Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[bookstack] Adds bookstack and cleans up a bunch of other files. Rewrites how mariadb instances are provisioned.

Browse Source
This commit is contained in:
Drew Haven
2025-03-25 14:37:12 -07:00
parent 0ddb2989b4
commit 83ed3a4809
7 changed files with 133 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
system/hosts/mcp/containers.nix
View File

@@ -3,9 +3,11 @@
{
# Additional configuration
imports = [
./containers/bookstack.nix
./containers/gitea.nix
./containers/grafana.nix
./containers/jobhunt.nix
./containers/mariadb.nix
./containers/nextcloud.nix
./containers/prometheus.nix
./containers/pocket-id.nix

4
system/hosts/mcp/containers/baserow.nix
View File

@@ -1,5 +1,5 @@
# Not in use, just reference.
{ config, pkgs, ... }:
{ config, ... }:
let inherit (import ./lib.nix config) mkContainer; in
{
virtualisation.oci-containers.containers.baserow = mkContainer {
@@ -19,4 +19,4 @@ let inherit (import ./lib.nix config) mkContainer; in
description = "No-Code Databases";
};
};
}
}

67
system/hosts/mcp/containers/bookstack.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, ... }:
let
inherit (import ./lib.nix config) mkContainer mkMariaDbContainer havenisms;
userIds = import ./user-ids.nix;
in {
imports = [
(mkMariaDbContainer {
name = "bookstack";
uid = userIds.bookstack.uid;
gid = userIds.bookstack.gid;
directory = "/tank/bookstack/db";
passwordSecret = "bookstack_db";
})
];
users.groups.bookstack = {
gid = userIds.bookstack.gid;
};
users.users.bookstack = {
uid = userIds.bookstack.uid;
isSystemUser = true;
description = "System User for Bookstack";
group = "bookstack";
};
sops.secrets = {
bookstack_app_key = {
restartUnits = [ "podman-bookstack.service" ];
mode = "0400";
owner = config.users.users.bookstack.name;
};
bookstack_db = {
restartUnits = [ "podman-bookstack-mariadb.service" ];
mode = "0400";
owner = config.users.users.bookstack.name;
};
};
virtualisation.oci-containers.containers.bookstack = mkContainer {
image = "lscr.io/linuxserver/bookstack:latest";
hostName = "bookstack";
port = "80";
dependsOn = [ "bookstack-mariadb" ];
homepageOpts = {
group = "Apps";
name = "Bookstack";
icon = "bookstack.svg";
description = "Wiki and Knowledgebase";
};
volumes = [
"/tank/bookstack/app:/config"
"${config.sops.secrets.bookstack_app_key.path}:/run/secrets/bookstack_app_key"
"${config.sops.secrets.bookstack_db.path}:/run/secrets/bookstack_db"
];
environment = {
APP_URL = "https://bookstack.${havenisms}";
PID = toString userIds.bookstack.uid;
GID = toString userIds.bookstack.gid;
DB_HOST = "bookstack-mariadb";
DB_USERNAME = "bookstack";
DB_DATABASE = "bookstack";
FILE__DB_PASSWORD = "/run/secrets/bookstack_db";
FILE__APP_KEY = "/run/secrets/bookstack_app_key";
};
};
}

41
system/hosts/mcp/containers/lib.nix
View File

@@ -28,15 +28,15 @@ in
dependsOn ? [],
domain ? havenisms,
volumes ? [],
environment ? [],
environment ? {},
environmentFiles ? [],
public ? false
}:
let routerRule = if public then hostRule hostName domain else localHostRule hostName domain;
in
{
image = image;
inherit image dependsOn volumes environment environmentFiles;
autoStart = true;
dependsOn = dependsOn;
extraOptions = [
"-l=traefik.enable=true"
"-l=traefik.http.routers.${hostName}.rule=${routerRule}"
@@ -47,7 +47,38 @@ in
"-l=homepage.href=https://${hostName}.${domain}"
"-l=homepage.description=${homepageOpts.description}"
];
volumes = volumes;
environment = environment;
};
# Creates a MariaDB container for a specific app. It should be safe to give
# it the same UID and GID as the app it is made for. The contaner will be
# named `${name}-mariadb`. The database name is the same as the database
# user.
#
# Note that this returns a _module_ so that it can be imported and provide many different config values.
mkMariaDbContainer = {
name,
uid,
gid,
passwordSecret,
directory,
}: { config, ... }: {
virtualisation.oci-containers.containers."${name}-mariadb" = {
image = "lscr.io/linuxserver/mariadb:latest";
autoStart = true;
ports = [ "3306:3306" ];
volumes = [
"${directory}:/config"
"${config.sops.secrets.mariadb_root_password.path}:/run/secrets/mariadb_root_password"
"${config.sops.secrets."${passwordSecret}".path}:/run/secrets/mariadb_password"
];
environment = {
PUID = "${toString uid}";
PGID = "${toString gid}";
MYSQL_USER = name;
MYSQL_DATABASE = name;
FILE__MYSQL_ROOT_PASSWORD = "/run/secrets/mariadb_root_password";
FILE__MYSQL_PASSWORD = "/run/secrets/mariadb_password";
};
};
};
}

35
system/hosts/mcp/containers/mariadb.nix
View File

@@ -1,26 +1,17 @@
# Common config for all mariadb containers
{ ... }:
{
virtualisation.oci-containers.containers.mariadb = {
image = "mariadb:11";
autoStart = true;
extraOptions = [
];
volumes = [
"/tank/mariadb:/var/lib/mysql"
];
cmd = [
"--innodb-buffer-pool-size=512M"
"--transaction-isolation=READ-COMMITTED"
"--character-set-server=utf8mb4"
"--collation-server=utf8mb4_unicode_ci"
"--max-connections=512"
"--innodb-rollback-on-timeout=OFF"
"--innodb-lock-wait-timeout=120"
];
environment = {
MARIADB_DATABASE = "mariadb";
# TODO: Secrets
MARIADB_ROOT_PASSWORD = "root123";
let
userIds = import ./user-ids.nix;
in {
users = {
groups."mariadb" = {
gid = userIds.mariadb.gid;
};
};
sops.secrets."mariadb_root_password" = {
restartUnits = [ "podman-mariadb.service" ];
mode = "0440";
group = "mariadb";
};
}

8
system/hosts/mcp/containers/user-ids.nix
View File

@@ -5,4 +5,12 @@
uid = 2003;
gid = 2003;
};
bookstack = {
uid = 2004;
gid = 2004;
};
mariadb = {
uid = 2005;
gid = 2005;
};
}