pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

caddy support multi domain

Browse source
This commit is contained in:
pazpi 2025-01-06 18:24:12 +01:00
parent f15e521895
commit fdcc829acf
13 changed files with 344 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

138
modules/virtualisation/portainer.nix
View file

@ -43,61 +43,103 @@ in
'';
};
};
config = lib.mkIf cfg.enable {
my.virtualisation.docker.enable = true;
virtualisation.oci-containers = {
backend = "docker"; # Use Docker as the backend
containers = {
portainer = {
image = "portainer/portainer-ce:latest";
ports = [ "9000:9000" ];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${cfg.portainerDataDir}:/data" # Add persistent volume for Portainer data
];
environmentFiles = [ cfg.environmentSecrets ];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
};
autoStart = true;
};
watchtower = lib.mkIf cfg.enableWatchtower {
image = "containrrr/watchtower";
volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
autoStart = true;
environmentFiles = [ cfg.environmentSecrets ];
environment = {
"TZ" = "Europe/Rome";
"WATCHTOWER_CLEANUP" = "true";
"WATCHTOWER_SCHEDULE" = "0 0 4 * * *"; # Run every day at 4am
"WATCHTOWER_LABEL_ENABLE" = "true"; # Only update labeled containers
"WATCHTOWER_NOTIFICATIONS" = "shoutrrr"; # Use shoutrrr for notifications
};
};
proxy = {
enable = lib.mkEnableOption "Set the proxy entry for this service";
domain = lib.mkOption {
default = "example.com";
type = lib.types.str;
description = ''
The domain where Caddy is reachable
'';
};
subdomain = lib.mkOption {
default = "portainer";
type = lib.types.str;
description = ''
The subdomain where Portainer will be reachable
'';
};
host = lib.mkOption {
default = "localhost";
type = lib.types.str;
description = ''
host name where the download manager stack is running
'';
};
};
# Ensure the directory exists and has the correct permissions
systemd.tmpfiles.settings = {
"10-portainerDataDir" = {
${cfg.portainerDataDir} = {
d = {
group = "root";
mode = "0755";
user = "root";
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
my.virtualisation.docker.enable = true;
virtualisation.oci-containers = {
backend = "docker"; # Use Docker as the backend
containers = {
portainer = {
image = "portainer/portainer-ce:latest";
ports = [ "9000:9000" ];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${cfg.portainerDataDir}:/data" # Add persistent volume for Portainer data
];
environmentFiles = [ cfg.environmentSecrets ];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
};
autoStart = true;
};
watchtower = lib.mkIf cfg.enableWatchtower {
image = "containrrr/watchtower";
volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
autoStart = true;
environmentFiles = [ cfg.environmentSecrets ];
environment = {
"TZ" = "Europe/Rome";
"WATCHTOWER_CLEANUP" = "true";
"WATCHTOWER_SCHEDULE" = "0 0 4 * * *"; # Run every day at 4am
"WATCHTOWER_LABEL_ENABLE" = "true"; # Only update labeled containers
"WATCHTOWER_NOTIFICATIONS" = "shoutrrr"; # Use shoutrrr for notifications
};
};
};
};
# Ensure the directory exists and has the correct permissions
systemd.tmpfiles.settings = {
"10-portainerDataDir" = {
${cfg.portainerDataDir} = {
d = {
group = "root";
mode = "0755";
user = "root";
};
};
};
};
};
networking.firewall.allowedTCPPorts = [ 9000 ];
networking.firewall.allowedTCPPorts = [ 9000 ];
})
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."${subdomain}.${domain}".extraConfig = ''
reverse_proxy http://${host}:9000
import cloudflare_${domain}
'';
};
})
];
};
}