defiant: Add koillection

2025-10-06 04:53:57 +02:00 · 2024-12-01 11:21:55 +01:00
parent 8b6089f014
commit b4b74227c3
4 changed files with 72 additions and 3 deletions
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -23,6 +23,7 @@
      ./services/hedgedoc.nix
      ./services/home-assistant.nix
      ./services/keycloak.nix
+      ./services/koillection.nix
      ./services/matrix
      ./services/microbin.nix
      # ./services/minecraft.nix
--- a/hosts/defiant/services/koillection.nix
+++ b/hosts/defiant/services/koillection.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+let
+  domain = "koillection.home.feal.no";
+  port = 5023;
+in {
+  virtualisation.oci-containers.containers = {
+    koillection = {
+      image = "koillection/koillection";
+
+      ports = [
+        "127.0.1.2:${toString port}:80"
+      ];
+
+      environment = {
+        APP_DEBUG = "0";
+        APP_ENV = "prod";
+        HTTPS_ENABLED = "0";
+        UPLOAD_MAX_FILESIZE = "512M";
+        PHP_MEMORY_LIMIT = "512M";
+        PHP_TZ = "Europe/Oslo";
+
+        CORS_ALLOW_ORIGIN = "https?://(localhost|koillection\\.home\\.feal\\.no)(:[0-9]+)?$";
+        JWT_SECRET_KEY = "%kernel.project_dir%/config/jwt/private.pem";
+        JWT_PUBLIC_KEY = "%kernel.project_dir%/config/jwt/public.pem";
+
+        DB_DRIVER = "pdo_pgsql";
+        DB_NAME = "koillection";
+        DB_HOST = "host.docker.internal";
+        DB_USER = "koillection";
+        # DB_PASSWORD = "koillection"; # Set in sops envfile
+        DB_PORT = "5432";
+        DB_VERSION = "16";
+      };
+
+      environmentFiles = [
+        config.sops.secrets."koillection/envfile".path
+      ];
+
+      extraOptions = [
+        "--add-host=host.docker.internal:host-gateway"
+      ];
+    };
+  };
+
+  sops.secrets."koillection/envfile" = { };
+
+  services.postgresql = {
+    ensureDatabases = [ "koillection" ];
+    ensureUsers = [ {
+      name = "koillection";
+      ensureDBOwnership = true;
+    } ];
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    locations."/".proxyPass = "http://127.0.1.2:${toString port}";
+  };
+}
+
--- a/hosts/defiant/services/postgresql.nix
+++ b/hosts/defiant/services/postgresql.nix
@@ -2,7 +2,11 @@
 {
  services.postgresql = {
    enable = true;
-    enableTCPIP = false;
+    enableTCPIP = true;
+
+    authentication = ''
+      host all all 172.16.0.0/12 md5
+    '';
  };

  services.postgresqlBackup = {
@@ -14,5 +18,8 @@
    databases = [ ];
  };

+  # Docker containers on this host can reach postgres
+  networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
+
  environment.systemPackages = [ config.services.postgresql.package ];
 }