From 1ca8946c7f2ab8d81fae241ea3e2f8e963d34c5f Mon Sep 17 00:00:00 2001 From: Jade Date: Sun, 5 Mar 2023 10:56:03 +0100 Subject: [PATCH] set up penpot --- flake.lock | 110 ++++++++++++++++++++++++++------ flake.nix | 1 + schrottserver/configuration.nix | 1 + schrottserver/microbin.nix | 3 + schrottserver/penpot.nix | 73 +++++++++++++++++++++ schrottserver/proxy.nix | 11 ++++ secret-data/penpot-smtp-pass | Bin 0 -> 53 bytes 7 files changed, 181 insertions(+), 18 deletions(-) create mode 100644 schrottserver/penpot.nix create mode 100644 secret-data/penpot-smtp-pass diff --git a/flake.lock b/flake.lock index b71b098..9cf4945 100644 --- a/flake.lock +++ b/flake.lock @@ -1,10 +1,30 @@ { "nodes": { + "arion": { + "inputs": { + "flake-parts": "flake-parts", + "haskell-flake": "haskell-flake", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1677362634, + "narHash": "sha256-TbXibbeyPHFS+WVMlBQ3lY2L6Re5y3qUsZaHYtLQvkw=", + "owner": "hercules-ci", + "repo": "arion", + "rev": "0f27ae484f34a8f0bbc5ef495a96f3a3cecb3eb3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "arion", + "type": "github" + } + }, "easymacros": { "inputs": { "flake-utils": "flake-utils", "naersk": "naersk", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1662552013, @@ -20,6 +40,27 @@ "url": "https://gitlab.com/obsidianical/easymacros.git" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1656065134, @@ -49,6 +90,22 @@ "type": "indirect" } }, + "haskell-flake": { + "locked": { + "lastModified": 1675296942, + "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.1.0", + "repo": "haskell-flake", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -86,7 +143,7 @@ "meowsite": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1676235149, @@ -105,7 +162,7 @@ "microbin-fork": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "utils": "utils_2" }, "locked": { @@ -124,7 +181,7 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1655042882, @@ -142,7 +199,7 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1671096816, @@ -161,7 +218,7 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1671096816, @@ -195,16 +252,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656755932, - "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=", + "lastModified": 1676300157, + "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152", + "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-stable": { @@ -237,6 +296,20 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1656755932, + "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1674407282, "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", @@ -252,7 +325,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1676549890, "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=", @@ -266,7 +339,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1676549890, "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=", @@ -282,7 +355,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1677676435, "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", @@ -298,7 +371,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1675614288, "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=", @@ -312,7 +385,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1675614288, "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=", @@ -330,13 +403,14 @@ }, "root": { "inputs": { + "arion": "arion", "easymacros": "easymacros", "home-manager": "home-manager", "mac-brcm-fw": "mac-brcm-fw", "meowsite": "meowsite", "microbin-fork": "microbin-fork", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixpkgs-stable": "nixpkgs-stable", "wordsofgod": "wordsofgod" } @@ -389,7 +463,7 @@ "wordsofgod": { "inputs": { "naersk": "naersk_3", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "utils": "utils_3" }, "locked": { diff --git a/flake.nix b/flake.nix index ea8fdde..8c2ac83 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,7 @@ meowsite.url = "git+https://gitlab.com/obsidianical/meowsite.git"; wordsofgod.url = "git+https://gitlab.com/obsidianical/wordsofgod.git"; microbin-fork.url = "git+https://gitlab.com/obsidianical/microbin.git"; + arion.url = "github:hercules-ci/arion"; }; outputs = { self, nixpkgs, nixpkgs-stable, home-manager, nixos-hardware, mac-brcm-fw, ... }@inputs: { diff --git a/schrottserver/configuration.nix b/schrottserver/configuration.nix index 4839d87..e01dbe5 100644 --- a/schrottserver/configuration.nix +++ b/schrottserver/configuration.nix @@ -17,6 +17,7 @@ ../modules/neovim.nix ../modules/zsh.nix ./synapse.nix + ./penpot.nix ]; #systemd.services.wordsofgod-bot.enable = true; diff --git a/schrottserver/microbin.nix b/schrottserver/microbin.nix index f354fc7..335b8a8 100644 --- a/schrottserver/microbin.nix +++ b/schrottserver/microbin.nix @@ -12,6 +12,9 @@ MICROBIN_HIGHLIGHTSYNTAX = ""; MICROBIN_PUBLIC_PATH = "https://s10e.de"; MICROBIN_QR = ""; + MICROBIN_URL_EP = "u"; + MICROBIN_RAW_EP = "r"; + MICROBIN_PASTA_EP = "p"; }; script = "${inputs.microbin-fork.defaultPackage."x86_64-linux"}/bin/microbin"; #scriptArgs = "--auth-password ${builtins.readFile ../secret-data/mb-pass} --auth-username jade --editable --hash-ids --no-listing --highlightsyntax --public-path https://s10e.de --qr"; diff --git a/schrottserver/penpot.nix b/schrottserver/penpot.nix new file mode 100644 index 0000000..836a238 --- /dev/null +++ b/schrottserver/penpot.nix @@ -0,0 +1,73 @@ +{ pkgs, inputs, ... }: +{ + imports = [ inputs.arion.nixosModules.arion ]; + virtualisation.docker.enable = true; + virtualisation.arion = { + backend = "docker"; + projects.penpot.settings = { + networks.penpot.name = "penpot"; + services = { + "penpot-backend".service = { + image = "penpotapp/backend:latest"; + volumes = [ "/penpot_assets:/opt/data/assets" ]; + restart = "always"; + depends_on = [ "penpot-postgres" "penpot-redis" ]; + networks = [ "penpot" ]; + environment = { + "PENPOT_FLAGS" = "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"; + "PENPOT_PUBLIC_URI" = "https://pp.schrottkatze.de"; + "PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot"; + "PENPOT_DATABASE_USERNAME" = "penpot"; + "PENPOT_DATABASE_PASSWORD" = "penpot"; "PENPOT_REDIS_URI" = "redis://penpot-redis/0"; + "PENPOT_ASSETS_STORAGE_BACKEND" = "assets-fs"; + "PENPOT_STORAGE_ASSETS_FS_DIRECTORY" = "/opt/data/assets"; + "PENPOT_TELEMETRY_ENABLED" = "false"; + "PENPOT_SMTP_DEFAULT_FROM" = "noreply-pp@schrottkatze.de"; + "PENPOT_SMTP_DEFAULT_REPLY_TO" = "noreply-pp@schrottkatze.de"; + "PENPOT_SMTP_HOST" = "smtp.migadu.com"; + "PENPOT_SMTP_PORT" = "465"; + "PENPOT_SMTP_USERNAME" = "noreply-pp@schrottkatze.de"; + "PENPOT_SMTP_PASSWORD" = builtins.readFile ../secret-data/penpot-smtp-pass; + "PENPOT_SMTP_TLS" = "true"; + "PENPOT_SMTP_SSL" = "false"; + }; + }; + "penpot-frontend".service = { + image = "penpotapp/frontend:latest"; + restart = "always"; + ports = [ "9001:80" ]; + volumes = [ "/penpot_assets:/opt/data/assets" ]; + depends_on = [ "penpot-backend" "penpot-exporter" ]; + networks = [ "penpot" ]; + }; + "penpot-exporter".service = { + image = "penpotapp/exporter:latest"; + restart = "always"; + networks = [ "penpot" ]; + environment = { + "PENPOT_PUBLIC_URI" = "http://penpot-frontend"; + "PENPOT_REDIS_URI" = "redis://penpot-redis/0"; + }; + }; + "penpot-postgres".service = { + image = "postgres:15"; + restart = "always"; + stop_signal = "SIGINT"; + volumes = [ "/penpot_postgres_v15:/var/lib/postgresql/data" ]; + networks = [ "penpot" ]; + environment = { + "POSTGRES_INITDB_ARGS" = "--data-checksums"; + "POSTGRES_DB" = "penpot"; + "POSTGRES_USER" = "penpot"; + "POSTGRES_PASSWORD" = "penpot"; + }; + }; + "penpot-redis".service = { + image = "redis:7"; + restart = "always"; + networks = [ "penpot" ]; + }; + }; + }; + }; +} diff --git a/schrottserver/proxy.nix b/schrottserver/proxy.nix index 7c391a5..67b8c81 100644 --- a/schrottserver/proxy.nix +++ b/schrottserver/proxy.nix @@ -24,6 +24,10 @@ group = "nginx"; keyType = "rsa2048"; }; + "pp.schrottkatze.de" = { + group = "nginx"; + keyType = "rsa2048"; + }; }; }; @@ -63,6 +67,13 @@ forceSSL = true; enableACME = true; }; + "pp.schrottkatze.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:9001"; + }; + }; "s10e.de" = { forceSSL = true; enableACME = true; diff --git a/secret-data/penpot-smtp-pass b/secret-data/penpot-smtp-pass new file mode 100644 index 0000000000000000000000000000000000000000..80a163fdaecb63578231e10135edbaa581e06eb1 GIT binary patch literal 53 zcmZQ@_Y83kiVO&0Q1$-*voxD?rr@`uYZY?N>PemM_2BCiyC0i%_;94z=Gi3$wHbcw JS@C?1mH;%~6+i$0 literal 0 HcmV?d00001