pyrox.dev / nix
My Nix Configuration
fork atom
nix / systems / x86_64-linux / marvin / services / pingvin-share.nix
at ec64701c852fef17653bcc1034443dab720a0cd0 3.6 kB view raw
1{ 2 lib, 3 config, 4 pkgs, 5 ... 6}: 7let 8 d = lib.py.data.services.pingvin-share; 9 cfg = config.services.pingvin-share; 10 configFormat = pkgs.formats.yaml { }; 11 configFile = configFormat.generate "config.yaml" { 12 general = { 13 appName = "dishNet Share"; 14 appUrl = "https://share.pyrox.dev"; 15 secureCookies = "true"; 16 showHomePage = "false"; 17 }; 18 share = { 19 allowRegistration = "false"; 20 allowUnauthenticatedShares = "false"; 21 maxSize = "10000000000"; 22 }; 23 email.enableShareEmailRecipients = "true"; 24 smtp = { 25 enabled = "true"; 26 host = "mail.pyrox.dev"; 27 port = "465"; 28 email = "share@pyrox.dev"; 29 username = "share@pyrox.dev"; 30 password = "SMTP_PASSWORD"; 31 }; 32 ldap.enabled = "false"; 33 legal.enabled = "false"; 34 s3.enabled = "false"; 35 oauth = { 36 ignoreTotp = "true"; 37 oidc-enabled = "true"; 38 oidc-clientSecret = "CLIENT_SECRET"; 39 oidc-clientId = "d83006a6-9b08-47eb-af56-418065db09b5"; 40 oidc-discoveryUri = "https://auth.pyrox.dev/.well-known/openid-configuration"; 41 oidc-signOut = "false"; 42 oidc-scope = "openid email profile groups"; 43 oidc-rolePath = "groups"; 44 oidc-roleAdminAccess = "admins"; 45 }; 46 initUser.enabled = false; 47 }; 48in 49{ 50 virtualisation.oci-containers.containers = { 51 pingvin-share-server = { 52 image = "ghcr.io/stonith404/pingvin-share:latest"; 53 ports = [ 54 "${toString d.port}:3000" 55 "${toString d.be-port}:8080" 56 ]; 57 volumes = [ 58 "/var/lib/pingvin-share/data:/opt/app/backend/data" 59 "/var/lib/pingvin-share/data/images:/opt/app/frontend/public/img" 60 "/var/lib/pingvin-share/config.yaml:/opt/app/config.yaml" 61 ]; 62 environment = { 63 API_URL = "https://share.pyrox.dev"; 64 PUID = "962"; 65 PGID = "959"; 66 }; 67 }; 68 }; 69 users.users.pingvin = { 70 uid = 962; 71 group = cfg.group; 72 isSystemUser = true; 73 }; 74 users.groups.pingvin = { 75 gid = 959; 76 }; 77 78 services = { 79 pingvin-share = { 80 enable = false; 81 backend.port = d.be-port; 82 frontend.port = d.port; 83 hostname = "share.pyrox.dev"; 84 https = true; 85 }; 86 anubis.instances = { 87 pingvin-share-be = { 88 settings = { 89 BIND = ":${toString d.be-anubis}"; 90 POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pingvin-share.yaml"; 91 TARGET = "http://localhost:${toString d.be-port}"; 92 }; 93 }; 94 pingvin-share-fe = { 95 settings = { 96 BIND = ":${toString d.anubis}"; 97 POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pingvin-share.yaml"; 98 TARGET = "http://localhost:${toString d.port}"; 99 }; 100 }; 101 }; 102 }; 103 systemd.services.init-pingvin-config = { 104 enable = true; 105 description = "Pingvin Share configuration setup"; 106 wantedBy = [ "multi-user.target" ]; 107 before = [ 108 "docker-pingvin-share-server.service" 109 ]; 110 path = [ pkgs.gnused ]; 111 script = '' 112 rm ${cfg.dataDir}/config.yaml 113 cp ${configFile} ${cfg.dataDir}/config.yaml 114 sed -i "s/SMTP_PASSWORD/\"$SMTP_PASSWORD\"/" ${cfg.dataDir}/config.yaml 115 sed -i "s/CLIENT_SECRET/\"$CLIENT_SECRET\"/" ${cfg.dataDir}/config.yaml 116 ''; 117 serviceConfig = { 118 EnvironmentFile = config.age.secrets.pingvin-secrets.path; 119 User = cfg.user; 120 Group = cfg.group; 121 ReadWritePaths = [ "${cfg.dataDir}" ]; 122 }; 123 }; 124 age.secrets.pingvin-secrets = { 125 file = ./secrets/pingvin-secrets.age; 126 owner = cfg.user; 127 group = cfg.group; 128 }; 129}