prep directories for the container

This commit is contained in:
Cyryl Płotnicki 2022-11-26 21:54:48 +00:00
parent ac3ecc749b
commit a4b146c6a3

View file

@ -25,6 +25,11 @@ let
members = [ "${systemUserName}" "nginx" ]; members = [ "${systemUserName}" "nginx" ];
}; };
}; };
secretSettings = {
owner = systemUserName;
group = systemGroupName;
};
publicPath = "${path}/public-system/";
package = package =
inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon; inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon;
in { in {
@ -38,7 +43,7 @@ in {
root = "${package}/public/"; root = "${package}/public/";
locations."/" = { tryFiles = "$uri @proxy"; }; locations."/" = { tryFiles = "$uri @proxy"; };
locations."/system/".alias = "${path}/public-system/"; locations."/system/".alias = "${publicPath}";
locations."@proxy" = { locations."@proxy" = {
proxyPass = "http://127.0.0.1:" + toString webPort; proxyPass = "http://127.0.0.1:" + toString webPort;
@ -55,18 +60,32 @@ in {
sops.secrets."${mailgunSmtpSecretName}" = { sops.secrets."${mailgunSmtpSecretName}" = {
sopsFile = ./mailgun.sops.yaml; sopsFile = ./mailgun.sops.yaml;
path = mailgunSmtpPasswordPath; path = mailgunSmtpPasswordPath;
owner = systemUserName; } // secretSettings;
group = systemGroupName;
};
sops.secrets."${mastodonDbSecretName}" = { sops.secrets."${mastodonDbSecretName}" = {
sopsFile = ./mastodon-db.sops.yaml; sopsFile = ./mastodon-db.sops.yaml;
path = mastodonDbSecretPath; path = mastodonDbSecretPath;
owner = systemUserName; } // secretSettings;
group = systemGroupName;
};
inherit users; inherit users;
systemd.services.mastodon-make-path = {
script = ''
mkdir -p ${path}
chown -R ${systemUserName}:${systemGroupName} ${path}
mkdir -p ${publicPath}
chmod -R o-rwx ${publicPath}
chmod -R g-rwx ${publicPath}
chmod -R g+X ${publicPath}
chmod -R g+r ${publicPath}
'';
serviceConfig = {
Type = "oneshot";
ProtectSystem = "strict";
ReadWritePaths = path;
};
before = [ "container@mastodon.service" ];
};
containers.mastodon = { containers.mastodon = {
autoStart = true; autoStart = true;
forwardPorts = [ forwardPorts = [