death916/nixconfig
1
0
Fork 0
mirror of https://github.com/Death916/nixconfig.git synced 2026-04-10 02:54:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

rm nix docker pie

Browse source
This commit is contained in:
death916 2026-04-02 05:14:03 -07:00
parent 2be81c65d8
commit 4bca4c3660
3 changed files with 0 additions and 298 deletions
Download patch file Download diff file Expand all files Collapse all files

204
modules/containers/docker/piefed/piefed-docker.nix
View file

@ -1,204 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
piefedAppSrc = pkgs.fetchFromGitea {
domain = "codeberg.org";
owner = "rimu";
repo = "pyfedi";
rev = "v1.5.x"; # Replace with target release branch (e.g., v1.5.x or main)
hash = lib.fakeHash;
};
pythonEnv = pkgs.python3.withPackages (
ps: with ps; [
flask
gunicorn
celery
psycopg2
redis
requests
python-dotenv
authlib
beautifulsoup4
pillow
flask-migrate
flask-sqlalchemy
]
);
piefedImage = pkgs.dockerTools.buildLayeredImage {
name = "piefed";
tag = "nix-latest";
contents = [
pythonEnv
pkgs.bash
pkgs.coreutils
pkgs.findutils
pkgs.curl
];
extraCommands = ''
mkdir -p app
cp -r ${piefedAppSrc}/* app/
chmod -R +w app/ # Ensure app directory is writable for setup scripts
'';
config = {
Cmd = [
"${pythonEnv}/bin/gunicorn"
"-w"
"4"
"-b"
"0.0.0.0:5000"
"pyfedi:app"
];
WorkingDir = "/app";
Env = [
"FLASK_APP=pyfedi.py"
"PYTHONUNBUFFERED=1"
];
};
};
in
{
virtualisation.oci-containers.backend = "docker";
systemd.tmpfiles.rules = [
"d /var/lib/piefed 0755 root root -"
"d /var/lib/piefed/pgdata 0700 root root -"
"d /var/lib/piefed/redis 0700 root root -"
"d /var/lib/piefed/media 0755 root root -"
"d /var/lib/piefed/logs 0755 root root -"
"d /var/lib/piefed/tmp 0755 root root -"
];
systemd.services.docker-network-piefed = {
description = "Create Docker Network for PieFed";
after = [
"network.target"
"docker.service"
];
requires = [ "docker.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
${pkgs.docker}/bin/docker network inspect piefed-net >/dev/null 2>&1 || \
${pkgs.docker}/bin/docker network create piefed-net
'';
};
virtualisation.oci-containers.containers = {
piefed-db = {
image = "postgres:15-alpine";
environmentFiles = [ "/var/lib/piefed/.env.docker" ]; # SECRETS LOADED HERE
volumes = [ "/var/lib/piefed/pgdata:/var/lib/postgresql/data" ];
extraOptions = [ "--network=piefed-net" ];
};
piefed-redis = {
image = "redis:7-alpine";
volumes = [ "/var/lib/piefed/redis:/data" ];
extraOptions = [ "--network=piefed-net" ];
};
piefed-web = {
image = "piefed:nix-latest";
imageFile = piefedImage; # Nix auto-loads the tarball into Docker!
ports = [ "8030:5000" ];
environmentFiles = [ "/var/lib/piefed/.env.docker" ]; # SECRETS LOADED HERE
volumes = [
"/var/lib/piefed/media:/app/media"
"/var/lib/piefed/logs:/app/logs"
"/var/lib/piefed/tmp:/app/tmp"
];
dependsOn = [
"piefed-db"
"piefed-redis"
];
extraOptions = [ "--network=piefed-net" ];
};
piefed-worker = {
image = "piefed:nix-latest";
cmd = [
"${pythonEnv}/bin/celery"
"-A"
"pyfedi.celery"
"worker"
"-l"
"info"
];
environmentFiles = [ "/var/lib/piefed/.env.docker" ];
volumes = [
"/var/lib/piefed/media:/app/media"
"/var/lib/piefed/logs:/app/logs"
"/var/lib/piefed/tmp:/app/tmp"
];
dependsOn = [
"piefed-db"
"piefed-redis"
];
extraOptions = [ "--network=piefed-net" ];
};
};
systemd.services."docker-piefed-db".requires = [ "docker-network-piefed.service" ];
systemd.services."docker-piefed-redis".requires = [ "docker-network-piefed.service" ];
systemd.services."docker-piefed-web".requires = [ "docker-network-piefed.service" ];
systemd.services."docker-piefed-worker".requires = [ "docker-network-piefed.service" ];
systemd.services.piefed-daily = {
script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./daily.sh'";
serviceConfig.Type = "oneshot";
};
systemd.timers.piefed-daily = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 02:05:00";
Persistent = true;
};
};
systemd.services.piefed-orphan-files = {
script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./remove_orphan_files.sh'";
serviceConfig.Type = "oneshot";
};
systemd.timers.piefed-orphan-files = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "Mon *-*-* 04:05:00";
Persistent = true;
};
};
systemd.services.piefed-email-notifs = {
script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./email_notifs.sh'";
serviceConfig.Type = "oneshot";
};
systemd.timers.piefed-email-notifs = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 00/6:01:00";
Persistent = true;
};
};
systemd.services.piefed-send-queue = {
script = "${pkgs.docker}/bin/docker exec piefed-web bash -c 'cd /app && ./send_queue.sh'";
serviceConfig.Type = "oneshot";
};
systemd.timers.piefed-send-queue = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/5";
Persistent = true;
};
};
}

93
modules/containers/piefed/piefed-containers.nix
View file

@ -1,93 +0,0 @@
{ config, lib, pkgs, ... }:
let
localDir = "/var/lib/piefed";
mediaDir = "/mnt/myjfs/piefed/media";
in
{
systemd.tmpfiles.rules = [
"d ${localDir} 0755 root root -"
"d ${localDir}/db 0700 1000 1000 -"
"d ${localDir}/redis 0700 999 999 -"
"d ${localDir}/logs 0755 1000 1000 -"
"d ${localDir}/tmp 0755 1000 1000 -"
"d ${mediaDir} 0755 1000 1000 -"
];
virtualisation.oci-containers = {
backend = "docker";
containers = {
piefed-db = {
image = "postgres:17";
volumes = [ "${localDir}/db:/var/lib/postgresql/data" ];
environmentFiles = [ "${localDir}/.env.docker" ];
cmd = [
"postgres"
"-c" "shared_buffers=1GB"
"-c" "effective_cache_size=2GB"
"-c" "work_mem=32MB"
"-c" "maintenance_work_mem=256MB"
"-c" "checkpoint_completion_target=0.9"
"-c" "wal_buffers=16MB"
"-c" "max_wal_size=3GB"
"-c" "min_wal_size=1GB"
"-c" "random_page_cost=1.1"
"-c" "effective_io_concurrency=200"
"-c" "max_connections=150"
"-c" "jit=off"
];
extraOptions = [ "--shm-size=2gb" "--user=1000:1000" "--network=piefed_net" ];
};
piefed-redis = {
image = "redis:6.2";
volumes = [ "${localDir}/redis:/data" ];
environmentFiles = [ "${localDir}/.env.docker" ];
extraOptions = [ "--network=piefed_net" ];
};
piefed-web = {
image = "elestio/piefed:latest";
dependsOn = [ "piefed-db" "piefed-redis" ];
environmentFiles = [ "${localDir}/.env.docker" ];
volumes = [
"${mediaDir}:/app/app/static/media"
"${localDir}/logs:/app/logs"
"${localDir}/tmp:/app/app/static/tmp"
];
ports = [ "8030:5000" ];
extraOptions = [ "--network=piefed_net" "--platform=linux/arm64" ];
};
piefed-celery = {
image = "elestio/piefed:latest";
dependsOn = [ "piefed-db" "piefed-redis" ];
environmentFiles = [ "${localDir}/.env.docker" ];
entrypoint = "./entrypoint_celery.sh";
volumes = [
"${mediaDir}:/app/app/static/media"
"${localDir}/logs:/app/logs"
"${localDir}/tmp:/app/app/static/tmp"
];
extraOptions = [ "--network=piefed_net" "--platform=linux/arm64" ];
};
piefed-notifs = {
image = "elestio/piefed:latest";
dependsOn = [ "piefed-redis" ];
environmentFiles = [ "${localDir}/.env.docker" ];
entrypoint = "./entrypoint_async.sh";
ports = [ "8040:8000" ];
extraOptions = [ "--network=piefed_net" "--platform=linux/arm64" ];
};
};
};
systemd.services.init-piefed-network = {
description = "Create Docker network for Piefed";
after = [ "docker.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = "${pkgs.docker}/bin/docker network create piefed_net || true";
};
}

1
nixos/orac.nix
View file

@ -11,7 +11,6 @@
../modules/containers/docker/karakeep/docker-compose.nix ../modules/containers/docker/karakeep/docker-compose.nix
../modules/nixos/orac/monitoring.nix ../modules/nixos/orac/monitoring.nix
../modules/containers/docker/crowdsec/crowdsec.nix ../modules/containers/docker/crowdsec/crowdsec.nix
../modules/containers/piefed/piefed-containers.nix
]; ];
networking.firewall = { networking.firewall = {