2021-04-12 01:44:10 +01:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
2021-12-26 19:00:59 +00:00
|
|
|
users = {
|
|
|
|
extraUsers.webserver = {
|
|
|
|
uid = config.ids.uids.webserver;
|
|
|
|
group = config.users.extraGroups.webserver.name;
|
|
|
|
isSystemUser = true;
|
|
|
|
description = "tlater.net web server user";
|
|
|
|
};
|
|
|
|
extraGroups.webserver = { gid = config.ids.gids.webserver; };
|
2021-04-19 00:39:33 +01:00
|
|
|
};
|
|
|
|
|
2021-04-12 01:44:10 +01:00
|
|
|
virtualisation.oci-containers.containers.webserver = {
|
|
|
|
image = "tlaternet/webserver";
|
|
|
|
|
|
|
|
imageFile = pkgs.dockerTools.buildImage {
|
|
|
|
name = "tlaternet/webserver";
|
|
|
|
tag = "latest";
|
|
|
|
contents = pkgs.tlaternet-webserver.webserver;
|
|
|
|
|
2021-04-19 00:39:33 +01:00
|
|
|
config = let
|
2021-12-26 19:00:59 +00:00
|
|
|
uid = toString config.users.extraUsers.webserver.uid;
|
|
|
|
gid = toString config.users.extraGroups.webserver.gid;
|
2021-04-19 00:39:33 +01:00
|
|
|
in {
|
2021-04-12 01:44:10 +01:00
|
|
|
Cmd = [ "tlaternet-webserver" ];
|
|
|
|
Volumes = { "/srv/mail" = { }; };
|
|
|
|
Env = [
|
2021-04-19 00:39:33 +01:00
|
|
|
"ROCKET_PORT=3002"
|
2021-04-12 01:44:10 +01:00
|
|
|
"ROCKET_TEMPLATE_DIR=${pkgs.tlaternet-templates.templates}/browser/"
|
|
|
|
];
|
2021-04-19 00:39:33 +01:00
|
|
|
ExposedPorts = { "3002" = { }; };
|
|
|
|
User = "${uid}:${gid}";
|
2021-04-12 01:44:10 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2021-04-19 00:39:33 +01:00
|
|
|
ports = [ "3002:3002" ];
|
2021-04-12 01:44:10 +01:00
|
|
|
volumes = [ "tlaternet-mail:/srv/mail" ];
|
2021-05-17 00:18:51 +01:00
|
|
|
extraOptions = [
|
|
|
|
"--hostname=tlater.net"
|
|
|
|
# Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible.
|
|
|
|
"--stop-signal=SIGKILL"
|
|
|
|
];
|
2021-04-12 01:44:10 +01:00
|
|
|
};
|
|
|
|
}
|