Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[nix] Modularized the container backend so I can easily switch it with an option

Browse Source
This commit is contained in:
Drew Haven
2025-06-24 17:31:30 -07:00
parent c74e40e69e
commit f4dd4583db
10 changed files with 158 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
system/hosts/mcp/containers/bookstack.nix
View File

@@ -1,7 +1,8 @@
{ config, ... }:
let
let
inherit (import ./lib.nix config) mkContainer mkMariaDbContainer havenisms;
in {
in
{
imports = [
(mkMariaDbContainer {
name = "bookstack";
@@ -14,12 +15,12 @@ in {
sops.secrets = {
bookstack_app_key = {
restartUnits = [ "podman-bookstack.service" ];
restartUnits = [ "${config.local.container-backend}-bookstack.service" ];
mode = "0400";
owner = config.users.users.bookstack.name;
};
bookstack_db = {
restartUnits = [ "podman-bookstack-mariadb.service" ];
restartUnits = [ "${config.local.container-backend}-bookstack-mariadb.service" ];
mode = "0400";
owner = config.users.users.bookstack.name;
};

14
system/hosts/mcp/containers/focalboard.nix
View File

@@ -1,7 +1,8 @@
{ config, ... }:
let
inherit (import ./lib.nix config) mkContainer mkPostgresContainer terakoda;
in {
in
{
imports = [
(mkPostgresContainer {
name = "focalboard";
@@ -14,21 +15,26 @@ in {
sops.secrets = {
"focalboard/database" = {
restartUnits = [ "podman-focalboard.service" "podman-focalboard-postgres.service" ];
restartUnits = [
"${config.local.container-backend}-focalboard.service"
"${config.local.container-backend}-focalboard-postgres.service"
];
mode = "0400";
owner = config.users.users.focalboard.name;
};
};
sops.templates."focalboard-config.json" = {
restartUnits = [ "podman-focalboard.service" ];
restartUnits = [ "${config.local.container-backend}-focalboard.service" ];
owner = config.users.users.focalboard.name;
content = builtins.toJSON {
# Defaults from https://github.com/mattermost-community/focalboard/blob/main/config.json
"serverRoot" = "https://focalboard.terakoda.com";
"port" = 8000;
"dbtype" = "postgres";
"dbconfig" = "postgres://focalboard:${config.sops.placeholder."focalboard/database"}@focalboard-postgres/focalboard?sslmode=disable&connect_timeout=10";
"dbconfig" = "postgres://focalboard:${
config.sops.placeholder."focalboard/database"
}@focalboard-postgres/focalboard?sslmode=disable&connect_timeout=10";
"useSSL" = true;
"prometheus_address" = ":9092";
"session_expire_time" = 2592000;

8
system/hosts/mcp/containers/gitea.nix
View File

@@ -1,14 +1,14 @@
{ config, ... }:
let
let
inherit (import ./lib.nix config) mkContainer blazestar;
in
{
sops.secrets = {
"gitea/db_password" = {
restartUnits = [ "podman-gitea.service" ];
restartUnits = [ "${config.local.container-backend}-gitea.service" ];
};
"gitea/registration_token" = {
restartUnits = [ "podman-gitea-runner.service" ];
restartUnits = [ "${config.local.container-backend}-gitea-runner.service" ];
};
};
@@ -66,7 +66,7 @@ in
];
volumes = [
# The runner will spawn new containers to run the actions
"/var/run/podman/podman.sock:/var/run/docker.sock:ro"
"${config.local.container-socket}:/var/run/docker.sock:ro"
];
};
}

4
system/hosts/mcp/containers/havenisms.com/chat.nix
View File

@@ -8,10 +8,10 @@ in
sops.secrets = {
"matrix/syncv3/db-password" = {
restartUnits = [ "podman-matrix-sliding-sync.service" ];
restartUnits = [ "${config.local.container-backend}-matrix-sliding-sync.service" ];
};
"matrix/syncv3/secret" = {
restartUnits = [ "podman-matrix-sliding-sync.service" ];
restartUnits = [ "${config.local.container-backend}-matrix-sliding-sync.service" ];
};
};

4
system/hosts/mcp/containers/mariadb.nix
View File

@@ -1,8 +1,8 @@
# Common config for all mariadb containers
{ ... }:
{ config, ... }:
{
sops.secrets."mariadb_root_password" = {
restartUnits = [ "podman-mariadb.service" ];
restartUnits = [ "${config.local.container-backend}-mariadb.service" ];
mode = "0440";
group = "mariadb";
};

4
system/hosts/mcp/containers/oauth2proxy.nix
View File

@@ -5,11 +5,11 @@ in
{
sops.secrets = {
"oauth2-proxy/cookie-secret" = {
restartUnits = [ "podman-oauth2-proxy.service" ];
restartUnits = [ "${config.local.container-backend}-oauth2-proxy.service" ];
mode = "0400";
};
"oauth2-proxy/client-secret" = {
restartUnits = [ "podman-oauth2-proxy.service" ];
restartUnits = [ "${config.local.container-backend}-oauth2-proxy.service" ];
mode = "0400";
};
};

9
system/hosts/mcp/containers/openproject.nix
View File

@@ -1,19 +1,20 @@
{ config, ... }:
let
let
inherit (import ./lib.nix config) mkContainer havenisms;
hostName = "projects";
in {
in
{
sops.secrets = {
"openproject/secret-key-base" = {
restartUnits = [ "podman-openproject.service" ];
restartUnits = [ "${config.local.container-backend}-openproject.service" ];
mode = "0400";
owner = config.users.users.bookstack.name;
};
};
sops.templates."openproject.env" = {
restartUnits = [ "podman-openproject.service" ];
restartUnits = [ "${config.local.container-backend}-openproject.service" ];
content = ''
OPENPROJECT_SECRET_KEY_BASE=${config.sops.placeholder."openproject/secret-key-base"}
OPENPROJECT_HOST__NAME=${hostName}.${havenisms}

6
system/hosts/mcp/containers/traefik.nix
View File

@@ -10,11 +10,11 @@ in
sops.secrets = {
"traefik/oauth2-client-secret" = {
restartUnits = [ "podman-traefik.service" ];
restartUnits = [ "${config.local.container-backend}-traefik.service" ];
mode = "0400";
};
"traefik/oauth2-plugin-secret" = {
restartUnits = [ "podman-traefik.service" ];
restartUnits = [ "${config.local.container-backend}-traefik.service" ];
mode = "0400";
};
};
@@ -47,7 +47,7 @@ in
"8448:8448"
];
volumes = [
"/var/run/podman/podman.sock:/var/run/docker.sock:ro"
"${config.local.container-socket}:/var/run/docker.sock:ro"
# All the configs from the config directory
"${traefikConfigDir}:/etc/traefik"
# Oauth2 config containing secrets