74 lines
2.1 KiB
Nix
74 lines
2.1 KiB
Nix
{ pkgs, lib, ... }:
|
|
let
|
|
releaseVersion = app: (if builtins.pathExists "/mnt/data/guidelines.json" then builtins.readFile (builtins.fromJSON ("/mnt/data/guidelines.json")).${app} else "latest");
|
|
in
|
|
{
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
};
|
|
|
|
oci-containers = {
|
|
backend = "podman";
|
|
};
|
|
|
|
oci-containers.containers."api" = {
|
|
image = "registry.gitlab.com/infektweb/glv5/api:${releaseVersion "api"}";
|
|
ports = [
|
|
"8001:8080"
|
|
];
|
|
extraOptions = [
|
|
"--add-host=host:10.0.1.51"
|
|
];
|
|
environment = {
|
|
"PORT" = "8080";
|
|
"BASE_CLIENT_URL" = "http://[space].test-glv5.guidelines.ch";
|
|
"ENVIRONMENT" = (builtins.readFile /opt/cloud-init-misc-data/environment);
|
|
"VAULT_SECRET_PATH" = "kv/data/guidelines/${(builtins.readFile /opt/cloud-init-misc-data/environment)}/api";
|
|
"VAULT_URL" = "http://host:8200";
|
|
|
|
};
|
|
volumes = [
|
|
"/mnt/data/vault-guidelines-api-token:/vault-token"
|
|
];
|
|
#extraDockerOptions = [ "--network=foo" ];
|
|
};
|
|
|
|
oci-containers.containers."web" = {
|
|
image = "registry.gitlab.com/infektweb/glv5/web";
|
|
ports = [
|
|
"80:8080"
|
|
];
|
|
extraOptions = [
|
|
"--add-host=host:10.0.1.51"
|
|
];
|
|
environment = {
|
|
"API_URL" = "http://host:8001";
|
|
};
|
|
};
|
|
|
|
#oci-containers.containers."containerapi" = {
|
|
# image = "alpine";
|
|
# volumes = [
|
|
# "/run/podman-containers.sock:/podman-containers.sock"
|
|
# ];
|
|
# entrypoint = "/bin/sleep";
|
|
# cmd = ["10000"];
|
|
#};
|
|
};
|
|
|
|
systemd.services.docker-podman-rest-api = {
|
|
serviceConfig.Type = "simple";
|
|
serviceConfig.Restart = lib.mkForce "always";
|
|
wantedBy = [ "multi-user.target" ];
|
|
script = ''
|
|
/run/current-system/sw/bin/podman system service --time=0 unix:///run/podman-containers.sock
|
|
'';
|
|
};
|
|
|
|
services.redis.enable = true;
|
|
services.redis.requirePass = "p15c4e6538de2061edd65a52ab216ba071d78b1532a937c1c3d5821d5c571c0cf";
|
|
networking.firewall.allowedTCPPorts = [ 6379 ];
|
|
}
|