sheran · July 31, 2023 07:32
diff --git a/userdata.yml b/userdata.yml
 #cloud-config
 write_files:
 - path: /etc/nixos/host.nix
  permissions: '0644'
  content: |
    { config, pkgs, ... }:
    {
      networking.firewall = {
          enable = true;
          allowedTCPPorts = [ 22 80 443 ];
          interfaces.podman1 = {
            allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
          };
        };
        
        # we enable and use podman - very similar to docker
        virtualisation.podman.enable = true;
        virtualisation.oci-containers.backend = "podman";
        
        # we create a systemd service so that we can create a single "pod"
        # for our containers to live inside of. This will mimic how docker compose
        # creates one network for the containers to live inside of
        systemd.services.create-wordpress-network = with config.virtualisation.oci-containers; {
          serviceConfig.Type = "oneshot";
          wantedBy = [ "${backend}-wordpress.service" "${backend}-db.service" ];
          script = ''
            ${pkgs.podman}/bin/podman network exists wp-net || \
            ${pkgs.podman}/bin/podman network create wp-net
            '';
        };


        # here we define the containers for setting up wordpress
        # when using oci-containers systemd will start them off at boot time
        virtualisation.oci-containers.containers = {
          wordpress = {
            image = "wordpress";
            volumes = [ "wordpress:/var/www/html" ];
            autoStart = true;
            ports = [ "80:80" ];
            environment = {
              WORDPRESS_DB_HOST = "db";
              WORDPRESS_DB_USER = "exampleuser";
              WORDPRESS_DB_PASSWORD = "examplepass";
              WORDPRESS_DB_NAME = "exampledb";
            };
            extraOptions = [ "--network=wp-net" ];
          };
          db = {
            image = "mysql:latest";
            volumes = ["db:/var/lib/mysql"];
            autoStart = true;
            environment = {
              MYSQL_DATABASE = "exampledb";
              MYSQL_USER = "exampleuser";
              MYSQL_PASSWORD = "examplepass";
              MYSQL_RANDOM_ROOT_PASSWORD = "1";
            };
            extraOptions = [ "--network=wp-net" ];
          };
        };
    }
 runcmd:
 - curl https://raw.githubusercontent.com/sheran/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log
	#cloud-config
	write_files:
	- path: /etc/nixos/host.nix
	permissions: '0644'
	content: \|
	{ config, pkgs, ... }:
	{
	networking.firewall = {
	enable = true;
	allowedTCPPorts = [ 22 80 443 ];
	interfaces.podman1 = {
	allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
	};
	};

	# we enable and use podman - very similar to docker
	virtualisation.podman.enable = true;
	virtualisation.oci-containers.backend = "podman";

	# we create a systemd service so that we can create a single "pod"
	# for our containers to live inside of. This will mimic how docker compose
	# creates one network for the containers to live inside of
	systemd.services.create-wordpress-network = with config.virtualisation.oci-containers; {
	serviceConfig.Type = "oneshot";
	wantedBy = [ "${backend}-wordpress.service" "${backend}-db.service" ];
	script = ''
	${pkgs.podman}/bin/podman network exists wp-net \|\| \
	${pkgs.podman}/bin/podman network create wp-net
	'';
	};


	# here we define the containers for setting up wordpress
	# when using oci-containers systemd will start them off at boot time
	virtualisation.oci-containers.containers = {
	wordpress = {
	image = "wordpress";
	volumes = [ "wordpress:/var/www/html" ];
	autoStart = true;
	ports = [ "80:80" ];
	environment = {
	WORDPRESS_DB_HOST = "db";
	WORDPRESS_DB_USER = "exampleuser";
	WORDPRESS_DB_PASSWORD = "examplepass";
	WORDPRESS_DB_NAME = "exampledb";
	};
	extraOptions = [ "--network=wp-net" ];
	};
	db = {
	image = "mysql:latest";
	volumes = ["db:/var/lib/mysql"];
	autoStart = true;
	environment = {
	MYSQL_DATABASE = "exampledb";
	MYSQL_USER = "exampleuser";
	MYSQL_PASSWORD = "examplepass";
	MYSQL_RANDOM_ROOT_PASSWORD = "1";
	};
	extraOptions = [ "--network=wp-net" ];
	};
	};
	}
	runcmd:
	- curl https://raw.githubusercontent.com/sheran/nixos-infect/master/nixos-infect \| PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>&1 \| tee /tmp/infect.log