NixOS/system/podman/openobserve.nix

55 lines
1.4 KiB
Nix
Raw Normal View History

{ config, lib, ... }:
let
name = "openobserve";
podman = config.profile.podman;
inherit (lib) mkIf;
ip = "10.88.99.1";
image = "public.ecr.aws/zinclabs/openobserve:latest";
rootVolume = "/nas/podman/openobserve";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
2024-11-24 21:49:24 +07:00
services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id";
forceSSL = true;
locations."/" = {
proxyPass = "http://${ip}:5080";
proxyWebsockets = true;
};
};
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/data
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/data
'';
sops.secrets."openobserve/env".sopsFile = ../../secrets/openobserve.yaml;
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
ZO_DATA_DIR = "/data";
ZO_WEB_URL = "https://${domain}";
};
volumes = [ "${rootVolume}/data:/data" ];
extraOptions = [
"--network=podman"
"--ip=${ip}"
];
environmentFiles = [ config.sops.secrets."openobserve/env".path ];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}