# Auto-generated using compose2nix v0.2.0-pre. { pkgs, lib, config, ... }: { services.nginx = { virtualHosts = { "proxitok.${config.networking.domain}" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:4772"; }; }; }; }; # Containers virtualisation.oci-containers.containers."proxitok-redis" = { image = "redis:7-alpine"; cmd = [ "redis-server" "--save" "60" "1" "--loglevel" "warning" ]; user = "nobody"; log-driver = "journald"; extraOptions = [ "--cap-drop=ALL" "--network-alias=redis" "--network=docker-compose_proxitok" "--security-opt=no-new-privileges:true" ]; }; systemd.services."podman-proxitok-redis" = { serviceConfig = { Restart = lib.mkOverride 500 "always"; }; after = [ "podman-network-docker-compose_proxitok.service" ]; requires = [ "podman-network-docker-compose_proxitok.service" ]; partOf = [ "podman-compose-docker-compose-root.target" ]; wantedBy = [ "podman-compose-docker-compose-root.target" ]; }; virtualisation.oci-containers.containers."proxitok-signer" = { image = "ghcr.io/pablouser1/signtok:master"; user = "nobody"; log-driver = "journald"; extraOptions = [ "--cap-drop=ALL" "--network-alias=signer" "--network=docker-compose_proxitok" "--security-opt=no-new-privileges:true" ]; }; systemd.services."podman-proxitok-signer" = { serviceConfig = { Restart = lib.mkOverride 500 "no"; }; after = [ "podman-network-docker-compose_proxitok.service" ]; requires = [ "podman-network-docker-compose_proxitok.service" ]; partOf = [ "podman-compose-docker-compose-root.target" ]; wantedBy = [ "podman-compose-docker-compose-root.target" ]; }; virtualisation.oci-containers.containers."proxitok-web" = { image = "ghcr.io/pablouser1/proxitok:master"; environment = { API_CACHE = "redis"; API_SIGNER = "remote"; API_SIGNER_URL = "http://proxitok-signer:8080/signature"; LATTE_CACHE = "/cache"; REDIS_HOST = "proxitok-redis"; REDIS_PORT = "6379"; APP_URL = "https://proxitok.${config.networking.domain}"; }; volumes = [ "proxitok-cache:/cache:rw" ]; ports = [ "4772:8080/tcp" ]; dependsOn = [ "proxitok-redis" "proxitok-signer" ]; log-driver = "journald"; extraOptions = [ "--cap-add=CHOWN" "--cap-add=SETGID" "--cap-add=SETUID" "--cap-drop=ALL" "--network-alias=web" "--network=docker-compose_proxitok" "--security-opt=no-new-privileges:true" ]; }; systemd.services."podman-proxitok-web" = { serviceConfig = { Restart = lib.mkOverride 500 "no"; }; after = [ "podman-network-docker-compose_proxitok.service" "podman-volume-docker-compose_proxitok-cache.service" ]; requires = [ "podman-network-docker-compose_proxitok.service" "podman-volume-docker-compose_proxitok-cache.service" ]; partOf = [ "podman-compose-docker-compose-root.target" ]; wantedBy = [ "podman-compose-docker-compose-root.target" ]; }; # Networks systemd.services."podman-network-docker-compose_proxitok" = { path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_proxitok"; }; script = '' podman network inspect docker-compose_proxitok || podman network create docker-compose_proxitok ''; partOf = [ "podman-compose-docker-compose-root.target" ]; wantedBy = [ "podman-compose-docker-compose-root.target" ]; }; # Volumes systemd.services."podman-volume-docker-compose_proxitok-cache" = { path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect docker-compose_proxitok-cache || podman volume create docker-compose_proxitok-cache ''; partOf = [ "podman-compose-docker-compose-root.target" ]; wantedBy = [ "podman-compose-docker-compose-root.target" ]; }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. systemd.targets."podman-compose-docker-compose-root" = { unitConfig = { Description = "Root target generated by compose2nix."; }; wantedBy = [ "multi-user.target" ]; }; }