121 lines
3.4 KiB
Nix
121 lines
3.4 KiB
Nix
{ pkgs, lib, ... }:
|
|
let
|
|
releaseVersion = app: (if builtins.pathExists "/mnt/data/guidelines.json" then (builtins.fromJSON (builtins.readFile "/mnt/data/guidelines.json")).${app} else "latest");
|
|
in
|
|
{
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
};
|
|
|
|
oci-containers = {
|
|
backend = "podman";
|
|
};
|
|
|
|
oci-containers.containers."api" = {
|
|
image = "registry.gitlab.com/infektweb/glv5/api:${releaseVersion "api"}";
|
|
ports = [
|
|
"8001:8080"
|
|
];
|
|
extraOptions = [
|
|
"--add-host=host:10.0.1.51"
|
|
];
|
|
environment = {
|
|
"PORT" = "8080";
|
|
"BASE_CLIENT_URL" = "http://[space].guidelines.ch";
|
|
"ENVIRONMENT" = (builtins.readFile /opt/cloud-init-misc-data/environment);
|
|
"VAULT_SECRET_PATH" = "kv/data/guidelines/${(builtins.readFile /opt/cloud-init-misc-data/environment)}/api";
|
|
"VAULT_URL" = "http://host:8200";
|
|
};
|
|
volumes = [
|
|
"/mnt/data/vault-guidelines-api-token:/vault-token"
|
|
];
|
|
};
|
|
|
|
oci-containers.containers."web" = {
|
|
image = "registry.gitlab.com/infektweb/glv5/web:${releaseVersion "web"}";
|
|
ports = [
|
|
"80:8080"
|
|
];
|
|
extraOptions = [
|
|
"--add-host=host:10.0.1.51"
|
|
];
|
|
environment = {
|
|
"API_URL" = "http://host:8001";
|
|
"PORT" = "8080";
|
|
"CLIENT_URL" = "https://guidelines.ch";
|
|
"REDIS_URL" = "redis://host:6379";
|
|
|
|
"AUTH0_AUDIENCE" = "";
|
|
"AUTH0_CLIENT_ID" = "";
|
|
"AUTH0_CLIENT_SECRET" = "";
|
|
"AUTH0_DOMAIN" = "";
|
|
"CHALLENGE_CONTENT" = "";
|
|
"CHALLENGE_ID" = "";
|
|
|
|
};
|
|
};
|
|
|
|
oci-containers.containers."deploymentagent" = {
|
|
image = "registry.gitlab.com/infektweb/glv5/hetzner-cloud-environment/deploymentagent:poc-integration";
|
|
ports = [
|
|
"5000:5000"
|
|
];
|
|
extraOptions = [
|
|
"--add-host=host:10.0.1.51"
|
|
];
|
|
environment = {
|
|
"VAULT_SECRET_PATH" = "kv/data/guidelines/${(builtins.readFile /opt/cloud-init-misc-data/environment)}/deploymentagent";
|
|
"VAULT_URL" = "http://host:8200";
|
|
"NIXOS_REBUILD_SOCKET_URL" = "host:4444";
|
|
"DEPLOYMENT_STATE_FILE" = "/guidelines.json";
|
|
};
|
|
volumes = [
|
|
"/mnt/data/vault-deploymentagent-token:/vault-token"
|
|
"/run/podman-containers.sock:/tmp/podman/podman.sock"
|
|
"/mnt/data/guidelines.json:/guidelines.json"
|
|
];
|
|
};
|
|
|
|
# oci-containers.containers."html2pdf" = {
|
|
# };
|
|
|
|
# oci-containers.containers."filestore" = {
|
|
# };
|
|
|
|
};
|
|
|
|
systemd.services.docker-podman-rest-api = {
|
|
serviceConfig.Type = "simple";
|
|
serviceConfig.Restart = lib.mkForce "always";
|
|
wantedBy = [ "multi-user.target" ];
|
|
script = ''
|
|
/run/current-system/sw/bin/podman system service --time=0 unix:///run/podman-containers.sock
|
|
'';
|
|
};
|
|
|
|
system.activationScripts = {
|
|
guidelinesJson = {
|
|
text = "test -f /mnt/data/guidelines.json || cp /opt/cloud-init-misc-data/guidelines.json /mnt/data/guidelines.json";
|
|
deps = [];
|
|
};
|
|
};
|
|
|
|
services.redis = {
|
|
enable = true;
|
|
bind = "10.0.1.51";
|
|
vmOverCommit = true;
|
|
extraConfig = ''
|
|
protected-mode no
|
|
'';
|
|
};
|
|
systemd.services.redis.serviceConfig = {
|
|
ReadWriteDirectories = "/var/lib/redis";
|
|
TimeoutStartSec = "60";
|
|
TimeoutStopSec = "60";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 6379 5000 4444 ];
|
|
}
|