diff --git a/host/komodo/default.nix b/host/komodo/default.nix index 784b6eb..680c62f 100644 --- a/host/komodo/default.nix +++ b/host/komodo/default.nix @@ -16,8 +16,25 @@ ## NETWORKING ## networking.firewall = { - allowedTCPPorts = [ 22 80 443 ]; + allowedTCPPorts = [ 22 80 443 9120 ]; allowedUDPPorts = [ ]; + interfaces.podman1 = { + # so that containers find eachother's names + allowedUDPPorts = [ 53 ]; + }; + }; + + systemd.services.create-wordpress-network = with config.virtualisation.oci-containers; { + serviceConfig.Type = "oneshot"; + wantedBy = [ + "${backend}-komodo.service" + "${backend}-mongo.service" + "${backend}-periphery.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists komodo-net || \ + ${pkgs.podman}/bin/podman network create komodo-net + ''; }; ## ENVIORMENT & PACKAGES ## @@ -33,4 +50,9 @@ environment.variables = { HOSTNAME = hostName; }; + + ## PROGRAMS & SERVICES ## + # Enable podman + virtualisation.podman.enable = true; + virtualisation.oci-containers.backend = "podman"; } diff --git a/host/komodo/modules/komodo/compose.yaml b/host/komodo/modules/komodo/compose.yaml new file mode 100644 index 0000000..57ca17e --- /dev/null +++ b/host/komodo/modules/komodo/compose.yaml @@ -0,0 +1,101 @@ +########################## +# KOMODO COMPOSE - MONGO # +########################## + +## This compose file will deploy: +## 1. MongoDB +## 2. Komodo Core +## 3. Komodo Periphery + +services: + mongo: + image: mongo + command: --quiet # suppress mongo logs a bit + restart: unless-stopped + logging: + driver: local # enable log rotation by default. see `https://docs.docker.com/config/containers/logging/local/` + networks: + - default + ports: + - 27017:27017 + volumes: + - mongo-data:/data/db + - mongo-config:/data/configdb + environment: + MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME} + MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD} + + core: + image: ghcr.io/mbecker20/komodo:latest + # image: ghcr.io/mbecker20/komodo:latest-aarch64 ## Use for arm support + restart: unless-stopped + depends_on: + - mongo + logging: + driver: local + networks: + - default + ports: + - 9120:9120 + # volumes: # Optionally mount a custom core.config.toml + # - /path/to/core.config.toml:/config/config.toml + # extra_hosts: # allows for systemd Periphery connection at "http://host.docker.internal:8120" + # - host.docker.internal:host-gateway + environment: # https://github.com/mbecker20/komodo/blob/main/config/core.config.toml + KOMODO_HOST: ${KOMODO_HOST} + KOMODO_TITLE: ${KOMODO_TITLE} + KOMODO_ENSURE_SERVER: http://periphery:8120 + ## Mongo + KOMODO_MONGO_ADDRESS: mongo:27017 + KOMODO_MONGO_USERNAME: ${DB_USERNAME} + KOMODO_MONGO_PASSWORD: ${DB_PASSWORD} + ## Secrets + KOMODO_PASSKEY: ${KOMODO_PASSKEY} + KOMODO_WEBHOOK_SECRET: ${KOMODO_WEBHOOK_SECRET} + KOMODO_JWT_SECRET: ${KOMODO_JWT_SECRET} + ## Auth + KOMODO_LOCAL_AUTH: ${KOMODO_LOCAL_AUTH} + KOMODO_DISABLE_USER_REGISTRATION: ${KOMODO_DISABLE_USER_REGISTRATION} + ## Github Oauth + KOMODO_GITHUB_OAUTH_ENABLED: ${KOMODO_GITHUB_OAUTH_ENABLED} + KOMODO_GITHUB_OAUTH_ID: ${KOMODO_GITHUB_OAUTH_ID} + KOMODO_GITHUB_OAUTH_SECRET: ${KOMODO_GITHUB_OAUTH_SECRET} + ## Google Oauth + KOMODO_GOOGLE_OAUTH_ENABLED: ${KOMODO_GOOGLE_OAUTH_ENABLED} + KOMODO_GOOGLE_OAUTH_ID: ${KOMODO_GOOGLE_OAUTH_ID} + KOMODO_GOOGLE_OAUTH_SECRET: ${KOMODO_GOOGLE_OAUTH_SECRET} + ## Aws + KOMODO_AWS_ACCESS_KEY_ID: ${KOMODO_AWS_ACCESS_KEY_ID} + KOMODO_AWS_SECRET_ACCESS_KEY: ${KOMODO_AWS_SECRET_ACCESS_KEY} + ## Hetzner + KOMODO_HETZNER_TOKEN: ${KOMODO_HETZNER_TOKEN} + + ## Deploy Periphery container using this block, + ## or deploy the Periphery binary with systemd using https://github.com/mbecker20/komodo/tree/main/scripts + periphery: + image: ghcr.io/mbecker20/periphery:latest + # image: ghcr.io/mbecker20/periphery:latest-aarch64 # Use for arm support + logging: + driver: local + networks: + - default + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - repos:/etc/komodo/repos # manage repos in a docker volume, or change it to an accessible host directory. + - stacks:/etc/komodo/stacks # manage stack files in a docker volume, or change it to an accessible host directory. + environment: + # If the disk size is overreporting, can use one of these to + # whitelist / blacklist the disks to filter them, whichever is easier. + # Accepts comma separated list of paths. + # Usually whitelisting just /etc/hostname gives correct size. + PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname + # PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos + +volumes: + mongo-data: + mongo-config: + repos: + stacks: + +networks: + default: {} diff --git a/host/komodo/modules/komodo/default.nix b/host/komodo/modules/komodo/default.nix index 544b7b4..cedd01e 100644 --- a/host/komodo/modules/komodo/default.nix +++ b/host/komodo/modules/komodo/default.nix @@ -1,3 +1,72 @@ +{config, pkgs, ... }: { - + config.virtualisation.oci-containers.containers = { + mongo = { + image = "docker.io/mongo"; + cmd = [ "--quiet" ]; + autoStart = true; + extraOptions = [ "--network=komodo-net" ]; + log-driver = "passthrough-tty"; + hostname = "mongo"; + ports = [ "27017:27017" ]; + volumes = [ + "/mnt/DockerStorage/komodo/mongo/data:/data/db" + "/mnt/DockerStorage/komodo/mongo/config:/data/configdb" + ]; + environmentFiles = [ ./komodo.env ]; + environment = { + MONGO_INITDB_ROOT_USERNAME = "\${DB_USERNAME}"; + MONGO_INITDB_ROOT_PASSWORD = "\${DB_PASSWORD}"; + }; + }; + + komodo = { + image = "ghcr.io/mbecker20/komodo:latest"; + autoStart = true; + extraOptions = [ "--network=komodo-net" ]; + dependsOn = [ "mongo" ]; + log-driver = "passthrough"; + hostname = "komodo"; + ports = [ "9120:9120" ]; + environmentFiles = [ ./komodo.env ]; + environment = { + KOMODO_HOST = "\${KOMODO_HOST}"; + KOMODO_TITLE = "\${KOMODO_TITLE}"; + KOMODO_ENSURE_SERVER = "http://periphery:8120"; + KOMODO_MONGO_ADDRESS = "mongo:27017"; + KOMODO_MONGO_USERNAME = "\${DB_USERNAME}"; + KOMODO_MONGO_PASSWORD = "\${DB_PASSWORD}"; + KOMODO_PASSKEY = "\${KOMODO_PASSKEY}"; + KOMODO_WEBHOOK_SECRET = "\${KOMODO_WEBHOOK_SECRET}"; + KOMODO_JWT_SECRET = "\${KOMODO_JWT_SECRET}"; + KOMODO_LOCAL_AUTH = "\${KOMODO_LOCAL_AUTH}"; + KOMODO_DISABLE_USER_REGISTRATION = "\${KOMODO_DISABLE_USER_REGISTRATION}"; + KOMODO_GITHUB_OAUTH_ENABLED = "\${KOMODO_GITHUB_OAUTH_ENABLED}"; + KOMODO_GITHUB_OAUTH_ID = "\${KOMODO_GITHUB_OAUTH_ID}"; + KOMODO_GITHUB_OAUTH_SECRET = "\${KOMODO_GITHUB_OAUTH_SECRET}"; + KOMODO_GOOGLE_OAUTH_ENABLED = "\${KOMODO_GOOGLE_OAUTH_ENABLED}"; + KOMODO_GOOGLE_OAUTH_ID = "\${KOMODO_GOOGLE_OAUTH_ID}"; + KOMODO_GOOGLE_OAUTH_SECRET = "\${KOMODO_GOOGLE_OAUTH_SECRET}"; + KOMODO_AWS_ACCESS_KEY_ID = "\${KOMODO_AWS_ACCESS_KEY_ID}"; + KOMODO_AWS_SECRET_ACCESS_KEY = "\${KOMODO_AWS_SECRET_ACCESS_KEY}"; + KOMODO_HETZNER_TOKEN = "\${KOMODO_HETZNER_TOKEN}"; + }; + }; + + periphery = { + image = "ghcr.io/mbecker20/periphery:latest"; + autoStart = true; + extraOptions = [ "--network=komodo-net" ]; + log-driver = "passthrough-tty"; + hostname = "periphery"; + volumes = [ + "/var/run/podman.sock:/var/run/docker.sock" + "/mnt/DockerStorage/komodo/repos:/etc/komodo/repos" + "mnt/DockerStorage/komodo/stacks:/etc/komodo/stacks" + ]; + environment = { + PERIPHERY_INCLUDE_DISK_MOUNTS = "/etc/hostname"; + }; + }; + }; } \ No newline at end of file