2024-03-15 02:28:10 +01:00
|
|
|
# Auto-generated using compose2nix v0.1.7.
|
|
|
|
{ pkgs, lib, ... }: {
|
|
|
|
services.cron = {
|
|
|
|
enable = true;
|
|
|
|
systemCronJobs = [
|
|
|
|
''0 0 * * * root rsync -avr root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Containers
|
|
|
|
virtualisation.oci-containers.containers."headscale-derp" = {
|
2024-03-15 06:17:26 +01:00
|
|
|
image = "docker.io/fredliang/derper";
|
2024-03-15 02:28:10 +01:00
|
|
|
environment = {
|
|
|
|
DERP_ADDR = ":1443";
|
|
|
|
DERP_CERT_DIR = "/app/certs";
|
|
|
|
DERP_CERT_MODE = "manual";
|
2024-03-15 11:11:48 +01:00
|
|
|
DERP_DOMAIN = "sysctl.io";
|
2024-03-15 02:28:10 +01:00
|
|
|
DERP_STUN = "true";
|
|
|
|
};
|
|
|
|
volumes = [
|
|
|
|
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/certs/*.sysctl.io.crt:/app/certs/sysctl.io.crt:ro"
|
|
|
|
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/private/*.sysctl.io.key:/app/certs/sysctl.io.key:ro"
|
|
|
|
];
|
|
|
|
ports = [
|
|
|
|
"3478:3478/udp"
|
|
|
|
"1443:1443/tcp"
|
|
|
|
];
|
|
|
|
log-driver = "journald";
|
|
|
|
extraOptions = [
|
|
|
|
"--network-alias=headscale-derp"
|
|
|
|
"--network=headscale-default"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
systemd.services."podman-headscale-derp" = {
|
|
|
|
serviceConfig = {
|
|
|
|
Restart = lib.mkOverride 500 "always";
|
|
|
|
};
|
|
|
|
after = [
|
|
|
|
"podman-network-headscale-default.service"
|
|
|
|
];
|
|
|
|
requires = [
|
|
|
|
"podman-network-headscale-default.service"
|
|
|
|
];
|
|
|
|
partOf = [
|
|
|
|
"podman-compose-headscale-root.target"
|
|
|
|
];
|
|
|
|
wantedBy = [
|
|
|
|
"podman-compose-headscale-root.target"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Networks
|
|
|
|
systemd.services."podman-network-headscale-default" = {
|
|
|
|
path = [ pkgs.podman ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
RemainAfterExit = true;
|
|
|
|
ExecStop = "${pkgs.podman}/bin/podman network rm -f headscale-default";
|
|
|
|
};
|
|
|
|
script = ''
|
|
|
|
podman network inspect headscale-default || podman network create headscale-default --opt isolate=true
|
|
|
|
'';
|
|
|
|
partOf = [ "podman-compose-headscale-root.target" ];
|
|
|
|
wantedBy = [ "podman-compose-headscale-root.target" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Root service
|
|
|
|
# When started, this will automatically create all resources and start
|
|
|
|
# the containers. When stopped, this will teardown all resources.
|
|
|
|
systemd.targets."podman-compose-headscale-root" = {
|
|
|
|
unitConfig = {
|
|
|
|
Description = "Root target generated by compose2nix.";
|
|
|
|
};
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
};
|
|
|
|
}
|