pyrox.dev / nix
My Nix Configuration
fork atom

[marvin.services] pingvin-share: dockerize against my will

pyrox.dev 157f72ce fb29ade4

verified
options
unified split
Changed files
+50 -15
systems
x86_64-linux
marvin
services
pingvin-share.nix
secrets
pingvin-secrets.age
prefect
services
mailserver
logins.nix
+49 -14
systems/x86_64-linux/marvin/services/pingvin-share.nix 
···

       
10

       
10

       
 

       
  configFormat = pkgs.formats.yaml { };


     

       
11

       
11

       
 

       
  configFile = configFormat.generate "config.yaml" {


     

       
12

       
12

       
 

       
    general = {


     

       
13

       

       
-

       
      appName = "dishNet Files";


     

       

       
13

       
+

       
      appName = "dishNet Share";


     

       

       
14

       
+

       
      appUrl = "https://share.pyrox.dev";


     

       
14

       
15

       
 

       
      secureCookies = "true";


     

       

       
16

       
+

       
      showHomePage = "false";


     

       
15

       
17

       
 

       
    };


     

       
16

       
18

       
 

       
    share = {


     

       
17

       
19

       
 

       
      allowRegistration = "false";


     

       
18

       
20

       
 

       
      allowUnauthenticatedShares = "false";


     

       

       
21

       
+

       
      maxSize = "10000000000";


     

       
19

       
22

       
 

       
    };


     

       
20

       
23

       
 

       
    email.enableShareEmailRecipients = "true";


     

       
21

       
24

       
 

       
    smtp = {


     
···

       
29

       
32

       
 

       
    ldap.enabled = "false";


     

       
30

       
33

       
 

       
    legal.enabled = "false";


     

       
31

       
34

       
 

       
    s3.enabled = "false";


     

       
32

       

       
-

       
    initUser = {


     

       
33

       

       
-

       
      enabled = true;


     

       
34

       

       
-

       
      username = "dish";


     

       
35

       

       
-

       
      email = "pyrox@pyrox.dev";


     

       
36

       

       
-

       
      password = "ADMIN_PASSWORD";


     

       
37

       

       
-

       
      isAdmin = true;


     

       

       
35

       
+

       
    oauth = {


     

       

       
36

       
+

       
      ignoreTotp = "true";


     

       

       
37

       
+

       
      oidc-enabled = "true";


     

       

       
38

       
+

       
      oidc-clientSecret = "CLIENT_SECRET";


     

       

       
39

       
+

       
      oidc-clientId = "d83006a6-9b08-47eb-af56-418065db09b5";


     

       

       
40

       
+

       
      oidc-discoveryUri = "https://auth.pyrox.dev/.well-known/openid-configuration";


     

       

       
41

       
+

       
      oidc-signOut = "false";


     

       

       
42

       
+

       
      oidc-scope = "openid email profile groups";


     

       

       
43

       
+

       
      oidc-rolePath = "groups";


     

       

       
44

       
+

       
      oidc-roleAdminAccess = "admins";


     

       
38

       
45

       
 

       
    };


     

       

       
46

       
+

       
    initUser.enabled = false;


     

       
39

       
47

       
 

       
  };


     

       
40

       
48

       
 

       
in


     

       
41

       
49

       
 

       
{


     

       

       
50

       
+

       
  virtualisation.oci-containers.containers = {


     

       

       
51

       
+

       
    pingvin-share-server = {


     

       

       
52

       
+

       
      image = "ghcr.io/stonith404/pingvin-share:latest";


     

       

       
53

       
+

       
      ports = [


     

       

       
54

       
+

       
        "${toString d.port}:3000"


     

       

       
55

       
+

       
        "${toString d.be-port}:8080"


     

       

       
56

       
+

       
      ];


     

       

       
57

       
+

       
      volumes = [


     

       

       
58

       
+

       
        "/var/lib/pingvin-share/data:/opt/app/backend/data"


     

       

       
59

       
+

       
        "/var/lib/pingvin-share/data/images:/opt/app/frontend/public/img"


     

       

       
60

       
+

       
        "/var/lib/pingvin-share/config.yaml:/opt/app/config.yaml"


     

       

       
61

       
+

       
      ];


     

       

       
62

       
+

       
      environment = {


     

       

       
63

       
+

       
        API_URL = "https://share.pyrox.dev";


     

       

       
64

       
+

       
        PUID = "962";


     

       

       
65

       
+

       
        PGID = "959";


     

       

       
66

       
+

       
      };


     

       

       
67

       
+

       
    };


     

       

       
68

       
+

       
  };


     

       

       
69

       
+

       
  users.users.pingvin = {


     

       

       
70

       
+

       
    uid = 962;


     

       

       
71

       
+

       
    group = cfg.group;


     

       

       
72

       
+

       
    isSystemUser = true;


     

       

       
73

       
+

       
  };


     

       

       
74

       
+

       
  users.groups.pingvin = {


     

       

       
75

       
+

       
    gid = 959;


     

       

       
76

       
+

       
  };


     

       

       
77

       
+

       



     

       
42

       
78

       
 

       
  services = {


     

       
43

       
79

       
 

       
    pingvin-share = {


     

       
44

       

       
-

       
      enable = true;


     

       

       
80

       
+

       
      enable = false;


     

       
45

       
81

       
 

       
      backend.port = d.be-port;


     

       
46

       
82

       
 

       
      frontend.port = d.port;


     

       
47

       
83

       
 

       
      hostname = "share.pyrox.dev";


     

       
48

       
84

       
 

       
      https = true;


     

       
49

       
85

       
 

       
    };


     

       
50

       

       
-

       
    anubis.instances = lib.mkIf cfg.enable {


     

       

       
86

       
+

       
    anubis.instances = {


     

       
51

       
87

       
 

       
      pingvin-share-be = {


     

       
52

       
88

       
 

       
        settings = {


     

       
53

       
89

       
 

       
          BIND = ":${toString d.be-anubis}";


     
···

       
65

       
101

       
 

       
    };


     

       
66

       
102

       
 

       
  };


     

       
67

       
103

       
 

       
  systemd.services.init-pingvin-config = {


     

       
68

       

       
-

       
    enable = cfg.enable;


     

       

       
104

       
+

       
    enable = true;


     

       
69

       
105

       
 

       
    description = "Pingvin Share configuration setup";


     

       
70

       
106

       
 

       
    wantedBy = [ "multi-user.target" ];


     

       
71

       
107

       
 

       
    before = [


     

       
72

       

       
-

       
      "pingvin-share-backend.service"


     

       
73

       

       
-

       
      "pingvin-share-frontend.service"


     

       

       
108

       
+

       
      "docker-pingvin-share-server.service"


     

       
74

       
109

       
 

       
    ];


     

       
75

       
110

       
 

       
    path = [ pkgs.gnused ];


     

       
76

       
111

       
 

       
    script = ''


     

       
77

       
112

       
 

       
      rm ${cfg.dataDir}/config.yaml


     

       
78

       
113

       
 

       
      cp ${configFile} ${cfg.dataDir}/config.yaml


     

       
79

       

       
-

       
      sed -i "s/SMTP_PASSWORD/$SMTP_PASSWORD/" ${cfg.dataDir}/config.yaml


     

       
80

       

       
-

       
      sed -i "s/ADMIN_PASSWORD/$ADMIN_PASSWORD/" ${cfg.dataDir}/config.yaml


     

       

       
114

       
+

       
      sed -i "s/SMTP_PASSWORD/\"$SMTP_PASSWORD\"/" ${cfg.dataDir}/config.yaml


     

       

       
115

       
+

       
      sed -i "s/CLIENT_SECRET/\"$CLIENT_SECRET\"/" ${cfg.dataDir}/config.yaml


     

       
81

       
116

       
 

       
    '';


     

       
82

       
117

       
 

       
    serviceConfig = {


     

       
83

       
118

       
 

       
      EnvironmentFile = config.age.secrets.pingvin-secrets.path;
systems/x86_64-linux/marvin/services/secrets/pingvin-secrets.age

This is a binary file and will not be displayed.

+1 -1
systems/x86_64-linux/prefect/services/mailserver/logins.nix 
···

       
34

       
34

       
 

       
      sendOnly = true;


     

       
35

       
35

       
 

       
    };


     

       
36

       
36

       
 

       
    "share@pyrox.dev" = {


     

       
37

       

       
-

       
      hashedPassword = "$2b$05$GTK7WRECM2FKlpqUWhsE1e9QaXX5fQ41id.W/PV2TZnOwNtrKJZHe";


     

       

       
37

       
+

       
      hashedPassword = "$2b$05$LDvYYmxYcTgqPMDvvhA.uO8UFh8yLqPzVuOdeYBq0x/WJ/85X3DEC";


     

       
38

       
38

       
 

       
      sendOnly = true;


     

       
39

       
39

       
 

       
    };


     

       
40

       
40

       
 

       
  };