- firewall.nix: allow DNS (UDP/TCP 53) from all podman bridge networks (10.89.0.0/16); NixOS only auto-adds a rule for podman0 but docker-compose arion stacks land on podman1/2/3 where container DNS was silently blocked - vnc-desktop/start.sh: rm stale /tmp/.X1-lock on container start so container restarts don't leave Xvnc unable to bind display :1 - linux.nix: TasksMax=infinity on arion-vnc-desktop so the systemd cgroup doesn't cap KDE Plasma's thread count below the container pids limit - arion-riverside/arion-compose.nix: add ADMIN_PASS env var required by the riverside entrypoint Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
project.name = "riverside";
|
|
|
|
networks.riverside.external = false;
|
|
|
|
services = {
|
|
app = {
|
|
service = {
|
|
image = "forge.quinefoundation.com/ironmagma/riverside:latest";
|
|
container_name = "riverside";
|
|
restart = "unless-stopped";
|
|
networks = [ "riverside" ];
|
|
environment = {
|
|
DB_HOST = "postgres";
|
|
DB_NAME = "drupal";
|
|
DB_USER = "drupal";
|
|
DB_PASS = "drupal";
|
|
SITE_NAME = "Portfolio";
|
|
TRUSTED_HOST = "riverside.coldairnetworks.com";
|
|
ADMIN_PASS = "admin";
|
|
};
|
|
volumes = [
|
|
"/var/riverside/files:/var/www/html/web/sites/default/files"
|
|
];
|
|
ports = [ "3011:80" ];
|
|
depends_on = [ "postgres" ];
|
|
};
|
|
};
|
|
|
|
postgres = {
|
|
service = {
|
|
image = "postgres:18-alpine";
|
|
container_name = "riverside-postgres";
|
|
restart = "unless-stopped";
|
|
networks = [ "riverside" ];
|
|
environment = {
|
|
POSTGRES_DB = "drupal";
|
|
POSTGRES_USER = "drupal";
|
|
POSTGRES_PASSWORD = "drupal";
|
|
};
|
|
volumes = [
|
|
"/var/riverside/postgres:/var/lib/postgresql"
|
|
];
|
|
healthcheck = {
|
|
test = [ "CMD-SHELL" "pg_isready -U drupal -d drupal" ];
|
|
interval = "5s";
|
|
timeout = "5s";
|
|
retries = 20;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|