From 4bca4c3660c27ae23e08b788bbaefed3d0864854 Mon Sep 17 00:00:00 2001 From: death916 Date: Thu, 2 Apr 2026 05:14:03 -0700 Subject: [PATCH] rm nix docker pie --- .../docker/piefed/piefed-docker.nix | 204 ------------------ .../containers/piefed/piefed-containers.nix | 93 -------- nixos/orac.nix | 1 - 3 files changed, 298 deletions(-) delete mode 100644 modules/containers/docker/piefed/piefed-docker.nix delete mode 100644 modules/containers/piefed/piefed-containers.nix diff --git a/modules/containers/docker/piefed/piefed-docker.nix b/modules/containers/docker/piefed/piefed-docker.nix deleted file mode 100644 index 740bcf1..0000000 --- a/modules/containers/docker/piefed/piefed-docker.nix +++ /dev/null @@ -1,204 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -let - piefedAppSrc = pkgs.fetchFromGitea { - domain = "codeberg.org"; - owner = "rimu"; - repo = "pyfedi"; - rev = "v1.5.x"; # Replace with target release branch (e.g., v1.5.x or main) - hash = lib.fakeHash; - }; - - pythonEnv = pkgs.python3.withPackages ( - ps: with ps; [ - flask - gunicorn - celery - psycopg2 - redis - requests - python-dotenv - authlib - beautifulsoup4 - pillow - flask-migrate - flask-sqlalchemy - ] - ); - - piefedImage = pkgs.dockerTools.buildLayeredImage { - name = "piefed"; - tag = "nix-latest"; - contents = [ - pythonEnv - pkgs.bash - pkgs.coreutils - pkgs.findutils - pkgs.curl - ]; - - extraCommands = '' - mkdir -p app - cp -r ${piefedAppSrc}/* app/ - chmod -R +w app/ # Ensure app directory is writable for setup scripts - ''; - - config = { - Cmd = [ - "${pythonEnv}/bin/gunicorn" - "-w" - "4" - "-b" - "0.0.0.0:5000" - "pyfedi:app" - ]; - WorkingDir = "/app"; - Env = [ - "FLASK_APP=pyfedi.py" - "PYTHONUNBUFFERED=1" - ]; - }; - }; - -in -{ - virtualisation.oci-containers.backend = "docker"; - - systemd.tmpfiles.rules = [ - "d /var/lib/piefed 0755 root root -" - "d /var/lib/piefed/pgdata 0700 root root -" - "d /var/lib/piefed/redis 0700 root root -" - "d /var/lib/piefed/media 0755 root root -" - "d /var/lib/piefed/logs 0755 root root -" - "d /var/lib/piefed/tmp 0755 root root -" - ]; - - systemd.services.docker-network-piefed = { - description = "Create Docker Network for PieFed"; - after = [ - "network.target" - "docker.service" - ]; - requires = [ "docker.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Type = "oneshot"; - script = '' - ${pkgs.docker}/bin/docker network inspect piefed-net >/dev/null 2>&1 || \ - ${pkgs.docker}/bin/docker network create piefed-net - ''; - }; - - virtualisation.oci-containers.containers = { - - piefed-db = { - image = "postgres:15-alpine"; - environmentFiles = [ "/var/lib/piefed/.env.docker" ]; # SECRETS LOADED HERE - volumes = [ "/var/lib/piefed/pgdata:/var/lib/postgresql/data" ]; - extraOptions = [ "--network=piefed-net" ]; - }; - - piefed-redis = { - image = "redis:7-alpine"; - volumes = [ "/var/lib/piefed/redis:/data" ]; - extraOptions = [ "--network=piefed-net" ]; - }; - - piefed-web = { - image = "piefed:nix-latest"; - imageFile = piefedImage; # Nix auto-loads the tarball into Docker! - ports = [ "8030:5000" ]; - environmentFiles = [ "/var/lib/piefed/.env.docker" ]; # SECRETS LOADED HERE - volumes = [ - "/var/lib/piefed/media:/app/media" - "/var/lib/piefed/logs:/app/logs" - "/var/lib/piefed/tmp:/app/tmp" - ]; - dependsOn = [ - "piefed-db" - "piefed-redis" - ]; - extraOptions = [ "--network=piefed-net" ]; - }; - - piefed-worker = { - image = "piefed:nix-latest"; - cmd = [ - "${pythonEnv}/bin/celery" - "-A" - "pyfedi.celery" - "worker" - "-l" - "info" - ]; - environmentFiles = [ "/var/lib/piefed/.env.docker" ]; - volumes = [ - "/var/lib/piefed/media:/app/media" - "/var/lib/piefed/logs:/app/logs" - "/var/lib/piefed/tmp:/app/tmp" - ]; - dependsOn = [ - "piefed-db" - "piefed-redis" - ]; - extraOptions = [ "--network=piefed-net" ]; - }; - }; - - systemd.services."docker-piefed-db".requires = [ "docker-network-piefed.service" ]; - systemd.services."docker-piefed-redis".requires = [ "docker-network-piefed.service" ]; - systemd.services."docker-piefed-web".requires = [ "docker-network-piefed.service" ]; - systemd.services."docker-piefed-worker".requires = [ "docker-network-piefed.service" ]; - - systemd.services.piefed-daily = { - script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./daily.sh'"; - serviceConfig.Type = "oneshot"; - }; - systemd.timers.piefed-daily = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*-*-* 02:05:00"; - Persistent = true; - }; - }; - - systemd.services.piefed-orphan-files = { - script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./remove_orphan_files.sh'"; - serviceConfig.Type = "oneshot"; - }; - systemd.timers.piefed-orphan-files = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "Mon *-*-* 04:05:00"; - Persistent = true; - }; - }; - - systemd.services.piefed-email-notifs = { - script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./email_notifs.sh'"; - serviceConfig.Type = "oneshot"; - }; - systemd.timers.piefed-email-notifs = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*-*-* 00/6:01:00"; - Persistent = true; - }; - }; - - systemd.services.piefed-send-queue = { - script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./send_queue.sh'"; - serviceConfig.Type = "oneshot"; - }; - systemd.timers.piefed-send-queue = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*:0/5"; - Persistent = true; - }; - }; -} diff --git a/modules/containers/piefed/piefed-containers.nix b/modules/containers/piefed/piefed-containers.nix deleted file mode 100644 index 631eca7..0000000 --- a/modules/containers/piefed/piefed-containers.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - localDir = "/var/lib/piefed"; - mediaDir = "/mnt/myjfs/piefed/media"; -in -{ - systemd.tmpfiles.rules = [ - "d ${localDir} 0755 root root -" - "d ${localDir}/db 0700 1000 1000 -" - "d ${localDir}/redis 0700 999 999 -" - "d ${localDir}/logs 0755 1000 1000 -" - "d ${localDir}/tmp 0755 1000 1000 -" - "d ${mediaDir} 0755 1000 1000 -" - ]; - - virtualisation.oci-containers = { - backend = "docker"; - containers = { - piefed-db = { - image = "postgres:17"; - volumes = [ "${localDir}/db:/var/lib/postgresql/data" ]; - environmentFiles = [ "${localDir}/.env.docker" ]; - cmd = [ - "postgres" - "-c" "shared_buffers=1GB" - "-c" "effective_cache_size=2GB" - "-c" "work_mem=32MB" - "-c" "maintenance_work_mem=256MB" - "-c" "checkpoint_completion_target=0.9" - "-c" "wal_buffers=16MB" - "-c" "max_wal_size=3GB" - "-c" "min_wal_size=1GB" - "-c" "random_page_cost=1.1" - "-c" "effective_io_concurrency=200" - "-c" "max_connections=150" - "-c" "jit=off" - ]; - extraOptions = [ "--shm-size=2gb" "--user=1000:1000" "--network=piefed_net" ]; - }; - - piefed-redis = { - image = "redis:6.2"; - volumes = [ "${localDir}/redis:/data" ]; - environmentFiles = [ "${localDir}/.env.docker" ]; - extraOptions = [ "--network=piefed_net" ]; - }; - - piefed-web = { - image = "elestio/piefed:latest"; - dependsOn = [ "piefed-db" "piefed-redis" ]; - environmentFiles = [ "${localDir}/.env.docker" ]; - volumes = [ - "${mediaDir}:/app/app/static/media" - "${localDir}/logs:/app/logs" - "${localDir}/tmp:/app/app/static/tmp" - ]; - ports = [ "8030:5000" ]; - extraOptions = [ "--network=piefed_net" "--platform=linux/arm64" ]; - }; - - piefed-celery = { - image = "elestio/piefed:latest"; - dependsOn = [ "piefed-db" "piefed-redis" ]; - environmentFiles = [ "${localDir}/.env.docker" ]; - entrypoint = "./entrypoint_celery.sh"; - volumes = [ - "${mediaDir}:/app/app/static/media" - "${localDir}/logs:/app/logs" - "${localDir}/tmp:/app/app/static/tmp" - ]; - extraOptions = [ "--network=piefed_net" "--platform=linux/arm64" ]; - }; - - piefed-notifs = { - image = "elestio/piefed:latest"; - dependsOn = [ "piefed-redis" ]; - environmentFiles = [ "${localDir}/.env.docker" ]; - entrypoint = "./entrypoint_async.sh"; - ports = [ "8040:8000" ]; - extraOptions = [ "--network=piefed_net" "--platform=linux/arm64" ]; - }; - }; - }; - - systemd.services.init-piefed-network = { - description = "Create Docker network for Piefed"; - after = [ "docker.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Type = "oneshot"; - script = "${pkgs.docker}/bin/docker network create piefed_net || true"; - }; -} diff --git a/nixos/orac.nix b/nixos/orac.nix index f1a04a0..2e9aef8 100644 --- a/nixos/orac.nix +++ b/nixos/orac.nix @@ -11,7 +11,6 @@ ../modules/containers/docker/karakeep/docker-compose.nix ../modules/nixos/orac/monitoring.nix ../modules/containers/docker/crowdsec/crowdsec.nix - ../modules/containers/piefed/piefed-containers.nix ]; networking.firewall = {