move

2026-01-14 16:55:00 +01:00 · 2025-08-03 00:41:37 +02:00 · 2025-08-03 00:41:37 +02:00 · 0949cba7be
commit 0949cba7be
parent f456a5c626
92 changed files with 19 additions and 58 deletions
--- a/nix/apps/openolat/default.nix
+++ b/nix/apps/openolat/default.nix
@ -0,0 +1,72 @@
+{ config, lib, pkgs, ... }:
+let
+  dockerLogin = {
+    registry = "docker.noratrieb.dev";
+    username = "nils";
+    passwordFile = config.age.secrets.docker_registry_password.path;
+  };
+in
+{
+  age.secrets.openolat_db_password.file = ../../secrets/openolat_db_password.age;
+
+  virtualisation.oci-containers.containers = {
+    openolat = {
+      image = "docker.noratrieb.dev/openolat:69b3c8b6";
+      volumes = [
+        "/var/lib/openolat/files:/home/openolat/olatdata"
+        "${./extra-properties.properties}:/home/openolat/extra-properties.properties"
+      ];
+      ports = [ "127.0.0.1:5011:8088" ];
+      environment = {
+        # DB_PASSWORD = from openolat_db_password
+        DB_URL = "jdbc:postgresql://openolat-db:5432/oodb";
+        EXTRA_PROPERTIES = "/home/openolat/extra-properties.properties";
+        OLAT_HOST = "olat.noratrieb.dev";
+      };
+      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
+      extraOptions = [ "--network=openolat" ];
+
+      dependsOn = [ "openolat-db" ];
+      login = dockerLogin;
+    };
+
+    openolat-db = {
+      image = "postgres:15";
+      volumes = [ "/var/lib/openolat/db:/var/lib/postgresql/data" ];
+      environment = {
+        POSTGRES_DB = "oodb";
+        POSTGRES_USER = "oodbu";
+        # POSTGRES_PASSWORD = from openolat_db_password
+        PGDATA = "/var/lib/postgresql/data/pgdata";
+      };
+      extraOptions = [ "--network=openolat" ];
+      environmentFiles = [ config.age.secrets.openolat_db_password.path ];
+    };
+  };
+
+  services.custom-backup.jobs = [
+    {
+      app = "openolat-db";
+      pgDump = {
+        containerName = "openolat-db";
+        dbName = "oodb";
+        userName = "oodbu";
+      };
+    }
+  ];
+
+  # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/
+  systemd.services.init-openolat-podman-network = {
+    description = "Create the network bridge for openolat.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      	${lib.getExe pkgs.podman} network create openolat || true
+      	'';
+  };
+  system.activationScripts.makeOpenolatDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/openolat/db
+    mkdir -p /var/lib/openolat/files
+  '';
+}