numbus/Numbus
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
Files
73adb395c05f227c498ecf5aad994d92c6c3d8fe
Numbus/modules/backup/services/applications/passbolt.nix
T
Raphaël Numbus 73adb395c0 Migrated from multi repos to monorepo architecture.
2026-05-02 12:52:08 +02:00

112 lines
3.6 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
with lib;
let
# Container config
name = "passbolt";
# Version tagging
passboltVersion = "5.9.0-1-ce-non-root";
databaseVersion = "12.2";
# Storage optimization
spindown = config.numbus-server.hardware.HddSpindown;
optimizedDir = if spindown.enable && (spindown.optimize == "compatible" || (isList spindown.optimize && elem name spindown.optimize))
then cfg.configDir
else cfg.dataDir;
# Helper
helper = import ../service-helper.nix { inherit config pkgs lib; };
cfg = config.numbus-server.services.passbolt;
in
helper.mkPodmanService {
inherit name;
description = "Passbolt, your password manager";
defaultPort = "4433";
scheme = "https";
dataDirEnabled = false;
middlewares = [ "secureHeaders" ];
dirPermissions = [
"100032:100 ${cfg.configDir}"
"100032:100 ${cfg.configDir}/gpg"
"100032:100 ${cfg.configDir}/jwt"
"100999:100 ${cfg.configDir}/database"
];
secrets = [
"passbolt/db_name"
"passbolt/db_username"
"passbolt/db_password"
];
# Compose file good
composeText = ''
services:
passbolt-server:
image: docker.io/passbolt/passbolt:${passboltVersion}
container_name: passbolt-server
hostname: passbolt-server
user: '33:33'
networks:
passbolt:
ports:
- "${cfg.port}:4433/tcp"
volumes:
- ${cfg.configDir}/gpg:/etc/passbolt/gpg
- ${cfg.configDir}/jwt:/etc/passbolt/jwt
environment:
APP_DEFAULT_TIMEZONE: ${config.time.timeZone}
APP_FULL_BASE_URL: https://${cfg.subdomain}.${config.numbus-server.services.domain}
DATASOURCES_DEFAULT_HOST: "passbolt-database"
DATASOURCES_DEFAULT_USERNAME: ${config.sops.placeholder."passbolt/db_username"}
DATASOURCES_DEFAULT_PASSWORD: ${config.sops.placeholder."passbolt/db_password"}
DATASOURCES_DEFAULT_DATABASE: ${config.sops.placeholder."passbolt/db_name"}
EMAIL_DEFAULT_FROM_NAME: "Passbolt"
EMAIL_TRANSPORT_DEFAULT_HOST: ${config.numbus-server.mail.smtpServer}
EMAIL_TRANSPORT_DEFAULT_PORT: ${toString config.numbus-server.mail.smtpPort}
EMAIL_TRANSPORT_DEFAULT_USERNAME: ${config.numbus-server.mail.smtpUsername}
EMAIL_TRANSPORT_DEFAULT_PASSWORD: ${config.sops.placeholder."mail/smtpPassword"}
EMAIL_TRANSPORT_DEFAULT_TLS: true
EMAIL_DEFAULT_FROM: passbolt-noreply@${config.numbus-server.services.domain}
PASSBOLT_SSL_FORCE: true
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"passbolt-database:3306",
"--",
"/docker-entrypoint.sh"
]
depends_on:
- passbolt-database
security_opt:
- no-new-privileges:true
cap_drop:
- NET_RAW
restart: unless-stopped
passbolt-database:
image: docker.io/library/mariadb:${databaseVersion}
container_name: passbolt-database
hostname: passbolt-database
user: '1000:1000'
networks:
passbolt:
volumes:
- ${cfg.configDir}/database:/var/lib/mysql
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: ${config.sops."passbolt/db_name"}
MYSQL_USER: ${config.sops."passbolt/db_username"}
MYSQL_PASSWORD: ${config.sops."passbolt/db_password"}
security_opt:
- no-new-privileges:true
cap_drop:
- NET_RAW
restart: unless-stopped
networks:
passbolt:
name: passbolt
driver: bridge
'';
}
Reference in New Issue View Git Blame Copy Permalink