fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

rallly: build from source now + removed podman

Browse source 
thank you for the nerdsnipe @rasmus
This commit is contained in:
eyjhb 2025-03-02 12:23:21 +01:00
parent c2703447c7
commit dd5a97ce13
Signed by: eyjhb
GPG key ID: 609F508E3239F920
7 changed files with 27175 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

83
machines/gerd/services/rallly.nix
View file

@ -12,30 +12,21 @@ let
internal_port = port;
rally_version = "3.11";
ralllyPkgs = pkgs.callPackage ./../../../shared/pkgs/rallly {};
in {
# setup container
virtualisation.oci-containers.containers.rallly = {
autoStart = true;
image = "lukevella/rallly:${rally_version}";
systemd.services.rallly = {
description = "rallly";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
podman.user = user;
extraOptions = let
uid = config.users.users."${user}".uid;
gid = config.users.groups."${group}".gid;
in [
"--userns=keep-id:uid=${builtins.toString uid},gid=${builtins.toString gid}"
# TODO(eyJhb): required, otherwise rallly container cannot access authelia well-known openid configuration
"--network=host"
];
environmentFiles = [
config.age.secrets.rallly-env.path
];
environment = {
environment = let
rallly-prisma-engines = ralllyPkgs.passthru.rallly-prisma-engines;
in rec {
PORT = builtins.toString internal_port;
DATABASE_URL = "postgresql://${user}@localhost/${user}?host=${psqlSocket}";
NEXT_PUBLIC_BASE_URL = "https://${svc_domain}";
NEXTAUTH_URL = NEXT_PUBLIC_BASE_URL;
# SECRET_PASSWORD = "specified-in-env";
# limit signup even further
@ -55,16 +46,29 @@ in {
OIDC_DISCOVERY_URL = "https://${config.mine.shared.settings.authelia.domain}/.well-known/openid-configuration";
OIDC_CLIENT_ID = "rallly";
# OIDC_CLIENT_SECRET = "specified-in-env";
# prisma things
PRISMA_SCHEMA_ENGINE_BINARY = "${rallly-prisma-engines}/bin/schema-engine";
PRISMA_QUERY_ENGINE_BINARY = "${rallly-prisma-engines}/bin/query-engine";
PRISMA_QUERY_ENGINE_LIBRARY = "${rallly-prisma-engines}/lib/libquery_engine.node";
PRISMA_INTROSPECTION_ENGINE_BINARY = "${rallly-prisma-engines}/bin/introspection-engine";
PRISMA_FMT_BINARY = "${rallly-prisma-engines}/bin/prisma-fmt";
};
volumes = [
"${psqlSocket}:${psqlSocket}"
];
path = [ pkgs.openssl ];
# TODO(eyJhb): likely not needed, because of the tmp network=host
ports = [
"127.0.0.1:${builtins.toString port}:${builtins.toString internal_port}"
];
serviceConfig = {
ExecStartPre = "${ralllyPkgs}/bin/rallly-prisma migrate deploy";
ExecStart = "${ralllyPkgs}/bin/rallly";
EnvironmentFile = [ config.age.secrets.rallly-env.path ];
CacheDirectory = "rallly";
CacheDirectoryMode = "0750";
DynamicUser = true;
Restart = "always";
};
};
# setup postgresql
@ -81,17 +85,6 @@ in {
"${svc_name}" = llib.mkProvisionUserSystem "${svc_name}" config.age.secrets.rallly-ldap-pass.path;
});
# give rallly user access to the secrets
age.secrets.rallly-env.owner = user;
# setup users
users.users."${user}" = {
isNormalUser = true;
group = group;
uid = 1001;
};
users.groups."${group}".gid = 974;
# authelia
services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
client_id = "rallly";
@ -122,20 +115,18 @@ in {
};
};
# meta information!
mine.shared.meta.rallly = {
name = "Rallly";
description = ''Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier. Please do not try to use the register or normal login, only try to sign in using the SSO method. '';
url = "https://${svc_domain}";
package = {
name = "rallly";
version = "v${rally_version}";
meta = with lib; {
description = "Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier.";
license = licenses.agpl3Plus;
homepage = "https://github.com/lukevella/rallly";
platforms = platforms.all;
};
package = let
pkg = ralllyPkgs;
in {
name = pkg.pname;
version = pkg.version;
meta = pkg.meta;
};
};
}