marco
/
zivildienst
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
zivildienst/infrastructure/modules/compute/nix/guidelines.nix

121 lines
3.4 KiB
Nix
Raw Blame History

{ pkgs, lib, ... }:
let
releaseVersion = app: (if builtins.pathExists "/mnt/data/guidelines.json" then (builtins.fromJSON (builtins.readFile "/mnt/data/guidelines.json")).${app} else "latest");
in
{
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
};
oci-containers = {
backend = "podman";
};
oci-containers.containers."api" = {
image = "registry.gitlab.com/infektweb/glv5/api:${releaseVersion "api"}";
ports = [
"8001:8080"
];
extraOptions = [
"--add-host=host:10.0.1.51"
];
environment = {
"PORT" = "8080";
"BASE_CLIENT_URL" = "http://[space].guidelines.ch";
"ENVIRONMENT" = (builtins.readFile /opt/cloud-init-misc-data/environment);
"VAULT_SECRET_PATH" = "kv/data/guidelines/${(builtins.readFile /opt/cloud-init-misc-data/environment)}/api";
"VAULT_URL" = "http://host:8200";
};
volumes = [
"/mnt/data/vault-guidelines-api-token:/vault-token"
];
};
oci-containers.containers."web" = {
image = "registry.gitlab.com/infektweb/glv5/web:${releaseVersion "web"}";
ports = [
"80:8080"
];
extraOptions = [
"--add-host=host:10.0.1.51"
];
environment = {
"API_URL" = "http://host:8001";
"PORT" = "8080";
"CLIENT_URL" = "https://guidelines.ch";
"REDIS_URL" = "redis://host:6379";
"AUTH0_AUDIENCE" = "";
"AUTH0_CLIENT_ID" = "";
"AUTH0_CLIENT_SECRET" = "";
"AUTH0_DOMAIN" = "";
"CHALLENGE_CONTENT" = "";
"CHALLENGE_ID" = "";
};
};
oci-containers.containers."deploymentagent" = {
image = "registry.gitlab.com/infektweb/glv5/hetzner-cloud-environment/deploymentagent:poc-integration";
ports = [
"5000:5000"
];
extraOptions = [
"--add-host=host:10.0.1.51"
];
environment = {
"VAULT_SECRET_PATH" = "kv/data/guidelines/${(builtins.readFile /opt/cloud-init-misc-data/environment)}/deploymentagent";
"VAULT_URL" = "http://host:8200";
"NIXOS_REBUILD_SOCKET_URL" = "host:4444";
"DEPLOYMENT_STATE_FILE" = "/guidelines.json";
};
volumes = [
"/mnt/data/vault-deploymentagent-token:/vault-token"
"/run/podman-containers.sock:/tmp/podman/podman.sock"
"/mnt/data/guidelines.json:/guidelines.json"
];
};
# oci-containers.containers."html2pdf" = {
# };
# oci-containers.containers."filestore" = {
# };
};
systemd.services.docker-podman-rest-api = {
serviceConfig.Type = "simple";
serviceConfig.Restart = lib.mkForce "always";
wantedBy = [ "multi-user.target" ];
script = ''
/run/current-system/sw/bin/podman system service --time=0 unix:///run/podman-containers.sock
'';
};
system.activationScripts = {
guidelinesJson = {
text = "test -f /mnt/data/guidelines.json || cp /opt/cloud-init-misc-data/guidelines.json /mnt/data/guidelines.json";
deps = [];
};
};
services.redis = {
enable = true;
bind = "10.0.1.51";
vmOverCommit = true;
extraConfig = ''
protected-mode no
'';
};
systemd.services.redis.serviceConfig = {
ReadWriteDirectories = "/var/lib/redis";
TimeoutStartSec = "60";
TimeoutStopSec = "60";
};
networking.firewall.allowedTCPPorts = [ 6379 5000 4444 ];
}
Reference in New Issue View Git Blame Copy Permalink