90 lines
2.5 KiB
Nix
90 lines
2.5 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
||
|
{
|
||
|
|
||
|
# neo4j container managment
|
||
|
# -------------------------
|
||
|
|
||
|
virtualisation.oci-containers.containers =
|
||
|
let
|
||
|
neo4j_config = {
|
||
|
image = "neo4j";
|
||
|
environment = {
|
||
|
NEO4J_AUTH = "none"; # for development purpose
|
||
|
NEO4J_apoc_export_file_enabled = "true";
|
||
|
NEO4J_apoc_import_file_enabled = "true";
|
||
|
NEO4J_apoc_import_file_use__neo4j__config = "true";
|
||
|
NEO4JLABS_PLUGINS = ''["apoc","n10s"]'';
|
||
|
};
|
||
|
ports = [
|
||
|
"127.0.0.1:7474:7474" # http port
|
||
|
"127.0.0.1:17687:7687" # bolt port
|
||
|
];
|
||
|
volumes = [
|
||
|
"/var/lib/neo4j/data:/data"
|
||
|
"/var/lib/neo4j/logs:/logs"
|
||
|
"/var/lib/neo4j/conf:/conf"
|
||
|
"/var/lib/neo4j/import:/import" # for database imports
|
||
|
"/var/lib/neo4j/plugins:/plugins"
|
||
|
|
||
|
];
|
||
|
};
|
||
|
in
|
||
|
{
|
||
|
neo4j = neo4j_config;
|
||
|
#neo4jbackup = neo4j_config // {
|
||
|
# autoStart = false;
|
||
|
# volumes = [
|
||
|
# "/var/lib/neo4j/data:/data"
|
||
|
# "/var/lib/neo4j/backups:/backups"
|
||
|
# ];
|
||
|
# cmd = ["neo4j-admin" "dump" "--verbose" "--to=/backups/neo4j.dump"];
|
||
|
#};
|
||
|
};
|
||
|
|
||
|
#systemd.services."docker-neo4jbackup" = {
|
||
|
# preStart = "systemctrl stop docker-neo4j";
|
||
|
# postStop = "systemctrl start docker-neo4j";
|
||
|
#};
|
||
|
|
||
|
|
||
|
# backups
|
||
|
# -------
|
||
|
backup.dirs = [ "/var/lib/neo4j/backups" ];
|
||
|
|
||
|
# todo run frequently :
|
||
|
# docker exec --interactive --tty neo4j neo4j-admin dump --verbose --to /dump/neo4j.dump
|
||
|
# https://neo4j.com/docs/operations-manual/current/docker/maintenance/
|
||
|
|
||
|
|
||
|
# nginx publishing
|
||
|
# ----------------
|
||
|
services.nginx.streamConfig = ''
|
||
|
# configure neo4j bolt port
|
||
|
server {
|
||
|
allow 192.168.0.0/16; # allow private ip range class c
|
||
|
allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network
|
||
|
deny all;
|
||
|
listen 7687;
|
||
|
proxy_pass localhost:17687;
|
||
|
}
|
||
|
'';
|
||
|
|
||
|
services.nginx.virtualHosts."neo4j.${config.networking.hostName}.private" = {
|
||
|
serverAliases = [ config.networking.hostName ];
|
||
|
locations."/" = {
|
||
|
extraConfig = ''
|
||
|
allow 192.168.0.0/16; # allow private ip range class c
|
||
|
allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network
|
||
|
deny all;
|
||
|
'';
|
||
|
proxyPass = "http://localhost:7474";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
networking.firewall.allowedTCPPorts = [ 80 7687 ];
|
||
|
#networking.firewall.allowedUDPPorts = [ 80 ];
|
||
|
|
||
|
|
||
|
}
|