Migrated from multi repos to monorepo architecture.

2026-05-02 12:52:08 +02:00
parent 72668492f5
commit 73adb395c0
218 changed files with 9639 additions and 57 deletions
@@ -0,0 +1,112 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  # Container config
+  name = "passbolt";
+  # Version tagging
+  passboltVersion = "5.9.0-1-ce-non-root";
+  databaseVersion = "12.2";
+  # Storage optimization
+  spindown = config.numbus-server.hardware.HddSpindown;
+  optimizedDir = if spindown.enable && (spindown.optimize == "compatible" || (isList spindown.optimize && elem name spindown.optimize))
+    then cfg.configDir
+    else cfg.dataDir;
+  # Helper
+  helper = import ../service-helper.nix { inherit config pkgs lib; };
+  cfg = config.numbus-server.services.passbolt;
+in
+
+helper.mkPodmanService {
+  inherit name;
+  description = "Passbolt, your password manager";
+  defaultPort = "4433";
+  scheme = "https";
+  dataDirEnabled = false;
+  middlewares = [ "secureHeaders" ];
+  dirPermissions = [
+    "100032:100 ${cfg.configDir}"
+    "100032:100 ${cfg.configDir}/gpg"
+    "100032:100 ${cfg.configDir}/jwt"
+    "100999:100 ${cfg.configDir}/database"
+  ];
+  secrets = [
+    "passbolt/db_name"
+    "passbolt/db_username"
+    "passbolt/db_password"
+  ];
+
+# Compose file good
+  composeText = ''
+    services:
+      passbolt-server:
+        image: docker.io/passbolt/passbolt:${passboltVersion}
+        container_name: passbolt-server
+        hostname: passbolt-server
+        user: '33:33'
+        networks:
+          passbolt:
+        ports:
+          - "${cfg.port}:4433/tcp"
+        volumes:
+          - ${cfg.configDir}/gpg:/etc/passbolt/gpg
+          - ${cfg.configDir}/jwt:/etc/passbolt/jwt
+        environment:
+          APP_DEFAULT_TIMEZONE: ${config.time.timeZone}
+          APP_FULL_BASE_URL: https://${cfg.subdomain}.${config.numbus-server.services.domain}
+          DATASOURCES_DEFAULT_HOST: "passbolt-database"
+          DATASOURCES_DEFAULT_USERNAME: ${config.sops.placeholder."passbolt/db_username"}
+          DATASOURCES_DEFAULT_PASSWORD: ${config.sops.placeholder."passbolt/db_password"}
+          DATASOURCES_DEFAULT_DATABASE: ${config.sops.placeholder."passbolt/db_name"}
+          EMAIL_DEFAULT_FROM_NAME: "Passbolt"
+          EMAIL_TRANSPORT_DEFAULT_HOST: ${config.numbus-server.mail.smtpServer}
+          EMAIL_TRANSPORT_DEFAULT_PORT: ${toString config.numbus-server.mail.smtpPort}
+          EMAIL_TRANSPORT_DEFAULT_USERNAME: ${config.numbus-server.mail.smtpUsername}
+          EMAIL_TRANSPORT_DEFAULT_PASSWORD: ${config.sops.placeholder."mail/smtpPassword"}
+          EMAIL_TRANSPORT_DEFAULT_TLS: true
+          EMAIL_DEFAULT_FROM: passbolt-noreply@${config.numbus-server.services.domain}
+          PASSBOLT_SSL_FORCE: true
+        command:
+          [
+            "/usr/bin/wait-for.sh",
+            "-t",
+            "0",
+            "passbolt-database:3306",
+            "--",
+            "/docker-entrypoint.sh"
+          ]
+        depends_on:
+          - passbolt-database
+        security_opt:
+          - no-new-privileges:true
+        cap_drop:
+          - NET_RAW
+        restart: unless-stopped
+
+      passbolt-database:
+        image: docker.io/library/mariadb:${databaseVersion}
+        container_name: passbolt-database
+        hostname: passbolt-database
+        user: '1000:1000'
+        networks:
+          passbolt:
+        volumes:
+          - ${cfg.configDir}/database:/var/lib/mysql
+        environment:
+          MYSQL_RANDOM_ROOT_PASSWORD: "true"
+          MYSQL_DATABASE: ${config.sops."passbolt/db_name"}
+          MYSQL_USER: ${config.sops."passbolt/db_username"}
+          MYSQL_PASSWORD: ${config.sops."passbolt/db_password"}
+        security_opt:
+          - no-new-privileges:true
+        cap_drop:
+          - NET_RAW
+        restart: unless-stopped
+
+    networks:
+      passbolt:
+        name: passbolt
+        driver: bridge
+  '';
+}