Install microboard in docker

2024-09-19 19:30:28 +05:00 · 2023-08-22 10:50:50 +05:00 · 2023-08-22 10:50:50 +05:00 · 874cef2ca1
parent f738ec8e25
commit 874cef2ca1
4 changed files with 34 additions and 29 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -20,6 +20,7 @@
    ./programs/maddy.nix
    ./programs/plausible.nix
    ./programs/clickhouse.nix
+    ./programs/docker.nix
    ./programs/microboard.nix
  ];

--- a/nixos/programs/docker.nix
+++ b/nixos/programs/docker.nix
@ -0,0 +1,12 @@
+{ config, ... }:
+{
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "btrfs";
+    autoPrune.enable = true;
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+  };
+}
--- a/nixos/programs/microboard.nix
+++ b/nixos/programs/microboard.nix
@ -3,34 +3,15 @@ let
  dataDir = "/var/lib/microboard";
 in
 {
-  systemd.services.microboard = {
-    description = "Microboard engine";
-    wantedBy = ["multi-user.target"];
-
-    environment = {
-      MB_LOGLEVEL = "warning";
-      MB_UPLOADDIR = "${ dataDir }/uploads";
-      MB_PREVIEWDIR = "${ dataDir }/previews";
-      MB_DBHOST = "/run/postgresql";
-      MB_DBUSER = "microboard";
-      MB_DBNAME = "microboard";
-    };
-
-    serviceConfig = {
-      User = "microboard";
-      Group = "microboard";
-      ExecStart = "${ dataDir }/microboard";
-      Restart = "on-failure";
-      Type = "exec";
-      WorkingDirectory = dataDir;
-
-      # Security Hardening
-      LockPersonality = true;
-      NoNewPrivileges = true;
-      ProtectSystem = "strict";
-      ReadWritePaths = [ dataDir ];
-      RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
-      RestrictSUIDSGID = true;
-    };
+  virtualisation.oci-containers.containers.microboard = {
+    autoStart = true;
+    image = "ghcr.io/ordinary-dev/microboard:v0.0.4";
+    environmentFiles = "/var/lib/microboard/.env";
+    ports = ["55006:8080"];
+    user = "microboard:microboard";
+    volumes = [
+      "/var/lib/microboard:/app"
+      "/run/postgresql:/run/postgresql"
+    ];
  };
 }
--- a/nixos/programs/nginx.nix
+++ b/nixos/programs/nginx.nix
@ -68,6 +68,17 @@ in {
          };
        };
      };
+      
+      # Microboard
+      "0ch.space" = {
+        useACMEHost = "0ch.space";
+        forceSSL = true;
+        locations = {
+          "/" = {
+            proxyPass = "http://127.0.0.1:55006";
+          };
+        };
+      };

      # Mail: MTA-STS
      "mta-sts.comfycamp.space" = {