[Offen] Sets up offen.
This commit is contained in:
@@ -10,8 +10,9 @@
|
||||
./containers/jobhunt.nix
|
||||
./containers/mariadb.nix
|
||||
./containers/nextcloud.nix
|
||||
./containers/prometheus.nix
|
||||
./containers/offen.nix
|
||||
./containers/pocket-id.nix
|
||||
./containers/prometheus.nix
|
||||
./containers/public-homepage.nix
|
||||
./containers/searxng.nix
|
||||
./containers/shared-postgres.nix
|
||||
|
||||
@@ -36,6 +36,7 @@ in
|
||||
environmentFiles ? [],
|
||||
public ? false,
|
||||
user ? null,
|
||||
extraOptions ? [],
|
||||
}:
|
||||
let
|
||||
routerRule = if public then hostRule hostName domain else localHostRule hostName domain;
|
||||
@@ -48,7 +49,7 @@ in
|
||||
};
|
||||
in
|
||||
{
|
||||
inherit image dependsOn volumes environment environmentFiles ports user;
|
||||
inherit image dependsOn volumes environment environmentFiles ports user extraOptions;
|
||||
autoStart = true;
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
|
||||
47
system/hosts/mcp/containers/offen.nix
Normal file
47
system/hosts/mcp/containers/offen.nix
Normal file
@@ -0,0 +1,47 @@
|
||||
{ config, ... }:
|
||||
let
|
||||
inherit (import ./lib.nix config) mkContainer terakoda;
|
||||
userIds = import ./user-ids.nix;
|
||||
in {
|
||||
users = userIds.mkUserAndGroup "offen" userIds.offen;
|
||||
|
||||
sops = {
|
||||
secrets = {
|
||||
"offen/smtp-token" = {};
|
||||
"offen/secret" = {};
|
||||
};
|
||||
templates."offen.env" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.offen.name;
|
||||
group = config.users.users.offen.group;
|
||||
content = ''
|
||||
OFFEN_SECRET="${config.sops.placeholder."offen/secret"}"
|
||||
OFFEN_SMTP_USER="offen@terakoda.com"
|
||||
OFFEN_SMTP_PASSWORD="${config.sops.placeholder."offen/smtp-token"}"
|
||||
OFFEN_SMTP_HOST="smtp.protonmail.ch"
|
||||
OFFEN_SMTP_PORT="587"
|
||||
OFFEN_SMTP_SENDER="offen@terakoda.com"
|
||||
OFFEN_SMTP_AUTHTYPE="LOGIN"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers.offen = mkContainer {
|
||||
image = "offen/offen";
|
||||
hostName = "offen";
|
||||
domain = terakoda;
|
||||
user = "${toString userIds.offen.uid}:${toString userIds.offen.gid}";
|
||||
port = 80;
|
||||
volumes = [
|
||||
"${config.sops.templates."offen.env".path}:/etc/offen/offen.env:ro"
|
||||
"/tank/offen/data:/var/opt/offen"
|
||||
];
|
||||
# TODO: When running with this option the service fails to start with errors:
|
||||
# Unmounting /var/lib/containers/storage/overlay/{hash}/merged: invalid argument
|
||||
# Error: mounting storage for container {hash}: creating overlay mount to {overlay info}
|
||||
# extraOptions = [
|
||||
# "--uidmap=10000:${toString userIds.offen.uid}"
|
||||
# "--gidmap=10001:${toString userIds.offen.gid}"
|
||||
# ];
|
||||
};
|
||||
}
|
||||
@@ -17,4 +17,21 @@
|
||||
uid = 2006;
|
||||
gid = 2006;
|
||||
};
|
||||
offen = {
|
||||
uid = 2007;
|
||||
gid = 2007;
|
||||
};
|
||||
|
||||
mkUserAndGroup = name: ids: {
|
||||
groups."${name}" = {
|
||||
gid = ids.gid;
|
||||
};
|
||||
|
||||
users."${name}" = {
|
||||
uid = ids.uid;
|
||||
isSystemUser = true;
|
||||
description = "System User for ${name}";
|
||||
group = "${name}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user