1
1
Fork 0
nixos/options/custom/containers/netbox/default.nix
Myned 16c295d7c1
nix: use tmpfiles.settings instead of rules
Signed-off-by: Myned <dev@bjork.tech>
2024-12-06 19:48:23 -06:00

94 lines
3.1 KiB
Nix

{
config,
inputs,
lib,
...
}:
with lib; let
cfg = config.custom.containers.netbox;
in {
options.custom.containers.netbox.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let
secret = filename: {
file = "${inputs.self}/secrets/${filename}";
};
in {
"${config.custom.profile}/netbox/.env" = secret "${config.custom.profile}/netbox/.env";
"${config.custom.profile}/netbox/cache.env" = secret "${config.custom.profile}/netbox/cache.env";
"${config.custom.profile}/netbox/db.env" = secret "${config.custom.profile}/netbox/db.env";
};
#?? arion-netbox pull
environment.shellAliases.arion-netbox = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.netbox.settings.out.dockerComposeYaml}";
# https://github.com/netbox-community/netbox-docker
# https://github.com/netbox-community/netbox-docker/blob/release/docker-compose.yml
virtualisation.arion.projects.netbox.settings.services = let
netbox = {
container_name = "netbox";
depends_on = ["cache" "db"];
env_file = [config.age.secrets."${config.custom.profile}/netbox/.env".path];
image = "localhost/netbox"; # Built image
restart = "unless-stopped";
user = "unit:root";
volumes = ["${config.custom.containers.directory}/netbox/media:/opt/netbox/netbox/media"];
};
in {
netbox.service =
netbox
// {
ports = ["8585:8080"];
# https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
#!! Context modifications require a rebuild
#?? arion-netbox build --no-cache
build.context = "${./.}";
};
housekeeping.service =
netbox
// {
container_name = "netbox-housekeeping";
command = ["/opt/netbox/housekeeping.sh"];
depends_on = ["netbox"];
};
worker.service =
netbox
// {
container_name = "netbox-worker";
command = ["/opt/netbox/venv/bin/python" "/opt/netbox/netbox/manage.py" "rqworker"];
depends_on = ["netbox"];
};
cache.service = {
container_name = "netbox-cache";
command = ["sh" "-c" "valkey-server --requirepass $$REDIS_PASSWORD"];
env_file = [config.age.secrets."${config.custom.profile}/netbox/cache.env".path];
image = "docker.io/valkey/valkey:8.0";
restart = "unless-stopped";
};
db.service = {
container_name = "netbox-db";
env_file = [config.age.secrets."${config.custom.profile}/netbox/db.env".path];
image = "docker.io/postgres:16";
restart = "unless-stopped";
volumes = ["${config.custom.containers.directory}/netbox/db:/var/lib/postgresql/data"];
};
};
#!! Required for correct volume permissions
systemd.tmpfiles.settings."10-netbox" = {
"${config.custom.containers.directory}/netbox/media" = {
z = {
mode = "0770";
user = "999"; # unit
group = "root";
};
};
};
};
}