fix: piped

2025-11-03 12:12:14 +01:00
parent 63dad8c626
commit 709a24366a
5 changed files with 72 additions and 12 deletions
--- a/hosts/fw/modules/web/piped.nix
+++ b/hosts/fw/modules/web/piped.nix
@@ -19,7 +19,7 @@ let
  backendConfig = pkgs.writeText "config.properties" ''
    # Database configuration
    # 10.88.0.1 is the default Podman bridge gateway IP
-    hibernate.connection.url=jdbc:postgresql://10.88.0.1:5432/${dbName}
+    hibernate.connection.url=jdbc:postgresql://10.89.0.1:5432/${dbName}
    hibernate.connection.driver_class=org.postgresql.Driver
    hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
    hibernate.connection.username=${dbUser}
@@ -126,7 +126,8 @@ in
  services.postgresqlBackup.databases = [ dbName ];

  # Allow Podman containers to connect to PostgreSQL
-  networking.firewall.interfaces."podman0".allowedTCPPorts = [ 5432 ];
+  networking.firewall.interfaces."podman1".allowedTCPPorts = [ 5432 ];
+  networking.firewall.interfaces."podman1".allowedUDPPorts = [ 53 5432 ];

  # Setup database password (runs before containers start)
  systemd.services.piped-db-init = {
@@ -170,6 +171,25 @@ in
  # Use Podman for OCI containers
  virtualisation.oci-containers.backend = "podman";

+  # Create Piped network for container-to-container communication
+  systemd.services.init-piped-network = {
+    description = "Create Podman network for Piped services";
+    wantedBy = [ "multi-user.target" ];
+    before = [
+      "podman-piped-backend.service"
+      "podman-piped-bg-helper.service"
+      "podman-piped-proxy.service"
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      ${pkgs.podman}/bin/podman network exists piped-net || \
+      ${pkgs.podman}/bin/podman network create --interface-name=podman1 --subnet=10.89.0.0/24 piped-net
+    '';
+  };
+
  # Piped Backend Podman container (using custom image with iOS compatibility fixes)
  virtualisation.oci-containers.containers.piped-backend = {
    image = "git.cloonar.com/infrastructure/piped-backend:latest";
@@ -179,8 +199,8 @@ in
    ];
    extraOptions = [
      "--pull=newer"
-      # Using default bridge network - connects to PostgreSQL via 10.88.0.1
-      # Also connects to bg-helper via container name resolution
+      "--network=podman"  # Default bridge for PostgreSQL access at 10.88.0.1
+      "--network=piped-net"  # Custom network for DNS resolution to bg-helper
    ];
  };

@@ -196,7 +216,7 @@ in
    ports = [ "127.0.0.1:${toString bgHelperPort}:3000" ];
    extraOptions = [
      "--pull=newer"
-      # Using default bridge network - accessible by backend via container name
+      "--network=piped-net"
    ];
  };

@@ -209,6 +229,7 @@ in
    };
    extraOptions = [
      "--pull=newer"
+      "--network=piped-net"
    ];
  };