puzzlevision/modules/nixos/services/sharkey/default.nix

110 lines
3.5 KiB
Nix
Raw Normal View History

{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.sharkey;
in {
options.${namespace}.services.sharkey = { enable = mkEnableOption "Enable Sharkey, the activitypub-based microblogging service."; };
config = mkIf cfg.enable {
sops.secrets.sharkey-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/default.sharkey.service.yaml";
format = "yaml";
};
sops.secrets.sharkey-docker-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/docker-env.sharkey.service.env";
format = "dotenv";
};
sops.secrets.sharkey-meilisearch-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/meilisearch.sharkey.service.env";
format = "dotenv";
};
systemd.tmpfiles.rules = [
"d /var/lib/containers/sharkey 0700 991 991 -"
];
system.activationScripts.sharkey-web = ''
cp ${config.sops.secrets.sharkey-config.path} /var/lib/containers/sharkey/.config/default.yml
'';
virtualisation.oci-containers.containers.sharkey-web = {
image = "registry.activitypub.software/transfem-org/sharkey:latest";
autoStart = true;
hostname = host;
dependsOn = [ "sharkey-redis" "sharkey-db" ];
environment = {
NODE_ENV = "production";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.sharkey.entrypoints" = "websecure";
"traefik.http.routers.sharkey.rule" = "Host(`voxtek.enterprises`)";
"traefik.http.services.sharkey.loadbalancer.server.port" = "3000";
# Homepage labels
"homepage.group" = "Entertainment";
"homepage.name" = "Sharkey";
"homepage.icon" = "/images/logo.png";
"homepage.href" = "https://voxtek.enterprises";
"homepage.description" = "Private VoxTek themed Sharkey instance";
"homepage.ping" = "https://voxtek.enterprises";
"homepage.widget.type" = "mastodon";
"homepage.widget.url" = "https://voxtek.enterprises";
};
volumes = [
"/var/lib/containers/sharkey/files:/sharkey/files:rw"
"/var/lib/containers/sharkey/.config:/sharkey/.config:ro"
];
extraOptions = ["--network=proxy --network=sharknet"];
};
virtualisation.oci-containers.containers.sharkey-redis = {
image = "docker.io/redis:7.0-alpine"
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/redis:/data:rw"
];
extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
}
virtualisation.oci-containers.containers.sharkey-meilisearch = {
image = "getmeili/meilisearch:v1.3.4"
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/meili_data:/meili_data:rw"
];
environment = {
MEILI_NO_ANALYTICS = "true";
MEILI_ENV = "production";
};
environmentFiles = [
config.sops.secrets.sharkey-meilisearch.path
];
extraOptions = ["--network=sharknet"];
}
virtualisation.oci-containers.containers.sharkey-db = {
image = "docker.io/postgres:16.1-alpine"
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/db:/var/lib/postgresql/data:rw"
];
environmentFiles = [
config.sops.secrets.sharkey-docker-config.path
];
extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
}
# W.I.P Todo: finish Sharkey service
};
}