diff --git a/container/adsb/config.nix b/container/adsb/config.nix deleted file mode 100644 index 569d2ce..0000000 --- a/container/adsb/config.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - systemd.tmpfiles.rules = [ - "d /etc/container-adsb 0755 root root" - - "d /etc/container-adsb/readsb 0755 1000 1000" - "d /etc/container-adsb/readsb/autogain 0755 1000 1000" - - "d /etc/container-adsb/tar1090 0755 1000 1000" - "d /etc/container-adsb/tar1090/heatmap 0755 1000 1000" - ]; -} diff --git a/container/adsb/default.nix b/container/adsb/default.nix index f2a47f1..9fa2234 100644 --- a/container/adsb/default.nix +++ b/container/adsb/default.nix @@ -1,147 +1,131 @@ let secret = import ../../secret/container/adsb; - custom-config = import ./config.nix; in { - virtualisation.arion.projects.adsb.settings = { - services = { - readsb = { - service = { - image = "ghcr.io/sdr-enthusiasts/docker-readsb-protobuf:latest"; - container_name = "readsb"; - hostname = "readsb"; - restart = "unless-stopped"; - environment = { - "TZ" = "Europe/Berlin"; - "DISABLE_PERFORMANCE_GRAPHS" = "true"; - "DISABLE_WEBAPP" = "true"; - "READSB_NET_ENABLE" = "true"; - "READSB_DCFILTER" = "true"; - "READSB_FIX" = "true"; - "READSB_GAIN" = "autogain"; - "READSB_LAT" = secret.container.adsb.readsb.lat; - "READSB_LON" = secret.container.adsb.readsb.lon; - "READSB_MODEAC" = "true"; - "READSB_RX_LOCATION_ACCURACY" = "2"; - }; - devices = [ "/dev/bus/usb:/dev/bus/usb" ]; - volumes = [ - "/etc/container-adsb/readsb/autogain:/run/autogain" - ]; - tmpfs = [ - "/run:exec,size=64M" - "/var/log:size=32M" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - }; - }; + virtualisation.oci-containers.containers = { + readsb = { + image = "ghcr.io/sdr-enthusiasts/docker-readsb-protobuf:latest"; + environment = { + "TZ" = "Europe/Berlin"; + "DISABLE_PERFORMANCE_GRAPHS" = "true"; + "DISABLE_WEBAPP" = "true"; + "READSB_NET_ENABLE" = "true"; + "READSB_DCFILTER" = "true"; + "READSB_FIX" = "true"; + "READSB_GAIN" = "autogain"; + "READSB_LAT" = secret.container.adsb.readsb.lat; + "READSB_LON" = secret.container.adsb.readsb.lon; + "READSB_MODEAC" = "true"; + "READSB_RX_LOCATION_ACCURACY" = "2"; }; + volumes = [ + "/etc/container-adsb/readsb/autogain:/run/autogain" + ]; + extraOptions = [ + "--device=/dev/bus/usb:/dev/bus/usb" + "--tmpfs=/run:exec,size=64M" + "--tmpfs=/var/log:size=32M" + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; + }; - mlathub = { - service = { - image = "ghcr.io/sdr-enthusiasts/docker-readsb-protobuf:latest"; - container_name = "mlathub"; - hostname = "mlathub"; - restart = "unless-stopped"; - depends_on = [ "readsb" "piaware" ]; - environment = { - "TZ" = "Europe/Berlin"; - "DISABLE_PERFORMANCE_GRAPHS" = "true"; - "DISABLE_WEBAPP" = "true"; - "READSB_NET_ENABLE" = "true"; - "READSB_NET_ONLY" = "true"; - "READSB_FORWARD_MLAT" = "true"; - "READSB_NET_CONNECTOR" = "piaware,30105,beast_in"; - "READSB_NET_BEAST_OUTPUT_PORT" = "30105"; - }; - tmpfs = [ - "/run:exec,size=64M" - "/var/log:size=32M" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - }; - }; + mlathub = { + image = "ghcr.io/sdr-enthusiasts/docker-readsb-protobuf:latest"; + dependsOn = [ "readsb" "piaware" ]; + environment = { + "TZ" = "Europe/Berlin"; + "DISABLE_PERFORMANCE_GRAPHS" = "true"; + "DISABLE_WEBAPP" = "true"; + "READSB_NET_ENABLE" = "true"; + "READSB_NET_ONLY" = "true"; + "READSB_FORWARD_MLAT" = "true"; + "READSB_NET_CONNECTOR" = "piaware,30105,beast_in"; + "READSB_NET_BEAST_OUTPUT_PORT" = "30105"; }; + extraOptions = [ + "--tmpfs=/run:exec,size=64M" + "--tmpfs=/var/log:size=32M" + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; + }; - tar1090 = { - service = { - image = "ghcr.io/sdr-enthusiasts/docker-tar1090:latest"; - container_name = "tar1090"; - restart = "unless-stopped"; - depends_on = [ "readsb" "mlathub" ]; - ports = [ "8081:80" ]; - environment = { - "TZ" = "Europe/Berlin"; - "BEASTHOST" = "readsb"; - "BEASTPORT" = "30005"; - "MLATHOST" = "mlathub"; - "MLATPORT" = "30105"; - "LAT" = secret.container.adsb.readsb.lat; - "LONG" = secret.container.adsb.readsb.lon; - "HEYWHATSTHAT_PANORAMA_ID" = secret.container.adsb.tar1090.heywhatsthatId; - "TAR1090_FLIGHTAWARELINKS" = "true"; - "TAR1090_DISPLAYUNITS" = "metric"; - }; - volumes = [ - "/etc/container-adsb/tar1090/heatmap:/var/globe_history" - ]; - tmpfs = [ - "/run:exec,size=64M" - "/var/log" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - }; - }; + tar1090 = { + image = "ghcr.io/sdr-enthusiasts/docker-tar1090:latest"; + dependsOn = [ "readsb" "mlathub" ]; + ports = [ "8081:80" ]; + environment = { + "TZ" = "Europe/Berlin"; + "BEASTHOST" = "readsb"; + "BEASTPORT" = "30005"; + "MLATHOST" = "mlathub"; + "MLATPORT" = "30105"; + "LAT" = secret.container.adsb.readsb.lat; + "LONG" = secret.container.adsb.readsb.lon; + "HEYWHATSTHAT_PANORAMA_ID" = secret.container.adsb.tar1090.heywhatsthatId; + "TAR1090_FLIGHTAWARELINKS" = "true"; + "TAR1090_DISPLAYUNITS" = "metric"; }; + volumes = [ + "/etc/container-adsb/tar1090/heatmap:/var/globe_history" + ]; + extraOptions = [ + "--tmpfs=/run:exec,size=64M" + "--tmpfs=/var/log" + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; + }; - fr24feed = { - service = { - image = "ghcr.io/sdr-enthusiasts/docker-flightradar24:latest"; - container_name = "fr24feed"; - restart = "unless-stopped"; - depends_on = [ "readsb" ]; - environment = { - "TZ" = "Europe/Berlin"; - "BEASTHOST" = "readsb"; - "BEASTPORT" = "30005"; - "MLAT" = "yes"; - "FR24KEY" = secret.container.adsb.fr24feed.key; - }; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - }; - }; + fr24feed = { + image = "ghcr.io/sdr-enthusiasts/docker-flightradar24:latest"; + dependsOn = [ "readsb" ]; + environment = { + "TZ" = "Europe/Berlin"; + "BEASTHOST" = "readsb"; + "BEASTPORT" = "30005"; + "MLAT" = "yes"; + "FR24KEY" = secret.container.adsb.fr24feed.key; }; + extraOptions = [ + "--tmpfs=/run:exec,size=64M" + "--tmpfs=/var/log" + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; + }; - piaware = { - service = { - image = "ghcr.io/sdr-enthusiasts/docker-piaware:latest"; - container_name = "piaware"; - restart = "unless-stopped"; - depends_on = [ "readsb" ]; - environment = { - "TZ" = "Europe/Berlin"; - "RECEIVER_TYPE" = "relay"; - "BEASTHOST" = "readsb"; - "BEASTPORT" = "30005"; - "ALLOW_MLAT" = "yes"; - "MLAT_RESULTS" = "yes"; - "LAT" = secret.container.adsb.readsb.lat; - "LONG" = secret.container.adsb.readsb.lon; - "FEEDER_ID" = secret.container.adsb.piaware.feederId; - }; - tmpfs = [ - "/run:exec,size=64M" - "/var/log" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - }; - }; + piaware = { + image = "ghcr.io/sdr-enthusiasts/docker-piaware:latest"; + dependsOn = [ "readsb" ]; + environment = { + "TZ" = "Europe/Berlin"; + "RECEIVER_TYPE" = "relay"; + "BEASTHOST" = "readsb"; + "BEASTPORT" = "30005"; + "ALLOW_MLAT" = "yes"; + "MLAT_RESULTS" = "yes"; + "LAT" = secret.container.adsb.readsb.lat; + "LONG" = secret.container.adsb.readsb.lon; + "FEEDER_ID" = secret.container.adsb.piaware.feederId; }; + extraOptions = [ + "--tmpfs=/run:exec,size=64M" + "--tmpfs=/var/log" + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; }; }; -} // custom-config + + systemd.tmpfiles.rules = [ + "d /etc/container-adsb 0755 root root" + + "d /etc/container-adsb/readsb 0755 1000 1000" + "d /etc/container-adsb/readsb/autogain 0755 1000 1000" + + "d /etc/container-adsb/tar1090 0755 1000 1000" + "d /etc/container-adsb/tar1090/heatmap 0755 1000 1000" + ]; +} diff --git a/container/matrix/default.nix b/container/matrix/default.nix index 40945cc..d112057 100644 --- a/container/matrix/default.nix +++ b/container/matrix/default.nix @@ -44,6 +44,11 @@ }; }; + networking.firewall.interfaces."podman+" = { + allowedUDPPorts = [ 443 ]; + allowedTCPPorts = [ 443 ]; + }; + systemd.tmpfiles.rules = [ "d /etc/container-matrix/signald 0775 0 0" "d /etc/container-matrix/signal 0775 1337 1337" diff --git a/system/hosts/adsb-antenna.nix b/system/hosts/adsb-antenna.nix index 1d4b8b4..1d27423 100644 --- a/system/hosts/adsb-antenna.nix +++ b/system/hosts/adsb-antenna.nix @@ -14,7 +14,7 @@ in ../nixos/git.nix - (import ../nixos/arion.nix (args // { inherit secret; })) + ../nixos/arion.nix ../../container/adsb ]; diff --git a/system/nixos/arion.nix b/system/nixos/arion.nix index 61791a2..c479213 100644 --- a/system/nixos/arion.nix +++ b/system/nixos/arion.nix @@ -25,7 +25,7 @@ }; networking.firewall.interfaces."podman+" = { - allowedUDPPorts = [ 53 443 ]; - allowedTCPPorts = [ 53 443 ]; + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; }; }