petersweb-infra/nixos/arion-riverside/arion-compose.nix
Philip Peterson 359292b497 fix nginx/arion/runner failures introduced by podman switch
- Break systemd ordering deadlock: nginx.after mkForce removes
  DNS-challenge ACME services (philippeterson, webdav) from nginx's
  After list, which was creating a cycle through nginx-config-reload
  back to HTTP-webroot ACME services that need nginx Before them.

- Fix arion services not finding podman socket: arion NixOS module
  sets backend=podman-socket but doesn't inject DOCKER_HOST; add
  explicit DOCKER_HOST=unix:///run/podman/podman.sock for all three
  arion projects.

- Fix gitea-runner startup race: add After/Wants on arion-forgejo so
  the runner doesn't try to register before Forgejo is up.

- Fix riverside image reference: pinned digest was stale after a
  re-push; switch to :latest.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 18:58:08 -08:00

53 lines
1.3 KiB
Nix

{ pkgs, ... }:
{
project.name = "riverside";
networks.riverside.external = false;
services = {
app = {
service = {
image = "forge.quinefoundation.com/ironmagma/riverside:latest";
container_name = "riverside";
restart = "unless-stopped";
networks = [ "riverside" ];
environment = {
DB_HOST = "postgres";
DB_NAME = "drupal";
DB_USER = "drupal";
DB_PASS = "drupal";
SITE_NAME = "Portfolio";
TRUSTED_HOST = "riverside.coldairnetworks.com";
};
volumes = [
"/var/riverside/files:/var/www/html/web/sites/default/files"
];
ports = [ "3011:80" ];
depends_on = [ "postgres" ];
};
};
postgres = {
service = {
image = "postgres:18-alpine";
container_name = "riverside-postgres";
restart = "unless-stopped";
networks = [ "riverside" ];
environment = {
POSTGRES_DB = "drupal";
POSTGRES_USER = "drupal";
POSTGRES_PASSWORD = "drupal";
};
volumes = [
"/var/riverside/postgres:/var/lib/postgresql"
];
healthcheck = {
test = [ "CMD-SHELL" "pg_isready -U drupal -d drupal" ];
interval = "5s";
timeout = "5s";
retries = 20;
};
};
};
};
}