set up penpot

2023-03-05 10:56:03 +01:00 · 2023-03-05 10:56:03 +01:00 · 1ca8946c7f
commit 1ca8946c7f
parent d88066750b
7 changed files with 181 additions and 18 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,10 +1,30 @@
 {
  "nodes": {
+    "arion": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "haskell-flake": "haskell-flake",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1677362634,
+        "narHash": "sha256-TbXibbeyPHFS+WVMlBQ3lY2L6Re5y3qUsZaHYtLQvkw=",
+        "owner": "hercules-ci",
+        "repo": "arion",
+        "rev": "0f27ae484f34a8f0bbc5ef495a96f3a3cecb3eb3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "arion",
+        "type": "github"
+      }
+    },
    "easymacros": {
      "inputs": {
        "flake-utils": "flake-utils",
        "naersk": "naersk",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1662552013,
@ -20,6 +40,27 @@
        "url": "https://gitlab.com/obsidianical/easymacros.git"
      }
    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "arion",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1675933616,
+        "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "locked": {
        "lastModified": 1656065134,
@ -49,6 +90,22 @@
        "type": "indirect"
      }
    },
+    "haskell-flake": {
+      "locked": {
+        "lastModified": 1675296942,
+        "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
+        "owner": "srid",
+        "repo": "haskell-flake",
+        "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "srid",
+        "ref": "0.1.0",
+        "repo": "haskell-flake",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -86,7 +143,7 @@
    "meowsite": {
      "inputs": {
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1676235149,
@ -105,7 +162,7 @@
    "microbin-fork": {
      "inputs": {
        "naersk": "naersk_2",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
        "utils": "utils_2"
      },
      "locked": {
@ -124,7 +181,7 @@
    },
    "naersk": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1655042882,
@ -142,7 +199,7 @@
    },
    "naersk_2": {
      "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1671096816,
@ -161,7 +218,7 @@
    },
    "naersk_3": {
      "inputs": {
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
        "lastModified": 1671096816,
@ -195,16 +252,18 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1656755932,
-        "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=",
+        "lastModified": 1676300157,
+        "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152",
+        "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
      }
    },
    "nixpkgs-stable": {
@ -237,6 +296,20 @@
      }
    },
    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1656755932,
+        "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1674407282,
        "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=",
@ -252,7 +325,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1676549890,
        "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
@ -266,7 +339,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1676549890,
        "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
@ -282,7 +355,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1677676435,
        "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
@ -298,7 +371,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1675614288,
        "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=",
@ -312,7 +385,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_8": {
+    "nixpkgs_9": {
      "locked": {
        "lastModified": 1675614288,
        "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=",
@ -330,13 +403,14 @@
    },
    "root": {
      "inputs": {
+        "arion": "arion",
        "easymacros": "easymacros",
        "home-manager": "home-manager",
        "mac-brcm-fw": "mac-brcm-fw",
        "meowsite": "meowsite",
        "microbin-fork": "microbin-fork",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_7",
        "nixpkgs-stable": "nixpkgs-stable",
        "wordsofgod": "wordsofgod"
      }
@ -389,7 +463,7 @@
    "wordsofgod": {
      "inputs": {
        "naersk": "naersk_3",
-        "nixpkgs": "nixpkgs_8",
+        "nixpkgs": "nixpkgs_9",
        "utils": "utils_3"
      },
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@ -18,6 +18,7 @@
    meowsite.url = "git+https://gitlab.com/obsidianical/meowsite.git";
    wordsofgod.url = "git+https://gitlab.com/obsidianical/wordsofgod.git";
    microbin-fork.url = "git+https://gitlab.com/obsidianical/microbin.git";
+    arion.url = "github:hercules-ci/arion";
  };

  outputs = { self, nixpkgs, nixpkgs-stable, home-manager, nixos-hardware, mac-brcm-fw, ... }@inputs: {
--- a/schrottserver/configuration.nix
+++ b/schrottserver/configuration.nix
@ -17,6 +17,7 @@
      ../modules/neovim.nix
      ../modules/zsh.nix
      ./synapse.nix
+      ./penpot.nix
    ];

  #systemd.services.wordsofgod-bot.enable = true;
--- a/schrottserver/microbin.nix
+++ b/schrottserver/microbin.nix
@ -12,6 +12,9 @@
      MICROBIN_HIGHLIGHTSYNTAX = "";
      MICROBIN_PUBLIC_PATH = "https://s10e.de";
      MICROBIN_QR = "";
+      MICROBIN_URL_EP = "u";
+      MICROBIN_RAW_EP = "r";
+      MICROBIN_PASTA_EP = "p";
    };
    script = "${inputs.microbin-fork.defaultPackage."x86_64-linux"}/bin/microbin";
    #scriptArgs = "--auth-password ${builtins.readFile ../secret-data/mb-pass} --auth-username jade --editable --hash-ids --no-listing --highlightsyntax --public-path https://s10e.de --qr";
--- a/schrottserver/penpot.nix
+++ b/schrottserver/penpot.nix
@ -0,0 +1,73 @@
+{ pkgs, inputs, ... }:
+{
+  imports = [ inputs.arion.nixosModules.arion ];
+  virtualisation.docker.enable = true;
+  virtualisation.arion = {
+    backend = "docker";
+    projects.penpot.settings = {
+      networks.penpot.name = "penpot";
+      services = {
+        "penpot-backend".service = {
+          image = "penpotapp/backend:latest";
+          volumes = [ "/penpot_assets:/opt/data/assets" ];
+          restart = "always";
+          depends_on = [ "penpot-postgres" "penpot-redis" ];
+          networks = [ "penpot" ];
+          environment = {
+            "PENPOT_FLAGS" = "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server";
+            "PENPOT_PUBLIC_URI" = "https://pp.schrottkatze.de";
+            "PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot";
+            "PENPOT_DATABASE_USERNAME" = "penpot";
+            "PENPOT_DATABASE_PASSWORD" = "penpot"; "PENPOT_REDIS_URI" = "redis://penpot-redis/0";
+            "PENPOT_ASSETS_STORAGE_BACKEND" = "assets-fs";
+            "PENPOT_STORAGE_ASSETS_FS_DIRECTORY" = "/opt/data/assets";
+            "PENPOT_TELEMETRY_ENABLED" = "false";
+            "PENPOT_SMTP_DEFAULT_FROM" = "noreply-pp@schrottkatze.de";
+            "PENPOT_SMTP_DEFAULT_REPLY_TO" = "noreply-pp@schrottkatze.de";
+            "PENPOT_SMTP_HOST" = "smtp.migadu.com";
+            "PENPOT_SMTP_PORT" = "465";
+            "PENPOT_SMTP_USERNAME" = "noreply-pp@schrottkatze.de";
+            "PENPOT_SMTP_PASSWORD" = builtins.readFile ../secret-data/penpot-smtp-pass;
+            "PENPOT_SMTP_TLS" = "true";
+            "PENPOT_SMTP_SSL" = "false";
+          };
+        };
+        "penpot-frontend".service = {
+          image = "penpotapp/frontend:latest";
+          restart = "always";
+          ports = [  "9001:80" ];
+          volumes = [ "/penpot_assets:/opt/data/assets" ];
+          depends_on = [ "penpot-backend" "penpot-exporter" ];
+          networks = [ "penpot" ];
+        };
+        "penpot-exporter".service = {
+          image = "penpotapp/exporter:latest";
+          restart = "always";
+          networks = [ "penpot" ];
+          environment = {
+            "PENPOT_PUBLIC_URI" = "http://penpot-frontend";
+            "PENPOT_REDIS_URI" = "redis://penpot-redis/0";
+          };
+        };
+        "penpot-postgres".service = {
+          image = "postgres:15";
+          restart = "always";
+          stop_signal = "SIGINT";
+          volumes = [ "/penpot_postgres_v15:/var/lib/postgresql/data" ];
+          networks = [ "penpot" ];
+          environment = {
+            "POSTGRES_INITDB_ARGS" = "--data-checksums";
+            "POSTGRES_DB" = "penpot";
+            "POSTGRES_USER" = "penpot";
+            "POSTGRES_PASSWORD" = "penpot";
+          };
+        };
+        "penpot-redis".service = {
+          image = "redis:7";
+          restart = "always";
+          networks = [ "penpot" ];
+        };
+      };
+    };
+  };
+}
--- a/schrottserver/proxy.nix
+++ b/schrottserver/proxy.nix
@ -24,6 +24,10 @@
        group = "nginx";
        keyType = "rsa2048";
      };
+      "pp.schrottkatze.de" = {
+        group = "nginx";
+        keyType = "rsa2048";
+      };
    };
  };

@ -63,6 +67,13 @@
        forceSSL = true;
        enableACME = true;
      };
+      "pp.schrottkatze.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:9001";
+        };
+      };
      "s10e.de" = {
        forceSSL = true;
        enableACME = true;
--- a/secret-data/penpot-smtp-pass
+++ b/secret-data/penpot-smtp-pass