diff --git a/home-manager/homeserver.nix b/home-manager/homeserver.nix index e9194ed..9161fb5 100644 --- a/home-manager/homeserver.nix +++ b/home-manager/homeserver.nix @@ -20,6 +20,8 @@ defaultSopsFile = ./secrets.yaml; secrets = { vikunja_jwtsecret = {}; + vikunja_dbpassword = {}; + vikunja-db_rootpassword = {}; }; }; } diff --git a/home-manager/homeserver/containers/work_tools.nix b/home-manager/homeserver/containers/work_tools.nix index cbecf51..75a40ae 100644 --- a/home-manager/homeserver/containers/work_tools.nix +++ b/home-manager/homeserver/containers/work_tools.nix @@ -7,36 +7,67 @@ unstablePkgs, ... }: { - services.podman.containers = { - vikunja = { - image = "docker.io/vikunja/vikunja:latest"; - autoUpdate = "registry"; - environment = { - VIKUNJA_SERVICE_JWTSECRET = config.sops.secrets.vikunja_jwtsecret.path; - VIKUNJA_SERVICE_PUBLICURL = "http://bulba.space/"; - VIKUNJA_DATABASE_PATH = "/db/vikunja.db"; - }; - volumes = [ - "/home/cianh/vikunja/files:/app/vikunja/files" - "/home/cianh/vikunja/db:/db" - ]; - ports = ["3456:3456"]; + services.podman = { + networks = { + vikunja-net = {}; }; - freshrss = { - image = "docker.io/freshrss/freshrss:latest"; - autoUpdate = "registry"; - environment = { - TZ = "Europe/Dublin"; - CRON_MIN = "1,31"; + containers = { + vikunja = { + image = "docker.io/vikunja/vikunja:latest"; + autoUpdate = "registry"; + network = "vikunja-net"; + environment = { + VIKUNJA_SERVICE_JWTSECRET = config.sops.secrets.vikunja_jwtsecret.path; + VIKUNJA_SERVICE_PUBLICURL = "http://192.168.0.254:3456/"; + VIKUNJA_DATABASE_PATH = "/db/vikunja.db"; + VIKUNJA_DATABASE_TYPE = "mysql"; + VIKUNJA_DATABASE_DATABASE = "vikunja"; + VIKUNJA_DATABASE_HOST = "vikunja-db"; + VIKUNJA_DATABASE_USER = "vikunja"; + VIKUNJA_DATABASE_PASSWORD = config.sops.secrets.vikunja_dbpassword.path; + }; + volumes = [ + "/home/cianh/vikunja/files:/app/vikunja/files" + ]; + ports = ["3456:3456"]; + extraConfig = { + Unit = { + After = "podman-vikunja-db.service"; + Requires = "podman-vikunja-db.service"; + }; + }; + }; + vikunja-db = { + image = "docker.io/library/mariadb:10"; + autoUpdate = "registry"; + network = "vikunja-net"; + exec = "--character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"; + environment = { + MYSQL_ROOT_PASSWORD = config.sops.secrets.vikunja-db_rootpassword.path; + MYSQL_USER = "vikunja"; + MYSQL_PASSWORD = config.sops.secrets.vikunja_dbpassword.path; + MYSQL_DATABASE = "vikunja"; + }; + volumes = [ + "/home/cianh/vikunja/db:/var/lib/mysql" + ]; + }; + freshrss = { + image = "docker.io/freshrss/freshrss:latest"; + autoUpdate = "registry"; + environment = { + TZ = "Europe/Dublin"; + CRON_MIN = "1,31"; + }; + volumes = [ + "/home/cianh/freshrss/data:/var/www/FreshRSS/data" + "/home/cianh/freshrss/extensions:/var/www/FreshRSS/extensions" + ]; + ports = ["3457:80"]; + extraPodmanArgs = [ + "--log-opt max-size=10m" + ]; }; - volumes = [ - "/home/cianh/freshrss/data:/var/www/FreshRSS/data" - "/home/cianh/freshrss/extensions:/var/www/FreshRSS/extensions" - ]; - ports = ["3457:80"]; - extraPodmanArgs = [ - "--log-opt max-size=10m" - ]; }; }; } diff --git a/home-manager/secrets.yaml b/home-manager/secrets.yaml index 0815060..61229d8 100644 --- a/home-manager/secrets.yaml +++ b/home-manager/secrets.yaml @@ -1,4 +1,6 @@ -vikunja_jwtsecret: ENC[AES256_GCM,data:Ri2wYlmWJMS1V1U84msjzg40OEyTNjcm33Bsw46FYLgMUn/n59Smipyh+bjUudDOiNZeTRtciRhKFjB7qGt2Vw==,iv:zTzV3WouxI4lxEMReUnu4EKyC0hBd9ZFHRSb1rLvs38=,tag:8QEfipKFn4yJwl3ImC6lDw==,type:str] +vikunja_jwtsecret: ENC[AES256_GCM,data:KPR1aGrXgtWX1jf+CSlKxCpiCo+iqKGQMiqPBL9QgUCVCne+7o8LTRjeZte4w+KxozZeA+f9kcrYMypt16XthQ==,iv:Mb6nFjq6tD+fNyaAGUz9bO9/0kZCE/CysFf2r/+VL9k=,tag:Z4NTEXjWXTiyUuatESPlxQ==,type:str] +vikunja_dbpassword: ENC[AES256_GCM,data:OVcultYfgnJQhQ2oNWwYfRyAyWnS8g84CcXQMCY2jCw=,iv:L4hL9LSKo2JxSTlKkbgPUdVy6Wm7EeyLyfY2khr3lJw=,tag:a5n3/YYuSzMDkum/4i1BXA==,type:str] +vikunja-db_rootpassword: ENC[AES256_GCM,data:UuFtVJFfx1rSJXbRonICS4apmwuQs6Qhub62rI2CXjUduX1HNwN/KL0isqM=,iv:EmGYwuTuAMmguXQZfj9Er42rOHZBmvxuVe/X2WlLb1c=,tag:q+Uyau+FggRNpVn2+OaLqw==,type:str] sops: kms: [] gcp_kms: [] @@ -8,14 +10,14 @@ sops: - recipient: age15x4h66uk6ct3436e6r4l0tkpf86e7jzl3lqd2acndq2jjvq5za3stqg2fy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TU5UWE5XU0ZtekNHSFVo - U1N6VGhyRlRuTkxiOGR0SU9hUndjN2xLOEVFCktNb3M4MzF2WWJlRG5lWTdJbVhl - TTcwL2ZLVzB2SXNsWE55VEhOaTg3M0UKLS0tIEZCR2tzZFlqTy9OdUwrRkZwWDFF - VjBIa05Gc0xxeDlrTUo2Wlc0R1Z4c0kKIWQlPSxK9nt5YG5cINZqtwh+atzFdXsU - 2dxKy4BMiZqsuF3lGoGpOg0yXyNlE91UJwkymk8tJK9KXrqf4biq7Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoK21XZ3EvUG0zbW0vcXdn + RXBHbHRkYnVYU2FuTlFVdUhhQTYwZGNFelVFCmEyQ2l1S2lxeVhHc3dCR3h5WVpv + WkE1ci8vTGtiTFM0MGJvd3hiRGFkNUkKLS0tIGlXU3JxT2t5a2VBTEF5WVgwellk + UUxtN2xwM2NyU3RKT1RZTkpkT2ZEYTAKaIouMAelGffEMZI5eyycJQpIdGi3jAS0 + DJ0NrV54goQnUcwGrmn8aHZ6tWpS6nWMI/Ieo2fmATJxB6S5AtSyKg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-30T00:51:36Z" - mac: ENC[AES256_GCM,data:AdbgKxiJR/dWAZ2goNKOcf/gvyrpjeihMaL73w36+reQvn95O0Uwyou9f0Wujf5AZan5J0YKfLrr/850bL9K0f8JnNUcxLg2wAjxVi0NgZqqEWJAPLuxMly2WXJYWKCFRZNyRcwzvVPVp/R95EF0eHqchlCnYYO+B0fDJaqwVLE=,iv:wHMqe7QVD/NEeeX9AapVcwhkmei0tOOIjP3UVB1ZGtM=,tag:9iBIma3IrDQu7syDD4H1GA==,type:str] + lastmodified: "2025-01-30T02:59:50Z" + mac: ENC[AES256_GCM,data:SgkPz7H0wTqxHVUN/udFMXShFYdcdpJJWNDBBJKh+/i4j03E/mMd04cKmV9KDJufbkWFWCluit0y6tfnhg83CZp/cgviJf5VMur28UfsmyvVGJqFO51KdtYoH1IB5hZdt2sID/CJ0rCfDZ5qHkzn7tzFpIn38OllMNITM1WM9GM=,iv:OzRDmRm6p5LcwRrW5d0OA0mVRSH09RUjVK20Q+hPOSw=,tag:KW96+/9kqGH48HbHp5FeOA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2