added template for podman with postgresql

2024-03-28 17:20:47 +01:00 · 2024-03-28 17:20:47 +01:00 · bf60b7d466
commit bf60b7d466
parent 97a21cee55
1 changed files with 56 additions and 0 deletions
--- a/templates/podman_with_psql.nix
+++ b/templates/podman_with_psql.nix
@ -0,0 +1,56 @@
+{ config, lib, ... }:
+let
+  cfg = import ./vars.nix;
+  name = "XXX";
+  dbport = cfg.XXX.dbport;
+  db_host = cfg.podman.hostIP;
+  port = cfg.XXX.port;
+  domain = cfg.XXX.domain;
+in
+{
+  imports = [
+    #./podman.nix
+    ./podman-postgresql.nix # for the database
+    ./nginx.nix             # for the webserver
+  ];
+
+  sops.secrets."${name}/db" = {};
+  sops.secrets."${name}/env" = {};
+
+  services.podman-postgresql."${name}" = {
+    enable = true;
+    image = "docker.io/library/postgres:16-alpine";
+    port = (lib.strings.toInt dbport);
+    passwordFile = config.sops.secrets."${name}/db".path;
+  };
+
+  virtualisation.oci-containers.containers.XXX = {
+    image = "XXX";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    environmentFiles = [ config.sops.secrets."${name}/env".path ];
+    ports = [
+      "${port}:80"
+    ];
+    volumes = [
+      "/var/lib/XXX:/data"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${port}";
+      proxyWebsockets = true;
+    };
+    extraConfig = ''
+      access_log  /var/log/nginx/${domain}_access.log;
+      error_log   /var/log/nginx/${domain}_error.log;
+    '';
+  };
+
+}
+# vim: set et ts=2 sw=2 ai: