{ pkgs, inputs, ... }: { imports = [ inputs.arion.nixosModules.arion ]; virtualisation.docker.enable = true; virtualisation.arion = { backend = "docker"; projects.penpot.settings = { networks.penpot.name = "penpot"; services = { "penpot-backend".service = { image = "penpotapp/backend:latest"; # NOTE: you have to change the owner of the assets folder to 1001:1001 # command: # chown -R 1001:1001 /penpot/assets volumes = [ "/penpot/assets:/opt/data/assets" ]; depends_on = [ "penpot-postgres" "penpot-redis" ]; networks = [ "penpot" ]; environment = { "PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc enable-smtp"; "PENPOT_PREPL_HOST" = "0.0.0.0"; "PENPOT_PUBLIC_URI" = "https://design.katzen.cafe"; "PENPOT_DATABASE_URI" = "postgresql://penpot-postgres/penpot"; "PENPOT_DATABASE_USERNAME" = "penpot"; "PENPOT_DATABASE_PASSWORD" = "penpot"; "PENPOT_REDIS_URI" = "redis://penpot-redis/0"; "PENPOT_ASSETS_STORAGE_BACKEND" = "assets-fs"; "PENPOT_STORAGE_ASSETS_FS_DIRECTORY" = "/opt/data/assets"; #"PENPOT_OIDC_NAME_ATTR" = "username"; "PENPOT_TELEMETRY_ENABLED" = "false"; "PENPOT_OIDC_CLIENT_ID" = "penpot"; "PENPOT_OIDC_BASE_URI" = "https://auth.katzen.cafe/realms/katzen.cafe/"; #"PENPOT_OIDC_" = ""; "PENPOT_SMTP_DEFAULT_FROM" = "Penpot "; "PENPOT_SMTP_DEFAULT_REPLY_TO" = "Penpot "; "PENPOT_SMTP_HOST" = "mail.katzen.cafe"; "PENPOT_SMTP_PORT" = "465"; "PENPOT_SMTP_USERNAME" = "noreply@katzen.cafe"; "PENPOT_SMTP_TLS" = "true"; # "PENPOT_SMTP_SSL" = "true"; }; env_file = [ "/var/lib/secrets/penpot-secrets" ]; }; "penpot-frontend".service = { image = "penpotapp/frontend:latest"; ports = [ "9001:80" ]; volumes = [ "/penpot/assets:/opt/data/assets" ]; depends_on = [ "penpot-backend" "penpot-exporter" ]; networks = [ "penpot" ]; environment = { "PENPOT_FLAGS" = "enable-registration disable-login disable-login-with-password enable-login-with-oidc"; }; }; "penpot-exporter".service = { image = "penpotapp/exporter:latest"; networks = [ "penpot" ]; environment = { "PENPOT_PUBLIC_URI" = "http://penpot-frontend"; "PENPOT_REDIS_URI" = "redis://penpot-redis/0"; }; }; "penpot-postgres".service = { image = "postgres:15"; stop_signal = "SIGINT"; volumes = [ "/penpot/postgres_v15:/var/lib/postgresql/data" ]; networks = [ "penpot" ]; environment = { "POSTGRES_INITDB_ARGS" = "--data-checksums"; "POSTGRES_DB" = "penpot"; "POSTGRES_USER" = "penpot"; "POSTGRES_PASSWORD" = "penpot"; }; }; "penpot-redis".service = { image = "redis:7"; networks = [ "penpot" ]; }; }; }; }; deployment.keys = { "penpot-secrets" = { keyCommand = [ "pass" "penpot/envfile" ]; destDir = "/var/lib/secrets"; }; }; }