pyrox.dev / nix
My Nix Configuration
fork atom
nix / hosts / marvin / services / pingvin-share.nix
at 06ad8a66fc8cb7ed54962fb3ef184cbb4010c7d1 3.6 kB view raw
1{ 2 config, 3 pkgs, 4 self', 5 self, 6 ... 7}: 8let 9 d = self.lib.data.services.pingvin-share; 10 cfg = config.services.pingvin-share; 11 configFormat = pkgs.formats.yaml { }; 12 configFile = configFormat.generate "config.yaml" { 13 general = { 14 appName = "dishNet Share"; 15 appUrl = "https://share.pyrox.dev"; 16 secureCookies = "true"; 17 showHomePage = "false"; 18 }; 19 share = { 20 allowRegistration = "false"; 21 allowUnauthenticatedShares = "false"; 22 maxSize = "10000000000"; 23 }; 24 email.enableShareEmailRecipients = "true"; 25 smtp = { 26 enabled = "true"; 27 host = "mail.pyrox.dev"; 28 port = "465"; 29 email = "share@pyrox.dev"; 30 username = "share@pyrox.dev"; 31 password = "SMTP_PASSWORD"; 32 }; 33 ldap.enabled = "false"; 34 legal.enabled = "false"; 35 s3.enabled = "false"; 36 oauth = { 37 ignoreTotp = "true"; 38 oidc-enabled = "true"; 39 oidc-clientSecret = "CLIENT_SECRET"; 40 oidc-clientId = "d83006a6-9b08-47eb-af56-418065db09b5"; 41 oidc-discoveryUri = "https://auth.pyrox.dev/.well-known/openid-configuration"; 42 oidc-signOut = "false"; 43 oidc-scope = "openid email profile groups"; 44 oidc-rolePath = "groups"; 45 oidc-roleAdminAccess = "admins"; 46 }; 47 initUser.enabled = false; 48 }; 49in 50{ 51 virtualisation.oci-containers.containers = { 52 pingvin-share-server = { 53 image = "ghcr.io/stonith404/pingvin-share:latest"; 54 ports = [ 55 "${toString d.port}:3000" 56 "${toString d.be-port}:8080" 57 ]; 58 volumes = [ 59 "/var/lib/pingvin-share/data:/opt/app/backend/data" 60 "/var/lib/pingvin-share/data/images:/opt/app/frontend/public/img" 61 "/var/lib/pingvin-share/config.yaml:/opt/app/config.yaml" 62 ]; 63 environment = { 64 API_URL = "https://share.pyrox.dev"; 65 PUID = "962"; 66 PGID = "959"; 67 }; 68 }; 69 }; 70 users.users.pingvin = { 71 uid = 962; 72 inherit (cfg) group; 73 isSystemUser = true; 74 }; 75 users.groups.pingvin = { 76 gid = 959; 77 }; 78 79 services = { 80 pingvin-share = { 81 enable = false; 82 backend.port = d.be-port; 83 frontend.port = d.port; 84 hostname = "share.pyrox.dev"; 85 https = true; 86 }; 87 anubis.instances = { 88 pingvin-share-be = { 89 settings = { 90 BIND = ":${toString d.be-anubis}"; 91 POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml"; 92 TARGET = "http://localhost:${toString d.be-port}"; 93 }; 94 }; 95 pingvin-share-fe = { 96 settings = { 97 BIND = ":${toString d.anubis}"; 98 POLICY_FNAME = "${self'.packages.anubis-files}/policies/pingvin-share.yaml"; 99 TARGET = "http://localhost:${toString d.port}"; 100 }; 101 }; 102 }; 103 }; 104 systemd.services.init-pingvin-config = { 105 enable = true; 106 description = "Pingvin Share configuration setup"; 107 wantedBy = [ "multi-user.target" ]; 108 before = [ 109 "docker-pingvin-share-server.service" 110 ]; 111 path = [ pkgs.gnused ]; 112 script = '' 113 rm ${cfg.dataDir}/config.yaml 114 cp ${configFile} ${cfg.dataDir}/config.yaml 115 sed -i "s/SMTP_PASSWORD/\"$SMTP_PASSWORD\"/" ${cfg.dataDir}/config.yaml 116 sed -i "s/CLIENT_SECRET/\"$CLIENT_SECRET\"/" ${cfg.dataDir}/config.yaml 117 ''; 118 serviceConfig = { 119 EnvironmentFile = config.age.secrets.pingvin-secrets.path; 120 User = cfg.user; 121 Group = cfg.group; 122 ReadWritePaths = [ "${cfg.dataDir}" ]; 123 }; 124 }; 125 age.secrets.pingvin-secrets = { 126 file = ./secrets/pingvin-secrets.age; 127 owner = cfg.user; 128 inherit (cfg) group; 129 }; 130}