Nuke docker.io

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-03-11 21:04:37 +00:00
parent bdaac67bf2
commit 10e0980f8f
23 changed files with 521 additions and 68 deletions
--- a/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
@@ -11,7 +11,7 @@
  ...
 }:
 let
-  selfLib = inputs.self.lib.${system};
+  selfPkgs = inputs.self.packages.${system};
  hmConfig = config.home-manager.users.${user};
  inherit (hmConfig.virtualisation.quadlet) volumes containers networks;
 in
@@ -55,8 +55,7 @@ in
      containers = {
        "authelia-init" = {
          containerConfig = {
-            autoUpdate = "registry";
-            image = "docker.io/mikefarah/yq:latest";
+            image = "docker-archive:${selfPkgs.docker-yq}";
            networks = [ networks.authelia.ref ];
            volumes = [
              "${home}/.local/share/authelia/config:/workdir/config"
@@ -69,8 +68,6 @@ in
              "/workdir/users.yaml"
              "-i"
            ];
-            user = "0";
-            group = "0";
          };

          serviceConfig = {
@@ -91,7 +88,7 @@ in
                authentication_backend = {
                  refresh_interval = "always";
                  file = {
-                    path = "/config/users.yaml";
+                    path = "/etc/authelia/users.yaml";
                    watch = true;
                  };
                };
@@ -127,8 +124,7 @@ in
              };
            in
            {
-              autoUpdate = "registry";
-              image = "ghcr.io/authelia/authelia";
+              image = "docker-archive:${selfPkgs.docker-authelia}";
              environments = {
                AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
                AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
@@ -137,8 +133,8 @@ in
                AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = "/secrets/SMTP_PASSWORD";
              };
              volumes = [
-                "${home}/.local/share/authelia/config:/config"
-                "${config}:/config/conf.d/configuration.yaml:ro"
+                "${home}/.local/share/authelia/config:/etc/authelia"
+                "${config}:/etc/authelia/conf.d/configuration.yaml:ro"
                "${hmConfig.sops.secrets."authelia/jwt".path}:/secrets/JWT_SECRET:ro"
                "${hmConfig.sops.secrets."authelia/session".path}:/secrets/SESSION_SECRET:ro"
                "${hmConfig.sops.secrets."authelia/storage".path}:/secrets/STORAGE_ENCRYPTION_KEY:ro"
@@ -149,7 +145,7 @@ in
                networks.authelia.ref
                networks.traefik.ref
              ];
-              exec = [ "--config /config/conf.d/" ];
+              exec = [ "--config /etc/authelia/conf.d/" ];
              labels = [
                "traefik.enable=true"
                "traefik.http.routers.authelia.rule=Host(`id.karaolidis.com`)"
@@ -171,39 +167,32 @@ in

        "authelia-postgresql" = {
          containerConfig = {
-            autoUpdate = "registry";
-            image = "docker.io/library/postgres:latest";
+            image = "docker-archive:${selfPkgs.docker-postgresql}";
            networks = [ networks.authelia.ref ];
-            volumes = [
-              "${selfLib.runtime.log.docker.postgres}:/entrypoint.sh:ro"
-              "${home}/.local/share/authelia/postgresql:/var/lib/postgresql/data"
-            ];
+            volumes = [ "${home}/.local/share/authelia/postgresql:/var/lib/postgresql/data" ];
            environments = {
              POSTGRES_DB = "authelia";
              POSTGRES_USER = "authelia";
            };
            environmentFiles = [ hmConfig.sops.templates."authelia-postgresql.env".path ];
-            entrypoint = "/entrypoint.sh";
-            exec = [ "postgres" ];
          };

          unitConfig.After = [ "sops-nix.service" ];
        };

        "authelia-redis".containerConfig = {
-          autoUpdate = "registry";
-          image = "docker.io/library/redis:latest";
+          image = "docker-archive:${selfPkgs.docker-redis}";
          networks = [ networks.authelia.ref ];
-          volumes = [ "${volumes."authelia-redis".ref}:/data" ];
+          volumes = [ "${volumes."authelia-redis".ref}:/var/lib/redis" ];
          exec = [ "--save 60 1" ];
        };
      };
    };

    systemd.user.tmpfiles.rules = [
-      "d ${home}/.local/share/authelia/config :0755 :${user} :${user}"
-      "f ${home}/.local/share/authelia/config/users.yaml :0644 :${user} :${user}"
-      "d ${home}/.local/share/authelia/postgresql :0755 :${user} :${user}"
+      "d ${home}/.local/share/authelia/config 0755 ${user} ${user}"
+      "f ${home}/.local/share/authelia/config/users.yaml 0600 ${user} ${user}"
+      "d ${home}/.local/share/authelia/postgresql 0700 ${user} ${user}"
    ];
  };
 }