daniel/dotfiles
1
0
Fork 0
Code Actions Activity

matrix: Switch to oci-containers config

Browse source
This commit is contained in:
Daniel Kempkens 2023-03-19 00:54:53 +01:00
parent eb9404d83c
commit 3c51268d2f
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
6 changed files with 80 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
agenix/hosts/sail/config.nix
View file

@ -54,6 +54,10 @@
group = "matrix-synapse"; group = "matrix-synapse";
}; };
signald-environment = {
file = ./signald/environment.age;
};
mosquitto-password-weewx-proxy = { mosquitto-password-weewx-proxy = {
file = ./mosquitto/passwordWeewxProxy.age; file = ./mosquitto/passwordWeewxProxy.age;
owner = "mosquitto"; owner = "mosquitto";

12
agenix/hosts/sail/signald/environment.age Normal file
View file

@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBnOFBF
VGgxaWd4TFI3Kzc1MTVOZ3oyTkw5OUFJQ1VvejhPVFpBaG5LZlIwCnZldWd2OGNS
a3dSaEZzOWdKaHRCdjJSWXRzM3F0bFZZTEVhYWROdUVOSEkKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IGtQMS9ubGIwaXB2SHlQV1JwUHk0T2orN1VxQ1p3THVlU1ovcW5j
VU5QUmsKdkNVbW90bVhjNW5BZkVya1ViS0lRY0kvT05IK3pNc2JJcFlWd2xxcElM
QQotPiBnLWdyZWFzZSBKbyRNY0s/Ck9QQy83OCtKNUpCYnhBCi0tLSBzNFB2eTJ5
c2p2bHhMeWdSMTBXTmoyaExST1lpZmJsSEt3UmdHbGJEZnhvCvqkLX1gUWNIX4gQ
5hj/S53ekxGqauFA0b+DZ+JxORK90CdRHvenBUeuxfqwjPwlQQXwmL2DDoTVU2qu
HlMitZrjsV8pcHm6HXOdOPBldWbpfvr1ET/rM7OEo5eW/EPqdTvsgLHjKetsra3V
4eqciGp4HlcEQPU6p9i9R0Kv
-----END AGE ENCRYPTED FILE-----

25
container/matrix/config.nix
View file

@ -1,25 +0,0 @@
{
systemd.tmpfiles.rules = [
"d /etc/container-matrix/signald 0775 0 0"
"d /etc/container-matrix/signal 0775 1337 1337"
"d /etc/container-matrix/whatsapp 0775 1337 1337"
];
# Matrix: Signal
environment.etc."container-matrix/signal/config.yaml" = {
source = ../../secret/container/matrix/config/signal.yaml;
mode = "0640";
uid = 1337;
gid = 1337;
};
# Matrix: WhatsApp
environment.etc."container-matrix/whatsapp/config.yaml" = {
source = ../../secret/container/matrix/config/whatsapp.yaml;
mode = "0640";
uid = 1337;
gid = 1337;
};
}

78
container/matrix/default.nix
View file

@ -1,61 +1,67 @@
let { config, ... }:
secret = import ../../secret/container/matrix;
custom-config = import ./config.nix;
in
{ {
virtualisation.arion.projects.matrix.settings = { virtualisation.oci-containers.containers = {
services = {
signald = { signald = {
service = {
image = "registry.gitlab.com/signald/signald:latest"; image = "registry.gitlab.com/signald/signald:latest";
container_name = "signald"; environmentFiles = [ config.age.secrets.signald-environment.path ];
restart = "unless-stopped";
volumes = [ volumes = [
"/etc/container-matrix/signald:/signald" "/etc/container-matrix/signald:/signald"
]; ];
environment = { extraOptions = [
SIGNALD_DATABASE = secret.container.matrix.signald.environment.database; "--label=com.centurylinklabs.watchtower.enable=true"
}; "--label=io.containers.autoupdate=registry"
labels = { ];
"com.centurylinklabs.watchtower.enable" = "true";
"io.containers.autoupdate" = "registry";
};
};
}; };
matrix-signal = { matrix-signal = {
service = {
image = "dock.mau.dev/mautrix/signal:latest"; image = "dock.mau.dev/mautrix/signal:latest";
container_name = "mautrix-signal"; dependsOn = [ "signald" ];
restart = "unless-stopped"; ports = [ "127.0.0.1:29328:29328" ];
depends_on = [ "signald" ];
ports = [ "29328:29328" ];
volumes = [ volumes = [
"/etc/container-matrix/signal:/data" "/etc/container-matrix/signal:/data"
"/etc/container-matrix/signald:/signald" "/etc/container-matrix/signald:/signald"
]; ];
labels = { extraOptions = [
"com.centurylinklabs.watchtower.enable" = "true"; "--label=com.centurylinklabs.watchtower.enable=true"
"io.containers.autoupdate" = "registry"; "--label=io.containers.autoupdate=registry"
}; ];
};
}; };
matrix-whatsapp = { matrix-whatsapp = {
service = {
image = "dock.mau.dev/mautrix/whatsapp:latest"; image = "dock.mau.dev/mautrix/whatsapp:latest";
container_name = "mautrix-whatsapp"; ports = [ "127.0.0.1:29318:29318" ];
restart = "unless-stopped";
ports = [ "29318:29318" ];
volumes = [ volumes = [
"/etc/container-matrix/whatsapp:/data" "/etc/container-matrix/whatsapp:/data"
]; ];
labels = { extraOptions = [
"com.centurylinklabs.watchtower.enable" = "true"; "--label=com.centurylinklabs.watchtower.enable=true"
"io.containers.autoupdate" = "registry"; "--label=io.containers.autoupdate=registry"
];
}; };
}; };
systemd.tmpfiles.rules = [
"d /etc/container-matrix/signald 0775 0 0"
"d /etc/container-matrix/signal 0775 1337 1337"
"d /etc/container-matrix/whatsapp 0775 1337 1337"
];
# Matrix: Signal
environment.etc."container-matrix/signal/config.yaml" = {
source = ../../secret/container/matrix/config/signal.yaml;
mode = "0640";
uid = 1337;
gid = 1337;
}; };
# Matrix: WhatsApp
environment.etc."container-matrix/whatsapp/config.yaml" = {
source = ../../secret/container/matrix/config/whatsapp.yaml;
mode = "0640";
uid = 1337;
gid = 1337;
}; };
}; }
} // custom-config

BIN
secret/container/matrix/default.nix
View file

Binary file not shown.

2
secrets.nix
View file

@ -19,6 +19,8 @@ in
"agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail; "agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail;
"agenix/hosts/sail/signald/environment.age".publicKeys = sail;
"agenix/hosts/sail/mosquitto/passwordWeewxProxy.age".publicKeys = sail; "agenix/hosts/sail/mosquitto/passwordWeewxProxy.age".publicKeys = sail;
"agenix/hosts/sail/mosquitto/passwordWeewx.age".publicKeys = sail; "agenix/hosts/sail/mosquitto/passwordWeewx.age".publicKeys = sail;