{ pkgs, inputs, ... }: { imports = [ inputs.arion.nixosModules.arion ]; virtualisation.docker.enable = true; virtualisation.arion = { backend = "docker"; projects.penpot.settings = { networks.penpot.name = "penpot"; services = { "penpot-backend".service = { image = "penpotapp/backend:latest"; # NOTE: you have to change the owner of the assets folder to 1001:1001 # command: # chown -R 1001:1001 /penpot/assets volumes = [ "/penpot/assets:/opt/data/assets" ]; depends_on = [ "penpot-postgres" "penpot-redis" ]; networks = [ "penpot" ]; environment = { "PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc"; "PENPOT_PREPL_HOST" = "0.0.0.0"; "PENPOT_PUBLIC_URI" = "https://design.katzen.cafe"; "PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot"; "PENPOT_DATABASE_USERNAME" = "penpot"; "PENPOT_DATABASE_PASSWORD" = "penpot"; "PENPOT_REDIS_URI" = "redis://penpot-redis/0"; "PENPOT_ASSETS_STORAGE_BACKEND" = "assets-fs"; "PENPOT_STORAGE_ASSETS_FS_DIRECTORY" = "/opt/data/assets"; #"PENPOT_OIDC_NAME_ATTR" = "username"; "PENPOT_TELEMETRY_ENABLED" = "false"; "PENPOT_OIDC_CLIENT_ID" = "penpot"; "PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/katzen.cafe/"; #"PENPOT_OIDC_" = ""; #"PENPOT_SMTP_DEFAULT_FROM" = "Penpot "; #"PENPOT_SMTP_DEFAULT_REPLY_TO" = "Penpot "; #"PENPOT_SMTP_HOST" = "smtp.migadu.com"; #"PENPOT_SMTP_PORT" = "587"; #"PENPOT_SMTP_USERNAME" = "noreply-pp@schrottkatze.de"; #"PENPOT_SMTP_PASSWORD" = "${builtins.readFile ../secret-data/penpot-smtp-pass}"; #"PENPOT_SMTP_TLS" = "true"; #"PENPOT_SMTP_SSL" = "false"; }; env_file = [ "/penpot/secret/oidcPpSecret" ]; }; "penpot-frontend".service = { image = "penpotapp/frontend:latest"; ports = [ "9001:80" ]; volumes = [ "/penpot/assets:/opt/data/assets" ]; depends_on = [ "penpot-backend" "penpot-exporter" ]; networks = [ "penpot" ]; environment = { "PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc"; }; }; "penpot-exporter".service = { image = "penpotapp/exporter:latest"; networks = [ "penpot" ]; environment = { "PENPOT_PUBLIC_URI" = "http://penpot-frontend"; "PENPOT_REDIS_URI" = "redis://penpot-redis/0"; }; }; "penpot-postgres".service = { image = "postgres:15"; stop_signal = "SIGINT"; volumes = [ "/penpot/postgres_v15:/var/lib/postgresql/data" ]; networks = [ "penpot" ]; environment = { "POSTGRES_INITDB_ARGS" = "--data-checksums"; "POSTGRES_DB" = "penpot"; "POSTGRES_USER" = "penpot"; "POSTGRES_PASSWORD" = "penpot"; }; }; "penpot-redis".service = { image = "redis:7"; networks = [ "penpot" ]; }; }; }; }; deployment.keys = { "oidcPpSecret" = { keyCommand = [ "cat" "/home/jade/keys-tmp/penpot-keycloak-secret" ]; destDir = "/penpot/secret/"; }; }; }