From 8cbe613757dac41d007d7c5eac2b082678f84ee0 Mon Sep 17 00:00:00 2001 From: Sokhibjon Orzikulov Date: Tue, 2 Jul 2024 04:46:14 +0500 Subject: [PATCH] maid + docker with gcs --- modules/nixos/default.nix | 4 +- modules/nixos/docker.nix | 23 +++ modules/nixos/maid.nix | 27 +++ modules/server/container/kolyma-1.nix | 113 +++++------ modules/server/container/kolyma-2.nix | 233 +++++++++++----------- modules/server/container/kolyma-3.nix | 157 +++++++-------- nixos/kolyma-1/configuration.nix | 1 + nixos/kolyma-1/hardware-configuration.nix | 3 +- nixos/kolyma-2/configuration.nix | 1 + nixos/kolyma-3/configuration.nix | 1 + nixos/kolyma-3/hardware-configuration.nix | 2 +- 11 files changed, 296 insertions(+), 269 deletions(-) create mode 100644 modules/nixos/docker.nix create mode 100644 modules/nixos/maid.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 9447c13..b2cb3d9 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -4,9 +4,11 @@ # List your module files here ssh = import ./ssh.nix; zsh = import ./zsh.nix; + users = import ./users; + maid = import ./maid.nix; boot = import ./boot.nix; data = import ./data.nix; - users = import ./users; + docker = import ./docker.nix; network = import ./network.nix; nixpkgs = import ./nixpkgs.nix; } diff --git a/modules/nixos/docker.nix b/modules/nixos/docker.nix new file mode 100644 index 0000000..5015cde --- /dev/null +++ b/modules/nixos/docker.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + config = { + virtualisation = { + docker = { + enable = true; + enableOnBoot = true; + autoPrune = { + enable = true; + dates = "daily"; + }; + }; + oci-containers = { + backend = "docker"; + }; + }; + }; +} diff --git a/modules/nixos/maid.nix b/modules/nixos/maid.nix new file mode 100644 index 0000000..b8ecbca --- /dev/null +++ b/modules/nixos/maid.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + config = { + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + system.autoUpgrade = { + enable = true; + flake = inputs.self.outPath; + flags = [ + "--update-input" + "nixpkgs" + "-L" # print build logs + ]; + dates = "23:59"; + randomizedDelaySec = "10min"; + }; + }; +} diff --git a/modules/server/container/kolyma-1.nix b/modules/server/container/kolyma-1.nix index de444b3..74438b1 100644 --- a/modules/server/container/kolyma-1.nix +++ b/modules/server/container/kolyma-1.nix @@ -2,74 +2,65 @@ config, lib, pkgs, + outputs, ... }: { - # Enabling docker - config = { - virtualisation = { - docker = { - enable = true; - enableOnBoot = true; - autoPrune.enable = true; - }; - oci-containers = { - backend = "docker"; - }; - }; + imports = [ + outputs.nixosModules.docker + ]; - virtualisation.oci-containers.containers = { - # _ __ __ _ __ - # | | / /__ / /_ _____(_) /____ - # | | /| / / _ \/ __ \/ ___/ / __/ _ \ - # | |/ |/ / __/ /_/ (__ ) / /_/ __/ - # |__/|__/\___/_.___/____/_/\__/\___/ - website = { - image = "ghcr.io/kolyma-labs/gate:master"; - ports = ["8440:80"]; - }; + virtualisation.oci-containers.containers = { + # _ __ __ _ __ + # | | / /__ / /_ _____(_) /____ + # | | /| / / _ \/ __ \/ ___/ / __/ _ \ + # | |/ |/ / __/ /_/ (__ ) / /_/ __/ + # |__/|__/\___/_.___/____/_/\__/\___/ + website = { + image = "ghcr.io/kolyma-labs/gate:master"; + ports = ["8440:80"]; + }; - # __ ___ ______ - # / |/ /___ __ ______ ______________ _/ __/ /_ - # / /|_/ / __ \/ / / / __ \/ ___/ ___/ __ `/ /_/ __/ - # / / / / /_/ / /_/ / / / / /__/ / / /_/ / __/ /_ - # /_/ /_/\____/\__, /_/ /_/\___/_/ \__,_/_/ \__/ - # /____/ - minecraft = { - image = "itzg/minecraft-server:latest"; - volumes = [ - "/srv/minecraft:/data" - ]; - ports = [ - "25565:25565" - "25656:25656" - ]; - environment = { - TYPE = "PAPER"; - EULA = "TRUE"; - MEMORY = "12G"; - }; + # __ ___ ______ + # / |/ /___ __ ______ ______________ _/ __/ /_ + # / /|_/ / __ \/ / / / __ \/ ___/ ___/ __ `/ /_/ __/ + # / / / / /_/ / /_/ / / / / /__/ / / /_/ / __/ /_ + # /_/ /_/\____/\__, /_/ /_/\___/_/ \__,_/_/ \__/ + # /____/ + minecraft = { + image = "itzg/minecraft-server:latest"; + volumes = [ + "/srv/minecraft:/data" + ]; + ports = [ + "25565:25565" + "25656:25656" + ]; + environment = { + TYPE = "PAPER"; + EULA = "TRUE"; + MEMORY = "12G"; }; + }; - # _______ __ ____ - # / ____(_) /_ / __ \__ ______ ____ ___ _____ - # / / __/ / __/ / /_/ / / / / __ \/ __ \/ _ \/ ___/ - # / /_/ / / /_ / _, _/ /_/ / / / / / / / __/ / - # \____/_/\__/ /_/ |_|\__,_/_/ /_/_/ /_/\___/_/ - runner-1 = { - image = "gitlab/gitlab-runner:latest"; - volumes = [ - "/srv/git/runner-1:/etc/gitlab-runner" - "/var/run/docker.sock:/var/run/docker.sock" - ]; - }; + # _______ __ ____ + # / ____(_) /_ / __ \__ ______ ____ ___ _____ + # / / __/ / __/ / /_/ / / / / __ \/ __ \/ _ \/ ___/ + # / /_/ / / /_ / _, _/ /_/ / / / / / / / __/ / + # \____/_/\__/ /_/ |_|\__,_/_/ /_/_/ /_/\___/_/ + runner-1 = { + image = "gitlab/gitlab-runner:latest"; + volumes = [ + "/srv/git/runner-1:/etc/gitlab-runner" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + }; - runner-2 = { - image = "gitlab/gitlab-runner:latest"; - volumes = [ - "/srv/git/runner-2:/etc/gitlab-runner" - "/var/run/docker.sock:/var/run/docker.sock" - ]; - }; + runner-2 = { + image = "gitlab/gitlab-runner:latest"; + volumes = [ + "/srv/git/runner-2:/etc/gitlab-runner" + "/var/run/docker.sock:/var/run/docker.sock" + ]; }; }; } diff --git a/modules/server/container/kolyma-2.nix b/modules/server/container/kolyma-2.nix index c3d2f9d..7d11e07 100644 --- a/modules/server/container/kolyma-2.nix +++ b/modules/server/container/kolyma-2.nix @@ -2,134 +2,125 @@ config, lib, pkgs, + outputs, ... }: { - # Enabling docker - config = { - virtualisation = { - docker = { - enable = true; - enableOnBoot = true; - autoPrune.enable = true; - }; - oci-containers = { - backend = "docker"; - }; - }; - - virtualisation.oci-containers.containers = { - # _ __ __ _ __ - # | | / /__ / /_ _____(_) /____ - # | | /| / / _ \/ __ \/ ___/ / __/ _ \ - # | |/ |/ / __/ /_/ (__ ) / /_/ __/ - # |__/|__/\___/_.___/____/_/\__/\___/ - website = { - image = "ghcr.io/kolyma-labs/gate:master"; - ports = ["8440:80"]; - }; + imports = [ + outputs.nixosModules.docker + ]; - # _______ __ __ __ - # / ____(_) /_/ / ____ _/ /_ - # / / __/ / __/ / / __ `/ __ \ - # / /_/ / / /_/ /___/ /_/ / /_/ / - # \____/_/\__/_____/\__,_/_.___/ - git = { - image = "gitlab/gitlab-ee:latest"; - hostname = "git.kolyma.uz"; - volumes = [ - "/srv/git/config:/etc/gitlab" - "/srv/git/logs:/var/log/gitlab" - "/srv/git/data:/var/opt/gitlab" - ]; - ports = [ - "8450:80" - "22:22" - ]; - extraOptions = [ - "--shm-size=268435456" - ]; - }; + virtualisation.oci-containers.containers = { + # _ __ __ _ __ + # | | / /__ / /_ _____(_) /____ + # | | /| / / _ \/ __ \/ ___/ / __/ _ \ + # | |/ |/ / __/ /_/ (__ ) / /_/ __/ + # |__/|__/\___/_.___/____/_/\__/\___/ + website = { + image = "ghcr.io/kolyma-labs/gate:master"; + ports = ["8440:80"]; + }; - # ____ __ ____ __ - # / __ \__ _______/ /_/ __ \___ _____/ /__ - # / /_/ / / / / ___/ __/ / / / _ \/ ___/ //_/ - # / _, _/ /_/ (__ ) /_/ /_/ / __(__ ) ,< - # /_/ |_|\__,_/____/\__/_____/\___/____/_/|_| - remote-hbbr = { - image = "rustdesk/rustdesk-server:latest"; - volumes = [ - "/srv/remote:/root" - ]; - cmd = ["hbbr"]; - extraOptions = [ - "--network=host" - ]; - }; + # _______ __ __ __ + # / ____(_) /_/ / ____ _/ /_ + # / / __/ / __/ / / __ `/ __ \ + # / /_/ / / /_/ /___/ /_/ / /_/ / + # \____/_/\__/_____/\__,_/_.___/ + git = { + image = "gitlab/gitlab-ee:latest"; + hostname = "git.kolyma.uz"; + volumes = [ + "/srv/git/config:/etc/gitlab" + "/srv/git/logs:/var/log/gitlab" + "/srv/git/data:/var/opt/gitlab" + ]; + ports = [ + "8450:80" + "22:22" + ]; + extraOptions = [ + "--shm-size=268435456" + ]; + }; - remote-hbbs = { - image = "rustdesk/rustdesk-server:latest"; - volumes = [ - "/srv/remote:/root" - ]; - cmd = ["hbbs"]; - dependsOn = [ - "remote-hbbr" - ]; - extraOptions = [ - "--network=host" - ]; - }; + # ____ __ ____ __ + # / __ \__ _______/ /_/ __ \___ _____/ /__ + # / /_/ / / / / ___/ __/ / / / _ \/ ___/ //_/ + # / _, _/ /_/ (__ ) /_/ /_/ / __(__ ) ,< + # /_/ |_|\__,_/____/\__/_____/\___/____/_/|_| + remote-hbbr = { + image = "rustdesk/rustdesk-server:latest"; + volumes = [ + "/srv/remote:/root" + ]; + cmd = ["hbbr"]; + extraOptions = [ + "--network=host" + ]; + }; - # _____ __ __ __ - # / ___// /_____ _/ / ______ ______/ /_ - # \__ \/ __/ __ `/ / | /| / / __ `/ ___/ __/ - # ___/ / /_/ /_/ / /| |/ |/ / /_/ / / / /_ - # /____/\__/\__,_/_/ |__/|__/\__,_/_/ \__/ - mail = { - image = "stalwartlabs/mail-server:latest"; - volumes = [ - "/srv/mail:/opt/stalwart-mail" - ]; - ports = [ - "25:25" - "110:110" - "143:143" - "465:465" - "587:587" - "993:993" - "995:995" - "4190:4190" - "8460:8080" - ]; - }; + remote-hbbs = { + image = "rustdesk/rustdesk-server:latest"; + volumes = [ + "/srv/remote:/root" + ]; + cmd = ["hbbs"]; + dependsOn = [ + "remote-hbbr" + ]; + extraOptions = [ + "--network=host" + ]; }; - # Necessary firewall rules for docker containers - networking.firewall.allowedUDPPorts = [ - 22 # Git SSH - 25 # Mail SMTP - 110 # Mail POP3 - 143 # Mail IMAP - 465 # Mail SMTPS - 587 # Mail Submission - 993 # Mail IMAPS - 995 # Mail POP3S - 4190 # Mail Sieve - 21116 # RustDesk HBBS - ]; - networking.firewall.allowedTCPPorts = [ - 22 # Git SSH - 25 # Mail SMTP - 110 # Mail POP3 - 143 # Mail IMAP - 465 # Mail SMTPS - 587 # Mail Submission - 993 # Mail IMAPS - 995 # Mail POP3S - 4190 # Mail Sieve - 21115 # RustDesk HBBR - 21116 # RustDesk HBBS - 21117 # RustDesk HBBS - ]; + # _____ __ __ __ + # / ___// /_____ _/ / ______ ______/ /_ + # \__ \/ __/ __ `/ / | /| / / __ `/ ___/ __/ + # ___/ / /_/ /_/ / /| |/ |/ / /_/ / / / /_ + # /____/\__/\__,_/_/ |__/|__/\__,_/_/ \__/ + mail = { + image = "stalwartlabs/mail-server:latest"; + volumes = [ + "/srv/mail:/opt/stalwart-mail" + ]; + ports = [ + "25:25" + "110:110" + "143:143" + "465:465" + "587:587" + "993:993" + "995:995" + "4190:4190" + "8460:8080" + ]; + }; }; + + # Necessary firewall rules for docker containers + networking.firewall.allowedUDPPorts = [ + 22 # Git SSH + 25 # Mail SMTP + 110 # Mail POP3 + 143 # Mail IMAP + 465 # Mail SMTPS + 587 # Mail Submission + 993 # Mail IMAPS + 995 # Mail POP3S + 4190 # Mail Sieve + 21116 # RustDesk HBBS + ]; + networking.firewall.allowedTCPPorts = [ + 22 # Git SSH + 25 # Mail SMTP + 110 # Mail POP3 + 143 # Mail IMAP + 465 # Mail SMTPS + 587 # Mail Submission + 993 # Mail IMAPS + 995 # Mail POP3S + 4190 # Mail Sieve + 21115 # RustDesk HBBR + 21116 # RustDesk HBBS + 21117 # RustDesk HBBS + ]; } diff --git a/modules/server/container/kolyma-3.nix b/modules/server/container/kolyma-3.nix index 3f5cf7e..a8e837d 100644 --- a/modules/server/container/kolyma-3.nix +++ b/modules/server/container/kolyma-3.nix @@ -2,96 +2,87 @@ config, lib, pkgs, + outputs, ... }: { - # Enabling docker - config = { - virtualisation = { - docker = { - enable = true; - enableOnBoot = true; - autoPrune.enable = true; - }; - oci-containers = { - backend = "docker"; - }; - }; - - virtualisation.oci-containers.containers = { - # _ __ __ _ __ - # | | / /__ / /_ _____(_) /____ - # | | /| / / _ \/ __ \/ ___/ / __/ _ \ - # | |/ |/ / __/ /_/ (__ ) / /_/ __/ - # |__/|__/\___/_.___/____/_/\__/\___/ - website = { - image = "ghcr.io/kolyma-labs/gate:master"; - ports = ["8440:80"]; - }; + imports = [ + outputs.nixosModules.docker + ]; - khakimovs = { - image = "ghcr.io/khakimovs/website:main"; - ports = ["8441:3000"]; - }; + virtualisation.oci-containers.containers = { + # _ __ __ _ __ + # | | / /__ / /_ _____(_) /____ + # | | /| / / _ \/ __ \/ ___/ / __/ _ \ + # | |/ |/ / __/ /_/ (__ ) / /_/ __/ + # |__/|__/\___/_.___/____/_/\__/\___/ + website = { + image = "ghcr.io/kolyma-labs/gate:master"; + ports = ["8440:80"]; + }; - bot-xinuxmgr = { - image = "ghcr.io/xinux-org/xinuxmgr:main"; - ports = ["8445:8445"]; - environmentFiles = [ - /srv/bots/xinuxmgr.env - ]; - }; + khakimovs = { + image = "ghcr.io/khakimovs/website:main"; + ports = ["8441:3000"]; + }; - # __ ___ ______ - # / |/ /___ __ ______ ______________ _/ __/ /_ - # / /|_/ / __ \/ / / / __ \/ ___/ ___/ __ `/ /_/ __/ - # / / / / /_/ / /_/ / / / / /__/ / / /_/ / __/ /_ - # /_/ /_/\____/\__, /_/ /_/\___/_/ \__,_/_/ \__/ - # /____/ - # minecraft = { - # image = "itzg/minecraft-server:latest"; - # volumes = [ - # "/srv/minecraft:/data" - # ]; - # ports = [ - # "25565:25565" - # "25656:25656" - # ]; - # environment = { - # TYPE = "PAPER"; - # EULA = "TRUE"; - # MEMORY = "12G"; - # }; - # }; + bot-xinuxmgr = { + image = "ghcr.io/xinux-org/xinuxmgr:main"; + ports = ["8445:8445"]; + environmentFiles = [ + /srv/bots/xinuxmgr.env + ]; + }; - # _______ __ ____ - # / ____(_) /_ / __ \__ ______ ____ ___ _____ - # / / __/ / __/ / /_/ / / / / __ \/ __ \/ _ \/ ___/ - # / /_/ / / /_ / _, _/ /_/ / / / / / / / __/ / - # \____/_/\__/ /_/ |_|\__,_/_/ /_/_/ /_/\___/_/ - # runner-1 = { - # image = "gitlab/gitlab-runner:latest"; - # volumes = [ - # "/srv/git/runner-1:/etc/gitlab-runner" - # "/var/run/docker.sock:/var/run/docker.sock" - # ]; - # }; + # __ ___ ______ + # / |/ /___ __ ______ ______________ _/ __/ /_ + # / /|_/ / __ \/ / / / __ \/ ___/ ___/ __ `/ /_/ __/ + # / / / / /_/ / /_/ / / / / /__/ / / /_/ / __/ /_ + # /_/ /_/\____/\__, /_/ /_/\___/_/ \__,_/_/ \__/ + # /____/ + # minecraft = { + # image = "itzg/minecraft-server:latest"; + # volumes = [ + # "/srv/minecraft:/data" + # ]; + # ports = [ + # "25565:25565" + # "25656:25656" + # ]; + # environment = { + # TYPE = "PAPER"; + # EULA = "TRUE"; + # MEMORY = "12G"; + # }; + # }; - # runner-2 = { - # image = "gitlab/gitlab-runner:latest"; - # volumes = [ - # "/srv/git/runner-2:/etc/gitlab-runner" - # "/var/run/docker.sock:/var/run/docker.sock" - # ]; - # }; - # }; - }; + # _______ __ ____ + # / ____(_) /_ / __ \__ ______ ____ ___ _____ + # / / __/ / __/ / /_/ / / / / __ \/ __ \/ _ \/ ___/ + # / /_/ / / /_ / _, _/ /_/ / / / / / / / __/ / + # \____/_/\__/ /_/ |_|\__,_/_/ /_/_/ /_/\___/_/ + # runner-1 = { + # image = "gitlab/gitlab-runner:latest"; + # volumes = [ + # "/srv/git/runner-1:/etc/gitlab-runner" + # "/var/run/docker.sock:/var/run/docker.sock" + # ]; + # }; - # Necessary firewall rules for docker containers - networking.firewall.allowedUDPPorts = [ - # 25565 # Minecraft - ]; - networking.firewall.allowedTCPPorts = [ - # 25565 # Minecraft - ]; + # runner-2 = { + # image = "gitlab/gitlab-runner:latest"; + # volumes = [ + # "/srv/git/runner-2:/etc/gitlab-runner" + # "/var/run/docker.sock:/var/run/docker.sock" + # ]; + # }; + # }; }; + + # Necessary firewall rules for docker containers + networking.firewall.allowedUDPPorts = [ + # 25565 # Minecraft + ]; + networking.firewall.allowedTCPPorts = [ + # 25565 # Minecraft + ]; } diff --git a/nixos/kolyma-1/configuration.nix b/nixos/kolyma-1/configuration.nix index e70f353..8ab502f 100644 --- a/nixos/kolyma-1/configuration.nix +++ b/nixos/kolyma-1/configuration.nix @@ -12,6 +12,7 @@ outputs.nixosModules.zsh outputs.nixosModules.boot outputs.nixosModules.data + outputs.nixosModules.maid outputs.nixosModules.network outputs.nixosModules.nixpkgs diff --git a/nixos/kolyma-1/hardware-configuration.nix b/nixos/kolyma-1/hardware-configuration.nix index b950aab..6bd4139 100644 --- a/nixos/kolyma-1/hardware-configuration.nix +++ b/nixos/kolyma-1/hardware-configuration.nix @@ -34,10 +34,9 @@ {device = "/dev/disk/by-uuid/e41e140f-53f3-4663-b6e4-db64dc02c2f2";} ]; - network = { enable = true; - + ipv4 = { enable = true; address = "5.9.66.12"; diff --git a/nixos/kolyma-2/configuration.nix b/nixos/kolyma-2/configuration.nix index 527ff7d..2306a31 100644 --- a/nixos/kolyma-2/configuration.nix +++ b/nixos/kolyma-2/configuration.nix @@ -12,6 +12,7 @@ outputs.nixosModules.zsh outputs.nixosModules.boot outputs.nixosModules.data + outputs.nixosModules.maid outputs.nixosModules.network outputs.nixosModules.nixpkgs diff --git a/nixos/kolyma-3/configuration.nix b/nixos/kolyma-3/configuration.nix index fdeb48f..f1003d0 100644 --- a/nixos/kolyma-3/configuration.nix +++ b/nixos/kolyma-3/configuration.nix @@ -12,6 +12,7 @@ outputs.nixosModules.zsh outputs.nixosModules.boot outputs.nixosModules.data + outputs.nixosModules.maid outputs.nixosModules.network outputs.nixosModules.nixpkgs diff --git a/nixos/kolyma-3/hardware-configuration.nix b/nixos/kolyma-3/hardware-configuration.nix index f83a363..bfb83e8 100644 --- a/nixos/kolyma-3/hardware-configuration.nix +++ b/nixos/kolyma-3/hardware-configuration.nix @@ -38,7 +38,7 @@ network = { enable = true; - + ipv4 = { enable = true; address = "95.216.248.25";