From 4c950c957770075484a1c15c865a813bec1977db Mon Sep 17 00:00:00 2001
From: Grimmauld <soeren@benjos.de>
Date: Tue, 30 Jan 2024 18:43:58 +0100
Subject: [PATCH] ptero docker with borked networking

---
 flake.lock            |  12 ++--
 flake.nix             |   1 +
 modules/nextcloud.nix |  11 ++--
 modules/ptero.nix     | 134 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 146 insertions(+), 12 deletions(-)
 create mode 100644 modules/ptero.nix

diff --git a/flake.lock b/flake.lock
index 96ff680..1a10313 100644
--- a/flake.lock
+++ b/flake.lock
@@ -202,11 +202,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1706098335,
-        "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
+        "lastModified": 1706373441,
+        "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
+        "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867",
         "type": "github"
       },
       "original": {
@@ -233,11 +233,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1706191920,
-        "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
+        "lastModified": 1706371002,
+        "narHash": "sha256-dwuorKimqSYgyu8Cw6ncKhyQjUDOyuXoxDTVmAXq88s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
+        "rev": "c002c6aa977ad22c60398daaa9be52f2203d0006",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 5cbe25c..ee1828c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,6 +41,7 @@
           ./modules/discord-matrix-bridge.nix
           ./modules/mastodon.nix
           ./modules/folding.nix
+          ./modules/ptero.nix
           agenix.nixosModules.default
           nixos-mailserver.nixosModules.default
           nixos-matrix-modules.nixosModules.default
diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
index 18710c6..33e2d05 100644
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -55,20 +55,19 @@ in {
       dbhost= "localhost:${builtins.toString config.services.postgresql.port}";
       dbtype = "pgsql";
     };
-    extraOptions = {
+    settings = {
       overwriteProtocol = "https";
       defaultPhoneRegion = "DE";
-    };
-    phpOptions = {
-      "opcache.interned_strings_buffer" = "12";
-    };
-    extraOptions = {
       filelocking.enabled = true;
       redis = {
         host = "localhost";
         port = 6379;
         timeout = 0.0;
       };
+
+    };
+    phpOptions = {
+      "opcache.interned_strings_buffer" = "12";
     };
   };
 
diff --git a/modules/ptero.nix b/modules/ptero.nix
new file mode 100644
index 0000000..84d7653
--- /dev/null
+++ b/modules/ptero.nix
@@ -0,0 +1,134 @@
+{config, pkgs, ...}: let
+  root_host = "grimmauld.de";
+  root_email = "contact@${root_host}";
+  ptero_host = "ptero.${root_host}";
+  DATA_DIR = "/var/lib/pterodactylpanel";
+  panel_user = "pterodactyl";
+  local_bridge = "ptero-local-br";
+  ptero_ver = "1.11.5";
+  ptero_port = "8042";
+in {
+  users.users.${panel_user} = {
+    isSystemUser = true;
+    extraGroups = ["docker"];
+    group = panel_user;
+  };
+  users.groups.${panel_user} = {};
+
+
+  systemd.services.init-ptero-data-dir = {
+    description = "Create the pterodactyl panel data dir";
+    wantedBy = [ "multi-user.target" ];
+  
+    serviceConfig.Type = "oneshot";
+    script =''
+mkdir -p ${DATA_DIR}/database
+mkdir -p ${DATA_DIR}/panel
+chown ${panel_user}:${panel_user} -R ${DATA_DIR}
+chmod +777 -R ${DATA_DIR}
+'';
+  };
+
+  virtualisation.oci-containers.backend = "docker"; # maybe podman in the future
+
+  systemd.services.init-ptero-local-network = {
+    description = "Create the network bridge ${local_bridge} for ptero.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+  
+    serviceConfig.Type = "oneshot";
+    script = let dockercli = "${config.virtualisation.docker.package}/bin/docker";
+           in ''
+             # Put a true at the end to prevent getting non-zero return code, which will
+             # crash the whole service.
+             check=$(${dockercli} network ls | grep "${local_bridge}" || true)
+             if [ -z "$check" ]; then
+               ${dockercli} network create --internal ${local_bridge}
+             else
+               echo "${local_bridge} already exists in docker"
+             fi
+           '';
+  };
+
+
+  virtualisation.oci-containers.containers."ptero-mysql" = {
+    image = "library/mysql:8.0";
+    workdir = "${DATA_DIR}/database";
+    extraOptions = [ "--network=${local_bridge}" ];
+    environment = {
+      "MYSQL_ROOT_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
+      "MYSQL_USER" = "pterodactyl";
+      "MYSQL_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
+      "MYSQL_DATABASE" = "panel";
+    };
+    volumes = ["${DATA_DIR}/database:/var/lib/mysql"];
+    cmd=["--default-authentication-plugin=mysql_native_password"];
+  };
+
+  virtualisation.oci-containers.containers."ptero-cache" = {
+    image = "redis:alpine";
+    workdir = "${DATA_DIR}/cache";
+    extraOptions = [ "--network=${local_bridge}" ];
+  };
+
+  virtualisation.oci-containers.containers."ptero-panel" = {
+    image = "ghcr.io/pterodactyl/panel:v${ptero_ver}";
+#    workdir = "${DATA_DIR}/panel";
+    volumes = [
+      "${DATA_DIR}/panel/var/:/app/var/"
+      "${DATA_DIR}/panel/logs/:/app/storage/logs"
+      "${DATA_DIR}/panel/nginx/:/etc/nginx/conf.d/"
+    ];
+    extraOptions = [ "--network=${local_bridge}"];
+    environment = {
+      "APP_URL" = "https://${ptero_host}";
+      "APP_TIMEZONE" =  "Europe/Berlin";
+      "APP_SERVICE_AUTHOR" = root_email;
+
+      "MAIL_FROM" = "noreply@${root_host}";
+      "MAIL_DRIVER" = "smtp";
+      "MAIL_HOST" = "mail";
+      "MAIL_PORT" = "25";
+      "MAIL_USERNAME" = "";
+      "MAIL_PASSWORD" = "";
+      "MAIL_ENCRYPTION" = "true";
+
+      "DB_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
+      "APP_ENV"= "production";
+      "APP_ENVIRONMENT_ONLY"= "false";
+      "CACHE_DRIVER" = "redis";
+      "SESSION_DRIVER" = "redis";
+      "QUEUE_DRIVER" = "redis";
+      "REDIS_HOST" = "ptero-cache";
+      "DB_HOST" = "ptero-mysql";
+      "TRUSTED_PROXIES" = "*";
+    };
+    labels = {
+      "traefik.http.routers.pterodactyl_panel.entrypoints"="web";
+#      "traefik.http.routers.pterodactyl_panel.rule"="Host(`${ptero_host}`)";
+#      "traefik.http.routers.pterodactyl_panel.middlewares"="panel_https";
+#      "traefik.http.middlewares.panel_https.redirectscheme.scheme"="https";
+#      "traefik.http.routers.pterodactyl_panel-https.entrypoints"="websecure";
+#      "traefik.http.routers.pterodactyl_panel-https.rule"="Host(`${ptero_host}`)";
+#      "traefik.http.routers.pterodactyl_panel-https.tls"="true";
+#      "traefik.http.routers.pterodactyl_panel-https.tls.certresolver"="letsencrypt";
+#      "traefik.http.services.pterodactyl_panel-https.loadbalancer.server.port"="80";
+    };
+    ports = [
+      "${ptero_port}:80"
+    ];
+  };
+
+  security.acme.certs."${root_host}".extraDomainNames = [ ptero_host ];
+  services.nginx = {
+    enable = true;
+    virtualHosts."${ptero_host}" = {
+      serverName = ptero_host;
+      forceSSL = true;
+      useACMEHost = root_host;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${ptero_port}";
+      };
+    };
+  };
+}