{ pkgs, config, lib, ... }: { config = { users.groups.hydrus = {}; users.users.hydrus = { isSystemUser = true; description = "hydrus"; group = "hydrus"; home = "/home/hydrus"; }; systemd.services.Xvnc = { description = "Xvnc"; wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none"; User = "hydrus"; Group = "hydrus"; Restart = "on-failure"; RestartSec = "5s"; }; }; systemd.services.hydrus = { description = "Hydrus"; wantedBy = ["multi-user.target" "Xvnc.service"]; wants = ["podman-hydrus-web.service"]; serviceConfig = { Environment = "DISPLAY=:30"; ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus"; User = "hydrus"; Group = "hydrus"; Restart = "on-failure"; RestartSec = "5s"; }; }; security.lockKernelModules = lib.mkForce false; virtualisation.oci-containers.containers.hydrus-web = { ports = ["100.67.217.90:8080:80"]; image = "ghcr.io/floogulinc/hydrus-web:dev"; }; networking.firewall.allowedTCPPorts = [45869]; environment.persistence."/nix/persist".directories = [ { directory = "/home/hydrus"; user = "hydrus"; group = "hydrus"; } ]; }; }