[Focalboard] Sets up Focalboard with storage, database and secrets. [OpenProject] Removes the container

2025-04-21 16:42:56 -07:00
parent 089541916a
commit c88845ea2a
5 changed files with 168 additions and 63 deletions
--- a/system/hosts/mcp/containers/focalboard.nix
+++ b/system/hosts/mcp/containers/focalboard.nix
@@ -0,0 +1,74 @@
+{ config, ... }:
+let
+  inherit (import ./lib.nix config) mkContainer mkPostgresContainer terakoda;
+  userIds = import ./user-ids.nix;
+  
+in {
+  imports = [
+    (mkPostgresContainer {
+      name = "focalboard";
+      directory = "/tank/focalboard/db";
+      uid = userIds.focalboard.uid;
+      gid = userIds.focalboard.gid;
+      passwordSecret = "focalboard/database";
+    })
+  ];
+
+  users.groups.focalboard = {
+    gid = userIds.focalboard.gid;
+  };
+
+  users.users.focalboard = {
+    uid = userIds.focalboard.uid;
+    isSystemUser = true;
+    description = "System User for Focalboard";
+    group = "focalboard";
+  };
+
+  sops.secrets = {
+    "focalboard/database" = {
+      restartUnits = [ "podman-focalboard.service" "podman-focalboard-postgres.service" ];
+      mode = "0400";
+      owner = config.users.users.focalboard.name;
+    };
+  };
+
+  sops.templates."focalboard-config.json" = {
+    restartUnits = [ "podman-focalboard.service" ];
+    owner = config.users.users.focalboard.name;
+    content = builtins.toJSON {
+      # Defaults from https://github.com/mattermost-community/focalboard/blob/main/config.json
+      "serverRoot" = "https://focalboard.terakoda.com";
+      "port" = 8000;
+      "dbtype" = "postgres";
+      "dbconfig" = "postgres://focalboard:${config.sops.placeholder."focalboard/database"}@focalboard-postgres/focalboard?sslmode=disable&connect_timeout=10";
+      "useSSL" = true;
+      "prometheus_address" = ":9092";
+      "session_expire_time" = 2592000;
+      "session_refresh_time" = 18000;
+      "postgres_dbconfig" = "dbname=focalboard sslmode=disable";
+      "webpath" = "./pack";
+      "filespath" = "./data/files";
+      "telemetry" = true;
+      "prometheusaddress" = ":9092";
+      "enableLocalMode" = true;
+      "localModeSocketLocation" = "/var/tmp/focalboard_local.socket";
+    };
+  };
+
+  virtualisation.oci-containers.containers = {
+    focalboard = mkContainer {
+      image = "mattermost/focalboard";
+      hostName = "focalboard";
+      domain = terakoda;
+      dependsOn = [ "focalboard-postgres" ];
+      port = 8000;
+      user = "${toString userIds.focalboard.uid}:${toString userIds.focalboard.gid}";
+      volumes = [
+        "/tank/focalboard/data/files:/opt/focalboard/data/files"
+        "${config.sops.templates."focalboard-config.json".path}:/opt/focalboard/config.json:ro"
+      ];
+    };
+  };
+
+}