restructure dockers, add watchtower

2025-10-04 17:10:10 -05:00
parent 3bd8726620
commit c94e6a207c
5 changed files with 43 additions and 4 deletions
--- a/modules/homelab/docker/ddns.nix
+++ b/modules/homelab/docker/ddns.nix
@@ -0,0 +1,91 @@
+{ pkgs, config, lib, ... }:
+
+{
+  options = {
+    modules.homelab.docker.ddns.enable = lib.mkEnableOption "enable ddns docker";
+  };
+
+  config = lib.mkIf config.modules.homelab.docker.ddns.enable {
+    let
+      api_token = builtins.readFile /home/blake/.keyring/ddns/api_token;
+      zone_id_blakedheld = builtins.readFile /home/blake/.keyring/ddns/zone_id_blakedheld;
+      zone_id_recoil = builtins.readFile /home/blake/.keyring/ddns/zone_id_recoil;
+      
+      # define the config file
+      ddns_cfg = pkgs.writeText "config.json" ''
+        {
+          "cloudflare": [
+            {
+              "authentication": {
+                "api_token": "${api_token}"
+              },
+              "zone_id": "${zone_id_blakedheld}",
+              "subdomains": [
+                {
+                  "name": "@",
+                  "proxied": true
+                },
+                {
+                  "name": "*",
+                  "proxied": true
+                },
+                {
+                  "name": "git",
+                  "proxied": false
+                }
+
+              ]
+            },
+            {
+              "authentication": {
+                "api_token": "${api_token}"
+              },
+              "zone_id": "${zone_id_recoil}",
+              "subdomains": [
+                {
+                  "name": "@",
+                  "proxied": true
+                },
+                {
+                  "name": "*",
+                  "proxied": true
+                },
+                {
+                  "name": "mc",
+                  "proxied": true
+                },
+                {
+                  "name": "smp",
+                  "proxied": true
+                },
+                {
+                  "name": "superflat",
+                  "proxied": false
+                },
+                {
+                  "name": "skyblock",
+                  "proxied": false
+                }
+              ]
+            }
+          ],
+          "a": true,
+          "aaaa": true,
+          "purgeUnknownRecords": false
+        }
+      '';
+    in
+    {
+      virtualisation.docker.containers.ddns = {
+        image = "timothyjmiller/cloudflare-ddns:latest";
+        containerName = "ddns";
+        restartPolicy = "unless-stopped";
+        hostNetwork = true;
+        environment = { PUID = "1000"; PGID = "1000"; };
+        volumes = [ "${ddns_cfg}:/config.json" ];
+        securityOpt = [ "no-new-privileges:true" ];
+      };
+    }
+  };
+}
+
--- a/modules/homelab/docker/dockers.nix
+++ b/modules/homelab/docker/dockers.nix
@@ -0,0 +1,13 @@
+
+{ pkgs, config, lib, ... }:
+
+{
+  imports = [
+    ./watchtowner.nix
+    ./ddns.nix
+  ];
+
+  modules.homelab.docker.watchtower.enable = lib.mkDefault true;
+  modules.homelab.docker.ddns.enable = lib.mkDefault false;
+
+}
--- a/modules/homelab/docker/watchtower.nix
+++ b/modules/homelab/docker/watchtower.nix
@@ -0,0 +1,23 @@
+{ pkgs, config, lib, ... }:
+
+{
+  options = {
+    modules.homelab.docker.watchtower.enable = lib.mkEnableOption "enable watchtower docker";
+  };
+
+  config = lib.mkIf config.modules.homelab.docker.watchtower.enable {
+      virtualisation.docker.containers.watchtower = {
+        image = "containrrr/watchtower";
+        containerName = "watchtower";
+        restartPolicy = "unless-stopped";
+        environment = {
+          TZ = "America/Chicago"; 
+          WATCHTOWER_INCLUDE_RESTARTING = "America/Chicago"; 
+          WATCHTOWER_CLEANUP = "true"; 
+          WATCHTOWER_POLL_INTERVAL = "43200"; 
+        };
+        volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
+      };
+  };
+}
+