nixos-config/nixos/machines/pepe/neo4j.nix

90 lines
2.5 KiB
Nix
Raw Normal View History

2022-03-09 06:51:59 +01:00
{ config, lib, pkgs, ... }:
{
# neo4j container managment
# -------------------------
virtualisation.oci-containers.containers =
let
neo4j_config = {
image = "neo4j";
environment = {
NEO4J_AUTH = "none"; # for development purpose
NEO4J_apoc_export_file_enabled = "true";
NEO4J_apoc_import_file_enabled = "true";
NEO4J_apoc_import_file_use__neo4j__config = "true";
NEO4JLABS_PLUGINS = ''["apoc","n10s"]'';
};
ports = [
"127.0.0.1:7474:7474" # http port
"127.0.0.1:17687:7687" # bolt port
];
volumes = [
"/var/lib/neo4j/data:/data"
"/var/lib/neo4j/logs:/logs"
"/var/lib/neo4j/conf:/conf"
"/var/lib/neo4j/import:/import" # for database imports
"/var/lib/neo4j/plugins:/plugins"
];
};
in
{
neo4j = neo4j_config;
#neo4jbackup = neo4j_config // {
# autoStart = false;
# volumes = [
# "/var/lib/neo4j/data:/data"
# "/var/lib/neo4j/backups:/backups"
# ];
# cmd = ["neo4j-admin" "dump" "--verbose" "--to=/backups/neo4j.dump"];
#};
};
#systemd.services."docker-neo4jbackup" = {
# preStart = "systemctrl stop docker-neo4j";
# postStop = "systemctrl start docker-neo4j";
#};
# backups
# -------
backup.dirs = [ "/var/lib/neo4j/backups" ];
# todo run frequently :
# docker exec --interactive --tty neo4j neo4j-admin dump --verbose --to /dump/neo4j.dump
# https://neo4j.com/docs/operations-manual/current/docker/maintenance/
# nginx publishing
# ----------------
services.nginx.streamConfig = ''
# configure neo4j bolt port
server {
allow 192.168.0.0/16; # allow private ip range class c
allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network
deny all;
listen 7687;
proxy_pass localhost:17687;
}
'';
services.nginx.virtualHosts."neo4j.${config.networking.hostName}.private" = {
serverAliases = [ config.networking.hostName ];
locations."/" = {
extraConfig = ''
allow 192.168.0.0/16; # allow private ip range class c
allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network
deny all;
'';
proxyPass = "http://localhost:7474";
};
};
networking.firewall.allowedTCPPorts = [ 80 7687 ];
#networking.firewall.allowedUDPPorts = [ 80 ];
}