nix-deploy/config/hosts/grondahl/services/containers.nix

{ config, pkgs, ... }:

{
	config.virtualisation.oci-containers = {
		backend = "podman";
		containers = {
			#mobilizon = {
			#	image = "framasoft/mobilizon";
		#		ports = [ "127.0.0.1:4000:4000" ];
		#		volumes = [
		#			"/var/lib/mobilizon/uploads:/var/lib/mobilizon/uploads"
		#			"/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"
		#		];
		#		environmentFiles = [ config.secrets.files.mobilizon_env.file ];
		#	};
			authentik-server = {
				image = "ghcr.io/goauthentik/server:stable";
				ports = [
					"127.0.0.1:9000:9000"
					"127.0.0.1:9443:9443"
				];
				volumes = [
					"/var/lib/authentik/media:/media"
					"/var/lib/authentik/templates:/templates"
					"/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"
					"/run/redis/redis.sock:/run/redis/redis.sock"
				];
				environmentFiles = [ config.secrets.files.authentik_env.file ];
				cmd = ["server"];
			};
			authentik-worker = {
				image = "ghcr.io/goauthentik/server:stable";
				volumes = [
					"/var/lib/authentik/backups:/backups"
					"/var/lib/authentik/media:/media"
					"/var/lib/authentik/certs:/certs"
					"/var/lib/authentik/templates:/templates"
				];
				environmentFiles = [ config.secrets.files.authentik_env.file ];
				cmd = ["worker"];
			};
		};
	};

	config.systemd.services.create-authentik-pod = with config.virtualisation.oci-containers; {
		serviceConfig.Type = "oneshot";
		wantedBy = [ "podman-authentik-server.service" "podman-authentik-worker.service" ];
		script = ''
			${pkgs.podman}/bin/podman pod exists authentik || \
				${pkgs.podman}/bin/podman pod create -n authentik -p '127.0.0.1:9000:9000' -p '127.0.0.1:9443:9443'
		'';
	};
}
Restructure DB config, add ssh keys 2022-02-14 12:29:36 +01:00			`{ config, pkgs, ... }:`

			`{`
			`config.virtualisation.oci-containers = {`
			`backend = "podman";`
			`containers = {`
			`#mobilizon = {`
			`# image = "framasoft/mobilizon";`
			`# ports = [ "127.0.0.1:4000:4000" ];`
			`# volumes = [`
			`# "/var/lib/mobilizon/uploads:/var/lib/mobilizon/uploads"`
			`# "/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"`
			`# ];`
			`# environmentFiles = [ config.secrets.files.mobilizon_env.file ];`
			`# };`
			`authentik-server = {`
			`image = "ghcr.io/goauthentik/server:stable";`
			`ports = [`
			`"127.0.0.1:9000:9000"`
			`"127.0.0.1:9443:9443"`
			`];`
			`volumes = [`
			`"/var/lib/authentik/media:/media"`
			`"/var/lib/authentik/templates:/templates"`
			`"/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"`
			`"/run/redis/redis.sock:/run/redis/redis.sock"`
			`];`
			`environmentFiles = [ config.secrets.files.authentik_env.file ];`
			`cmd = ["server"];`
			`};`
			`authentik-worker = {`
			`image = "ghcr.io/goauthentik/server:stable";`
			`volumes = [`
			`"/var/lib/authentik/backups:/backups"`
			`"/var/lib/authentik/media:/media"`
			`"/var/lib/authentik/certs:/certs"`
			`"/var/lib/authentik/templates:/templates"`
			`];`
			`environmentFiles = [ config.secrets.files.authentik_env.file ];`
			`cmd = ["worker"];`
			`};`
			`};`
			`};`

			`config.systemd.services.create-authentik-pod = with config.virtualisation.oci-containers; {`
			`serviceConfig.Type = "oneshot";`
			`wantedBy = [ "podman-authentik-server.service" "podman-authentik-worker.service" ];`
			`script = ''`
			`${pkgs.podman}/bin/podman pod exists authentik \|\| \`
			`${pkgs.podman}/bin/podman pod create -n authentik -p '127.0.0.1:9000:9000' -p '127.0.0.1:9443:9443'`
			`'';`
			`};`
			`}`