2024-12-09 11:21:23 +00:00
|
|
|
{ config, lib, pkgs, foodogsquaredLib, ... }:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
hostCfg = config.hosts.ni;
|
|
|
|
|
cfg = hostCfg.services.penpot;
|
|
|
|
|
|
|
|
|
|
port = builtins.toString config.state.ports.penpot-frontend.value;
|
2025-01-29 04:48:19 +00:00
|
|
|
in {
|
2024-12-09 11:21:23 +00:00
|
|
|
options.hosts.ni.services.penpot.enable =
|
|
|
|
|
lib.mkEnableOption "self-hosted Penpot design tool";
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
2025-01-29 04:48:19 +00:00
|
|
|
state.ports = { penpot-frontend.value = 9001; };
|
2024-12-09 11:21:23 +00:00
|
|
|
|
|
|
|
|
sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets.yaml {
|
|
|
|
|
"penpot/env" = { };
|
2024-12-11 02:58:52 +00:00
|
|
|
"penpot/postgres_env" = { };
|
2024-12-09 11:21:23 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.oci-containers.networks.penpot = { };
|
|
|
|
|
virtualisation.oci-containers.volumes.penpot_assets = { };
|
|
|
|
|
virtualisation.oci-containers.volumes.penpot_postgres_v15 = { };
|
|
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.penpot-frontend = {
|
|
|
|
|
image = "docker.io/penpotapp/frontend:latest";
|
2025-01-29 04:48:19 +00:00
|
|
|
dependsOn = [ "penpot-backend" "penpot-exporter" ];
|
2024-12-09 11:21:23 +00:00
|
|
|
ports = lib.singleton "127.0.0.1:${port}:${port}";
|
2025-01-29 04:48:19 +00:00
|
|
|
extraOptions = [ "--network=penpot" ];
|
|
|
|
|
volumes = [ "penpot_assets:/opt/data/assets" ];
|
2024-12-09 11:21:23 +00:00
|
|
|
environment.PENPOT_FLAGS = lib.concatStringsSep " " [
|
|
|
|
|
"enable-login-with-password"
|
|
|
|
|
"enable-webhooks"
|
|
|
|
|
"enable-login-with-github"
|
|
|
|
|
"enable-login-with-oidc"
|
|
|
|
|
"disable-registration"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.penpot-backend = {
|
|
|
|
|
image = "docker.io/penpotapp/backend:latest";
|
2025-01-29 04:48:19 +00:00
|
|
|
volumes = [ "penpot_assets:/opt/data/assets" ];
|
|
|
|
|
extraOptions = [ "--network=penpot" ];
|
|
|
|
|
dependsOn = [ "penpot-postgres" "penpot-redis" ];
|
|
|
|
|
environmentFiles = [ config.sops.secrets."penpot/env".path ];
|
2024-12-09 11:21:23 +00:00
|
|
|
environment = {
|
|
|
|
|
PENPOT_FLAGS = lib.concatStringsSep " " [
|
|
|
|
|
"enable-registration"
|
|
|
|
|
"enable-login-with-password"
|
|
|
|
|
];
|
|
|
|
|
PENPOT_PUBLIC_URI = "http://localhost:${port}";
|
|
|
|
|
PENPOT_DATABASE_URI = "postgresql://penpot-postgres/penpot";
|
|
|
|
|
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
|
|
|
|
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs";
|
|
|
|
|
PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets";
|
|
|
|
|
PENPOT_TELEMETRY_ENABLED = "true";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.penpot-exporter = {
|
|
|
|
|
image = "docker.io/penpotapp/exporter:latest";
|
2025-01-29 04:48:19 +00:00
|
|
|
extraOptions = [ "--network=penpot" ];
|
2024-12-09 11:21:23 +00:00
|
|
|
environment = {
|
|
|
|
|
PENPOT_PUBLIC_URI = "http://penpot-frontend";
|
|
|
|
|
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.penpot-redis = {
|
|
|
|
|
image = "docker.io/redis:7";
|
2025-01-29 04:48:19 +00:00
|
|
|
extraOptions = [ "--network=penpot" ];
|
2024-12-09 11:21:23 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.penpot-postgres = {
|
|
|
|
|
image = "docker.io/postgres:15";
|
2025-01-29 04:48:19 +00:00
|
|
|
volumes = [ "penpot_postgres_v15:/var/lib/postgresql/data" ];
|
2024-12-09 11:21:23 +00:00
|
|
|
extraOptions = [ "--network=penpot" ];
|
2025-01-29 04:48:19 +00:00
|
|
|
environmentFiles = [ config.sops.secrets."penpot/postgres_env".path ];
|
2024-12-09 11:21:23 +00:00
|
|
|
environment = {
|
2025-01-29 04:48:19 +00:00
|
|
|
POSTGRES_INITDB_ARGS = lib.concatStringsSep " " [ "--data-checksums" ];
|
2024-12-09 11:21:23 +00:00
|
|
|
POSTGRES_DB = "penpot";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
