diff --git a/modules/bookstack.nix b/modules/bookstack.nix new file mode 100644 index 0000000..b44f11b --- /dev/null +++ b/modules/bookstack.nix @@ -0,0 +1,62 @@ +{ config, lib, ... }: +let + cfg = import ./vars.nix; + db = cfg.bookstack.db; + dbport = cfg.bookstack.dbport; + db_host = cfg.podman.hostIP; + port = cfg.bookstack.port; + domain = cfg.bookstack.domain; +in +{ + sops.secrets."bookstack/db" = {}; + + imports = [ + ./podman-mariadb.nix # for the database + ./nginx.nix # for the webserver + ]; + + services.podman-mariadb."bookstack" = { + enable = true; + #image = "docker.io/library/postgres:15-alpine"; + port = (lib.strings.toInt dbport); + passwordFile = config.sops.secrets."bookstack/db".path; + }; + + virtualisation.oci-containers.containers.bookstack = { + image = "lscr.io/linuxserver/bookstack:latest"; + environment = { + TZ = "Europe/Berlin"; + DB_HOST = db_host; + DB_USER = db; + DB_PORT = dbport; + DB_DATABASE = db; + APP_URL = "https://${domain}"; + MAIL_HOST = cfg.mail.host; + MAIL_PORT = cfg.mail.port; + MAIL_FROM = "bookstack@mc-fucker.cool"; + FILE__DB_PASS = config.sops.secrets."bookstack/db".path; + }; + ports = [ + "${port}:80" + ]; + extraOptions = cfg.podman.extraOptions; + volumes = [ + "/run/secrets/bookstack/db:/run/secrets/bookstack/db:ro" + "/var/lib/bookstack:/config" + ]; + }; + + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${port}"; + }; + extraConfig = '' + access_log /var/log/nginx/${domain}_access.log; + error_log /var/log/nginx/${domain}_error.log; + ''; + }; + +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/vars.nix b/modules/vars.nix index 5a4e4dc..7b1f298 100644 --- a/modules/vars.nix +++ b/modules/vars.nix @@ -27,7 +27,7 @@ bookstack = { db = "bookstack"; - db_host = "100.64.0.13"; + dbport = "33060"; domain = "docs.mc-fucker.cool"; port = "8086"; };