chaotic-backend (aerialis)
This container provides backend services for Chaotic-AUR, including API endpoints and job processing for the repository.
Nix expression
{
config,
sources,
...
}:
{
imports = sources.defaultModules ++ [
../../modules
../../modules/special/ssh-allow-chaotic.nix
];
garuda.services.compose-runner.chaotic-backend = {
envfile = config.sops.secrets."compose/chaotic-backend".path;
source = ../../../compose/chaotic-backend;
extraEnv = {
"SSH_KEY" = config.sops.secrets."keypairs/chaotic/private".path;
};
};
sops.secrets = {
"compose/chaotic-backend" = { };
"keypairs/chaotic/private" = { };
"redis/chaotic" = { };
};
system.stateVersion = "25.05";
}
Docker containers
services:
chaotic-backend:
image: ghcr.io/chaotic-cx/chaotic-next:main
container_name: chaotic-backend
deploy:
restart_policy:
condition: always
delay: 30s
environment:
AUTH0_AUDIENCE: http://localhost:3000/auth/auth0
AUTH0_CLIENT_ID: ${AUTH0_CLIENT_ID:-?err}
AUTH0_CLIENT_SECRET: ${AUTH0_CLIENT_SECRET:-?err}
AUTH0_DOMAIN: ${AUTH0_DOMAIN:-?err}
CAUR_DB_KEY: ${CAUR_DB_KEY:-?err}
CAUR_GITLAB_ID_CAUR: 54867625
CAUR_GITLAB_ID_GARUDA: 48461689
CAUR_GITLAB_TOKEN: ${GITLAB_TOKEN_CX:-?err}
CAUR_GITLAB_WEBHOOK_TOKEN: ${CAUR_GITLAB_WEBHOOK_TOKEN:-?err}
CAUR_JWT_SECRET: ${CAUR_JWT_SECRET:-?err}
CAUR_TRUST_PROXY: 172.18.0.1
CAUR_USERS: ${CAUR_USERS:-?err}
NODE_ENV: production
PG_DATABASE: chaotic-aur
PG_HOST: 10.0.5.20
PG_PASSWORD: ${PG_PASSWORD:-?err}
PG_USER: chaotic-aur
REDIS_PASSWORD: ${REDIS_PASSWORD:-?err}
REDIS_SSH_HOST: host.docker.internal
REDIS_SSH_USER: package-deployer
ports: ["3000:3000"]
volumes: ["${SSH_KEY:-?err}:/app/sshkey"]
extra_hosts: ["host.docker.internal:host-gateway"]
# TODO: revert to NixOS service once it no longer segfaults
database:
image: redis:8.2-m01-alpine
container_name: chaotic-database
restart: always
ports: ["127.0.0.1:6379:6379"]
command: redis-server --save 20 1 --loglevel warning --requirepass "${REDIS_PASSWORD:-?err}"
volumes: ["./database:/data"]