swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
.dotfiles/modules/nixos/server/slink.nix
Leon Schwarzäugl 8838f98658 feat[client]: automatically create emacs org files
2025-11-19 21:49:30 +01:00

91 lines
2.6 KiB
Nix
Raw Blame History

{ self, lib, config, ... }:
let
servicePort = 3000;
serviceName = "slink";
serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
serviceDir = "/var/lib/slink";
containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
in
{
options = {
swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
};
config = lib.mkIf config.swarselmodules.server.${serviceName} {
virtualisation.oci-containers.containers.${serviceName} = {
image = "anirdev/slink@${containerRev}";
environment = {
"ORIGIN" = "https://${serviceDomain}";
"TZ" = config.repo.secrets.common.location.timezone;
"STORAGE_PROVIDER" = "local";
"IMAGE_MAX_SIZE" = "50M";
"USER_APPROVAL_REQUIRED" = "true";
};
ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ];
volumes = [
"${serviceDir}/var/data:/app/var/data"
"${serviceDir}/images:/app/slink/images"
];
};
systemd.tmpfiles.settings."12-slink" = builtins.listToAttrs (
map
(path: {
name = "${serviceDir}/${path}";
value = {
d = {
group = "root";
user = "root";
mode = "0750";
};
};
}) [
"var/data"
"images"
]
);
networking.firewall.allowedTCPPorts = [ servicePort ];
environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
{ directory = serviceDir; }
];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/shlink.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services.nginx = {
upstreams = {
${serviceName} = {
servers = {
"localhost:${builtins.toString servicePort}" = { };
};
};
};
virtualHosts = {
"${serviceDomain}" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
oauth2.enable = true;
oauth2.allowedGroups = [ "slink_access" ];
locations = {
"/" = {
proxyPass = "http://${serviceName}";
};
"/image" = {
proxyPass = "http://${serviceName}";
setOauth2Headers = false;
bypassAuth = true;
};
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink