Fix the Part-DB pathing issues.

nix-system-configs/modules/secrets-config/sops-nix.nix

@@ -26,5 +26,5 @@
   # This will generate a new key if the key specified above does not exist
   sops.age.generateKey = true;
   # Use the flat key name with quotes
-  sops.secrets."songsheet/database" = {};
+  sops.secrets."songsheet/database/DATABASE_URL" = {};
 }

nix-system-configs/modules/songsheet/wavelog/docker-compose.nix

@@ -1,10 +1,8 @@
 # Auto-generated by compose2nix.
+
+{ pkgs, lib, config, ... }:
+
 {
-  pkgs,
-  lib,
-  config,
-  ...
-}: {
   # Runtime
   virtualisation.podman = {
     enable = true;
@@ -14,12 +12,9 @@
 
   # Enable container name DNS for all Podman networks.
   networking.firewall.interfaces = let
-    matchAll =
+    matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
-      if !config.networking.nftables.enable
-      then "podman+"
-      else "podman*";
   in {
-    "${matchAll}".allowedUDPPorts = [53];
+    "${matchAll}".allowedUDPPorts = [ 53 ];
   };
 
   virtualisation.oci-containers.backend = "podman";
@@ -30,18 +25,15 @@
     environment = {
       "ALLOW_ATTACHMENT_DOWNLOADS" = "0";
       "APP_ENV" = "docker";
-      "BASE_CURRENCY" = "EUR";
+      "BASE_CURRENCY" = "DKK";
-      "DATABASE_URL" = "postgresql://:@:/?charset=utf8";
       "DEFAULT_LANG" = "en";
-      "DEFAULT_TIMEZONE" = "Europe/Berlin";
+      "DEFAULT_TIMEZONE" = "Europe/Copenhagen";
       "INSTANCE_NAME" = "Part-DB";
-      "POSTGRES_DB" = "part_db_database";
+      "TRUSTED_PROXIES" = "10.1.1.250";
-      "POSTGRES_HOST" = "10.1.1.251";
+      "USE_GRAVATAR" = "1";
-      "POSTGRES_PORT" = "5432";
-      "USE_GRAVATAR" = "0";
     };
     environmentFiles = [
-      config.sops.secrets."songsheet/database".path
+      config.sops.secrets."songsheet/database/DATABASE_URL".path
     ];
     volumes = [
       "nix-system-configs/modules/songsheet/wavelog/db:/var/www/html/var/db:rw"
@@ -52,7 +44,7 @@
       "8087:80/tcp"
     ];
     labels = {
-      "compose2nix.settings.sops.secrets" = "songsheet/database";
+      "compose2nix.settings.sops.secrets" = "songsheet/database/DATABASE_URL";
     };
     log-driver = "journald";
     extraOptions = [
@@ -161,7 +153,7 @@
 
   # Networks
   systemd.services."podman-network-wavelog_default" = {
-    path = [pkgs.podman];
+    path = [ pkgs.podman ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
@@ -170,13 +162,13 @@
     script = ''
       podman network inspect wavelog_default || podman network create wavelog_default
     '';
-    partOf = ["podman-compose-wavelog-root.target"];
+    partOf = [ "podman-compose-wavelog-root.target" ];
-    wantedBy = ["podman-compose-wavelog-root.target"];
+    wantedBy = [ "podman-compose-wavelog-root.target" ];
   };
 
   # Volumes
   systemd.services."podman-volume-wavelog_wavelog-config" = {
-    path = [pkgs.podman];
+    path = [ pkgs.podman ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
@@ -184,11 +176,11 @@
     script = ''
       podman volume inspect wavelog_wavelog-config || podman volume create wavelog_wavelog-config
     '';
-    partOf = ["podman-compose-wavelog-root.target"];
+    partOf = [ "podman-compose-wavelog-root.target" ];
-    wantedBy = ["podman-compose-wavelog-root.target"];
+    wantedBy = [ "podman-compose-wavelog-root.target" ];
   };
   systemd.services."podman-volume-wavelog_wavelog-dbdata" = {
-    path = [pkgs.podman];
+    path = [ pkgs.podman ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
@@ -196,11 +188,11 @@
     script = ''
       podman volume inspect wavelog_wavelog-dbdata || podman volume create wavelog_wavelog-dbdata
     '';
-    partOf = ["podman-compose-wavelog-root.target"];
+    partOf = [ "podman-compose-wavelog-root.target" ];
-    wantedBy = ["podman-compose-wavelog-root.target"];
+    wantedBy = [ "podman-compose-wavelog-root.target" ];
   };
   systemd.services."podman-volume-wavelog_wavelog-uploads" = {
-    path = [pkgs.podman];
+    path = [ pkgs.podman ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
@@ -208,11 +200,11 @@
     script = ''
       podman volume inspect wavelog_wavelog-uploads || podman volume create wavelog_wavelog-uploads
     '';
-    partOf = ["podman-compose-wavelog-root.target"];
+    partOf = [ "podman-compose-wavelog-root.target" ];
-    wantedBy = ["podman-compose-wavelog-root.target"];
+    wantedBy = [ "podman-compose-wavelog-root.target" ];
   };
   systemd.services."podman-volume-wavelog_wavelog-userdata" = {
-    path = [pkgs.podman];
+    path = [ pkgs.podman ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
@@ -220,8 +212,8 @@
     script = ''
       podman volume inspect wavelog_wavelog-userdata || podman volume create wavelog_wavelog-userdata
     '';
-    partOf = ["podman-compose-wavelog-root.target"];
+    partOf = [ "podman-compose-wavelog-root.target" ];
-    wantedBy = ["podman-compose-wavelog-root.target"];
+    wantedBy = [ "podman-compose-wavelog-root.target" ];
   };
 
   # Root service
@@ -231,6 +223,6 @@
     unitConfig = {
       Description = "Root target generated by compose2nix.";
     };
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
   };
 }

nix-system-configs/modules/songsheet/wavelog/docker-compose.yml

@@ -11,14 +11,9 @@ services:
       - ./db:/var/www/html/var/db
     restart: unless-stopped
     labels:
-      - "compose2nix.settings.sops.secrets=songsheet/database"
+      - "compose2nix.settings.sops.secrets=songsheet/database/DATABASE_URL"
     image: jbtronics/part-db1:latest
     environment:
-      # Put SQLite database in our mapped folder. You can configure some other kind of database here too.
-      - POSTGRES_HOST=10.1.1.251
-      - POSTGRES_PORT=5432
-      - POSTGRES_DB=part_db_database
-      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?charset=utf8
       # In docker env logs will be redirected to stderr
       - APP_ENV=docker
 
@@ -37,9 +32,9 @@ services:
       # The language to use serverwide as default (en, de, ru, etc.)
       - DEFAULT_LANG=en
       # The default timezone to use serverwide (e.g. Europe/Berlin)
-      - DEFAULT_TIMEZONE=Europe/Berlin
+      - DEFAULT_TIMEZONE=Europe/Copenhagen
       # The currency that is used inside the DB (and is assumed when no currency is set). This can not be changed later, so be sure to set it the currency used in your country
-      - BASE_CURRENCY=EUR
+      - BASE_CURRENCY=DKK
       # The name of this installation. This will be shown as title in the browser and in the header of the website
       - INSTANCE_NAME=Part-DB
 
@@ -47,7 +42,7 @@ services:
       # This could be a potential security issue, as the user can retrieve any file the server has access to (via internet)
       - ALLOW_ATTACHMENT_DOWNLOADS=0
       # Use gravatars for user avatars, when user has no own avatar defined
-      - USE_GRAVATAR=0
+      - USE_GRAVATAR=1
 
       # Override value if you want to show a given text on homepage.
       # When this is empty the content of config/banner.md is used as banner
@@ -55,6 +50,7 @@ services:
 
       # If you use a reverse proxy in front of Part-DB, you must configure the trusted proxies IP addresses here (see reverse proxy documentation for more information):
       # - TRUSTED_PROXIES=127.0.0.0/8,::1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+      - TRUSTED_PROXIES=10.1.1.250
 
       # If you need to install additional composer packages (e.g., for specific mailer transports), you can specify them here:
       # The packages will be installed automatically when the container starts

nix-system-configs/secrets/songsheet/secrets.yaml

@@ -1,5 +1,6 @@
 songsheet:
-    database: ENC[AES256_GCM,data:ftGaGQIoauJ9FPvGwK9Els4Je6rhZxgRPdaH4mx5r6a4KInE9N/3r6JB3AzPzixfG1ODm9qjUy9vTzs8Wr+fITfGlwFN0qI5NQZNQjoJ4vhNwEZiuL/d62fMC2Vc7uBt,iv:R06wyMDQF26yWIyMXQpzcHwhTmMJokeRJa2Hk2ZPRF8=,tag:6DWPfmxo1vVO8JL0LdCmxQ==,type:str]
+    database:
+        DATABASE_URL: ENC[AES256_GCM,data:eKJ1u+2n59lpvue1Orysn9QEvfICSLncR1txXW3Smp9LhrADMOaEROCP/Cd+qH2p3635XSFhoPpN7E2L6l5GZSk1eNyPYdi41zycJUBzvy5rVMnBjYoBd8e+QFxrgDjZ2U7NunCwejqm5i0/5AwQ/0joJsGVwUiNcoYO,iv:ch4BF6C0qYvkCruysqBTwjZ+9mVx2AORJ2TzGM4BTqw=,tag:HqEmcIEq/Q60CSlwef6vLA==,type:str]
 sops:
     age:
         - recipient: age1746rvsvsc3snxfl7cndm222wd5kck4aqj3x7nednlegq0gdjhfcqx0qv7m
@@ -20,7 +21,7 @@ sops:
             V1F4TVEwaGgvUHcySnVQcXBHNzFuTU0KVNh7si39NVWZH9O52L9+gh1evvjotqK9
             Zjmb97QR1C2LzEqOrfPuj6Lr86SS4RYSzSq2Oknn9o9SIs/5thR0YQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-07T17:20:38Z"
+    lastmodified: "2026-02-07T17:44:51Z"
-    mac: ENC[AES256_GCM,data:kJjVQTEdmciQ+bmVK9D3gkPHIIHx7BdnlS/UYHu51UmgRJnWd/Zlf/Az9QV9SX4jBNa6dKsyb1mLjNAhmV0AmAtEKjhr13UsrUq+9spZSGFV9t8+eD/SOE9/zUrQbfu8ynOIGVm42+eBri8acS3KVmJkmfLkEctGKaPVq0wp1wA=,iv:wQE/EMTJgIiy0/TNaU2xEwbCwE2I98H0LgXK7DBYt3I=,tag:RAT2TeWg/U6FEW7cX8EWNQ==,type:str]
+    mac: ENC[AES256_GCM,data:lCQNNBpkCkzdTX+08eY4sMNFQbXSiNvBqBPro2U+OSaPvxjJRlG79K++mAnkCtFiIElSTACxOe8dTRz9frckVJQc5fL3o4PlDjeX3mzHj8V2F4DwEnQtJleLe63smtMb9ZJD3I0ivlfdcqV6GAIBtg65lQIEjgZ8tLvHSrsSpzs=,iv:PntgUV77KXsc6RLyLUBG0761GSQd/NjMA8XLyx4OBow=,tag:mI3B4aIsSTOQCOgKC6GCCg==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0