nixos-config/modules/bookstack.nix

{ config, lib, ... }:
let
  cfg = import ./vars.nix;
  db = cfg.bookstack.db;
  dbport = cfg.bookstack.dbport;
  db_host = cfg.podman.hostIP;
  port = cfg.bookstack.port;
  domain = cfg.bookstack.domain;
in
{
  sops.secrets."bookstack/db" = {};

  imports = [
    ./podman-mariadb.nix    # for the database
    ./nginx.nix             # for the webserver
  ];

  services.podman-mariadb."bookstack" = {
    enable = true;
    #image = "docker.io/library/postgres:15-alpine";
    port = (lib.strings.toInt dbport);
    passwordFile = config.sops.secrets."bookstack/db".path;
  };

  virtualisation.oci-containers.containers.bookstack = {
    image = "lscr.io/linuxserver/bookstack:latest";
    environment = {
      TZ = "Europe/Berlin";
      DB_HOST = db_host;
      DB_USER = db;
      DB_PORT = dbport;
      DB_DATABASE = db;
      APP_URL = "https://${domain}";
      MAIL_HOST = cfg.mail.host;
      MAIL_PORT = cfg.mail.port;
      MAIL_FROM = "bookstack@mc-fucker.cool";
      FILE__DB_PASS = config.sops.secrets."bookstack/db".path;
    };
    ports = [
      "${port}:80"
    ];
    extraOptions = cfg.podman.extraOptions;
    volumes = [
      "/run/secrets/bookstack/db:/run/secrets/bookstack/db:ro"
      "/var/lib/bookstack:/config"
    ];
  };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${port}";
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

}
# vim: set et ts=2 sw=2 ai:
init of bookstack 2023-06-30 20:02:20 +02:00			`{ config, lib, ... }:`
			`let`
			`cfg = import ./vars.nix;`
			`db = cfg.bookstack.db;`
			`dbport = cfg.bookstack.dbport;`
			`db_host = cfg.podman.hostIP;`
			`port = cfg.bookstack.port;`
			`domain = cfg.bookstack.domain;`
			`in`
			`{`
			`sops.secrets."bookstack/db" = {};`

			`imports = [`
			`./podman-mariadb.nix # for the database`
			`./nginx.nix # for the webserver`
			`];`

			`services.podman-mariadb."bookstack" = {`
			`enable = true;`
			`#image = "docker.io/library/postgres:15-alpine";`
			`port = (lib.strings.toInt dbport);`
			`passwordFile = config.sops.secrets."bookstack/db".path;`
			`};`

			`virtualisation.oci-containers.containers.bookstack = {`
			`image = "lscr.io/linuxserver/bookstack:latest";`
			`environment = {`
			`TZ = "Europe/Berlin";`
			`DB_HOST = db_host;`
			`DB_USER = db;`
			`DB_PORT = dbport;`
			`DB_DATABASE = db;`
			`APP_URL = "https://${domain}";`
			`MAIL_HOST = cfg.mail.host;`
			`MAIL_PORT = cfg.mail.port;`
			`MAIL_FROM = "bookstack@mc-fucker.cool";`
			`FILE__DB_PASS = config.sops.secrets."bookstack/db".path;`
			`};`
			`ports = [`
			`"${port}:80"`
			`];`
			`extraOptions = cfg.podman.extraOptions;`
			`volumes = [`
			`"/run/secrets/bookstack/db:/run/secrets/bookstack/db:ro"`
			`"/var/lib/bookstack:/config"`
			`];`
			`};`

			`services.nginx.virtualHosts."${domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:${port}";`
			`};`
			`extraConfig = ''`
			`access_log /var/log/nginx/${domain}_access.log;`
			`error_log /var/log/nginx/${domain}_error.log;`
			`'';`
			`};`

			`}`
			`# vim: set et ts=2 sw=2 ai:`