diff --git a/nix-system-configs/modules/songsheet/wavelog/docker-compose.nix b/nix-system-configs/modules/songsheet/wavelog/docker-compose.nix index 9a9169c..76a090d 100644 --- a/nix-system-configs/modules/songsheet/wavelog/docker-compose.nix +++ b/nix-system-configs/modules/songsheet/wavelog/docker-compose.nix @@ -1,10 +1,8 @@ # Auto-generated by compose2nix. + +{ pkgs, lib, config, ... }: + { - pkgs, - lib, - config, - ... -}: { # Runtime virtualisation.podman = { enable = true; @@ -14,12 +12,9 @@ # Enable container name DNS for all Podman networks. networking.firewall.interfaces = let - matchAll = - if !config.networking.nftables.enable - then "podman+" - else "podman*"; + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; in { - "${matchAll}".allowedUDPPorts = [53]; + "${matchAll}".allowedUDPPorts = [ 53 ]; }; virtualisation.oci-containers.backend = "podman"; @@ -81,6 +76,94 @@ "podman-compose-wavelog-root.target" ]; }; + virtualisation.oci-containers.containers."pelican_panel" = { + image = "ghcr.io/pelican-dev/panel:latest"; + environment = { + "ADMIN_EMAIL" = "kuutruu@posteo.net"; + "APP_URL" = "https://pelican.prg-radio.org"; + "XDG_DATA_HOME" = "/pelican-data"; + }; + volumes = [ + "wavelog_pelican-data:/pelican-data:rw" + "wavelog_pelican-logs:/var/www/html/storage/logs:rw" + ]; + ports = [ + "8070:80/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--add-host=host.docker.internal:host-gateway" + "--network-alias=panel" + "--network=pelican" + ]; + }; + systemd.services."podman-pelican_panel" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + }; + after = [ + "podman-network-pelican.service" + "podman-volume-wavelog_pelican-data.service" + "podman-volume-wavelog_pelican-logs.service" + ]; + requires = [ + "podman-network-pelican.service" + "podman-volume-wavelog_pelican-data.service" + "podman-volume-wavelog_pelican-logs.service" + ]; + partOf = [ + "podman-compose-wavelog-root.target" + ]; + wantedBy = [ + "podman-compose-wavelog-root.target" + ]; + }; + virtualisation.oci-containers.containers."pelican_wings" = { + image = "ghcr.io/pelican-dev/wings:latest"; + environment = { + "APP_TIMEZONE" = "Europe/Copenhagen"; + "TZ" = "Europe/Copenhagen"; + "WINGS_GID" = "1000"; + "WINGS_UID" = "1000"; + "WINGS_USERNAME" = "pelican"; + }; + volumes = [ + "/etc/pelican/:/etc/pelican:rw" + "/etc/ssl/certs:/etc/ssl/certs:ro" + "/tmp/pelican/:/tmp/pelican:rw" + "/var/lib/docker/containers/:/var/lib/docker/containers:rw" + "/var/lib/pelican/:/var/lib/pelican:rw" + "/var/log/pelican/:/var/log/pelican:rw" + "/var/run/docker.sock:/var/run/docker.sock:rw" + ]; + ports = [ + "2022:2022/tcp" + "8443:443/tcp" + ]; + cmd = [ "wings" "--ignore-certificate-errors" ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=wings" + "--network=wings1" + ]; + }; + systemd.services."podman-pelican_wings" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + }; + after = [ + "podman-network-wings1.service" + ]; + requires = [ + "podman-network-wings1.service" + ]; + partOf = [ + "podman-compose-wavelog-root.target" + ]; + wantedBy = [ + "podman-compose-wavelog-root.target" + ]; + }; virtualisation.oci-containers.containers."wavelog-db" = { image = "mariadb:11.3"; environment = { @@ -164,8 +247,21 @@ }; # Networks + systemd.services."podman-network-pelican" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f pelican"; + }; + script = '' + podman network inspect pelican || podman network create pelican + ''; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; + }; systemd.services."podman-network-wavelog_default" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -174,13 +270,26 @@ script = '' podman network inspect wavelog_default || podman network create wavelog_default ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; + }; + systemd.services."podman-network-wings1" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f wings1"; + }; + script = '' + podman network inspect wings1 || podman network create wings1 --driver=bridge --opt=com.docker.network.bridge.name=wings1 --subnet=172.92.0.0/16 + ''; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; # Volumes systemd.services."podman-volume-wavelog_partdb_db_f" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -188,11 +297,11 @@ script = '' podman volume inspect wavelog_partdb_db_f || podman volume create wavelog_partdb_db_f ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; systemd.services."podman-volume-wavelog_partdb_media_f" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -200,11 +309,11 @@ script = '' podman volume inspect wavelog_partdb_media_f || podman volume create wavelog_partdb_media_f ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; systemd.services."podman-volume-wavelog_partdb_uploads_f" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -212,11 +321,35 @@ script = '' podman volume inspect wavelog_partdb_uploads_f || podman volume create wavelog_partdb_uploads_f ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; + }; + systemd.services."podman-volume-wavelog_pelican-data" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect wavelog_pelican-data || podman volume create wavelog_pelican-data + ''; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; + }; + systemd.services."podman-volume-wavelog_pelican-logs" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect wavelog_pelican-logs || podman volume create wavelog_pelican-logs + ''; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; systemd.services."podman-volume-wavelog_wavelog-config" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -224,11 +357,11 @@ script = '' podman volume inspect wavelog_wavelog-config || podman volume create wavelog_wavelog-config ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; systemd.services."podman-volume-wavelog_wavelog-dbdata" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -236,11 +369,11 @@ script = '' podman volume inspect wavelog_wavelog-dbdata || podman volume create wavelog_wavelog-dbdata ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; systemd.services."podman-volume-wavelog_wavelog-uploads" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -248,11 +381,11 @@ script = '' podman volume inspect wavelog_wavelog-uploads || podman volume create wavelog_wavelog-uploads ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; systemd.services."podman-volume-wavelog_wavelog-userdata" = { - path = [pkgs.podman]; + path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -260,8 +393,8 @@ script = '' podman volume inspect wavelog_wavelog-userdata || podman volume create wavelog_wavelog-userdata ''; - partOf = ["podman-compose-wavelog-root.target"]; - wantedBy = ["podman-compose-wavelog-root.target"]; + partOf = [ "podman-compose-wavelog-root.target" ]; + wantedBy = [ "podman-compose-wavelog-root.target" ]; }; # Root service @@ -271,6 +404,6 @@ unitConfig = { Description = "Root target generated by compose2nix."; }; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; }; } diff --git a/nix-system-configs/modules/songsheet/wavelog/docker-compose.yml b/nix-system-configs/modules/songsheet/wavelog/docker-compose.yml index 8036f10..fec045a 100644 --- a/nix-system-configs/modules/songsheet/wavelog/docker-compose.yml +++ b/nix-system-configs/modules/songsheet/wavelog/docker-compose.yml @@ -84,6 +84,53 @@ services: - "8086:80" restart: unless-stopped + panel: + image: ghcr.io/pelican-dev/panel:latest + container_name: pelican_panel + stdin_open: true + tty: true + restart: always + networks: + - pelican + ports: + - "8070:80" + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - pelican-data:/pelican-data + - pelican-logs:/var/www/html/storage/logs + environment: + XDG_DATA_HOME: /pelican-data + APP_URL: "https://pelican.prg-radio.org" + ADMIN_EMAIL: "kuutruu@posteo.net" + + wings: + image: ghcr.io/pelican-dev/wings:latest + container_name: pelican_wings + restart: unless-stopped + ports: + - "2022:2022" + - "8443:443" + stdin_open: true + command: ["wings", "--ignore-certificate-errors"] + tty: true + environment: + TZ: Europe/Copenhagen + APP_TIMEZONE: Europe/Copenhagen + WINGS_UID: 1000 + WINGS_GID: 1000 + WINGS_USERNAME: pelican + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "/var/lib/docker/containers/:/var/lib/docker/containers/" + - "/etc/pelican/:/etc/pelican/" + - "/var/lib/pelican/:/var/lib/pelican/" + - "/var/log/pelican/:/var/log/pelican/" + - "/tmp/pelican/:/tmp/pelican/" + - "/etc/ssl/certs:/etc/ssl/certs:ro" + networks: + - wings1 + volumes: wavelog-dbdata: wavelog-uploads: @@ -91,4 +138,19 @@ volumes: wavelog-config: partdb_uploads_f: partdb_media_f: - partdb_db_f: \ No newline at end of file + partdb_db_f: + pelican-data: + pelican-logs: + + +networks: + pelican: + name: pelican + wings1: + name: wings1 + driver: bridge + ipam: + config: + - subnet: 172.92.0.0/16 + driver_opts: + com.docker.network.bridge.name: wings1 \ No newline at end of file