docker (aerialis)
This container runs general-purpose Docker workloads for services that are not packaged natively in NixOS.
General
This container is used to run regular Docker containers.
Recently, the compose-runner module has been replaced by native Nix expressions.
Nextcloud AIO
This container also runs a Nextcloud AIO master container, which administrates its containers by itself. Consult its extensive documentation for more information. Since this container requires a Nextcloud volume at a fixed place, without being able to change it, it is not included in the regular data directory.
Instead, backups are regularly performed via the inbuilt backup function in the admin interface.
They can be found at /var/garuda/compose-runner/docker/nextcloud-aio
and are included in the offsite system backups.
Nix expression
{
config,
sources,
...
}:
{
imports = sources.defaultModules ++ [ ../../modules ];
# This container is just for compose stuff
garuda.services.compose-runner.docker = {
envfile = config.sops.secrets."compose/docker".path;
source = ../../../compose/docker;
extraEnv = {
"MATTERBRIDGE_CONFIG" = config.sops.secrets."compose/matterbridge".path;
};
};
sops.secrets = {
"compose/docker" = {
restartUnits = [ "compose-runner-docker.service" ];
};
"compose/matterbridge" = {
restartUnits = [ "compose-runner-docker.service" ];
};
};
system.stateVersion = "25.05";
}
Docker containers
services:
# Nextcloud AIO (self-managed containers)
# The dummy mounts are for creating the required volumes, even
# though the container doesn't use them. The actual containers
# making use of these volumes are started by the master container.
# Do *not* change container and volume names!
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- nextcloud_aio_clamav:/dummy/clamav
- nextcloud_aio_database:/dummy/database
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- nextcloud_aio_nextcloud:/dummy/nextcloud
- nextcloud_aio_nextcloud_data:/dummy/nextcloud_data
- nextcloud_aio_redis:/dummy/redis
ports: ["8080:8080"]
environment:
APACHE_PORT: 11000
APACHE_IP_BINDING: 10.0.5.60
NEXTCLOUD_DATADIR: /var/garuda/compose-runner/docker/nextcloud-aio/nextcloud_data
# Firefox syncserver
syncserver:
container_name: syncserver
image: crazymax/firefox-syncserver:edge # newest, versioned one 3 years old
volumes: ["./syncserver:/data"]
ports: ["5001:5000"]
environment:
FF_SYNCSERVER_ACCESSLOG: true
FF_SYNCSERVER_FORCE_WSGI_ENVIRON: true
FF_SYNCSERVER_FORWARDED_ALLOW_IPS: "*"
FF_SYNCSERVER_PUBLIC_URL: https://ffsync.garudalinux.org
FF_SYNCSERVER_SECRET: ${FF_SYNCSERVER_SECRET:-?err}
FF_SYNCSERVER_SQLURI: sqlite:////data/syncserver.db
TZ: Europe/Berlin
restart: always
# Web IRC access
thelounge:
image: thelounge/thelounge:4.4.3
container_name: thelounge
volumes: ["./thelounge:/var/opt/thelounge"]
ports: ["9000:9000"]
restart: always
# Password vault
vaultwarden:
image: vaultwarden/server:1.34.1-alpine
container_name: vaultwarden
volumes: ["./bitwarden:/data"]
ports: ["8081:80"]
environment:
ADMIN_TOKEN: ${BW_ADMIN_TOKEN:-?err}
DOMAIN: https://bitwarden.garudalinux.org
SIGNUPS_ALLOWED: true
SMTP_FROM: [email protected]
SMTP_HOST: mail.garudalinux.org
SMTP_PASSWORD: ${BW_SMTP_PASSWORD:-?err}
SMTP_PORT: 587
SMTP_SSL: false
SMTP_USERNAME: [email protected]
WEBSOCKET_ENABLED: true
YUBICO_CLIENT_ID: ${BW_YUBICO_CLIENT_ID:-?err}
YUBICO_SECRET_KEY: ${BW_YUBICO_ADMIN_SECRET:-?err}
restart: always
# Secure pastebin
privatebin:
image: privatebin/nginx-fpm-alpine:1.7.6
container_name: privatebin
volumes:
- ./privatebin:/srv/data
- ./configs/privatebin.cfg.php:/srv/cfg/conf.php
ports: ["8082:8080"]
restart: always
# WikiJs
wikijs:
image: requarks/wiki:2.5
container_name: wikijs
volumes: ["./wikijs/assets:/wiki/assets/favicons"]
ports: ["3001:3000"]
environment:
DB_TYPE: postgres
DB_HOST: 10.0.5.20
DB_PORT: 5432
DB_USER: wikijs
DB_PASS: ${DB_PASS:-?err}
DB_NAME: wikijs
restart: always
# IRC/Discord/Telegram relay
matterbridge:
image: 42wim/matterbridge:latest
container_name: matterbridge
volumes:
- ${MATTERBRIDGE_CONFIG:-?err}:/etc/matterbridge/matterbridge.toml:ro
deploy:
restart_policy:
condition: always
delay: 120s
# Automated container updates
watchtower:
image: containrrr/watchtower:1.7.1
container_name: watchtower
command: --cleanup matterbridge wikijs privatebin vaultwarden thelounge syncserver
volumes: ["/var/run/docker.sock:/var/run/docker.sock"]
restart: always
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
driver_opts:
type: none
device: /var/garuda/compose-runner/docker/nextcloud-aio/mastercontainer
o: bind
nextcloud_aio_clamav:
name: nextcloud_aio_clamav
driver_opts:
type: none
device: /var/garuda/compose-runner/docker/nextcloud-aio/clamav
o: bind
nextcloud_aio_database:
name: nextcloud_aio_database
driver_opts:
type: none
device: /var/garuda/compose-runner/docker/nextcloud-aio/database
o: bind
nextcloud_aio_nextcloud:
name: nextcloud_aio_nextcloud
driver_opts:
type: none
device: /var/garuda/compose-runner/docker/nextcloud-aio/nextcloud
o: bind
nextcloud_aio_nextcloud_data:
name: nextcloud_aio_nextcloud_data
driver_opts:
type: none
device: /var/garuda/compose-runner/docker/nextcloud-aio/nextcloud_data
o: bind
nextcloud_aio_redis:
name: nextcloud_aio_redis
driver_opts:
type: none
device: /var/garuda/compose-runner/docker/nextcloud-aio/redis
o: bind