From 0127bbebfdd85ea27ec4ac78d4c94d94af5bb567 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Sun, 16 Feb 2025 22:21:26 +0300 Subject: [PATCH] update docker images, use digest --- machines/NixOS-RO-VPS/services/xtls.nix | 6 ++++-- profiles/servers/homepage.nix | 3 ++- profiles/servers/inpx-web.nix | 3 ++- profiles/servers/it-tools.nix | 3 ++- profiles/servers/media-stack/caddy.nix | 3 ++- profiles/servers/media-stack/jackett.nix | 3 ++- profiles/servers/media-stack/jellyfin.nix | 3 ++- profiles/servers/media-stack/lidarr.nix | 3 ++- profiles/servers/media-stack/medusa.nix | 3 ++- profiles/servers/media-stack/qbittorrent.nix | 3 ++- profiles/servers/media-stack/radarr.nix | 3 ++- profiles/servers/media-stack/recyclarr.nix | 3 ++- profiles/servers/media-stack/sonarr.nix | 3 ++- profiles/servers/openbooks.nix | 3 ++- profiles/servers/spdf.nix | 3 ++- 15 files changed, 32 insertions(+), 16 deletions(-) diff --git a/machines/NixOS-RO-VPS/services/xtls.nix b/machines/NixOS-RO-VPS/services/xtls.nix index 5d35f27..3453035 100644 --- a/machines/NixOS-RO-VPS/services/xtls.nix +++ b/machines/NixOS-RO-VPS/services/xtls.nix @@ -35,7 +35,8 @@ in { virtualisation.oci-containers.containers = { marzban = { autoStart = true; - image = "ghcr.io/gozargah/marzban:v0.7.0"; + # Tags: v0.8.4 + image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d"; environmentFiles = [ marzban-env ]; extraOptions = [ "--network=host" ]; volumes = [ @@ -44,7 +45,8 @@ in { }; nginx = { autoStart = true; - image = "docker.io/nginx:latest"; + # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21 + image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665"; extraOptions = [ "--network=host" ]; volumes = [ "${cert-key}:/etc/ssl/certs/cf-cert.key:ro" diff --git a/profiles/servers/homepage.nix b/profiles/servers/homepage.nix index 49076b4..eaef615 100644 --- a/profiles/servers/homepage.nix +++ b/profiles/servers/homepage.nix @@ -15,7 +15,8 @@ virtualisation.oci-containers.containers.docker-proxy = { autoStart = true; - image = "ghcr.io/tecnativa/docker-socket-proxy:0.1.1"; + # Tags: 0.3, 0.3.0, 0 + image = "ghcr.io/tecnativa/docker-socket-proxy@sha256:9e4b9e7517a6b660f2cc903a19b257b1852d5b3344794e3ea334ff00ae677ac2"; environment = { CONTAINERS = "1"; SERVICES = "0"; diff --git a/profiles/servers/inpx-web.nix b/profiles/servers/inpx-web.nix index 7351f5a..0f159b8 100644 --- a/profiles/servers/inpx-web.nix +++ b/profiles/servers/inpx-web.nix @@ -3,7 +3,8 @@ in { virtualisation.oci-containers.containers.inpx-web = { autoStart = true; - image = "docker.io/ataraxiadev/inpx-web:latest"; + # Tags: latest + image = "docker.io/ataraxiadev/inpx-web@sha256:d906c3832e2894595fdbee6778d403f4f58769a334e0c94b27a26db93e1085b7"; ports = [ "127.0.0.1:8072:12380/tcp" ]; user = "1000:100"; volumes = [ diff --git a/profiles/servers/it-tools.nix b/profiles/servers/it-tools.nix index 8877b96..6474bcd 100644 --- a/profiles/servers/it-tools.nix +++ b/profiles/servers/it-tools.nix @@ -1,7 +1,8 @@ { ... }: { virtualisation.oci-containers.containers.it-tools = { autoStart = true; - image = "docker.io/corentinth/it-tools:2024.10.22-7ca5933"; + # Tags: 2024.10.22-7ca5933 + image = "docker.io/corentinth/it-tools@sha256:8b8128748339583ca951af03dfe02a9a4d7363f61a216226fc28030731a5a61f"; ports = [ "127.0.0.1:8070:80/tcp" ]; }; } \ No newline at end of file diff --git a/profiles/servers/media-stack/caddy.nix b/profiles/servers/media-stack/caddy.nix index d3e2d68..80f5059 100644 --- a/profiles/servers/media-stack/caddy.nix +++ b/profiles/servers/media-stack/caddy.nix @@ -34,7 +34,8 @@ let in { virtualisation.oci-containers.containers.media-caddy = { autoStart = true; - image = "ghcr.io/hotio/caddy:release-2.8.4"; + # Tags: release-4938bf1, release-2.9.1, release + image = "ghcr.io/hotio/caddy@sha256:beabf74742cb6771e8f5bbd76d046bc06cb3fa59699ffb7712701a5cfa097cc1"; environment = { PUID = "1000"; PGID = "100"; diff --git a/profiles/servers/media-stack/jackett.nix b/profiles/servers/media-stack/jackett.nix index ff1a856..3472094 100644 --- a/profiles/servers/media-stack/jackett.nix +++ b/profiles/servers/media-stack/jackett.nix @@ -11,7 +11,8 @@ in { TZ = "Europe/Moscow"; }; extraOptions = [ "--pod=media-stack" ]; - image = "docker.io/linuxserver/jackett:0.22.932"; + # Tags: 0.22.1433, version-v0.22.1433, v0.22.1433-ls679 + image = "docker.io/linuxserver/jackett@sha256:26ac30423b9808e0716dcde7791841296beacd95e820cfbfc4d50666ea0d1fb8"; volumes = [ "${nas-path}/configs/jackett:/config" ]; diff --git a/profiles/servers/media-stack/jellyfin.nix b/profiles/servers/media-stack/jellyfin.nix index e6f98b3..7d6c29a 100644 --- a/profiles/servers/media-stack/jellyfin.nix +++ b/profiles/servers/media-stack/jellyfin.nix @@ -11,7 +11,8 @@ let in { virtualisation.oci-containers.containers.jellyfin = { autoStart = true; - image = "docker.io/linuxserver/jellyfin:10.10.3ubu2404-ls45"; + # Tags: 10.10.5, version-10.10.5ubu2404, 10.10.5ubu2404-ls52 + image = "docker.io/linuxserver/jellyfin@sha256:7cdcd4b6b60765290af7a2740960ce30c1f5548313ae60f7e23f6995ed4d147e"; environment = { PUID = "1000"; PGID = "100"; diff --git a/profiles/servers/media-stack/lidarr.nix b/profiles/servers/media-stack/lidarr.nix index 95b88b5..9d115ba 100644 --- a/profiles/servers/media-stack/lidarr.nix +++ b/profiles/servers/media-stack/lidarr.nix @@ -10,7 +10,8 @@ in { TZ = "Europe/Moscow"; }; extraOptions = [ "--pod=media-stack" ]; - image = "docker.io/linuxserver/lidarr:version-2.7.1.4417"; + # Tags: 2.9.6, version-2.9.6.4552, 2.9.6.4552-ls30 + image = "docker.io/linuxserver/lidarr@sha256:c3aae1e32f7e2b76c6aa0e546a16f3feb570455882a5c9d51c8aec9e53328d66"; volumes = [ "${nas-path}/configs/lidarr/config:/config" "${nas-path}/configs/lidarr/custom-services.d:/custom-services.d" diff --git a/profiles/servers/media-stack/medusa.nix b/profiles/servers/media-stack/medusa.nix index 39c0f0a..bfd301b 100644 --- a/profiles/servers/media-stack/medusa.nix +++ b/profiles/servers/media-stack/medusa.nix @@ -4,7 +4,8 @@ let in { virtualisation.oci-containers.containers.medusa = { autoStart = true; - image = "docker.io/linuxserver/medusa:v1.0.21-ls202"; + # Tags: 1.0.22, version-v1.0.22, v1.0.22-ls211 + image = "docker.io/linuxserver/medusa@sha256:397636cc7e421ee284d4fb8d9b07874ce41155b419b3e8419dce389fcdb465a7"; environment = { PUID = "1000"; PGID = "100"; diff --git a/profiles/servers/media-stack/qbittorrent.nix b/profiles/servers/media-stack/qbittorrent.nix index 0a10c4c..4f6c17d 100644 --- a/profiles/servers/media-stack/qbittorrent.nix +++ b/profiles/servers/media-stack/qbittorrent.nix @@ -7,7 +7,8 @@ let in { virtualisation.oci-containers.containers.qbittorrent = { autoStart = true; - image = "docker.io/linuxserver/qbittorrent:5.0.1-r0-ls363"; + # Tags: 5.0.3, version-5.0.3-r0, 5.0.3-r0-ls380 + image = "docker.io/linuxserver/qbittorrent@sha256:308d768672fb9e86e800a73504c439176aabe5977bcdf8b99f7561bb603d9b6e"; environment = { PUID = "1000"; PGID = "100"; diff --git a/profiles/servers/media-stack/radarr.nix b/profiles/servers/media-stack/radarr.nix index c29484f..50aec37 100644 --- a/profiles/servers/media-stack/radarr.nix +++ b/profiles/servers/media-stack/radarr.nix @@ -11,7 +11,8 @@ in { TZ = "Europe/Moscow"; }; extraOptions = [ "--pod=media-stack" ]; - image = "docker.io/linuxserver/radarr:version-5.14.0.9383"; + # Tags: 5.18.4, version-5.18.4.9674, 5.18.4.9674-ls259 + image = "docker.io/linuxserver/radarr@sha256:f4c9c64c42e84a3c03590afd9da2e420c69b5e936b4549778c5d4c00d907ba33"; volumes = [ "${nas-path}/configs/radarr:/config" "${nas-path}:/data" diff --git a/profiles/servers/media-stack/recyclarr.nix b/profiles/servers/media-stack/recyclarr.nix index 103f432..fe31c1b 100644 --- a/profiles/servers/media-stack/recyclarr.nix +++ b/profiles/servers/media-stack/recyclarr.nix @@ -9,7 +9,8 @@ in { TZ = "Europe/Moscow"; }; extraOptions = [ "--pod=media-stack" ]; - image = "ghcr.io/recyclarr/recyclarr:7.4.0"; + # Tags: 7.4.1, 7.4, 7 + image = "ghcr.io/recyclarr/recyclarr@sha256:759540877f95453eca8a26c1a93593e783a7a824c324fbd57523deffb67f48e1"; volumes = [ "${nas-path}/configs/recyclarr:/config" ]; diff --git a/profiles/servers/media-stack/sonarr.nix b/profiles/servers/media-stack/sonarr.nix index 7bf59f7..eba85e4 100644 --- a/profiles/servers/media-stack/sonarr.nix +++ b/profiles/servers/media-stack/sonarr.nix @@ -11,7 +11,8 @@ in { TZ = "Europe/Moscow"; }; extraOptions = [ "--pod=media-stack" ]; - image = "docker.io/linuxserver/sonarr:version-4.0.10.2544"; + # Tags: 4.0.13, version-4.0.13.2932, 4.0.13.2932-ls271 + image = "docker.io/linuxserver/sonarr@sha256:28d9dcbc846aed74bd47dc90305e016183443ddc3dfa3e8bcac268fc653a6e5e"; volumes = [ "${nas-path}/configs/sonarr:/config" "${nas-path}:/data" diff --git a/profiles/servers/openbooks.nix b/profiles/servers/openbooks.nix index 16f15d8..a22a05b 100644 --- a/profiles/servers/openbooks.nix +++ b/profiles/servers/openbooks.nix @@ -4,7 +4,8 @@ let in { virtualisation.oci-containers.containers.openbooks = { autoStart = true; - image = "docker.io/evanbuss/openbooks:4.5.0"; + # Tags: 4.5.0 + image = "ghcr.io/evan-buss/openbooks@sha256:5a1640d297d5bdcb6ebbb7e164141a8f25f0264c1ab0fc2a3115e834a94a35e0"; cmd = [ "--name" "AtaraxiaDev" "--persist" "--searchbot" "searchook" "--tls" ]; diff --git a/profiles/servers/spdf.nix b/profiles/servers/spdf.nix index 3510df2..c819b7c 100644 --- a/profiles/servers/spdf.nix +++ b/profiles/servers/spdf.nix @@ -3,7 +3,8 @@ in { virtualisation.oci-containers.containers.spdf = { autoStart = true; - image = "docker.io/frooodle/s-pdf:0.26.1-fat"; + # Tags: latest-fat, 0.41.0-fat + image = "docker.io/stirlingtools/stirling-pdf@sha256:e791d48580806f6dade7c9774b7137d40ebbf1f35b86c592877d32eae2cbf0ad"; environment = { PUID = "1000"; PGID = "100";