coolneng/zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Migrate Wallabag to container deployment

Browse Source
This commit is contained in:
coolneng 2025-04-28 17:06:22 +02:00
parent 90b38fcf08
commit 42df5964f1
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
8 changed files with 38 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configuration.nix
View File

@ -226,6 +226,8 @@ with pkgs;
owner = "acme"; owner = "acme";
group = "nginx"; group = "nginx";
}; };
secrets.wallabag.file = secrets/wallabag.age;
secrets.wallabag-postgres.file = secrets/wallabag-postgres.age;
identityPaths = [ "/etc/ssh/id_ed25519" ]; identityPaths = [ "/etc/ssh/id_ed25519" ];
}; };

22
modules/containers.nix
View File

@ -44,9 +44,31 @@
ports = [ "127.0.0.1:9090:8080" ]; ports = [ "127.0.0.1:9090:8080" ];
volumes = [ "/vault/opodsync:/var/www/server/data" ]; volumes = [ "/vault/opodsync:/var/www/server/data" ];
}; };
# Wallabag
wallabag = {
image = "wallabag/wallabag@sha256:a87160e4445e11f9bcec0f4b201c31e1eb0d201d7bcd1aac421e8f3c2b8f553c";
environmentFiles = [ config.age.secrets.wallabag.path ];
dependsOn = [ "postgresql" ];
extraOptions = [ "--pod=wallabag-pod" ];
};
# Wallabag database
postgresql = {
image = "postgres:16.8@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e";
environmentFiles = [ config.age.secrets.wallabag-postgres.path ];
extraOptions = [ "--pod=wallabag-pod" ];
volumes = [ "/var/lib/postgresql-wallabag:/var/lib/postgresql/data" ];
};
}; };
}; };
}; };
# Allow networking between Wallabag and Postgresql
systemd.services.create-wallabag-pod = {
serviceConfig.Type = "oneshot";
wantedBy = [ "podman-postgresql.service" ];
script = with pkgs; ''
${podman}/bin/podman pod exists wallabag-pod || ${podman}/bin/podman pod create -n wallabag-pod -p '127.0.0.1:8090:80'
'';
};
# Start services after ZFS mount # Start services after ZFS mount
systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor = [ /vault/mqtt2prometheus ]; systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor = [ /vault/mqtt2prometheus ];

15
modules/information.nix
View File

@ -12,23 +12,8 @@
adminCredentialsFile = config.age.secrets.miniflux.path; adminCredentialsFile = config.age.secrets.miniflux.path;
}; };
# Php-fpm pool for Wallabag
services.phpfpm.pools.wallabag = {
user = "nginx";
group = "nginx";
settings = { settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"listen.mode" = 600;
"pm" = "ondemand";
"pm.max_children " = 4;
"pm.max_requests" = 32;
"env[WALLABAG_DATA]" = config.environment.variables.WALLABAG_DATA;
}; };
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
}; };
# Set environment variable pointing to wallabag configuration directory
environment.variables.WALLABAG_DATA = "/var/lib/wallabag";
} }

24
modules/webstack.nix
View File

@ -137,22 +137,13 @@
"wallabag.psydnd.org" = { "wallabag.psydnd.org" = {
useACMEHost = "psydnd.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
root = "${pkgs.wallabag}/web"; locations."/" = {
locations = { proxyPass = "http://localhost:8090/";
"/".tryFiles = "$uri /app.php$is_args$args"; extraConfig = ''
"/assets".root = "${config.environment.variables.WALLABAG_DATA}/web"; proxy_set_header X-Forwarded-Host $server_name;
"~ ^/app.php(/|$)" = { proxy_set_header X-Forwarded-Proto https;
fastcgiParams = { proxy_set_header X-Forwarded-For $remote_addr;
SCRIPT_FILENAME = "${pkgs.wallabag}/web/$fastcgi_script_name"; '';
DOCUMENT_ROOT = "${pkgs.wallabag}/web";
};
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.wallabag.socket};
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include ${pkgs.nginx}/conf/fastcgi_params;
internal;
'';
};
}; };
}; };
"books.psydnd.org" = { "books.psydnd.org" = {
@ -236,7 +227,6 @@
"miniflux.service" "miniflux.service"
"radicale.service" "radicale.service"
"dendrite.service" "dendrite.service"
"phpfpm-wallabag.service"
"grafana.service" "grafana.service"
"podman-openbooks.service" "podman-openbooks.service"
"podman-mqtt2prometheus.service" "podman-mqtt2prometheus.service"

1
scripts/motd.sh
View File

@ -23,7 +23,6 @@ services=(
"syncthing.service" "syncthing.service"
"radicale.service" "radicale.service"
"miniflux.service" "miniflux.service"
"phpfpm-wallabag.service"
"gitea.service" "gitea.service"
"dendrite.service" "dendrite.service"
"nginx.service" "nginx.service"

2
secrets/secrets.nix
View File

@ -19,4 +19,6 @@ in
"inadyn-porkbun.age".publicKeys = [ zion ]; "inadyn-porkbun.age".publicKeys = [ zion ];
"acme-duckdns.age".publicKeys = [ zion ]; "acme-duckdns.age".publicKeys = [ zion ];
"acme-porkbun.age".publicKeys = [ zion ]; "acme-porkbun.age".publicKeys = [ zion ];
"wallabag.age".publicKeys = [ zion ];
"wallabag-postgres.age".publicKeys = [ zion ];
} }

5
secrets/wallabag-postgres.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 iUaRGg zWm4+j3/IRqd3uZqGzXVcHvs+urNrvDMOceWKbpl018
HlIKCFYt7n3iKZav5i0YiB4awRMJML0XUowX8sKKH2c
--- ysvYVxgK1OeqCk8KdNF+uWsaQ9EzVRku7nw37aUAW3A
c³³b±W|bU¨B"®®Ôµ¹¼­ŒÀ<03>‡Uä Z@–ûå<05>QÚ£xå3þ<18>uh †¤ÃñÏ "Ù?Ÿ BïªþyÄFÌ|(Nut.¿À^Öa

BIN
secrets/wallabag.age Normal file
View File

Binary file not shown.