···
7
-
dataDir = "/var/lib/planka";
d = self.lib.data.services.planka;
12
+
commonServiceConfig = {
13
+
EnvironmentFile = config.age.secrets.planka-env.path;
14
+
StateDirectory = "planka";
15
+
WorkingDirectory = "/var/lib/planka";
20
+
LockPersonality = true;
21
+
NoNewPrivileges = true;
22
+
PrivateDevices = true;
23
+
PrivateMounts = true;
25
+
PrivateUsers = true;
26
+
ProtectClock = true;
27
+
ProtectControlGroups = true;
29
+
ProtectHostname = true;
30
+
ProtectKernelLogs = true;
31
+
ProtectKernelModules = true;
32
+
ProtectKernelTunables = true;
33
+
ProtectProc = "invisible";
35
+
RestrictRealtime = true;
36
+
RestrictSUIDSGID = true;
38
+
RestrictAddressFamilies = [
11
-
virtualisation.oci-containers.containers = {
13
-
image = "ghcr.io/plankanban/planka:2.0.0-rc.4";
14
-
ports = [ "${toString d.port}:1337" ];
16
-
BASE_URL = "https://${d.extUrl}";
17
-
DATABASE_URL = "postgresql://planka@planka-db/planka";
19
-
DEFAULT_ADMIN_EMAIL = "pyrox@pyrox.dev";
20
-
DEFAULT_ADMIN_USERNAME = "pyrox";
21
-
TRUST_PROXY = "true";
22
-
DEFAULT_LANGUAGE = "en-US";
47
+
tmpfiles.settings = {
48
+
"10-planka"."/var/lib/planka".d = {
24
-
environmentFiles = [ config.age.secrets.planka-env.path ];
26
-
"${dataDir}/user-avatars:/app/public/user-avatars"
27
-
"${dataDir}/project-background-images:/app/public/project-background-images"
28
-
"${dataDir}/attachments:/app/private/attachments"
29
-
"${dataDir}/favicons:/app/public/favicons"
30
-
"${dataDir}/background-images:/app/public/background-images"
32
-
extraOptions = [ "--network=planka" ];
35
-
image = "postgres:16-alpine";
36
-
volumes = [ "${dataDir}/db:/var/lib/postgresql/data" ];
38
-
POSTGRES_USER = "planka";
39
-
POSTGRES_DB = "planka";
40
-
POSTGRES_HOST_AUTH_METHOD = "trust";
56
+
wantedBy = [ "multi-user.target" ];
57
+
after = [ "postgres.target" ];
58
+
description = "Planka Kanban Database Init Script";
63
+
if [ ! -f /var/lib/planka/db-init-ran ]; then
64
+
node run ${self'.packages.planka}/lib/node_modules/planka/db/init.js && \
65
+
touch /var/lib/planka/db-init-ran
68
+
serviceConfig = commonServiceConfig // {
70
+
SyslogIdentifier = "planka-init-db";
42
-
extraOptions = [ "--network=planka" ];
74
+
after = [ "planka-init-db.service" ];
75
+
wantedBy = [ "multi-user.target" ];
76
+
description = "Planka Kanban Server";
77
+
documentation = [ "https://docs.planka.cloud" ];
79
+
DATABASE_URL = "postgresql://%2Frun%2Fpostgresql/planka";
80
+
DEFAULT_ADMIN_EMAIL = "pyrox@pyrox.dev";
81
+
DEFAULT_ADMIN_USERNAME = "pyrox";
82
+
TRUST_PROXY = "true";
83
+
DEFAULT_LANGUAGE = "en-US";
84
+
BASE_URL = "https://${d.extUrl}";
85
+
NODE_ENV = "production";
87
+
serviceConfig = commonServiceConfig // {
89
+
ExecStart = "${lib.getExe self'.packages.planka} --port ${toString d.port}";
90
+
SyslogIdentifier = "planka";
95
+
users.users.planka = {
96
+
isSystemUser = true;
99
+
users.groups.planka = { };
100
+
services.postgresql = {
104
+
ensureDBOwnership = true;
105
+
ensureClauses.login = true;
108
+
ensureDatabases = [ "planka" ];
age.secrets.planka-env = {
file = ./secrets/planka-env.age;
47
-
owner = "thehedgehog";
services.anubis.instances.planka = {
pyrox.dev