Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cfde735570ba5eb26cde31e7fdf7b4ba686811aa
system-config/system/hosts/mcp/containers/lib.nix

151 lines
4.3 KiB
Nix
Raw Blame History

config:
let
havenisms = "havenisms.com";
blazestar = "blazestar.net";
terakoda = "terakoda.com";
terakoda_net = "terakoda.net";
hostRule = host: domain: "Host(`${host}.${domain}`)";
hostRuleHavenisms = host: hostRule host havenisms;
localNet = "192.168.0.0/16";
dockerNet = "10.88.0.0/16";
localNetRule = "(ClientIP(`${localNet}`) || ClientIP(`${dockerNet}`))";
localHostRule = host: domain: "${localNetRule} && ${hostRule host domain}";
localHostRuleHavenisms = host: localHostRule host havenisms;
in
{
inherit
hostRule
localHostRule
hostRuleHavenisms
localHostRuleHavenisms
havenisms
blazestar
terakoda
terakoda_net
;
mkContainer =
{
image,
hostName,
port,
homepageOpts ? { },
dependsOn ? [ ],
domain ? havenisms,
ports ? [ ],
volumes ? [ ],
environment ? { },
environmentFiles ? [ ],
public ? false,
user ? null,
extraOptions ? [ ],
oauthProxy ? false,
extraLabels ? { },
}:
let
routerRule = if public then hostRule hostName domain else localHostRule hostName domain;
homepageLabels =
if homepageOpts == { } then
{ }
else
{
"homepage.group" = "${homepageOpts.group}";
"homepage.name" = "${homepageOpts.name}";
"homepage.icon" = "${homepageOpts.icon}";
"homepage.href" = "https://${hostName}.${domain}";
"homepage.description" = "${homepageOpts.description}";
};
oauthLabels =
if oauthProxy then { "traefik.http.routers.${hostName}.middlewares" = "oidc-auth@file"; } else { };
in
{
inherit
image
dependsOn
volumes
environment
environmentFiles
ports
user
extraOptions
;
autoStart = true;
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${hostName}.rule" = "${routerRule}";
"traefik.http.services.${hostName}.loadbalancer.server.port" = "${toString port}";
}
// oauthLabels
// homepageLabels
// extraLabels;
};
# Creates a MariaDB container for a specific app. It should be safe to give
# it the same UID and GID as the app it is made for. The contaner will be
# named `${name}-mariadb`. The database name is the same as the database
# user.
#
# Note that this returns a _module_ so that it can be imported and provide many different config values.
mkMariaDbContainer =
{
name,
uid,
gid,
passwordSecret,
directory,
}:
{ config, ... }:
{
virtualisation.oci-containers.containers."${name}-mariadb" = {
image = "lscr.io/linuxserver/mariadb:latest";
autoStart = true;
ports = [ "3306:3306" ];
volumes = [
"${directory}:/config"
"${config.sops.secrets.mariadb_root_password.path}:/run/secrets/mariadb_root_password"
"${config.sops.secrets."${passwordSecret}".path}:/run/secrets/mariadb_password"
];
environment = {
PUID = "${toString uid}";
PGID = "${toString gid}";
MYSQL_USER = name;
MYSQL_DATABASE = name;
FILE__MYSQL_ROOT_PASSWORD = "/run/secrets/mariadb_root_password";
FILE__MYSQL_PASSWORD = "/run/secrets/mariadb_password";
};
};
};
mkPostgresContainer =
{
name,
uid,
gid,
passwordSecret,
directory,
containerName ? "${name}-postgres",
databaseName ? name,
username ? name,
image ? "postgres",
}:
{ config, ... }:
{
virtualisation.oci-containers.containers."${containerName}" = {
inherit image;
autoStart = true;
volumes = [
# Note that data must be mounted at this location to persist.
# See https://github.com/docker-library/docs/blob/master/postgres/README.md#pgdata
"${directory}:/var/lib/postgresql/data"
"${config.sops.secrets."${passwordSecret}".path}:/run/secrets/postgres_password"
];
user = "${toString uid}:${toString gid}";
environment = {
POSTGRES_USER = username;
POSTGRES_DB = databaseName;
POSTGRES_PASSWORD_FILE = "/run/secrets/postgres_password";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink