yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix/hosts/nixos/vps/containers.nix
Yan Lin 0c3ee459c9 Add oc-schduler container
2025-09-16 19:19:38 +02:00

130 lines
3.8 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let
# Universal container configuration
commonUID = "1000";
commonGID = "100";
systemTZ = config.time.timeZone;
in
{
# Container definitions for vps host
virtualisation.oci-containers.containers = {
# Static web server for homepage
homepage = {
image = "docker.io/nginx:alpine";
volumes = [
"/home/yanlin/www/homepage:/usr/share/nginx/html:ro"
"/home/yanlin/www/homepage-nginx.conf:/etc/nginx/conf.d/default.conf:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.homepage.rule" = "Host(`www.yanlincs.com`)";
"traefik.http.routers.homepage.entrypoints" = "websecure";
"traefik.http.routers.homepage.tls" = "true";
"traefik.http.routers.homepage.tls.certresolver" = "cloudflare";
"traefik.http.routers.homepage.tls.domains[0].main" = "yanlincs.com";
"traefik.http.routers.homepage.tls.domains[0].sans[0]" = "*.yanlincs.com";
"traefik.http.services.homepage.loadbalancer.server.port" = "80";
};
extraOptions = [
"--network=podman"
];
autoStart = true;
};
# Static web server for blog
blog = {
image = "docker.io/nginx:alpine";
volumes = [
"/home/yanlin/www/blog:/usr/share/nginx/html:ro"
"/home/yanlin/www/blog-nginx.conf:/etc/nginx/conf.d/default.conf:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.blog.rule" = "Host(`blog.yanlincs.com`)";
"traefik.http.routers.blog.entrypoints" = "websecure";
"traefik.http.routers.blog.tls" = "true";
"traefik.http.routers.blog.tls.certresolver" = "cloudflare";
"traefik.http.routers.blog.tls.domains[0].main" = "*.yanlincs.com";
"traefik.http.services.blog.loadbalancer.server.port" = "80";
};
extraOptions = [
"--network=podman"
];
autoStart = true;
};
# Gotify notification server
gotify = {
image = "docker.io/gotify/server";
volumes = [
"/var/lib/containers/gotify:/app/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.notify.rule" = "Host(`notify.yanlincs.com`)";
"traefik.http.routers.notify.entrypoints" = "websecure";
"traefik.http.routers.notify.tls" = "true";
"traefik.http.routers.notify.tls.certresolver" = "cloudflare";
"traefik.http.routers.notify.tls.domains[0].main" = "*.yanlincs.com";
"traefik.http.services.notify.loadbalancer.server.port" = "80";
};
extraOptions = [
"--network=podman"
"--security-opt=no-new-privileges:true"
];
autoStart = true;
};
# iGotify notification assistant
igotify = {
image = "ghcr.io/androidseb25/igotify-notification-assist:latest";
volumes = [
"/var/lib/containers/igotify:/app/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.inotify.rule" = "Host(`inotify.yanlincs.com`)";
"traefik.http.routers.inotify.entrypoints" = "websecure";
"traefik.http.routers.inotify.tls" = "true";
"traefik.http.routers.inotify.tls.certresolver" = "cloudflare";
"traefik.http.routers.inotify.tls.domains[0].main" = "*.yanlincs.com";
"traefik.http.services.inotify.loadbalancer.server.port" = "8080";
};
extraOptions = [
"--network=podman"
"--security-opt=no-new-privileges:true"
];
dependsOn = [ "gotify" ];
autoStart = true;
};
# OC Backend Scheduler
oc-scheduler = {
image = "localhost/oc-scheduler:v1";
extraOptions = [
"--network=podman"
"--security-opt=no-new-privileges:true"
];
autoStart = true;
};
};
}
Reference in a new issue View git blame Copy permalink