public
/
lemmy-container
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

podman -> container

This commit is contained in:
niten 2024-01-24 19:33:59 -08:00
parent b157a771c0
commit 73454ddb84
1 changed files with 64 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
lemmy-container.nix
View File

@ -1,78 +1,8 @@
{ config, lib, pkgs, ... }@toplevel: { config, lib, pkgs, ... }@toplevel:
with lib; with lib;
let let cfg = config.services.lemmyContainer;
cfg = config.services.lemmyContainer;
lemmyImage = { ... }:
{ pkgs, ... }: {
project.name = "lemmy";
networks = { external_network.internal = false; };
docker-compose.volumes = {
postgres-data = { };
private-data = { };
};
services = {
lemmy = { pkgs, ... }: {
service = {
restart = "always";
volumes = [
"postgres-data:/var/lib/postgres/data"
"private-data:/var/lib/private"
"${cfg.admin-password-file}:${cfg.admin-password-file}"
];
ports = [ "${toString cfg.port}:80" ];
networks = [ "external_network" ];
capabilities = {
BPF = true;
SYS_ADMIN = true;
};
};
nixos = {
useSystemd = true;
configuration = {
boot.tmp.useTmpfs = true;
system.nssModules = mkForce [ ];
services = {
nscd.enable = false;
postgresql.enable = true;
pict-rs.enable = true;
lemmy = {
enable = true;
database.createLocally = true;
adminPasswordFile = cfg.admin-password-file;
nginx.enable = true;
server.package = cfg.server-package;
settings = {
email = {
smtp_server = cfg.smtp.host;
smtp_port = cfg.smtp.port;
smtp_from_address = "noreply@${cfg.hostname}";
};
hostname = cfg.hostname;
setup.site_name = cfg.site-name;
};
};
nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
commonHttpConfig = ''
log_format with_response_time '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$request_time" "$upstream_response_time"';
access_log /var/log/nginx/access.log with_response_time;
'';
};
};
};
};
};
};
};
in { in {
options.services.lemmyContainer = with types; { options.services.lemmyContainer = with types; {
enable = mkEnableOption "Enable Lemmy server in a Podman container."; enable = mkEnableOption "Enable Lemmy server in a Podman container.";
@ -116,11 +46,72 @@ in {
description = "Package to use for the server."; description = "Package to use for the server.";
default = pkgs.lemmy-server; default = pkgs.lemmy-server;
}; };
state-directory = mkOption {
type = str;
description = "Path at which to store server state.";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
virtualisation.arion.projects.lemmy.settings = let image = lemmyImage { }; containers.lemmy = {
in { imports = [ image ]; }; autoStart = true;
privateNetwork = true;
forwardPorts = [{
protocol = "tcp";
hostPort = cfg.port;
containerPort = 80;
}];
ephemeral = true;
bindMounts = {
"/var/lib/postgres/data" = {
hostPath = "${cfg.state-directory}/postgres";
};
"/var/lib/private" = {
hostPath = "${cfg.state-directory}/lemmy-data";
};
"${cfg.admin-password-file}" = {
isReadOnly = true;
hostPath = cfg.admin-password-file;
};
};
config = {
boot.tmp.useTmpfs = true;
services = {
nscd.enable = false;
postgresql.enable = true;
pict-rs.enable = true;
lemmy = {
enable = true;
database.createLocally = true;
adminPasswordFile = cfg.admin-password-file;
nginx.enable = true;
server.package = cfg.server-package;
settings = {
email = {
smtp_server = cfg.smtp.host;
smtp_port = cfg.smtp.port;
smtp_from_address = "noreply@${cfg.hostname}";
};
hostname = cfg.hostname;
setup.site_name = cfg.site-name;
};
};
nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
commonHttpConfig = ''
log_format with_response_time '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$request_time" "$upstream_response_time"';
access_log /var/log/nginx/access.log with_response_time;
'';
};
};
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;