diff --git a/nixos/arion-pluto/arion-compose.nix b/nixos/arion-pluto/arion-compose.nix new file mode 100644 index 0000000..7c1cb5e --- /dev/null +++ b/nixos/arion-pluto/arion-compose.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +{ + project.name = "pluto"; + + networks.pluto.external = false; + + services = { + app = { + service = { + image = "julia:1.11"; + container_name = "pluto"; + restart = "unless-stopped"; + networks = [ "pluto" ]; + command = [ + "sh" "-c" + "julia -e 'using Pkg; Pkg.add(\"Pluto\"); import Pluto; Pluto.run(host=\"0.0.0.0\", port=1234, launch_browser=false)'" + ]; + volumes = [ + "/var/pluto/notebooks:/notebooks" + "/var/pluto/julia-depot:/root/.julia" + ]; + environment = { + JULIA_NUM_THREADS = "auto"; + }; + ports = [ "127.0.0.1:1234:1234" ]; + }; + }; + }; +} diff --git a/nixos/arion-pluto/arion-pkgs.nix b/nixos/arion-pluto/arion-pkgs.nix new file mode 100644 index 0000000..1d16305 --- /dev/null +++ b/nixos/arion-pluto/arion-pkgs.nix @@ -0,0 +1,3 @@ +import { + system = "x86_64-linux"; +} diff --git a/nixos/linux.nix b/nixos/linux.nix index b7fdde7..92b10de 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -163,6 +163,7 @@ in { backend = "podman-socket"; projects.forgejo.settings = import ./arion/arion-compose.nix; projects.riverside.settings = import ./arion-riverside/arion-compose.nix; + projects.pluto.settings = import ./arion-pluto/arion-compose.nix; }; # The arion NixOS module sets backend = "podman-socket" but doesn't inject @@ -170,6 +171,7 @@ in { # (no daemon). Point it at the podman-compatible socket instead. systemd.services.arion-forgejo.environment.DOCKER_HOST = "unix:///run/podman/podman.sock"; systemd.services.arion-riverside.environment.DOCKER_HOST = "unix:///run/podman/podman.sock"; + systemd.services.arion-pluto.environment.DOCKER_HOST = "unix:///run/podman/podman.sock"; # Build the VNC desktop image locally from the Dockerfile — no registry push/pull needed. # vncContext is a Nix store path that changes whenever any file under vnc-desktop/ changes, @@ -237,6 +239,8 @@ in { systemd.tmpfiles.rules = [ "d /home/ironmagma/.config 0755 ${username} users" "d /root/.config 0755 ${username} users" + "d /var/pluto/notebooks 0755 root root" + "d /var/pluto/julia-depot 0755 root root" "d /var/riverside/files 0755 root root" "d /var/riverside/postgres 0755 root root" "d /var/lib/gitea-runner/ubuntu 0755 gitea-runner gitea-runner" @@ -420,6 +424,12 @@ in { environmentFile = config.age.secrets."nearlyfreespeech".path; webroot = null; }; + + certs."pluto.philippeterson.com" = { + dnsProvider = "nearlyfreespeech"; + environmentFile = config.age.secrets."nearlyfreespeech".path; + webroot = null; + }; }; # Break the systemd ordering cycle that deadlocks nixos-rebuild switch. @@ -442,5 +452,6 @@ in { "acme-selfsigned-riverside.coldairnetworks.com.service" "acme-selfsigned-vnc.quinefoundation.com.service" "acme-selfsigned-webdav.philippeterson.com.service" + "acme-selfsigned-pluto.philippeterson.com.service" ]; }