This repository has been archived on 2024-08-30. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/hosts/lime/services/penpot/docker-compose.nix
2005 b6107679d1 🚀 big update:
added logging to all nginx routes
added loki, promtail to scrape nginx logs
turned i2pd back on,
updated my websites version
upgraded all hosts to 24.05
forgejo added bigger limit to upload limit due to docker images
privacy frontends:
    added priviblur
    libreddit -> redlib
    added biblioreads

ddns-updater, changed credentials but there is a bug with porkbun
added penpot
brought back anonymousoverflow
added readme privacy respecting frontends
2024-06-03 02:05:38 +02:00

284 lines
8.4 KiB
Nix

# Auto-generated using compose2nix v0.1.9.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."docker-compose-penpot-backend" = {
image = "penpotapp/backend:latest";
environment = {
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs";
PENPOT_DATABASE_PASSWORD = "penpot";
PENPOT_DATABASE_URI = "postgresql://penpot-postgres/penpot";
PENPOT_DATABASE_USERNAME = "penpot";
PENPOT_FLAGS = "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server";
PENPOT_PUBLIC_URI = "https://penpot.4o1x5.dev";
PENPOT_REDIS_URI = "redis://penpot-redis/0";
PENPOT_SMTP_DEFAULT_FROM = "no-reply@example.com";
PENPOT_SMTP_DEFAULT_REPLY_TO = "no-reply@example.com";
PENPOT_SMTP_HOST = "penpot-mailcatch";
PENPOT_SMTP_PASSWORD = "";
PENPOT_SMTP_PORT = "1025";
PENPOT_SMTP_SSL = "false";
PENPOT_SMTP_TLS = "false";
PENPOT_SMTP_USERNAME = "";
PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets";
PENPOT_TELEMETRY_ENABLED = "false";
};
volumes = [
"penpot_assets:/opt/data/assets:rw"
];
dependsOn = [
"docker-compose-penpot-postgres"
"docker-compose-penpot-redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-backend"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-backend" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-exporter" = {
image = "penpotapp/exporter:latest";
environment = {
PENPOT_PUBLIC_URI = "http://penpot-frontend";
PENPOT_REDIS_URI = "redis://penpot-redis/0";
};
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-exporter"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-exporter" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-frontend" = {
image = "penpotapp/frontend:latest";
environment = {
PENPOT_FLAGS = "enable-registration enable-login-with-password";
};
volumes = [
"penpot_assets:/opt/data/assets:rw"
];
ports = [
"9032:80/tcp"
];
labels = {
"traefik.enable" = "true";
};
dependsOn = [
"docker-compose-penpot-backend"
"docker-compose-penpot-exporter"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-frontend"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-frontend" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-mailcatch" = {
image = "sj26/mailcatcher:latest";
ports = [
"1080:1080/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-mailcatch"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-mailcatch" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-postgres" = {
image = "postgres:15";
environment = {
POSTGRES_DB = "penpot";
POSTGRES_INITDB_ARGS = "--data-checksums";
POSTGRES_PASSWORD = "penpot";
POSTGRES_USER = "penpot";
};
volumes = [
"penpot_postgres_v15:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-postgres"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-postgres" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_postgres_v15.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_postgres_v15.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-redis" = {
image = "redis:7";
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-redis"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-redis" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
# Networks
systemd.services."podman-network-docker-compose_penpot" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_penpot";
};
script = ''
podman network inspect docker-compose_penpot || podman network create docker-compose_penpot
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Volumes
systemd.services."podman-volume-docker-compose_penpot_assets" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect docker-compose_penpot_assets || podman volume create docker-compose_penpot_assets
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
systemd.services."podman-volume-docker-compose_penpot_postgres_v15" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect docker-compose_penpot_postgres_v15 || podman volume create docker-compose_penpot_postgres_v15
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-docker-compose-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}