From ace17c393210304b09a2cf2b3ec1e5f7fc94837c Mon Sep 17 00:00:00 2001
From: teidesu <alina@tei.su>
Date: Mon, 6 Jan 2025 02:53:21 +0300
Subject: [PATCH] feat(koi): activepieces

---
 hosts/koi/configuration.nix                   |   3 +
 hosts/koi/containers/activepieces/default.nix |  67 ++++++++++++++++++
 .../containers/activepieces/image/Dockerfile  |   8 +++
 hosts/koi/containers/teisu.nix                |   2 +-
 secrets/activepieces-env.age                  | Bin 0 -> 389 bytes
 secrets/forgejo-packages-token.age            | Bin 0 -> 252 bytes
 secrets/license-servers-env.age               |   6 ++
 7 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 hosts/koi/containers/activepieces/default.nix
 create mode 100644 hosts/koi/containers/activepieces/image/Dockerfile
 create mode 100644 secrets/activepieces-env.age
 create mode 100644 secrets/forgejo-packages-token.age
 create mode 100644 secrets/license-servers-env.age

diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix
index 30ea73b..f089bae 100755
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@@ -41,6 +41,7 @@
     ./containers/outline
     ./containers/docmost
     ./containers/forgejo
+    ./containers/activepieces
     ./containers/teisu.nix
     ./containers/bots/pcre-sub-bot.nix
     ./containers/bots/channel-logger-bot.nix
@@ -112,6 +113,8 @@
   boot.kernelParams = [ "panic=5" "panic_on_oops=1" "mitigations=off" ];
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
+  networking.firewall.allowedTCPPorts = [ 25565 ];
+
   services.desu-deploy = {
     enable = true;
     key = builtins.readFile (abs "ssh/desu-deploy.pub");
diff --git a/hosts/koi/containers/activepieces/default.nix b/hosts/koi/containers/activepieces/default.nix
new file mode 100644
index 0000000..8ffe31b
--- /dev/null
+++ b/hosts/koi/containers/activepieces/default.nix
@@ -0,0 +1,67 @@
+{ pkgs, config, ... }:
+
+let 
+  UID = 1127;
+  context = pkgs.copyPathToStore ./image;
+in {
+  desu.secrets.activepieces-env.owner = "activepieces";
+
+  users.users.activepieces = {
+    isNormalUser = true;
+    uid = UID;
+  };
+
+  services.postgresql.ensureUsers = [
+    { name = "activepieces"; ensureDBOwnership = true; }
+  ];
+  services.postgresql.ensureDatabases = [ "activepieces" ];
+  desu.postgresql.ensurePasswords.activepieces = "activepieces";
+
+  virtualisation.oci-containers.containers.activepieces-redis = {
+    image = "docker.io/redis:7.0-alpine";
+    user = builtins.toString UID;
+    extraOptions = [
+      "--mount=type=bind,source=/srv/activepieces/redis,target=/data"
+    ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /srv/activepieces/redis 0700 ${builtins.toString UID} ${builtins.toString UID} -"
+  ];
+
+  systemd.services.docker-activepieces.serviceConfig.ExecStartPre = [
+    (pkgs.writeShellScript "build-activepieces" ''
+      docker build -t local/activepieces ${context}
+    '')
+  ];
+  virtualisation.oci-containers.containers.activepieces = {
+    image = "local/activepieces";
+    dependsOn = [ "activepieces-redis" ];
+    environment = {
+      AP_EXECUTION_MODE = "SANDBOX_CODE_ONLY";
+      AP_FRONTEND_URL = "https://ap.stupid.fish";
+      AP_POSTGRES_URL = "postgres://activepieces:activepieces@172.17.0.1:5432/activepieces";
+      AP_TELEMETRY_ENABLED = "false";
+      AP_EDITION = "ee";
+      AP_QUEUE_MODE = "REDIS";
+      AP_REDIS_HOST = "activepieces-redis.docker";
+      AP_REDIS_PORT = "6379"; 
+    };
+    environmentFiles = [
+      # oidc related config + SECRET_KEY, UTILS_SECRET
+      config.desu.secrets.activepieces-env.path
+    ];
+    user = builtins.toString UID;
+  };
+  systemd.services.docker-activepieces.requires = [ "postgresql.service" ];
+
+  services.nginx.virtualHosts."ap.stupid.fish" = {
+    forceSSL = true;
+    useACMEHost = "stupid.fish";
+
+    locations."/" = {
+      proxyPass = "http://activepieces.docker$request_uri";
+      proxyWebsockets = true;
+    };
+  };
+}
\ No newline at end of file
diff --git a/hosts/koi/containers/activepieces/image/Dockerfile b/hosts/koi/containers/activepieces/image/Dockerfile
new file mode 100644
index 0000000..997dd5c
--- /dev/null
+++ b/hosts/koi/containers/activepieces/image/Dockerfile
@@ -0,0 +1,8 @@
+FROM ghcr.io/activepieces/activepieces:0.38.3
+
+RUN sed -i -E 's!https://secrets.activepieces.com/license-keys!https://license.stupid.fish/services/activepieces!' /usr/src/app/dist/packages/server/api/main.js && \
+    chmod -R 777 /var/log/nginx/ && \
+    chmod -R 777 /var/lib/nginx && \
+    chmod -R 777 /run/ && \
+    mkdir -p /usr/src/app/cache && \
+    chmod -R 777 /usr/src/app/cache
\ No newline at end of file
diff --git a/hosts/koi/containers/teisu.nix b/hosts/koi/containers/teisu.nix
index 342d7be..9d875f5 100644
--- a/hosts/koi/containers/teisu.nix
+++ b/hosts/koi/containers/teisu.nix
@@ -11,7 +11,7 @@ in {
   };
 
   virtualisation.oci-containers.containers.teisu = {
-    image = "ghcr.io/teidesu/tei.su:latest";
+    image = "git.stupid.fish/teidesu/tei.su:latest";
     environmentFiles = [
       config.desu.secrets.teisu-env.path
     ];
diff --git a/secrets/activepieces-env.age b/secrets/activepieces-env.age
new file mode 100644
index 0000000000000000000000000000000000000000..e1507f6988b24b0c6342549992ca3e03a5068649
GIT binary patch
literal 389
zcmV;00eb#nXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9Lb80v^Sa%?I
zGC?y?HEKdcV>ov-YjZPjW^FfhWI|?RH%fRlHg|DVQ)x~_Nor_IM^Oq)FEUL=XDcsN
zaYidgWqD9eRYh8Pb52)KaBxj9F)?RGPEKxFSSwC2YE=p?EiE8QbW>R|d1G>FcVSa$
zNo7HJdN)!`OLl2jYj0CkQc6{0L^wBAL~S){S2zka#ALBaQOMPjYruRqUdGJJc**H$
zjvpC?V<R9QWlm!j*(GniSZz);Kq;Tt){_7dhd2{kl7-Kz((;fTL<v(@@whEK8?51E
zUShvkH;pH`r4d*<?M5y`jn^5D$gOf`p1HT*V)&X+ULM|ng14{(Oy~YHF(|!x{Z2Hb
z@%~^qeVkJ2lBqmJ1o#+hEpjWS?+QmmtzU{4#h)4lu!dD*yooqDe_0k#Sg&u_fdfiA
jVq-0)Tpg@9czo0vZD6kxI?Tpq+<B5w9oaWq60^LPE0CF6

literal 0
HcmV?d00001

diff --git a/secrets/forgejo-packages-token.age b/secrets/forgejo-packages-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..75927b7b2aa5bc9da897a50d36a66deff572b734
GIT binary patch
literal 252
zcmV<Y00aMFXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9Lb80v^Sa%?B
zX=^qySu#RMGiXpqD@8SRH%wV*Fjp@!FlSF;Su1LDZcs%yaZhb_ZA}U^d31L|Pf1Nz
zLorcmczH`?PE<%iPe^BTbx>(zN;Xw>MR+T9M{R0qPj3n>EiE8yQ#MXfMPz42W@kr8
zbx}iZMp|S>bVDz2c5Y5cNh@}FVRJ)sG*n4QO+^YF!Ap6}>7AC7_+%_p5^=0PNt-<6
z1#x`M0Cqa-=2I{!rDPXSb=YH)=<YxYf&^KrB~(2<H@?S|5x=kq8_96GcJc7ua9#C?
CO<Y<4

literal 0
HcmV?d00001

diff --git a/secrets/license-servers-env.age b/secrets/license-servers-env.age
new file mode 100644
index 0000000..63ada4e
--- /dev/null
+++ b/secrets/license-servers-env.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 sj88Xw x8G6D56j1N7kjMuU9TXdKxpmCyPyDnkbRSAAjcmIXGc
+qzQbchvolZgSIWisyKg/eiNRh+826iz6WHu5HQOiBoU
+--- MnAF7KtGU97wxf2tCfRbitqRPV/Bfg/GftUCrZAjtuU
+YC�`+۬�k�bt�b��CGR�o�UtM�5b�U�Z
+xN�I(pܞ6�j�]y�_��P&�E���jSO��Z��C�k��mCW�4�4M�g����t��vh�H�
\ No newline at end of file