foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-19 00:19:11 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/ni/services/penpot: init

Browse Source
This commit is contained in:
Gabriel Arazas 2024-12-09 19:21:23 +08:00
parent bf2ea201c1
commit 60a932a144
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
3 changed files with 132 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configs/nixos/ni/modules/default.nix
View File

@ -7,6 +7,7 @@
./services/backup ./services/backup
./services/monitoring.nix ./services/monitoring.nix
./services/download-media ./services/download-media
./services/penpot
./setups/desktop.nix ./setups/desktop.nix
./setups/development.nix ./setups/development.nix
./setups/gaming.nix ./setups/gaming.nix

109
configs/nixos/ni/modules/services/penpot/default.nix Normal file
View File

@ -0,0 +1,109 @@
{ config, lib, pkgs, foodogsquaredLib, ... }:
let
hostCfg = config.hosts.ni;
cfg = hostCfg.services.penpot;
port = builtins.toString config.state.ports.penpot-frontend.value;
in
{
options.hosts.ni.services.penpot.enable =
lib.mkEnableOption "self-hosted Penpot design tool";
config = lib.mkIf cfg.enable {
state.ports = {
penpot-frontend.value = 9001;
};
sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets.yaml {
"penpot/env" = { };
};
virtualisation.oci-containers.networks.penpot = { };
virtualisation.oci-containers.volumes.penpot_assets = { };
virtualisation.oci-containers.volumes.penpot_postgres_v15 = { };
virtualisation.oci-containers.containers.penpot-frontend = {
image = "docker.io/penpotapp/frontend:latest";
dependsOn = [
"penpot-backend"
"penpot-exporter"
];
ports = lib.singleton "127.0.0.1:${port}:${port}";
extraOptions = [
"--network=penpot"
];
volumes = [
"penpot_assets:/opt/data/assets"
];
environment.PENPOT_FLAGS = lib.concatStringsSep " " [
"enable-login-with-password"
"enable-webhooks"
"enable-login-with-github"
"enable-login-with-oidc"
"disable-registration"
];
};
virtualisation.oci-containers.containers.penpot-backend = {
image = "docker.io/penpotapp/backend:latest";
volumes = [
"penpot_assets:/opt/data/assets"
];
extraOptions = [
"--network=penpot"
];
dependsOn = [
"penpot-postgres"
"penpot-redis"
];
environmentFiles = [
config.sops.secrets."penpot/env".path
];
environment = {
PENPOT_FLAGS = lib.concatStringsSep " " [
"enable-registration"
"enable-login-with-password"
];
PENPOT_PUBLIC_URI = "http://localhost:${port}";
PENPOT_DATABASE_URI = "postgresql://penpot-postgres/penpot";
PENPOT_REDIS_URI = "redis://penpot-redis/0";
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs";
PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets";
PENPOT_TELEMETRY_ENABLED = "true";
};
};
virtualisation.oci-containers.containers.penpot-exporter = {
image = "docker.io/penpotapp/exporter:latest";
extraOptions = [
"--network=penpot"
];
environment = {
PENPOT_PUBLIC_URI = "http://penpot-frontend";
PENPOT_REDIS_URI = "redis://penpot-redis/0";
};
};
virtualisation.oci-containers.containers.penpot-redis = {
image = "docker.io/redis:7";
extraOptions = [
"--network=penpot"
];
};
virtualisation.oci-containers.containers.penpot-postgres = {
image = "docker.io/postgres:15";
volumes = [
"penpot_postgres_v15:/var/lib/postgresql/data"
];
extraOptions = [ "--network=penpot" ];
environment = {
POSTGRES_INITDB_ARGS = lib.concatStringsSep " " [
"--data-checksums"
];
POSTGRES_DB = "penpot";
};
};
};
}

22
configs/nixos/ni/modules/services/penpot/secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
penpot:
env: ENC[AES256_GCM,data:WMwX6jeuAkjb2uynJes0avCcbWM0yrmQ6q3OfQMxbrAzmXsOtfaVXO0O8cY4fU0WMYhCLh1nZt0b5VDNjH5IBogM8SZ5/HL4lUaK6y16wZw0jIeyjOrcoQWIrcuFkuEixk1hJU8u1KIx9xry6OKWAHa8AcLyww58Zqiis+V+nOZkGxpflFA/xDWv8v0Q4qDYrsfjzsZn3biBQPUQcNfHSouRHo9QQ8EZQjVjo3nDAXDbKTaa4Aj/sSm/zJ26RDeK9/kGAD/lx1YqKgLCvGPN7Y8aVFCzlqeLU3JRyqbi9qYajLSrvxHkWGvJGruWAEWHAMnQ+j8Zo7xWJoSTMTHtA2U7KJXfN/BjijQhbYlKp0VXQz6B9hPKyTlU6nZL6ivZ9w==,iv:eHNzD13Gr4L+wBrYdBTCOb+8yhtmFqwKjVl8BBAiKFg=,tag:+ivt+HihWrygiu9EWjXreA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jxna9vm7nx4g69s84qgjptxvuzszcypf2rfk4ss2lyhnpe3yxdnqusu6jp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQ21La1p3R3pYbkI0Mkl2
N0d5ekwvQkdLWFlSSFZlNzZEek5rSUpXQlM0Cld4bUd1MCtIRm9pZDRQVll2eWhE
NkdGTmcrS1pqZndXMzFMTUlhbGwwQ3MKLS0tIGVENTRpVmMxbW5CL2FRbFhBd3pV
VHAyQStoallxZXkwcWt3Y2VPeVZiWXMKvsGVPPFHYeTmpqyY63MI6aaDdvWC3OEE
ONka99YLasKLNkGqdEptDMTmo66nQ66pz0BG+NZuwoxkjJzvViektw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-09T10:47:53Z"
mac: ENC[AES256_GCM,data:FClAXi7GmaTm8oCHjwI9KTYJysmqAOFHM31zPvfnsaLwZKrIKBoYmI/EnHOS5lOVOrWzlxB07B+A5ZVoMYIcR7NbJZJ6WL8ULhtEheSd29XCwvqvvwZmNfriIa0uT3mBzW3W7bzeh9BuwUK6yiOlW6UBmzMh/P1ssQ92SVgg9LA=,iv:l+E6h7fCVsgY6OvuJFMnq5veGaj1vGXkwfCrutP4wfo=,tag:AptwpWdXZ4g/fmonuEWYwQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1