zivildienst/infrastructure/modules/compute/nix/guidelines.nix

74 lines
2.0 KiB
Nix

{ pkgs, lib, ... }:
let
releaseVersion = app: (builtins.fromJSON (builtins.readFile "/mnt/data/guidelines.json")).${app};
in
{
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
};
oci-containers = {
backend = "podman";
};
oci-containers.containers."api" = {
image = "registry.gitlab.com/infektweb/glv5/api:${releaseVersion "api"}";
ports = [
"8001:8080"
];
extraOptions = [
"--add-host=host:10.0.1.51"
];
environment = {
"PORT" = "8080";
"BASE_CLIENT_URL" = "http://[space].test-glv5.guidelines.ch";
"ENVIRONMENT" = (builtins.readFile /opt/cloud-init-misc-data/environment);
"VAULT_SECRET_PATH" = "kv/data/guidelines/${(builtins.readFile /opt/cloud-init-misc-data/environment)}/api";
"VAULT_URL" = "http://host:8200";
};
volumes = [
"/mnt/data/vault-guidelines-api-token:/vault-token"
];
#extraDockerOptions = [ "--network=foo" ];
};
oci-containers.containers."web" = {
image = "registry.gitlab.com/infektweb/glv5/web";
ports = [
"80:8080"
];
extraOptions = [
"--add-host=host:10.0.1.51"
];
environment = {
"API_URL" = "http://host:8001";
};
};
#oci-containers.containers."containerapi" = {
# image = "alpine";
# volumes = [
# "/run/podman-containers.sock:/podman-containers.sock"
# ];
# entrypoint = "/bin/sleep";
# cmd = ["10000"];
#};
};
systemd.services.docker-podman-rest-api = {
serviceConfig.Type = "simple";
serviceConfig.Restart = lib.mkForce "always";
wantedBy = [ "multi-user.target" ];
script = ''
/run/current-system/sw/bin/podman system service --time=0 unix:///run/podman-containers.sock
'';
};
services.redis.enable = true;
services.redis.requirePass = "p15c4e6538de2061edd65a52ab216ba071d78b1532a937c1c3d5821d5c571c0cf";
networking.firewall.allowedTCPPorts = [ 6379 ];
}