# Auto-generated by compose2nix. { pkgs, lib, config, ... }: { # Runtime virtualisation.podman = { enable = true; autoPrune.enable = true; dockerCompat = true; }; # Enable container name DNS for all Podman networks. networking.firewall.interfaces = let matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; in { "${matchAll}".allowedUDPPorts = [53]; }; virtualisation.oci-containers.backend = "podman"; # Containers virtualisation.oci-containers.containers."partdb" = { image = "jbtronics/part-db1:latest"; environment = { "ALLOW_ATTACHMENT_DOWNLOADS" = "0"; "APP_ENV" = "docker"; "BASE_CURRENCY" = "DKK"; "CHECK_FOR_UPDATES" = "false"; "DB_AUTOMIGRATE" = "true"; "DEFAULT_LANG" = "en"; "DEFAULT_TIMEZONE" = "Europe/Copenhagen"; "INSTANCE_NAME" = "Part-DB"; "TRUSTED_PROXIES" = "10.1.1.250"; "USE_GRAVATAR" = "1"; }; environmentFiles = [ config.sops.secrets."songsheet/database/DATABASE_URL".path ]; volumes = [ "wavelog_partdb_db_f:/var/www/html/var/db:rw" "wavelog_partdb_media_f:/var/www/html/public/media:rw" "wavelog_partdb_uploads_f:/var/www/html/uploads:rw" ]; ports = [ "8087:80/tcp" ]; labels = { "compose2nix.settings.sops.secrets" = "songsheet/database/DATABASE_URL"; }; log-driver = "journald"; extraOptions = [ "--network-alias=partdb" "--network=wavelog_default" ]; }; systemd.services."podman-partdb" = { serviceConfig = { Restart = lib.mkOverride 90 "always"; }; after = [ "podman-network-wavelog_default.service" "podman-volume-wavelog_partdb_db_f.service" "podman-volume-wavelog_partdb_media_f.service" "podman-volume-wavelog_partdb_uploads_f.service" ]; requires = [ "podman-network-wavelog_default.service" "podman-volume-wavelog_partdb_db_f.service" "podman-volume-wavelog_partdb_media_f.service" "podman-volume-wavelog_partdb_uploads_f.service" ]; partOf = [ "podman-compose-wavelog-root.target" ]; wantedBy = [ "podman-compose-wavelog-root.target" ]; }; virtualisation.oci-containers.containers."pelican_panel" = { image = "ghcr.io/pelican-dev/panel:latest"; environment = { "APP_URL" = "https://pelican.prg-radio.org"; "BEHIND_PROXY" = "true"; "LE_EMAIL" = "kuutruu@posteo.net"; "TRUSTED_PROXIES" = "10.1.1.250"; "XDG_DATA_HOME" = "/pelican-data"; }; volumes = [ "/etc/pelican/Caddyfile:/etc/caddy/Caddyfile:ro" "wavelog_pelican-data:/pelican-data:rw" "wavelog_pelican-logs:/var/www/html/storage/logs:rw" ]; ports = [ "8070:8080/tcp" ]; log-driver = "journald"; extraOptions = [ "--add-host=host.docker.internal:host-gateway" "--network-alias=panel" "--network=pelican" ]; }; systemd.services."podman-pelican_panel" = { serviceConfig = { Restart = lib.mkOverride 90 "always"; }; after = [ "podman-network-pelican.service" "podman-volume-wavelog_pelican-data.service" "podman-volume-wavelog_pelican-logs.service" ]; requires = [ "podman-network-pelican.service" "podman-volume-wavelog_pelican-data.service" "podman-volume-wavelog_pelican-logs.service" ]; partOf = [ "podman-compose-wavelog-root.target" ]; wantedBy = [ "podman-compose-wavelog-root.target" ]; }; virtualisation.oci-containers.containers."pelican_wings" = { image = "ghcr.io/pelican-dev/wings:latest"; environment = { "APP_TIMEZONE" = "Europe/Copenhagen"; "BEHIND_PROXY" = "true"; "TZ" = "Europe/Copenhagen"; "WINGS_GID" = "1000"; "WINGS_UID" = "1000"; "WINGS_USERNAME" = "pelican"; }; volumes = [ "/etc/pelican/:/etc/pelican:rw" "/etc/ssl/certs:/etc/ssl/certs:ro" "/run/podman/podman.sock:/var/run/docker.sock:rw" "/tmp/pelican/:/tmp/pelican:rw" "/var/lib/containers/storage/overlay-containers/:/var/lib/docker/containers:rw" "/var/lib/pelican/:/var/lib/pelican:rw" "/var/log/pelican/:/var/log/pelican:rw" ]; ports = [ "8443:8443/tcp" "2022:2022/tcp" ]; cmd = ["wings" "--ignore-certificate-errors"]; log-driver = "journald"; extraOptions = [ "--network-alias=wings" "--network=wings1" ]; }; systemd.services."podman-pelican_wings" = { serviceConfig = { Restart = lib.mkOverride 90 "always"; }; after = [ "podman-network-wings1.service" ]; requires = [ "podman-network-wings1.service" ]; partOf = [ "podman-compose-wavelog-root.target" ]; wantedBy = [ "podman-compose-wavelog-root.target" ]; }; virtualisation.oci-containers.containers."wavelog-db" = { image = "mariadb:11.3"; environment = { "MARIADB_DATABASE" = "wavelog"; "MARIADB_PASSWORD" = "THIS_IS_NOT_IN_USE_yes"; "MARIADB_RANDOM_ROOT_PASSWORD" = "yes"; "MARIADB_USER" = "wavelog"; }; volumes = [ "wavelog_wavelog-dbdata:/var/lib/mysql:rw" ]; log-driver = "journald"; extraOptions = [ "--network-alias=wavelog-db" "--network=wavelog_default" ]; }; systemd.services."podman-wavelog-db" = { serviceConfig = { Restart = lib.mkOverride 90 "always"; }; after = [ "podman-network-wavelog_default.service" "podman-volume-wavelog_wavelog-dbdata.service" ]; requires = [ "podman-network-wavelog_default.service" "podman-volume-wavelog_wavelog-dbdata.service" ]; partOf = [ "podman-compose-wavelog-root.target" ]; wantedBy = [ "podman-compose-wavelog-root.target" ]; }; virtualisation.oci-containers.containers."wavelog-main" = { image = "ghcr.io/wavelog/wavelog:latest"; environment = { "CI_ENV" = "docker"; }; volumes = [ "wavelog_wavelog-config:/var/www/html/application/config/docker:rw" "wavelog_wavelog-uploads:/var/www/html/uploads:rw" "wavelog_wavelog-userdata:/var/www/html/userdata:rw" ]; ports = [ "8086:80/tcp" ]; dependsOn = [ "wavelog-db" ]; log-driver = "journald"; extraOptions = [ "--network-alias=wavelog-main" "--network=wavelog_default" ]; }; systemd.services."podman-wavelog-main" = { serviceConfig = { Restart = lib.mkOverride 90 "always"; }; after = [ "podman-network-wavelog_default.service" "podman-volume-wavelog_wavelog-config.service" "podman-volume-wavelog_wavelog-uploads.service" "podman-volume-wavelog_wavelog-userdata.service" ]; requires = [ "podman-network-wavelog_default.service" "podman-volume-wavelog_wavelog-config.service" "podman-volume-wavelog_wavelog-uploads.service" "podman-volume-wavelog_wavelog-userdata.service" ]; partOf = [ "podman-compose-wavelog-root.target" ]; wantedBy = [ "podman-compose-wavelog-root.target" ]; }; # Networks systemd.services."podman-network-pelican" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStop = "podman network rm -f pelican"; }; script = '' podman network inspect pelican || podman network create pelican ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-network-wavelog_default" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStop = "podman network rm -f wavelog_default"; }; script = '' podman network inspect wavelog_default || podman network create wavelog_default ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-network-wings1" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStop = "podman network rm -f wings1"; }; script = '' podman network inspect wings1 || podman network create wings1 --driver=bridge --opt=com.docker.network.bridge.name=wings1 --subnet=172.92.0.0/16 ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; # Volumes systemd.services."podman-volume-wavelog_partdb_db_f" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_partdb_db_f || podman volume create wavelog_partdb_db_f ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_partdb_media_f" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_partdb_media_f || podman volume create wavelog_partdb_media_f ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_partdb_uploads_f" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_partdb_uploads_f || podman volume create wavelog_partdb_uploads_f ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_pelican-data" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_pelican-data || podman volume create wavelog_pelican-data ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_pelican-logs" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_pelican-logs || podman volume create wavelog_pelican-logs ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_wavelog-config" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_wavelog-config || podman volume create wavelog_wavelog-config ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_wavelog-dbdata" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_wavelog-dbdata || podman volume create wavelog_wavelog-dbdata ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_wavelog-uploads" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_wavelog-uploads || podman volume create wavelog_wavelog-uploads ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; systemd.services."podman-volume-wavelog_wavelog-userdata" = { path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' podman volume inspect wavelog_wavelog-userdata || podman volume create wavelog_wavelog-userdata ''; partOf = ["podman-compose-wavelog-root.target"]; wantedBy = ["podman-compose-wavelog-root.target"]; }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. systemd.targets."podman-compose-wavelog-root" = { unitConfig = { Description = "Root target generated by compose2nix."; }; wantedBy = ["multi-user.target"]; }; }