[Focalboard] Sets up Focalboard with storage, database and secrets. [OpenProject] Removes the container

2025-04-21 16:42:56 -07:00
parent 089541916a
commit c88845ea2a
5 changed files with 168 additions and 63 deletions
--- a/system/hosts/mcp/containers/lib.nix
+++ b/system/hosts/mcp/containers/lib.nix
@@ -2,6 +2,8 @@ config:
 let
  havenisms = "havenisms.com";
  blazestar = "blazestar.net";
+  terakoda = "terakoda.com";
+  terakoda_net = "terakoda.net";
  hostRule = host: domain: "Host(`${host}.${domain}`)";
  hostRuleHavenisms = host: hostRule host havenisms;
  localNet = "192.168.0.0/16";
@@ -18,46 +20,42 @@ in
    localHostRuleHavenisms
    havenisms
    blazestar
-    ;
+    terakoda
+    terakoda_net;

-  mkContainer =
-    {
-      image,
-      hostName,
-      port,
-      homepageOpts,
-      dependsOn ? [ ],
-      domain ? havenisms,
-      ports ? [ ],
-      volumes ? [ ],
-      environment ? { },
-      environmentFiles ? [ ],
-      public ? false,
-    }:
+  mkContainer = {
+    image,
+    hostName,
+    port,
+    homepageOpts ? {},
+    dependsOn ? [],
+    domain ? havenisms,
+    ports ? [],
+    volumes ? [],
+    environment ? {},
+    environmentFiles ? [],
+    public ? false,
+    user ? null,
+  }:
    let
      routerRule = if public then hostRule hostName domain else localHostRule hostName domain;
+      homepageLabels = if homepageOpts == {} then {} else {
+        "homepage.group" = "${homepageOpts.group}";
+        "homepage.name" = "${homepageOpts.name}";
+        "homepage.icon" = "${homepageOpts.icon}";
+        "homepage.href" = "https://${hostName}.${domain}";
+        "homepage.description" = "${homepageOpts.description}";
+      };
    in
    {
-      inherit
-        image
-        dependsOn
-        volumes
-        environment
-        environmentFiles
-        ports
-        ;
+      inherit image dependsOn volumes environment environmentFiles ports user;
      hostname = "${hostName}.${domain}";
      autoStart = true;
-      extraOptions = [
-        "-l=traefik.enable=true"
-        "-l=traefik.http.routers.${hostName}.rule=${routerRule}"
-        "-l=traefik.http.services.${hostName}.loadbalancer.server.port=${toString port}"
-        "-l=homepage.group=${homepageOpts.group}"
-        "-l=homepage.name=${homepageOpts.name}"
-        "-l=homepage.icon=${homepageOpts.icon}"
-        "-l=homepage.href=https://${hostName}.${domain}"
-        "-l=homepage.description=${homepageOpts.description}"
-      ];
+      labels = {
+        "traefik.enable" = "true";
+        "traefik.http.routers.${hostName}.rule" = "${routerRule}";
+        "traefik.http.services.${hostName}.loadbalancer.server.port" = "${toString port}";
+      } // homepageLabels;
    };

  # Creates a MariaDB container for a specific app. It should be safe to give
@@ -66,33 +64,60 @@ in
  # user.
  #
  # Note that this returns a _module_ so that it can be imported and provide many different config values.
-  mkMariaDbContainer =
-    {
-      name,
-      uid,
-      gid,
-      passwordSecret,
-      directory,
-    }:
-    { config, ... }:
-    {
-      virtualisation.oci-containers.containers."${name}-mariadb" = {
-        image = "lscr.io/linuxserver/mariadb:latest";
-        autoStart = true;
-        ports = [ "3306:3306" ];
-        volumes = [
-          "${directory}:/config"
-          "${config.sops.secrets.mariadb_root_password.path}:/run/secrets/mariadb_root_password"
-          "${config.sops.secrets."${passwordSecret}".path}:/run/secrets/mariadb_password"
-        ];
-        environment = {
-          PUID = "${toString uid}";
-          PGID = "${toString gid}";
-          MYSQL_USER = name;
-          MYSQL_DATABASE = name;
-          FILE__MYSQL_ROOT_PASSWORD = "/run/secrets/mariadb_root_password";
-          FILE__MYSQL_PASSWORD = "/run/secrets/mariadb_password";
-        };
+  mkMariaDbContainer = {
+    name,
+    uid,
+    gid,
+    passwordSecret,
+    directory,
+  }:
+  { config, ... }:
+  {
+    virtualisation.oci-containers.containers."${name}-mariadb" = {
+      image = "lscr.io/linuxserver/mariadb:latest";
+      autoStart = true;
+      ports = [ "3306:3306" ];
+      volumes = [
+        "${directory}:/config"
+        "${config.sops.secrets.mariadb_root_password.path}:/run/secrets/mariadb_root_password"
+        "${config.sops.secrets."${passwordSecret}".path}:/run/secrets/mariadb_password"
+      ];
+      environment = {
+        PUID = "${toString uid}";
+        PGID = "${toString gid}";
+        MYSQL_USER = name;
+        MYSQL_DATABASE = name;
+        FILE__MYSQL_ROOT_PASSWORD = "/run/secrets/mariadb_root_password";
+        FILE__MYSQL_PASSWORD = "/run/secrets/mariadb_password";
      };
    };
+  };
+
+  mkPostgresContainer = {
+    name,
+    uid,
+    gid,
+    passwordSecret,
+    directory,
+    containerName ? "${name}-postgres",
+    databaseName ? name,
+    username ? name,
+  }: { config, ... }: {
+    virtualisation.oci-containers.containers."${containerName}" = {
+      image = "postgres";
+      autoStart = true;
+      volumes = [
+        # Note that data must be mounted at this location to persist.
+        # See https://github.com/docker-library/docs/blob/master/postgres/README.md#pgdata
+        "${directory}:/var/lib/postgresql/data"
+        "${config.sops.secrets."${passwordSecret}".path}:/run/secrets/postgres_password"
+      ];
+      user = "${toString uid}:${toString gid}";
+      environment = {
+        POSTGRES_USER = username;
+        POSTGRES_DB = databaseName;
+        POSTGRES_PASSWORD_FILE = "/run/secrets/postgres_password";
+      };
+    };
+  };
 }