Actually, nothing needs external access?

This commit is contained in:
niten 2023-10-03 17:41:41 -07:00
parent 0786d1589f
commit b5d5535cd0
1 changed files with 9 additions and 0 deletions

View File

@ -16,10 +16,15 @@ let
, pictrsCfg, postgresCfg, ... }: , pictrsCfg, postgresCfg, ... }:
{ pkgs, ... }: { { pkgs, ... }: {
project.name = "lemmy"; project.name = "lemmy";
networks = {
internal_network.internal = true;
external_network.internal = false;
};
services = { services = {
proxy = { proxy = {
service = { service = {
image = proxyCfg.image; image = proxyCfg.image;
networks = [ "internal_network" "external_network" ];
ports = [ "${toString port}:8536" ]; ports = [ "${toString port}:8536" ];
volumes = [ "${proxyCfg.configFile}:/etc/nginx/nginx.conf:ro,Z" ]; volumes = [ "${proxyCfg.configFile}:/etc/nginx/nginx.conf:ro,Z" ];
depends_on = [ "lemmy" "lemmy-ui" "pictrs" ]; depends_on = [ "lemmy" "lemmy-ui" "pictrs" ];
@ -29,6 +34,7 @@ let
lemmy = { lemmy = {
service = { service = {
image = lemmyCfg.image; image = lemmyCfg.image;
networks = [ "internal_network" ];
hostname = "lemmy"; hostname = "lemmy";
env_file = [ lemmyCfg.envFile ]; env_file = [ lemmyCfg.envFile ];
volumes = [ "${lemmyCfg.configFile}:/config/config.hjson:ro,Z" ]; volumes = [ "${lemmyCfg.configFile}:/config/config.hjson:ro,Z" ];
@ -39,6 +45,7 @@ let
lemmy-ui = { lemmy-ui = {
service = { service = {
image = lemmyUiCfg.image; image = lemmyUiCfg.image;
networks = [ "internal_network" ];
hostname = "lemmy-ui"; hostname = "lemmy-ui";
depends_on = [ "lemmy" ]; depends_on = [ "lemmy" ];
restart = "always"; restart = "always";
@ -48,6 +55,7 @@ let
pictrs = { pictrs = {
service = { service = {
image = pictrsCfg.image; image = pictrsCfg.image;
networks = [ "internal_network" ];
hostname = "pictrs"; hostname = "pictrs";
volumes = [ "${stateDirectory}/pictrs:/mnt:Z" ]; volumes = [ "${stateDirectory}/pictrs:/mnt:Z" ];
user = "${toString pictrsCfg.uid}:${toString pictrsCfg.uid}"; user = "${toString pictrsCfg.uid}:${toString pictrsCfg.uid}";
@ -58,6 +66,7 @@ let
postgres = { postgres = {
service = { service = {
image = postgresCfg.image; image = postgresCfg.image;
networks = [ "internal_network" ];
hostname = "postgres"; hostname = "postgres";
volumes = [ volumes = [
"${stateDirectory}/postgres:/var/lib/postgresql/data:Z" "${stateDirectory}/postgres:/var/lib/postgresql/data:Z"