wanderer/infra
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
development
infra/nix/hosts/loki/modules/containers/adventurelog.nix
nixurtur e5b76c2d85
many stuffzz...
2026-01-05 23:09:19 +01:00

225 lines
6.8 KiB
Nix
Raw Permalink Blame History

{
config,
pkgs,
...
}: let
p = config.sops.placeholder;
usr = "adventure";
svc = "adventurelog";
# 8080 is the api server, 3000 is the frontend
localconf.deets."${svc}".port = 8698;
localconf.deets."${svc}Web".port = 3000;
localconf.deets."${svc}Server".port = 8000;
baseDir = "/DATA/services" + ("/" + svc);
dbDir = baseDir + ("/" + "postgis");
dbHost = "${svc}Db";
in {
sops = {
secrets = {
"${svc}/dbName" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/dbUser" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/dbPassword" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/serverSecretKey" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/serverDjangoAdminUsername" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/serverDjangoAdminPassword" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/serverDjangoAdminEmail" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/serverCSRFTrustedOrigins" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
"${svc}/podOpts" = {
restartUnits = [
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
};
# "${svc}/serverFrontendUrl" = {
# };
};
templates = {
"${svc}DbEnv".content = ''
POSTGRES_DB=${p."${svc}/dbName"}
POSTGRES_USER=${p."${svc}/dbUser"}
POSTGRES_PASSWORD=${p."${svc}/dbPassword"}
'';
"${svc}ServerEnv".content = ''
# PGHOST=${svc}Db
PGHOST=localhost
PGDATABASE=${p."${svc}/dbName"}
PGUSER=${p."${svc}/dbUser"}
PGPASSWORD=${p."${svc}/dbPassword"}
SECRET_KEY=${p."${svc}/serverSecretKey"}
DJANGO_ADMIN_USERNAME=${p."${svc}/serverDjangoAdminUsername"}
DJANGO_ADMIN_PASSWORD=${p."${svc}/serverDjangoAdminPassword"}
DJANGO_ADMIN_EMAIL=${p."${svc}/serverDjangoAdminEmail"}
PUBLIC_URL='https://avl.${p.domainName}'
PUBLIC_SERVER_URL='https://avl.${p.domainName}'
# CSRF_TRUSTED_ORIGINS=https://api.adventurelog.app,https://adventurelog.app
CSRF_TRUSTED_ORIGINS='${p."${svc}/serverCSRFTrustedOrigins"}'
# DEBUG=False
DEBUG=True
DISABLE_REGISTRATION=False
# FRONTEND_URL='http://localhost:8080'
FRONTEND_URL='http://localhost:3000'
# FRONTEND_URL='http://${svc}Web:3000'
'';
"${svc}WebEnv".content = ''
PUBLIC_URL='https://avl.${p.domainName}'
# PUBLIC_SERVER_URL='https://avl.${p.domainName}'
PUBLIC_SERVER_URL='localhost:8000'
# ORIGIN='https://avl.${p.domainName}'
ORIGIN='localhost:3000'
'';
"${svc}PodOpts".content = ''
OPTS=${p."${svc}/podOpts"}
'';
};
};
systemd.services.pod-cloud = {
description = "Start podman '${svc}' pod";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [
"podman-${svc}Web.service"
"podman-${svc}Db.service"
"podman-${svc}Server.service"
];
unitConfig = {
RequiresMountsFor = [
"/run/containers"
baseDir
];
};
serviceConfig = {
Type = "oneshot";
# ExecStart = "-${pkgs.podman}/bin/podman pod create --replace -p127.0.0.1:${toString localconf.deets."${svc}".port}:8080 $OPTS ${svc}";
ExecStart = "-${pkgs.podman}/bin/podman pod create --replace -p127.0.0.1:${toString localconf.deets."${svc}".port}:3000 $OPTS ${svc}";
EnvironmentFile = config.sops.templates."${svc}PodOpts".path;
RestartSec = "10s";
};
path = [ pkgs.zfs pkgs.podman ];
};
virtualisation.oci-containers.containers = {
"${svc}Web" = {
autoStart = true;
image = "ghcr.io/seanmorley15/adventurelog-frontend:latest";
# hostname = "adventurelog-frontend";
dependsOn = ["${svc}Server"];
# ports = ["8080:3000"];
extraOptions = [
"--pod" "${svc}"
# "--replace"
# "-d"
# "--rm"
];
# perhaps add "capabilities = {"NET_RAW" = true;};" to `podman-<container>`
environment = {
# PUBLIC_SERVER_URL = "http://${svc}Server:8000";
# PUBLIC_SERVER_URL = "http://${svc}Server:8000";
# PUBLIC_SERVER_URL = "http://127.0.0.1:8000";
# PUBLIC_SERVER_URL = "https://${svc}.${domainName}";
# PUBLIC_SERVER_URL = "http://localhost:8000";
# ORIGIN = "http://localhost:8080";
# ORIGIN = "http://localhost:8080";
# ORIGIN = "http://127.0.0.1:3000";
# ORIGIN = "http://localhost:3000";
# ORIGIN = "https://${svc}.${domainName}";
BODY_SIZE_LIMIT = "Infinity"; # This is measured in bytes
TZ = "Europe/Vienna";
};
environmentFiles = [
config.sops.templates."${svc}WebEnv".path
];
};
"${svc}Server" = {
autoStart = true;
image = "ghcr.io/seanmorley15/adventurelog-backend:latest";
# hostname = "adventurelog-backend";
dependsOn = ["${svc}Db"];
volumes = [
"${baseDir}/media:/code/media"
];
# ports = ["${toString localconf.deets."${svc}".port}:8000"];
extraOptions = [
"--pod" "${svc}"
# "--replace"
# "-d"
# "--rm"
];
environment = {
DISABLE_REGISTRATION="False";
# OPTIONAL: Set the message to display when registration is disabled
DISABLE_REGISTRATION_MESSAGE="Registration is NOT disabled for this instance of AdventureLog.";
};
environmentFiles = [
config.sops.templates."${svc}ServerEnv".path
];
};
"${svc}Db" = {
autoStart = true;
image = "docker.io/postgis/postgis:15-3.3";
# hostname = "adventurelog-db";
volumes = [
"${dbDir}/data:/var/lib/postgresql/data/"
# moved to /var/www/nextcloud/apps
];
extraOptions = [
"--pod" "${svc}"
# "--replace"
# "-d"
# "--rm"
];
environmentFiles = [
config.sops.templates."${svc}DbEnv".path
];
};
};
#users.users.${toString usr} = {
# group = usr;
# home = "/etc/" + usr;
# createHome = false;
# isSystemUser = true;
# extraGroups = ["users"];
# autoSubUidGidRange = true;
#};
#users.groups.${toString usr} = {};
}
Reference in New Issue View Git Blame Copy Permalink