re-enable GPU on Emby

I archived the repo, and no longer maintain it. ACT changed
their portal too much for this to keep working. Further,
the ACT app/portal now provide detailed stats on internet
usage, so this is not that helpful any more.

README.md

@@ -42,7 +42,6 @@ Currently running the following (all links are to the `store.docker.com` links f
 | image                            | tag        | module/link                                          |
 | -------------------------------- | ---------- | ---------------------------------------------------- |
 | captn3m0/opml-gen                | latest     | https://opml.bb8.fun                                 |
-| captn3m0/prometheus-act-exporter | latest     | https://git.captnemo.in/nemo/prometheus-act-exporter |
 | captn3m0/rss-bridge              | latest     | https://github.com/RSS-Bridge/rss-bridge             |
 | captn3m0/speedtest-exporter      | alpine     | https://github.com/stefanwalther/speedtest-exporter  |
 | emby/embyserver                  | latest     | https://emby.media                                   |

gitea/conf/conf.ini.tpl

@@ -8,6 +8,7 @@
 APP_NAME = Nemo's code
 RUN_MODE = prod
 RUN_USER = git
+WORK_PATH=/data/gitea
 
 [repository]
 ROOT = /data/git/repositories
@@ -72,6 +73,9 @@ ECDSA = 256
 RSA = 2048
 DSA = 1024
 
+[lfs]
+PATH=/data/gitea/lfs
+
 [server]
 APP_DATA_PATH    = /data/gitea
 HTTP_PORT        = 3000
@@ -79,7 +83,6 @@ ROOT_URL         = https://git.captnemo.in/
 DISABLE_SSH      = true
 DOMAIN           = git.captnemo.in
 LFS_START_SERVER = true
-LFS_CONTENT_PATH = /data/gitea/lfs
 LFS_JWT_SECRET   = "${lfs-jwt-secret}"
 OFFLINE_MODE     = true
 LANDING_PAGE     = explore
@@ -123,9 +126,11 @@ ISSUE_INDEXER_PATH = indexers/issues.bleve
 ; repo indexer by default disabled, since it uses a lot of disk space
 REPO_INDEXER_ENABLED = true
 REPO_INDEXER_PATH = indexers/repos.bleve
-UPDATE_BUFFER_LEN = 20
 MAX_FILE_SIZE = 1048576
 
+[queue.issue_indexer]
+LENGTH = 100
+
 [admin]
 ; Disable regular (non-admin) users to create organizations
 DISABLE_REGULAR_ORG_CREATION = false
@@ -223,8 +228,8 @@ BUFFER_LEN = 10000
 LEVEL = Warn
 REDIRECT_MACARON_LOG = true
 ROUTER_LOG_LEVEL = Critical
-ENABLE_ACCESS_LOG = true
+logger.access.MODE=,
-ENABLE_XORM_LOG = false
+logger.xorm.MODE=,
 
 [cron]
 ; Enable running cron tasks periodically.

gitea/data.tf

@@ -1,6 +1,6 @@
 # https://github.com/go-gitea/gitea/releases
 data "docker_registry_image" "gitea" {
-  name = "gitea/gitea:1.19"
+  name = "gitea/gitea:1.20"
 }
 
 data "docker_registry_image" "redis" {

home-assistant/main.tf

@@ -0,0 +1,24 @@
+module "home-assistant" {
+  name   = "home-assistant"
+  source = "../modules/container"
+
+  image = "ghcr.io/home-assistant/home-assistant:stable"
+
+  resource = {
+    memory      = 1024
+    memory_swap = 1024
+  }
+
+  env = [
+    "TZ=Asia/Kolkata",
+  ]
+
+  network_mode = "host"
+
+  volumes = [
+    {
+      container_path = "/config"
+      host_path      = "/mnt/zwing/config/home-assistant"
+    },
+  ]
+}

main.tf

@@ -91,6 +91,10 @@ module "digitalocean" {
   source = "./digitalocean"
 }
 
+module "home-assistant" {
+  source = "./home-assistant"
+}
+
 module "mastodon" {
   source = "./mastodon"
   db-password = data.pass_password.mastodon-db-password.password

mastodon/locals.tf

@@ -1,5 +1,5 @@
 locals {
-  version = "4.1.4"
+  version = "4.1.10"
   env = [
     "LOCAL_DOMAIN=tatooine.club",
     "REDIS_HOST=mastodon-redis",

media/emby.tf

@@ -11,11 +11,26 @@ resource "docker_container" "emby" {
   name  = "emby"
   image = docker_image.emby.image_id
 
+  # SSD holds both the cache and data
   volumes {
-    host_path      = "/mnt/xwing/config/emby"
+    host_path      = "/mnt/zwing/config/emby"
     container_path = "/config"
   }
 
+  # We keep the cache separate
+  # So the config directory isn't bloated
+  volumes {
+    host_path      = "/mnt/zwing/cache/emby"
+    container_path = "/config/cache"
+  }
+
+  # We want backups on the HDD
+  volumes {
+    host_path = "/mnt/xwing/backups/config/emby"
+    container_path = "/backups"
+  }
+
+  # And mount the media as well
   volumes {
     host_path      = "/mnt/xwing/media"
     container_path = "/media"
@@ -36,6 +51,8 @@ resource "docker_container" "emby" {
   destroy_grace_seconds = 10
   must_run              = true
 
+  # This breaks every time we upgrade the kernel
+  # or the nvidia driver, and needs a reboot.
   gpus = "all"
 
   # Running as lounge:tatooine

miniflux.tf

@@ -1,7 +1,7 @@
 module "miniflux-container" {
   name   = "miniflux"
   source = "./modules/container"
-  image  = "miniflux/miniflux:2.0.45"
+  image  = "miniflux/miniflux:2.0.49"
 
   web = {
     expose = true

modules/container/main.tf

@@ -17,6 +17,8 @@ resource "docker_container" "container" {
   entrypoint = var.entrypoint
   user       = var.user
 
+  privileged = var.privileged
+
   network_mode = var.network_mode
 
   gpus = var.gpu ? "all" : ""

modules/container/vars.tf

@@ -102,6 +102,11 @@ variable "volumes" {
   default     = {}
 }
 
+variable "privileged" {
+  description = "  If true, the container runs in privileged mode."
+  default = false
+}
+
 variable "capabilities" {
   description = "capabilities"
 

monitoring/act.tf

@@ -1,23 +0,0 @@
-data "docker_registry_image" "act-exporter" {
-  name = "captn3m0/prometheus-act-exporter:latest"
-}
-
-resource "docker_container" "act-exporter" {
-  name  = "act-exporter"
-  image = docker_image.act-exporter.image_id
-
-  entrypoint = ["/usr/local/bin/node", "server.js"]
-
-  networks_advanced {
-    name    = "monitoring"
-    aliases = ["act-exporter", "act-exporter.docker"]
-  }
-
-  // So it can talk to ACT
-  networks = ["bridge"]
-
-  restart               = "unless-stopped"
-  destroy_grace_seconds = 10
-  must_run              = true
-}
-

monitoring/cadvisor.tf

@@ -1,7 +1,7 @@
 module "cadvisor" {
   source = "../modules/container"
   name   = "cadvisor"
-  image  = "google/cadvisor:latest"
+  image  = "gcr.io/cadvisor/cadvisor"
 
   resource = {
     memory      = 512
@@ -11,6 +11,7 @@ module "cadvisor" {
   restart               = "unless-stopped"
   destroy_grace_seconds = 10
   must_run              = true
+  privileged = true
 
   volumes = [
     {
@@ -36,6 +37,7 @@ module "cadvisor" {
     {
       host_path      = "/var/run"
       container_path = "/var/run"
+      read_only      = true
     },
   ]
 

monitoring/config/prometheus.yml

@@ -34,11 +34,5 @@ scrape_configs:
     static_configs:
       - targets: ["192.168.1.111:1111"]
 
-  - job_name: "act"
-    scrape_interval: 1h
-    scrape_timeout: 1m
-    static_configs:
-      - targets: ["act-exporter:3000"]
-
 rule_files:
   - "alert.rules"

monitoring/grafana.tf

@@ -2,10 +2,15 @@
 module "grafana" {
   name   = "grafana"
   source = "../modules/container"
-  image  = "grafana/grafana:latest"
+  image  = "grafana/grafana-oss:latest"
 
-  // grafana:grafana
+  // grafana
-  user = "984:982"
+  user = "472"
+
+  resource = {
+    memory      = 512
+    memory_swap = 512
+  }
 
   web = {
     port   = 3000

monitoring/images.tf

@@ -2,10 +2,3 @@ resource "docker_image" "prometheus" {
   name          = data.docker_registry_image.prometheus.name
   pull_triggers = [data.docker_registry_image.prometheus.sha256_digest]
 }
-
-resource "docker_image" "act-exporter" {
-  name          = data.docker_registry_image.act-exporter.name
-  pull_triggers = [data.docker_registry_image.act-exporter.sha256_digest]
-  keep_locally  = true
-}
-

radicale/main.tf

@@ -17,15 +17,12 @@ module "container" {
     host   = var.domain
   }
 
+  # SSD
   volumes = [
     {
-      host_path      = "/mnt/xwing/data/radicale"
+      host_path      = "/mnt/zwing/config/radicale"
       container_path = "/data"
-    },
+    }
-    {
-      host_path      = "/mnt/xwing/config/radicale"
-      container_path = "/config"
-    },
   ]
 
   uploads = [