54 lines
1.7 KiB
Nix
54 lines
1.7 KiB
Nix
{ config, containerCfg, pkgs, lib, builder, name,... }:
|
|
let
|
|
serverCfg = config.syscfg.server;
|
|
|
|
# Umami image built from nixpkgs
|
|
image = pkgs.dockerTools.streamLayeredImage {
|
|
name = pkgs.umami.name;
|
|
tag = pkgs.umami.version;
|
|
contents = with pkgs; [ cacert openssl ];
|
|
config = {
|
|
# Umami in nixpkgs typically provides a binary or script to start the server
|
|
Entrypoint = [ "${pkgs.umami}/bin/umami-server" ];
|
|
ExposedPorts = { "3000/tcp" = {}; };
|
|
Env = [ "NODE_ENV=production" ];
|
|
};
|
|
};
|
|
in {
|
|
sops = true;
|
|
db = true;
|
|
paths = [{
|
|
path = "${serverCfg.configPath}/umami/";
|
|
mode = "0444";
|
|
}];
|
|
|
|
containers = {
|
|
server = builder.mkContainer {
|
|
subdomain = containerCfg.subdomain;
|
|
image = "${pkgs.umami.name}:${pkgs.umami.version}";
|
|
imageStream = image;
|
|
port = 3000;
|
|
secret = name;
|
|
extraEnv = {
|
|
PORT = "3000";
|
|
# HOSTNAME = "${containerCfg.subdomain}.${serverCfg.domain}";
|
|
DATABASE_TYPE = "postgresql";
|
|
REDIS_URL = "redis://${builder.host}";
|
|
CLIENT_IP_HEADER = "X-Forwarded-For";
|
|
BASE_PATH = lib.optionalString (containerCfg.subpath or null != null) "/${containerCfg.subpath}";
|
|
# DISABLE_LOGIN = "1";#(if serverCfg.containers?authentik then "1" else "0");
|
|
|
|
};
|
|
extraLabels = { } // ( if serverCfg.containers?authentik then {
|
|
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = if serverCfg.containers?authentik then "authentik" else "";
|
|
} else {});
|
|
extraOptions = [
|
|
"--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
|
|
];
|
|
overrides = {
|
|
cmd = [ "start" ]; # Specific command for the umami binary
|
|
};
|
|
};
|
|
};
|
|
|
|
} |