@@ -13,6 +13,7 @@
settings = { settings = {
keyFile = "/etc/secrets/disks/parity-${j}"; keyFile = "/etc/secrets/disks/parity-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false}; allowDiscards = ${ALLOW_DISCARDS:-false};
options = [ "noauto" ];
}; };
content = { content = {
type = "filesystem"; type = "filesystem";
templates/nix-config/podman/frigate.nix
+2 -2
View File
@@ -55,8 +55,8 @@ in
systemd.services.frigate = { systemd.services.frigate = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/gitea.nix
+2 -2
View File
@@ -69,8 +69,8 @@ in
systemd.services.gitea = { systemd.services.gitea = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/home-assistant.nix
+2 -2
View File
@@ -55,8 +55,8 @@ in
systemd.services.hass = { systemd.services.hass = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/immich.nix
+2 -2
View File
@@ -91,8 +91,8 @@ in
systemd.services.immich = { systemd.services.immich = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/it-tools.nix
+2 -2
View File
@@ -34,8 +34,8 @@ in
systemd.services.it-tools = { systemd.services.it-tools = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/nextcloud.nix
+2 -2
View File
@@ -57,8 +57,8 @@ in
systemd.services.nextcloud = { systemd.services.nextcloud = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/passbolt.nix
+2 -2
View File
@@ -86,8 +86,8 @@ in
systemd.services.passbolt = { systemd.services.passbolt = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/pi-hole.nix
+2 -2
View File
@@ -63,8 +63,8 @@ in
systemd.services.pihole = { systemd.services.pihole = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "traefik.service" "podman.socket" ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/podman/traefik.nix
+2 -2
View File
@@ -133,8 +133,8 @@ in
systemd.services.traefik = { systemd.services.traefik = {
description = "Podman container : ${container_name}"; description = "Podman container : ${container_name}";
after = [ "network.target" "docker.socket" ]; requires = [ "podman.socket" ];
requires = [ "network.target" ]; after = [ "network.target" "podman.socket" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman-compose ]; path = [ pkgs.podman-compose ];
templates/nix-config/sops-nix/secrets.yaml
+54 -54
View File
@@ -1,68 +1,68 @@
ssh_public_keys: "$SSH_PUBLIC_KEY" ssh_public_keys: $SSH_PUBLIC_KEY
sender_email_address_password: "$SENDER_EMAIL_ADDRESS_PASSWORD" sender_email_address_password: $SENDER_EMAIL_ADDRESS_PASSWORD
podman: podman:
frigate: | frigate: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
FRIGATE_MQTT_USER="$HOME_ASSISTANT_MQTT_USER" FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
FRIGATE_MQTT_PASSWORD="$HOME_ASSISTANT_MQTT_PASSWORD" FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
gitea: | gitea: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
DB_NAME="$GITEA_DB_NAME" DB_NAME=$GITEA_DB_NAME
DB_USERNAME="$GITEA_DB_USERNAME" DB_USERNAME=$GITEA_DB_USERNAME
DB_PASSWORD="$GITEA_DB_PASSWORD" DB_PASSWORD=$GITEA_DB_PASSWORD
POSTGRES_HOST="gitea-database" POSTGRES_HOST=gitea-database
POSTGRES_PORT="5432" POSTGRES_PORT=5432
home_assistant: | home_assistant: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
HOME_ASSISTANT_MQTT_USER="$HOME_ASSISTANT_MQTT_USER" HOME_ASSISTANT_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
HOME_ASSISTANT_MQTT_PASSWORD="$HOME_ASSISTANT_MQTT_PASSWORD" HOME_ASSISTANT_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
immich: | immich: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
DB_DATABASE_NAME="$IMMICH_DB_NAME" DB_DATABASE_NAME=$IMMICH_DB_NAME
DB_USERNAME="$IMMICH_DB_USERNAME" DB_USERNAME=$IMMICH_DB_USERNAME
DB_PASSWORD="$IMMICH_DB_PASSWORD" DB_PASSWORD=$IMMICH_DB_PASSWORD
IMMICH_VERSION="release" IMMICH_VERSION=release
IMMICH_TRUSTED_PROXIES="172.16.50.253" IMMICH_TRUSTED_PROXIES=172.16.50.253
REDIS_HOSTNAME="immich-redis" REDIS_HOSTNAME=immich-redis
DB_HOSTNAME="immich-database" DB_HOSTNAME=immich-database
UPLOAD_LOCATION="/mnt/data/immich" UPLOAD_LOCATION=/mnt/data/immich
DB_DATA_LOCATION="/mnt/config/immich/database" DB_DATA_LOCATION=/mnt/config/immich/database
TZ="Europe/Paris" TZ=Europe/Paris
it_tools: | it_tools: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
nextcloud: | nextcloud: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
NEXTCLOUD_ENABLE_DRI_DEVICE="$TARGET_GRAPHICS" NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS
passbolt: | passbolt: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
PASSBOLT_MYSQL_DATABASE="$PASSBOLT_DB_NAME" PASSBOLT_MYSQL_DATABASE=$PASSBOLT_DB_NAME
PASSBOLT_MYSQL_USER="$PASSBOLT_DB_USERNAME" PASSBOLT_MYSQL_USER=$PASSBOLT_DB_USERNAME
PASSBOLT_MYSQL_PASSWORD="$PASSBOLT_DB_PASSWORD" PASSBOLT_MYSQL_PASSWORD=$PASSBOLT_DB_PASSWORD
SENDER_EMAIL_ADDRESS="$SENDER_EMAIL_ADDRESS" SENDER_EMAIL_ADDRESS=$SENDER_EMAIL_ADDRESS
SENDER_EMAIL_ADDRESS_PASSWORD="$SENDER_EMAIL_ADDRESS_PASSWORD" SENDER_EMAIL_ADDRESS_PASSWORD=$SENDER_EMAIL_ADDRESS_PASSWORD
SENDER_EMAIL_DOMAIN="$SENDER_EMAIL_DOMAIN" SENDER_EMAIL_DOMAIN=$SENDER_EMAIL_DOMAIN
SENDER_EMAIL_PORT="$SENDER_EMAIL_PORT" SENDER_EMAIL_PORT=$SENDER_EMAIL_PORT
EMAIL_ADDRESS="$EMAIL_ADDRESS" EMAIL_ADDRESS=$EMAIL_ADDRESS
TZ="Europe/Paris" TZ=Europe/Paris
pi_hole: | pi_hole: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
HOME_ROUTER_SUBNET="$HOME_ROUTER_SUBNET" HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET
HOME_ROUTER_IP="$HOME_ROUTER_IP" HOME_ROUTER_IP=$HOME_ROUTER_IP
HOME_SERVER_IP="$HOME_SERVER_IP" HOME_SERVER_IP=$HOME_SERVER_IP
FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD
TZ="Europe/Paris" TZ=Europe/Paris
traefik: | traefik: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME=$DOMAIN_NAME
CF_DNS_API_TOKEN="$CF_DNS_API_TOKEN" CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN
disks: disks:
content-disk-1: "$CONTENT_DISK_1_KEY" content-disk-1: $CONTENT_DISK_1_KEY
content-disk-2: "$CONTENT_DISK_2_KEY" content-disk-2: $CONTENT_DISK_2_KEY
content-disk-3: "$CONTENT_DISK_3_KEY" content-disk-3: $CONTENT_DISK_3_KEY
content-disk-4: "$CONTENT_DISK_4_KEY" content-disk-4: $CONTENT_DISK_4_KEY
content-disk-5: "$CONTENT_DISK_5_KEY" content-disk-5: $CONTENT_DISK_5_KEY
content-disk-6: "$CONTENT_DISK_6_KEY" content-disk-6: $CONTENT_DISK_6_KEY
parity-disk-1: "$PARITY_DISK_1_KEY" parity-disk-1: $PARITY_DISK_1_KEY
parity-disk-2: "$PARITY_DISK_2_KEY" parity-disk-2: $PARITY_DISK_2_KEY
parity-disk-3: "$PARITY_DISK_3_KEY" parity-disk-3: $PARITY_DISK_3_KEY