From ac513759f56c7e30cc867a4a634c2af54376a3c5 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Fri, 14 Feb 2025 14:54:41 -0500 Subject: [PATCH] setup filerun in cloud with arion --- host/cloud/default.nix | 5 + host/cloud/modules/caddy/default.nix | 8 +- host/cloud/modules/filerun/.env | 4 + host/cloud/modules/filerun/arion-compose.nix | 41 ++++++ host/cloud/modules/filerun/arion-compose.yml | 58 +++++++++ host/cloud/modules/filerun/compose.yml | 37 ++++++ host/cloud/modules/filerun/default.nix | 29 +++++ host/cloud/modules/filerun/oci.nix | 126 +++++++++++++++++++ 8 files changed, 304 insertions(+), 4 deletions(-) create mode 100644 host/cloud/modules/filerun/.env create mode 100644 host/cloud/modules/filerun/arion-compose.nix create mode 100644 host/cloud/modules/filerun/arion-compose.yml create mode 100644 host/cloud/modules/filerun/compose.yml create mode 100644 host/cloud/modules/filerun/default.nix create mode 100644 host/cloud/modules/filerun/oci.nix diff --git a/host/cloud/default.nix b/host/cloud/default.nix index 32ba2a5..a15a315 100644 --- a/host/cloud/default.nix +++ b/host/cloud/default.nix @@ -3,6 +3,7 @@ config, pkgs, hostName, + admin, ... }: { @@ -20,6 +21,8 @@ # cron ./modules/cron + # Filerun + ./modules/filerun # Logrotate ./modules/logrotate # Caddy @@ -40,10 +43,12 @@ }; ## USERS ## + users.users.${admin}.extraGroups = [ "docker" ]; ## ENVIORMENT & PACKAGES ## nixpkgs.overlays = [ (import ../../nix/overlays) ]; environment.systemPackages = with pkgs; [ + arion git mergerfs micro diff --git a/host/cloud/modules/caddy/default.nix b/host/cloud/modules/caddy/default.nix index 5f6e1f3..4f62187 100644 --- a/host/cloud/modules/caddy/default.nix +++ b/host/cloud/modules/caddy/default.nix @@ -7,10 +7,10 @@ extraConfig = '' reverse_proxy http://localhost:8181 { header_up Host {host} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Protocol {scheme} - header_up X-Forwarded-Port {server_port} + # header_up X-Forwarded-For {remote} + # header_up X-Forwarded-Proto {scheme} + # header_up X-Forwarded-Protocol {scheme} + # header_up X-Forwarded-Port {server_port} } ''; }; diff --git a/host/cloud/modules/filerun/.env b/host/cloud/modules/filerun/.env new file mode 100644 index 0000000..0aa8fff --- /dev/null +++ b/host/cloud/modules/filerun/.env @@ -0,0 +1,4 @@ +DB_NAME=filerun +DB_USER=admin +DB_PASS=m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY +DB_ROOT_PASS=pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm \ No newline at end of file diff --git a/host/cloud/modules/filerun/arion-compose.nix b/host/cloud/modules/filerun/arion-compose.nix new file mode 100644 index 0000000..94920eb --- /dev/null +++ b/host/cloud/modules/filerun/arion-compose.nix @@ -0,0 +1,41 @@ +{ + services = { + db.service = { + image = "mariadb:10.11"; + user = "1000:1004"; + environment = { + MYSQL_ROOT_PASSWORD = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm"; + MYSQL_USER = "admin"; + MYSQL_PASSWORD = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; + MYSQL_DATABASE = "filerun"; + }; + volumes = [ + "/pool/filerun/db:/var/lib/mysql" + ]; + }; + + web.service = { + image = "filerun/filerun:8.1"; + user = "root"; + tty = true; + environment = { + FR_DB_HOST = "db"; + FR_DB_PORT = "3306"; + FR_DB_NAME = "filerun"; + FR_DB_USER = "admin"; + FR_DB_PASS = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; + APACHE_RUN_USER = "toph"; + APACHE_RUN_USER_ID = "1000"; + APACHE_RUN_GROUP = "ryot"; + APACHE_RUN_GROUP_ID = "1004"; + }; + depends_on = [ "db" ]; + ports = [ "8181:80" ]; + volumes = [ + "/pool/filerun/html:/var/www/html" + "/pool/filerun/user-files:/user-files" + "/pool/:/pool" + ]; + }; + }; +} diff --git a/host/cloud/modules/filerun/arion-compose.yml b/host/cloud/modules/filerun/arion-compose.yml new file mode 100644 index 0000000..9cf3794 --- /dev/null +++ b/host/cloud/modules/filerun/arion-compose.yml @@ -0,0 +1,58 @@ +{ + "networks": { "default": { "name": "filerun" } }, + "services": + { + "db": + { + "environment": + { + "MYSQL_DATABASE": "filerun", + "MYSQL_PASSWORD": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY", + "MYSQL_ROOT_PASSWORD": "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm", + "MYSQL_USER": "admin", + }, + "image": "mariadb:10.11", + "sysctls": {}, + "user": "1000:1004", + "volumes": ["/pool/filerun/db:/var/lib/mysql"], + }, + "web": + { + "depends_on": ["db"], + "environment": + { + "APACHE_RUN_GROUP": "ryot", + "APACHE_RUN_GROUP_ID": "1004", + "APACHE_RUN_USER": "toph", + "APACHE_RUN_USER_ID": "1000", + "FR_DB_HOST": "db", + "FR_DB_NAME": "filerun", + "FR_DB_PASS": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY", + "FR_DB_PORT": "3306", + "FR_DB_USER": "admin", + }, + "image": "filerun/filerun:8.1", + "ports": ["8181:80"], + "sysctls": {}, + "tty": true, + "user": "root", + "volumes": + [ + "/pool/filerun/html:/var/www/html", + "/pool/filerun/user-files:/user-files", + ], + }, + }, + "version": "3.4", + "volumes": {}, + "x-arion": + { + "images": [], + "project": { "name": "filerun" }, + "serviceInfo": + { + "db": { "defaultExec": ["/bin/sh"] }, + "web": { "defaultExec": ["/bin/sh"] }, + }, + }, +} diff --git a/host/cloud/modules/filerun/compose.yml b/host/cloud/modules/filerun/compose.yml new file mode 100644 index 0000000..66bffbf --- /dev/null +++ b/host/cloud/modules/filerun/compose.yml @@ -0,0 +1,37 @@ +name: filerun +services: + db: + image: mariadb:10.5 + user: 1001:1004 + environment: + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: ${DB_USER} + MYSQL_PASSWORD: ${DB_PASS} + MYSQL_DATABASE: ${DB_NAME} + restart: unless-stopped + volumes: + - /pool/filerun/db:/var/lib/mysql + + web: + image: filerun/filerun:8.1 + user: root + environment: + FR_DB_HOST: db + FR_DB_PORT: 3306 + FR_DB_NAME: ${DB_NAME} + FR_DB_USER: ${DB_USER} + FR_DB_PASS: ${DB_PASS} + APACHE_RUN_USER: toph + APACHE_RUN_USER_ID: 1001 + APACHE_RUN_GROUP: toph + APACHE_RUN_GROUP_ID: 1004 + depends_on: + - db + links: + - db:db + ports: + - "8181:80" + restart: unless-stopped + volumes: + - /pool/filerun/html:/var/www/html + - /pool/filerun/user-files:/user-files diff --git a/host/cloud/modules/filerun/default.nix b/host/cloud/modules/filerun/default.nix new file mode 100644 index 0000000..4367e31 --- /dev/null +++ b/host/cloud/modules/filerun/default.nix @@ -0,0 +1,29 @@ +{ + + imports = + let + commit = "9f01fb79f61f53fe31d5ef831e420ab9ad252b99"; + in + [ + "${ + builtins.fetchTarball { + name = "arion-v0.2.2.0"; + url = "https://github.com/hercules-ci/arion/archive/${commit}.tar.gz"; + # obtained via nix-prefetch-url --unpack + sha256 = "1y2wi9kjb1agrvzaj6417lap4qg969hdfz3cmw3v3sz1q5mqcaw5"; + } + }/nixos-module.nix" + ]; + + virtualisation.docker.enable = true; + virtualisation.arion = { + backend = "docker"; # or "docker" + projects.filerun = { + # serviceName = "filerun"; + settings = { + # Specify you project here, or import it from a file. + imports = [ ./arion-compose.nix ]; + }; + }; + }; +} diff --git a/host/cloud/modules/filerun/oci.nix b/host/cloud/modules/filerun/oci.nix new file mode 100644 index 0000000..84d4cac --- /dev/null +++ b/host/cloud/modules/filerun/oci.nix @@ -0,0 +1,126 @@ +# Auto-generated using compose2nix v0.3.1. +{ pkgs, lib, ... }: + +{ + # Runtime + virtualisation.docker = { + enable = true; + autoPrune.enable = true; + }; + virtualisation.oci-containers.backend = "docker"; + + # Containers + virtualisation.oci-containers.containers."filerun-db" = { + image = "mariadb:10.5"; + environment = { + "MYSQL_DATABASE" = "filerun"; + "MYSQL_PASSWORD" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; + "MYSQL_ROOT_PASSWORD" = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm"; + "MYSQL_USER" = "admin"; + }; + volumes = [ + "/pool/filerun/db:/var/lib/mysql:rw" + ]; + user = "root"; + log-driver = "journald"; + extraOptions = [ + "--network-alias=db" + "--network=filerun_default" + ]; + }; + systemd.services."docker-filerun-db" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-filerun_default.service" + ]; + requires = [ + "docker-network-filerun_default.service" + ]; + partOf = [ + "docker-compose-filerun-root.target" + ]; + wantedBy = [ + "docker-compose-filerun-root.target" + ]; + }; + virtualisation.oci-containers.containers."filerun-web" = { + image = "filerun/filerun:8.1"; + environment = { + "APACHE_RUN_GROUP" = "toph"; + "APACHE_RUN_GROUP_ID" = "100"; + "APACHE_RUN_USER" = "toph"; + "APACHE_RUN_USER_ID" = "1000"; + "FR_DB_HOST" = "db"; + "FR_DB_NAME" = "filerun"; + "FR_DB_PASS" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; + "FR_DB_PORT" = "3306"; + "FR_DB_USER" = "admin"; + }; + volumes = [ + "/pool/filerun/html:/var/www/html:rw" + "/pool/filerun/user-files:/user-files:rw" + ]; + ports = [ + "8181:80/tcp" + ]; + dependsOn = [ + "filerun-db" + ]; + user = "root"; + log-driver = "journald"; + extraOptions = [ + "--network-alias=web" + "--network=filerun_default" + ]; + }; + systemd.services."docker-filerun-web" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-filerun_default.service" + ]; + requires = [ + "docker-network-filerun_default.service" + ]; + partOf = [ + "docker-compose-filerun-root.target" + ]; + wantedBy = [ + "docker-compose-filerun-root.target" + ]; + }; + + # Networks + systemd.services."docker-network-filerun_default" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "docker network rm -f filerun_default"; + }; + script = '' + docker network inspect filerun_default || docker network create filerun_default + ''; + partOf = [ "docker-compose-filerun-root.target" ]; + wantedBy = [ "docker-compose-filerun-root.target" ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."docker-compose-filerun-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; +}