WIP: portainer service and host

2025-01-06 15:39:09 +01:00 · 2025-01-06 15:39:09 +01:00 · 350fe15576
commit 350fe15576
parent 2673c763d5
11 changed files with 182 additions and 2 deletions
--- a/modules/monitoring/prometheus.nix
+++ b/modules/monitoring/prometheus.nix
@ -41,6 +41,8 @@ in
  config = lib.mkMerge [
    (lib.mkIf cfg.enable {

+      age.secrets.searx-prometheus-secret.file = ../../secrets/searx-prometheus-secret.age;
+
      services.prometheus = {
        enable = true;
        scrapeConfigs = [
--- a/modules/virtualisation/default.nix
+++ b/modules/virtualisation/default.nix
@ -6,5 +6,6 @@
    ./lxc-guest.nix
    ./podman.nix
    ./podman-pod.nix
+    ./portainer.nix
  ];
 }
--- a/modules/virtualisation/docker.nix
+++ b/modules/virtualisation/docker.nix
@ -22,7 +22,7 @@ in
        };
      };

-      oci-containers.backend = "podman";
+      oci-containers.backend = "docker";

    };
  };
--- a/modules/virtualisation/portainer.nix
+++ b/modules/virtualisation/portainer.nix
@ -0,0 +1,103 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.virtualisation.portainer;
+in
+{
+  options.my.virtualisation.portainer = {
+    enable = lib.mkEnableOption "Run Portainer";
+
+    version = lib.mkOption {
+      type = lib.types.str;
+      default = "latest";
+      description = ''
+        Portainer version to use, default is latest
+      '';
+    };
+
+    portainerDataDir = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/portainer";
+      description = ''
+        Where Portainer will save its data
+      '';
+    };
+
+    enableWatchtower = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable Watchtower to automatically update Portainer
+      '';
+    };
+
+    environmentSecrets = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+      description = ''
+        Secrets for container in a environment file
+      '';
+    };
+
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    my.virtualisation.docker.enable = true;
+
+    virtualisation.oci-containers = {
+      backend = "docker"; # Use Docker as the backend
+
+      containers = {
+        portainer = {
+          image = "portainer/portainer-ce:latest";
+          ports = [ "9000:9000" ];
+          volumes = [
+            "/var/run/docker.sock:/var/run/docker.sock"
+            "${cfg.portainerDataDir}:/data" # Add persistent volume for Portainer data
+          ];
+          environmentFiles = [ cfg.environmentSecrets ];
+          labels = {
+            "com.centurylinklabs.watchtower.enable" = "true";
+          };
+          autoStart = true;
+        };
+
+        watchtower = lib.mkIf cfg.enableWatchtower {
+          image = "containrrr/watchtower";
+          volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
+          autoStart = true;
+          environmentFiles = [ cfg.environmentSecrets ];
+          environment = {
+            "TZ" = "Europe/Rome";
+            "WATCHTOWER_CLEANUP" = "true";
+            "WATCHTOWER_SCHEDULE" = "0 0 4 * * *"; # Run every day at 4am
+            "WATCHTOWER_LABEL_ENABLE" = "true"; # Only update labeled containers
+            "WATCHTOWER_NOTIFICATIONS" = "shoutrrr"; # Use shoutrrr for notifications
+          };
+        };
+
+      };
+    };
+
+    # Ensure the directory exists and has the correct permissions
+    systemd.tmpfiles.settings = {
+      "10-portainerDataDir" = {
+        ${cfg.portainerDataDir} = {
+          d = {
+            group = "root";
+            mode = "0755";
+            user = "root";
+          };
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 9000 ];
+
+  };
+}